#AxisOfEasy 203: Another Supply Chain Attack Infects Thousands Of Businesses With Ransomware



Weekly Axis Of Easy #203

Last Week’s Quote was  “The problem with the world is that the intelligent people are full of doubts, while the stupid ones are full of confidence.”  I was thinking Charles Bukowski at the time, which makes the winner Rick Brummer.  However it was quickly made apparent to me that he was possibly riffing off of Bertrand Russell : “The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt” which Andrew McCann said first. And then there is the matter of the Y. B. Yeats poem The Second Coming, as per Chris Rogness: “The best lack all conviction, while the worst Are full of passionate intensity.”  Thanks to everyone for that, we’re awarding three prizes this week.

This Week’s Quote: “The main thing that I learned about conspiracy theory, is that conspiracy theorists believe in a conspiracy because that is more comforting. The truth is far more frightening – Nobody is in control. The world is rudderless.” … by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.

Maintenance window for 7th of July

On 07 July 2021 starting at 10PM EDT (2AM UTC), we will be conducting an upgrade of our backend systems which will affect access to the member portal and API. The maintenance has a 6-hour window for completion.

In this issue:

  • Canada’s new “Guiding Principles” for Internet are “Creepily Totalitarian”
  • Another SolarWinds type supply chain hack as Kaseya discloses breach
  • Microsoft researchers find Netgear router vulnerability
  • Microsoft exec admits company routinely ordered to share client data with feds
  • VPN used by ransomware attackers taken down by police
  • That Western Digital My Life data wipe was a new 0-day
  • QNAP Fixes Critical Vulnerability in NAS Devices
  • WEF Cyber Polygon Event is this week
  • SoundCloud bans then unbans Andy Ngo, Ngo quits Soundcloud
  • The missing Ivermectin story
  • Facebook asks: “Are you concerned your friends are turning into extremists?”
  • Everything that is not censored is a lie, and re-examining the energy argument against Bitcoin

Canada’s new “Guiding Principles” for Internet are “Creepily Totalitarian”

As former CRTC commissioner Tim Denton observes in his op-ed for the Financial Post (full, unabridged version posted to AxisOfEasy), the legislation that gives the CRTC regulatory powers over the internet may be held up in Senate. But that hasn’t stopped Heritage Minister Steven Guilbeault from proceeding on his vendetta to regulate internet content.

Most recently he has released a document of “Guiding Principles” which he wants tech platforms and ISPs to sign on to, and that obligates them to implement by December 22.

As Denton explains, this is an end-run because it isn’t legislation, it’s just a set of guidelines that would necessitate big tech buy-in, but would be an “evergreen” set of principles to steer internet content down pre-determined ideological pathways. Today that may be the Liberal government’s “woke credo” but in the future it really could be anything. The content is sub-ordinate to the framework.

Denton doesn’t go so far to say this, but I will: This being not legislation but coordination between government and Big Tech meets the literal definition of fascism: which is the merger of corporations with the state.

Read: https://axisofeasy.com/aoe/for-canada-day-2021-nTim Denton ew-guiding-principles-for-the-internet-all-of-it/

Another SolarWinds type supply chain hack as Kaseya discloses breach

If anybody remembers, we (the proverbial “we,” not easyDNS, we didn’t use Solar Winds and we don’t use this new one), had a pretty bad supply chain attack earlier in the year when Solar Winds was breached and malware introduced into their code base, which was then propagated out to countless clients during software updates.

Now Kaseya, which bills itself as “IT Management software for MSPs and teams” has disclosed a breach of their own. On Friday headed into a long weekend a blog post on the company’s website announced that their software had been infected with ransomware and pushed out to at least 40 clients.

It appears as though Kayesa’s VSA a “unified remote monitoring and endpoint management” suite which is both hosted and on-premise, was used to deploy the REvil variant of ransomware. The infections spread over the weekend with as many as 1,000 businesses being hit with REvil, the gang behind it now demanding $70 Million USD to decrypt all Kaseya infected installations.

A Wall Street Journal report puts the potential number of victim companies around 40,000.

Read: https://thehackernews.com/2021/07/kaseya-revil-ransomware-attack.html

Also: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021

And remember, if you’re tempted to blame Bitcoin for the scourge of ransomware attacks, I pointed out previously that ransomware is the result of crappy software and bad security, not Bitcoin.

See: https://bombthrower.com/articles/blame-crappy-software-and-bad-security-for-ransomware-not-bitcoin/

Microsoft researchers find Netgear router vulnerability

The Microsoft 365 Defender Research Team published a vulnerability they discovered in Netgear DGN 2200v1 series routers which can remotely take over a device and then be used as a jumping off point to penetrate the entire network behind it.

The vulnerability stems from an authentication bypass which gives attackers access to the devices administration functions. This can be used in conjunction with an encryption attack that could also decrypt the login credentials of the accounts on the device (the tokens were found to be encrypted using a hard coded constant string “NtgrBak”).

The discussion around how the researchers were able to decode the passwords by using strcmp() function character by character and then timing the delay on how long a comparison took is pretty far above my pay grade but sounds pretty genius.

At any rate, if you have this type of device, the firmware is vulnerable prior to version and was fixed by Netgear in December 2020, so if you’ve upgraded since then you’re probably ok. If not …what are you still doing here?

Read: https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

And: https://thehackernews.com/2021/06/microsoft-discloses-critical-bugs.html?m=1

Microsoft exec admits company routinely ordered to share client data with feds

In testimony before the House Judiciary Committee, Microsoft corporate VP for security and trust, Tom Burt disclosed that federal law enforcement agencies pepper the company with as many as 7 to 10 requests per day to turn over data and information on customers, which are routinely accompanied by gag orders barring the company from informing its customers.

This is not new. While the AP article frames this as a Trump-era affront on privacy, Microsoft has been saying pretty well the same thing and reporting roughly the same numbers in terms of numbers of requests they receive from US federal agencies for close to a decade. They’ve been in various on-again-off-again legal battles with the Department of Justice over this: in 2014 the company tried to fight a request to hand over data housed in its Irish data centre.

While AP and other democrat lawmakers are making noise about the former administration’s targeting of journalists’ communications, remember that Edward Snowden, the whistleblower who alerted the world that ubiquitous, illegal government surveillance exists is in exile in Russia. Meanwhile, journalist Julian Assange awaits extradition to the US on charges of egregious truth telling.

Read: https://apnews.com/article/government-and-politics-technology-business-ed50baf4ffb09ca50cda9b8a262c54ad

VPN used by ransomware attackers taken down by police

We’ve been asked numerous times over the years why we don’t launch an easyVPN service and this story is another example of why we don’t. The risk/reward just isn’t there. In yesteryear payment companies were terminating merchant accounts of VPN providers. The IP lobby is always breathing down your neck and now we have a story of a VPN provider being taken out because they had become the VPN provider of choice for certain ransomware and phishing gangs.

(Granted, they were specifically advertising their services in both Russian and English language cybercrime forums on the dark web, so…. Don’t do that ,then).

Last week DoubleVPN’s servers were seized by authorities in a coordinated operation involving Dutch National Police (Politie), Europol’s European Cybercrime Centre (EC3), Eurojust, the FBI, and the UK National Crime Agency. The company’s domain names were also seized and now display a takedown notice.

Interesting to note, the domain seizure seems to be implemented via the domain registrar, not by updating the name severs directly in the .com TLD zone (which is often how I see it).

Read: https://www.zdnet.com/article/this-vpn-service-used-by-ransomware-gangs-was-just-taken-down-by-police/

That Western Digital My Life data wipe was a new 0-day

Last week’s AoE was a “Drop what you’re doing” edition as reports emerged of Western Digital My Life storage device users finding their data being wiped clean. Western Digital initially ascribed the issue to a vulnerability from 2018, which we mentioned then as  CVE-2018-18472. The company says that these My Live storage drives had actually been “out of support” since 2015, so no fix was issued.

As it turns out, there was also another 0-day which only came to light in the face of this latest attack. It involved making an undocumented call to system_factory_restore in the devices firmware, which, as it turns out… had the lines of code that check if the requestor triggering a factory reset and wipe of the data was authorized to do so, commented out. Whoops.

Read: https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/

QNAP Fixes Critical Vulnerability in NAS Devices

Taiwan based QNAP moved fairly quickly to address a critical vulnerability in their network backup devices.  CVE-2021-28809 was discovered by TXOne IoT/ICS Security Research Labs’ Ta-Lun Yen and allows remote attackers to bypass device security and take over administrative access of the machine.

Users should make sure they are at or above the following versions:

  • QTS 4.3.6: HBS 3 v3.0.210507 and later
  • QTS 4.3.4: HBS 3 v3.0.210506 and later
  • QTS 4.3.3: HBS 3 v3.0.210506 and later

Read: https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-in-nas-backup-disaster-recovery-app/

WEF Cyber Polygon Event is this week

Normally we’d be hesitant about running this story. Without the conspiracy element, it’s not a story. The conspiracy element makes it fringe. At the end of the day I felt that the job of AoE is to keep you appraised of the total spectrum of cyber enabled threats and for that reason, this is in the ballpark.

We’ve been making oblique references throughout previous issues to this year’s Cyber Polygon event which is happening on Thursday, July 9th. Cyber Polygon is an annual table top event conducted between various public-private entities to model various cyberwarfare or cyber calamity scenarios.

The theme of this year’s event is “cyber pandemic” and posits a supply chain collapse arising from a cyber attack or virus.

WEF head Klaus Schwab (the same man who says, in his book “The Great Reset” that the COVID-19 pandemic, albeit not that lethal, poses an “opportunity” to implement a “Great Reset”) said that it is:

““Important to use the COVID-19 crisis as a timely opportunity to reflect on the lessons of cybersecurity community to draw and improve our unpreparedness for a potential cyber pandemic.””

The conspiracy theory crew has been all over this for about year, and given what’s transpired since all this began, it’s now ok to use the C-word in polite company. A Derrick Broze article from last week: “Why Are Conspiracy Theorists Worried About An Impending Power Grid Failure?” looks at it from a high level (he talks it through in this interview here, while referencing earlier work by the likes of Whitney Webb.

Here’s why the conspiracy nuts are afraid: They look at things like “Event 201” which was another table-top exercise (by invitation only) organized by the WEF and the Bill and Melinda Gates Foundation that took place in October 2019.

Its purpose was to (stop me if you’ve heard this one before):

“Simulate an outbreak of a novel zoonotic coronavirus transmitted from bats to pigs to people that eventually becomes efficiently transmissible from person to person, leading to a severe pandemic. “

The tin-foil hat crew looks at stuff like that and thinks:  “Whoa. What are the odds?”

This tradition goes all the way back to 9/11, when it’s since been documented how several exercises were in progress that very say, some of which simulated flying planes into buildings. Of course, 9/11 was a freakishy bang-on culmination of the type of catalyst pined for by the authors of the Project for a New American Century (PNAC) report “Rebuilding America’s Defences” in September 2000, who then came to inhabit senior positions within a new Bush presidency by the time Sept 11th, 2001 came along….

(“Further, the process of transformation, even if it brings revolutionary change, is likely to be a long one, absent some catastrophic and catalyzing event – like a new Pearl Harbor.”)

PNAC’s membership included Elliot Abrams, Jeb Bush, Scooter Libby, Elliot Abram, William Kristol, John Bolton … and Dick Cheney, among others.

Probably nothing, right?

In any case, I have been telling people on my Bombthrower list (where I let things hang out a tad more than here) that it’s never a bad time to take stock of one’s disaster preparedness. Rotate foodstuffs in the pantry. Check medications. Load up on ammo. Etc.

Read: https://www.thelastamericanvagabond.com/why-are-conspiracy-theorists-worried-about-an-impending-power-grid-failure/

And: https://www.weforum.org/projects/cyber-polygon

And: https://cyberpolygon.com/

SoundCloud bans then unbans Andy Ngo, Ngo quits Soundcloud

Also in last week’s edition we mentioned how Mumford and Son’s co-founder and banjoist ended up leaving the band after a tweet supportive of AntiFa gadfly Andy Ngo caused a backlash.

In a separate incident, SoundCloud permanently suspended Andy Ngo’s podcast “Things You Should Ngo” from the platform ‘”on the grounds of being dedicated to violating” the site’s rules.

Days later, SoundCloud reversed its decision, and issued an apology saying:

“We have conducted additional reviews of the account and found that our initial conclusions are not an accurate reflection of the hosted content. Although there is content dealing with sensitive topics available on the account, there is nothing that could be considered to have a clear intention to criticize, or demean any individual or group of individuals on the basis of their belonging to a protected group.”

“We have therefore fully restored the account and it is available again for immediate use. Reviewing reported content is not an automated process, so this takes time and unfortunately mistakes can happen.”

The interesting ’tell’ in this statement is that removing reported content is not automated. So somebody inside SoundCloud had to have fielded the complaints (undoubtedly from far left Antifa agitators) and went along with it.

Andy Ngo, for his part, has told SoundCloud to go fsck themselves, and he’s moving his podcast to another platform (ideally self-hosted). This follows a hopefully increasing pattern where the victims of unwarranted deplatform attacks simply yank their material from these systems.

As I tweeted about the incident at the time, these platforms need to learn that they’re the plumbing, not the patricians.

Read: https://thepostmillennial.com/breaking-soundcloud-reverses-ban-of-andy-ngos-podcast-ngo-cancels-subscription/

The missing Ivermectin story 

Last week we had an item in the table of contents “The new face of right wing extremism: asking about Ivermectin” and then we didn’t have a story for it. My bad, I kind of ran out of gas writing last week’s edition and meant to take it out. Also, you get a glimpse behind the curtain, sometimes when I outline each week’s issue I get a tad more hyperbolic than what actually goes out. If I had kept it in I would have toned that down. A bit. Maybe.

Anyhoo. The story was just that Yasha Levine, author of “Do No Evil” which I thought was a pretty good book about Google, disappointed me by putting out a story that Ivermectin was a “reactionary right wing” thing now.

Read: https://yasha.substack.com/p/the-cynical-ivermectin-culture-war

And Matt Taibbi did a follow up piece on “how can a medication be right wing?”

Read: https://taibbi.substack.com/p/ivermectin-can-a-drug-be-right-wing

And I was probably also going to link in a piece I did over on Bombthrower about our lying bullshit cancerous corporate media called “Anything That is not Censored, is a Lie.”

Since we are talking about forbidden Coronavirus topics and COVID-Tyranny in general, a couple of additional stories:

In Spain the national government has introduced a bill that enables them to seize private property and pretty well do anything they want “in the event of a health emergency”. Temporarily of course, just bear in mind that income tax and the suspension of gold convertibility are also “temporary” government measures. (Original in Spanish here– I used Chrome translation, and covered via ZH)

In France vaccinations will be mandatory for healthcare workers and certain members within the French Senate have reportedly expressed a desire to make them mandatory for all adults between 24 and 59.

Facebook asks: “Are you concerned your friends are turning into extremists?”

Last week I started to get reports via Facebook that people were getting system level popups in their timelines. Some were warning users “you may have been exposed to extremist content” and others were asking them if “they were worried that somebody they know was turning into an extremist.” If you’ve been getting any of these after reading AxisOfEasy, we apologize.

Read: https://www.cnet.com/news/facebook-prompt-asks-if-you-worry-friends-are-becoming-extremists/

Absent from this initiative are messages asking if anybody is concerned that social media platforms are turning into authoritarian technocratic panopticons.

Everything that is not censored is a lie, and re-examining the energy argument against Bitcoin

As I mentioned earlier, I’ve become more than a little frustrated with the journalistic negligence practiced by the vast majority of the corporate media and I’m not alone. This explains why independent, non-standard channels and reporters are experiencing a huge boom in popularity while so-called “mainstream” venues like CNN, MSNBC and even FOX are in secular decline.

Read: https://bombthrower.com/articles/late-stage-globalism-when-anything-that-is-not-censored-is-a-lie/

I also wrote up a piece about the emerging narrative that Bitcoin mining contributes to global warming because of the energy footprint involved in mining. In another item I came across, the newly formed Bitcoin Mining Council released its first report on the state of the industry and put the amount of renewable energy used by the industry at 56%. It’s a first report and they’re still refining the reporting methodology, but it certainly looks like Bitcoin as an industry is pretty well ahead of everybody else in terms of sustainability and renewable energy. But you would never know that if you just stuck to corporate news outlets (I tend to agree with BMC’s assessment because from my work following crypto companies I can tell you that pretty well every single publicly traded Bitcoin mining company in North America is either already at, or rapidly approaching 100% green energy).

Read: https://bitcoinmagazine.com/business/michael-saylor-bitcoin-council

And my piece on it looks at the worrisome implications of even tacitly accepting that Bitcoin’s energy usage is fair game for regulatory sanctions:

Read: https://bombthrower.com/articles/the-bitcoin-energy-debate-is-one-of-freedom-vs-servitude/

Also, last week I was back on James Schramko’s SuperFastBusiness podcast to continue our talks about defending your online presence from deplatform attacks. 


5 thoughts on “#AxisOfEasy 203: Another Supply Chain Attack Infects Thousands Of Businesses With Ransomware

  1. Team EasyDNS will, on Thursday if nothing unusual happens, pass team CANADA and drop into 190th place in the Folding@Home all-time rankings. EasyDNS ranks 86th in points per day, which is pretty respectable considering the number of large-scale miners out there who are donating cycles to folding. And everyone, EasyDNS included, appears to be generating a little less work product (maybe -10%?) the past 10 days, as though there’s some kind of systemic slowdown. I know there were a couple of days when GPU folders couldn’t get work units.

  2. This Week’s Quote: “The main thing that I learned about conspiracy theory, is that conspiracy theorists believe in a conspiracy because that is more comforting. The truth is far more frightening – Nobody is in control. The world is rudderless.” … by???

    Disagree – this is most comforting. Imagine a group of humans running the Amazon Forest or Earths weather system.

    No thanks – give me distributed intelligence that cannot be located anywhere beyond the reach of human intellect (that gave rise to human intellect!)

Leave a Reply

Your email address will not be published. Required fields are marked *