April 1, 2019

Microsoft slaps down 99 APT35/Charming Kitten domains

By Lisa Vaas

Microsoft said on Wednesday that, with a court order in hand, it’s swatted 99 domains associated with the Iranian hacking group known as Charming Kitten (or APT35, or Ajax Security Team, or that Microsoft calls Phosphorus).

Microsoft said that its Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking the group since 2013. The group typically goes after computer systems of businesses and government agencies in order to steal sensitive information from industries including defense and entertainment.

It’s also targeted political dissidents, activists, government employees, and journalists – especially those involved in advocacy and reporting on issues related to the Middle East.

A kitten with a long history

Charming Kitten/Phosphorous/APT35 has been blamed for the 2017 attack on HBO that led to the leaking of 1.5TB of data, including un-aired episodes of several popular shows, a Game of Thrones script, staff contacts, account credentials, and financial data.

The group has also been linked to a defector from the US Air Force who fled to Iran and who was indicted in February for revealing top-secret information to the hackers, and was also allegedly behind a recent, sneaky phishing campaign that beat multifactor authentication (MFA).

Read more at https://nakedsecurity.sophos.com/2019/04/01/microsoft-slaps-down-99-apt35-charming-kitten-domains/

Top-secret defense document hoarder Harold Martin pleads guilty

By Lisa Vaas

Here’s a quickie guide to storing top-secret classified national defense documents in your car and/or in your house: Just don’t.

Former National Security Agency (NSA) contractor Harold Thomas Martin III is facing up to nine years in lockup after having pleaded guilty last week to breaking that pretty simple, pretty common-sense rule.

The 54-year-old, who was formerly in the US Navy, worked as a contractor for at least seven different private companies, including government agencies, between 1993 and 2016.

In 2017, a federal grand jury in Baltimore indicted Martin for allegedly stealing what it estimated was a “breathtaking” 50 terabytes of classified intelligence data.

According to the indictment, Martin – whom federal defender James Wyda described as a “compulsive hoarder” – stole thousands of documents of intelligence from government agencies including the NSA and the CIA, some of which were rated top-secret.

Martin’s most recent job was working for Booz Allen Hamilton Holding Corp., the same consultancy that Edward Snowden worked for when he leaked top secret files to the press in 2013.

Read more at https://nakedsecurity.sophos.com/2019/04/01/top-secret-defense-document-hoarder-harold-martin-pleads-guilty/

Politicians mistakenly vote the wrong way in controversial internet law

By Danny Bradbury

In a clear case of “What does this button do?” several members of the European Parliament appear to have materially affected the future of the internet by mistakenly voting the wrong way.

The Guardian reports that 13 MEPs voting on the European Copyright Directive later said that they’d voted the wrong way and asked for their votes to be changed.

The European Copyright Directive is a ground-shaking regulation that could change the way we use the internet in Europe. There are two especially controversial articles in the Directive – 11 and 13 – that have internet rights advocates up in arms. The articles change the way that people share links and upload content online.

Article 11 is known as the link tax. It enables news sites to charge a fee to other sites that reproduce their work, or simply block links from those sites altogether. It means in principle that newspapers can charge sites like Google, which aggregates content for Google News, for reproducing just a few words of their headline or copy.

This sounds like a good idea for those who believe that original content producers should be paid for their work, but there are critics, as Cory Doctorow points out in this article for the EFF.

For example, it could unbalance the content landscape by paving the way for license agreements between large publishers, he warns. They could freely allow each other to aggregate or link to each other’s content while blocking smaller players. It could also blow up non-profit sites like Wikipedia, they worry, or enable information publishers to censor those who criticize their work.

Read more at https://nakedsecurity.sophos.com/2019/04/01/meps-just-voted-through-controversial-copyright-clauses-by-mistake/

As drones fill the skies, cybercriminals won’t be far behind

By John E Dunn

The world is still waiting to receive packages from the air (although UPS claims it’s started deliveries this week), which might be just as well because experts are having second thoughts.

Among those investigating the implications of a world filled with “very small and fast flying objects” are the Israeli-Japanese researchers behind a new study, Security and Privacy in the Age of Drones.

In hindsight, it’s amazing people didn’t see the problems coming as these devices got smaller, cheaper and able to operate many kilometers from the person controlling them.

The potential for terror-by-joystick malevolence and mischief is obvious, as London’s Gatwick Airport found out to its cost in December 2018 when it was forced to close its main runway.

But subtler problems might be worth looking at, the researchers argue, such as aerial spying and surveillance, of which there have already been several high-profile examples:

Exploiting these facts, drones have increasingly become a threat to individuals’ privacy as evidenced by their use to detect a cheating spouse, film random people, and celebrities, and take intimate pictures of neighbors.

People tend to ignore the potential for intrusion when it’s celebrities who are being pestered, forgetting that micro-drones are now small and inexpensive enough that anyone could be victimized on a whim.

Read more at https://nakedsecurity.sophos.com/2019/03/29/as-drones-fill-the-skies-cybercriminals-wont-be-far-behind/

Grindr up for sale amid US fears for Chinese-owned data

By Lisa Vaas

A Chinese gaming company is reportedly looking to offload the gay dating site Grindr due to US government concerns over its ownership, according to Reuters.

Sources familiar with the matter told the news service that Beijing Kunlun Tech Co Ltd., which picked up Grindr in 2016, is looking to sell it after a US national security panel raised concerns about its Chinese ownership.

Two sources told Reuters that the Committee on Foreign Investment in the United States (CFIUS) informed Kunlun that its ownership of Grindr, which is based in California, constitutes a national security risk.

Protecting users’ data

Reuters didn’t manage to glean CFIUS’s specific concerns or whether any attempts were made to mitigate them.

What we do know is that questions about the safety of Grindr users’ data in the hands of a Chinese company bubbled up in August 2018. That was when Kunlun announced it was planning an initial public offering for this, the world’s largest gay social networking app.

The IPO gave rise to questions such as whether Grindr users’ data would be transferred to China, and whether Chinese authorities would get their hands on it.

Grindr’s privacy policy notes that user data may be shared with a parent company. If a new owner comes on board, that owner gets the personal data:

We may share your Personal Data with our parent company, any subsidiaries, joint ventures, or other companies under common control. If another company acquires our company, business, or our assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

And an article in The Conversation explains that personal user data may be transferred to China:

Coupled with the Chinese trend towards data localisation requirements, which dictate that data should be processed within China itself, this provision means it may be possible for Grindr users’ personal data to be transferred to China.

Read more at https://nakedsecurity.sophos.com/2019/03/29/grindr-up-for-sale-amid-us-fears-for-chinese-owned-data/

FTC slams the phone down on quartet of robocallers

By Lisa Vaas

Some of us may think that an appropriate penalty for robocallers is to stuff them with burner phones and roast them up for Sunday dinner, in which case some of us are going to be underwhelmed with the news that the FCC has basically slapped some hands and tsk-tsk-ed them into promising to never, ever do it again.

On Tuesday, the Federal Trade Commission (FTC) announced that it’s shut down four operations responsible for billions of unwanted calls, some of which had tossed some particularly loathsome fraud into the mix.

One of the shyster scams was Veterans of America, aka Vehicles for Veterans LLC, aka Saving Our Soldiers, aka Donate Your Car, aka Donate That Car LLC, aka Act of Valor, aka Medal of Honor.

Red, white and blue-painted bilge

That’s a lot of names for a load of flag-waving fraud. The operator of the fake charity, Travis Deloy Peterson, allegedly sent millions of robocalls to donors and collected money and property – automobiles, watercraft, real estate, and timeshares – illegally, claiming the donations were going to veterans’ charities (they weren’t) and that they were tax-deductible (nope).

Read more at https://nakedsecurity.sophos.com/2019/03/29/ftc-slams-the-phone-down-on-quartet-of-robocallers/


Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation