Weekly Axis Of Easy #133
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
Swiss Crypto company was a front for US and German intelligence for decades
Microsoft walks back search hijack on Chrome browsers
Four Chinese military officers charged in Equifax hack
US Finance sector hit with targeted Trojan attacks
Report: Huaweii has backdoor access into mobile networks globally
ICANN awards sweetheart deal for .COM price increases
When background checks-as-a-service flub background checks
Florida police department hit with ransom ware attack
Latest email extortion vector: pay or we’ll hose your Google Adsense account
Jeftovic goes on the Tom Woods show to talk up his new book
It was a good scam while it lasted: Swiss company Crypto AG, which made encryption products which were sold to governments worldwide, was actually controlled by the CIA and German intelligence and sent unencrypted copies of its payloads back to their spymasters. The intelligence was then shared with as many as five or six other intelligence agencies.
The story was uncovered by German broadcaster ZDF, the Swiss SRF and reported in the west by WaPo.
(This reminds of something I read a long time ago, I’m having a hard time sourcing it now. But as I remember it, during the Cold War there were only something like two major manufacturers of paper shredders. One or both were controlled by a Western intelligence agency and they ingeniously photographed the documents being fed into them just prior to their shredding.)
Several weeks ago an #AxisOfEasy reader forwarded me an item on how Microsoft unveiled plans to, in essence, hijack the search bar in Chrome browsers within the Office 365 suite, making their own Bing the default search engine.
I forgot to include it at the time, but now we are getting word that Microsoft is walking back that idea.
Despite the assessment by security researchers in the wake of the 2017 Equifax hack that it had been carried out by criminals, the breach, which obtained personally identifying data such as social security numbers and financial records now appears to have been carried out by a state actor. Namely, China.
Four officer’s in China’s People’s Liberation Army cyberwarfare unit have been charged by the US AG’s office in the attack. The charges allege that the attack allowed China to gain intelligence on US government officials with eye toward scanning for financial stress and identifying candidates for extortion and bribery.
Threatpost ran a story on a report issued by security firm Fireeye, about a targeted attack against financial sector entities. The attack is launched via email, same tactic used in the wire fraud attack from the easyDNS blog, where victims are sent official looking emails from official looking domains that are in fact, bogus.
The emails arrive with attachments infected with the VBA Stomping malware. It obfuscates malicious macros which then install a backdoor called Minebridge which gives the attackers “full control of the target’s environment”, including command and control operations to download further malware.
According to a report in the WSJ, it turns out that across all of the mobile phone networks in which Chinese giant Huaweii has had a hand in building, globally, they’ve maintained backdoors into all of them that enabled them to continue accessing the networks at any time. Possibly even more startling is the sentence “It’s been using backdoors intended for law enforcement for over a decade”.
That law enforcement agencies worldwide have back doors into mobile networks shouldn’t surprise us, I guess. It’s just disorienting to me to see it spelled out in such an offhanded, cavalier manner.
Verisign has “negotiated” themselves a sweet deal with ICANN, once again, for management of the .COM TLD. One that bakes in annual 7% price increases for 8 out of the next 10 years. As usual, the contract to run .COM was not open to tender, something which would have the effect of driving the wholesale cost of .COM’s down over time, not up. Monopolies, nice work if you can buy it (am I being too facetious here? Verisign paid ICANN a $20M “signing fee”, what else is it?).
Toronto’s own domain policy watchdog (and easyDNS client, of course) George Kirikos has weighed in with his thoughts on the deal. He also points out to me the thousands upon thousands of comments from the at-large constituency that is unanimously opposed.
I still remember Tucows’s Elliot Noss telling me back when they still owned the LibertyRMS registry “If the .COM contract was open to competitive bidding, the wholesale price of a .COM would be around $2 per).
When companies like Uber and Lyft run background checks against their drivers, they use a company like Checkr. Only problem is, sometimes Checkr messes up the check, reporting some innocuous moving violation, long closed, as an outstanding warrant or worse. As a result, affected workers find themselves locked out of the “gig economy”.
As a result the company is facing an increasing barrage of lawsuits including one by a 69-year old army veteran who, after doing fairly well driving for Uber decided to invest in a black car SUV to upscale and did very well… that is, until Checkr reported his drivers’ licence as expired (it wasn’t), he was suspended by Uber, and by the time he got reinstated had fallen behind on his payments and lost the vehicle.
(My recent take on the Unicorn economy, like Uber, and Lyft and the entire gig economy is Unicorn Bingo, Unicorn Winter over on my Guerrilla-Capitalism blog).
If you thought that all law enforcement agencies would be fully cognizant of the threat from ransomware attacks, think no more. The North Miami Beach Police Department disclosed that its system have been impacted by a ransomware attack. A source told the station reporting that the hackers are demanding $5,000,000 USD to restore access to the police force’s systems.
The force says their services to the public have not been impacted and they have asked the FBI and Secret Service for assistance. I guess by that they don’t mean “assistance restoring from backups”.
By now you’re probably well aware of the myriad variants of those Bitcoin ransomware emails. They’re the ones that tell you your computer has been hacked and that embarrassing material has been exfiltrated and will be released unless you pay up a Bitcoin ransom.
This vector is always mutating. In this version, website owners who monetize their sites via Google’s Adsense network are sent messages telling them that unless they pay an extortion fee, the hackers will send low quality bots to click all over the Adsense units on their site, thus getting their Google accounts suspended.
Points for ingenuity and diabolical…ness? Hopefully Google can become aware of this sort of vector and not penalize the website publishers should the attackers follow through (most of the time it’s just a bluff).
It was an honour and a privilege to be invited onto The Tom Woods Show to discuss my new book with the man himself. We had a great talk that cut straight to the heart of the strategic approach to defending against cancel culture and we had some time to do some introspection into the seeming paradox of libertarianism and Big Tech doing whatever the hell they want with content on their systems.
More on the book: Unassailable,