US officials and experts fear China has ransacked Exchange servers for data to train AI systems • The Register
In short According to U.S. government officials and computer security experts who spoke to NPR, the massive attack on Microsoft Exchange servers in March may have been China’s gathering of information to train AI systems.
The looting of these exchange systems has been attributed to Chinese government cyber spies known as Hafnium; Beijing has denied any involvement.
The crew are said to have exploited four zero days in Redmond’s messaging software in a chain to hijack servers and siphon data. And what started small turned into what Chang Kawaguchi, RSSI for Microsoft 365, told NPR this month that it was the fastest scaling of a cyberattack that ‘he had ever seen.
Officials in the U.S. government and in the infosec industry apparently fear that, given the wide range of organizations targeted – from large corporations to stores, dentists and schools – the Chinese government may try to train systems. machine learning over mountains of Americans’ Messages, Calendars, and Files.
And this Exchange harvest is in addition to the huge databases of personal information already torn from the US government and the private sector.
“The Chinese have more data than we have on ourselves,” said William Evanina, former director of the National Center for Counterintelligence and Security.
“So you have the OPM data breach,” he continued, “you have a full security clearance record for someone, you have Anthem records, you have their Marriott points record, their credit cards, Equifax, their loans, their mortgages, their credit rating. They know all about you before they even send you on a cruise or on vacation. “
Evanina spoke more about the threat from China here [PDF] before the Senate Intelligence Committee in early August, if that interests you.
We hope you have corrected ProxyToken, aka CVE-2021-33766, in Microsoft’s July Patch Tuesday patch for the Exchange server, as details on how to exploit it to steal people’s emails are now public.
Homeland Security is getting smarter in recruiting security talent
While media attention last week focused on President Biden meeting with tech CEOs to talk about computer security, Homeland Security focused on the basics: finding the right people.
Ministry seeks comment on its Cyber Security Talent Management System (CTMS) project, which will revamp the way the agency hires infosec bodies by allowing people with unconventional qualifications and backgrounds to apply and adjusting government pay scales to ensure people become “competitive enough, market sensitive pay.”
These are two huge sticking points for those who wish to enroll in government service. Not that long ago, if you wanted to be part of the FBI cybersecurity team, you had to take the Agent Physical Training Course, and anyone who had ever used illegal recreational substances was banned from joining, although the federal government has relaxed a bit on that one.
On the pay side, security engineers make a lot of money in the private sector. It takes a very committed citizen to sign up for government service when he could get double the salary and stock options in Big Tech. Obviously, the government will not be able to match FAAMG salaries, but every little bit counts.
Speaking of Uncle Sam … The White House on Monday launched the US Digital Corps, a two-year scholarship program that finds junior software engineers, data scientists and other geek roles in federal agencies.
Palantir and this ‘glitch’
After some FBI agents were able to access case documents that should have been banned in a Palantir database, the software maker said this was because the federal government did not RTFM as opposed to an issue. reported in the media.
“There was no problem in the software,” Palantir said. The register. “Our platform has robust access and security controls. The client also has rigorous protocols established to protect return search warrants, which in this case the end user did not follow.”
Here’s what happened: The FBI was investigating Virgil Griffith, accused of helping North Korea escape sanctions by using cryptocurrencies. Last March, the FBI obtained a search warrant to search its Facebook and Twitter accounts for information and uploaded it to the federal government’s Palantir database for analysis. However, it seems that the agents forgot something: They allowed any other agent who could access the Palantir system to view Griffith’s files, rather than securing the data to select only the affected personnel.
“The government understands that this outside access to search warrant returns was made possible because, when data is uploaded to the platform, the default setting is to allow access to the data to other FBI members. otherwise authorized to access the platform, “wrote [PDF] Audrey Strauss, United States Attorney for the Southern District of New York.
“When the search warrant returns here were uploaded to the platform, these default settings were not changed to restrict access to the search warrant returns to FBI personnel actually engaged in the review of the search warrant returns. search warrant returns in accordance with warrants. “
Earlier this month, an FBI agent unrelated to the Griffith case mentioned that he had seen the data. Further investigation showed that three FBI analysts and a now retired agent accessed social media information when they should not have. Federal authorities are now investigating whether this permissions issue is more widespread.
If you remember the problem of the Razer driver, it turns out that there Maybe up to 2,500 USB device models that potentially automatically run an interactive installer with elevated privileges when a gadget is inserted into a Windows PC. These installers can be used by a logged on local user to gain SYSTEM level credentials. The problem is that Windows allows these interactive installers to run automatically regardless of the extent of access the current user has.
T-Mobile US CEO sheds some more light on the database raid
Earlier this month, T-Mobile US admitted that the personal information of 48 million of its subscribers was stolen, and now CEO Mike Sievert has partially explained how it was stolen.
“Put simply, the bad actor leveraged their knowledge of technical systems, as well as specialized tools and capabilities, to gain access to our test environments, then used brute force attacks and other methods to gain access. clear a path to other computer servers containing client data, “he said. “In short, the intention of this individual was to break in and steal data, and they were successful.”
He added that he was “very sorry”. Among other things, the telephone company will offer the usual two years of free identity protection services to customers. To try to prevent this from happening again, T-Mobile US is hiring information company Mandiant and consultants from KPMG to harden its systems against attacks. A person claiming to be the originator of the data theft told the Wall Street Journal that the security of the cellular network giant was “horrible.”
Breathtaking security holes
For once, it’s no exaggeration: McAfee has discovered five serious flaws in the drug infusion pumps made by Germany’s B. Braun.
Infusion pumps have been in use for decades, delivering fixed doses of drugs to a patient without the need for a doctor on hand, and they are increasingly controlled by the network. While the operation was not trivial, teams from McAfee and the Culinda security store demonstrated that it would be possible to remotely adjust the dosage levels that the pump would deliver if it was connected to a hospital network.
“The ability to remotely manipulate medical equipment undetected, with the potential for harm to patients, effectively arms these point-of-care devices,” said Shaun Nordeck, resident physician in interventional radiology at a level trauma center. a.
“This is a scenario that was previously plausible only in Hollywood, but is now confirmed to be a real attack vector on critical equipment that we use on a daily basis.” ®