As this absurd election season careens to a close, any cybersecurity story with the word “Clinton” or “Trump” in the headline has become a magnet for controversy—and deserves a close fact-check. So when Slate this week reported that the Trump organization ran a secret server to communicate with a Russian bank, the story briefly blew up the Internet’s political sphere. And then the cybersecurity community rushed in to debunk it just as quickly.
Political fervor and thinly reported megascoops aside, we covered other news in the cybersecurity world this week: A long-awaited exemption to the Digital Millennium Copyright Act finally took effect on Monday that gives customers and researchers expanded ability to hack the digital components of things they own—from insulin pumps to cars. Researchers are creating tools to block a type of ultrasonic tracking used for marketing. A hacker-artist’s project turned a boring-looking printer into a rogue cell tower to intercept mobile communications. TED is working with Audible to produce audio content in which presenters are completely anonymous. And the security team for Google’s Chrome browser released new data about their initiative to pressure the web to universally adopt encrypted connections, hopefully making browsing safer for everyone in the process.
And there was plenty more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
The notion that Trump—not just Clinton!—had a politically damning secret server was perhaps a story too juicy to fully fact-check. So when Slate published a report that the Trump organization ran a server designed to covertly communicate with a Russian bank, it was taken as the strongest proof yet of Trump’s potentially corrupt Russian ties. Even the Clinton campaign trumpeted it. The Slate story was based on an anonymous cybersecurity expert’s analysis of DNS logs, the system the internet uses to translate domain names into numerical IP addresses, which seemed to show that a Trump server was communicating exclusively with the Russian bank AlfaBank.
But cybersecurity consultant Rob Graham and the Intercept quickly published their own takes on the story, slicing away chunks of its credibility. The Intercept, for instance, checked IP addresses for computers on the anonymity network Tor and found that there was no evidence of an “exit node”—a computer used for rendering internet traffic tougher to trace in Tor’s system—that the Slate article had claimed AlfaBank had used. Graham showed that a domain name for the server was actually registered to the email marketing firm Cendyn. The Intercept went so far as to publish one of the marketing emails Cendyn sent on the Trump Organization’s behalf. All of that suggested Slate’s secret Russian-connected server was in fact used for something far less interesting: spam.
Now the Democratic National Committee Says It Wasn’t Just Hacked—Its Headquarters May Have Been Bugged
The Democratic Party recently told the FBI that it found evidence during an October security sweep of a possible listening device used to spy on its office. Democratic officials told Mother Jones that the probe had turned up a radio signal by the DNC chairman’s office, which may have been broadcasting to a device outside. The DNC did not find an actual device, and does not have evidence of who the culprits might be. A DNC official told Mother Jones, “We were told that this was something that could pick up calls from cellphones. … The guys who did the sweep said it was a strong indication.”
The same type of botnet that bombarded the internet infrastructure company Dyn with an internet-shaking attack last was used this week to launch the same sort of distributed denial of service against the servers of two telecom companies that own the only fiberoptic internet link in Liberia. As the companies struggled to handle 500gbps of malicious traffic (less than the 1.1 tbps attack on Dyn, but still sizable) connectivity in Liberia came in and out, and websites hosted in the country were not available externally, according to ZDNet. (Security blogger Brian Krebs, however, questioned the dubious claim that the attack had actually “shut down the internet for an entire country,” as the Hacker News had headlined the story.) The Mirai botnet used against Dyn and in this case (through a variant called Botnet 14) is open source, making it easy for anyone to access and use. Only about six percent of Liberia has internet access to begin with, and the lack of connectivity options means the country’s internet infrastructure is a relatively easy target for attack. But the incident has broad implications as hackers create even more powerful botnets and test larger and larger DDoS attacks.
Early this week, a verified FBI account, @FBIRecordsVault, started posting about recently released political documents—including some about Donald Trump’s father Fred Trump and President Bill Clinton’s contentious Marc Rich pardon. The @FBIRecordsVault account, which hadn’t tweeted in a year, generally tweets links to documents from an FBI Records page called The Vault. But the timing of these releases seems suspect given the upcoming election and the account’s previous lack of activity. On Thursday, ThinkProgress reported that the FBI’s Inspection Division would investigate the Twitter account, given that federal law forbids the FBI from trying to influence American electoral politics. The FBI, for its part, contended in a statement that the documents were released “per the standard procedure for FOIA” and were posted automatically.
Montreal police spied on Canadian journalist Patrick Lagacé’s iPhone for several months during 2016 as part of an internal police investigation into the possibility that certain gang and drug trafficking investigators were falsifying evidence. Five officers were arrested and two charged in the investigation, which turned up a connection between one of the policemen and Lagacé. The Montreal police department’s special investigations section got at least 24 surveillance warrants to monitor Lagacé’s whereabouts and incoming/outgoing communications. Lagacé says that the spying “was incredibly aggressive,” and some Canadian politicians have condemned the probe. Montreal Mayor Denis Coderre said on Monday that he supported police chief Philippe Pichet but found the situation concerning.
On Monday, Google’s Threat Analysis group disclosed a critical Windows vulnerability 10 days after initially reporting it to Microsoft. Under a 2013 Google policy, researchers only need to wait seven days before disclosing a vulnerability, but the tight turnaround made it difficult for Microsoft to ready a Windows patch. Microsoft executive vice president Terry Myerson said in a blog post on Tuesday that “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.” Myerson also noted that Microsoft has observed the vulnerability being exploited in spear phishing campaigns by the Russian hacking group Strontium, also known as Fancy Bear. Microsoft will release a patch on Tuesday Nov. 8, and the company says that customers using Windows 10 and the Edge browser should already be protected. Maybe Google researchers were trying to push Microsoft to patch the bug before the election.