Friday Squid Blogging: Squid Can Edit Their Own Genomes

This is new news:

Revealing yet another super-power in the skillful squid, scientists have discovered that squid massively edit their own genetic instructions not only within the nucleus of their neurons, but also within the axon -- the long, slender neural projections that transmit electrical impulses to other neurons. This is the first time that edits to genetic information have been observed outside of the nucleus of an animal cell.

[...]

The discovery provides another jolt to the central dogma of molecular biology, which states that genetic information is passed faithfully from DNA to messenger RNA to the synthesis of proteins. In 2015, Rosenthal and colleagues discovered that squid "edit" their messenger RNA instructions to an extraordinary degree -- orders of magnitude more than humans do -- allowing them to fine-tune the type of proteins that will be produced in the nervous system.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on May 22, 2020 at 4:12 PM38 Comments

Bart Gellman on Snowden

Bart Gellman's long-awaited (at least by me) book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State, will finally be published in a couple of weeks. There is an adapted excerpt in the Atlantic.

It's an interesting read, mostly about the government surveillance of him and other journalists. He speaks about an NSA program called FIRSTFRUITS that specifically spies on US journalists. (This isn't news; we learned about this in 2006. But there are lots of new details.)

One paragraph in the excerpt struck me:

Years later Richard Ledgett, who oversaw the NSA's media-leaks task force and went on to become the agency's deputy director, told me matter-of-factly to assume that my defenses had been breached. "My take is, whatever you guys had was pretty immediately in the hands of any foreign intelligence service that wanted it," he said, "whether it was Russians, Chinese, French, the Israelis, the Brits. Between you, Poitras, and Greenwald, pretty sure you guys can't stand up to a full-fledged nation-state attempt to exploit your IT. To include not just remote stuff, but hands-on, sneak-into-your-house-at-night kind of stuff. That's my guess."

I remember thinking the same thing. It was the summer of 2013, and I was visiting Glenn Greenwald in Rio de Janeiro. This was just after Greenwald's partner was detained in the UK trying to ferry some documents from Laura Poitras in Berlin back to Greenwald. It was an opsec disaster; they would have been much more secure if they'd emailed the encrypted files. In fact, I told them to do that, every single day. I wanted them to send encrypted random junk back and forth constantly, to hide when they were actually sharing real data.

As soon as I saw their house I realized exactly what Ledgett said. I remember standing outside the house, looking into the dense forest for TEMPEST receivers. I didn't see any, which only told me they were well hidden. I guessed that black-bag teams from various countries had already been all over the house when they were out for dinner, and wondered what would have happened if teams from different countries bumped into each other. I assumed that all the countries Ledgett listed above -- plus the US and a few more -- had a full take of what Snowden gave the journalists. These journalists against those governments just wasn't a fair fight.

I'm looking forward to reading Gellman's book. I'm kind of surprised no one sent me an advance copy.

Posted on May 20, 2020 at 2:08 PM35 Comments

Criminals and the Normalization of Masks

I was wondering about this:

Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus.

"Criminals, they're smart and this is a perfect opportunity for them to conceal themselves and blend right in," said Richard Bell, police chief in the tiny Pennsylvania community of Frackville. He said he knows of seven recent armed robberies in the region where every suspect wore a mask.

[...]

Just how many criminals are taking advantage of the pandemic to commit crimes is impossible to estimate, but law enforcement officials have no doubt the numbers are climbing. Reports are starting to pop up across the United States and in other parts of the world of crimes pulled off in no small part because so many of us are now wearing masks.

In March, two men walked into Aqueduct Racetrack in New York wearing the same kind of surgical masks as many racing fans there and, at gunpoint, robbed three workers of a quarter-million dollars they were moving from gaming machines to a safe. Other robberies involving suspects wearing surgical masks have occurred in North Carolina, and Washington, D.C, and elsewhere in recent weeks.

The article is all anecdote and no real data. But this is probably a trend.

Posted on May 20, 2020 at 6:26 AM24 Comments

AI and Cybersecurity

Ben Buchanan has written "A National Security Research Agenda for Cybersecurity and Artificial Intelligence." It's really good -- well worth reading.

Posted on May 19, 2020 at 6:18 AM7 Comments

Ramsey Malware

A new malware, called Ramsey, can jump air gaps:

ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 (Ramsay v1), and two others in early and late March 2020 (Ramsay v2.a and v2.b).

Each version was different and infected victims through different methods, but at its core, the malware's primary role was to scan an infected computer, and gather Word, PDF, and ZIP documents in a hidden storage folder, ready to be exfiltrated at a later date.

Other versions also included a spreader module that appended copies of the Ramsay malware to all PE (portable executable) files found on removable drives and network shares. This is believed to be the mechanism the malware was employing to jump the air gap and reach isolated networks, as users would most likely moved the infected executables between the company's different network layers, and eventually end up on an isolated system.

ESET says that during its research, it was not able to positively identify Ramsay's exfiltration module, or determine how the Ramsay operators retrieved data from air-gapped systems.

Honestly, I can't think of any threat actor that wants this kind of feature other than governments:

The researcher has not made a formal attribution as who might be behind Ramsay. However, Sanmillan said that the malware contained a large number of shared artifacts with Retro, a malware strain previously developed by DarkHotel, a hacker group that many believe to operate in the interests of the South Korean government.

Seems likely.

Details.

Posted on May 18, 2020 at 6:15 AM12 Comments

Friday Squid Blogging: Vegan "Squid" Made from Chickpeas

It's beyond Beyond Meat. A Singapore company wants to make vegan "squid" -- and shrimp and crab -- from chickpeas.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on May 15, 2020 at 4:19 PM110 Comments

US Government Exposes North Korean Malware

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February.

The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool (RAT) "used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities."

This RAT is known for its capability to help the threat actors perform system reconnaissance, run arbitrary commands on compromised systems, and exfiltrate stolen data.

TAINTEDSCRIBE is a trojan that acts as a full-featured beaconing implant with command modules and designed to disguise as Microsoft's Narrator.

The trojan "downloads its command execution module from a command and control (C2) server and then has the capability to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."

Last but not least, PEBBLEDASH is yet another North Korean trojan acting like a full-featured beaconing implant and used by North Korean-backed hacking groups "to download, upload, delete, and execute files; enable Windows CLI access; create and terminate processes; and perform target system enumeration."

It's interesting to see the US government take a more aggressive stance on foreign malware. Making samples public, so all the antivirus companies can add them to their scanning systems, is a big deal -- and probably required some complicated declassification maneuvering.

Me, I like reading the codenames.

Lots more on the US-CERT website.

Posted on May 14, 2020 at 6:29 AM13 Comments

New US Electronic Warfare Platform

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks.

...the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range jammers to shut down remote-controlled roadside bombs. Now it's being urgently rebuilt to counter Russia and China, whose high-tech forces --- unlike Afghan guerrillas -- rely heavily on radio and radar systems, whose transmissions US forces must be able to detect, analyze and disrupt.

It's hard to tell what this thing can do. Possibly a lot, but it's all still in prototype stage.

Historically, cyber operations occurred over landline networks and electronic warfare over radio-frequency (RF) airwaves. The rise of wireless networks has caused the two to blur. The military wants to move away from traditional high-powered jamming, which filled the frequencies the enemy used with blasts of static, to precisely targeted techniques, designed to subtly disrupt the enemy's communications and radar networks without their realizing they're being deceived. There are even reports that "RF-enabled cyber" can transmit computer viruses wirelessly into an enemy network, although Wojnar declined to confirm or deny such sensitive details.

[...]

The pod's digital brain also uses machine-learning algorithms to analyze enemy signals it detects and compute effective countermeasures on the fly, instead of having to return to base and download new data to human analysts. (Insiders call this cognitive electronic warfare). Lockheed also offers larger artificial intelligences to assist post-mission analysis on the ground, Wojnar said. But while an AI small enough to fit inside the pod is necessarily less powerful, it can respond immediately in a way a traditional system never could.

EDITED TO ADD (5/14): Here are two reports on Russian electronic warfare capabilities.

Posted on May 13, 2020 at 8:49 AM12 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.