Ordinary Chaos

Tag: China

  • Chinese Hackers Target Trump Campaign via Verizon Breach

    Chinese Hackers Target Trump Campaign via Verizon Breach

    [ad_1]

    The Chinese spy operation adds to the growing sense of a melee of foreign digital interference in the election, which has already included Iranian hackers’ attempt to hack and leak emails from the Trump campaign—with limited success—and Russia-linked disinformation efforts across social media.

    Ahead of the full launch next week of Apple’s AI platform, Apple Intelligence, the company debuted tools this week for security researchers to evaluate its cloud infrastructure known as Private Cloud Compute. Apple has gone to great lengths to engineer a secure and private AI cloud platform, and this week’s release includes extensive detailed technical documentation of its security features as well as a research environment that is already available in the macOS Sequoia 15.1 beta release. The testing features allow researchers (or anyone) to download and evaluate the actual version of PCC software that Apple is running in the cloud at a given time. The company tells WIRED that the only modifications to the software relate to optimizing it to run in the virtual machine for the research environment. Apple also released the PCC source code and said that as part of its bug bounty program, vulnerabilities that researchers discover in PCC will be eligible for a maximum bounty payout of up to $1 million.

    Over the summer, Politico, The New York Times, and The Washington Post each revealed that they’d been approached by a source offering hacked Trump campaign emails—a source whom the US Justice Department says was working on behalf of the Iranian government. The news outlets all refused to publish or report on those stolen materials. Now it appears that Iran’s hackers did eventually find outlets outside the mainstream media that were willing to release those emails. American Muckrakers, a PAC run by a Democratic operative, did publish the documents after soliciting them in a public post on X, writing, “Send it to us and we’ll get it out.”

    American Muckrakers then published internal Trump campaign communications about North Carolina Republican gubernatorial candidate Mark Robinson and Florida Republican representative Anna Paulina Luna, as well as material that seemed to suggest a financial arrangement between Donald Trump and Robert F. Kennedy Jr., the third-party candidate who dropped out of the race and endorsed Trump. Independent journalist Ken Klippenstein also received and published some of the hacked material, including a research profile on Trump running mate and US senator JD Vance that the campaign assembled when assessing him for the role. Klippenstein subsequently received a visit from the FBI, he’s said, warning him that the documents were shared as part of a foreign influence campaign. Klippenstein has defended his position, arguing that the media should not serve as “gatekeeper of what the public should know.”

    As Russia has both waged war and cyberwar against Ukraine, it’s also carried out a vast campaign of hacking against another neighbor to the west with whom it’s long had a fraught relationship: Georgia. Bloomberg this week revealed ahead of the Georgian election how Russia systematically penetrated the smaller country’s infrastructure and government in a yearslong series of digital intrusion operations. From 2017 to 2020, for instance, Russia’s military intelligence agency, the GRU, hacked Georgia’s Central Election Commission (just as it did in Ukraine in 2014), multiple media organizations, and IT systems at the country’s national railway company—all in addition to the attack on Georgian TV stations that the NSA pinned on the GRU’s Sandworm unit in 2020. Meanwhile, hackers known as Turla, working for the Kremlin’s KGB successor, the FSB, broke into Georgia’s Foreign Ministry and stole gigabytes of officials’ emails over months. According to Bloomberg, Russia’s hacking efforts weren’t limited to espionage but also appeared to include preparing for disruption of Georgian infrastructure like the electric grid and oil companies in the event of an escalating conflict.

    For years, cybersecurity professionals have argued about what constitutes a cyberattack. An intrusion designed to destroy data, cause disruption, or sabotage infrastructure? Yes, that’s a cyberattack. A hacker breach to steal data? No. A hack-and-leak operation or an espionage mission with a disruptive clean-up phase? Probably not, but there’s room for debate. The Jerusalem Post this week, however, achieved perhaps the clearest-cut example of calling something a cyberattack—in a headline no less—that is very clearly not: disinformation on social media. The so-called “Hezbollah cyberattack” that the news outlet reported was a collection of photos of Israeli hospitals posted by “hackers” identifying as Hezbollah supporters that suggested weapons and cash were stored underneath them and that they should be attacked. The posts seemingly came in response to the Israeli Defense Forces’ repeating similar claims about hospitals in Gaza that the IDF has bombed, as well as another more recently in Lebanon’s capital city of Beirut.

    “These are NOT CYBERATTACKS,” security researcher Lukasz Olejnik, the author of the books The Philosophy of Cybersecurity and Propaganda, wrote next to a screenshot of the Jerusalem Post headline on X. “Posting images to social media is not hacking. Such a bad take.”

    [ad_2]

    Source link

  • Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions

    Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions

    [ad_1]

    As November 5 draws closer, the Microsoft Threat Analysis Center (MTAC) warned on Wednesday that malicious foreign influence operations launched by Russia, China, and Iran against the US presidential election are continuing to evolve and should not be ignored even though they have come to feel inevitable. In the group’s fifth report, researchers emphasize the range of ongoing activities as well as the inevitability that attackers will work to stoke doubts about the integrity of the election in its aftermath.

    In spite of escalating conflict in the Middle East, Microsoft says that Iran has been able to keep up its operations targeting the US election, particularly targeting the Trump campaign and attempting to foment anti-Israel sentiment. Russian actors, meanwhile, have been focused on targeting the Harris campaign with character attacks and AI-generated content, including deepfakes. And China has shifted its focus in recent weeks, researchers say, to target down-ballot Republican candidates as well as sitting members of Congress who promote policies adversarial to China or in conflict with its interests.

    Crucially, MTAC says it is all but certain that these actors will attempt to stoke division and mistrust in vote security on Election Day and in its immediate aftermath.

    “As MTAC observed during the 2020 presidential cycle, foreign adversaries will amplify claims of election rigging, voter fraud, or other election integrity issues to sow chaos among the US electorate and undermine international confidence in US political stability,” the researchers wrote in their report.

    As the 2024 campaign season enters its final phase, the researchers say that they expect to see AI-generated media continuing to show up in new campaigns, particularly because content can spread so rapidly in the charged period immediately around Election Day. The report also notes that Microsoft has detected Iranian actors probing election-related websites and media outlets, “suggesting preparations for more direct influence operations as Election Day nears.”

    Chinese actors focusing on US congressional races and other figures also indicates a fluency and far-reaching approach to deploying influence operations. China-backed groups have recently launched campaigns against US representative Barry Moore, and US senators Marsha Blackburn and Marco Rubio (who is not currently up for reelection), pushing corruption allegations and promoting opposing candidates.

    MTAC says that many influence campaigns from all of the actors fail to gain traction. But the efforts are still significant, because the narratives that do break through can have significant impact, and the activity in general contributes to the volume and intensity of false and misleading claims circulating in the information landscape surrounding the election.

    “History has shown that the ability of foreign actors to rapidly distribute deceptive content can significantly impact public perception and electoral outcomes,” MTAC general manager Clint Watts wrote in a blog post on Wednesday. “With a particular focus on the 48 hours before and after Election Day, voters, government institutions, candidates and parties must remain vigilant to deceptive and suspicious activity online.”

    [ad_2]

    Source link

  • Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

    Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

    [ad_1]

    One of the biggest digital supply chain attacks of the year was launched by a little-known company that redirected large numbers of internet users to a network of copycat gambling sites, according to security researchers. 

    Earlier this year, a company called FUNNULL purchased Polyfill.io, a domain hosting an open source JavaScript library that — if embedded in websites — can allow outdated browsers to run features found in newer browsers. Once in control of Polyfill.io, FUNNULL used the domain to essentially carry out a supply chain attack, as cybersecurity firm Sansec reported in June, where FUNNULL took over a legitimate service and abused its access to potentially millions of websites to push malware to their visitors. 

    At the time of the Polyfill.io takeover, the original Polyfill author warned that he never owned the Polyfill.io domain and suggested websites remove the hosted Polyfill code completely to avoid risks. Also, content delivery network providers Cloudflare and Fastly put out their own mirrors of Polyfill.io to offer a safe trusted alternative for websites that wanted to keep using the Polyfill library. 

    It’s unclear what the goal of the supply chain attack was exactly, but Willem de Groot, the founder of Sansec, wrote on X at the time that it appeared to be a “laughably bad” attempt at monetization.

    Now, security researchers at Silent Push say they mapped out a network of thousands of Chinese gambling sites and linked it to FUNNULL and the Polyfill.io supply chain attack. 

    According to the researchers’ report, which was shared with TechCrunch in advance, FUNNULL was using its access to Polyfill.io to inject malware and redirect website visitors to that malicious network of casino and online gambling sites. 

    “It appears likely that this ‘online gambling network’ is a front,” Zach Edwards, a senior threat analyst and one of the researchers who worked on the Silent Push report, told TechCrunch. Edwards added that FUNNULL is “operating what appears to be one of the largest online gambling rings on the internet.”

    Silent Push researchers said in their report that they were able to identify around 40,000 mostly Chinese-language websites hosted by FUNNULL, all with similarly looking and likely automatically generated domains made up of a scattering of seemingly random letters and numbers. These sites appeared to impersonate online gambling and casino brands, including Sands, a casino conglomerate that owns Venetian Macau, the Grand Lisboa in Macau, and SunCity Group; as well as the online gambling portals Bet365 and Bwin.

    A screenshot of one of the thousands of spammy online gambling websites hosted on FUNNULL’s CDN. (Image: TechCrunch)

    Chris Alfred, a spokesperson for Entain, the parent company of Bwin, told TechCrunch that the company “can confirm that this is not a domain we own so it appears the site owner is infringing on our Bwin brand so we will be taking action to resolve this.”

    Sands, SunCity Group, Macau Grand Lisboa, and Bet365 did not respond to multiple requests for comment. 

    Edwards told TechCrunch that he and his colleagues found a FUNNULL developer’s GitHub account, who discussed “money-moving,” an expression that they believe refers to money laundering. The GitHub page also contained links to Telegram channels that include mentions of the gambling brands impersonated in the network of spammy sites, as well as talk about moving money. 

    “And those sites are all for moving money, or is their primary purpose,” said Edwards. 

    The suspicious network of sites, according to Edwards and his colleagues, is hosted on FUNNULL’s content delivery network, or CDN, whose website claims to be “Made in USA” but lists several office addresses in Canada, Malaysia, the Philippines, Singapore, Switzerland and the United States, which all appear to be places with no listed addresses in the real world. 

    On its profile on HUIDU, a hub for the gambling industry, FUNNULL says it has “more than 30 data centers on the continent,” likely referring to mainland China, and that it has a “high-security automated server room in China.”

    For an ostensible technology company, FUNNULL makes its representatives difficult to reach. TechCrunch made efforts to contact the company to seek comment and to ask it questions about its role in the apparent supply chain attack, but received no responses to our inquiries.

    On its website, FUNNULL lists an email address that does not exist; a phone number that the company claims to be on WhatsApp, but could not be reached; the same number which on WeChat appears to be owned by a woman in Taiwan with no affiliation to FUNNULL; a Skype account that did not respond to our requests for comment; and a Telegram account that only identifies itself as “Sara,” and has the FUNNULL logo as her avatar.  

    “Sara” on Telegram responded to a request for comment — sent by TechCrunch in both Chinese and English — containing a series of questions for this article saying: “We don’t understand what you said,” and stopped answering. TechCrunch was also able to identify a series of valid FUNNULL-owned email addresses, none of which responded to requests for comment. 

    A company called ACB Group claimed to own FUNNULL on an archived version of its official website, which is now offline. ACB Group could not be reached by TechCrunch. 

    With access to millions of websites, FUNNULL could have launched much more dangerous attacks, such as installing ransomware, wiper malware, or spyware, against the visitors of the spammy websites. These kinds of supply chain attacks are increasingly possible because the web is now a complex global network of websites that are often built with third-party tools, controlled by third parties that, at times, could turn out to be malicious. 

    This time, the goal was apparently to monetize a network of spammy sites. Next time, it could be much worse.

    [ad_2]

    Source link

  • From Historical Squares to Quaint Booths in the Forbidden City, Explore 8 Captivating Public Space Concepts from the ArchDaily Community

    From Historical Squares to Quaint Booths in the Forbidden City, Explore 8 Captivating Public Space Concepts from the ArchDaily Community

    [ad_1]