As 2020 comes to a close, it is perhaps only fitting that the US government and private sector are both scrambling to grasp and mitigate the fallout of a massive hacking spree widely attributed to Russia. There will be more news to come about the SolarWinds supply chain attack and possible other elements of the extensive campaign, but in the meantime officials, security practitioners, and researchers are all puzzling over questions of where to draw the line on global espionage and how to deter destructive and otherwise unacceptable hacking.
To understand where things stand today, it's important to take a look back at the Trump administration's approach to cybersecurity policy, its merits (some of them accidental), and its shortcomings. Read on below for president-elect Joe Biden's first substantive commentary on how his administration may approach the increasingly crucial, yet tricky, question of how to enforce effective global norms in cyberspace.
And there's more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there!
On Tuesday, Europol, the US Department of Justice, and other international law enforcement agencies announced a coordinated sting against a virtual private network, Safe-Inet, which is popular with ransomware groups, spearphishers, and stolen data vendors. The effort involved seizing three domains used to distribute the VPN—safe-inet.com, safe-inet.net and insorg.org—and neutering other parts of its infrastructure, so users can't access the service and visitors to the sites simply see law enforcement notifications of their removal. Officials did not provide details about which hacking groups used the VPN, but they said it specialized in “bulletproof” protection, meaning the VPN was tailored to supporting uninterrupted criminal campaigns and ignoring or attempting to diffuse abuse complaints and even law enforcement requests. “Criminals can run, but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them,” Edvardas Šileris, head of Europol’s European Cybercrime Centre, said in a statement.
New research from Citizen Lab at University of Toronto's Munk School of Global Affairs and Public Policy indicates that suspected government hackers out of Saudi Arabia and the United Arab Emirates compromised the personal smartphones of 36 Al Jazeera journalists and one from Al Araby TV. The targeted campaign used an interaction-less or “zero-click” iPhone exploit for the initial attack, a hacking technique that is particularly dangerous because it requires no input from the target and is therefore difficult to defend against. The hackers then used a notorious piece of NSO Group spyware, known as Pegasus, to deeply compromise and surveil the victims' data and digital activity. The exploit chain, dubbed Kismet, affected iOS 13.5.1 and the iPhone 11, which was current at the time of the attacks, along with other iOS versions and iPhones. It is not believed to impact iOS 14.
The Department of Homeland Security and the Federal Bureau of Investigation have connected a website titled “Enemies of the People” to Iranian actors. The site included information like supposed addresses of state and federal election officials, including FBI director Christopher Wray, and voting equipment makers. The purpose was to promote accusations that the individuals caused President Donald Trump's loss in the recent US presidential election. The website is no longer accessible, but it formerly included photos of the featured targets superimposed with bull’s eyes. Though Russian actors have been back in the news lately, Iranian hackers have been active throughout 2020 and had a particular focus on the US presidential campaign season.
President-elect Joe Biden gave the first hints about how his administration might approach cybersecurity issues and digital espionage on Tuesday. During an address in Wilmington, Delaware, Biden criticized the Trump administration for hanging back on making a public attribution about the perpetrators in the SolarWinds supply chain attack. He also said that the Department of Defense has limited the briefings the Biden transition team receives about the situation, “so I know of nothing that suggests it’s under control.” Biden added, "Cyberattacks must be treated as a serious threat by our leadership at the highest level. That means making clear … who’s responsible for the attack and taking meaningful steps to hold them to account." The incoming president also said that his administration will work to establish “international rules of the road on cybersecurity."