THE WEEK BEGAN with dragon’s breath. After a major breach in its firewall, a scrappy security team in the north engaged in an epic battle to rid its system of an infected payload that kept growing bigger and bigger, spewing frozen ice flames across all critical infrastructure. Yes, I’m talking about Game of Thrones, folks, and yes, we asked an officer in the Army National Guard to do a tactical analysis of the battle of Winterfell, and yes, it’s wonderful and you should read it.
In the real world, a mysterious hacker groups is on a supply chain hijacking spree. Though hacktivism is on the rise, the days of Anonymous-like groups making a real difference are over. The US Air Force has decided to embed airmen at Carnegie Mellon University as part of its new Science and Technology Strategy. And security researchers all agree that Right to Repair is as much a security issue as a matter of personal freedom.
The week ended with president Donald Trump on the phone with Russian president Vladimir Putin, and according to Trump the two friends discussed a lot, including the Mueller Report, which they both agreed contained no evidence of collusion. Mueller expert Garrett Graff reminded the world this week that even if the Mueller probe is over, Trump and his team are still being actively investigated in at least 16 different criminal probes.
Of course, that’s not all. Each week we round up the news that we didn’t break or cover in depth, but that you should know about. As always, click on the headlines to read the full stories. And stay safe out there.
Speaking of Putin, the Russian president did more this week than just gab with Trump. He also signed a controversial law that will allow Russia’s internet censor and regulator to much more easily block websites and content that violate Russia’s strict internet rules, and will enable Russia to fully disconnect its internet service from the rest of the world. Putin signed the so-called “Runet” law on Wednesday, requiring Russia to build its own Domain Name System, separate from the rest of the world’s. Russia says it wants to protect its internet in the event that a hostile foreign agent attempts tot ake it down. But security experts say that’s never happened to any nation state, and that the much more likely reason is for Russia in order to exert more control. Currently, websites and services like Telegram and Zello are able to continue operating in the country despite being banned, by using a few different elusive methods, like ISP hopping and VPNs outside the country. Once all traffic is gated within the country, those techniques will likely no longer work.
Motherboard reports that hackers breached Citycomp, a German internet infrastructure provider for some of the world’s biggest corporations, stealing financial data and then attempting to extort the companies to get it back. Airbus, Oracle, and Volkswagen are a just few of the companies who rely on Citcomp for things like servers and storage, and whose data was allegedly stolen. Motherboard reports that the hackers also set up a public website on which it published some of the data, apparently as proof of the theft. The hackers claim to have more than 512GB of private and financial information for Citycomp’s clients. Citycomp publicly acknowledged that it had been hacked and was being blackmailed, and announced it was working with authorities to resolve the situation.
We’ve told you, over and over and over, about how vulnerable the nation’s voting infrastructure is. Machines are old, unprotected, and just plain broken. Despite voting machines being officially listed as a critical infrastructure by the Department of Homeland Security, voting systems across the US are still insecure and often lack paper backups to make enable auditing votes when this go awry. So LA County, which has 5.2 million registered voters, took matters into its own hands, developing its own voting machines and and a whole new voting process in time for the 2020 presidential primary next year. Voter security experts laud the design, which was the result of open-source collaboration and cost $100 million. The new machines combine a paper ballot with a screen interface, automatically creating a paper backup and allowing voters to fill out the entire ballot by hand if they prefer. In addition to the new machines, the county is redefining voting day, spreading it over 11 days rather than a single one, which officials hope will allow them to get more votes cast on fewer machines than if everyone were voting on one day.