Trump’s North Korea Summit Inspires Spearphishing

Credit to Author: Emily Dreyfuss| Date: Sat, 02 Mar 2019 14:00:00 +0000

Attention this week bent toward the House Oversight Committee, where President Trump’s former lawyer Michael Cohen testified Wednesday that the president was “a conman.” WIRED’s resident Mueller investigation expert Garrett Graff had five takeaways from the testimony. And while the politicians in the room grandstanded, Graff concluded that Cohen himself looked more credible than ever.

So riveting was the hearing—which included heated arguments about race, scandalous details about payoffs, and whispered collusion about meetings with Russia—that you’d be forgiven for missing that other things actually happened this week, too.

There was the whole summit with North Korea, which fell apart and revealed that President Trump can’t make a nuclear deal with a hostile enemy nation on his own. We also learned that US government hackers turned off the internet for the Russian troll factory known as the Internet Research Agency during last year’s midterm elections. The FTC hit TikTok with what the agency says is the largest ever fine for violating children’s online privacy.

Email scammers are now accepting iTunes gift cards. Holes in 4G and 5G network protocols apparently let hackers track your phone and listen in on your conversations—so, yeah, that’s comforting. And researchers found a new way to slip malware into cloud servers.

One piece of good news from the week: Android is now onboard with the “kill passwords” movement, and will help get rid of that kludgy old security protocol for more than a billion devices.

But of course, there's more! Each week we round up all the news we didn’t break or cover in depth. Click on the headlines to read the full stories. And stay safe out there.

As with almost every high-profile geopolitical event, this week’s summit between the US and North Korea inspired a flurry of hacking activity. Hackers sent out spearphishing emails, purporting to invite recipients to Seoul to analyze the summit with a group calling itself the “Korea-U.S. Friendship Society.” The email invitations included an attachment with malware code that researchers have previously associated with North Korean operatives. During President Trump’s first meeting with North Korea last year, there was a similar “spike in malware” from presumed North Korean hackers, one expert told CyberScoop. Last year, they reportedly breached companies across the globe while the summit was happening. So far this year’s efforts appear to have been tamer.

Financial institutions like Dow Jones keep track of high-risk individuals and companies across the world, to help clients make sure they don’t get their business tangled up with terrorists or people who have sanctions against them, for instance. This week, Dow Jones’ database, which was hosted on Amazon Web Services, leaked. According to TechCrunch, a security researcher found all 2.4 million entries on the database exposed. Among those listed were politicians, terrorists, and people linked to financial fraud. This isn’t the first time a watchlist like this has leaked; three years ago a similar list maintained by financial institution Thomson Reuters also leaked.

In keeping with the global trend toward an authoritarian-style internet, this week Thailand passed a cybersecurity law touted as protecting people from hacks. However, its vague wording and emphasis on allowing the government to access data and computer equipment without any kind of court order has critics around the world and in Thailand worried that it will usher in an era of massive surveillance. “This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data,” Jeff Paine, managing director of the Asia Internet Coalition, said in a statement. Thailand has been governed by a military junta since a 2014 coup, and has been accused of censorship repeatedly in its short rule. This new law, which passed through parliament with no objections, is right out of the Chinese playbook that encourages cybersecurity laws crafted to enable government surveillance, censorship, and control.

There’s this controversial Italian hacking group called, creatively, Hacking Team, which has over the years been caught selling hacking tools to authoritarian governments. As a result, Hacking Team is a bit of a persona non grata in the security community. This week, the stench from Hacking Team’s misdeeds wafted over and sullied cryptocurrency exchange Coinbase, after news came out that Coinbase had purchased a startup founded by three former Hacking Team members, according to Motherboard. Some Coinbase users were so upset they started a social media campaign to #DeleteCoinbase. But they found it wasn’t so simple. To leave Coinbase, they have to have an account balance of zero, but some members had “infinitesimal fractions of cryptocurrency called ‘dust’ in their accounts,” according to Motherboard, which made it hard to actually go through with their protest closures. Now they are reportedly getting around it by sending their dust to other users before closing.

https://www.wired.com/category/security/feed/