Weekly Axis Of Easy #30
In this issue:
- Today is “The Purge” day on Twitter.
- Industrial hack illustrates infrastructure vulnerabilities
- California voter database hacked
- Mirai botnet creators headed for prison
- FCC repeals “Open Internet” legislation
- “This time is Different” What Bitcoin really is…
In a recent ToS update Twitter states it will begin to terminate accounts of users who are affiliated with hate groups or violence even when off Twitter: “You also may not affiliate with organizations that — whether by their own statements or activity both on and off the platform — use or promote violence against civilians to further their causes”.
The date given to commence this process is December 18th, 2017, which is today. Will be interesting to see how this shakes out.
Research firm Mandiant released a report outlining the vulnerabilities of industrial control systems to cyber-attack. They examined in depth a recent incident where hackers took control of an industrial Safety Instrumented System (SIS) which monitors various sensors around a plant, and can cause it to report “all normal” when in fact equipment is functioning outside of safe parameters. In this case it is suspected that the hackers were attempting to cause damage to the plant but overstepped, sending everything into shutdown mode and triggering an investigation which discovered the malware. A state sponsored attack is suspected.
A well-known vulnerability in MongoDB left voter details of 19 million California voters exposed online, and the database was later held for ransom. The breached data as also discovered online by a security researcher, however he was unable to determine the data’s rightful owner in order to notify the relevant agency.
The Mirai botnet was the one that was used last year to cause one of most widespread DNS outages ever when DNS provider Dynect was knocked completely offline by the IoT-based botnet. It turns out that it was created by the owners of a DDoS mitigation company who were trying to drum up business.
The FCC has repealed the Obama-era “Open Internet” legislation, a.k.a “net neutrality” in a 3-2 vote split across party lines. This is a widely unpopular decision, our take on it was a minority one and also unpopular (I was worried about certain provisions within the old legislation provided a way to justify wholesale censorship and that if it went away it wouldn’t necessarily be a bad thing). The issue is a highly charged one making it difficult to engage in civil discourse about it. If time proves us wrong, we’ll own up to it.
In the meantime, Ajit Prai released a ridiculous self-deprecating Youtube video about it, but Google took it down for several hours because of a nebulous copyright complaint. The Verge article below does a good job unpacking the legal intricacies of the takedown…
Toronto-based Citizen Lab has teamed up with Canadian Internet Policy & Public Interest Clinic (a.k.a CIPPIC) has published an analysis of the Communications Security Establishment Act and C-59, the upcoming anti-terrorism/surveillance bill.
The CSE is Canada’s version of the NSA, the folks who vacuum up our private data.
The report addresses numerous failings and shortcomings including lack of oversight, ambiguous and conflicting mandates and practices which would run afoul of the Canadian Charter of Rights & Freedoms.
Read their release here: https://citizenlab.ca/2017/12/citizen-lab-and-cippic-release-analysis-of-the-communications-security-establishment-act/
Download the report: https://citizenlab.ca/wp-content/uploads/2017/12/C-59-Analysis-1.0.pdf]
We’ve added Authy and Google authenticator to our 2FA options. They’ve been live on the site for a few weeks. If you haven’t already enabled 2FA on your account, why not rest easy over the holidays knowing your account is protected? Go to your security settings in your member area (logging in required).
Go to: https://cp.easydns.com/manage/security/
I recently launched the Guerrilla Capitalism website with a 2-part series about Bitcoin which has received a lot of interest so far, with both instalments being widely read and circulated across the internet, including Hackernoon and FEE.org
Once again, thank you for being an easyDNS member and I wish you and yours a wonderful Christmas season and let’s all gear up for a fantastic 2018!