Weekly Axis Of Easy #105
Kazakhstan begins intercept of TLS (SSL) traffic for all citizens
Slack hack in 2015 was worse than originally disclosed
US Bill to block big tech from finance surfaces
Equifax to pay $700M in data breach settlement
Sea Turtle hackers breach registrar to hack .GR TLD
Hackers breach Russian intelligence contractor
NSO group’s Pegasus spyware scrapes all your data
WeChat can censor private conversations in realtime
All ISPs in the former Soviet republic of Kazakhstan have been ordered to block access to the internet for all users and only reenable access for each citizen after they install a new root TLS certificate on their device that enables the ISP to monitor and censor all https, TLS and SSL encrypted traffic. All citizens are thus compelled to install a root certificate called “trusted certificate” or “national security certificate”.
As the article sums up: “the government is essentially launching a “man in the middle” attack on every resident of the country.
The reason we don’t use Slack here is because it’s centralized, and when the inevitable hack happens, all affected companies run the risk of having their internal communications spewed all over the internet in a mother-of-all data dumps. Well, it turns out that Slack was hacked, credentials and all, back in 2015 and the extent of the breach was much worse than originally understood. Today Slack issued an update on that breach, saying it only affects 1% of their users, but the reality remains, it happened, and it wasn’t widely understood how bad until much later.
Also, this blog post by Keybase CEO Max Krohn detailing how he and his company were impacted by this is quite illustrative:
A bill reputed to emanate from within the Financial Services Committee has surfaced which is aimed at keeping “Big Tech” out of finance. This is specifically aimed at Facebook’s Libra and to dissuade any other unicorns from getting any similar ideas. The bill would purportedly fine Facebook $1 million dollars per day for violating the law (if passed). This is perfectly understandable because, as I frequently quote “The Lost Science of Money” author, Steven Zarlenga, over on Guerrilla Capitalism “Whoever controls the money system, controls society” and they know it.
I’m sorry I haven’t had a chance to finish a more in-depth article about Libra and what I think it means over on GC. It’s done in rough but I still have to finish writing it up, hopefully this week. Add yourself to the list if you want to see it as soon as it comes out.
Equifax is on the verge of reaching a settlement with the US Federal Trade Commission which will reportedly have them paying $700 million dollars in fines for that 2017 data breach that spilled pretty well all of our personal credit details all over the dark web. That’s an amount equal to almost 5% of it’s total market cap (roughly 16.5B)
A group of hackers who have been targeting top level domains and middle-east based political organizations by attacking their DNS providers and registrars have continued operating and briefly took over the .GR top level domain in April. Dubbed “Sea Turtle”, a report by Talos Security, which has been tracking the group came out last week outlining the tactics being used. These are mainly man-in-the-middle type attacks, where the name servers for a target are switched to hacker controlled nameservers, only briefly, typically under 24 hours.
The unauthorized nameservers publish bogus mail server info for the target domains enabling them to sniff the SMTP traffic and harvest credentials before redirecting the traffic to the legitimate server. Pretty slick. They have even struck targets with DNSSEC enabled in the past by penetrating their registrar and disabling DNSSEC before making their modifications.
The only defence we can think of against this sort of attack, aside from the usual: strong passwords, 2FA, event notifications enabled, etc; is to have an added layer of domain / DNS monitoring enabled that constantly watches your nameservers and DNS and sends you alerts if anything changes. Sort of (exactly) what our new security tool https://domainsure.com does, which is launching this fall.
It’s being called “the largest data breach in history”. Hackers have reportedly breached the defences of a contractor to the Russian FSB intelligence agency and exfiltrated 7.5 terabytes of data that include details of information on how to decrypt TOR network data, how to scrape personal info from social media and details of Russia’s plans to for decoupling from the global internet (which we reported on previously).
Recall that some of the nasty malware we see in the world today is as a result of previous intelligence agency hacks against the likes of the NSA, this isn’t exactly unheard of.
We’ve mentioned Israeli spyware company NSO here before, they were the outfit behind the WhatsApp hack that was presumably used to compromise Wapo reporter Khashoggi prior to his murder. Financial Times has broken a story that the Pegasus spyware not only opens your communications to whoever is targeting you, it also grabs your login credentials for external platforms like Facebook, Google, Twitter, et al, and logs in and scrapes all your data, including private data (which is an oxymoron) from said platforms.
WeChat is the most popular messaging app in China. It goes beyond a messaging app, with 1.1 billion users worldwide, it’s used for payments, as a wallet, a mobile ticket, and more. Being based in China, it’s also tightly integrated with that government’s surveillance infrastructure. A new report out of Toronto’s CitizenLab details “how WeChat’s real-time, automatic censorship of text and images is used to exert control over political discussion” so that in China “All discussion is ultimately subject to the Chinese government’s approval.”
(If that doesn’t give you the willies, I don’t know what it would take).