WebProNews

Tag: FBI

  • FBI & DOJ Investigating ByteDance & TikTok’s Surveillance of Journalists

    FBI & DOJ Investigating ByteDance & TikTok’s Surveillance of Journalists

    As if TikTok’s problems couldn’t get any worse, the FBI and DOJ are investigating its parent company for surveilling Forbes journalists.

    TikTok is owned by China-based ByteDance. The company is under pressure around the globe as one jurisdiction after another bans TikTok from government devices over privacy concerns.

    One of the most egregious privacy and security violations involved ByteDance’s admission that it used TikTok to surveil Forbes journalists, tracking their locations. The admission has sparked an investigation by the FBI and DOJ, according to Forbes:

    According to a source in position to know, the DOJ Criminal Division, Fraud Section, working alongside the Office of the U.S. Attorney for the Eastern District of Virginia, has subpoenaed information from ByteDance regarding efforts by its employees to access U.S. journalists’ location information or other private user data using the TikTok app. According to two sources, the FBI has been conducting interviews related to the surveillance. ByteDance’s use of the app to surveil U.S. citizens was first reported by Forbes in October, and confirmed by an internal company investigation in December.

    At the time of the admission, ByteDance executives expressed their disapproval, with the executive responsible for the actions, Chris Lepitak, being fired. His direct superior who reported to the CEO, Song Ye, also resigned.

    “I was deeply disappointed when I was notified of the situation… and I’m sure you feel the same,” CEO Rubo Liang wrote in an internal email shared with Forbes at the time. “The public trust that we have spent huge efforts building is going to be significantly undermined by the misconduct of a few individuals. … I believe this situation will serve as a lesson to us all.”

    “It is standard practice for companies to have an internal audit group authorized to investigate code of conduct violations,” TikTok General Counsel Erich Andersen wrote in a second email. “However, in this case individuals misused their authority to obtain access to TikTok user data.”

    ByteDance told Forbes it would cooperate with any official investigation:

    “We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance. Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us,” said ByteDance spokesperson Jennifer Banks. TikTok did not respond to a request for comment.

    The news comes at a time when TikTok is facing its most daunting challenges. In addition to being banned from government devices in the US, EU, UK, and Canada, the Biden administration has told ByteDance that TikTok will face a nationwide ban unless the company divests from TikTok.

  • FBI Purchased Americans’ Location Data

    FBI Purchased Americans’ Location Data

    The FBI has admitted to buying Americans’ location data from advertising companies, raising concerns across the spectrum.

    The Supreme Court ruled in 2018 that law enforcement agencies were required to obtain a warrant before tracking Americans’ locations using cell phone data. The case was a major blow to the FBI, and other agencies, many of whom had relied on warrantless location tracking.

    It appears the FBI has found a way around the Supreme Court ruling, purchasing location data from advertising companies, according to Wired. The revelation came in the course of a US Senate hearing.

    Senator Ron Wyden, a well-known privacy advocate, asked FBI Director Christopher Wray if the agency used commercial location data.

    “Does the FBI purchase US phone-geolocation information?” Wyden asked.

    “To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising,” Wray responded. “I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time.”

    Director Wray did say the FBI now relies on a “court-authorized process,” but did not go into detail regarding what that meant.

    Even so, many were quick to jump on Wray’s admission, pointing out the dangerous precedent it sets.

    “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” said Sean Vitka, a policy attorney at Demand Progress. He also said Congress should ban the practice.

  • FBI PSA: Use A Browser Ad Blocker

    FBI PSA: Use A Browser Ad Blocker

    The Federal Bureau of Investigation has issued a public service announcement, urging people to use ad blocking browser extensions.

    Ad blocking software and browser extensions are a popular way to improve the web browsing experiencing, speed up browsing, and protect privacy. Virtually every major browser supports ad blocking extensions, or have such measures built-in.

    In a PSA issued on December 21, 2022, the FBI endorses the use of ad blocking measures as a way to protect users against cyber criminals.

    Cyber criminals purchase advertisements that appear within internet search results using a domain that is similar to an actual business or service. When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result. These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.

    The FBI makes the case that ad blockers can help protect against this kind of scam.

    Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.

    It’s good to see the FBI come out in favor of ad blocking and hopefully more individuals will follow their advice.

  • Apple Adding End-to-End Encryption to iCloud, FBI Predictably Objects

    Apple Adding End-to-End Encryption to iCloud, FBI Predictably Objects

    Apple is finally adding a major feature to iCloud, upgrading its security to include end-to-end encryption (E2EE).

    iCloud has always included strong encryption, labeled “Data Protection,” but it did not offer E2EE, meaning Apple ultimately held the key to unlocking users’ data. Apple reportedly investigated the possibility of adding E2EE years ago, but abandoned plans in response to FBI objections.

    The company has now announced plans to roll out full E2EE for iCloud under its “Advanced Data Protection.”

    “Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”

    Advanced Data Protection is already available to Apple Beta Software Program members and will be available to all users in the US by year’s end. The feature will make its way to worldwide customers in early 2023.

    Not surprisingly, the FBI is renewing its objection, saying it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.”

    “This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the bureau said in an emailed statement to The Washington Post. “In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design.’”

    Despite the FBI’s concerns, many other organizations are praising Apple.

    “We applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data,” writes the Electronic Frontier Foundation. “Encryption is one of the most important tools we have for maintaining privacy and security online. That’s why we included the demand that Apple let users encrypt iCloud backups in the Fix It Already campaign that we launched in 2019.”

  • FBI: Beware of Counterfeit Battery Scams

    FBI: Beware of Counterfeit Battery Scams

    The FBI is warning consumers to be on guard against counterfeit battery scams stemming from supply chain issues.

    Batteries are an inescapable part of modern life, powering everything from phones to vehicles. Unfortunately, as the supply chain struggles to keep up with demand, scammers are taking advantage of consumers with battery “deals” that are too good to be true.

    The FBI warns there can be a variety of issues with counterfeit batteries:

    Scammers are leveraging the vulnerabilities in the global supply chain, as well as the public’s continuing need for new batteries to sell a wide variety of counterfeits or unauthorized replicas online. Do not fall victim to online fraudsters or unauthorized dealers or manufacturers. Counterfeit batteries do not go through the same standardized testing as original equipment manufacturer (OEM) batteries and can adversely impact the safety and health of the consumer.

    The FBI says buyers should follow these steps for the best results:

    • Only buy from reputable sources, such as authorized dealers and distributors.
    • Avoid third-party and aftermarket batteries whenever possible.
    • Avoid batteries that are not properly packaged, don’t have proper labeling, or are missing manufacturer batch numbers.

    If consumers think they’ve been scammed, they should report the transaction at STOPfakes.gov or IPRCenter.gov.

  • FBI: Huawei Equipment on Cell Towers Could Disrupt US Nuclear Capability

    FBI: Huawei Equipment on Cell Towers Could Disrupt US Nuclear Capability

    The FBI has accused Huawei of spying for China and installing equipment that could disrupt nuclear operations communications.

    The US and its allies have accused Huawei of spying for China for years and banned the company from participating in their wireless networks. While all Chinese companies are required to cooperate with Beijing, Huawei has long been seen as having a much closer relationship with the Chinese government than most.

    According to a CNN exclusive, the FBI discovered evidence that Huawei installed equipment in locations where it could monitor and disrupt Department of Defense (DOD) communications, including those of US Strategic Command, which is tasked with oversight of the US nuclear arsenal.

    Read more: Canada Is the Last ‘Five Eyes’ Country to Ban Huawei

    According to the report, the FBI has known of the issue at least as far back as the Obama administration and has been investigating the risks. Huawei has, per usual, denied it is or has the capacity to engage in the spying it’s being accused of. The FBI insists the company is capable of capturing commercial traffic, as well as the restricted airwaves used by the DOD.

    “This gets into some of the most sensitive things we do,” said one former FBI official with knowledge of the investigation. “It would impact our ability for essentially command and control with the nuclear triad. “That goes into the ‘BFD’ category.”      

    “If it is possible for that to be disrupted, then that is a very bad day,” the person added.

    Huawei has continuously maintained it is being framed by US intelligence agencies and is innocent of the accusations against it. With these bombshell revelations, however, the company is going to have a hard time maintaining that stance.

  • Worldwide Government Agencies Warn of MSP Cyberattacks

    Managed service providers (MSPs) are coming under increased cyberattack, according to multiple government agencies worldwide.

    A new advisory issued by CISA, NSA, FBI, and various international cyber authorities is warning MSPs and their customers are being increasingly targeted by bad actors. MSPs are prime targets, since they provide a single attack vector that can be used to compromise multiple organizations.

    Government agencies are advising these companies to take a number of actions in an effort to mitigate these threats, including:

    • Implementing mitigation resources to help prevent initial compromise.
    • Enable monitoring and at least six months of logging, as well as endpoint detection and network defense monitoring.
    • Use multifactor authentication and other measures to secure remote access applications.
    • Have incident response and recover plans in place.
    • Understand and manage the risks associated with software and services supply chains.

    “As this joint advisory makes clear, malicious cyber actors continue to target managed service providers, which can significantly increase downstream risk to the businesses and organizations they support – why it’s critical that MSPs and their customers take action to protect their networks,” said CISA Director Jen Easterly. “Securing MSPs are critical to our collective cyber defense, and CISA and our interagency and international partners are committed to hardening their security and improving the resilience of our global supply chain.”

    “We are committed to further strengthening the UK’s resilience, and our work with international partners is a vital part of that,” said NCSC CEO Lindy Cameron. “Our joint advisory with CISA is aimed at raising organisations’ awareness of the growing threat of supply chain attacks and the steps they can take to reduce their risk. I strongly encourage both managed service providers and their customers to follow this and our wider guidance – ultimately this will help protect not only them but organisations globally.” 

    Organizations are encouraged to review the entire advisory as soon as possible.

  • Lawmakers Want Answers About the FBI’s Use of Pegasus Spyware

    Lawmakers Want Answers About the FBI’s Use of Pegasus Spyware

    Lawmakers want information about Pegasus, the spyware developed by NSO Group, demanding answers from Apple and the FBI about the latter’s use of it.

    Pegasus is a spyware application NSO markets to law enforcement and government agencies. In mid-2021, however, news broke that NSO had sold Pegasus to authoritarian regimes that were using the software to spy on journalists, human rights activists, and diplomats. The news was particularly notable over the fact that the software was being used to target Apple’s iPhone, a platform otherwise known for having good security.

    The reaction was swift and severe, with AWS banning NSO, Apple suing the company, and Congress adding it to the Entity List, essentially blacklisting it. Among the revelations, however, was that the FBI was one of NSO’s customers.

    Lawmakers want answers regarding the FBI’s use of the software, according to CNBC, sending letters to both Apple and the FBI to ascertain the scope of the FBI’s involvement.

    “The Committee is examining the FBI’s acquisition, testing, and use of NSO’s spyware, and potential civil liberty implications of the use of Pegasus or Phantom against U.S. persons,” reads the letter to Apple.

    The FBI has long been critical of the security and encryption modern devices provide users, seeking to undermine that security at nearly every opportunity. Its efforts have included supporting efforts to legislate weaker encryption, wanting Apple and others to develop backdoors in their security, and investing in tools —like Pegasus —that can break encryption.

  • FBI Was One of NSO Group’s Customers

    FBI Was One of NSO Group’s Customers

    NSO Group has quickly become one of the most reviled security firms, even being banned by the US government. Despite that, it appears the FBI was one of its customers.

    News broke in mid-2021 that NSO Group’s Pegasus spyware was being used by authoritarian governments to spy on journalists, civil rights activists, and US diplomats. The US Commerce Department ultimately ended up blacklisting the company, preventing any US companies from doing business with it.

    Amid the controversy surrounding the NSO Group, it has now come out that the FBI was one of its customers, according to The Seattle Times, a revelation that is not sitting well with many groups.

    “Spending millions of dollars to line the pockets of a company that is widely known to serially facilitate widespread human rights abuses, possible criminal acts, and operations that threaten the U.S.’s own national security is definitely troubling,” Ron Deibert, director of Citizen Lab, told the Times. Citizen Lab is an internet watchdog with the University of Toronto, that has been exposing Pegasus hacks since 2016.

    The FBI has been tight-lipped about its relationship with NSO Group, but reports form The New York Times and The Guardian indicate it initially paid $5 million for a one-year license, before renewing it for $4 million. The Guardian’s sources say the FBI never actually used the software.

  • FBI: Don’t Take Personal Devices to Beijing Olympics

    FBI: Don’t Take Personal Devices to Beijing Olympics

    The FBI is warning athletes to leave their personal devices at home when they travel to Beijing for the Winter Olympics.

    The Dutch Olympic Committee warned its athletes in mid-December against bringing personal electronics to China. China has a long-standing history of espionage and surveillance, a major concern for visiting athletes and dignitaries.

    The FBI is now echoing the Dutch committee’s warning, telling athletes to leave their personal devices at home, in favor of burner devices.

    “The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games,” the FBI warns. “The National Olympic Committees in some Western countries are also advising their athletes to leave personal devices at home or use temporary phones due to cybersecurity concerns at the Games. The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments.”

  • Hive Ransomware Now Targets Linux and FreeBSD

    Hive Ransomware Now Targets Linux and FreeBSD

    Linux and FreeBSD are being targeted by the latest version of Hive ransomware.

    Hive ransomware was first observed in June 2021, with the FBI warning about it in late August. Initially the ransomware targeted Windows only, but the creators are looking to expand that.

    According to security firm ESET, the hackers behind Hive have been working on a Linux and FreeBSD version.

    For the time being, the Linux and FreeBSD versions are not very effective. The ransomware tries to run as root but, unless it has root privileges, it fails to trigger encryption.

    While it’s good news that the Linux and FreeBSD versions of Hive don’t effectively work yet, “yet” is the operative word. It’s likely only a matter of time until the bugs are worked out, opening the Linux and FreeBSD communities to attack.

  • Government Agencies Hack REvil Ransomware Group, Taking It Offline

    Government Agencies Hack REvil Ransomware Group, Taking It Offline

    A group of government agencies have gone on the offensive against the REvil ransomware gang.

    REvil is one of the most notorious and prolific ransomware gangs. The gang is responsible for the Kaseya attack, believed to be the largest ransomware attack in history. REvil was also behind the JBS Foodsattack, and its associates were responsible for the Colonial Pipeline attack. The group went dark shortly after the Kaseya hack, before reappearing some time later.

    According to Reuters, a group of US agencies, in cooperation with other countries, have hacked REvil, significantly disrupting its operations.

    “The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Tom Kellermann, VMWare head of cybersecurity strategy and adviser to the U.S. Secret Service. “REvil was top of the list.”

    One of REvil’s leaders, “0_neday,” confirmed the group had been attacked.

    “The server was compromised, and they were looking for me,” 0_neday wrote on a cybercrime forum. “Good luck, everyone; I’m off.”

    Reuters reports that 0_neday is notable as one of the individuals who helped the group resume operations after the Kesaya attack, and inadvertently led to its demise. Following the Kesaya attack, law enforcement was able to obtain a decryption key and gain access to some of the group’s servers. After REvil’s websites went offline, 0_neday evidently restored the websites from backups, unaware the backups were made after the group’s servers had been compromised. This once again opened the door for law enforcement to mount their offensive.

    It’s too soon to know if REvil has been dealt a fatal blow, but the disruption is certain to be a welcome respite.

  • Harvard University Hit With Ransomware Attack

    Harvard University Hit With Ransomware Attack

    Harvard University has revealed it has suffered a ransomware attack, the latest in a string of high-profile organizations that have fallen victim.

    The FBI has been warning that ransomware attacks are on the rise, and currently has more than 100 groups on its radar. JBS Foods, Colonial Pipeline and Kaseya are just a few of the organizations that have recently been attacked.

    Harvard University is the latest addition, announcing it suffered an attack on September 3.

    The situation is still being investigated, but we are writing to provide an interim update and to share as much information as we safely and possibly can at this point in time, considering that our emails are often shared within a public domain. 

    Based on the investigation and the information we have to date, we know the University has experienced a ransomware cyberattack. 

    The university is working to restore normal operations, but its WiFi network will remain down until it can safely be brought back online.

  • FBI: Cybercriminals ‘Targeting the Food and Agriculture Sector’

    FBI: Cybercriminals ‘Targeting the Food and Agriculture Sector’

    The FBI is warning that cybercriminals are targeting the US food and agriculture sector with ransomware attacks.

    US businesses and agencies have increasingly been under attack from cybercriminal groups, both state-sponsored and profit-driven. JBS FoodsT-Mobile, Colonial Pipeline, the University of Kentucky and Kaseya are just a few of the major companies and organizations that have recently been attacked.

    The worst may be yet to come, with the FBI warning that the food and agriculture sector is being specifically targeted.

    The Food and Agriculture sector is among the critical infrastructure sectors increasingly targeted by cyber attacks. As the sector moves to adopt more smart technologies and internet of things (IoT) processes the attack surface increases. Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes, according to a private industry report. 

    The FBI is asking for any information that may be of assistance.

    The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, Bitcoin wallet information, the decryptor file, and/or a benign sample of an encrypted file. 

    The FBI reiterates that it does not encourage companies to pay a ransom, but recognizes that all options are on the table when a company is crippled and unable to do business as a result of an attack. Regardless of whether an organization agrees to pay or not, the FBI encourages victims to contact it as soon as possible so it can render assistance.

    The FBI’s full notice is well worth a read, as it includes detailed mitigation efforts organizations should be taking.

  • FBI Has More Than 100 Ransomware Groups on its Radar

    FBI Has More Than 100 Ransomware Groups on its Radar

    The FBI is currently keeping tabs on more than 100 ransomware groups in the wake of multiple, high-profile attacks.

    Bryan Vorndran, assistant director of the FBI’s cyber division, was testifying before a Senate Judiciary Committee hearing when he divulged the statistic, according to NBC News. Ransomware gangs have already cost untold damage in recent times. Hackers targeted managed software provider Kaseya; shut down JBS, one of the world’s largest meat processors; and crippled fuel supplies on the US East Coast by attacking Colonial Pipeline.

    Some ransomware gangs have gone dark, most notably REvil, the gang behind the Kaseya attack. Similarly, the gang behind the Colonial Pipeline attack have disbanded their Ransomware as a Service (SaaS) operations.

    Assistant Director Vorndran’s revelation echoes what other experts have said, warning that organizations should not get complacent just because some gangs have shut down.

  • FBI Recovers Majority of Colonial Pipeline Ransom

    FBI Recovers Majority of Colonial Pipeline Ransom

    The US Justice Department has recovered some $2.3 million worth of Bitcoin paid as part of the Colonial Pipeline ransomware.

    Ransomware shut down Colonial Pipeline, impacting fuel availability and prices all along the East Cost. The CEO has defended his decision to pay nearly $5 million in Bitcoin, in an effort to get critical infrastructure operational as fast as possible.

    According to Reuters, the Justice Department has successfully recovered some $2.3 million of the ransom paid. The FBI was able to gain access to a private key that unlocked a digital wallet, providing access to the bitcoins.

    The operation is a rare success story in the world of ransomware, where prosecution or recovery of funds is an unusual occurrence.

    Joseph Blount, Colonial Chief Executive, said the company had been working closely with the FBI and was “grateful for their swift work and professionalism.”

    “Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” Blount said.

    His sentiments were echoed by John Hultquist, vice president of Mandiant cybersecurity firm, who told Reuters: “Right now, prosecution is a pipedream. Disrupt. Disrupt. Disrupt.”

  • FBI Warns of Increased Voice Phishing Attacks Over VoIP

    FBI Warns of Increased Voice Phishing Attacks Over VoIP

    The FBI is warning that cyber criminals are taking advantage of VoIP systems to target company employees in sophisticated voice phishing attacks.

    As the pandemic has forced unprecedented numbers of employees to work remotely, maintaining the same level of corporate security has become an issue. Cyber criminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then convincing employees to log into a fake VPNs in an effort to steal their credentials.

    The FBI issued an advisory to warn companies and help them mitigate the threat.

    As of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.

    In one instance, the cyber criminals found an employee via the company’s chatroom, and convinced the individual to log into the fake VPN page operated by the cyber criminals. The actors used these credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher privileges. The cyber criminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.

    The FBI recommends multiple mitigation steps, including enabling multi-factor authentication, starting new employees with minimal security privileges, actively scanning for unauthorized access or modifications, implementing network segmentation and giving administrators two accounts, one with admin privileges and the second for other duties.

  • FBI Investigating If JetBrains Was Compromised by SolarWinds Hackers

    FBI Investigating If JetBrains Was Compromised by SolarWinds Hackers

    The FBI is trying to determine if JetBrains was compromised as part of the SolarWinds attack.

    The SolarWinds attack was one of the largest, most damaging hacks against US government and corporate entities. Some experts have said it will take months, or even years, to understand the extent of the damage.

    What made the SolarWinds attack so successful was that it was a supply chain attack. Rather than trying a brute force attack, or tricking organizations into installing suspect software, hackers compromised SolarWinds’ Orion IT monitoring and management software. Since this legitimate software is in use by countless organizations, by compromising it and installing a trojan directly in it, hackers were able to hack organizations using Orion IT.

    The FBI is now concerned a second application may have been compromised in a similar nature, according to Reuters. JetBrains makes a project management application called TeamCity. Like Orion IT, TeamCity is used by companies around the world, making it extremely important to determine if it was compromised as well.

    “We are not aware of any investigation nor have we been contacted by any agencies,” a JetBrains spokesman said. “We are not aware of any vulnerabilities in the product or breaches that would allow for this, nor that any of our customers were affected.”

  • FBI Warns of Cyberattacks Against Online Learning

    FBI Warns of Cyberattacks Against Online Learning

    The FBI is warning that hackers are increasingly targeting online learning as students get back to class after the holidays.

    While the success of remote work and distance learning have exceeded many people’s expectations, it has also provided new opportunities for hackers and bad actors. Companies have had to take measures to ensure employees can connect remotely and schools have worked to protect their classes from Zoom-bombing and other hacks.

    Even so, the FBI is warning that hackers are increasing their attacks.

    “It’s of greater concern now when it comes to K-12 education, because so many more people are plugged into the technology with schooling because of the distance learning situation,” FBI Cyber Section Chief Dave Ring told ABC News. “So things like distributed denial of service attacks, even ransomware and of course, domain spoofing, because parents are interacting so much more with the schools online.”

    While Zoom-bombing may be one type of attack, ransomware is another common, more dangerous attack. According to the FBI, there has been a nearly 30% increase in ransomware attacks against schools.

    “The broader the move to distance learning, I think the more attacks you’re going to see, just simply because there are more opportunities for it and it’s more disruptive,” Ring said. “Not everybody’s looking to make money when it comes to criminal motivations for these attacks. A lot are they’re looking to steal information. They’re looking to use that for financial gain. They’re looking to collect ransoms.”

  • Zoom Executive Charged For Shutting Down Meetings For China

    Zoom Executive Charged For Shutting Down Meetings For China

    US prosecutors have charged a China-based Zoom executive for shutting down meetings on behalf of Chinese authorities.

    Xinjiang Jin, also known as Julien Jin, is accused of fabricating reasons to take action against various accounts, especially those critical of or commemorating the Tiananmen Square massacre, according to The New York Times. Jin is accused of gaining access to meetings and then posting prohibited content, such as child pornography or terrorism-related items, in order to get the meetings flagged and shut down.

    “Americans should understand that the Chinese government will not hesitate to exploit companies operating in China to further their international agenda, including repression of free speech,” said FBI Director Christopher Wray in a statement.

    Zoom has since fired Jin and has placed other employees on administrative leave while it conducts an internal investigation. The company’s investigation has already shown that Jin accessed and shared user data with Chinese authorities, although Zoom says it was “fewer than 10 individual users” outside of China. This was despite Zoom’s efforts to restrict China-based employees from accessing the company’s global network.

    To date, Jin has not been arrested and will likely not be, given that he was aiding Chinese authorities. As the NYT points out, however, this is a significant escalation for US prosecutors, emphasizing the tightrope American tech companies operating in China must walk.

  • Security Firm FireEye Details Hack, State-Sponsored Attack

    Security Firm FireEye Details Hack, State-Sponsored Attack

    Security firm FireEye is the latest victim of a cyberattack, and likely the victim of a state-sponsored attack.

    FireEye is one of the leading cybersecurity firms, providing consulting, services, software and hardware to customers. The company has been involved in detecting and fighting multiple high-profile attacks. Its history and expertise make the news it was attacked all the more concerning.

    CEO Kevin Mandia outlined the attack in a blog post:

    Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.

    Mandia says the attackers used some of the company’s Red Team tools that FireEye uses to test its customers’ security. As a result, FireEye is releasing the necessary information for customers to mitigate the threat those tools now pose.

    We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.

    FireEye is working with the FBI and Microsoft to investigate the incident. Nonetheless, the fact that the attackers are using methods the company has never seen before is not very encouraging for the cybersecurity industry.