Another water system hacked - this one in Kansas. Former employee charged w/ gaining remote access and performing activities "that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures," per indictment. justice.gov/usao-ks/pr/ind…
Wyatt Travnichek was employed by Ellsworth County Rural Water District (aka Post Rock Rural Water District) for 1 yr before resigning in Jan 2019. On March 27, 2019, Post Rock experienced an unauthorized remote intrusion resulting in the shut-down of the facility’s processes.
Post Rock Water District serves more than 1,500 retail customers and 10 wholesale customers over eight Kansas counties. Post Rock’s processes include cleaning and disinfecting customers’ drinking water. In shutting down the cleaning processes, it could have affected public health
It sounds like this water system hack may have been enabled because system admins failed to revoke access privileges to the employee after he resigned from his job in Jan. But it's not clear from the indictment. Not enough details.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
CEO of the Associated Press says the international news service experienced unprecedented cyber "attacks" during the 2020 election. This included 10,000 daily phishing attempts and an average of 1.8 million web-based “attacks” per month. zetter.substack.com/p/ap-says-it-e…
They “came in withering numbers,” were sophisticated, and came from Pakistan, Taiwan and “most especially the Russian Federation” among others. In 2016, AP was hit mostly w/ DDoS attacks. In 2020 they were more sophisticated attempts to “find backdoors" in AP platforms/systems.
AP plays critical role in election reporting and is obvious target for anyone wanting to disrupt results/create confusion. AP feeds content to 12,000+ media outlets around world and counted/compiled votes in 7,000+ US elections in 2020; it's often first to call winner in races.
We've been hearing a lot about a surveillance gap since SolarWinds hack was exposed. Officials call it a “blind spot,” a "visibility" issue and an authorities “gap." But they've been vague about what they mean by it. Turns out it's not quite what you think zetter.substack.com/p/mind-the-gap…
I spoke w/ former NSA General Counsel Glenn Gerstell about the surveillance gap, and it turns out it's not about not being able to see into US private-sector systems at all, but about FBI not being able to get a warrant quickly enough or get one when there isn't probable cause.
Gerstell described hypothetical: NSA sees data leave US computer and go to one in Europe; then data leaves Europe computer and goes to one in Russia. Suspects it's intel stolen by foreign power but doesn't have evidence for probable cause emergency access to US computer to verify
Portrait of a Digital Weapon
Ok this is pretty cool. Artist made homage to Stuxnet using de-compiled code that displays character by character, like a digital countdown, over satellite image of Iranian facility it attacked. Note USB cc: @liam_omurchu macpierce.com/portrait-of-a-…
Here's the 15-page report just released by the ODNI about foreign threats to the 2020 election - this is the unclassified version of the larger classified report dni.gov/files/ODNI/doc…
"This [assessment] does not include an assessment of the impact foreign malign influence and interference activities may have had on the outcome of the 2020 election."
"We assess that it would be difficult for a foreign actor to manipulate election processes at scale without detection by intelligence collection, ... through physical and cyber security monitoring around voting systems ..., or in post-election audits."
Microsoft is warning users to apply patch it's releasing today for four zero day vulns found in Exchange email servers - the vulns are being actively exploited by threat group believed to be from China. Details in this thread (and here after 2pm): microsoft.com/security/blog/…
"We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected."
The vulns are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065; all of which are addressed in today’s updates for Exchange Server.
The vulns affect Microsoft Exchange Server. Exchange Online is NOT affected.
Versions affected are:
Microsoft Exchange Server 2013 , 2016 and 2019
Microsoft Exchange Server 2010 is being updated for Defense in Depth purposes.
Thinking about the potential intelligence and deep-fake benefits from grabbing this voice data. “Each of the audio tracks contains metadata including the corresponding user ID: this makes harvesting and processing the voice data of each individual easier.”
“Clubhouse records all audio until every person has left the room, which it says is for safety purposes. Its community guidelines state that temporary audio recording is performed ‘solely for the purpose of supporting incident investigations’ while ‘the room is live.’”
“If a user reports a violation while the room is active, Clubhouse retains the audio [to investigate] and deletes it when this is complete... ‘Audio from muted speakers and audience members is never captured, and all temporary recordings are encrypted’”