At a glance.
- Iowa Democratic caucus experience puts mobile election apps in bad odor.
- Russian cyber operations against Ukraine increase.
- Charming Kitten phishes rivals, religious opponents.
- Child-protection in the crypto wars.
- US says Chinese espionage is unremitting.
No to mobile election apps, post Iowa.
The poorly-tested, indifferently designed, and strictly speaking superfluous mobile application the Iowa Democratic Party used in this week's caucus, Shadow, Inc.'s IowaReporterApp, has cast a pall over the use of mobile apps for electoral purposes. “Clearly done by someone following a tutorial,” an “off-the-shelf, skeleton product,” and “looks hastily thrown together” are among the assessments Motherboard quotes. ProPublica reports that it sent a copy of the app to Veracode for a security assessment. Veracode found that “vote totals, passwords and other sensitive information could have been intercepted or even changed” by hackers.
The failure of IowaReporterApp to do half as well as paper, pencil, and landline for tabulating and reporting results has caused the next state party that intended to use it--the Democrats of Nevada--to put the software firmly on the shelf.
And suspicion about using any mobile apps for election work may be spilling over onto other, unrelated products. Senator Wyden, Democrat of Oregon, has written Oregon’s Secretary of State to advise against using the Voatz app for absentee voting. It's not that the Senator has any particular beef with Voatz. Rather, he argues that, at the present state of online security, any Internet voting is best considered insecure.
Moscow raises its optempo against Kiev. Is Minsk next?
SentinelLabs reports on renewed activity against Ukrainian targets by the Gamaredon Group, a state-sponsored APT that Ukrainian security services associate with Russia’s FSB. The FSB is generally regarded as Cozy Bear’s proprietor. SentinelLabs sees the activity as a bellwether for future hybrid war: when kinetic fighting slows or freezes due to strategic, operational, or diplomatic pressures, expect an intensification of activity in cyberspace.
Forbes talked to SentinelLabs and concluded that Ukraine has effectively become a proving ground. Russian cyber tactics, techniques, and procedures that will eventually be used elsewhere are first deployed against Ukraine. Foreign Affairs suggests that the next field of Russian activity may be, surprisingly, Belarus, long the most Russophile state in the Near Abroad, but a state that’s begun to push back against Russian diplomatic moves to bring Minsk even closer to Moscow.
Tehran's Charming Kitten fingered as source of bogus journalist interview phishing.
Security firm Certfa Lab is calling out Charming Kitten, the well-known Iranian APT, as the group responsible for a recent phishing campaign that spoofed a Wall Street Journal writer’s email to prospect targets for further compromise. The phishbait is a bogus request for an interview.
Certfa Lab’s list of Charming Kitten’s interests is broad but still instructive: “private and government institutions, think tanks and academic institutions, organizations with ties to the Baha’i community, and many others in European countries, the United States, United Kingdom, [and] Saudi Arabia."
Child protection is the latest front in the crypto wars.
Various child protection advocacy groups have joined the US Department of Justice as irregulars fighting on its side in the crypto wars, the New York Times reports. Their concern is that Facebook's implementation of end-to-end encryption serves to enable online predators, and then to conceal their tracks from law enforcement.