Capitol Hill Computer Systems Exposed During Insurgency and Other Top Cybersecurity News You Need to Know Today

Justice system emails compromised by SolarWinds, JetBrains software may have been a conduit for Russian hacker compromise, NYSE reverses itself again and will delist Chinese telecoms, much more

Jan 7

Please consider helping us bringing you original and aggregated cybersecurity content you need to know to keep your organization safe. Subscribe now.

The cybersecurity implications of yesterday’s attack on Capitol Hill by insurrectionists aren’t yet clear. However, infosec professionals began weighing in quickly during the attack to point out the major vulnerabilities stemming from the hordes who invaded unprotected Capitol Hill offices.

Some experts argued that computer systems exposure was a counter-intelligence nightmare and a great opportunity to plant bugs and that all computers should be considered compromised.

Joe Uchill @JoeUchill

The natsec/infosec implications of the coup attempt are staggering - not just in Pelosi's office. They'll need to assume all systems and physical files were compromised, and catalog what of each was stolen, altered or destroyed

Marc Ambinder @marcambinder

Every single computer on Capitol Hill is vulnerable to a USB-mounted attack. This is a counter-intelligence nightmare on top of everything else.

Mick @nohackme

wow what a good opportunity to plant bugs

Scott Driver @VTsnowboarder42

Every computer, every piece of data in the capitol should now be considered compromised. In terms of national security, we are weaker as a nation than we were two hours ago. Way to go “patriots”

Still, other experts downplayed the attack from a cybersecurity perspective, saying that no classified information was likely affected by any compromise or theft of technology during the assault.

Mieke "18 USC 2383" Eoyang @MiekeEoyang

Hi, former HPSCI staffer here. Congressional offices deal in unclassified information. Most of the things they deal with are open source. Classified information dealt with in designated Congressional SCIFs. No indication those were breached.

Joe Uchill @JoeUchill

Others expressed compassion for the Capitol IT staff, who face daunting challenges in securing the systems again.

socially distant, mask wearing bat @mzbat

My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory IR before - a daunting, stressful task in a tabletop exercise - and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.

The Washington Post’s Cybersecurity 202 report has a great run-down of some of the information security implications of yesterday’s attack.

The Justice Department and the federal court system said they had been compromised by the SolarWinds malware, along with dozens and potentially hundreds of other leading government and private sector organizations.

The Department said that 3% of its Microsoft Office 365 email accounts were potentially affected, although no evidence exists that classified systems were affected. (Eric Tucker and Frank Bajak / Associated Press)

Intel agencies and private cybersecurity companies are examining whether Russian hackers used a product called TeamCity provided by a leading software company, JetBrains, to inconspicuously planted back doors in an untold number of JetBrains’ clients, a blue-chip list of Fortune 100 companies including Google, Hewlett-Packard, and Citibank.

JetBrains claims that it has not been involved in a Russian espionage attack in any way and has not been contacted by any security or government agency. (Nicole Perlroth, David E. Sanger and Julian E. Barnes / New York Times)

WhatsApp users are receiving notices about the service’s new terms and privacy policy that requires them to accept having their account information shared with parent company Facebook or else they can’t use the service.

Earlier versions of the policy gave WhatsApp users the option of not sharing their information with Facebook. (Pranob Mehrotra / xda developers)

Despite earlier reports that Google has not updated its iOS apps to do an end-run around Apple’s new privacy labels, the Internet giant said it plans to updates its apps as early as this week.

Google said it is not taking a stand against the labels but actually plans to roll out privacy labels across its sizable iOS app catalog as soon as this week or the next. (Sarah Perez / TechCrunch)

Data activists known as the Distributed Denial of Secrets published a massive trove of data on its website collected from dark web forums where information was leaked online by ransomware attackers.

Saying they are operating for the sake of transparency, DDoSecrets dumped about 1 terabyte of that data, including more than 750,000 emails, photos, and documents from five companies. (Andy Greenberg / Wired)

Related: Databreaches.net

Andy Greenberg @a_greenberg

WikiLeaks-style transparency group Distributed Denial of Secrets has now started mining a controversial new source of data: the terabytes of information stolen from ransomware victims and dumped online when they refuse to pay.

Activists Publish a Vast Trove of Ransomware Victims’ DataWikiLeaks successor DDoSecrets has amassed a controversial new collection of corporate secrets and is sharing them in the name of transparency.wired.com

The New York Stock Exchange reversed itself for a second time and announced it would, in fact, delist three major Chinese telecom companies, China Mobile, China Telecom, and China Unicom Hong Kong.

The exchange said it made the reversal because it received “new specific guidance” from the Treasury Department’s Office of Foreign Assets Control on Tuesday. (Alexander Osipovich / Wall Street Journal)

Due to a misconfigured Git server, the source code of mobile apps and internal tools developed and used by Nissan North America was leaked online, Tillie Kottmann, a Swiss-based software engineer, discovered.

Nissan said it is aware of the incident and is conducting an investigation. (Catalin Cimpanu / ZDNet)

Security researchers from Trustwave say that cybercriminals use a supposed Donald Trump sex tape that delivers the Quaverse Remote Access Trojan (QRAT), a Java-based, remote access trojan (RAT) supercharged by plug-ins from Quaverse.

Despite the sex tape offer, the phishing email used to link to the malware comes with the subject line “Good Loan Offer.” (Becky Bracken / Threatpost)

Hackers are invited to find vulnerabilities in U.S. army systems in Hack the Army 3.0, the Defense Digital Service (DDS) and bug bounty platform HackerOne announced.

The program is open to both military and civilian participants and runs from January 6, 2021, through February 17, 2021. (Danny Palmer / ZDNet)

Related: Security Week, Infosecurity Magazine

Photo by Alejandro Barba on Unsplash