15.3 C
New York
Saturday, May 18, 2024

The SolarWinds Investigation Ramps Up

It was an unprecedented and historic week in the United States as a mob of president Donald Trump's supporters rioted on Capitol Hill in Washington, DC and stormed the Capitol building, forcing Congress to evacuate and temporarily halting its symbolic certification of Joe Biden's election as president. Digital archivists and others scrambled to preserve photos and footage from the insurrection as social networks deployed ad hoc content moderation policies. Meanwhile, national security experts are wary about the risks the incident poses to information security—and national security—at the Capitol.

In other news, the transparency activists DDoSecrets, a sort of successor group to WikiLeaks, publish a trove of corporate information—a move that was particularly controversial given that the data was originally stolen by ransomware attackers. And speaking of Wikileaks, on Monday the United Kingdom denied the United States Justice Department's request to extradite Julian Assange, citing Assange's mental state and risk of suicide rather than any evaluation of whether the WikiLeaks founder violated the Espionage Act.

WhatsApp users got a notification this week that a change in the app's privacy policy meant they could no longer opt out of sharing data with Facebook—which was confusing, since WhatsApp has shared that data since 2016, and only gave an opt-out option for a fleeting 30-day window that year. And Ticketmaster got caught breaking into a rival company's systems, agreeing to pay a $10 million fine to settle the case with federal prosecutors.

And there's more. Below we've rounded up the most important SolarWinds stories so far from around the internet. Click on the headlines to read them, and stay safe out there.

FBI Is Investigating Whether JetBrains Played a Role in SolarWinds Hack—Which JetBrains Denies

Since it was revealed that SolarWinds' Orion IT management tool was exploited in a software supply chain attack, the cybersecurity industry has anxiously dreaded news that the same Russian hackers also piggybacked on other popular software. This week FBI sources told Reuters that Czech Republic-based software firm JetBrains has been scrutinized as another possible victim—and potential vector for corrupted code. JetBrains' project management tool TeamCity is used by tens of thousands of customers, including SolarWinds, raising the possibility that it may have served as the initial point of infection inside SolarWinds' network. The fact that JetBrains was founded by three Russian engineers has cast further suspicion on the company. But JetBrains' St. Petersburg-based CEO said this week that he hasn't been contacted by the FBI or any other agency. Nor, he says, has JetBrains seen any evidence that it was itself breached by hackers, not to mention used to further breach SolarWinds' systems.

Former CISA Head Chris Krebs Joins SolarWinds to Help It Recover From Massive Russian Hack

Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, became a cause célèbre in November when president Trump fired him for stating—correctly—that the claims of widespread election hacking and fraud advanced by the president and his supporters were false. Now, after a federal career that many credited with helping to secure the 2020 presidential election from foreign interference, Krebs is venturing into the other massive cybersecurity story of the last year: the Russian hacker intrusion into SolarWinds, a Texas-based company whose software was hijacked and used to penetrate the networks of at least half a dozen federal agencies. SolarWinds has hired Krebs to help it remediate and recover from the breach that put it at the epicenter of that far-reaching hacking scandal. He'll be joined by former Facebook and Yahoo chief security officer Alex Stamos, who similarly signed on with video conferencing firm Zoom last spring to help it recover from its security woes. Krebs and Stamos will both work with SolarWinds via a consulting firm they've cofounded, the Krebs Stamos Group. Given that SolarWinds' stock has lost more than a third of its value, or about $2.5 billion dollars, since the news of its breach broke, whatever fees the company is paying that consultancy—likely very large ones—are no doubt a rounding error for its total breach costs.

Singapore Says Law Enforcement Can Request Covid-19 Tracing App Data

Desmond Tan, Singapore’s minister of state for its Ministry of Home Affairs, told parliament on Monday that Singaporean police can use data from the country's Covid-19 contact tracing platform in investigations. Originally, the service was marketed as gathering the least amount of information possible and as a single-purpose tool for contact tracing only. But on Monday the platform was updated to reflect the potential for law enforcement access. Over four million of Singapore's 6 million citizens reportedly use the app.

Digital rights and privacy advocates view contact tracing apps as a dangerous area—they can be designed securely and to preserve privacy, but they can create real exposure for users if they aren't built carefully. "Singapore Police Force is empowered under the Criminal Procedure Code to obtain any data and that includes the Trace Together data, for criminal investigations," Tan said on Monday. "The government is the custodian of the TT data submitted by the individuals and stringent measures are put in place to safeguard this personal data."

Nissan Investigates Source Code Leak

Japanese carmaker Nissan identified a leak in its North America division of source code for the company's mobile apps, marketing tools and other products. The company discovered a misconfigured server that was exposing the data. Independent software engineer Tillie Kottmann said that the username and password protecting the server was “admin/admin.” Kottmann did not discover the exposure, but received a tip about it. “Nissan conducted an immediate investigation regarding improper access to proprietary company source code," a Nissan spokesperson said. "The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.”

Related Articles

Latest Articles