Archiv für den Monat Dezember 2020

More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government

WASHINGTON — Federal officials issued an urgent warning on Thursday that hackers who American intelligence agencies believed were working for the Kremlin used a far wider variety of tools than previously known to penetrate government systems, and said that the cyberoffensive was “a grave risk to the federal government.”The discovery suggests that the scope of the hacking, which appears to extend beyond nuclear laboratories and Pentagon, Treasury and Commerce Department systems, complicates the challenge for federal investigators as they try to assess the damage and understand what had been stolen.Minutes after the statement from the cybersecurity arm of the Department of Homeland Security, President-elect Joseph R. Biden Jr. warned that his administration would impose “substantial costs” on those responsible.“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”

President Trump has yet to say anything about the attack.Echoing the government’s warning, Microsoft said Thursday that it had identified 40 companies, government agencies and think tanks that the suspected Russian hackers, at a minimum, had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms, like FireEye, that are charged with securing vast sections of the public and private sector.

  • Thanks for reading The Times.
Subscribe to The Times
 

“It’s still early days, but we have already identified 40 victims — more than anyone else has stated so far — and believe that number should rise substantially,” Brad Smith, Microsoft’s president, said in an interview on Thursday. “There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry.”The Energy Department and its National Nuclear Security Administration, which maintains the American nuclear stockpile, were compromised as part of the larger attack, but its investigation found the hack did not affect “mission-essential national security functions,” Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement.“At this point, the investigation has found that the malware has been isolated to business networks only,” Ms. Hynes said. The hack of the nuclear agency was reported earlier by Politico.Officials have yet to publicly name the attacker responsible, but intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. A Microsoft “heat map” of infections shows that the vast majority — 80 percent — are in the United States, while Russia shows no infections at all.

The government warning, issued by the Cybersecurity and Infrastructure Security Agency, did not detail the new ways that the hackers got into the government systems. But it confirmed suspicions expressed this week by FireEye, a cybersecurity firm, that there were almost certainly other routes that the attackers had found to get into networks on which the day-to-day business of the United States depend.

Dealbook: An examination of the major business and policy headlines and the power brokers who shape them.

FireEye was the first to inform the government that the suspected Russian hackers had, since at least March, infected the periodic software updates issued by a company called SolarWinds, which makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks. But the extent and depth of the hacking raise concerns that hackers could ultimately use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.The alert was a clear sign of a new realization of urgency by the government. After playing down the episode — in addition to Mr. Trump’s silence, Secretary of State Mike Pompeo has deflected the hacking as one of the many daily attacks on the federal government, suggesting China was the biggest offender — the government’s new alert left no doubt the assessment had changed.“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the alert said.“It is likely that the adversary has additional initial access vectors and tactics, techniques and procedures,” which, it said, “have not yet been discovered.”Investigators say it could take months to unravel the extent to which American networks and the technology supply chain are compromised.

In an interview on Thursday, Mr. Smith, of Microsoft, said the supply-chain element made the attack perhaps the gravest cyberattack against the United States in years.“Governments have long spied on each other but there is a growing and critical recognition that there needs to be a clear set of rules that put certain techniques off limits,” Mr. Smith said. “One of the things that needs to be off limits is a broad supply chain attack that creates a vulnerability for the world that other forms of traditional espionage do not.”Reuters reported Thursday that Microsoft was itself compromised in the attack, a claim that Mr. Smith emphatically denied Thursday. “We have no indication of that,” he said.Officials say that with only one month left in its tenure, the Trump administration is planning to simply hand off what appears to be the biggest cybersecurity breach of federal networks in more than two decades.Mr. Biden’s statement said he had instructed his transition team to learn as much as possible about “what appears to be a massive cybersecurity breach affecting potentially thousands of victims.”“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Mr. Biden said, adding that he plans to impose “substantial costs on those responsible.”The Cybersecurity and Infrastructure Security Agency’s warning came days after Microsoft took emergency action along with FireEye to halt the communication between the SolarWinds network management software and a command-and-control center that the Russians were using to send instructions to their malware using a so-called kill switch.

That shut off further penetration. But it is of no help to organizations that have already been penetrated by an attacker who has been planting back doors in their systems since March. And the key line in the warning said that the SolarWinds “supply chain compromise is not the only initial infection vector” that was used to get into federal systems. That suggests other software, also used by the government, has been infected and used for access by foreign spies.Across federal agencies, the private sector and the utility companies that oversee the power grid, forensic investigators were still trying to unravel the extent of the compromise. But security teams say the relief some felt that they did not use the compromised systems turned to panic on Thursday, as they learned other third-party applications may have been compromised.Inside federal agencies and the private sector, investigators say they have been stymied by classifications and siloed approach to information sharing.“We have forgotten the lessons of 9/11,” Mr. Smith said. “It has not been a great week for information sharing and it turns companies like Microsoft into a sheep dog trying to get these federal agencies to come together into a single place and share what they know.”

Source: https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html?auth=login-email&login=email

Edward Snowden Hails Launch of Signal’s Encrypted Group Calls

Encrypted messaging app Signal has added group video calls, and the famed NSA whistleblower says it’s a long time coming.

  • Signal has added encrypted group video calls to its iOS and Android messaging app.
  • NSA whistleblower Edward Snowden, an avowed Signal user, tweeted about the news.
  • Up to five people can now take part in an end-to-end encrypted video call.

Famed National Security Agency (NSA) whistleblower Edward Snowden knows a thing or two about the need for safe, secure communication, given his flight from the United States in 2013 following extensive leaks of classified information and his ongoing asylum in Russia.

Unsurprisingly, he’s a big fan of encrypted messaging app Signal, and the app’s website quotes him (“I use Signal everyday”) above all other testimonials. Today, Signal rolled out the ability to hold group encrypted video calls, and Snowden has already weighed in on the new addition: “I have been waiting for this for a very long time,” he tweeted.

Luckily, you don’t have to be a notorious fugitive to use Signal’s group encrypted video call feature, which lets up to five people join in for a shared chat. Group calls are encrypted end-to-end, “like everything else on Signal,” notes a blog post, and you can opt between viewing a grid of the up to four other participants or have the app focus on whoever is speaking at any given time.The feature is available now on both iOS and Android, and only in “new style Signal groups.”

Older groups on the app will automatically be updated to the new format in the coming weeks. According to the post, Signal is working to expand the number of participants beyond five, but there’s no ETA on when that might happen.

The addition of group video calls comes amidst the ongoing COVID-19 pandemic, during which video chat services such as Zoom have become immensely popular. With many people working from home these days, schools doing remote e-learning, and gatherings of all sorts canceled, the ability to now hold those group video calls via Signal may provide some with additional peace of mind given the end-to-end encryption.“2020 has seen its fair number of challenges and changes,” reads the post. “We’ve all adapted to new ways of staying in touch, getting work done, celebrating birthdays and weddings, and even exercising. As more and more of our critical and personal moments move online, we want to continue to provide you with new ways to share and connect privately.”

Demand for Signal has also surged this year due to protests, such as those following the murder of George Floyd by Minneapolis police. Downloads of the app soared in the United States in late May, and in early June, the app added the ability to censor faces in shared photos to avoid potential police surveillance.

Source: https://decrypt.co/51563/edward-snowden-signal-encrypted-group-calls

A Brief History of Grunge: The Seattle Sound

Kurt Cobain of Nirvana in 1993
Kurt Cobain of Nirvana in 1993 | Photo By Stephen Sweet/REX/Shutterstock

The word grunge, which means grime or dirt, came to describe a music genre, fashion style and lifestyle exclusively attached to the Pacific Northwest and, specifically, Seattle. With the effects of this movement still relevant some 30 years later, it’s worth exploring how it all began – and how grunge entered the mainstream.

It all started with the Melvins. Formed in 1983 in Washington State, the band were part of a generation of musicians influenced by the likes of KISS, Black Sabbath, Led Zeppelin and AC/DC. Taking inspiration from the bands they loved, the Melvins were one of the first rock groups to mix elements of metal and punk in their sound.The city of Seattle at that time was just shedding its hippie image but still holding on to the hippie values of counterculture and nonconformity. In 1984, Seattle-based bands Green River and Soundgarden formed, followed by the Screaming Trees in 1985. The following year brought the founding of Sub Pop Records and saw Seattle-based record label C/Z Records’ first release, Deep Six. This compilation, credited as the first distribution of grunge, included the Melvins, Green River, Soundgarden, Malfunkshun, Skin Yard and The U-Men. Metal band Alice in Chains joined this faction of Seattle bands when they formed in 1987.

Editorial use only. Consent for book publication must be agreed with Rex by Shutterstock before use. Mandatory Credit: Photo by Andre Csillag/REX/Shutterstock (499068go) THE SCREAMING TREES PERFORMING ON THE ‚LATER WITH JOOLS‘ SHOW, BBC TV, LONDON, BRITAIN – NOV 1996 VARIOUS | Photo by Andre Csillag/REX/Shutterstock
Mandatory Credit: Photo by Malluk/Mediapunch/REX/Shutterstock (8627708a) Alice in Chains with Layne Staley Special Fees May 1991 Chains_em8 | Photo by Malluk/Mediapunch/REX/Shutterstock

Between 1988 and 1990, the tight-knit group of Seattle bands went through many transformations. Green River split into two groups: the members who wanted to stay “underground” formed Mudhoney, while those who wanted to become famous rock stars formed Mother Love Bone (picking up the lead singer from Malfunkshun, Andrew Wood). Representing another shift in those values of nonconformity, Soundgarden signed in 1988 with a mainstream label, A&M Records, to the dismay of many of their fans.

Mandatory Credit: Photo by Mediapunch/REX/Shutterstock (8824657d) Soundgarden – Chris Cornell Soundgarden In Concert at Hollywood Live, Los Angeles, USA – 23 Sep 1989 | Photo by Mediapunch/REX/Shutterstock

At the start of the new decade, Mother Love Bone was set to become the rock stars they intended to be when Wood unexpectedly died of a heroin overdose. Wood’s roommate, Chris Cornell of Soundgarden, wrote a tribute to his late friend. A few songs played with the surviving Mother Love Bone members turned into an entire album, Temple of the Dog. When Cornell decided that one of the songs would be better as a duet, he invited a backup vocalist, Eddie Vedder, to join him for the singing of ‘Hunger Strike.’ The same year, Vedder joined the remaining Mother Love Bone members in creating a new band, first named Mookie Blaylock and eventually renamed Pearl Jam.

In 1990, Nirvana consisted only of singer-guitarist Kurt Cobain and bassist Krist Novoselic, and were yet to find a full-time drummer. They were eventually introduced to Dave Grohl through their friends the Melvins, becoming another staple grunge band of the ’90s made possible through collaboration.

Mandatory Credit: Photo by Stephen Sweet/REX/Shutterstock (261411g) Nirvana – Dave Grohl, Kurt Cobain and Chris Novoselic Nirvana – 1993 | Photo by Stephen Sweet/REX/Shutterstock

The bands became regulars at music venues across the city, performing at locations still open today such as The Crocodile and The Showbox. Before any of the bands really left Seattle, they described themselves in self-deprecating ways, referring to themselves and their music style as dirt, scum and – you guessed it – grunge. In 1991, when Nirvana reached number one on Billboard’s Alternative Songs chart, with Pearl Jam following closely behind, “grunge” turned from a joke into an actual descriptor of the rock music subgenre characterized by guitar distortion, feedback and heartfelt, anguished lyrics. That same year, Mudhoney and the Screaming Trees achieved indie success. Soundgarden didn’t catch up with the commercial success of Nirvana and Pearl Jam until 1994.

Mandatory Credit: Photo by Andre Csillag/REX/Shutterstock (497745ka) Pearl Jam – Eddie Vedder performing at Brixton Academy, London, Britain – Jul 1993 Various | Photo by Andre Csillag/REX/Shutterstock

As these bands developed a need for marketing, “grunge” changed from descriptor to ultimate promoter, especially in fashion. That industry, from Macy’s to Marc Jacobs, started creating items that mimicked the style of these bands and their Seattle audiences, namely flannel shirts, combat boots and wool ski hats, often worn with unwashed hair.

Mandatory Credit: Photo by Bei/REX/Shutterstock (5137575b) Eddie Vedder Singles Premiere 09/10/92 – Los Angeles, CA. Eddie Vedder (cast) of Pearl Jam wearing helmet Warner Bros.‘ premiere of ‚Singles‘ in Los Angeles, CA. Photo®Berliner Studio/BEImages.net September 10, 1992 | Photo by Bei/REX/Shutterstock

While the muses for these fashion statements may have started out too poor and cold to buy anything else, and didn’t care to look after or style their hair, the popularity of grunge inspired the style of the rich. The combat boots that were practical for traction in Seattle’s rain began hitting the catwalks. For the first time, instead of going from boutiques to last season’s department to Goodwill, clothes purchased from Goodwill were inspiring what got brought into the shops. Punks were anti-fashion: their outfits made a statement against it. Grunge rockers were fashion-indifferent: they made no statement at all. And yet grunge became a fashion statement in and of itself.

Mandatory Credit: Photo by Photofusion/REX/Shutterstock (2253864a) Teenage boys wearing grunge gear, UK Youth | Photofusion/REX/Shutterstock

As the concept of grunge was increasingly used in the mainstream, it became increasingly rejected in anti-conformist Seattle. Grunge became a blanket term for Northwest bands of the ’80s and ’90s, even if they had completely different styles and sounds.Today, though, the term has been reclaimed. Seattleites still hold the same values that began the grunge movement and have learned to embrace the subgenre that, in a lot of ways, put their city on the map.

Source: https://theculturetrip.com/north-america/usa/washington/articles/a-brief-history-of-grunge-the-seattle-sound/