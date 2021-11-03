But the operation may have all been a hoax, as journalist Brian Krebs reported — a Russian hacker’s ploy to embarrass Western cyber threat trackers and media and to sow confusion about the genuine hacking threats barraging U.S. targets and roiling U.S.-Russia relations.
The story highlights how shadowy the world of hackers and their victims remains — even as the U.S. government and cybersecurity firms have made leaps and bounds in confidently attributing who’s doing what in cyberspace.
Plenty of people were convinced by the Groove postings. The cybersecurity firms McAfee and Intel 471 said they had “high confidence” that Groove was affiliated with a well-known ransomware gang called Babuk. Media wrote about the findings.
“Attribution is hard and we always have to remember that,” Allan Liska, director of threat intelligence at the cybersecurity firm Recorded Future, told me. “We’re getting better at it, but every time you make a mistake there’s always somebody out there to remind you of it, and it basically undermines everything you say.”
Liska added, however, that there were “a lot of red flags” that had made many ransomware researchers skeptical of the Groove story from the beginning.
One big red flag: A cache of allegedly stolen online credentials the group posted appeared to have been simply lifted from other sources, he said.
Calling them out
The confidence and certainty with which government and industry name and shame hackers has skyrocketed during the past decade.
- Before 2014, the U.S. government had never attributed a hacking campaign to another nation or taken actions against foreign government-backed hackers such as sanctions or indictments.
- But such actions have come with a rat-a-tat pace in recent years against hackers in Russia, China, Iran and North Korea.
- They’ve even guided top-level foreign policy. President Biden confronted Russian leader Vladimir Putin in June over the United States’ confident assertion that Russia-based cybercriminals were behind ransomware attacks that hit vital U.S. companies.
- Cybersecurity firms also routinely attribute cyber campaigns to criminal and government hacking groups.
A view has persisted, however, that cyberspace is a cipher where nothing can ever be known for sure.
That’s proved a convenient excuse for Putin, who has cited it as he shrugs off U.S. hacking accusations.
Former president Donald Trump expressed a similar view. He claimed the 2016 hack of the Democratic National Committee — which was attributed to Russia by multiple U.S. intelligence agencies — might actually have been conducted by “somebody sitting on their bed that weighs 400 pounds.”
Reasons for skepticism
It’s not clear if the hacker behind Groove initially intended his plan as a hoax. The hacker, who uses the online handle “Boriselcin,” may have settled on the hoax explanation after he couldn’t get other cybercriminals to join his scheme.
Intel 471, the company that joined McAfee in profiling Groove, argued for the latter explanation in an email to me.
“While it’s possible that a single actor concocted Groove as a way to troll security researchers and the media, we believe it’s more likely that the actor's attempt to create their own ransomware group didn't work out as they had planned,” the company said. “It’s also important to remember that the true identity and nature of any Ransomware-as-a-Service gang is not always clear and the membership makeup or affiliates of these gangs can be fluid.”
Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, agreed.
“There’s no reason to believe that [ransomware hackers] are ever telling the truth about anything,” he said. “The default assumption should be that they’re lying or at the very best simply telling the pieces of the story they wish to become public.”
A McAfee spokesman said that none of the authors of the original Groove blog post were available for comment because the company’s enterprise division had split off from its consumer-focused division.
The keys
There were “no significant incidents” on Election Day, CISA says
Republicans swept Virginia's statewide races, choosing Glenn Youngkin as their next governor, while the New Jersey governor's election remains too close to call.
The Cybersecurity and Infrastructure Security Agency “will continue to monitor and support election officials as they count ballots, report, audit, and certify the elections,” Geoff Hale, Director of CISA’s Election Security Initiative, said.
The agency boosted its election security mission after Russian interference in the 2016 contest. Since 2018 it has run an election night war room that draws together federal, state and local election officials, voting machine vendors, political officials and other parties to respond to election threats in real time.
Voters experienced some relatively minor technical issues on Election Day. New Jersey voters reported some problems with electronic poll books to MyCentralJersey. CISA’s “Rumor Control” initiative, which knocks back election-related misinformation and disinformation, highlighted false claims about absentee and mail-in voting:
CISA is ordering federal agencies to fix known vulnerabilities exploited by hackers
This marks "the first government-wide requirements to remediate vulnerabilities affecting both Internet-facing and non-Internet facing assets,” the agency said.
Details: Under the directive, CISA will establish a catalog of computer bugs that hackers exploit most often and give agencies specific timeframes in which to fix them. The catalog will be public and CISA Director Jen Easterly is calling on private sector organizations to fix the bugs as well — especially those in critical sectors such as energy and transportation.
DHS has issued roughly a dozen such “binding operational directives” since a 2014 law gave it that authority. The directives have targeted a wide range of cybersecurity issues, including banning agencies from using software developed by the Russian company Kaspersky.
Facebook will delete facial recognition data on more than a billion people
The social media network says it decided to scrap facial recognition technology after “careful consideration” and weighing the technology’s trade-offs, Elizabeth Dwoskin and Drew Harwell write.
Context: The company has long used facial recognition to tag people in photos, but the technology has come under fire from critics who say it violates user privacy and can be abused for government surveillance. Chinese technology giant Huawei, for example, has tested facial recognition software that could aid Chinese government surveillance of the nation's Muslim Uighur minority.
Facebook “did more than anyone to normalize” the controversial technology, Elizabeth and Drew write. “The company — which for years had a self-proclaimed ‘move fast and break things’ ethos — has historically pushed forward with products that have resulted in outcries from privacy experts and the public.”
The company has faced legal challenges over its facial recognition technology. Last year, Facebook “agreed to pay roughly half a billion dollars to settle a class-action case alleging the company violated Illinois law in the way it collected data for its facial recognition tools,” Elizabeth and Drew write.
“There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use,” wrote Jerome Pesenti, Facebook’s vice president for artificial intelligence. “Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”
Global cyberspace
Russia detained and released a hacker apparently wanted by U.S. authorities
Belarusian hacker Sergey Pavlovich said in a YouTube video that authorities detained him on an Interpol warrant in St. Petersburg, Bloomberg’s Jake Rudnitsky reports. The authorities released him shortly after.
“As you see, I’m in a royal suite at a hotel and not in a cell, even though I was in a cell yesterday,” Pavlovich said in the video. “Even though I served 10 years in Belarus, America wants me as their prisoner, which isn’t fair.”
Pavlovich's apparent release by Russian authorities comes as U.S. authorities wait to see whether Russia will arrest high-profile hackers that the United States says are targeting victims in the United States.
Interfax confirmed that Pavlovich was detained, citing a person with knowledge of the detention. A St. Petersburg police spokesman did not respond to a request for comment from Bloomberg.
A cyberattack hit the National Bank of Pakistan
The bank's computer systems and ATMs were affected, but no money has been reported missing, the Record’s Catalin Cimpanu reports. The cyberattack is being investigated as sabotage, not ransomware, people familiar with the investigation told Catalin.
The hack caused a panic among some customers. Despite the bank telling customers that more than 1,000 branches and all ATMs were open, “news of the hack did not stop some scared customers from rushing ATMs to withdraw funds Monday morning,” Catalin writes. Ultimately, “the Pakistani government had to step in and issue a statement to calm spirits and prevent a run on all Pakistani banks.”
Securing the ballot
Cyber insecurity
Government scan
Hill happenings
Daybook
Secure log off
