Roundup Here's your easy-to-digest round up of information security news beyond everything we've already covered this week.
DNC hacker outed as Russian 007
Guccifer 2.0, the hacker busy stealing and leaking emails from US Democratic Party servers amid the 2016 presidential elections, turned out, surprise, surprise, to be a Russian intelligence officer, according to a well-sourced report.
Said шпион forgot to turn on their VPN to disguise their public IP address and location, when visiting either Twitter or WordPress, we're told, thus revealing to American investigators their true identity – a member of GRU, Russia's military intelligence arm.
Guccifer 2.0 claimed he was a Romanian, but showed a troubling lack of knowledge of his professed language. Now it turns out Uncle Sam's g-men know who is behind Guccifer 2.0 right down to the street of their Moscow government office, according to sources speaking to the Daily Beast.
This is going to make claims that the Russians were mischief-making in America's elections much more difficult to dodge. Sadly, for some reason or other, President Trump seems unwilling or unable to accept this.
While we're on the topic of all things Russian, Kaspersky Labs has apparently angered some in the Western intelligence community with its report detailing the appearance of the Slingshot software nasty in the Middle East and Africa.
Slingshot was a very advanced piece of malware that infected routers initially, and then the computers of the administrators who configured them. Kaspersky thought that the level of sophistication shown – the software was in its sixth version – and its persistence indicated that it was the work of a state-sponsored hacking team.
Turns out they were right, it seems. Apparently Slingshot was developed here in the US and used to track Daesh-bags and other medieval terror bastards. Now Uncle Sam's snoops are furious about the Russian security outfit spilling the beans about their work.
The outing also sparked a debate among security professionals about whether Kaspersky should even have published its research into what turned out to be American government spyware, designed to snare barbaric terrorists. The overwhelming view was that the biz had every right to do so, but the kerfuffle probably means the company shouldn’t expect any lifting of the US government embargo of its products.
Dark web gets darker
Reddit decided this week to shut down its message boards devoted to discussing dark web marketplace.
The move was largely symbolic, since there are plenty of other forums for discussing dodgy Tor-hidden souks online, and may actually be counterproductive. After all, such forums provide police with a host of useful information when it comes to crime fighting.
Last month Dutch police gave a presentation about its successful takedown of the Hansa marketplace. Gert Ras, head of the Netherlands National High Tech Crime Unit, recounted with great glee how they hung out on Reddit watching online drug buyers whining about being inconvenienced and detailing their plans to move their trade onto Hansa after Alphabay was shuttered.
Cut me some Slack
Revealing a little too much could also be a problem for Slack users. This week IRC-for-the-2010s Slack changed its terms and conditions so that people and organizations that pay for its premium services can examine all and any private chats in their workspaces without alerting users.
The takeaway from all this is to be careful how you use Slack. Conversing with the boss is all well and good but if you're also using it to try and set up a union or to have an affair with someone you work with it might be a good idea to use a more secure service like Signal.
Theft and hacking
Secure and private communications are where it's at these days, and Google-stablemate Jigsaw has produced a tool called Outline that tries to make VPNs easy to set up for the experienced nerd or mildly tech savvy hack.
It's a good idea – a simple-to-setup system that allows small businesses, journalists, geeks, and other individuals to run their own VPN to encrypt and secure their internet traffic. Such a good idea, in fact, that someone else has already had it: Dan Guido of security shop Trail of Bits has accusing Jigsaw of ripping off ToB's Algo:
Google sure is good at plagiarizing my work. I released @AlgoVPN, an open-source, self-hosted VPN solution, in 2016. I find it hard to believe @Jigsaw was unaware since I’ve met their engineers more than once.https://t.co/juEq5GtKIF— Dan Guido (@dguido) March 20, 2018
Since I released @AlgoVPN, it’s attracted ~7500 Github stars, 700 external contributions from 80 contributors, and endorsements from @motherboard, @kennwhite, @TheRegister, @thegrugq, @TechCrunch, @lifehacker, and more.— Dan Guido (@dguido) March 20, 2018
"So, I guess watch what you say to Google? Like the CII, Jigsaw is intended to buy good PR for @Google, pursue Eric Schmidt’s megalomaniacal regime change ambitions, and distract bored Google engineers from dreary ad sales work. They have no reason to collaborate with you," Guido said. He added that he met Jigsaw engineers on a number of occasions. If he's right then they were obviously impressed, maybe too much in fact.
For what it's worth, our view on VPNs is to not trust third-party VPN providers, especially free ones. Set up one yourself on a machine you control, if you can, or use Algo or Outline to configure one for you, again on your own box that you can trust and secure.
An Australian man is going to be spending the next year in jail after being found guilty of hacking local police radios.
Vaughan William George, 42, pled guilty to illegally operating a radio communications transmitter, operating a transmitter to interfere with police telecommunications, and drug and car theft offences in the Australian state of Victoria.
Apparently police knew he was operating an illegal radio operation, but overlooked it as he wasn't doing anyone any harm. But then George overrode a police radio broadcast, and told them to stop the pursuit of some thieves. This riled up the plod enough to take action.
DDoS so cheap
In other pwnage news, it appears that it has never been cheaper to launch a distributed denial-of-service (DDoS) attack. A report by security outfit Armor found marketplaces offering to DDoS a target for just $10 an hour, or $500 for the week.
Other offers included $100 WordPress exploits, hacking tutorials for $50, or selling ATM skimmers for $1,500 a pop. It seems it has never been cheaper to become an online scumbag. ®