The CyberWire Daily Podcast 3.27.24
Ep 2033 | 3.27.24

If there's something strange in your neighborhood, don't call Facebook.

Transcript

Facebook's Secret Mission to Unmask Snapchat. The White House wants AI audits. Hackers exploit the open-source Ray AI framework. Finnish Police ID those responsible for the 2021 parliament breach. Operation FlightNight targets Indian government and energy sectors. Chinese APT groups target ASEAN entities. A notorious robocaller is rung up for nearly ten million dollars. In our latest Learning Layer, join Sam Meisenberg as he unpacks the intricacies of the CISSP diagnostic with Joe Carrigan from Johns Hopkins University. And Ann Johnson from Microsoft's Afternoon Cyber Tea visits the world of Smashing Security with Graham Cluley and Carole Theriault . And the UK’s watchers need watching. 

Today is March 27th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Facebook's Secret Mission to Unmask Snapchat. 

A report from TechCrunch says that in 2016, Facebook initiated "Project Ghostbusters," a clandestine operation aimed at decrypting and intercepting network traffic between Snapchat users and its servers to analyze user behavior and compete more effectively. This project was revealed through court documents from a class action lawsuit against Meta, Facebook's parent company. The project extended to analyzing traffic from Amazon and YouTube users, requiring the development of technology to bypass encryption. Facebook's method involved Onavo, a VPN-like service it acquired, which could intercept encrypted app traffic. In internal communications, Mark Zuckerberg emphasized the importance of finding new ways to gain analytics on competitors due to Snapchat's encrypted traffic and rapid growth. Despite internal concerns over the ethical implications of intercepting encrypted data, the project proceeded, using an adversary-in-the-middle approach to gather data. This revelation came from a lawsuit alleging that Facebook lied about its data collection practices and used the data to unfairly compete with emerging companies. The project raised significant privacy concerns, with key Facebook engineers questioning the morality of such practices.

The White House wants AI audits. 

The Biden administration is advocating for mandatory audits of high-risk AI systems and clearer guidelines on liability in the AI supply chain. This comes per a report from the National Telecommunications and Information Administration (NTIA). This push for accountability aims to ensure responsible AI use and management of associated risks, aligning with President Biden's executive order to secure AI through developer notifications of high-risk AI model training. The report suggests independent audits, potential pre-release certifications for high-risk sectors, and "AI nutrition labels" for better transparency. It also encourages legal discussions on applying existing liability rules to AI, proposing a collaborative approach to managing AI's cross-sectoral risks, including a national registry for high-risk AI deployments and an AI incident reporting database.

Hackers exploit the open-source Ray AI framework. 

Hackers are exploiting a vulnerability in Ray, an open-source AI framework used for developing and deploying large-scale Python applications, including machine learning, scientific computing, and data processing. The vulnerability, termed ShadowRay by Oligo Security researchers, has led to the compromise of thousands of Ray servers globally, affecting sectors like healthcare, education, and video analytics. This framework, utilized by leading tech firms such as Uber, Amazon, and OpenAI, has become a target due to its extensive use in processing vast amounts of data and executing complex computational tasks. The exploit allows attackers to hijack computing resources for cryptocurrency mining and access sensitive information, including database credentials and payment tokens. Despite its wide impact, the vulnerability was not initially regarded as critical, partly because Anyscale, the developer behind Ray, contends that the framework is designed for secure network environments, arguing the issue is a feature, not a flaw. 

Finnish Police ID those responsible for the 2021 parliament breach. 

The Finnish Police have confirmed that APT31, a hacking group associated with China's Ministry of State Security, was responsible for a 2021 breach of Finland's parliament. A joint investigation involving the Finnish Security and Intelligence Service and international partners has been examining the breach, focusing on charges of aggravated espionage and other offenses. The investigation, spanning from autumn 2020 to early 2021, has uncovered a complex criminal infrastructure and identified one suspect. This breach, initially described as state cyber-espionage, involved unauthorized access to several parliament email accounts, including those of Finnish MPs.

Operation FlightNight targets Indian government and energy sectors. 

EclecticIQ analysts uncovered a cyber espionage campaign, dubbed "Operation FlightNight," targeting Indian government and energy sector entities starting March 7th, 2024. The attackers used a phishing email, disguised as an Indian Air Force invitation, to distribute a modified version of the HackBrowserData information stealer. The malware exfiltrated confidential data, including internal documents and web browser information, via Slack channels. Over 881 GB of data from agencies overseeing electronic communications, IT, national defense, and private energy companies were compromised, suggesting a motive of further infiltrating Indian government infrastructure. Similarities with a previous attack in January 2024 indicate a likely cyber espionage intent. EclecticIQ has alerted Indian authorities to aid in victim identification and response efforts.

Chinese APT groups target ASEAN entities. 

Over the last three months, two Chinese APT groups have been targeting entities within countries affiliated with the Association of Southeast Asian Nations (ASEAN) countries through cyber espionage campaigns, as observed by Unit 42 of Palo Alto Networks. Their report highlights the activities of Stately Taurus, an APT group active since at least 2012, known for its espionage against governments, non-profits, and NGOs globally. This recent campaign targeted Myanmar, the Philippines, Japan, and Singapore, coinciding with the ASEAN-Australia Special Summit from March 4-6, 2024. Unit 42 identified two malware packages, "Talking_Points_for_China.zip" and "PSO.scr," the latter possibly referring to a Myanmar military rank, which were used to infiltrate Asian countries during the summit. The second Chinese-affiliated APT group remained unnamed in the Unit 42 report.

A notorious robocaller is rung up for nearly ten million dollars. 

A Montana federal court imposed a $9.9 million penalty and issued an injunction against an individual for making thousands of illegal and harmful "spoofed" robocalls nationwide, violating the Truth in Caller ID Act and Telephone Consumer Protection Act. Initiated by a Federal Communications Commission (FCC) investigation into robocalls that misled recipients with false local caller IDs, these messages contained offensive content aimed at certain communities. Notably, calls targeted areas in Brooklyn, Iowa, and Charlottesville, Virginia, during sensitive times. The FCC traced the calls to Scott Rhodes, leading to a January 2021 penalty of $9,918,000. Following a Justice Department lawsuit, the court affirmed the penalty and injunction.

 

Coming up next, we’ve got part three of our Learning Layer special series where N2K’s Sam Meisenberg talks with Joe Carrigan of Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. In this segment, about Joe’s quest for his CISSP certification. Today they discuss the results of Joe's CISSP diagnostic and dive deep into one of the assessment questions. 

Next, we have a segment of the Afternoon Cyber Tea podcast, host Ann Johnson goes inside the Smashing Security podcast with our friends Graham Cluley and Carole Theriault. 

Welcome back. You can find a link to Ann, Carole, and Graham’s full discussion in the show notes. 

 

The UK’s watchers need watching. 

In an almost comedic twist that reads like the plot of a satirical novel, the UK's very own guardians against eavesdropping, the National Authority for Counter-Eavesdropping (UK NACE), have been caught with their hands in the proverbial cookie jar. Granted new powers in October 2021 to sift through communications data for national security, they somehow managed to trip over the fine line between surveillance and unlawful snooping, all in a botched attempt to uncover a journalistic source. According to the 2022 annual report from the Investigatory Powers Commissioner's Office (IPCO), which oversees these activities, the UK’s watchdogs were anything but vigilant, racking up a "high incidence of errors" and proceeding without the necessary judicial green lights.

Sir Brian Leveson, the commissioner himself, was apparently so alarmed by these findings that he questioned UK NACE's competency to lawfully wield its powers without someone looking over its shoulder. The outcome? A temporary revocation of their self-authorization privileges until they could prove themselves capable of not tripping over their own feet.

Fast forward to a December 2022 re-inspection, and UK NACE appears to have cleaned up its act, convincing the powers that be of its renewed competency. By January 2023, it was back to business as usual, with the government voicing its confidence in an agency that had, just moments before, proven it needed a bit more than just a slap on the wrist.

Our “who watches the watchmen” desk commented that watching an entity designed to prevent unlawful eavesdropping get chastised for unlawful eavesdropping is an irony so rich it could only be served with a side of humble pie. One can only hope this serves as a reminder of the importance of oversight, especially when it comes to protecting the sanctity of journalistic sources. But forgive me if I'm not holding my breath.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. You can email us at cyberwire@n2k.com—your feedback helps us ensure we’re delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.

We’re privileged that N2K and podcasts like the CyberWire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world’s preeminent intelligence and law enforcement agencies.

N2K strategic workforce intelligence optimizes the value of your biggest investment—people. We make you smarter about your team, while making your team smarter. Learn more at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music by Elliott Peltzman. Our executive producers are Jennifer Eiben and Brandon Karpf. Our executive editor is Peter Kilpe, and I’m Dave Bittner. Thanks for listening.