The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Cyber fears mount amid prospect of Russian invasion of Ukraine

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Comment

Welcome to The Cybersecurity 202! John F. Kennedy became the first sitting president to hold a live news conference 61 years ago today. There was no cursing or other hot mic moments.

Below: The SEC is mulling more serious cyber rules, and Israel's parliament is up in arms over police using NSO spyware on Israeli citizens. ,

Russia could be planning cyberattacks as it eyes Ukraine

Amid fears of a Russian invasion of Ukraine, concerns are spiking about how such a conflict would play out in cyberspace. 

The Department of Homeland Security warned yesterday that Russia might launch cyberattacks against U.S. targets as part of the escalating tit for tat following a Ukraine invasion and U.S. or NATO responses. 

Such attacks could range from relatively harmless strikes that aim to overwhelm websites to far more serious ones that aim to damage critical infrastructure such as airports and energy facilities, the department warned in an alert to industry and state and local governments, CNN’s Sean Lyngaas reported.

The alert came in the wake of a string of destructive cyberattacks against government and industry computers inside Ukraine which bore similarities to previous Russian government-backed operations. President Biden has warned the United States might respond to Russian cyberattacks against Ukraine with its own retaliatory cyber strikes. 

It looks increasingly unlikely that there will be a diplomatic solution to prevent an invasion by the roughly 100,000 Russian troops massed along the Ukraine border. The U.S. State Department most recently ordered the families of diplomats to leave the U.S. embassy in Ukraine’s capital citing the threat of Russian military action.

Cyber warfare

If there is an invasion, hacking is likely to play a prominent role.

Cyberwarfare experts have warned for years that hacking will play an increasingly prominent role in conventional military conflicts. For example, nations may hack communications and energy systems to undermine their adversaries’ ability to respond militarily or to scare their citizens and lower political support for the government. 

Russia has pioneered such hybrid campaigns, linking cyberattacks with military operations in its 2008 invasion of Georgia and the 2014 invasion of Crimea. Russia also launched the most serious known attack against an energy system when it interrupted power for thousands of Ukrainian citizens in 2015. 

Russian cyberattacks could be aimed at raising the political costs for the U.S. and NATO allies responding to an invasion. 

  • As one example, a cyberattack similar to last year’s Colonial Pipeline ransomware attack, which slowed gas supplies in the southeastern United States and prompted panic buying, could raise citizens’ frustration with the Biden administration.
  • It might also be launched by cybercriminals working from Russian territory rather than the Kremlin itself, giving the Russian state room to claim it wasn’t responsible. (Most experts say there’s a hazy line between state and criminal hackers in Russia, and criminals sometimes do the state’s bidding).

Here’s Matthew Olney, director of threat intelligence for Cisco’s Talos cyber intelligence wing, which researched the recent Ukraine attacks. 

Cyber Partisans

Tensions have ratcheted up further by what seemed to be a cyberattack targeting rail systems in Belarus.

The Belarusian hacktivist group Cyber Partisans took credit for the attack, which it said was aimed at impeding Russian troops and freight from using train services inside the Moscow-allied nation. 

The group pledged in a tweet to call off its attack if government leaders prevent Russian troops from entering Belarusian territory and release 50 political prisoners. 

A troubling precedent: The Cyber Partisans hack appears to have inadvertently disrupted ticket sales, the Associated Press’s Frank Bajak reports. The group told Bajak it didn’t intend to disrupt regular passenger service and was working to fix the issue. 

While seemingly minor, the snafu demonstrates how errors in cyber operations can lead to grave and unintended consequences — something that could be particularly damaging during a hot military conflict when adversaries are unlikely to take each other’s words that an accident is truly an accident. 

The keys

The SEC is considering expanding its cybersecurity rules for companies

The Securities and Exchange Commission is considering requiring a broader swath of financial firms to test for cyber weaknesses, back up data and have plans for potential cyberattacks, the Wall Street Journal’s Paul Kiernan reports. The rules currently apply to stock exchanges and other large intermediaries between securities buyers and sellers. 

Other possible changes include:

  • A shift in the timing and substance of notifications that brokers and investment advisers have to send when they’re hacked
  • Boosting cybersecurity standards of “service providers” that aren’t currently covered by the SEC’s cybersecurity rules

SEC Chairman Gary Gensler reiterated that firms may have to report ransomware hacks that expose sensitive information or result in payments to hacking groups. The potential changes come as the U.S. government works to boost cybersecurity across critical industries like the financial sector amid a surge in ransomware attacks.

A hearing over police use of NSO Group’s Pegasus spyware devolved into a shouting match

Members of the Israeli parliament’s Public Security Committee were furious at Israeli police in the wake of reports that they used Pegasus to illegally hack Israeli citizens, the Jerusalem Post’s Yonah Jeremy Bob reports

Lawmakers used a hearing on the reports to call Israel’s police a “criminal organization,” demand a parliamentary probe and new legislation and to tie the spying to former Israeli prime minister Benjamin Netanyahu, though Netanyahu hasn’t been accused of wrongdoing in the cases.

Public Security Minister Omer Barlev has told his ministry to look into the country’s wiretapping laws, the Times of Israel’s Carrie Keller-Lynn reports. He will propose new legislation “if necessary,” he said. Barlev previously said there was no evidence of wrongdoing by the police. The country's police has denied wrongdoing to the publication Calcalist, which originally reported on the allegations.

In Poland, lawmakers are drafting legislation to regulate spyware, the Guardian’s Shaun Walker reports

The move comes as a commission set up by the country’s opposition-led senate investigates alleged Pegasus infections of at least three opposition figures. “There is little chance of such a law passing through the government-led lower chamber of parliament, but the opposition-controlled senate could draft a law that would allow a future government to adopt it,” Walker writes. The ruling Law and Justice party has downplayed reports about Pegasus.

Twitter removed a bot that spoiled the viral game “Wordle” for users

The automated bot replied to people tweeting their performance in the game with the answer to the next day’s puzzle, the Verge’s Mitchell Clark reports

While it’s not clear how the bot designer got the following day’s answers, GitHub software engineer Robert Reichel had shared a way to get the next day’s answer based on information in the game’s public software code. The method wasn’t particularly well hidden, which may have been a byproduct of Wordle growing far more popular more quickly than its developer expected.

It's not clear why the account was suspended, though it apparently ran afoul of Twitter’s bot rules, which prohibit developers from creating automated accounts to “spam or bother users, or otherwise send them unsolicited messages.” Twitter didn’t respond to a request for comment from the Verge.

Cyber insecurity

Omicron variant came with surge in suspicious websites

Nearly two years into the pandemic, the Internet is still awash with shady coronavirus-themed websites that could be used as lures to steal people′s information or infect them with malware, according to corporate domain registrar CSC. In the first year of the pandemic, researchers found thousands of virus-themed domains and concluded that it was strikingly easy to register domains with the potential to spread vaccine-related hoaxes.

  • CSC found more than 2,300 domains containing the word “omicron.” Of the nearly 1,200 domains registered in 2021, around 70 percent were registered in the two weeks after Nov. 26, when the World Health Organization named the variant.
  • CSC identified likely phishing sites posing as sites belonging to the WHO and coronavirus vaccine manufacturers.
  • More than half of the suspicious web domains created during the first months of the pandemic were abandoned after their one-year registrations ran out.

Cracking a $2 million crypto wallet (The Verge)

Industry report

New America is hiring someone to launch and manage the #ShareTheMicInCyber project

The the job posting comes nearly three months after the launch of a partnership between the New America think tank and the #ShareTheMicInCyber campaign, which aims to recruit more women and people of color into the cyber field. 

Global cyberspace

Canada's foreign ministry hacked, services hit (Reuters)

Federal judge denies bail for Russian with close ties to Putin (NBC News)

DDoS attacks on Andorra's internet linked to Squid Game Minecraft tournament (The Record)

Tor Project appeals Russian court's decision to block access to Tor (Bleeping Computer)

Shady network of fake Mossad job sites targets Iranian spies (The Daily Beast)

Sweden sets up Psychological Defense Agency to fight fake news, foreign interference (Adela Suliman)

Privacy patch

Capitol Police examines backgrounds, social media feeds of some who meet with lawmakers (Politico)

Securing the ballot

Attorney's testimony underscores little oversight over Gableman's response to records request (Wisconsin State Journal)

Daybook

  • NATO Deputy Secretary General Mircea Geoana, European Commission Vice President Margaritis Schinas, German Cyber Ambassador Regine Grienberger and other top cybersecurity officials including CISA Executive Assistant Director Eric Goldstein speak at the CyberSec Global event on Tuesday.
  • FTC Commissioner Noah Phillips discusses data privacy at an event hosted by the National Cybersecurity Alliance and LinkedIn on Wednesday.
  • The German Marshall Fund hosts an event on cyber and other forms of resilience in Ukraine on Wednesday at 10 a.m.
  • CISA Executive Assistant Director David Mussington speaks at a Purdue University event on Wednesday at 4:30 p.m.
  • Sens. Ron Wyden (D-Ore.) and Marsha Blackburn (R-Tenn.) speak at an R Street Institute event about a future federal privacy law on Thursday at 2:30 p.m.
  • CISA senior adviser Kris Rose and other cybersecurity experts speak at Out In Tech's Out in Cybersecurity event on Thursday at 5:30 p.m.
  • FBI Director Christopher A. Wray speaks at the Reagan Library on Monday.

Secure log off

Thanks for reading. See you tomorrow.

Loading...