THE KEY

A new free Android app is seeking to dramatically improve security for smartphone users in the developing world — and make the world's cybersecurity ecosystem safer in the process. 

The app, which will be available for download later today, is made by Quad9, a nonprofit organization founded by a coalition of tech companies and law enforcement agencies that offers free basic cybersecurity to tens of millions of users across 88 nations – especially people who lack other cybersecurity protections.

By expanding to mobile, the organization will increase protections in poorer parts of Africa, Asia and Latin America, where users are far more likely to use smartphones as their only route to the Internet, Quad9 Executive Director John Todd told me in an exclusive preview of the app's release. 

Hacks in those nations are often far more damaging to victims because they lack a financial cushion to recover from the losses, and banks and insurers are less likely to cover them, Todd told me.

“Bricking a smartphone that costs one month of wages is a much more serious issue than bricking a smartphone that costs one day of wages,” he said, using a slang term for a digital attack that renders a phone or computer as useless as a brick.

But the bigger idea is to improve the whole cybersecurity ecosystem, Todd saidbecause hacking campaigns that start in the developing world rarely stay there. Hackers often target the least protected systems -- wherever they are in the world -- and then use the computing power they’ve stolen there to send phishing emails or launch denial of service attacks against much juicier targets, including major companies in the U.S. and elsewhere.

“By protecting these individuals, we’re protecting the larger Internet,” Todd said. “We’re keeping the Internet a more stable place.”

And U.S. law enforcement has a vested interest. Quad9 was founded in 2017 by a coalition that includes IBM and the Global Cyber Alliance, a nonprofit organization launched by groups including the New York County District Attorney’s Office and the City of London Police. These cities lose millions of dollars to global cybercrime networks and local police and prosecutors launched the coalition as a way to proactively respond to threats outside their borders before they turn into crimes. Quad9 still receives much of its funding from those organizations but is managed fully independently, Todd said.

The organization offers Domain Name Service, or DNS, protection, which means it prevents people from connecting to malicious websites — such as phishing sites that look like a bank’s website but are actually stealing log-in information. That means it won’t protect users from all hacks, but it will protect against a lot of the easiest and most pervasive ones, Todd said.

Quad9 is far from being able to fix the scourge of global hacking, but Todd thinks it can make a sizable difference -- especially in several nations where it's the only DNS system that offers similar security and privacy protections. 

And there’s evidence it can be extremely helpful. Quad9 deflects at least 10 million connections to malicious websites each day, Todd said, and can deflect more than 40 million malicious connections on a busy day.

In one case, a mobile carrier in Kinshasa, capital of Congo, adopted the service for all of its users, and the number of blocked sites just in that city surged to about 150,000 per day, Todd said.

It’s difficult to say how widely Quad9 is used because the organization doesn’t store information about users, Todd said. It serves at least “tens of millions” of people each day, and Todd expects that to grow by double digits with the Android app.

The organization’s growth in the developing world is about double what it is in the developed world, he said.

Quad9 has tried to foster that growth by building out infrastructure in countries where it doesn’t make economic sense for for-profit cybersecurity companies to locate — including 33 locations in Africa crossing 27 countries — so people there can use the service without dramatically slowing down their Internet speeds.

PINGED, PATCHED, PWNED

PINGED: Chinese intelligence agencies appear to have stolen a trove of National Security Agency hacking tools in 2016, the New York Times’ Nicole Perlroth, David E. Sanger and Scott Shane reported.

It’s another troubling sign U.S. intelligence agencies are struggling to keep their secret hacking tools under wraps.

“Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away,” the Times reported.

The loss was discovered by Symantec, which said in its report that some of the tools were similar to those leaked by a threat group called Shadow Brokers later the same year. Researchers have not yet tied Shadow Brokers to any particular nation state.

“The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key,” the Times reported.  

PATCHED: How big is the “dark web” – a shadowy part of the internet where miscreants sell hacking exploits, heroin and child pornography? Not very big at all, according to a study the Research group Recorded Future is formally releasing today.

“In reality, the number of onion sites [which comprise the dark web] is tiny compared to the size of the surface web,” Recorded Future reported. “Our count of live reachable onion site domains comes to less than 0.005% of the number of surface-web site domains. Out of about 55,000 onion domains that we found, only around 8,400 onion domains had a live site (15%).”

To put it more plainly, a common trope that describes the visible web as just the tip of a vast iceberg, has the metaphor “upside down,” the study states.

That doesn’t mean people aren’t doing very shady stuff on the dark web sites that do exist, however.

Europol announced just Friday it shut down two dark web marketplaces – nicknamed Wall Street and Valhalla -- that sold drugs, stolen data and other illicit items. Here’s more on that takedown from Cyberscoop’s Jeff Stone.

PWNED: Microsoft is partnering with major election technology suppliers on new open source software that will allow third parties to verify election results and allow voters to verify their votes were counted accurately, the company announced at its developer conference.

Election technology vendors that build more than half the nation’s voting machines have told Microsoft they’re considering using the technology called ElectionGuard, the tech giant said.

Early prototypes of the technology will be available for the 2020 election, but “significant deployments” will come in later election cycles, Microsoft said. The company is building ElectionGuard with the help of the tech company Galois, which is also working with the Pentagon’s research and development wing on secure election technology.

Here’s a quick take on the announcement from freelance election security reporter Kim Zetter:

PUBLIC KEY

Cybersecurity news from the public sector:

China’s cyber-theft and cyber-espionage operations are accelerating to the point that they can “degrade core U.S. operational and technological advantages,” according to a congressionally mandated assessment of the Chinese military the Pentagon issued Friday.
National
Georgia’s highest court plans to hear an appeal of the dismissal of a lawsuit challenging the outcome of the election for lieutenant governor in November
Kate Brumback | AP
Close ties between vendors and election officials are getting extra attention as states plan to spend hundreds of millions of dollars on new voting machines by next year.
NPR
PRIVATE KEY

Cybersecurity news from the private sector:

Facebook announced it is taking down 97 pages, groups, and accounts emanating from Russia and targeting Ukraine that attempted to conceal who was behind them.
THE NEW WILD WEST

Cybersecurity news from abroad:

Israeli armed forces responded to a Hamas cyberattack by bombing the group’s hacking headquarters.
Foreign Policy