It’s been a very busy week for both matters dealing with information and security. Almost as if with only two weeks or so to go in the year, it all has to be crammed in before we get to 2020. So rather than ignore everything but one item, I thought I’d pick several and do a roundup with some brief analysis and commentary.
RING doorbells are not your friends! This week Vice reported that a hacker ring with a podcast (please don’t ask…) has been hacking into both Ring and Nest smart-home cameras and then live-streaming the hackers interacting with the people they’re victimizing. This includes hacking into the RING camera in an 8-year-old girl’s bedroom and then interacting with her through the hacked device. I’m not technology shy, but if you’ve got a RING doorbell or a RING or NEST smart home camera, you may want to think about switching to a more secure alternative.
If you have your own server or rely on a provider’s for business or personal reasons, you may want to check and see what technologies and protocols the server is running. ZDNet has reported that Russian authorities have raided the Moscow offices of NGINX, seizing equipment and detaining employees as part of a copyright violation claim. NGINX is the company behind the most popular web server code.
Given Russia’s Intelligence Services’ longstanding involvement in a variety of cyber operations, from espionage to crime to information warfare, now might be a good time to double check and make sure if you’ve got a server to rely on. Companies (and people) need to minimize risk now that it is not clear what the Russian government has seized. Nor is it known what they might actually do with what they’ve already seized.
The Wall Street Journal reported Friday that the Federal Trade Commission (FTC) is considering antitrust action against Facebook; specifically for how the various apps that Facebook owns interact. According to the reporting, the FTC is considering a preliminary injunction by January.
The action is focused both on how Facebook’s various apps – including Facebook, Instagram, Messenger, and WhatsApp interact, and how they interact with other platforms. It also will examine whether their integration would make it harder to take future antitrust action against Facebook, should that become necessary.
Remember, Facebook’s actual product is you. Specifically, their product is all your information; what you like and don’t like, who you talk to and don’t, what you buy, where you travel to, etc. Facebook makes a profit by monetizing you and your information. And it has gotten caught selling that information to people who don’t have your, or anyone else’s best interests in mind, other than those that pay them. In 2004, Facebook CEO Mark Zuckerberg said: “You can be unethical and still be legal; that’s the way I live my life.” He seems nice… Exactly the kind of person I want to entrust with all the information about my life.
Finally, I just want to briefly touch on the Department of Justice’s (DOJ) Inspector General (IG) report pertaining to the origins of the counterintelligence investigation into the President’s 2016 campaign, as well as into four other individuals related to the campaign. Michael Horowitz, who is the DOJ’s IG, released the 400-plus page report this week and then testified before the Senate Judiciary Committee pertaining to the report. You can find the report at this link. And yes, I fully realize that everyone is busy and no one has time to read over 400 pages of technical language and legalese pertaining to counterintelligence. Which is why you need to read the 14-page Executive Summary which includes all the findings.
Yes, I know you’ll all be sending me lumps of coal this year over what I write next. The bottom line of what Mr. Horowitz and his investigators found is that the counterintelligence investigation was properly predicated; that there was no evidence that anyone’s political beliefs or other biases affected starting the investigation or how the investigation was conducted. Both the President’s campaign and Secretary Clinton’s campaign were given defensive counterintelligence briefings in mid-2016, where they were warned that Russia was trying to intervene in the election. Both campaigns were given guidance that if Russian or any other foreign actors contacted the campaign or campaign officials, that they should contact the FBI. Both campaigns were told that there were some concerning irregularities involved with the Foreign Intelligence Surveillance Act (FISA) warrant application for one of the four other individuals.
Mr. Horowitz has indicated that he is going to conduct a follow-on investigation into FISA warrant applications in order to determine if these irregularities are the norm or were a one-off for this one individual’s warrant application. Shortly after receiving the IG’s report, FBI Director Wray announced that he would be implementing 40 corrective measures to address the issues that Mr. Horowitz’s report identified.