As we wind down ever closer to what is becoming probably the most bizarre U.S. presidential election in modern history, there is huge controversy around cyber-security news and other types of text including the words “Clinton” or “Trump” in the body, let alone the headline. The political circle of the internet was literally exploding in response to a report issued by Slate last week claiming the Trump organization had been using a secret server to establish communication with a Russian bank. However, just as quick came the debunking of the entire matter by the same cyber-security community.
After a long wait, an exemption was finally put into action regarding the Digital Millennium Copyright Act in the United States, expanding the ability for customers and researchers to actually hack digital components of devices you currently own. Tools are being created by scientists aiming to prevent a type of ultrasonic tracking technology used for marketing purposes. An ordinary printer became a controversial, and rogue, cell tower able to intercept mobile communications, all by through a project by a hacker-artist. The Google Chrome security team unveiled new data regarding their plans to place pressure on the web to welcome the concept of encrypted connections for all. Let’s hope this will render safer browsing for us ordinary people.
Liberia’s internet struck with massive DDoS attacks
Yet another DDoS attack made headlines this week by targeting servers of two communications companies that actually own Liberia’s only fiberoptic internet link. This same type of distributed denial of service attack was the culprit botnet that unleashed a huge bombing campaign against Dyn, the major internet infrastructure firm last week and literally shaking the entire internet. While Liberian companies scrambled resources to manage the 500gbps attack sending malicious traffic, people across the country experienced in and out connectivity, and websites based inside Liberia became inaccessible for anyone outside of the country, as reported by ZDNet. The botnet used to launch the 1.1 Tbps DDoS attack against Dyn, known as Mirai, and used by Botnet 14 against Liberia, are open source. As a result, anyone can gain access and begin using it. Only 6% of Liberia’s population enjoys access to the internet, and the shortage of different mediums to connect to the internet leaves the infrastructure in this country very vulnerable to such attacks. However, these incidents render more serious indications and conclusions. As we speak hackers are busy creating more powerful botnets and having a field day testing increasingly larger DDoS attacks.
Trump communicating with the Russians?
The very possibility that Trump, like Clinton, was one day running a secret server–now considered very damning–was a story many could not hesitate on and set all the fact-checking procedures aside. Therefore, when Slate posted a report claiming the Trump organization had a server blueprinted to establish covert communications with a Russian Bank, it was simply too hot of a topic to begin fact checking and everyone just wanted to have their say go live sooner. Many claimed this was the strongest proof to date of Trump having a potentially corrupt relationship with the Russians. The Clinton campaign was also seen jumping on the bandwagon and trumpeting the entire issue. The analysis of an anonymous cyber-security expert over DNS logs was the source of Slate’s piece. DNS logs are the very system and foundation used by the internet to transform domain names into numerical IP addresses understandable for computers. These files apparently revealed that a server in the Trump organization was involved in exclusive communications with the Russian bank AlfaBank.
However, other takes on this subject were quickly published and effectively questioned the credibility. Two such examples include pieces by the Intercept and cyber-security advisor Rob Graham. In its investigations the Intercept came to realize that amongst the computer IP addresses on the anonymity Tor network there was no such evidence of an “exit node” as claimed. This is reference to a computer used to deliver internet traffic and making it tougher for any tracing, a claim made in the Slate article about a practice of AlfaBank. Graham was able to prove that Cendyn, an email marketing firm, was the company name used to have a server domain registered to it. The Intercept went a step even further and made public a Cendyn marketing email sent on behalf of the Trump organization. All this evidence came to suggest that the secret server connected to the Russians raised in the Slate article had other purposes in mind: to crate spam.
Journalist’s iPhone monitored by Montreal police
The iPhone of Patrick Lagacé, a Canadian journalist, was the target of a monitoring effort by Montreal police for a series of months in the span of 2016, reports indicate. This was part of an internal police probe looking into the possibility of investigators working on gang and drug traffic traffickers were involved in the falsification of evidence. The findings so far have led to the arrest of five officers and two facing charges, after traces were found of a connection amongst one of the officers and Lagacé. The special investigation branch of Montreal police demanded and received at least 24 surveillance warrants to track Lagacé’s whereabouts and all of his communications. The spying has been described as aggressive by Lagacé and already a number of Canadian politicians have rushed to condemn such an investigation.
Democrats raising bugging scandal
The FBI had been informed by the Democratic National Committee (DNC) of evidence being found during a security sweep conducted back in October, showing the possible use of listening devices to spy on its main headquarters. DNC officials informed Mother Jones the probe had led to the discovery of a radio signal emitted from the office of the DNC chairman. This device may have actually been sending signals to the outside. It remains clear that the DNC has yet to find actual evidence regarding the possible identity of the culprit(s).
“We were told that this was something that could pick up calls from cellphones. … The guys who did the sweep said it was a strong indication,” a DNC official told Mother Jones.
FBI has a Twitter account, and is probing it
@FBIRecordsVault, a verified FBI account in Twitter, had earlier this week began tweeting about recently unveiled political documents. The list included issues regarding Fred Trump, the father of Donald Trump, and the contentious pardon made to Marc Rich by former president Bill Clinton. After a year of silence, the mentioned FBI account began tweeting links to documents based in an FBI Records page known as “The Vault.” Suspicious is probably the most conservative description of the timing used for such releases, especially considering Tuesday’s election and the fact that the account had been asleep for such a long period. The FBI Inspection Division had intentions to looking into the Twitter account, as reported recently by ThinkProgress, considering the fact that the FBI is forbidden by federal law to even attempt to influence electoral politics in America. The FBI went on to claim the documents were automatically published according to standards FOIA procedures.
Major bug in Windows unveiled by Google
The Threat Analysis group at Google made public on Monday a very damaging vulnerability in Windows. This bombshell came 10 days after Google informed Microsoft of the matter. According to a policy adopted by Google back in 2013 researcher are only obliged to wait 7 days before unveiling a discovered vulnerability. However, such a timeframe made it extremely difficult for Microsoft to ready a necessary Windows patch. Microsoft executive vice president Terry Myerson expressed his disappointment over Google’s decision to publicize such vulnerabilities before patches are made available to the general public, placing customers at risk as a result. Myerson went on to explain Microsoft had realized the vulnerability was already exploited by Fancy Bear, a Russian hacking group, aka Strontium. Microsoft has plans to release the patches on Tuesday, November 8th, while adding those using Windows 10 and the Edge browser should be protected already. Does this have anything to do with Tuesday’s elections, who knows?