- Metacurity
- Posts
- Nakashima Says Reporters Should Determine Authenticity and Provenance of Hacked Materials
Nakashima Says Reporters Should Determine Authenticity and Provenance of Hacked Materials
'Staggering' number of attacks linked to Bahamut mercenary group, Google adds cross-app alerts, Comcast remote can become listening device, a new botnet is hijacking smart devices for DDoS and mining
Nakashima Says Reporters Must Determine Authenticity and Provenance of Hacked Materials
(This short article is part of what we hope will be ongoing original reporting and analysis that is available exclusively to Metacurity’s email -- and soon premium — subscribers.)
Yesterday, at the fourth day of the Cybersecurity and Infrastructure Security Agency’s (CISA) annual summit, Washington Post security reporter Ellen Nakashima spelled out guidelines that her newspaper uses when reporting the sometimes duplicitous or agenda-driven hacks and leaks shaped the 2016 election to disastrous effect. “Our executive director Marty Baron recently put out real life guidance on how to cover one of the most concerning types of disinflation or influence operations. It's the hack and link which we saw in 2016,” Nakashima said.
“And some of the guidelines include making sure when, if there's some information that comes out that looks like it was hacked and then put out online by a foreign or domestic actor, we need to determine the authenticity of the material, the news worthiness of the material because not all hacks and leaks are worthy of being covered.”
Looking at the provenance of the hacked material is crucial, Nakashima said, with reporters obligated to figure out where it came from, to the extent possible. “Was this a Russian government sponsored, attempt or a Chinese government sponsored or proxy effort?”
Nakashima also said that reporters should not be so quick to send tweets about hacked information. “And so we should, as reporters across the news room, refrain from just tweeting something out before the top editors have ascertained the newsworthiness and the authenticity and original provenance. We should also really focus on context, what is it that we know or don't know about the material and its origin?”
Like any journalist when dealing with sources on any topic, reporters dealing with hacked information should also keep in mind that the source of the material has a specific agenda to push. “If you're reading these hacked emails from Hunter Biden's account, it's because some people want you to read them,” she said. The reporter’s job is to look at the motivations of the source and to connect the dots. “To talk about how this information campaign might amplify a critique put out by one campaign or the other one candidate or another.”
Mercenary Hacking Group Bahamut Linked to ‘Staggering’ Number of Attacks
An “elusive, patient, and effective” mercenary hacking group known as Bahamut has been discovered by researchers at BlackBerry. BlackBerry links the hackers to a “staggering” number of ongoing attacks against government officials and industry titans. The diversity of clients targeted by the group, including Middle Eastern human rights activists, Pakistani military officials, and Gulf Arab businessmen, lead the researchers to believe that they are working for a range of different clients. BlackBerry also linked Bahamut to mobile apps in the Apple and Google stores including a fitness tracker and password manager, which may have helped the hackers track their targets. (Raphael Satter, Christopher Bing / Reuters)
Related: Infosecurity Magazine, PR Newswire, Channel News Asia, TODAYonline, Blackberry, Reddit - cybersecurity, Infosecurity Magazine, The State of Security, Cyberscoop, Threatpost, Dark Reading: Threat Intelligence, SecurityWeek, iTnews - Security, Middle East Monitor
Google Adds New Security Updates Including Cross-App Alerts
Google announced a number of new security updates including new cross-app alerts that will tell users when there’s a security issue with their Google accounts. The alerts are rolling out on a limited basis over the coming weeks and will appear on iOS first, with Google planning to expand them more broadly next year. Google is also adding a new guest mode to Google Assitant that won’t save any requests while it’s on. Finally, to simplify security and privacy settings, Google will allow users to search for phrases like “Is my Google Account secure?” to see a summary of their settings. (Jay Peters / The Verge)
Related: Trusted Reviews, channelnews, xda-developers, SiliconANGLE, Android Police, Android Authority, Engadget, Neowin, iDownloadblog, 9to5Google, Ubergizmo, Android Central , SlashGear » security, SlashGear » security, Slashdot, Google
Comcast Remote Can Be Turned Into Listening Device Using ‘WarezTheRemote’ Attack
Comcast's XR11 Xfinity Voice Remote can be turned into a listening device without needing physical access or user interaction using an attack called WarezThe Remote devised by researchers at Guardicore. Comcast's XR11, an older model predating its X1 remote, relies on radiofrequency to communicate with cable set-top boxes and comes with a built-in microphone to allow voice commands. The new attack exploits a weakness in the implementation of the RF4CE (Radio Frequency for Consumer Electronics) protocol responsible for encrypting the communication. (Ionut Ilascu / Bleeping Computer)
Related: The Register, GuardiCore, Threatpost, CTech - 24/7, TechRepublic, Fast Company
New HEH Botnet is Hijacking Smart Devices in the Wild to Conduct DDoS Attacks, Mine Cryptocurrency
A new botnet called the HEH Botnet is hijacking Internet-connected smart devices in the wild conducting malicious acts, mostly DDoS attack, and illicit cryptocurrency coin mining, according to researchers at Qihoo 360's Netlab. The botnet is written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force attack of the Telnet service on ports 23/2323, and can execute arbitrary shell commands. (Ravie Lakshmanan / The Hacker News)
Related: DataBreachToday.com
Katie Hill Says Hackers Gained Control Over Her Congressional Twitter Account
Former representative Katie Hill said her congressional Twitter account was hacked after someone or some people claiming to be "Katie’s former staff" began issuing derogatory tweets against the Democrat from the account. The tweets began after it was announced that actress Elizabeth Moss would play Hill in an upcoming movie called “She Will Rise.” (Quint Forgey / Politico)
Related: Mediaite, Daily Mail, RT USA, Washington Examiner
Privacy-Focused Coalition Seek to Make It Easier to Opt Out of Any Business Selling Their Data
A group of over a dozen privacy-focused tech companies, nonprofits, and publishers, including The New York Times, the Electronic Frontier Foundation, and the search engine and browser DuckDuckGo, announced the beta launch of a new global privacy control. The idea is to create a universal opt-out under the California Consumer Privacy Act (CCPA), which gives residents the right to opt out of any business selling their data, so that exercising that right under the law would become easy. (Gilad Edelman / Wired)
Related:CNET, Neowin, Global Privacy Control
Two Must-Reads From Joseph Cox
Intrepid reporter at Motherboard Joseph Cox has been hitting it out of the park with his series of scoops on what major organizations are doing with our private data. Two pieces he authored this week are worth a read. First, the IRS’ criminal investigation division will investigate the agency's use of location data harvested from ordinary apps installed on peoples' phones, J. Russell George, the Inspector General said. The probe comes after Senators Ron Wyden and Elizabeth Warren demanded a formal investigation into how the IRS used the location data.
The other Cox piece to give a read is this one about how the U.S. Customs and Border Protection (CBP) bought access to "global" location data harvested from ordinary apps installed on peoples' phones, allowing CBP to track devices even beyond U.S. borders. The company that CBP bought the location data from is called Venntel, which touts itself as “pioneer in mobile analytics.”
Other Infosec News
India and Japan have finalized an ambitious agreement on cybersecurity to boost cooperation on 5G technology and critical information infrastructure. The agreement will promote cooperation in capacity building, research and development, and security and resilience in critical information infrastructure, 5G, internet of things, and artificial intelligence, according to India’s Minister of External Affairs. (Rezaul H Laskar / Hindustan Times)Related: Gadgets Now, ThePrint, The Financial Express, E Hacking News, Zee News
Google Keyboard, also known as GBoard, has launched the contextual input suggestion experience on its Android 11 app by integrating on-device artificial intelligence into the user's daily communication in a privacy-preserving way, the company says. (Lily Hay Newman / Wired)Related: Google Online Security Blog
Favorite Tweet of the Day
Shameless Plug of the Day: Check out my piece in CSO Online about the SilentFade malware that stole millions from Facebook users’ ad accounts.
Photo by The Climate Reality Project on Unsplash