In Brief The vice president of the US, Kamala Harris, was mocked by commentators this week for her aversion to Bluetooth on security grounds. Security professionals think she has a point – given her position.
“Should someone who travels with the nuclear football be spending time untangling her headphone wires? The American people deserve answers!” Politico White House hacks breathlessly reported.
Turns out being a political commentator doesn’t make you smart on security. As John Scott-Railton, senior researcher at Citizen Lab (an org that knows a thing of six about security), pointed out, you’d rather have a vice president who recognizes that security is paramount – and America’s own NSA advises against the use of Bluetooth.
Using Bluetooth isn’t a threat for most of us – although it has always been vulnerable and is still used as an attack vector. But when you’re the veep of a nuclear power there’s a responsibility to minimize your threat profile.
In an interview on Sunday, Harris called the storm in a teacup “ridiculous”.
Russian malware-masker gets four years in prison
Online criminals managed to sneak hundreds of thousands of malware deliveries past commercial security using the help of Russian national Oleg Koshkin, 41, who was jailed by US authorities for his crimes.
Koshkin ran the crypt4u.com and fud.bz malware masking service and used it to infect unwitting participants and make them part of the Kelihos botnet. According to documents unsealed this week he was found guilty of one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse by a federal jury, and sentenced to 48 months in prison.
“For years, Koshkin and his co-conspirators worked to evade our most basic cyber defenses in order to spread malware on a truly global scale,” said special agent in charge David Sundberg of the FBI’s New Haven Office.
“While our work to bring Koshin to justice comes to a close, the FBI will continue to tirelessly defend our country from the ever-evolving cyber threats posed by criminals, terrorists and hostile nation-states.”
Internet sextortionist jailed for 32 years
British man Abdul Hasib Elahi, 26, has been sentenced to over 30 years in prison after extorting over nearly 2,000 people for sexual material and selling it online.
The Birmingham, England resident inveigled his way onto social media accounts posing as a sugar daddy or hacker and convinced victims to perform sexual acts on camera – sometimes involving other people. He then made over £25,000 selling “box sets” of the material, often using Telegram.
“Abdul Elahi is a depraved sadist who got sexual gratification through power and control over his victims whom he often goaded to the point of wanting to kill themselves. He has wrecked lives and families,” said Tony Cook, The UK’s National Crime Agency’s Head of CSA operations.
“NCA investigators were horrified by what Elahi had done and stunned by the industrial scale of his worldwide offending.”
This hack has had some experience in the area and the advice remains the same: don’t play along, alert the police and service providers, and tough it out. The alternative is much worse.
Martian bugs are real!
The Perseverance rover currently trundling across the Martian regolith is looking for signs of life, but we found out this week that it also contains at least one bug.
Thankfully it was not the biological kind – the mission was carefully sterilized before launch to avoid contamination – but of a software nature. As security watchers will have noted, the critical Log4j flaw has had IT admins patching since its discovery, but – as the Apache Foundation gloated earlier in the year – it affects humankind’s first flying machine on another planet.
Did you know that Ingenuity, the Mars 2020 Helicopter mission, is powered by Apache Log4j? https://t.co/gV0uyE1ylk #Apache #OpenSource #innovation #community #logging #services pic.twitter.com/aFX9JdquP1
— Apache – The ASF (@TheASF) June 4, 2021
Thankfully the risk of hacking is infinitesimal, and NASA’s unlikely to need to do any remote patching – as freaking epic as that would be. ®