What I Am Reading 1/27/2020

Reuters - U.S. state AGs, Justice Department officials to meet and coordinate on Google probe: sources -

U.S. state attorneys general will meet Justice Department attorneys next week to share information on their investigations into Alphabet Inc’s Google, two sources familiar with the matter told Reuters on Sunday. The probes revolve around monopolistic behavior that may harm consumers through Google’s control of online advertising markets and search traffic. 

Al Jazeera - Plastic recycling: Australian engineers create a 'micro' solution -

They say the micro-factory ends the need for waste products to be transported over long distances and could lead to much more rubbish being recycled.

Seattle Times - ‘I did it’: Portugal hacker says he exposed African tycoon  -

Lawyers for Rui Pinto, who is in a Lisbon jail awaiting trial in a separate case, said in a statement Monday he gave the information about Isabel dos Santos to the Platform to Protect Whistleblowers in Africa, an advocacy group based in Paris, in 2018.

Dos Santos is a daughter of Angola’s former president Jose Eduardo dos Santos and is reputedly Africa’s richest woman after holding top jobs in Angola and a high-profile international career.

Cyberscoop -  Hack of Jeff Bezos' phone likely happened through Saudi crown prince, analysts tell UN -

With “medium to high confidence,” forensic investigators have concluded that Saudi Crown Prince Mohammed bin Salman was directly involved in hacking into Jeff Bezos’ phone in 2018, according to a United Nations statement released Wednesday.

...

FTI Consulting’s cybersecurity practice — led by Anthony Ferrante, the former director for Cyber Incident Response at the National Security Council at the White House — found “no matches against known conventional or typical malicious software” remaining on Bezos’ phone.

The malicious file was delivered by an encrypted downloader host on WhatsApp’s media server, FTI found. Due to WhatsApp’s end-to-end encryption, it was “virtually impossible” to determine the contents of the downloader, according to FTI.

Cyberscoop -  The big questions from FTI's report on the Jeff Bezos hack -

For now, the published information has left many observers unsatisfied. Alex Stamos, the former CISO of Facebook, which owns WhatsApp, said the FTI report didn’t go far enough in its analysis.

“This FTI forensics report is not very strong. Lots of odd circumstantial evidence, for sure, but no smoking gun,” Stamos said. “The funny thing is that it looks like FTI potentially has the [device] sitting right there, they just haven’t figured out how to test it.”

Schneier on Security - Brazil Charges Glenn Greenwald with Cybercrimes -

Glenn Greenwald has been charged with cybercrimes in Brazil, stemming from publishing information and documents that were embarrassing to the government. The charges are that he actively helped the people who actually did the hacking:

Security Magazine - Risk of Destructive Attacks on the Electric Sector Significantly Increases -

According to Dragos, Inc.'s January 2020 North American Electric Cyber Threat Perspective report, seven of 11 tracked activity groups target North American electric entities: PARISITE, XENOTIME, DYMALLOY, ALLANITE, MAGNALLIUM, RASPITE, and COVELLITE. Dragos identified a recent increase in activity targeting North American electric entities, led by the identification of PARISITE activity targeting known VPN vulnerabilities, and MAGNALLIUM password spraying campaigns focusing on oil and gas that expanded to include the electric sector.

What I Am Reading 1/26/2020

Reuters - U.S. Justice Dept. plans to hold meeting to discuss tech industry liability: sources -

U.S. Attorney General William Barr said in a speech last month that the Justice Department was “studying Section 230 and its scope” because “many are concerned that Section 230 immunity has been extended far beyond what Congress originally intended.”

Barr said internet companies had absolved themselves of responsibility for policing their platforms, while blocking political speech with impunity.

Lawmakers from both the Republican and Democratic parties have called for Congress to change Section 230 in ways that could expose tech companies to more lawsuits or significantly increase their costs. 

Reuters - French central banker says digital currency cannot be private -

Asked whether such digital money could be issued by private companies, Villeroy said “currency cannot be private, money is a public good of sovereignty”. 

ZDNet - Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices -

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

Schneier on Security - Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained -

In private talks with Apple soon after, representatives of the FBI's cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

S4x20 Review (#S4x20)

Just returned from the S4x20 conference in Miami Beach. 

It was a great week.  First off I hooked up with Clint (@R1ngZer0) and Mathew from ThreatGen.  haven't seen them in awhile.  Talked about the game for a bit and they introduced me to a few people.  Thanks for that!  Second, the conference itself was really well put together.  Dale Peterson did a great job.

So about the conference itself, there are quite a few things that I liked:

1.  The venue was comfortable and close enough to lodgings to be convienient
2.  The speakers were great
3.  I really like the way the day started with an hour and a half of common track and then split down to the different stages.

All of the talks I attended were good but three were really kind of appropriate for me and my position:

a.  Cybersecurity Oversight and Governance: managing the Risk by Lisa Sotto (@lisasotto)
b.  The Inevitable Marriage of DevOps and Security by Kelly Shortridge (@swagitda)
c. Attack Vectors on Distributed Energy Resources (DER) by Maggie Morganti (@magpie2800)

Each of the above talks provide insight into some aspect of my day to day work, but like I said all of the talks I attended were good.

There were a couple minor irritations, but nothing worth making a big deal about and nothing specific to the conference itself but more directed at some talk content.  I just disagree with some peoples' conclusions on some matters.

@BEERISAC was fun, as were the other after hours activities and hey, it's Miami Beach in January.  I spent a few hours just walking up and down the beach. 

Conclusion:  Good Conference, I am going again if I can.  Hopefully next time work will pay for it.

Two Books - "Anti America" and "Data Breaches: Crisis and Opportunity"

Gonna talk about two books from this week.

First up is AntiAmerica.  by T.K. Falco.  I was looking for something to occupy me on the commute so I searched audible for "cyberthriller" and this was the only title that came up.  The description seemed promising enough:

AntiAmerica stands at the center of the largest US anarchist uprising in 100 years. 

When hacktivist group AntiAmerica hacks the nation's largest banks, the financial industry is left teetering on the brink of collapse. Hacker and teen runaway Alanna Blake is forcefully recruited by the government to track down the only link to AntiAmerica, her missing ex-boyfriend Javier. She relies on every bit of her social engineering cunning to navigate a conspiracy of lies and deceit, which imperils both the lives of everyone closest to her and the secrets to a past she longs to remain locked away forever.  

This book contains content surrounding drug abuse, mental illness, physical abuse, and suicide.

Unfortunately it kind of just turns into another angsty teen story that fills you with frustration because of all of the main characters stupid decisions, and of course the protagonists are who you expect.  There is a twist at the end that is somewhat surprising, but the clues are there if you care enough to try and put them together.  It's not a horrible book but it's not great either. 

Second is  Data Breaches: Crisis and Opportunity by Sherri Davidoff.  Admittedly I am only about a chapter into this one, so I am not going to try and really review content.  What I like about this book so far is that it written pretty accessibly and it seems to be interested in covering the major breaches in a case study style.  It also has chapters on Supply Chain Risk and Cloud Security Risk; two areas that are becoming important to me at work.  If anyone else (hah, like I have real readers) reads it I'd like to hear your thoughts.

Reading up on the China Threat

I just finished "America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare" and "The Hundred-Year Marathon: China's Secret Strategy to Replace America as the Global Superpower"  both were interesting but tended to the alarmist I think.  I agree with their basic premise, that China (and others) is in the process of challenging America's pre-eminence on the world stage, and I believe that if they succeed that it will be bad for the world.  The authors' tone however makes it sound like this is a done deal, inevitable and irreversible.  I don't agree with that.  Next up on the list is "Unrestricted Warfare: China's Master Plan to Destroy America"

In case you are wondering two of these three books appear on military cyber warfare reading lists:

https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996

SANS ICS 612 Review Part 2

This covers the second half of the ICS 612 course.  On Morning 4 we picked up with the reaminder of the day 3 material, so basically more architecture and networking solutions.  We did some work with a data historian and explored remote access a bit more. 

After completing that material we moved right into System Management.  This was pretty tools centric with some time spent on the ELK stack then on pushing that data into Integrity (formerly Sophia).  We also spent time using Cyberlens and the Dragos suite as well as Indegy.  The day closed out with discussions of ICS change management and ICS patch management.

Day 5 was a blast, the instructors borked our setups and we had to troubleshoot the issues and restore fuctionality.  That was the first half of the morning.  Then we did a CTF until lunch which was fairly challenging, but not exceptionally so. (I placed 4th out of 20 and I am a moron so...).  Thae afternoon was spent providing feedback on the course and grinding coffee, which was the simulated business.

Overall this course was really good, of course most SANS Training is.  Everything went far smoother than I expected for a beta course.   I highly recommend this course, especially if you can couple it with some of the training from Threatgen which covers some of the areas like risk assessment that this course, as a mainly hands-on offering doesn't really delve into.

SANS ICS 612 Review Part 1

SANS Institute recently introduced a new class in their ICS Track; ICS 612:  ICS Cybersecurity In-Depth.  In the SANS world this, as a 600 level class would be an upper level Masters course.  The course was developed by Tim Conway, Jeff Shearer, Jason Dely, and Chris Robinson.  Tim, Jeff, and Jason are actually instructing.

So far the class has been excellent.  It covers a wide variety of subjects in a logical sequence with days broken down, (so far), into Local Process: which deals mainly with local interaction with the PLC and other lower level equipment, System of System: which deals with pulling the local processes up into more distributed systems, and ICS Network Infrastructure: covering network equipment, segmentation and monitoring (we are only about half through this module),  Everything has a lot of  hands on using a student kit tied into a pod shared by two students.

Some of the topics being covered are:

PLC programming
Secure Architecture
Process and Data Flow
Remote Access

My only criticisms are the timing on the labs aren't quite right, but it's a beta course so that will get worked out, and I like case studies and so far there is only one.

I will finish this review after the course ends tomorrow night but so far I highly recommend it.