• Taiwan's Biggest Telco Breached by Suspected Chinese Hackers - The hackers, reportedly believed to be backed by the Chinese government, made off with 1.7TB of data following the Chunghwa compromise and have put it all up for sale on the Dark Web.

  The Defense Ministry confirmed the breach to news service AFP on March 1.

  "The initial analysis of this case is that hackers obtained Chunghwa Telecom's sensitive information and sold it on the dark web, including documents from the armed forces, foreign affairs ministry, coast guard and other units," Taiwanese officials said in a statement. The Defense Ministry added that no confidential information was leaked.

• Russia Clamps Down on VPNs, Furthering Restrictions on Internet Access - The ban is likely due to people using VPN technology to access banned content and bypass government surveillance measures.

  Russian media regulator Roskomnadzor plans to ban VPN services in Russia and Ukraine, potentially affecting free speech and information access, according to a new report by vpnMentor.

  The report, authored by Jeremiah Fowler, a cybersecurity researcher known for identifying misconfigured databases on the Internet, sheds light on Russia’s recent efforts to further restrict internet freedom within its borders. It highlights the country’s new ban on popular VPN (Virtual Private Network) services, a move experts believe will significantly undermine online privacy and increase online censorship in the country. The ban will come into effect on 1st March 2024.

• TA577’s Unusual Attack Chain Leads to NTLM Data Theft - Proofpoint identified notable cybercriminal threat actor TA577 using a new attack chain to demonstrate an uncommonly observed objective: stealing NT LAN Manager (NTLM) authentication information. This activity can be used for sensitive information gathering purposes and to enable follow-on activity.

  Proofpoint identified at least two campaigns leveraging the same technique to steal NTLM hashes on 26 and 27 February 2024. Campaigns included tens of thousands of messages targeting hundreds of organizations globally. Messages appeared as replies to previous emails, known as thread hijacking, and contained zipped HTML attachments.

  ---

Insight

Global Malicious Activity Targeting Elections Skyrockets, Report Finds 

In an era where digital technology permeates every aspect of our lives, the sanctity of the electoral process is under unprecedented threat, according to a recent report by the National Counterintelligence and Security Center (NCSC). The document outlines a disturbing increase in global malicious activities aimed at undermining the integrity of elections, highlighting the sophistication and stealthiness of these operations. 

The Threats 

The NCSC's findings reveal that the primary threats to election security fall into five critical categories, each with the potential to significantly impact the democratic process. These include cyber operations that directly target election infrastructure and those that focus on political parties, campaigns, and public officials. Additionally, covert influence operations are employed to either assist or harm political entities and sway public opinion, exacerbating existing divisions within societies. Lastly, secretive efforts to manipulate policymakers and the general public are also prevalent. 

These malicious activities serve as harbingers of more extensive interference efforts, which are often magnified by foreign campaigns aimed at sowing doubt about the legitimacy of election outcomes. Beyond mere cyberespionage, these actions are designed to disrupt and manipulate public sentiment, fostering a climate of uncertainty and mistrust around electoral processes worldwide. 

The Mission – Which We Must Accept 

The challenge of addressing these threats is compounded by the inherent difficulties in investigating such covert operations. These activities are often designed to be imperceptible to the public, making it challenging to identify and counteract them effectively. This invisibility not only hampers efforts to safeguard electoral integrity but also enables threat actors to operate with impunity, further endangering the foundation of democratic societies. 

The NCSC's report underscores the urgent need for enhanced cybersecurity measures alongside international cooperation to protect elections from foreign interference and ensure the continuation of free and fair democratic processes. As malicious actors become increasingly sophisticated in their efforts to influence electoral outcomes, the global community must remain vigilant and proactive in defending the cornerstone of democracy: the integrity of its elections. 

International Case Studies 

A closer examination of incidents in the United States, Estonia, and Ukraine reveals the multifaceted nature of election interference. In 2016, the U.S. experienced sophisticated cyber operations targeting political parties and election infrastructure, attributed to Russian actors. Estonia, a pioneer in digital governance, has faced repeated cyber-attacks from neighboring Russia, testing its cyber defense capabilities. Ukraine's elections have been marred by cyber-attacks and misinformation campaigns, reflecting broader geopolitical struggles. These case studies underscore the diverse tactics used by adversaries, including hacking, misinformation, and cyber espionage, demonstrating the global nature of the threat. 

Defensive Strategies and Technologies 

To counteract these threats, nations and private entities are turning to cutting-edge technologies. Blockchain technology is being explored for its potential to secure voting systems, offering transparency and tamper-proof records. Artificial intelligence and machine learning are deployed to detect and mitigate misinformation and cyber threats in real-time. Additionally, advancements in encryption and cybersecurity measures are critical in protecting election infrastructure and sensitive data. 

International Cooperation and Policy Responses 

The battle against election interference requires a concerted international effort. Organizations such as NATO and the European Union have launched initiatives to enhance member states' cybersecurity posture and foster information sharing. The Paris Call for Trust and Security in Cyberspace represents a global commitment to collaborate in securing cyberspace, signed by numerous countries and private entities. Such cooperation is essential for establishing norms and deterring adversaries. 

The Role of Civil Society and Media 

Civil society organizations and the media play a pivotal role in defending electoral integrity. Initiatives aimed at increasing digital literacy among the populace are vital in combating misinformation. Independent media and fact-checking organizations serve as bulwarks against the spread of false information, ensuring voters have access to accurate data. Civil society's vigilance in monitoring elections contributes to transparency and trust in the democratic process. 

Legal and Ethical Considerations 

The legal and ethical landscape surrounding election security is complex. Balancing the need to counteract interference with upholding freedoms poses significant challenges. National and international legal frameworks must evolve to address the novel challenges presented by digital technologies, ensuring accountability for malign actors while safeguarding fundamental rights. 

Future Outlook and Predictions 

Looking ahead, the threat landscape is likely to grow more sophisticated. The proliferation of deepfake technology and potential breakthroughs in quantum computing will further complicate efforts to secure elections. Democracies must remain agile, adapting to new threats while fostering innovation in defensive technologies. The commitment to international collaboration and the strengthening of legal frameworks will be paramount in preserving the integrity of future elections. 

Technical solutions are not a panacea 

The deployment of advanced defensive strategies and technologies to secure electoral processes, while crucial, comes with its own set of advantages and disadvantages. Below is a discussion of the pros and cons of several key techniques, such as the cost implications of administering multi-factor authentication (MFA) for a nation-wide program and other related measures. 

Multi-Factor Authentication (MFA) 

Pros: 

• Enhanced Security: MFA significantly reduces the risk of unauthorized access to election systems by requiring multiple forms of verification, making it much harder for attackers to compromise these systems. 
• Reduction in Phishing Risks: By requiring additional verification methods beyond just a password, MFA can help protect against phishing attacks, which are a common vector for election-related cyber threats. 

Cons: 

• Implementation Costs: Deploying MFA across a national election infrastructure can be costly, involving not just the initial setup but also ongoing maintenance and support. 
• User Inconvenience: MFA can introduce additional steps in the authentication process, potentially slowing down access for authorized users and complicating training for election officials and staff. 

Blockchain for Voting Integrity 

Pros: 

• Tamper-Proof Records: Blockchain creates an immutable record of votes, significantly reducing the potential for vote manipulation and enhancing public trust in the electoral outcome. 
• Transparency: The decentralized nature of blockchain allows for greater transparency in the voting process, as all transactions are publicly verifiable. 

Cons: 

• Technological Complexity: Implementing blockchain for elections is technologically complex and may require significant changes to existing voting infrastructure. 
• Cost: The cost of developing, deploying, and maintaining a blockchain-based voting system can be high, particularly for large-scale national elections. 

Artificial Intelligence and Machine Learning 

Pros: 

• Efficient Threat Detection: AI and ML can analyze vast amounts of data quickly, identifying potential threats and misinformation campaigns more efficiently than human operators. 
• Adaptive Responses: These technologies can adapt to evolving threat landscapes, improving the resilience of election systems over time. 

Cons: 

• False Positives: AI and ML algorithms may sometimes flag legitimate content as malicious, leading to unnecessary censorship or other actions. 
• Complexity and Cost: Developing and maintaining AI/ML systems for election security requires significant expertise and investment. 

Advanced Encryption Techniques 

Pros: 

• Data Protection: Encryption ensures that even if data is intercepted, it cannot be read or tampered with by unauthorized parties, protecting the integrity of election data. 
• Future-Proofing: Quantum-resistant encryption methods can protect against future threats posed by quantum computing. 

Cons: 

• Implementation Challenges: Upgrading systems to support advanced encryption techniques requires expertise and can be complex . 
• Cost: Developing and deploying advanced encryption solutions can be expensive, especially for large, nationwide election systems. 

Public Awareness and Training 

Pros: 

• Empowered Users: Educating the public and election officials about cybersecurity threats can empower them to recognize and avoid phishing attacks and misinformation. 
• Reduced Vulnerability: Increased awareness can reduce the overall vulnerability of the electoral process to interference. 

Cons: 

• Resource Intensive: Conducting widespread public awareness campaigns and training programs requires significant resources, including time, money, and personnel. 
• Ongoing Commitment: Cyber threats evolve rapidly, necessitating continuous updates to training and awareness programs to remain effective. 

While the deployment of these defensive strategies and technologies is essential for safeguarding the integrity of elections, it is also accompanied by challenges, including costs, complexity, and potential user inconvenience. Balancing these factors requires careful planning and consideration to ensure that the benefits outweigh the drawbacks. 

Scammer’s Corner

Massive 'SubdoMailing' Ad Fraud Campaign Hijacks Thousands of Domains for Spam

SubdoMailing campaign spams 5 million emails daily

A new form of ad fraud, known as "SubdoMailing," has been identified as the culprit behind the hijacking of more than 8,000 established internet domains and 13,000 subdomains, utilizing them to distribute as many as five million scam and malvertising emails daily. 

This sophisticated scheme exploits abandoned subdomains and domains of reputable companies, leveraging their credibility to circumvent spam filters. In some instances, these hijacked domains even utilize the original domain’s SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) configurations, misleading secure email gateways into marking the emails as authentic and not spam. 

The process of 'SubdoMailing' involves commandeering subdomains that organizations have neglected, yet which still carry the trust and recognizable branding of the parent domain. By appearing to come from a legitimate source, these emails can more effectively deliver their malicious content, which ranges from scams aimed at defrauding recipients to malvertising that seeks to inject malware into unsuspecting users’ devices. 

Security experts have raised alarms about the scale and effectiveness of this campaign. The inherent trust in established brands' domain names significantly increases the potential for successful fraud or malware infections. Even savvy internet users who are usually cautious about emails from unknown senders might be deceived when the message appears to come from a known and trusted company. 

The 'SubdoMailing' campaign underscores a growing trend among cybercriminals to leverage legitimate services and infrastructure to carry out their operations, thereby complicating detection efforts and mitigation strategies. It also highlights the importance of domain management and the risks associated with allowing domain registrations to lapse without proper decommissioning. 

Companies are advised to closely monitor their domain registrations, renew those they wish to maintain, and properly shut down those they do not, removing them from DNS records to prevent such abuses. Additionally, the use of comprehensive cybersecurity measures, continuous monitoring, and public awareness campaigns are critical in the fight against these types of sophisticated ad fraud operations. 

As of now, efforts are being ramped up to identify and shut down these hijacked domains, but the campaign’s large scale presents significant challenges. The incident serves as a wake-up call to organizations about the importance of domain security as a critical component of their overall cybersecurity posture. 

For internet users, the advice remains consistent: be vigilant about the emails you receive, even if they appear to come from familiar sources, and maintain updated antivirus and anti-malware software to protect against potential threats. 

The Deep Dive

NSO Group Held to Account by California Federal Judge 

NSO Group, an Israel-based company recognized for its advanced surveillance software Pegasus, has been mandated by a California federal judge to disclose the source code of "all relevant spyware" to Meta's WhatsApp, intensifying the legal confrontation between the two entities. 

What the Court said, and the ramifications

The order, issued by Judge Phyllis Hamilton from the U.S. District Court for the Northern District of California, marks a significant development in the ongoing legal battle initiated by WhatsApp in 2019 against NSO Group. The lawsuit accuses the spyware manufacturer of infiltrating 1,400 WhatsApp users' devices to snoop on their private conversations and other sensitive information. 

According to the allegations, NSO Group exploited a flaw in WhatsApp's VoIP stack to transmit specially designed data packets to targeted mobile phones. This breach allowed unauthorized code to operate stealthily on the affected devices, enabling remote access to users' messages and private data. NSO has been accused of offering this intrusive capability as a service to governmental agencies worldwide. 

This judicial decision underscores the increasing scrutiny over the deployment of spyware tools and the implications of such use on privacy and human rights. The demand to disclose the source code is a notable move towards transparency and accountability in the digital surveillance arena. WhatsApp's legal action against NSO highlights the growing concerns over the misuse of cyber espionage tools and the urgent need for regulatory oversight in the industry. 

The outcome of this legal encounter could have far-reaching consequences for the private surveillance sector, setting a precedent for the accountability and governance of spyware manufacturers. As the case progresses, the tech community and privacy advocates are closely monitoring developments and awaiting the potential repercussions on global digital security practices. 

Commercial surveillance capabilities rival those of nation-states 

The landscape of surveillance technology has evolved dramatically, with commercial surveillance capabilities increasingly rivalling those traditionally held by nation-states. This convergence raises significant concerns and challenges for privacy, security, and international relations. 

Commercial Surveillance Capabilities: 

Commercial entities, such as NSO Group, develop sophisticated surveillance software like Pegasus, which can covertly infiltrate smartphones to extract data and monitor user activities. These tools exploit vulnerabilities in common communication platforms and operating systems, enabling deep access to personal information without the user's knowledge. 

The commercialization of surveillance technology has democratized access to spying capabilities that were once exclusive to nation-states. Private companies sell these services globally, not only to governments but also to private entities, which can lead to widespread and unregulated use. The scalability and ease of deployment of commercial products mean that they can be used for a wide range of purposes, from corporate espionage to personal vendettas. 

Government Surveillance Capabilities: 

Government surveillance, traditionally characterized by significant resources and deep technical expertise, has long been a critical component of national security and law enforcement. Nation-states have access to a broad array of tools, including bulk data collection, advanced analytics, satellite imagery, and more. These capabilities are typically subject to legal and oversight mechanisms within democratic societies, although the extent and effectiveness of these controls vary by country. 

Nation-states also have the unique ability to compel domestic companies and infrastructure to comply with surveillance requests, a power not held by commercial entities. However, the technical and operational specifics of state surveillance are often shrouded in secrecy, making direct comparisons with commercial capabilities challenging. 

Convergence and Concerns: 

The convergence of commercial and government surveillance capabilities introduces several concerns: 

1. Accessibility: The availability of advanced surveillance tools on the commercial market means that not only wealthy nations but also smaller states and non-state actors can deploy high-level spying capabilities. This accessibility increases the potential for misuse and reduces the global threshold for privacy and security. 
2. Accountability and Oversight: While government surveillance may be subject to checks and balances, commercial surveillance operates in a more opaque environment, often with insufficient regulatory oversight. This lack of transparency and accountability raises significant ethical and legal concerns. 
3. Global Reach and Jurisdiction: Commercial entities operate across national borders, complicating regulatory efforts and raising questions about jurisdiction and international law. The global nature of digital communication also means that surveillance tools can affect individuals and organizations worldwide, far beyond the intended targets. 
4. Security and Proliferation: The widespread availability of surveillance tools increases the risk of these capabilities falling into the wrong hands, leading to a proliferation of spyware and a corresponding increase in global insecurity. 

The growing parity between commercial and government surveillance capabilities signifies a shift in the landscape of global security and privacy. It underscores the need for international cooperation in establishing norms, regulations, and safeguards to ensure that these powerful tools are used responsibly and ethically, with respect for human rights and the rule of law. 

The ethics of commercial surveillance are murky, at best 

The ethics of commercial surveillance software, such as those created by firms like NSO Group, significantly raises the level of concerns within both the tech industry and broader society. These concerns revolve around privacy, consent, and the potential for abuse of power. 

Privacy is a fundamental right, and the intrusion into the private lives of individuals without their knowledge or consent is a severe ethical breach. Commercial surveillance software often operates covertly, collecting sensitive information without the subject's knowledge. This practice can lead to a profound invasion of privacy, affecting not only the targeted individuals but also those they communicate with. 

Consent is another crucial ethical consideration. In democratic societies, surveillance activities typically require a warrant or some form of legal justification, ensuring a balance between the need for security and the protection of individual rights.  Commercial spyware can bypass these legal frameworks, enabling unauthorized surveillance and undermining the rule of law. 

The potential for abuse of power is perhaps the most alarming ethical issue associated with commercial surveillance software. While these tools may be marketed for legitimate purposes, such as countering terrorism or criminal activities, the lack of oversight and accountability means they can also be misused. Governments or non-state actors could exploit these technologies to suppress dissent, monitor political opponents, or engage in oppressive practices, leading to human rights violations. 

Furthermore, the global nature of digital technology means that surveillance software can have cross-border impacts, complicating jurisdictional ethics and accountability. The international community has struggled to establish norms and regulations that adequately address these challenges. 

The ethical use of surveillance software requires robust frameworks that ensure transparency, accountability, and respect for human rights. There should be clear legal standards for the deployment of such technologies, including judicial oversight and mechanisms for redress for those affected by unjust surveillance. Additionally, there is a need for a broader public debate on the acceptable limits of surveillance and the protection of digital privacy in an increasingly interconnected world. 

In conclusion, while commercial surveillance software may offer certain benefits for national security and law enforcement, its ethical implications are profound. Balancing the benefits against the risks requires careful consideration, stringent controls, and a commitment to protecting fundamental human rights. 

As George Harrison wrote: “Watch out, beware of darkness”.  Too right.  

And Finally ….

Over the past week, significant tensions and developments have unfolded in the realm of cyberwarfare, espionage, and international security: 

In the United States, concerns about Russian cyber capabilities remain high. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, issued a "shields up" warning. Experts are emphasizing the importance of public-private cooperation in enhancing cybersecurity defenses, highlighting the necessity for individuals and organizations to adopt robust security practices such as strong, unique passwords and multi-factor authentication​​. 

Meanwhile, in response to North Korea's recent advancements, the United States, along with Australia, Japan, and South Korea, imposed fresh sanctions following the launch of a North Korean spy satellite. The sanctions also extend to Kimsuky, a North Korean cyber espionage group accused of supporting the nation's strategic ambitions and intelligence gathering efforts with spear-phishing attacks aimed at government, research, academic, and various other targets. The group has been particularly focused on South Korea, Japan, and the United States. The United Nations Security Council has also seen direct public exchanges between U.S. and North Korean ambassadors regarding the satellite launch and escalating tensions​​. 

These incidents underscore the ongoing and evolving threats in the cyber domain, highlighting the complexities of international security in the digital age. Governments and organizations globally continue to adapt to these challenges through collaboration, sanctions, and bolstering cybersecurity measures. 

As always, our aim is to provide information, perspective and education about some of the dangerous global threats in the cyber domain, so please join us next week when we’ll be presenting some of the top headlines, and our take on some of the most interesting subjects, including Ghostsec’s investigation by Talos and the resurgence of Stuxnet and attacks on web-enabled programmable logic controllers.  

Until then, stay safe, stay informed, and stay vigilant! 

Thanks for reading Cyberwarfare, Espionage & Extortion! Subscribe for free to receive new posts and support my work.

Follow My Socials

- Computercrime on LinkedIn
- X (formerly Twitter)
- That Fraud Guy on Mastodon
- Read my stuff on Dark Reading