Thursday, July 08, 2021

EU parliament condemns Hungary’s anti-LGBT law

Resolution is passed to launch legal action, but Hungarian prime minister Viktor Orbán remains defiant

Viktor Orban, whose law has been condemned by Ursula von der Leyen as “disgraceful”. Photograph: Darko Vojinović/AP

Thu 8 Jul 2021

The European parliament has denounced a Hungarian law that bans gay people from appearing in educational materials or on primetime TV as “a clear breach” of its principles of equality.

In a resolution voted in Strasbourg on Thursday by a resounding majority, MEPs condemned “in the strongest possible terms” the Hungarian law as “a clear breach of the EU’s values, principles and law”, while urging the European Commission to launch a fast-track legal case against Viktor Orbán’s government.

Campaigners fear the law could lead to an increase in physical and verbal attacks on gay people in Hungary.

EU leaders rounded on Orbán in what was described as an emotional debate during last month’s EU summit, while the commission president, Ursula von der Leyen, said the law was a “disgrace”.

“This law puts homosexuality and gender reassignment on a par with pornography,” Von der Leyen told MEPs on Wednesday. “This law uses the protection of children, to which we are all committed, as an excuse to severely discriminate against people because of their sexual orientation. This law is disgraceful.”

She has promised to use the EU executive’s powers to protect citizens’ rights and sent a formal letter to the Orbán government.

Although non-binding, the resolution adds pressure on Von der Leyen to take Hungary to the European court of justice. MEPs believe the Hungarian law violates rights to non-discrimination and freedom of expression, as well as the EU’s audiovisual media services directive, pan-European rules for TV and streaming services.

Altogether, 459 MEPs voted in favour of the resolution, with 147 against and 58 abstaining.

The MEPs also say Hungarian authorities cannot be trusted to manage EU funds in “a non-discriminatory way”, amid growing calls for Brussels to turn off the money taps to Budapest.

The commission is expected to delay approval of a €7.2bn coronavirus recovery plan for Hungary, subject to further demands to tackle corruption. A looming 12 July deadline has prompted calls for Brussels to order Hungary to rewrite its plan to tackle well-documented concerns about politicised courts and weak anti-graft controls. But the commission is likely to fall short of those demands.

“The current timetable is somewhere between 16 [and] 19 July,” said the German Green MEP Daniel Freund, a member of the budgetary control committee. “They will approve the Hungarian plan. If things go well they manage to write a little bit of additional anti-corruption reforms into the plan somewhere, but nothing that addresses anything immediately.”

He continued: “My reading is that the commissions are in a pickle.” The recovery fund was “not the ideal mechanism to get countries into structural reform and rebuild their rule of law and their justice system,” he said, adding that relatively time-consuming reforms were at odds with the urgency of economic rescue after the pandemic. “These are two contradictory things.”

An EU diplomat agreed with this analysis. The commission will “probably only kick the can down the road for another week,” the diplomat said. While the commission was “troubled” by the state of judicial independence in Hungary, officials see blocking Hungary’s access to EU recovery funds over rule of law concerns as “legally complex and shaky”, the person said.

A commission spokesperson declined to confirm or deny reports of a delay. “As the in-depth assessment is ongoing, we will not provide any preliminary assessment,” they said.

Boris Johnson and Viktor Orbán pictured in London in December 2019

Orbán, who faces elections in 2022, last week launched a nationwide poll questioning every household on the economy, migration and the EU via a series of loaded questions laden with stereotypes. In line with previous exercises, the survey and accompanying adverts demonised the Hungarian-born financier and philanthropist George Soros, linking him to “illegal migration”. One billboard slogan that has caused fresh outrage among MEPs reads: “George Soros is on the attack again?” Another asks: “Does Brussels make you angry?”

The survey cast the LGBTQ law as a child protection measure, a theme repeated by Orbán in a defiant letter to the EU this week. Accusing EU leaders of “evok[ing] the colonialist instincts of long-lost ages” and making “disrespectful power declarations”, the letter mounted a staunch defence of the law.

“We central Europeans know what it is like when the state party or the dictatorial system and the power monopoly it operates, want to raise children instead of their parents,” it said. “We did not allow it to the communists, so we will not allow these self-appointed apostles of liberal democracy to educate the children instead of Hungarian parents either.”

Frida Kahlo exhibition brings her work alive

"Frida. The Immersive Experience" presents 26 of the most emblematic works of the late painter. — © AFP

By AFP
Published

July 7, 2021

Natalia Cano

With larger-than-life projections of her work, music and journal extracts, a new exhibition aims to bring Mexican surrealist Frida Kahlo’s paintings to life to mark the 114th anniversary of her birth.

“Frida. The Immersive Experience” presents 26 of the most emblematic works of the late painter, known for her striking self-portraits often brimming with pain and isolation.

The idea is “to get to know Frida’s paintings, which have been around the world, but with a little bit of familiarity and intimacy,” the artist’s great-grandniece Mara de Anda said.

“I believe that Frida was very avant-garde and modern so this fits perfectly. She was a woman ahead of her time,” she told AFP at the launch on Tuesday.

Frida Kahlo, known for her striking self-portraits, is one of the 20th century’s most celebrated artists. — © AFP

Visitors immerse themselves for about 35 minutes in the heart and mind of one of the 20th century’s most celebrated artists, who died in 1954 aged 47.

Works such as “The Two Fridas” and “The Broken Column” converge in a digital art experience fusing video, music and interactive elements inside the Fronton Mexico, an art deco building in the Mexican capital.

“This experience makes it easier for everyone to achieve that connection, and also to understand it because Frida’s paintings are special. They are not easy to understand,” said 39-year-old Diana Olguin from Colombia.

– ‘A different way’ –

The exhibition touches on the difficult times in the life of the painter, who contracted polio when she was a young child, a disease that stunted the growth of her right leg.

The exhibition uses larger-than life projections, music and journal extracts to create an immersive experience of Frida Kahlo’s paintings. — © AFP

When she was 18, a metal tube pierced Kahlo’s abdomen during a bus crash, subjecting her to painful operations and long periods of bed rest throughout her life.

The artist, who twice married muralist Diego Rivera and was a close friend of Russian revolutionary Leon Trotsky, turned to painting while convalescing, using a mirror for self-portraits.

Her works are accompanied at the exhibition by a digital app and an interactive room, as well as poems and pieces of original Mexican music.

People attend the inauguration of a Frida Kahlo immersive exhibition in Mexico City. — © AFP

“For many people who don’t like going to an exhibition where everything is more static, this allows you to know it in a different way,” said Frida Hentschel Romeo, another of the painter’s great-grandnieces.

“So I think the new generations are going to love it,” she said.

All visitors must wear masks, use antibacterial gel and have their temperature taken at the entrance due to the coronavirus, which has taken a devastating toll on Mexico.

“For a year and a half, we couldn’t enjoy this due to the pandemic, and now it’s an incredible opportunity to come and distract yourself for a while and see something new,” said 21-year-old university student Emiliano Diaz.

“The new generations are going to enjoy it because they will see art in a different way,” he added.

Read more: https://www.digitaljournal.com/life/frida-kahlo-exhibition-brings-her-work-alive/article#ixzz7044MNuTx

AND THEY WOULD BE CORRECT

People's Bank of China argues Bitcoin and stablecoins threaten financial security and social stability

CRYPTOS | 7/8/2021 8:39:32 AM GMT

Share on Twitter
Share on Facebook
Share on Linkedin

The People's Bank of China (PBOC) explains its stand on Bitcoin and stablecoins, stating that these are speculative tools that threaten financial security and social stability.
Crackdown on stablecoins continues before the digital renminbi pilot at the Beijing Winter Olympics.
Further steps will be taken if the use of Bitcoin and stablecoins as payment tools for money laundering and illegal economic activities continue.

The deputy governor of the People’s Bank of China has expressed concerns about the use of stablecoins. He announced that the bank is already taking measures to tackle the threat posed by stablecoins.

China’s crackdown on stablecoins

Fan Yifei, the deputy governor of the PBOC, stated the use of stablecoins like Tether (USDT) brings risks and challenges to the international monetary, payment, and settlement system. Yifei maintains that stablecoins have become a speculative tool for money laundering

Global payment giants like Visa would disagree with China’s stand on stablecoins. The multinational financial services corporation recently stated that,

...Stablecoins are on track to become an important part of the broader digital transformation of financial services, and Visa is excited to help shape and support that development.

According to several media outlets, key players in the Chinese cryptocurrency industry are promoting the theory that the crackdown on stablecoins in the nation may be a tactical move ahead of the launch of further pilots for institutional and commercial usage of the digital renminbi. This theory has its foundation in the past when the central government went after Google, Facebook, and other sites before launching a state-owned version of these firms.

Digital RMB pilot for 10 million whitelisted users

Yifei mentioned in his statement that China is currently observing and studying private digital currencies that are not issued by the central bank. However, they are vigorously promoting both versions of the digital renminbi ahead of the Beijing Winter Olympics. The one issued to institutional entities such as commercial banks and the one issued to the public for daily transactions.

PBOC’s deputy governor mentioned that China has attained some consensus on the influence of wholesale digital renminbi and studies reveal that it may have no impact on the existing financial system. The same cannot be said for its retail version since it is not clear yet if it may cause financial disintermediation or weaken the monetary policy. This is the key reason why the government is running pilots for whitelisted users only.

Currently, over 10 million whitelisted users are in queue to participate in the pilot of the digital renminbi at the Beijing Winter Olympics.

Yifei said,

As far as I know, the number of whitelist users has reached 10 million. I hope you can try it if you have the opportunity. The Beijing Winter Olympics scene is the key area of the next pilot. In this process, everyone here may enjoy such conveniences. If you have any problems in use, you can also report to us, and we will make adjustments in time.

Trump Horrified Police Killed Ashli Babbitt, His Innocent Supporter Just Trying To Breach The Capitol

Stephen Robinson

July 08, 2021

Ashli Babbitt was part of the MAGA mob that stormed the Capitol on January 6. There is disturbing video of rioters breaking the glass on doors near the House chamber. Desperate police had blocked the entrance with chairs to keep out the violent mob, but Babbitt was trying to climb through the shattered glass when she was fatally shot by a Capitol Police officer.

When police kill Black people, there's usually only outcry when the kid is 12, the woman is asleep, or Domino's could deliver a pizza in the time the cop had pressed his knee on a Black man's neck. And even then, the cops feel annoyed that we've offered any feedback on their performance.

Babbitt, however, is what Fox News would describe simply as a “thug" or a “criminal" who was rightly killed while she was criming thuggishly. She was certainly no angel, but she's somehow become a rightwing martyr. They even briefly sold Ashli Babbitt “American Patriot" T-shirts at Sears (no, really).

Twitter

It's probably complicated because Babbitt is white and a Trump supporter. But you'd think that the Right would still side the cop, who is also probably a Trump supporter. Maybe the cop isn't white but I thought Republicans backed the blue no matter what! If they can overlook a cop shooting a suspect in the back, they could look the other way if the cop is Black.

Donald Trump claims he adores cops and famously suggested they “don't be too nice" to suspects (as if that was ever a problem). Now he's demanding that they reveal the identity of the officer who killed Babbitt. The Department of Justice has already ruled that the shooting was justified on account of insurrection, but Trump is stirring up his droogs against a cop who probably thought he had his back. It'd be funny if it weren't so pathetic.

During his press conference Wednesday announcing his goofy-ass lawsuit against Facebook, Twitter, and Google, President Law and Order called for an investigation into the officer who shot Babbitt. He said there was “no reason" for her to be killed, like he's some common liberal ingrate who doesn't appreciate the police. He's why they're all quitting! He also said Babbitt was shot in the head, which is a lie. She was shot in the shoulder and because this wasn't an action movie, she died from her injuries instead of just wrapping the wound in her ripped, dirty shirt before fighting more Terminators.

From Forbes:

If the situation were reversed, Trump claimed, without specifying what he meant, the officer who shot Babbitt would be the most "well-known" man in the "world."

Apparently, whoever wrote this Forbes article was literally born the day before it was published. What a prodigy! It's obvious what Trump meant is that if Babbitt were Black, Al Sharpton, Stacey Abrams, and the whole Black Lives Matter brigade would've demanded justice and been in the streets protesting on behalf of the ~~man shot during a routine traffic stop~~ violent seditionist.

TRUMP: There were no guns in the Capitol, except for the gun that shot Ashli Babbitt.

First, yes there were. Second, this remark must've devastated the police, who think guns are everywhere. They also consider any “aggressive" action a potential threat to their own lives. It doesn't matter if the person is armed with a gun or just their limbs. You'd think when the police unions were endorsing Trump last year, they would've made sure he was fully on board with all their copaganda. But they probably took it for granted: After all, Trump defended the cops who seriously injured an old man at a protest in Buffalo.

Twitter

He supported, without hesitation, teen vigilante Kyle Rittenhouse, who shot and killed people in Kenosha, Wisconsin. This is the same President Klan Robe who tweeted, "When the looting starts, the shooting starts," but maybe he thinks the Capitol isn't as important as a Minneapolis CVS. He also wanted the military to shoot Black Lives Matter protesters in the arms and legs, so they too could've likely died like Babbitt.

This sudden attack of empathy for the victim of a police shooting might come as a surprise if you didn't fully understand Trump. He's like a gangster but dumber. Babbitt was a member of his gang, and while he'd eagerly sacrifice all his supporters for a Diet Coke on a silver platter, he doesn't appreciate anyone whacking one without his permission.

Babbitt, an Air Force veteran, was one of many chumps Trump radicalized with his election fraud lies, and she paid the ultimate price. She's been dead for six months now, but Trump isn't done using her.

[Forbes]

Follow Stephen Robinson on Twitter.

WONKETTE

Ransomware: To pay or not to pay? Legal or illegal? These are the questions …

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus.

Tony Anscombe

8 Jul 2021 -

The recent spate of ransomware payments cannot be the best use of cybersecurity budgets or shareholder capital, nor is it the best use of insurance industry funds. So, why are companies paying and what will it take for them to stop?

Why are so many victims paying ransomware demands?

In simple terms, it may just be, or at least initially seem, more cost effective to pay than not to pay. The current precedent to pay likely dates back to the ethically brave organizations who refused to pay. When WannaCryptor (a.k.a. WannaCry) inflicted its malicious payload on the world in 2017, the United Kingdom’s National Health Service bore a significant hit on its infrastructure. The reasons why they were hit so hard are well documented, as are the costs of rebuilding: an estimated US$120 million. This is without considering the human costs due to the 19,000+ cancelled appointments, including oncology.

Then in 2018 the city of Atlanta suffered an attack of SamSam ransomware on its smart city server infrastructure, with the cybercriminal demanding what then seemed like a huge ransom of US$51,000. Several years on and the reported cost of rebuilding systems is placed anywhere between US$11 million and US$17 million; the range takes into account that some of the rebuild was enhancement and improvement. I am sure many taxpayers in the city of Atlanta would have rather the city had paid the ransom.

With examples of publicly recorded incidents showing the cost to rebuild is significantly more than the ransom, then the dilemma of whether to pay or not may be one of cost rather than ethics. As both examples above are either local or central government, these victims’ moral compasses probably pointed them at not funding the next cybercriminal incident. Alas just one year later the municipalities of Lake City and Riviera Beach in Florida handed over US$500,000 and US$600,000, respectively, to pay ransomware demands.

There is no guarantee that a decryptor will be forthcoming or that, if provided, it will even work. Indeed, a recent survey by Cybereason found that almost half of businesses that paid ransoms didn’t regain access to all of their critical data after receiving their decryption keys. Why pay the demand, then? Well, the business of ransomware became more commercialized and sophisticated on both sides: the cybercriminals understood the value of the data involved in their crime, due to the rebuild costs being disclosed publicly, and a whole new industry segment of ransomware negotiators and cyber-insurance emerged on the other. A new business segment was born: companies and individuals began profiting from facilitating the payment of extortion demands.

It’s also important to remember the devastating effects that ransomware can have on a smaller business that is less likely to have access to expert resources. Paying the demand may be the difference between the business surviving to fight another day and closing the doors for good, as happened to The Heritage Company, causing 300 people to lose their jobs. In countries with privacy legislation, paying may also remove the need to inform the regulator; however, I suspect that the regulator should always be informed of the breach regardless of whether payment was on the condition of deleting exfiltrated data.
Paying is often not illegal

In October 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) declared it illegal to pay a ransomware demand in some instances. To clarify, it’s illegal to facilitate the payment to individuals, organizations, regimes and in some instances entire countries that are on the sanctions list. Of significance here is that some cybercrime groups are on the sanctions list. Wasn’t sending or facilitating the sending of funds to anyone on the sanctions list already illegal? I think it probably was, so what was new in this announcement? Oh wait, politics – the voters need to think their governments are doing something to stop the tidal wave of cash to cybercriminals. The European Union follows a similar system with a sanctions regime that prohibits making funds available to parties on the official sanctions list.

Aside from OFAC’s ruling, in the United States there is still no clear guidance on paying ransomware demands, and according to experts it may even be tax-deductible. This may factor into the decision-making process on whether or not a business allows itself to be extorted.

Attribution of either the location or the people behind cybercrime is complex to prove and technology typically assists in assuring that many of these groups remain both anonymous and nomadic, or at least in part. However, knowing who you are paying could be an essential requirement when deciding whether to pay, as inadvertently paying a person or a group that appears on a sanctions list could cause the payee to land on the wrong side of the law. Remember that some individuals on the list may take the opportunity to hide within a group, yet still be sharing the proceeds, possibly making payment illegal.

Figure 1. Desktop wallpaper set by DarkSide

The recent payment of 75 bitcoins (US$4.4 million at that time) by Colonial Pipeline, despite the FBI’s clawback of 63.7 bitcoins (approximately US$2.3 million at the time of recovery, but US$3.7 million at the exchange rate when the ransom was paid), demonstrates that using the sanctions list to prohibit payment is ineffective. Darkside, the bad actors behind the attack and believed to be based in Russia, had been careful to avoid the list by ensuring, for example, that their data storage was not in Iran, thus keeping their “business” in regions that are not on the sanctions list.
The ransomware as a service business model

The cybercriminal group Darkside has now disbanded due to the unwanted attention the Colonial Pipeline incident caused. Was it on the sanctions list and does its closing down mean that the attacks it had in its revenue forecast will stop? “No” and “No”. I am at a loss as to why all known cybercriminal groups are not on the sanctions list, but maybe that’s just too logical. These groups are often service providers and are not the actual attackers who create the “business opportunities”; rather, they provide the infrastructure and services to enable the attackers and then share the revenue generated. This is often referred to as “ransomware as a service” or RaaS, with the actual attackers being commercial affiliates of the RaaS group.

Attackers identify targets, infiltrate their networks in some way, identify and then exfiltrate copies of sensitive data, and then inflict the malicious code from their RaaS provider, such as Darkside, on the victim. RaaS providers facilitate the attack with backend services and the proceeds, once the victim pays up, are then split, typically 75/25. When Darkside quit the business, it’s likely other ransomware service providers benefited and had a bonus day with new affiliates joining with pre-existing qualified deals in the pipeline – no pun intended!

This could raise the question of who is actually responsible for an attack – the affiliate, or the service provider? The attribution reported in the media typically comes from a cyber-forensic team and awards ownership to the service provider, identified by the type of malicious code, payment details, and such like that are a signature and very identifiable. What we rarely hear about is the initiator of the incident, the affiliate; this could very well be that dodgy-looking person down the road, or of course it could be a sophisticated hacker who is taking advantage of unpatched vulnerabilities or a targeted spearphishing attack, and is operating a scalable and well-resourced cybercrime business.

The current trend is to exfiltrate data as well as to deny access to it via encryption; thus, attacks now commonly also involve elements of a data breach.
Is it illegal to pay to prevent data from being published or sold?

The threat that personal or sensitive information may be disclosed or sold on the dark web could be considered a further form of extortion, obtaining benefit through coercion, which in most jurisdictions is a criminal offense. In the United States, where the spate of ransomware demands is occurring, extortion covers both the taking of property and the written or verbal instillation of fear that something will happen to the victim if they do not comply with the extortionist’s demands. The encryption of data and limiting access to systems in a ransomware case is something that has already happened to the victim, but the fear that the exfiltrated data will either be sold or published on the dark web is the instillation of fear in the victim.

Figure 2. Tightening the screw on ransomware victims

With my basic understanding, and I am not a lawyer, it is illegal to make the demand but it does not appear to be illegal to make the payment if you are the victim. So, it’s another scenario where the payment to cybercriminals appears not to be illegal.
Are negotiators and cyber-insurance causing or solving the problem?

The current trend of paying the ransomware demand and an attitude that it’s “just a cost associated with doing business” is not healthy. The question at the boardroom table should be focused on making the organization as cybersecure as possible, taking every possible precaution. With insurance there is likely to be an element of complacency, minimally meeting the need to comply with the requirements set out by the insurer and to then carry on with “business as usual”, knowing that if an unfortunate incident happens, the company can step aside and push the insurer to the front line. The two incidents that affected the cities of Riviera Beach and Lake City where both covered by insurers, as was a payment by the University of Utah of $475,000 and reportedly Colonial Pipeline was also partially covered by cyber-insurance, although at this stage it is unclear if it has claimed.

While cyber-insurance may fund the ransom payment and conduct the negotiation that results in a cushioned impact, there are of course many other costs involved, as previously discussed. The insurers of Norsk Hydro paid US$20.2 million when the company suffered an attack in 2019, with the overall cost being estimated to be between US$58 and $70 million; some of the additional amount may also have been covered by insurance. Hindsight is a luxury, and I am sure that if Norsk Hydro, or any other company that has fallen victim, had its time again it may decide to spend some of the estimated US$38 to US$50 million it then spent above the ransom payment on cybersecurity as a prevention, rather than to cover post-attack expenses to recover from an attack

If I were the cybercriminal, my first task would be to work out who has cyber-insurance, to narrow the list of targets to those that are highly likely to pay – it’s not their money, so why wouldn’t they? This may be why CNA Financial was targeted and reportedly paid US$40 million to regain access to their systems, and I assume to recover the data that was stolen. As a company that offers cyber-insurance, the significant payment could be viewed as payment not to attack CNA customers as the insurer would end up paying for each attack. This assumes the cybercriminal gained access to the customer list, which is unclear. On the flip side, if an insurer pays up, it would be difficult for them not to pay up if one of their insured clients was attacked – paying in this instance could be sending the wrong message.

Cyber-insurance is probably here to stay, but the conditions the insurance should require from a cybersecurity perspective – a resilience and recovery plan – should define extremely high standards, thus reducing the possibility of any claim ever being made. The insurance must not be allowed to become the fallback option. Attacked? It’s a nuisance but that’s OK … we are insured.

Is it time to ban ransomware payments?

The ransomware attack in May by the Conti ransomware group on the Irish health service could highlight the reason not to ban paying the cybercriminal for a decryptor, and ban payment for them to not publish the data they have exfiltrated. As could the attack on Colonial Pipeline; no government wants to see lines forming at the gas pumps and if not paying means providing no or limited service to citizens, this could be politically damaging. There is a moral dilemma caused by an attack on infrastructure, and paying while knowing the funds are used to resource future cyberattacks is difficult, especially when you consider healthcare.

Paying the ransomware demand also seems to create a second chance opportunity for cybercriminals: according to the survey by Cybereason mentioned earlier, 80% of businesses that pay the ransom subsequently suffer another attack, and 46% of companies believe this to be the same attacker. If the data shows that payment of a demand causes additional attacks, then banning the first payment would significantly change the opportunity for cybercriminals to make money.

I appreciate the argument not to ban ransomware payments due the potential damage or risk to human life; however, this view seems to contradict the current legislation. If the group that launches the next attack on a major health service is on the sanctions list, paying is already illegal; this means that organizations can pay some cybercriminals but not others. If the moral dilemma is about protecting citizens then it would be legal for a hospital, for example, to pay any ransomware attack regardless of who the attacker has been identified as.

Government selection, via the sanctions list, of which cybercriminals can be paid and which cannot, seems to be, in my opinion, not the right course of action.
The cryptocurrency conundrum

As all of you who know me know, this is a topic that causes me to rant and become agitated, both for the lack of regulation and the extreme energy consumption used to process transactions. Most financial institutions are regulated and required to meet certain standards that both prevent and detect money laundering – money gained through criminal activity. Opening a bank account or investing with a new financial organization requires you to prove your identity beyond all doubt, requiring passports, utility bills, inside leg measurements and lots of personal information. In some countries this extends to engaging with a lawyer, a real-estate transaction, and many other types of services and transactions. And then there is cryptocurrency, the Wild West for brave investors and the currency of choice for cybercriminals.

Figure 3. Ransom notes from the Maze, Sodinokibi (aka REvil) and NetWalker groups, respectively (first half of 2020)

There is a level of anonymity granted by cryptocurrency that established a method for demands to be made by cybercriminals and payments to be processed by victims without the disclosure of who is receiving the payment. It’s worth noting that not all cryptocurrencies are equal in this regard, though, with some offering at least a glimpse of the receiving wallet, but not who is behind the wallet, and others even obscuring the wallet itself.

In the last month the confusion of politicians on how the regulate cryptocurrency is clear. El Salvador announced its intention to accept bitcoin as legal tender within three months of the announcement; this would be alongside the US dollar as currently legal tender. However, the World Bank has rejected a request from the country to assist with the implementation, citing concerns over transparency and environmental issues. Coin-mining uses significant energy consumption, and in a world concerned about the environment it is in no way eco-friendly: currently Bitcoin’s energy consumption is the same as the entire country of Argentina.

The Sichuan province in China also cited energy consumption issues and recently issued an order to cease bitcoin mining in its region. This was subsequently followed by the Chinese state instructing banks and payment platforms to stop supporting digital currency transactions. The confusion is, without doubt, sure to continue with countries making unilateral decisions on how to react to the relatively new world of digital currencies.

Cryptocurrency has solved a huge problem for cybercriminals – how to receive payment without disclosing their own identity. It also created demand for cryptocurrency: for every victim who pays, demand is generated to acquire the currency to make the payment. This demand drives up the value of the currency, and the market appreciates this; when the FBI announced it had managed to seize the crypto-wallet and recoup 63.7 bitcoins (US$2.3 million) of the Colonial Pipeline payment, the general cryptocurrency market declined on the news; as the market is a roller coaster, this may just be an eerie coincidence.

Curiously, if you are a cryptocurrency investor and you accept that demand for the currencies is in part created by cybercriminals (which, in turn, drives up the value), then you are, in part, indirectly profiting financially from criminal activity. I recently shared this thought in a room of law enforcement professionals, some who admitted to being invested in cryptocurrency … it created a moment of silence in the room.
Conclusion

This complete disregard for decent behavior and not funding cybercrime by paying ransom demands creates an attitude that funding criminal activity is acceptable. It’s not.

The right thing to do is to make funding cybercriminals illegal and legislators should be stepping up to the plate and going to bat to stop the payments from being made. There may be a first-mover advantage for countries that do pass legislation forbidding payments: cybercriminals that are behind these high-value attacks are focused, funded, resourced, and driven. If a country or region passed legislation that prohibited any company or organization from paying a ransomware demand, then the cybercriminals will adapt their business and focus their campaigns on the countries that are yet to act. If this view resonates as logical, then now is the time to act: be first to push cybercrime to other shores where legislators and politicians act at a slower pace; lobby to make this illegal.

However, in reality, there is probably middle ground to ensure companies that consider paying are not doing so because it’s the easy option. If cyber-risk insurance carried an excess or deductible, payable by the insured, of 50% of the incident cost, and could only be invoked when law enforcement or a regulator is notified, and involved in the decision to make payment, then the willingness to pay may change. If such a regulator for cyber-incidents that required payment existed, we would better understand the scale of the problem, as one agency would have vision on all incidents. The regulator would also be a central repository for decryptors, knowing who is on the sanctions list, engaging the relevant law enforcement agencies, notifying privacy regulators and they would know the extent and result of previous negotiations.

It’s worth noting that a recent memorandum issued by the US Department of Justice places requirements to notify the Computer Crime and Intellectual Property section of the US Attorney’s Criminal Division for cases that involve ransomware and/or digital extortion or a subject that is running the infrastructure used by ransomware and extortion schemes. While this does centralize knowledge, it is only for those cases being investigated. There is no mandatory requirement for a business to report a ransomware attack, at least as far as I know; it is recommended, though, and I would urge all victims to connect with law enforcement; if you are located in the US, this page is a starting point.

If you consider that the revenue generated in the payment of the ransomware demand is illicit earnings from criminal activity, then could cryptocurrency in its entirety be held responsible for money laundering or providing safe harbor of funds directly attributed to cybercrime? Despite its name, governments do not recognize cryptocurrency as a currency; they view it as an investment vehicle that is subject to capital gains tax, should you be lucky enough to invest and make money. Any investment company harboring funds directly gained from criminal activity must be committing a crime, so why not the entire cryptocurrency market until it has full transparency and regulation?

In short, make paying the ransom illegal, or at least limit the insurance market’s role and force companies to disclose incidents to a cyber-incident regulator, and regulate cryptocurrency to remove the pseudo right to anonymity. All could make a significant difference in the fight against cybercriminals.

Tony Anscombe

8 Jul 2021 -

WELIVESECURITY

Cyber Command lawyer calls for military operations against hackers

BY ELLEN MITCHELL - 07/08/21

© Getty

The top lawyer for U.S. Cyber Command is calling for the United States to push back against transnational criminal hackers with military cyber operations.

Marine Lt. Col. Kurt Sanger, general counsel at the command, wrote in a recent article published to Lawfare.com that ransomware attacks and other threats such as SolarWinds and Colonial Pipeline hacks highlight “the broad and severe impacts criminals can inflict through cyberspace.”

The disruptions caused by the events “have demonstrated that what initially may be categorized as crime may be better thought of as a national security threat,” and the United States must use its own cyber strength if the threats are to be defeated, Sanger argued.

“Under ideal conditions, law enforcement organizations would address any type of criminal activity; however, in cyberspace, ideal conditions rarely prevail,” Sanger wrote with co-author Navy Cmdr. Peter Pascucci, a judge advocate.

“Transnational crimes, of varying scale and sophistication, can surpass the capacity of U.S. federal law enforcement to take immediate action. ... operational opportunities often must be seized immediately by whatever entity is best positioned to do so.”

The article includes a disclaimer that “theses opinions are the authors’ own and do not necessarily reflect official positions of the Department of Defense or any other U.S. Government organization.”

It is notable, however, that Sanger — who has advised commanders on cyberspace operations and national security issues since 2014 — is arguing for pushback against hackers through military cyber means.

U.S. administrations for years have hesitated in using their own cyber weapons to respond to hacking by other countries or criminals due to America’s vulnerabilities in cyberspace and its susceptibility to potential retaliatory hacking.

Sanger and Pascucci were responding to an April article by former White House cyber adviser Jason Healey, who wrote on Lawfare.com that military cyber operations against hackers should only be considered if it met a multi-part test finding the threat to be imminent, very dangerous, large in scope and linked to major nation-state adversaries.

“If implemented, Healey’s five-part test would significantly disadvantage the United States and take major assets out of the president’s hands,” the author’s wrote. “The self-restraint imposed by this test is ill fit given the nature of cybercrime, the nature of cyberspace targets, and the threats cybercrime poses to the nation and its interests.”

They also note that the self-restraint Healey argues for may be “exactly what U.S. adversaries hope for when committing lawfare and engaging in gray zone operations,” meaning the use of proxy criminals and other ways to hack adversaries without triggering a response.

A spokesperson for Cyber Command told NBC News, which first highlighted the article, that "U.S. Cyber Command's roles are to enable our partners…with the best insights available and act when ordered to disrupt, degrade, or otherwise impose consequences on our adversaries. The command provides options…but does not set policy."

Given the severity and frequency of cyberattacks, many Liability insurance policies CPA firms hold are now excluding coverage for common cyber security breaches. This leaves many firms exposed to financial, legal and business continuity risks of which they may or may not be aware.

While a cybersecurity liability plan may cover third-party legal action and regulatory compliance fines, these additional riders are usually much more expensive with more requirements to be eligible for coverage. There are also a lot of grey areas when it comes to what is covered—including who is considered at fault for the breach (often, the insured is the one carrying that burden).

For example, top cyber breach insurer, AXA, is no longer offering coverage for ransomware attacks. Considering the devastating potential for a ransomware attack to cripple an accounting firm by essentially encrypting all files on an infected computer or network, rendering them useless, this exclusion and others like it strongly signal that it’s time for the accounting profession to think differently about how firms should plan to protect themselves from these growing threats. But how?

Take a Multi-Pronged Approach

Until now, many cyber breach insurers only required clients to check off a few boxes about their security. Now, they are starting to require even more questions be answered and more in-depth assessments in regard to specific requirements related to cybersecurity, before providing coverage.

Considering just the compliance requirements alone, for the GLBA/FTC Safeguards Rule, IRS Data Security Plan and state-based requirements such as the New York SHIELD Act, NYDFS, as well as federal regulations including HIPAA . Clearly, this is is a complex process that requires more than a once-a-year liability insurance renewal check to accomplish successfully.

One Facet of a Robust Response

In order to ensure your firm is truly protected, you need to take a multi-pronged approach including the following steps:

1. Learn about the current IRS requirements for data security specific to tax preparers as well as other regulations and risks that your firm may be exposed to.

2. Conduct a thorough cyber liability assessment to identify the potential risks for your firm.

3. Using this assessment, look for gaps in your current coverage.

4. Create a plan to close these gaps with a comprehensive assessment of where your firm’s cyber liabilities are at present and the specific steps you need to address them to prevent future issues.

5. Compare liability insurance policies and cyber riders to select coverage that maximizes your protection at a reasonable cost.

6. Create and update the required documentation for the IRS, other governing bodies and any insurer you are working with as well as laying out a written plan for how you are protecting your clients’ data and all of the sensitive information your firm handles.

7. Ensure that data security and cyber risk mitigation plan and training are distributed to your employees and any third-parties who need to be aware of it.

It’s key for accounting firm owners and partners to remember that just like health insurance and life insurance have never prevented anybody from getting sick or dying, only having cyber breach or liability insurance has never stopped anyone from getting hacked, breached, or worse.

Your firm needs to focus not only on maximizing its insurance coverage, but also put a process in place for learning about your specific risks related to the type of practice and clients you have. In addition, ensuring your firm has a comprehensive data security plan that meets the requirements of the governing bodies that impact it.

Is Your Firm Prepared?

This question may be one of the most critical ones you ask yourself as a firm owner or partner, because as we have laid out here there are many serious cyberattacks and risks which could threaten the very existence of your firm. The good news is, there are companies who specialize in assisting accounting professionals specifically with these often time-consuming, burdensome but mission-critical tasks.

For professional consultation consider engaging with a third-party with the specialized expertise you need to truly protect the practice and client trust you have worked so hard to build.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

July 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

On July 3, the REvil ransomware affiliate program began using a zero-day security hole (CVE-2021-30116) to deploy ransomware to hundreds of IT management companies running Kaseya’s remote management software — known as the Kaseya Virtual System Administrator (VSA).

According to this entry for CVE-2021-30116, the security flaw that powers that Kaseya VSA zero-day was assigned a vulnerability number on April 2, 2021, indicating Kaseya had roughly three months to address the bug before it was exploited in the wild.

Also on July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site —portal.kaseya.net — was vulnerable to CVE-2015-2862, a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

As its name suggests, CVE-2015-2862 was issued in July 2015. Six years later, Kaseya’s customer portal was still exposed to the data-leaking weakness.

The Kaseya customer support and billing portal. Image: Archive.org

Mandiant notified Kaseya after hearing about it from Alex Holden, founder and chief technology officer of Milwaukee-based cyber intelligence firm Hold Security. Holden said the 2015 vulnerability was present on Kaseya’s customer portal until Saturday afternoon, allowing him to download the site’s “web.config” file, a server component that often contains sensitive information such as usernames and passwords and the locations of key databases.

“It’s not like they forgot to patch something that Microsoft fixed years ago,” Holden said. “It’s a patch for their own software. And it’s not zero-day. It’s from 2015!”

The official description of CVE-2015-2862 says a would-be attacker would need to be already authenticated to the server for the exploit to work. But Holden said that was not the case with the vulnerability on the Kaseya portal that he reported via Mandiant.

“This is worse because the CVE calls for an authenticated user,” Holden said. “This was not.”

Michael Sanders, executive vice president of account management at Kaseya, confirmed that the customer portal was taken offline in response to a vulnerability report. Sanders said the portal had been retired in 2018 in favor of a more modern customer support and ticketing system, yet somehow the old site was still left available online.

“It was deprecated but left up,” Sanders said.

In a written statement shared with KrebsOnSecurity, Kaseya said that in 2015 CERT reported two vulnerabilities in its VSA product.

“We worked with CERT on responsible disclosure and released patches for VSA versions V7, R8, R9 and R9 along with the public disclosure (CVEs) and notifications to our customers. Portal.kaseya.net was not considered by our team to be part of the VSA shipping product and was not part of the VSA product patch in 2015. It has no access to customer endpoints and has been shut down – and will no longer be enabled or used by Kaseya.”

“At this time, there is no evidence this portal was involved in the VSA product security incident,” the statement continued. “We are continuing to do forensic analysis on the system and investigating what data is actually there.”

The REvil ransomware group said affected organizations could negotiate independently with them for a decryption key, or someone could pay $70 million worth of virtual currency to buy a key that works to decrypt all systems compromised in this attack.

But Sanders said every ransomware expert Kaseya consulted so far has advised against negotiating for one ransom to unlock all victims.

“The problem is that they don’t have our data, they have our customers’ data,” Sanders said. “We’ve been counseled not to do that by every ransomware negotiating company we’ve dealt with. They said with the amount of individual machines hacked and ransomwared, it would be very difficult for all of these systems to be remediated at once.”

In a video posted to Youtube on July 6, Kaseya CEO Fred Voccola said the ransomware attack had “limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached.”

“While each and every customer impacted is one too many, the impact of this highly sophisticated attack has proven to be, thankfully, greatly overstated,” Voccola said.

The zero-day vulnerability that led to Kaseya customers (and customers of those customers) getting ransomed was discovered and reported to Kaseya by Wietse Boonstra, a researcher with the Dutch Institute for Vulnerability Disclosure (DIVD).

In a July 4 blog post, DIVD’s Victor Gevers wrote that Kaseya was “very cooperative,” and “asked the right questions.”

“Also, partial patches were shared with us to validate their effectiveness,” Gevers wrote. “During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched. They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Still, Kaseya has yet to issue an official patch for the flaw Boonstra reported in April. Kaseya told customers on July 7 that it was working “through the night” to push out an update.

Gevers said the Kaseya vulnerability was discovered as part of a larger DIVD effort to look for serious flaws in a wide array of remote network management tools.

“We are focusing on these types of products because we spotted a trend where more and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote.

This entry was posted on Thursday 8th of July 2021 11:22 AM

Ransomware as a service: Negotiators are now in high demand

RaaS groups are hiring negotiators whose primary role is to force victims to pay up.

By Charlie Osborne for Zero Day | July 8, 2021

The Ransomware-as-a-Service (RaaS) ecosystem is evolving into something akin to a corporate structure, researchers say, with new openings available for "negotiators" -- a role focused on extorting victims to pay a ransom.

On Thursday, KELA threat intelligence analyst Victoria Kivilevich published the results of a study in RaaS trends, saying that one-man-band operations have almost "completely dissolved" due to the lucrative nature of the criminal ransomware business.

The potential financial gains squeezed from companies desperate to unlock their systems have given rise to specialists in cybercrime and extortion and have also led to a high demand for individuals to take over the negotiation part of an attack chain.

Ransomware can be devastating not only to a business's operations but its reputation and its balance sheet. If attackers manage to strike a core service provider used by other businesses, they may also be able to expand their attack surface to other entities quickly.

In a recent case, zero-day vulnerabilities in VSA software provided by Kaseya were used, over the US holiday weekend, to compromise endpoints and put organizations at risk of ransomware infection. At present, it is estimated that up to 1,500 businesses have been affected, at the least due to the need to shut down VSA deployments until a patch is ready.

According to KELA, a typical ransomware attack comprises four stages: malware/code acquisition, spread and the infection of targets, the extraction of data and/or maintaining persistence on impacted systems, and monetization.

There are actors in each 'area,' and recently, demand has increased for extraction and monetization specialists in the ransomware supply chain.

There's a better way to network. Experts are taking notice too. See it in action with a Live Demo:The AI-Driven Enterprise See the real results from our customers. eg. reduce onsite visits by ~90%Time.

Juniper Networks driven by Mist AI delivers the secure AI-Driven Enterprise, focused on optimizing user experiences from client-to-cloud and simplifying IT operations across the WLAN, LAN, WAN, and cloud.

Mist AI revolutionizes traditional networks that are riddled with complexity and technical debt with AI-driven insights and automation for unprecedented scalability, reliability, and agility.

The emergence of so-called negotiators in the monetization arena, in particular, is now a trend in the RaaS space. KELA researchers say that specifically, more threat actors are appearing that manage the negotiation aspect, as well as piling on the pressure -- such as though calls, distributed denial-of-service (DDoS) attacks, and making threats including the leak of information stolen during a ransomware attack unless a victim pays up.

KELA suggests that this role has emerged due to two potential factors: the need for ransomware operators to walk away with a decent profit margin and a need for individuals able to manage conversational English to hold negotiations effectively.

"This part of the attack also seems to be an outsourced activity -- at least for some affiliates and/or developers," Kivilevich says. "The ransomware ecosystem, therefore, more and more resembles a corporation with diversified roles inside the company and multiple outsourcing activities."

Initial access brokers, too, are in demand. After observing dark web and forum activity for over a year, the researchers say that privileged access to compromised networks has surged in price. Some listings are now 25% - 115% more than previously recorded, especially when domain admin-level access has been achieved.

KELA

These intrusion specialists may be paid between 10% and 30% of a ransom payment. However, it should also be noted that some of these brokers will not work with ransomware deployments at all and will only 'sign up' to an attack leveraged against other targets, such as those that will lead to credit card records being obtained.

"During recent years, ransomware gangs grew into cybercrime corporations with members or "employees" specializing in different parts of ransomware attacks and various accompanying services," KELA commented. "The recent ban of ransomware on two major Russian-speaking forums does not seem to affect this ecosystem because only the advertisement of affiliate programs was banned on the forums."

LA REVUE GAUCHE - Left Comment