News for the cybersecurity community during the COVID-19 emergency: Friday, May 1st, 2020. Daily updates on how the pandemic is affecting the cybersecurity sector.
Developing intelligence about the origins of COVID-19.
How and where the coronavirus strain that's come to be known as COVID-19 emerged has been the subject of a great deal of misinformation and disinformation. It seems beyond serious dispute that the virus emerged in China, and, although consensus here is less strong, that it jumped to humans from bats. The US Intelligence Community has been investigating COVID-19's origins, and the Office of the Director of National Intelligence has released its initial findings. The statement is brief and we quote it in full:
“The entire Intelligence Community has been consistently providing critical support to U.S. policymakers and those responding to the COVID-19 virus, which originated in China. The Intelligence Community also concurs with the wide scientific consensus that the COVID-19 virus was not manmade or genetically modified.
“As we do in all crises, the Community’s experts respond by surging resources and producing critical intelligence on issues vital to U.S. national security. The IC will continue to rigorously examine emerging information and intelligence to determine whether the outbreak began through contact with infected animals or if it was the result of an accident at a laboratory in Wuhan.”
There had been disinformation from China that the virus was an American biowar program gone rogue, and from fringe conspiracy speculators largely but not exclusively in the US that it was deliberately engineered by China in a Wuhan lab. The least credible version of the conspiracy theory was that the virus was a weapon the Chinese lost control of, the more credible version was that the virus emerged in its lethal form when some gain-of-function research in Wuhan was bungled, and the virus was accidentally released. There is a major biological laboratory in Wuhan, and the US Intelligence Community continues to investigate whether there may have been an accident in a research program there, but the ODNI's statement categorically rules out both deliberate weaponization and risky genetic engineering. So the remaining options seem to be either a lab accident or, more probably, a zoonotic disease that made the jump from bats to humans.
Prepare for more disinformation, and more state-sponsored hacking.
Foreign Policy reports signs that Russian influence operations under preparation for the upcoming European and US elections will prominently feature COVID-19 disinformation. Some of that disinformation will represent low-hanging fruit: if people fear coming into a public polling place to vote, exaggerating and playing to such fear will have the effect of undermining the electorates' willingness to participate.
According to SecurityWeek, the European Union yesterday issued a condemnation of cyberattacks mounted against hospitals and other organizations engaged in fighting the COVID-19 pandemic. The EU didn't name names, and much of the hacking is surely criminal, and not under state direction. But some of the malicious activity probably is state-directed, notably attacks on Czech healthcare facilities, which Czech authorities (and public opinion) increasingly ascribe to Russian intelligence services.
Foreign Policy sees the origin of recent Russo-Czech tension in the Czechs' removal of a statue commemorating Red Army Marshal Konev, who led the Soviets' expulsion of German forces from Czechoslovakia in 1945 and then took a leading role in post-war repression of Eastern European countries. The Czechs remember the repression; the Russians think that anyone who would take down a monument to their victory in the Great Patriotic War must be a fascist. These tensions may now have moved from cyberspace to the kinetic world: several Czech officials are receiving enhanced protection against assassination. Some Russian operators are believed to have entered the country, possibly under diplomatic cover, armed with the toxin Ricin, which Russian services have before used to kill dissidents and other troublesome people abroad. Russia denies any involvement in the cyberattacks, and even more strongly denies any preparations for assassinations.
No letup in cybercrime during the pandemic.
The US Federal Bureau of Investigation says that reported cases of cybercrime have risen dramatically during the pandemic. How dramatically? The FBI's Internet Crime Complaint Center (IC3) normally receives about a thousand complaints a day. The IC3 is now logging, CyberArk observes, two to three times that number.
A report by Kaspersky concludes that Remote Desktop Protocol (RDP) brute-forcing has increased tremendously: "The lockdown has seen the appearance of a great many computers and servers able to be connected remotely, and right now we are witnessing an increase in cybercriminal activity with a view to exploiting the situation to attack corporate resources that have now been made available (sometimes in a hurry) to remote workers."
How do you keep workers on task while they're working remotely?
And do you even need to try? Granted that telework is not the same as phoning it in, but it does seem that some organizations are taking very intrusive steps to ensure that employees stay on task. The Washington Post writes, "Thousands of companies now use monitoring software to record employees’ Web browsing and active work hours, dispatching the kinds of tools built for corporate offices into workers’ phones, computers and homes. But they have also sought to watch over the workers themselves, mandating always-on webcam rules, scheduling thrice-daily check-ins and inundating workers with not-so-optional company happy hours, game nights and lunchtime chats."
Some of these seem fine: well-intentioned morale-boosters like happy hours and game nights seem innocent enough, and entirely innocent if they're truly voluntary and non-coercive. The keyloggers and always-on webcams, however, seem to be another matter entirely. But even the innocent measures by which companies stay connected trouble some, who see them as further blurring the lines between home and work, between free time and the time you spend on the clock. And eventually close surveillance may become a net negative.
We're fortunate at the CyberWire in that our work is of the kind that doesn't seem to tempt anyone to keep very close tabs on us. If the stories are filed and accurate, the suits are good-to-go, and all of us have been enjoying the virtual happy hours (which are voluntary). But there may be kinds of work where some form of monitoring seems necessary. Are you, for example, working under a time and materials contract? Then managers might become a bit antsy over whether time was actually being entered honestly. Still, it seems there ought to be a solution that stops short of the kind of Benthamite panopticon the Post describes. And we hesitate to even speculate about the workload involved in actually checking all those webcams and keylogs. Management by walking around is fine, but management by online lurking? OK, Boomer: that's another kettle of fish.
Big Data may remain, in some form, after its role in contact tracing is over.
Britain's National Health Service, in particular its research arm, NHSX, may, the New Statesman reports, retain the services of Palantir after its role in contact tracing has ended. Palantir has said that its analytical capabilities are one of the more valuable tools available to manage the pandemic. They'll surely have similar utility in organizing healthcare post-pandemic, and the uses publicly being discussed for the big data company certainly sound legitimate, given the usual ceteris paribus clauses about privacy and security. Whether critics will regard this as the sort of "mission creep" many have warned against remains to be seen.