U.S. Has Stepped Up Funding for VPN Companies to Help Russians Evade Censorship
Cyber Partisans are finding new forms of asymmetrical warfare in Belarus, Ukrainian ISPs are forced to route through Russia, New bill would ban sale of location and health data, much more
According to five people familiar with the situation, the U.S. government has pushed new, increased funding into three VPN companies, nthLink, Psiphon, and Lantern, since the start of the Ukraine war to help Russians sidestep censors and access Western media.
A U.S. government-funded nonprofit organization, the Open Technology Fund (OTF), gave the VPN companies at least $4.8 million in U.S. funding between 2015 and 2021. However, the sources say that since February, the total funding allocated to the companies has increased by almost half in order to cope with the rise in demand in Russia. The funding flows through the U.S. Agency for Global Media (USAGM), a federal agency that oversees U.S. government-backed broadcasters, including Voice of America and Radio Free Europe/Radio Liberty, as well as via the Washington-based OTF, which is funded entirely by the U.S. government and overseen by the USAGM.
Posters advertising nthLink and other U.S.-government-backed VPNs, as well as independent Russian-language media outlets, have appeared in Moscow since the start of the war, according to three people familiar with the matter. (James Pearson and Chris Bing / Reuters)
A new model for revolutionary groups seeking to wage asymmetrical warfare is emerging in Belarus with the opponents of the authoritarian government of Alexander Lukashenko, including a group that fashions themselves as the Cyber Partisans, finding new ways to wage asymmetrical warfare.
Lukashenko’s opponents started by breaking into the websites of the government and state news agencies. Since then they’ve begun to branch into cyberattacks that result in physical damage, a type of activity long the preserve of nation-states. The Cyber Partisans brought down the train system in Belarus with a ransomware attack shortly after Russia started sending troops through the country. Now they and other Belarusian dissidents see their fight as a mission against both Lukashenko and Russian President Vladimir Putin. (Ryan Gallagher / Bloomberg)
Since the end of May, the 280,000 people living in the occupied port city of Kherson in Ukraine and surrounding areas have faced constant online disruptions as internet service providers are forced to reroute their connections through Russian infrastructure.
Multiple Ukrainian ISPs are now forced to switch their services to Russian providers and expose their customers to the country’s vast surveillance and censorship network, according to senior Ukrainian officials and technical analysis. Moreover, as an additional step in the “Russification” of Ukraine, new unbranded mobile phone SIM cards using Russian numbers are being circulated in the region, further pushing people towards Russian networks. At the heart of the rerouting is Miranda Media, the operator in Crimea that appeared following the region’s annexation in 2014. Among “partners” listed on its website are the Russian security service known as the FSB and the Russian Ministry of Defense. (Matt Burgess / Wired)
In preparation for the Supreme Court’s looming repeal of its landmark Roe v. Wade decision, Senator Elizabeth Warren (D-MA) has announced sweeping legislation, the Health and Location Protection Act, to ban the sale of location and health data.
Cosponsored by a slate of Democratic senators, including Senators Bernie Sanders (I-VT) and Ron Wyden (D-OR), the legislation would bar “data brokers from selling or transferring location data and health data.” There are few limitations, making the bill one of the most strict proposals aimed at regulating data sales. The bill would empower the Federal Trade Commission, state attorneys general, and people hurt by an unlawful data sale to sue brokers found to have violated the law. The FTC would also receive an additional $1 billion over the next decade to aid in enforcing the law. (Makena Kelly / The Verge)
A joint investigation by Reveal, The Center for Investigative Reporting, and The Markup shows that Facebook is collecting ultra-sensitive personal data about abortion seekers and enabling anti-abortion organizations to use that data as a tool to target and influence people online, in violation of its own policies and promises.
Meta, Facebook’s parent company, prohibits websites and apps that use Facebook’s advertising technology from sending Facebook “sexual and reproductive health” data. But, using Blacklight, a Markup tool that detects cookies, keyloggers, and other types of user-tracking technology on websites, Reveal analyzed the sites of nearly 2,500 so-called “crisis pregnancy centers” with data provided by the University of Georgia and found that at least 294 shared visitor information, often highly sensitive information, with Facebook.
Crisis pregnancy centers pretend to help desperate pregnant people but are false fronts for anti-choice organizations hoping to steer those people away from abortions. Facebook spokesperson Dale Hogan said: “It is against our policies for websites and apps to send sensitive information about people through our Business Tools,” which includes its advertising technology. (Grace Oldham and Dhruv Mehrotra / Reveal)
The Real Facebook Oversight Board @FBoversight🔴 A joint investigation by the @themarkup with @reveal shows how "Facebook is collecting ultrasensitive personal data about abortion seekers" https://t.co/X0nFQV1wf1
The FBI used cell tower data earlier this year to link seven bank robberies in five states to a phone number used by a suspect named Fernando Enriquez and possible associates.
After cross-checking the phone number and the name with other police databases, the agency used that information to retrieve email addresses and Google, Instagram, and TikTok accounts belonging to Enriquez. The FBI said the email and social media account information unearthed a photo on TikTok of Enriquez standing in front of a Chevrolet SUV that resembled the getaway vehicle. Photographs also showed tattoos that appeared to match those from bank surveillance footage.
Based on this case, it appears the FBI believes it can get all kinds of information from Bytedance-owned TikTok, from messages to videos to location data, even if deleted by TikTok users. An FBI employee wrote in the Enriquez search warrant that “even if ... content is removed, locked or deleted, often social media companies retain the data on their information systems.” TikTok, the agent wrote, “appears to store data that has been made private, locked or deleted by users.” (Thomas Brewster / Forbes)
Researchers at Lookout detailed a previously unknown form of enterprise-grade Android surveillance ware, dubbed Hermit, that is being used by the government of Kazakhstan.
Hermit is believed to have been developed by Italian spyware vendor RCS Lab S.p.A. and Tykelab Srl. RCS Lab is a developer that is known to have past dealings with Syria and operates in the same market as NSO Group. The discovery of Hermit is said to be the first time a current client of RCS Lab’s mobile spyware has been publicly identified. (Duncan Riley / Silicon Angle)
Cisco told customers this week to patch a critical vulnerability (tracked as CVE-2022-20798) that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations.
The flaw was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. Cisco's Product Security Incident Response Team (PSIRT) said it's not aware of any publicly available exploits for this security bug or malicious use of the vulnerability in the wild. (Sergiu Gatlan / Bleeping Computer)
Related: The Hacker News
A competition to win free beer for Father's Day circulating on WhatsApp is a scam, Heineken has said. The scam suggests the first 5,000 respondents will receive a free fridge of beer in return.
A message that offers the chance to win one of 5,000 coolers full of lager and links to a fake quiz-style competition is a phishing lure to trick victims into clicking a malicious link or entering personal information like bank details. (Jennifer Meierhans / BBC News)
House appropriators put forth a proposal that boosts funding for the Cybersecurity and Infrastructure Security Agency (CISA) to $2.93 billion for CISA, more than $400 million above what the agency requested this year in budget proposals.
Those extra dollars are heavily skewed towards augmenting the agency’s cyber capabilities, with $235 million allocated for general cybersecurity operations and an additional $46 million for its other core mission, infrastructure security. (Derek Johnson / SC Media)
Officials paid more than $400,000 to ransomware attackers following an attack by a group called Quantum on the Glenn County, California Office of Education and school districts.
Quantum originally demanded a ransom of $1 million but negotiators were able to lower the amount after it became clear to the attackers that the county’s assets and cyber insurance were not sufficient to cover their demands. As part of the negotiations, Quantum assured the county that it would delete all files and provide proof of deletion, provide an explanation of how they gained access to the network and what they did in there, provide a complete list of all files taken, guarantee that they would not attack the district again, and would not sell any of the data that had been stolen. (Dissent Doe / Databreaches.net)
Dissent Doe, PhD @PogoWasRightSCOOP: Glenn County Office of Education paid $400k ransom after #ransomware attack: https://t.co/bn5osx6N1K #quantum cc @douglevin @brettcallow
Researchers at F5 Labs say that a new strain of Android malware called MaliBot has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot.
The trojan steals credentials and cookies, bypasses multi-factor authentication (MFA) codes, and abuses Android's Accessibility Service to monitor the victim's device screen. Moreover, Malibot is capable of weaponizing its access to the Accessibility API to defeat Google's two-factor authentication (2FA) methods, such as Google prompts, even in scenarios where an attempt is made to sign in to the accounts using the stolen credentials from a previously unknown device. (Ravie Lakshmanan / The Hacker News)
Researchers at Sophos say that a threat actor known as Blue Mockingbird targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.
The attackers are leveraging CVE-2019-18935, a critical severity (CVSS v3.1: 9.8) deserialization that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. Moreover, Blue Mockinbird is leveraging vulnerable Microsoft IIS servers that used Telerik UI in May 2020, by which time a year had passed since security updates were made available by the vendor. (Bill Toulas / Bleeping Computer)