Kim Zetter Profile picture
Journalist - cybersecurity/national security. Author COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. Speaker/Signal/Substack
❌gab.ai/BigMamaTEA❌ Profile picture Brendawho Profile picture Sandy Roggero Profile picture ☀️💧Leon-Gerard Vandenberg 🇨🇦🇦🇺🇳🇱 Profile picture Anson Kennedy Profile picture 14 added to My Authors
17 Apr
Announcing: Mark Zuckerberg will join our new Sidechannel for a conversation with @CaseyNewton in the launch of our new Discord txt/audio chat forum. It's a measure of how respected Casey's Platormer publication is (platformer.news/publication) that Zuck wanted to join him for this. Image
I've heard Zuckerberg will be making news during discussion. Sidechannel, launched by Casey, I, and six other independent writers, is open to paid subscribers of my Zero Day publication (zetter.substack.com), Casey's Platformer or any of the other publications listed below
Other writers/pubs on SideChannel are:

Platformer @CaseyNewton
platformer.news

Galaxy Brain @cwarzel
warzel.substack.com/p/welcome-to-g…

Newcomer @EricNewcomer
newcomer.co

Hot Pod @nwquah
hotpodnews.com

Culture Study @annehelen
annehelen.substack.com
Read 5 tweets
16 Apr
Positive Technologies, the Russian security firm sanctioned this wk for allegedly helping Russian spies hack the US, has for yrs belonged to Microsoft's MAPP program, which gives security vendors advance access to info about vulns and proof-of-concept code zetter.substack.com/p/sanctioned-f…
Although the allegations against Positive Technologies cited by the Treasury Dept were vague, a little-seen report published by the Atlantic Council last month appears to provide much more detail about the activities that may have led to the sanctions against the company.
That report doesn't name Positive Technologies at all, instead it uses a code name - ENFER - to refer to a Russian security firm aiding Russian spies. ENFER has allegedly reversed/repurposed malicious code found on Russian gov networks to create exploits for other intrusions.
Read 6 tweets
15 Apr
Pfizer CEO said during panel today that people will have to get a third "booster" shot of the Covid vaccine 6-12 months after receiving the two initial shots, and then potentially everyone will have to be vaccinated again each year facebook.com/watch/live/?v=…
"There are vaccines that are like polio that one dose is enough... and there are vaccines like flu than you need every year," he said.

"The Covid virus looks more like the influenza virus than the polio virus."
Biden official said something similar this morning. "Dr David Kessler, the Biden administration's chief science officer of COVID response, said that Americans should expect to receive booster shots, especially as variant continue to spread."
Read 5 tweets
12 Apr
The blackout at Natanz nuclear facility in Iran was caused by explosives, not a cyberattack. "a large explosion that completely destroyed the independent—and heavily protected—internal power system that supplies the underground centrifuges nytimes.com/2021/04/11/wor…
"The officials, who spoke on the condition of anonymity to describe a classified Israeli operation, said that the explosion had dealt a severe blow to Iran’s ability to enrich uranium and that it could take at least nine months to restore Natanz’s production."
Clarification: the story says the blackout was caused by a large explosion. Theoretically such an explosion could be triggered by a cyberattack, depending on how it's done. But this sounds like it was physical sabotage rather than cyber. TBD
Read 5 tweets
11 Apr
Announcing the creation of Sidechannel, a new Discord channel that seven other writers and I will be launching soon for paid subscribers to our publications. You can join the discussion by subscribing to zetter.substack.com or any publication by one of the writers below.
Other writers/pubs on SideChannel are:

Platformer @CaseyNewton
platformer.news

Galaxy Brain @cwarzel
warzel.substack.com/p/welcome-to-g…

Newcomer @EricNewcomer
newcomer.co

Hot Pod @nwquah
hotpodnews.com

Culture Study @annehelen
annehelen.substack.com
Read 4 tweets
1 Apr
CEO of the Associated Press says the international news service experienced unprecedented cyber "attacks" during the 2020 election. This included 10,000 daily phishing attempts and an average of 1.8 million web-based “attacks” per month. zetter.substack.com/p/ap-says-it-e…
They “came in withering numbers,” were sophisticated, and came from Pakistan, Taiwan and “most especially the Russian Federation” among others. In 2016, AP was hit mostly w/ DDoS attacks. In 2020 they were more sophisticated attempts to “find backdoors" in AP platforms/systems.
AP plays critical role in election reporting and is obvious target for anyone wanting to disrupt results/create confusion. AP feeds content to 12,000+ media outlets around world and counted/compiled votes in 7,000+ US elections in 2020; it's often first to call winner in races.
Read 4 tweets
1 Apr
Another water system hacked - this one in Kansas. Former employee charged w/ gaining remote access and performing activities "that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures," per indictment. justice.gov/usao-ks/pr/ind…
Wyatt Travnichek was employed by Ellsworth County Rural Water District (aka Post Rock Rural Water District) for 1 yr before resigning in Jan 2019. On March 27, 2019, Post Rock experienced an unauthorized remote intrusion resulting in the shut-down of the facility’s processes.
Post Rock Water District serves more than 1,500 retail customers and 10 wholesale customers over eight Kansas counties. Post Rock’s processes include cleaning and disinfecting customers’ drinking water. In shutting down the cleaning processes, it could have affected public health
Read 4 tweets
1 Apr
We've been hearing a lot about a surveillance gap since SolarWinds hack was exposed. Officials call it a “blind spot,” a "visibility" issue and an authorities “gap." But they've been vague about what they mean by it. Turns out it's not quite what you think zetter.substack.com/p/mind-the-gap…
I spoke w/ former NSA General Counsel Glenn Gerstell about the surveillance gap, and it turns out it's not about not being able to see into US private-sector systems at all, but about FBI not being able to get a warrant quickly enough or get one when there isn't probable cause.
Gerstell described hypothetical: NSA sees data leave US computer and go to one in Europe; then data leaves Europe computer and goes to one in Russia. Suspects it's intel stolen by foreign power but doesn't have evidence for probable cause emergency access to US computer to verify
Read 8 tweets
25 Mar
Portrait of a Digital Weapon
Ok this is pretty cool. Artist made homage to Stuxnet using de-compiled code that displays character by character, like a digital countdown, over satellite image of Iranian facility it attacked. Note USB cc: @liam_omurchu
macpierce.com/portrait-of-a-…
The artist has documented the entire process of creating it, here: macpierce.com/blog/2021/3/21…
And this is the artist behind the artwork: Portrait of a Digital Weapon
Read 5 tweets
16 Mar
Here's the 15-page report just released by the ODNI about foreign threats to the 2020 election - this is the unclassified version of the larger classified report dni.gov/files/ODNI/doc…
"This [assessment] does not include an assessment of the impact foreign malign influence and interference activities may have had on the outcome of the 2020 election."
"We assess that it would be difficult for a foreign actor to manipulate election processes at scale without detection by intelligence collection, ... through physical and cyber security monitoring around voting systems ..., or in post-election audits."
Read 5 tweets
2 Mar
Microsoft is warning users to apply patch it's releasing today for four zero day vulns found in Exchange email servers - the vulns are being actively exploited by threat group believed to be from China. Details in this thread (and here after 2pm): microsoft.com/security/blog/…
"We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected."

The vulns are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065; all of which are addressed in today’s updates for Exchange Server.
The vulns affect Microsoft Exchange Server. Exchange Online is NOT affected. 
 
Versions affected are: 
Microsoft Exchange Server 2013 , 2016  and 2019 


Microsoft Exchange Server 2010 is being updated for Defense in Depth purposes.
Read 12 tweets
27 Feb
Thinking about the potential intelligence and deep-fake benefits from grabbing this voice data. “Each of the audio tracks contains metadata including the corresponding user ID: this makes harvesting and processing the voice data of each individual easier.”
“Clubhouse records all audio until every person has left the room, which it says is for safety purposes. Its community guidelines state that temporary audio recording is performed ‘solely for the purpose of supporting incident investigations’ while ‘the room is live.’”
“If a user reports a violation while the room is active, Clubhouse retains the audio [to investigate] and deletes it when this is complete... ‘Audio from muted speakers and audience members is never captured, and all temporary recordings are encrypted’”
Read 5 tweets
25 Feb
I think you all gave me a homework assignment. I'll watch and livetweet tonight at 8pm PST.
Ok as I open Episode 7 of @Netflix's Spycraft, I realize it's not a whole episode about Stuxnet; it's called The Codebreakers and is about a lot of other things - Jefferson's cipher wheel, Enigma, etc, with only a few minutes about Stuxnet. That's probably a good thing.
This is going to be a mercilessly short thread because I'm just going to skip ahead to the part about Stuxnet so I don't have to watch the whole episode. Looks like the Stuxnet portion is just 3 minutes long. Woohoo
Read 25 tweets
23 Feb
NASA coders hid an Easter egg in the colored pattern of Persevere’s parachute

“We identified a 10 bit pattern in the circles” of Persevere’s parachute that spells out “Dare Mighty Things”
Read 9 tweets
21 Feb
Can't believe how close this United plane engine part came to crashing through the roof.
Read 4 tweets
20 Feb
Interesting mystery. New malware found on ~30,000 Macs is raising ??. Once hourly the Macs contact a control server to check for commands from attackers, but so far no payload delivered. Malware has self-destruct feature but attackers haven't triggered it. arstechnica.com/information-te…
The malware has been found in 153 countries. One version runs on M1 chip that Apple introduced in Nov, "making it only the second known piece of macOS malware to do so... it uses the macOS Installer JavaScript API to execute commands." Red Canary report: redcanary.com/blog/clipping-…
“Though we haven’t observed [it] delivering additional malicious payloads yet, its...M1 chip compatibility, global reach, relatively high infection rate, and operational maturity [make it] uniquely positioned to deliver a potentially impactful payload at a moment’s notice”
Read 6 tweets
16 Feb
Seeing all of these videos of people skating on thin ice - literally - and made me curious about when it's safe to skate on frozen bodies of water. survivalskills.guide/how-to-tell-if… Image
A tale of Dutch ice skaters, in two acts:

Act I:
Read 4 tweets
12 Feb
Story in 3 acts. 1) People publishes sympathetic story about Axios reporter's relationship w/ Biden aid who has cancer. 2) Turns out People scooped Politico on story. 3) Nope. It turns out Biden aid threatened Politico reporter before taking story to People to undermine Politico
If you're wondering about the difference between how People portrayed the story and how Politico planned to portray it: On left Politico Playbook snippet, on right People story
"After Vanity Fair published this account [of how Ducklo threatened the Politico reporter by telling her "I will destroy you"], the White House announced that Ducklo would be suspended for one week."
Read 5 tweets
8 Feb
With regard to news that hacker remotely accessed control system for water treatment plant in Florida to increase lye level, it's no surprise these are accessible online. Have been for yrs. But it sounds like they maybe didn't have 2-factor authentication set up to protect it
Here's a story I wrote in 2012 about critical industrial control systems accessible over the internet and easily discovered through a Shodan search wired.com/2012/01/10000-…
And in 2013 I wrote about a researcher who used Masscan to find systems using port 5900 (the port used by VNC and TeamViewer remote-management software). He found 30,000 connected systems that did not require authentication to access them wired.com/2013/11/intern…
Read 4 tweets
5 Feb
Wife of US diplomat who killed teen in UK while driving on wrong side of road was working for a US intelligence agency, as was her husband, her lawyer says, and that’s why she fled the UK after the accident. washingtonpost.com/world/europe/a…
Previously it had only been known that her husband was working for US gov at a Royal Air Force base in Croughton, England — a base known to be used by US intel agencies. The revelation raises questions about whether she should have had diplomatic unity to avoid prosecution in UK.
A 1995 agreement w/ US stipulates that American staff at Croughton base can’t claim diplomatic immunity to avoid prosecution. British gov was told the woman was the spouse of a diplomat. But if she was an intel employee at Croughton, she should not have been allowed to leave UK.
Read 4 tweets
4 Feb
Russian doctor who treated Navalny after poisoning has died suddenly in the intensive care unit where Navalny was treated. Reports say his blood pressure shot up to 250 suddenly, before he died of a heart attack dailymail.co.uk/news/article-9…
The news of the Russian doctor's death reminds me of this clip from last month, showing another doctor and ally of Navalny playing the piano as police raided her apartment
This piece says that the 55 yr old Russian doctor who died this wk had lost all his family members in a year, including both parents. The implication is that he was under a lot of stress and this may have led to the heart attack. content.novayagazeta.ru/news/2021/02/0…
Read 4 tweets