This is the second article in our new series, Modern Privacy.
Welcome back to our recurring look into the world of privacy and cybersecurity! It seems like the news of the world is moving a mile a minute, especially since the publication of my last article in this series. We continue to see cyber threats from around the globe from rogue groups, hackers and even governments alike. If anything can show humanity that we’re all very interconnected, and in this situation together, it’s the hacking of private data — so let’s begin!
Half A Year, One Whole Mess
Recently, cybersecurity researchers at Risk Based Security released their Mid-Year Report for 2017 and, in the first six months of the year, there have been over 2,200 publically reported data breaches resulting in over six billion records exposed.
Think about this for a moment. As of March 2017, there are roughly 3.7 billion internet users globally. This means that at this level of exposure, literally everyone that uses the internet could have a record exposed by sheer numbers. Obviously, that’s not the case, but we are in fact talking about billions of people on the planet with security risks due to this kind of activity.
The only real upside to this situation is that it fosters awareness among the non-technical population and, anecdotally, I’m seeing a vast increase in the number of questions I’m getting from regular users on my radio show and public social media. Because we rely on third parties to safeguard our data (everything from the bank to doctor’s offices to the local oil change shop), there will always be risk. However, with more awareness comes more caution in giving out data, thus mitigating the risk a bit. Here’s hoping this trend changes sooner than later!
The CIA Loves Your MacBook Pro
WikiLeaks, in their ongoing quest to be the thorn in government’s side, has released more Vault7 data. For those unfamiliar, Vault7 is an ongoing release of hacking tools and concepts that were stolen from the Central Intelligence Agency (CIA) and given to WikiLeaks who is slowly releasing the information to the public.
A recent round of releases involved a CIA project called “Imperial” that developed three hacking tools designed to hit Apple Mac computers and also some variants of the Linux operating system. The first tool, Achilles, lets the CIA combine Trojan infections with a legit DMG application installer.
SeaPea is the other tool that lets them install a Rootkit infection that can hide their files, processes and connections from the unsuspecting user. With these two capabilities, the CIA has the ability to basically take over a computer without the knowledge of the owner. Big Brother is apparently alive and well.
Anonymous Isn’t a Fan of Nazis Either
Unless you’ve been living under a rock in the United States, you really couldn’t have escaped the news about the protests, and counter protests, in Charlottesville, Virginia. Using an umbrella term for one side of various groups, white supremacists clashed with anti-protestors. Violence ensued, which resulted in injuries and a tragic death. Citizens of the United States were generally saddened and outraged at this occurrence. Hacktivist group Anonymous is no exception.
In protest of the death of Heather Heyer, an Anonymous counterpart known as “New World Hackers” (NWH) decided to collectively hit the City of Charlottesville in their protest against violence. Under the banner of #OpDomesticTerrorism, NWH launched a Distributed Denial-of-Service (DDoS) attack against the official website of the city, which forced it offline. NWH contends that the death of Heather Heyer was an act of terrorism and stated:
“Our strategy relies on the unity of these direct actions (DDOS), as the ballot box is no defense against fascism and hatred, nor are the political parties in power now. We are seeing that victories we have won through hard struggle could very well be reversed. Our only chance is to build a movement that relies on the power of the people.”
HBO Just Can’t Catch a Break
Most everyone on the planet loves HBO, and I’m no exception. They make excellent television enjoyed by the world over, and their CEO is even cool with people sharing their online HBO GO streaming accounts with friends. So, it is my sad duty to inform you, dear reader, that HBO has a cybersecurity problem.
HBO has now joined Sony in being a major production studio have its intellectual property hacked and held for ransom. People suck. Early in August, it was reported that hackers had hit HBO so deeply that the ENTIRE new season of Game of Thrones was stolen and being ransomed.
What people who aren’t entrenched in cybersecurity/cyberwarfare daily — aka people not in my field — don’t understand is that once hackers are in your system they steal just about anything and everything they have access to. HBO learned this harsh lesson when, above and beyond Game of Throne spoilers, they had two other hit shows stolen.
Curb Your Enthusiasm and Insecure (trying to ignore the irony on that one here) were also stolen. HBO has a serious problem. Unless they can fully identify the method of entry for the hackers and also understand what other programs were stolen, we could potentially see a plethora of HBO shows being held for ransom. Best of luck, guys.
Pop Quiz: Russia or USA?
Assume for a moment you’re a protester against the leadership in your country. Like all humans interested in a cause you’re inevitably going to seek others that align with you in an attempt to organize and affect the change you wish to see in your corner of the world.
This search is going to take you to social media groups, public forums and websites. Depending on the society and government, this search effort is either going to be allowed under the umbrella of freedom of expression or it’s going to be either banned or monitored in an attempt to identify those who disagree with the body politic.
In a recent case of the latter, a government has decided to shun privacy and ask a web host to hand over the IP addresses of all visitors to its site which is roughly 1.3 million unique visitors. We know that the Russian government has a tendency to not appreciate opposition to its rule and will go to some lengths to ensure it stays in power, however, it would appear that lately, we in the United States may be subject to similar (though less drastic) measures.
Unfortunately, the website I’m talking about is a U.S.-based site dedicated to opposition to the current administration. The US government is asking the host of that site for all information pertaining to its creators and visitors. As of last Thursday, a judge ordered DreamHost to comply with a search warrant from the Department of Justice, albeit with a slightly less intrusive search warrant.
Welcome to a brave new world, everyone.