Security News This Week: FBI Finds Hackers Poking Around More Voter Registry Sites
Concern about potential election tampering continued this week. As noted in the roundup below, the FBI found evidence that hackers have been assessing the defenses of voter registries around the country and the cell phones of some Democratic party officials. But election officials aren’t the only ones on high alert. A bombing in New York City led the FCC to reassess its emergency text alert guidelines this week, and Tesla turned a hack of its Tesla S into an opportunity to launch code signing, a fundamentally more secure way to verify code.
As fallout from last week’s Yahoo hack news continued, experts questioned the effectiveness of security questions and urged people to make their answers random and meaningless strings of characters whenever they are compelled to use these mechanisms. But maybe you’re not so worried about any of this. RAND researchers recently found that users whose personal data has been compromised in data breaches generally remain loyal to the institutions that were hacked. Meanwhile, an exploit broker announced it will pay a whopping $1.5 million for previously undisclosed vulnerabilities—known as zero-days—in Apple’s new iOS 10. The, ahem, colorful life of John McAfee is on display in a new documentary. And in the dystopian not-so-future, researchers have evidence that machine learning-trained artificial intelligence systems can be reverse engineered, reconstructed, and stolen.
And there’s more: Each Saturday we round up the news stories that we didn’t break or cover in depth but still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
FBI Director James Comey told Congress on Wednesday that the bureau has observed probing and remote monitoring of voter registration databases, indicating that hackers may be targeting the sites. Official sources told ABC News, CNN and other outlets that the FBI suspects a Russian connection. Databases of voters in Illinois and Arizona had already been compromised over the summer. “There have been a variety of scanning activities, which is a preamble for potential intrusion activities,” Comey said. He encouraged state voting authorities to seek resources and support from the Department of Homeland Security, which is already advising 18 states. Comey emphasized, though, that the FBI still feels that U.S. voting systems are secure because they are so diverse and many are not Internet-connected.
The FBI is also evaluating evidence that hackers have attempted to infiltrate the smartphones of some Democratic Party officials, possibly to fuel mistrust and uncertainty as the presidential campaign season reaches its final phase. Some sources told Reuters that the attempted smartphone hacking was attributable to Russia. The country denies that it engages in these types of targeted hacks. The FBI has been working to image phones it thinks may have been attacked so that it can scan for evidence like malware. Interim DNC Chair Donna Brazile told CNN, “Our struggle with the Russian hackers that we announced in June is ongoing.”
DDoS Attack Temporarily Took Newsweek Down, Possibly Connected to Report on Trump/Cuban Trade Embargo
After publishing a piece on Thursday about whether Donald Trump’s hotel company had violated the Cuban embargo in 1998, hackers launched a distributed denial-of-service attack against Newsweek.com, bringing the site down for a few hours. Editor-in-Chief Jim Impoco confirmed the attack and told Talking Points Memo, “As with any DDoS attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything….We are still investigating.”
Microsoft Research announced this week a tool, called Project Springfield, that developers can use to scan new applications for vulnerabilities before releasing them. The service uses a type of fuzzing, or systematic probing, to evaluate source code and look for potential attack vectors like inputs that make a program crash or that enable an attacker to plant malware. Microsoft used a previous iteration of Project Springfield to scan Windows 7 for security bugs before it debuted. For now, developers must be approved to gain access to the tool.
Visit link –