More stories

  • in

    Assange's request to appeal US extradition denied by UK Supreme Court

    Image: Getty Images
    The UK Supreme Court has refused to hear WikiLeaks founder Julian Assange’s appeal against his extradition to the US. The request for an appeal was denied as Assange’s application did not raise “an arguable point of law”, according to a court spokesperson. The 50-year-old Wikileaks founder has been wanted in the US since the early 2010s for his role in publishing thousands of classified documents on the WikiLeaks website. Assange faces an 18-count indictment from the US government that accuses him of conspiring with former US Army intelligence analyst Chelsea Manning to hack into US military databases to acquire sensitive secret information and publishing the unredacted names of sources in Iraq and Afghanistan that provided information to the US. According to the indictment, Assange’s actions risked serious harm to US national security and put those sources at a grave and imminent risk of serious physical harm. The UK High Court approved the extradition to the US at the end of last year. That decision overruled an earlier ruling made at the start of 2021 at a UK district court, which denied the US request based on the court’s perception that it posed too great a risk to Assange’s wellbeing. UK Home Secretary Priti Patel is now expected to make a final decision on whether the extradition will go ahead, WikiLeaks said. If Patel approves the extradition, Assange will be able to issue one last challenge against the extradition as no appeal to the High Court has been filed as yet. Assange is currently held in UK prison as he fights the extradition case. Prior to this, he sought asylum at Ecuador’s embassy in London for almost 10 years until he was arrested in 2019, when his asylum was withdrawn. Related Coverage More

  • in

    Best YubiKey 2022: Top security keys compared

    Whenever I’m asked for things that are a must-have, a YubiKey is on the top of my list no matter what platform or operating system people are using — Windows, Mac, or Linux, Android or iOS. It doesn’t matter. Everyone needs a YubiKey. A hardware authentication device made by Yubico, it’s used to secure access to online accounts, computers, and networks. The

    YubiKey 5 Series

    look like small USB flash drives and come in a range of different connectors — USB-A, USB-C, and USB-C and Lightning combo. There are versions that also include support for NFC. It offers two-factor authentication (also known as multi-factor authentication or two-step verification) for hundreds of online services, from Facebook, Google, and Twitter, to more specific services such as Coinbase, Salesforce, and Login.gov. Your YubiKey can also be used to secure password storage services such as

    Bitwarden

    ,

    Password Safe

    , and

    LastPass

    . The YubiKey 5 Series keys support a broad range of protocols, such as FIDO2/WebAuthn, U2F, Smart card, OpenPGP, and OTP. Having a YubiKey removes the need, in many cases, to use SMS for two-factor authentication — a method that has been shown to be insecure. If your online accounts are keeping something that you can’t afford to lose, a Yubikey makes perfect sense. I’ve been using YubiKeys for years now, and they have been flawless and foolproof. While one YubiKey is enough to get started with, I have several. Not only does this give me a backup in case I lose one (I haven’t yet!), but if I pick a couple with different connectors (say the USB-C/Lightning and a USB-A with NFC), this gives me the flexibility to log into accounts across a range of devices.

    USB-A and NFC support

    This YubiKey features a USB-A connector and NFC compatibility. Like all YubiKeys, this one is water and crush resistant.USB type: USB-AFeatures: WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), Open PGP, Secure Static PasswordCertification: FIDO 2 Certified, FIDO Universal 2nd Factor (U2F) CertifiedPassword manager support: 1Password, Keeper, LastPass Premium, Bitwarden PremiumPros:USB-A and NFC offers broad supportLow costCons:No USB-C support

    USB-C and NFC support

    This YubiKey features a USB-C connector and NFC compatibility.USB type: USB-CFeatures: WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), Open PGP, Secure Static PasswordCertification: FIDO 2 Certified, FIDO Universal 2nd Factor (U2F) CertifiedPassword manager support: 1Password, Keeper, LastPass Premium, Bitwarden PremiumPros:USB-C and NFC offers broad supportLow costCons:No USB-A support

    USB-C and Lightning support

    This YubiKey features a USB-C connector and a Lightning connector for the iPhone.USB type: USB-C and LightningFeatures: WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), Open PGP, Secure Static PasswordCertification: FIDO 2 Certified, FIDO Universal 2nd Factor (U2F) CertifiedPassword manager support: 1Password, Keeper, LastPass Premium, Bitwarden PremiumPros:USB-C and Lightning offers broad supportCons:No USB-A support

    USB-A and NFC support and FIDO certified

    A cheaper version of the YubiKey, this one is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. Use this to secure your login and protect your Gmail, Dropbox, Outlook, Dashlane, 1Password, accounts, and more.Note that this YubiKey is not compatible with LastPass, which requires a YubiKey 5. Always check for compatibility with the services you want to use before buying.USB type: USB-AFeatures: WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F)Certification: FIDO 2 Certified, FIDO Universal 2nd Factor (U2F) CertifiedPassword manager support: 1Password, Keeper, Bitwarden PremiumPros:USB-A and NFC offers broad supportVery low costCons:No USB-C support

    What is a YubiKey?

    A YubiKey is the ultimate line of defense against having your online accounts taken over. And with prices starting at $25, it’s one of those indispensable gadgets for the 21st century.

    What’s the main difference between the YubiKey 5 series and the YubiKey FIDO?

    The YubiKey FIDO key supports far fewer protocols and services, and is more aimed at the home users, hence the low price.

    What if I lose my key?

    Most services to allow you to set up a recovery mechanism in case you lose your security key, but it is highly recommended that you have a minimum of two keys, authenticate all these keys you have with all the services you use. That way you have a backup key in case your main key is lost, stolen, or damaged.

    Do YubiKeys have a battery or need recharging?

    No, they draw their power from the USB port and there’s no battery to charge or replace.

    How robust are YubiKeys?

    Very. They are crushproof, waterproof, and impact resistant. I’ve carried YubiKeys on my keyring for years and not had a problem. That said, they’re no indestructible, so don’t go deliberately abusing them. More

  • in

    Hit by ransomware or paid a ransom? Now some companies will have to tell the government

    Owners and operators of US critical infrastructure will now in some cases be legally required to report cyberattacks and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA).  The bipartisan provision was passed by the US Senate as part of the $1.5 trillion FY 2022 funding bill with language matching the related Strengthening American Cybersecurity Act, which unanimously passed Senate earlier this month and requires critical infrastructure operators and owners to report substantial cyberattacks, like ransomware, to CISA within 72 hours and within 24 hours of making a ransomware payment.It aims to give the US government, through CISA, greater visibility into the current threat landscape facing US private and public sector organizations. CISA was granted $2.6 billion under the funding bill, or $568 million more than last year to bolster the security of American networks.   The authors of the bill and funding provision, senators Rob Portman (R-OH) and Gary Peters (D-MI), said it was urgently need to counter potential cyberattacks sponsored by the Russian government in retaliation for U.S. support in Ukraine. “This provision will create the first holistic requirement for critical infrastructure operators to report cyber incidents so the federal government can warn others of the threat, prepare for widespread impacts, and help get our nation’s most essential systems back online so they can continue providing invaluable services to the American people,” said Senator Peters. “Our provision will also ensure that CISA – our lead cybersecurity agency – has the tools and resources needed to help reduce the impact that these online breaches can have on critical infrastructure operations.” CISA can also subpoena operators that fail to report incidents or ransomware payments. Failing to comply with the subpoena can be referred to the Justice Department and could result in a ban on contracting with the federal government.  Reporting ransomware payments within 24 hours to CISA is required for nonprofits, businesses with more than 50 employees, and state and local governments. The bill was introduced in September in the wake of Colonial Pipeline’s week-long outage after suffering a major ransomware attack and a similar attack on meat processor JBS. Colonial paid around $4 million in cryptocurrency to the attackers.  The provision requires that CISA launch a program to warn organizations of vulnerabilities that ransomware actors exploit. It directs the CISA director, Jen Easterly, to establish a joint ransomware task force to coordinate federal efforts, in consultation with industry, to prevent and disrupt ransomware attacks.The FBI has campaigned against mandatory reporting to CISA, Associated Press reports. “We want one call to be a call to us all,” FBI Director Christopher Wray said last week. “What’s needed is not a whole bunch of different reporting but real-time access by all the people who need to have it to the same report.” He also raised concerns about liability coverage that organizations have when reporting to CISA but not the FBI. CISA’s Easterly said the cyber incident reporting legislation and funding provision was a “game changer”. “CISA will use these reports from our private sector partners to build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure,” said Easterly. “This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.” More

  • in

    Leaks reveal the surprisingly mundane reality of working for a ransomware gang

    A choice of office-based, hybrid or remote work, a human resources team with a strict hiring process, performance reviews, career progression and bonuses – it all sounds like the standard set up at any software development team. But these aren’t the working conditions at a software company, but instead at Conti, a major ransomware group responsible for a string of high-profile incidents around the world, including cyber attacks which have disrupted businesses, hospitals, government agencies and more. Last month, Conti, which many cybersecurity experts believes operate out of Russia, came out in support of the Russian invasion of Ukraine. This annoyed someone who then leaked months of Conti’s internal chat logs, providing inside information on the day-to-day operations of one of the most prolific ransomware operations on the planet. And while Conti’s actions – hacking into networks, encrypting files and demanding ransom payments of millions for a decryption key – could have a dramatic impact on the organisations that fall victim, the leaks paint a relatively mundane picture of an organisation with coders, testers, system admistrations, HR personnel and other staff. The researchers were able to identify a range of different job roles across the organisation from the HR team responsible for making new hires, to the malware coders, testers, ‘crypters’ who work on code obfuscation, sysadmins who build the attack infrastructure as well as the gang’s offensive team who aim to turn a breach into a full capture of the targeted network – and the negotiation staff who try to make a deal with the victims.Many of those involved in Conti will become involved via advertisements on dark web underground forums, but some are approached using more traditional means, like Russian recruitment websites, head-hunting services and word of mouth. Like any other hiring process, the applicants will be interviewed in order to ensure they have the right skills and would be a good fit for the group. According to analysis of the leaks by cybersecurity researchers at Check Point, some people recruited by Conti aren’t even aware they’re working for an illegal operation, at least initially – the leaks suggest that some of those brought in for interviews are told they’re helping to develop software for penetration testers. One leaked chat reveals how one member of the Conti staff, who unlike almost every other member of the group mentions their real name, was confused about what the software they were working on actually did, and why the people he worked with tried to protect their identities so much.  SEE: Cybersecurity: Let’s get tactical (ZDNet special report)In this case, his manager tells the employee he’s helping to build the backend for analytics software. And this wasn’t a one off, there are many members of the Conti gang who seemingly don’t grasp how they’re involved in cyber crime. “There are dozens of employees that were hired via legitimate job processes and not via underground forums. It is tough to tell how many of them don’t understand at all what they are doing, but many of them for sure don’t understand the real scope of the operation and what exactly their employer is doing,” Sergey Shykevich, threat intelligence group manager at Check Point Software told ZDNet. Sometimes these initially-unwitting accomplices to cyber crime later discovered what they were helping to build. In these cases, the managers attempt to reassured their employees with the offer of a pay rise – many opted to stay, the lucrative nature of the work being more appealing than quitting to find another job.While many of the roles are purely online, Conti’s chat logs reveal that it isn’t unusual for members of the group to work from communal offices and workspaces in Russian cities. Once again, the chat logs reveal some of the day-to-day events and incidents that the employees face – for example, someone sent messages asking their colleagues to let them in because a door was jammed from the outside.The leaks have provided cybersecurity researchers with valuable insight into how one of the world’s most notorious ransomware operations works, as well as the tools and techniques it uses to extort ransoms out of victims. But despite the embarrassment for a ransomware operation of having so much internal data leaked – especially given how a key tactic of Conti is to threaten to publish stolen data if their victims don’t pay the ransom – it’s unlikely to be the end of the group, which is still publishing information on new victims. SEE: A winning strategy for cybersecurity (ZDNet special report)Some employees may leave, but even for those who unwittingly signed up to cyber crime, the lure of reliable income could still be enough to encourage them to stay – especially as sanctions against Russia could potentially restrict their employment opportunities. “I don’t see any scenario that they will stop with the cyber crime activity completely,” said Shykevich  “The availability of potential positions in the legitimate tech sector in Russia for developers and pen testers have become much lower, so I think even the unwitting employees that now understand what they are doing, will move to cyber crime, as it will be difficult for them to find a legit job,” he added. Ransomware remains a major cybersecurity threat which can cause a huge amount of disruption to organisations of all kinds. The best way to defend against ransomware is to ensure that the network is as protected from cyber attacks as possible, with appropriate levels of security, including the use of multi-factor authentication across the network. It’s also vital for organisations to apply security updates and patches for known software vulnerabilities as soon as possible, as these, along with weak usernames and passwords, are some of the key entry points exploited to help launch ransomware attacks.MORE ON CYBERSECURITY More

  • in

    Automotive giant Denso confirms hack, Pandora ransomware group takes credit

    Denso has confirmed a cyberattack impacting the firm’s German operations. 

    The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.” Clients include Toyota, Honda, General Motors, and Ford. Consolidated revenue in the 2020-2021 fiscal year was reported as $44.6 billion. On March 14, Denso said that four days prior, a third party had “illegally accessed” the firm’s network. When the intrusion was detected, the automotive giant cut off the connection.  While the incident is under investigation, Denso says that there is “no impact” on other facilities and no disruption has been caused to production plants or manufacturing schedules.  Local authorities have been informed and the company has pulled in cyberforensic experts to assist.  “Denso would like to express its sincerest apologies for any concern or inconvenience resulting from this incident,” Denso said. “Denso Group will once again strengthen security measures and work to prevent a recurrence.” It appears that the Pandora ransomware group has claimed responsibility. The group’s leak site, accessed by ZDNet via Kela’s Darkbeast engine, claims that 1.4TB of data has been stolen.  Leak sites are used to pile on the pressure for victims to pay up after a ransomware attack. Cybercriminals infiltrate a corporate network, steal data, and then encrypt a system — and if demanding payment for decryption does not work, they may then threaten to leak stolen information online.  In this case, the leak site appears to show samples of the stolen datasets, including a purchase order, a technical component document, and a sales file. (ZDNet has redacted information contained in the document.)
    ZDNet
    ZDNet has reached out to Denso with additional queries and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Ukraine reportedly adopts Clearview AI to track Russian invaders

    Ukraine is reportedly using Clearview AI technologies to track “people of interest” during the Russian invasion.  

    Ukraine Crisis

    On March 13, Reuters reported that the Ministry of Defence of Ukraine had adopted the firm’s facial recognition engine. Clearview CEO Hoan Ton-That offered the US company’s assistance to Kyiv, and according to the news outlet, the AI tech is being used to “potentially vet people of interest at checkpoints, among other uses,” for free. The startup has not offered the same to Russia, of which President Putin calls the war a “special military operation.” Clearview offers facial recognition technologies to law enforcement for criminal investigations. The US Patent and Trademark Office (USPTO) awarded the company a patent in January for using publicly-available data — including mugshots, social media profiles, and news sites — to match “similar photos using its proprietary facial recognition algorithm.” See also: Ethics of AI: Benefits and risks of artificial intelligenceOver two billion photos have been grabbed from VKontakte, a Russian social network, but over 10 billion are reportedly available for use.  As well as flagging Russian individuals of interest to authorities, it is possible that the Clearview AI search engine could be used to identify misinformation and propaganda online, to identify refugees and family connections, or potentially as a means to try and identify fatalities.  However, no AI algorithm is perfect, and either uncontrolled use or abuse could also result in misidentification or false arrests.  Reuters reports that other Ukrainian government departments will deploy Clearview technologies in the near future. Training is being provided in the use of the technology.According to Ukraine’s economic ministry, the invasion has caused at least $120 billion in damages to the country’s infrastructure.  See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Ubisoft reveals 'security incident' forcing company-wide password refresh

    Ubisoft has confirmed a recent “cybersecurity incident” but insists it has not led to user data theft or exposure. The gaming giant, headquartered in Montreuil, France, said on March 10 that the incident took place earlier this month, causing “temporary disruption to some of our games, systems, and services.”

    Ubisoft’s IT team is currently working with cybersecurity experts to investigate the situation and, as of now, has decided to initiate a company-wide password reset. However, no further security measures or changes have been made public.   Furthermore, the company says that games and services are now working properly, and there is no evidence, at present, of “any player personal information [being] accessed or exposed as a by-product of this incident.” As reported by The Verge, the LAPSUS$ ransomware gang may be responsible and has reportedly taken credit.  LAPSUS$ previously claimed responsibility for February’s Nvidia hack, in which the group claimed to have stolen approximately 1TB in data. Hashed Nvidia employee credentials were leaked.  “We are aware that the threat actor took employee passwords and some Nvidia proprietary information from our systems and has begun leaking it online,” the vendor responded at the time the incident was made public. “Our team is working to analyze that information. All employees have been required to change their passwords.” According to a Telegram group chat allegedly operated by LAPSUS$, there has been a “delay” in further Nvidia releases due to “one of our members begging Nvidia for stupid amounts of money.” (The post has since been deleted).  In December 2021, Ubisoft said a cyberattack had been launched against the infrastructure supporting the game Just Dance. This incident was caused by a “misconfiguration” that has since been resolved.  ZDNet reached out to Nvidia, which referred us back to the firm’s past statement on the cybersecurity incident.  See alsoHave a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Meta reiterates politician claims will not be fact-checked for Australian federal election

    Image: Getty Images
    Meta, formerly Facebook, has reiterated fact-checking of politician claims will not be part of its measures for preventing the spread of misinformation in this year’s Australian federal election. “The speech of politicians are already very highly scrutinised,” Meta Australia policy head Josh Machin told reporters at a press briefing “It’s scrutinised by [journalists], but also by academics, experts, and their political opponents who are pretty well-positioned to push back or indicate they don’t believe something’s right if they think they’re being mischaracterised.” Misinformation that is political in nature and comes from people who are not politicians will be eligible to be fact-checked, however. In clarifying Meta’s stance about fact-checking politicians, the company said its election integrity measures for Australia’s upcoming federal election are its “most comprehensive” yet. “This is by far the most comprehensive package of election integrity measures we have ever had in Australia,” Machin said. The Australia Electoral Commission (AEC) last month said it received assurances from large social media platforms that they would allocate more resources for monitoring election disinformation and misinformation for the upcoming Australian federal election. As part of these measures, Meta has expanded its third-party fact-checking program in Australia to include RMIT FactLab, which joins Agence France Presse and Australian Associated Press (AAP) to review and rate content on the company’s platforms. The company has also provided one-off grants to these fact-checking organisations for the intent of bolstering misinformation-detection capabilities during the Australian federal election, but the organisations are not required to use those funds for that purpose. RMIT FactLab’s services are already being used by Australian media organisations, such as the ABC, but Machin clarified that the services used by Meta are separate from those. The tech giant is also working with the AAP to re-run the “Check the Facts” media literacy campaign in three additional languages — Vietnamese, Simplified Chinese, and Arabic — as part of efforts to help people recognise and avoid misinformation. The campaign was expanded to these languages due to them being the three largest non-English speaking communities in Australia, Meta said. Meta has also partnered with the online transparency organisation First Draft, which will publish related analysis and reporting on their website about online trends to help creators and influencers track what online misinformation might look like during the election campaign. These measures are in addition to Meta’s LiveDisplay tool, Ad Library that launched last year, and its updated political ad policies, which require advertisers to go through an authorisation process using government-issued photo ID to confirm they are located in Australia. All of these ads are also required to have a publicly visible disclaimer indicating who has paid for the ads. Meta’s announcement of its election integrity measures come in the face of heavy scrutiny by the federal government, which is looking to enact various new laws that aim to make tech giants more accountable for the content that exists on their platforms. Australian parliamentarians are also undertaking a probe to scrutinise major technology companies and the “toxic material” that resides on their online platforms. As part of the social media probe, Liberal MP Lucy Wicks last week criticised digital platforms for touting “very strong community standards policies” despite various instances of users not being protected by those standards. “My concern is that I see very strong community standard policies, or hateful content policies or ‘insert name of keep the community safe’ policies from various platforms. I almost can’t fault them but I find a very big gap with the application of them,” she told Meta during a social media and online safety parliamentary committee hearing. Wicks’ comments were made in light of 15 female Australian politicians, including herself, being the targets of abusive online comments that were only taken down following law enforcement intervention. Related Coverage More