Welcome to The Cybersecurity 202! Two episodes of “Better Call Saul” left. It's been the best show on TV during its run, but (no explicit spoilers) the last couple episodes don’t feel like they have the right air of moving toward a worthy finale.
Taiwan, U.S. might not have suffered major cyberattack yet over Pelosi’s visit, but China could still retaliate
Taiwan said Tuesday a cyberattack from outside its borders knocked the website of its presidential office offline, just before House Speaker Nancy Pelosi (D-Calif.) landed there as the highest-ranking U.S. official since 1997 to visit the self-governing island that China considers its own territory.
But many information security professionals weren’t impressed by the alleged distributed denial of service (DDoS) attack, a low-skill, easily obtainable tactic that hackers can use to flood a site with traffic to disable it.
Despite China’s hostile gestures and public remarks about Pelosi’s visit, she left Taiwan today, some experts suggested the incident looked less like a concerted government response and more like the work of sympathetic “hacktivists.” Some even suggested it likely wasn’t an attack at all, but rather a routine bump in traffic coinciding with a big news day.
Nevertheless, some of those same cybersecurity pros say Taiwan and the United States aren’t out of the woods yet.
- Regardless of the nature of any attack on Taiwan’s presidential office, cybersecurity firm Mandiant has seen signs of multiple Chinese information operations echoing Beijing’s message that Pelosi’s visit threatened peace and stability in the region, said John Hultquist, the company’s vice president of intelligence analysis. Mandiant expects Chinese cyberespionage to kick into “overdrive” as its government seeks to learn “what the U.S. is thinking, what the limits of our resolve are, and the way you find answers to that are by reading emails of diplomats and military members and government leaders,” Hultquist also told me.
And cyberspace is a convenient venue for a “signaling” exercise for China this week to voice its displeasure with activity targeting Taiwan’s infrastructure or “reminding us of our own vulnerability,” said Klon Kitchen, a senior fellow at the American Enterprise Institute think tank.
According to a Facebook translation of a message from Taiwan’s presidential office, it suffered an “outside-border DDoS” attack at approximately 5:15 p.m. local time. It said a 200-fold increase in weekday traffic knocked the office’s site offline for 20 minutes, although the English version of the site was at least partially inaccessible for much of Tuesday.
Here’s Taiwanese lawmaker Wang Ting-yu:
A few other sites in Taiwan also went down for a stretch, including those belonging to the Foreign Ministry, Defense Ministry and its largest airport, Taoyuan International. Overall, Taiwan “is well-connected,” Doug Madory, the director of internet analysis at website traffic-monitoring company Kentik, told me. “I don’t see anything at the country-level disconnection or disruption.”
John Ullrich, dean of research at the SANS Institute, wrote in a blog post Tuesday that there also was “a slight increase in scans for ’nuisance vulnerabilities’ like [Word Press] from Chinese consumer IP addresses,” among other small developments.
So what might have happened for the sites that went down?
- “Sure enough for those [sites], we can see a DDoS attack,” Madory said. But a 200-fold increase in traffic is “a small number,” and “I don’t see anything record breaking now,” he said. (For the record-holding DDoS attack, Cloudflare registered 26 million requests per second.)
- Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, wasn’t even sure a traffic increase of that size amounted to a DDoS attack. “That’s just a slight overload of traffic,” Alperovitch told me. “It could just be people hitting the refresh button.”
- Hultquist cautioned that just because Taiwan said the attack originated from outside the country, no one should assume the Chinese government is responsible. Madory said, in fact, that it’s hard to pin down responsibility for DDoS attacks to one nation, since they typically rely on commandeered devices from nations as far-flung as Vietnam and Paraguay.
- If China or another large country really wanted to conduct a DDoS attack, it likely would have been more powerful than the increase in traffic that Taiwan’s presidential office saw, Ullrich wrote. This looked more like the work of “hacktivists,” he said. Hacktivists have played a sizable role on both sides of the Ukraine-Russia conflict, with patriotic hackers launching attacks against targets on either side of the border.
In other words, while some analysts have worried China might be gathering lessons from Russia’s cyberattacks against Ukraine that coincided with its invasion, there’s little to learn here about how a hybrid Chinese invasion/cyberattack might look in Taiwan.
Independent privacy and security researcher Lukasz Olejnik said:
Example of a non-event cyberattack. Temporary disruption of Taiwan's president's office website. Assuming this "malfunctioning" was due to a DDoS, of course. This is such a low impact that it makes little sense to consider them seriously by public opinion. https://t.co/KQieK6NjI0— Lukasz Olejnik (@lukOlejnik) August 2, 2022
Still, Alperovitch said, “I think it’s likely that there will be some sort of response from China given their increased rhetoric and given the domestic situation that [President] Xi [Jinping] faces with the party reelection coming up in November, with the stakes that he’s raised rhetorically with Biden and through the state media about this visit being unacceptable and playing with fire.”
“I think it’s unlikely that he can just let it go and pretend it didn’t happen,” Alperovitch said.
Cyber experts call for swift Senate confirmation of top cyber diplomat
More than 100 cybersecurity and national security experts signed a letter urging the Senate Foreign Relations Committee to “act swiftly” on President Biden’s nomination of Nate Fick to be ambassador at large for cyberspace and digital policy, CyberScoop’s Suzanne Smalley reports. Fick is set to appear before the committee today.
Sen. Angus King (I-Maine), who will be introducing Fick at the hearing, told reporters that he hopes the Senate takes up the nomination after it comes back from its annual recess in September. It’s not clear if a Republican lawmaker will hold up the nomination, though King said he “would be surprised if there were significant resistance.”
If confirmed, Fick would face a complex landscape of threats, international agreements and conflicts, The Cybersecurity 202 previously reported. He’d also lead a new office at the State Department.
U.K. vote for prime minister delayed after fears that votes could be changed
Members of the Conservative Party have been told that they may not receive ballots in the mail until Aug. 11 — 10 days after they were set to be sent out, the Telegraph’s Ben Riley-Smith reports. U.K. spy agency GCHQ raised concerns that malicious actors could change votes of people voting in the Conservative Party contest, Riley-Smith reports.
“Under the original plan, Tory members were to be issued with a postal ballot with a specific code. They could then vote by post or — for the first time in a Tory leadership race — online,” Riley-Smith writes. “This remains the same. However, members were to be allowed to change their vote later in the race by post or online if they wanted — and this ability to change a vote has been scrapped.”
The warning didn’t involve a specific hacking group and was more generally about the vulnerabilities in the voting system, the Telegraph reports.
U.K. cybersecurity organization NCSC, which is part of GCHQ, told the outlet that “defending U.K. democratic and electoral processes is a priority for the NCSC, and we work closely with all parliamentary political parties, local authorities and MPs to provide cybersecurity guidance and support. As you would expect from the U.K.’s national cybersecurity authority, we provided advice to the Conservative Party on security considerations for online leadership voting.”
2020-themed Arizona race results trickle in
Arizona state lawmaker Mark Finchem, who has called for decertifying the 2020 presidential election results, won the GOP nomination for secretary of state, according to Edison Research's projections. The GOP primary race for governor — which pitted 2020 election conspiracy theorist Kari Lake against Karrin Taylor Robinson, who has called the 2020 presidential election “not fair” — was too close to call at press time.
On the Democratic side, incumbent Secretary of State Katie Hobbs won the party's nomination for Arizona governor. She has defended the 2020 results.
The race follows shortly after Republican Arizona Attorney General Mark Brnovich declared that he had closed his criminal investigation into allegations from the Cyber Ninjas firm that 282 dead people voted in the 2020 election in the Grand Canyon State, finding that only one was deceased.
“Our agents investigated all individuals that Cyber Ninjas reported as dead and many were very surprised to learn they were allegedly deceased,” he wrote.
Hackers steal nearly $200 million from cryptocurrency tool
Hackers were able to steal unlimited funds from Nomad after a software update introduced a flaw that anyone could exploit, CNBC’s Ryan Browne reports. It’s the latest high-profile attack on cryptocurrency software.
“It started with an upgrade to Nomad’s code,” Browne writes. “One part of the code was marked as valid whenever users decided to initiate a transfer, which allowed thieves to withdraw more assets than were deposited into the platform. Once other attackers cottoned on to what was going on, they deployed armies of bots to carry out copycat attacks.”
Thank you to our many white hat friends who acted proactively and are safeguarding funds. Please continue to hold them until we provide further instructions on this thread.— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
- The Senate Foreign Relations Committee holds a hearing on President Biden’s nomination of Nathaniel Fick to be ambassador at large for cyberspace and digital policy today at 10 a.m.
- CISA senior election security adviser Kim Wyman, Assistant Attorney General Kenneth A. Polite Jr. and election officials testify before the Senate Judiciary Committee today at 10 a.m.
- Officials from CISA and National Cyber Director Chris Inglis’s office speak at an R Street Institute event today at 1 p.m.
- The Senate Finance Committee holds a hearing on the United States’ organ transplant network today at 2:30 p.m.
- The Senate Judiciary Committee holds a hearing on oversight of the FBI on Thursday at 10 a.m.
Secure log off
Thanks for reading. See you tomorrow.