Cybersecurity and Cyberwarfare

Secretary of State Rex Tillerson says US foreign policy is "resilient enough to accommodate unknowns," including President Donald Trump's tweets. In an interview with The New York Times Magazine, Sec Tillerson said the president's tweets often catch him off guard, but that he tries to incorporate the messages "into my strategies and my tactics." "In a dynamic situation, like we deal with here all the time — and you can go walk around the world, they’re all dynamic — things happen," he said. "You wake up the next morning, something’s happened. I wake up the next morning, the president’s got a tweet out there. So I think about, O.K., that’s a new condition. How do I want to use that?”

Google is creating an even more secure login process for users at high risk of online attacks. The new Advanced Protection feature focuses on defending against phishing, accidental sharing, and fraudulent access to accounts. The feature has been introduced for users such as journalists who need to protect their sources, or campaign staffers during an election.

The program will use Security Keys, which are small USB or wireless devices required to sign into accounts. Google says they’re the most secure version of two-step verification; they use public key cryptography and digital signatures to confirm a person’s identity. Security keys can be fiddly, so Google says they’re for users who don’t mind carrying them around, using the Chrome browser on desktop, and using Google apps, as the key won’t work with the iPhone’s mail, calendar, and contact apps.

Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database. The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to reporters. Microsoft declined to discuss the incident.

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.

A top federal government cybersecurity watchdog issued an advisory on Oct 16, warning users to update their devices to protect against a newly discovered vulnerability that affects nearly every modern, protected Wi-Fi network. The US Computer Emergency Readiness Team's announcement comes after a security expert at the University of Leuven in Belgium published findings that showed that a widely used encryption system for wireless networks could give attackers an opening to steal sensitive information such as e-mails, chat histories and credit card numbers.

The exploit would allow hackers to eavesdrop on Internet traffic between computers and wireless access points. The findings are significant because of the wide range of devices that could be affected. "The attack works against all modern protected Wi-Fi networks,” Mathy Vanhoef said on a website he created to share his research. “Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

The Homeland Security Department plans to issue a binding directive Oct 16 requiring agencies to implement a slew of new e-mail security protections. The directive will give agencies three months to implement a tool called DMARC that helps prevent hackers from spoofing an e-mail’s sender, Assistant Secretary Jeanette Manfra said during a Global Cyber Alliance event in New York. Agencies must also implement a separate e-mail protection tool called STARTTLS, Manfra said.

Facebook is looking to hire people who have national security clearances, a move the company thinks is necessary to prevent foreign powers from manipulating future elections through its social network, apparently. Workers with such clearance can access information classified by the US government. Facebook plans to use these people -- and their ability to receive government information about potential threats -- to search more proactively for questionable social media campaigns ahead of elections, apparently. Job candidates like this are often former government and intelligence officials or contractors. The status can carry over to private-sector jobs, as long as the position still requires access to sensitive information. Previously granted clearances become inactive when intelligence workers leave government employment, but they can be reactivated on Facebook’s behalf, the person said.

The government's top watchdog has agreed to investigate the reported cyberattack that targeted the Federal Communications Commission earlier in 2017 while the agency was preparing to roll back net neutrality regulations. A spokesman for the Government Accountability Office (GAO) confirmed it has accepted a request from two Democratic lawmakers to probe the distributed denial of service (DDoS) attack that the FCC said disrupted its electronic comment filing system in May. The spokesman said that the probe, which was first reported by Politico, is “now in the queue, but the work won’t get underway for several months.” The investigation will also examine the FCC’s broader cybersecurity efforts.

On Oct 10, the Supreme Court sidestepped a growing controversy over who can give permission to access a computer, a debate that goes to the core of what constitutes hacking in this era of widespread use of the internet and social media. The justices turned away two cases over whether it is a violation of federal anti-hacking law for account holders to give a third party access to a computer system they do not own themselves. In doing so, they left in place a lower court ruling that went against a Cayman Islands company in a dispute with Facebook, and another against a California-based executive recruiter. The San Francisco-based 9th US Circuit Court of Appeals ruled in both cases that only computer system owners may grant authorization, and not account holders or employees with legitimate access credentials.

The Russian government used a popular antivirus software to secretly scan computers around the world for classified US government documents and top-secret information, modifying the program to turn it into an espionage tool, apparently.

The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as “top secret,” which may be written on classified government documents, as well as the classified code names of US government programs, apparently.

A division of the Library of Congress could play a key role in ensuring future US elections are protected against cyberattacks that alter vote tallies or other digital meddling, the authors of a major report on election hacking said. That division, the US Copyright Office, approved a slate of exemptions to a 1996 copyright law that give ethical hackers more leeway to search for digital vulnerabilities in products without facing legal threats from companies that don’t want their security gaps exposed. The exemption, which came out shortly after the 2016 election, included a specific provision freeing ethical hackers to poke and prod at voting machines. That provision paved the way for a “voting machine hacking village” at the 2017 DEF CON security conference in Las Vegas in July that turned up cyber vulnerabilities in numerous voting systems. If the exemption is allowed to expire in 2018, however, it could leave future elections more vulnerable to nation-state and criminal hackers.