Subscribe

#AxisOfEasy 187: Stop What You’re Doing: F5 Edition

by on March 16, 2021

Weekly Axis Of Easy #187


Last Week’s Quote was   “Thinking is difficult, that’s why most people judge” was Carl Jung, winner was Karen McMillan

This Week’s Quote: “We live in a world in which data convey authority. But authority has a way of descending to certitude, and certitude begets hubris”… by???


THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.

 


In this issue:

  • F5 urges immediate update
  • US preparing cyber-strike against Russia for SolarWinds
  • The aftermath of the MS Exchange hack is looking pretty bad
  • A look inside cybercrime job market
  • India prepares to ban Bitcoin
  • Paper researches effect of deplatforming and cancellations on academia
  • Twitter suspends former US House Speaker Newt Gingrich
  • 800K locked out of CRA, told to get serious about security
  • US indicts Sky Global CEO over encryption app
  • This week on Axis of Easy


F5 urges immediate update on BIG-IQ and BIG-IP deployments

F5, which makes load balancers and security appliances for enterprise firms has issued an urgent notice that customers should upgrade and patch their BIG-IQ and BIG-IP deployments immediately.

Multiple critical vulnerabilities have been discovered that:

“Enable remote attackers to take complete control of the systems to execute malicious code, disable services, create or delete files, and take other malicious actions.”

Compromised BIG-IP systems can then be leveraged to attack the rest of the networks within which they reside.

Contrary to previous F5 critical vulnerabilities which affected F5 software’s “Control Plane,” these cannot be hastily mitigated by simply enacting access control from external users. These ones hit the “Data Plane” and thus must be patched.

So if your organization has any of these devices within your infrastructure, what are you still doing here? Get to it.

Read: https://www.f5.com/company/blog/big-ip-and-big-iq-vulnerabilities-protecting-your-organization


US preparing cyber-strike against Russia for SolarWinds

According to this New York Times piece, the US is preparing a cyber-strike counter attack against Russia in retaliation for the Solar Winds hack. Readers may remember that I was skeptical of the Russian hacking narrative simply because of how unsourced and circular the original attribution was. Some security professionals I’m in contact with have told me there is some evidence that it’s true, but they had no access to anything that could be disseminated.

“The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.”

I was trying to remember a previous incident where the US cyber-command had announced or telegraphed that they were going to retaliate against Russia for something else. In the course of looking for it I found this other NYTimes piece about how the US had stepped up attacks against Russia’s power grid… in 2019. That got me thinking about that recent attempt in Florida to tamper with a Florida town’s drinking water (covered in AxisOfEasy 182).

The New York Times article (the first one) also talks about China. Where Russia has been ascribed attribution for the Solar Winds hack, China looks to be behind the Microsoft Exchange Server hack (see below) that has severely compromised tens if not hundreds of thousands of organizations.

Stuff like this make me wonder if there’s any truth to those who say World War Three is actually in progress  but it’s simply that we, the public, haven’t been informed. It’s just occurring under different rules of engagement and using different weapons. “War by Other Means,” if you will, which is actually the title of a book by Robert Blackwell (former CFR member, former US ambassador to India) and Jennifer Harris. Their book focuses more on economic conflict and statecraft, but in this day and age, it all seems intertwined.

Maybe we are in the early innings of the First Global Cyber-War.


The aftermath of the MS Exchange hack is looking pretty bad

As we mentioned above, while the Solar Winds hack has been largely ascribed to Russia, the Microsoft Exchange ProxyLogon hack that we reported on last week looks to be from China.

And it looks pretty bad. As Brian Krebs tells us:

“Each hacked server has been retrofitted with a “web shell” backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim’s other computers. Researchers are now racing to identify, alert and help victims, and hopefully prevent further mayhem.”

…and via Bleeping Computer comes news that other hackers are glomming onto the original hack by finding those hacked systems and using the Remote Access Tools (RAT) installed by it to inject their own ransomware.

So in addition to this being the “Stop what you’re doing, F5 edition,” if you or your organization are running vulnerable MS Exchange servers and you’re still able to read this because your files haven’t been encrypted yet, you really should drop what you’re doing and go fix your server.

Read: https://www.bleepingcomputer.com/news/security/ransomware-now-attacks-microsoft-exchange-servers-with-proxylogon-exploits/


A look inside cybercrime job market

A rather fascinating exposé over on Dark Reading on the employment, skills training and recruitment ecosystems that underpin the criminal underworld of cybercrime.

There are various job boards and training forums across the Dark Web and hacker forums where cybercrime gangs recruit new members (one of them held a contest with submissions of papers) and where newbies can get trained up in order to find that crucial foothold in the business.

Among the sought after talent are positions like “initial access brokers,” people who can garner access to systems and “probiv” – which is a Russian slang term for “look ups.” These groups are looking for people who have privileged network status within databases of interest: passport offices, banking records – people who can look up info from the inside are actively recruited to sell data to criminal gangs.


India preparing to ban Bitcoin

The nation of India is about to find out why Bitcoin was invented. Reports emerged over the weekend that lawmakers there were preparing to introduce legislation that would make it a criminal offence to HODL, mine or trade crypto-currencies as that country is preparing to introduce its own national digital currency, providing a real world example of what Charles, Jesse and I discuss a lot in our AxisOfEasy podcasts and the recurring theme of Nation States vs Network States.

After hitting as high as $61K USD over the weekend, Bitcoin dumped overnight Sunday on the news, pulling back to around $56K USD. As I type this (Monday morning), it’s back up to $57K and 12% off the lows, so as far as Bitcoin FUD cycles go, this one may already be over.


Paper researches effect of deplatforming and cancellations on academia

One of the things about cancel-culture and deplatforming which doesn’t get talked about enough (this is verging on a pun, but I don’t mean it to be), is self-censorship.

Not only are people penalized for what they do say, no matter how factual or objectively reasonable, there is an entire body of discourse that just doesn’t get said at all because people are afraid of what will happen to them if they say it.

In a research paper titled “Academic Freedom in Crisis: Punishment, Political Discrimination, and Self-Censorship” by Eric Kaufmann, a Canadian professor of politics at UK’s Birbeck College, University of London, Kaufmann looks at the effect of deplatforming on academia.

“This report seeks to cut away from the headlines to explore large-scale survey data for the US, Canada, and the UK. Its unique contribution is providing robust quantitative analysis that reveals the nature and extent of punishment for speech and political discrimination from the perspectives of both perpetrators and victims. Few academics favor dismissal campaigns, but a significant minority admit to discriminating against conservatives, and a near-majority seem to do so when a “list method,” designed to get around social desirability bias, is used to elicit responses. From the perspective of the small minority of right-leaning academics, we see the consequences of this behavior, with most saying they experience a hostile climate in their departments and that they self-censor in their teaching and research. According to our surveys, over a third of conservative academics and PhD students in the United States say they have been threatened with disciplinary action for their beliefs.”

While Kaufmann finds that:

“That left and right, academics and non-academics, discriminate against each other at similar rates. The big difference on campus is the heavy leftward skew among staff at virtually all universities, and among students–especially at elite institutions.”

And with that:

“Perpetrators of discrimination include not only a near-majority on the far left but also some center-left and even centrist staff. Using a concealed list technique reveals that 1 in 3 British academics would discriminate against a known Brexit supporter while 40% of American academics and 45% of Canadian academics would discriminate against a known Trump supporter.”

Read: https://cspicenter.org/reports/academicfreedom

The report: https://cspicenter.org/wp-content/uploads/2021/03/AcademicFreedom.pdf


Twitter suspends former US House Speaker Newt Gingrich

Kaufmann’s article above is the first time I’ve heard the phrase “progressive authoritarianism” but it captures a lot of what we see happening. Because these institutions feed into Silicon Valley and Big Tech, not to mention the elite media outlets, it’s no surprise that this manifestation would find its way into all strata of expression.

Take this recent tweet:

The greatest threat of a covid surge comes from ________________. We have no way of knowing how many of them are bringing covid with them.”

What if that blank was filled in with:

A) Protestors converging on the Capitol on Jan 6th
B) NFL fans convening for the SuperBowl
C) Out-of-state plumbers headed to Texas for emergency repairs

Would anybody be suspended from Twitter for saying that? Probably not. In fact you could search right now and almost certainly find all manner of Twitter blue checks saying exactly that and being dutifully liked and retweeted by legions of adoring followers.  

But Newt Gingrich filled in the blank with (immigrants illegally crossing the southern border), and Twitter locked him out of his account for “violating our rules against hateful conduct.” He was forced to delete the tweet in order to gain access to his account.

No matter how you feel about any of those issues, there’s a conspicuous asymmetry there.

For the record, I’ve never been a Gingrich fan and consider him to be the epitome of why I’m not a Conservative. Nobody has to like him, but he is entitled to a level playing field.


800K locked out of CRA over fears of credential stuffing

The Canada Revenue Agency announced on Friday heading into the weekend that on Saturday (March 13) they would be locking 800,000 Canadians out of their CRA online accounts over concerns that affected accounts had their passwords compromised in third-party breaches.

To be clear: CRA doesn’t think they’ve been hacked. They identified accounts that appear to been hacked elsewhere (known as “credential stuffing”), and locked those accounts.

This to me indicates a certain level of proactiveness, contrary to a CTV follow-up piece criticizing CRA to “get serious about cyber-security.”

It means the CRA is actively monitoring for credential dumps (alluded to in the follow up piece) and then back-testing those found against its own database. Something easyDNS does as well and that puts me in an uncomfortable position of playing the role of apologist for the Canada Revenue Agency.

Yes, the lone security expert (headlined as “experts”) said CRA should be implementing 2FA across the board, over all CRA is actually doing these people a favour by alerting them that their passwords have been breached somewhere and are in the wild.

Don’t re-use your passwords and don’t yell at anybody who alerts you that one of your re-used passwords is in the wild.

Maybe a bunch of “experts” could chide the mainstream media about misleading headlines and basic accuracy when it comes to tech reporting.



US indicts Sky Global CEO over encryption app

The US DoJ has indicted the CEO of Canadian company Sky Global, which makes the encrypted messaging app Sky ECC. From what I can tell on the website, they sell other manufacturers smartphones with their Sky ECC app installed (I guess they’re jailbreaked iPhones, for example?) and then charge a monthly fee for their platform access. Payment via Bitcoin.

The DoJ indictment alleges that Sky’s CEO Jean-Francois Eap and another “former high level distributor” of Sky’s products

“Knowingly and intentionally participated in a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale and service of encrypted communications devices.”

They have also issued arrest warrants against both of them under the RICO act (the US federal Racketeer Influenced and Corrupt Organizations Act).

Eap and Sky are vigorously denying the allegations, stating that they have not been contacted nor informed of the charges by the US DoJ and calling it “an example of the police and the government trying to vilify anyone who takes a stance against unwarranted surveillance.”

Read: https://www.justice.gov/usao-sdca/pr/sky-global-executive-and-associate-indicted-providing-encrypted-communication-devices 

Read: https://ww.ceo.ca/@nasdaq/sky-globals-ceo-responds-to-recent-news-reports

This week on Axis of Easy

We didn’t have an AxisOfEasy Salon last week, but over on the Bombthrower I wrote up a piece on The Everything Bubble and how the rise of Bitcoin portends something other than a speculative mania.

Read: https://bombthrower.com/articles/were-in-a-bubble-thats-too-big-to-fail/



 

 
 

3 responses to “#AxisOfEasy 187: Stop What You’re Doing: F5 Edition”

  1. Joy Bruce says:

    Brett Stephens in the New York Times – was just reading this the other day. I never know any of the quotes but this one lept out at me! … long time out of school – I remember having to look up the word “hubris”!

  2. Michael A says:

    …seems Skyglobal.com has been seized as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998


Ledger Nano X - The secure hardware wallet easyDNS