Fights against hacktivism in Ukraine threaten open source software
Open-source sabotage is a new battlefront
There is a new battlefront in the raging debate over whether civilian technologists should play a role in punishing Russia for invading Ukraine.
A volunteer who maintains a hugely popular open-source software tool has updated the tool to erase data from computers in Russia and its ally Belarus, Joseph Cox reports for the motherboard. The updated tool replaced erased data with a heart-shaped emoji.
- The extent of the damage caused by the update is unclear, but it has the potential to wreak havoc on computers used by civilian businesses and individuals in Russia and Belarus, similar to what could be caused by a malicious hacking campaign.
The context: The move comes as large numbers of cybervolunteers in Ukraine and elsewhere have joined a “computer army,” which carries out digital attacks and information operations in Russia that circumvent and sometimes cross legal red lines.
Aggressive actions by cyber professionals unsupported by national governments alarm many analysts who fear they may undermine efforts to impose rules of the road in cyberspace or create confusion that leads to an escalation of cyber trade between the Russia and NATO countries.
The malicious code update quickly caused an uproar in the community of mostly volunteer open source developers who create and maintain libraries of computer code that power large parts of the Internet.
- Critics of the developer, who uses the online handle RIAEVangelist, have argued that his actions are far more likely to harm Russian civilians than military and political leaders.
- The update could also backfire and accidentally impact people outside of Russia and Belarus or whose internet was routed through those countries.
- More importantly, the move could set a precedent that sabotaging open source software is a legitimate form of protest, making the internet significantly less secure for everyone.
- RIAevangelist told Motherboard that it did not intend for the software to erase computer data, only to place a file on the user’s desktop.
The move comes as officials are reevaluate the cyber dangers posed by open source software in the wake of the massive log4j bug.
This bug gave hackers potentially deep access to a large number of computer systems that run incredibly common open-source software. Most of the log4j damage appears to have been mitigated by quick fixes in industry and government, but it prompted a White House summit with industry to consider whether the volunteer-driven nature of open source tools is at risk. up to the task of protecting technology from a wave of malicious hackers.
Now, sabotage is another danger the open source community will have to reckon with..
Updated RIAevangelist software, called node-IPC, is not as common as the one impacted by log4j, but is downloaded up to 1 million times every week.
The report comes as officials’ concern remains high over the possibility of a Ukraine cyber comeback hitting the United States..
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned satellite communications companies must be on high alert for Russian hacks.
The move was prompted by an increasingly clear picture of a hack against satellite company Viasat that significantly disrupted Ukrainian communications at the start of the Russian invasion. This attack has not been definitively linked to the Kremlin, but US officials are investigating whether Russia was responsible.
There are also concerns that Russian cyberattacks – which have been relatively limited during the invasion so far – will become more aggressive as its military operations bog down and Western sanctions squeeze the Russian public.
“The danger is that as political and economic conditions deteriorate, the red lines and escalating judgments that have controlled Moscow’s most powerful IT capabilities could adjust,” said the former director of the CISA. Chris Krebs warned in a Financial Times op ed.
More from Krebs: “Western sanctions and lethal aid to Ukraine could tempt Russian hackers to go after the West, sending a clear message: ‘Stop, we can make this worse for you. Russian ransomware actors could also take advantage of the situation, possibly resorting to cybercrime as one of the few ways to generate revenue.
NRA belatedly confirms ransomware hack
The ransomware hacking gang Grief claimed to have locked computers and stolen data from the National Rifle Association in October, but the gun rights group declined to confirm the hack at the time.
NRA belatedly recognized in federal election commission deposit this month that the attack blocked his access to email and other computer services for two weeks, Lucas Ropek reports for Gizmodo. The deposit was requested because the NRA failed to report about $2,500 in credit card donations because receipts were misplaced when it was submitted online.
RNA noted in October that he would not discuss physical or cybersecurity challenges.
“We would also like to emphasize that our organization has implemented additional cybersecurity measures to reduce the likelihood of a recurrence,” the NRA said.
Geofencing warrants have exploded in popularity, but they can violate rights, judges say
Two judges recently raised concerns about warrants, in which prosecutors ask companies like Google for a list of devices that were active in a geographic area, report Justin Jouvenal and Rachel Weiner.
The warrants have been useful for police trying to narrow down suspects, but critics say they violate rights against unreasonable searches of dozens or even hundreds of law-abiding citizens whose information may be retrieved with them.
Proliferative use: “These ‘geofence’ search warrants have skyrocketed nearly 600% in Virginia in recent years and 1,200% nationwide, according to Google, helping police thwart bank robberies, find suspects in murders and finding those present during the January 6 riot in Washington,” report Justin and Rachel
U.S. District Judge Mr. Hannah Lauck is one of two judges who could hold back warrants. She ruled last month that a use of the warrants after a motel shooting was too indiscriminate and violated the rights of other motel guests.
Lauck called on lawmakers to fight the proliferating use of geofencing warrants. Lawmakers should address Lauck’s “deep concern … that current Fourth Amendment doctrine may lag significantly behind technological innovations,” the judge wrote.
“The decisions are likely to reverberate throughout Virginia and the country as the debate over the legality of geofencing warrants intensifies with their proliferation,” Justin and Rachel write. “A handful of other federal magistrates have denied requests for geofencing warrants, but in the vast majority of cases they have been approved with few questions so far.”
Russians circumvent internet restrictions to get information about Ukraine
Russians use virtual private networks and the anonymity software Tor to access sites blocked by the Russian government – and this leads to conflicts with friends and family members who believe state media propaganda , report Cat Zakrzewski and Gerrit De Vynck. The use of disruptive propaganda tools is also driving a generational gap between young, tech-savvy Russians and older people who primarily get their news from television.
“Alexander, a technician from Moscow in his 20s, said he knows of people who have become estranged online, writing articles about how they will never shake hands with a certain person again because of their opinion on the war,” they wrote. . Alexander’s aunt “has stopped talking to a few of her friends that she’s known for ages,” he told Cat and Gerrit.
The Russians seem determined to circumvent internet restrictions.
- The top five VPNs were downloaded over 6 million times on Apple and Google app stores between February 24 and March 13.
- That’s a massive increase from the three weeks before Russia invaded Ukraine. During that time, the apps were downloaded just 253,000 times, according to digital intelligence firm Sensor Tower.
Chip sanctions complicate Russia’s high-tech ambitions
Russia needs advanced chips to meet its goals in artificial intelligence, robots and 5G wireless technology, the wall street journalby Yang Jie and Jiyoung Sohn report. But the Biden administration’s February decision to restrict chip exports to Russia could significantly hamper those plans. Russia does not have a large domestic chip industry and relies mainly on imports from companies such as Taiwan Semiconductor Manufacturing Company (TSMC).
“Some of the major Russian-designed chips are assembled by TSMC,” write Jie and Sohn. “Russia could lose access to some of these chips, although it could not be determined whether these chips would be subject to sanctions.” TSMC told the Journal it is committed to complying with export rules, but the company declined to comment beyond that.
- Rinki Sethiformer Chief Information Security Officer of Twitter, joined Bill.com as vice president and chief information security officer.
- Matt Ashburn joined LangleyCyber as Chief Strategy Officer. Ashburn is a former CIA cybersecurity official.
- Homeland Security Secretary Alexander Mayorkasdirector of CISA jen easternational cyber director Chris Inglis and other U.S. government officials speak at Hack the Port 2020 conference this week.
- Chairman of the Senate Homeland Security Committee Gary Peters (D-Mich.) speak at an Information Technology Industry Council Bridge for Innovation event Wednesday at 11 a.m.
- CISA Executive Assistant Director Eric Goldstein and Head of Cybersecurity for the Ministry of Energy Puesh Kumar speak at Accenture’s Operational Technology Cybersecurity Event Wednesday at 1:30 p.m.
- Senior Advisor and CISA Strategist Allan Friedman speak at an Institute for Critical Infrastructure Technology event Thursday at 1 p.m.
- ShmooCon Hacker Convention summons in Washington from Thursday to Saturday.
- English speak at the Atlantic Council’s opening of its DC Cyber 9/12 Strategy Challenge Friday at 8:30 a.m.
Thanks for reading. See you tomorrow.