#SocialSec – Hot takes on this week’s biggest cybersecurity news (Dec 27)
Russia clamps down on the internet; ToTok used for state spying; and a critical vulnerability impacts Citrix applications worldwide
Vladimir Putin’s latest attempts to isolate Russia from the global internet caused the computer systems at several airports in the country to crash this week, according to an independent Russian TV station.
On December 24 The BBC reported that Russia had taken a major step towards emulating Iran and China in internet control after road-testing a “gigantic intranet”, in the words of computer scientist Professor Alan Woodward.
The ‘sovereign Runet’ would effectively turn Russia’s online realm into a government-controlled walled garden by blocking, or regulating, the undersea nodes through which data is transmitted between national communication networks.
But while the Ministry of Communications claimed the test of the system was a success, Dozhd, or TV Rain, reported that check-in, baggage handling, and other systems at five airports had promptly crashed as a result of the operation.
Russia, which stands accused of weaponizing the global internet to destabilize liberal Western democracies, is also creating its own Wikipedia to combat ‘fake news’.
UAE spying claims
The United Arab Emirates (UAE) government is undermining digital rights beyond its own borders via a free messaging app with millions of users, US officials believe.
Apple and Google removed ToTok, a popular Emirati chat app, from their app stores following a report in The New York Times (December 22) that claimed UAE intelligence agencies were using the platform to track users’ conversations, locations, and photos, among other data.
ToTok, which blamed the removal on a “technical issue”, has alerted would-be users to its continuing availability through its own website, or their phone manufacturer’s app store.
Only a few months old, the app already has users in Europe, Asia, Africa, and North America, as well as the Middle East.
Apple blackmail bluff
A 22-year-old man who dodged jail after blackmailing Apple has claimed his elaborate extortion bluff started out as a legitimate business idea.
According to the UK’s National Crime Agency (NCA), whose investigation led to his arrest, Kerem Albayrak threatened in 2017 to hack 250 million iCloud accounts, reset iCloud passwords, and factory-reset users’ devices if the tech giant didn’t pay a $100,000 ransom.
But Albayrak told Forbes that his ostensible hacking group, Turkish Crime Family, was actually a marketing vehicle and that he originally sought to “whip up a storm of press coverage” before launching a “database search engine” that would enable people “to secure their accounts.”
However, operating in a community frequented by cybercriminals had fuelled his decision to do “something stupid” in a bid to make a bigger PR splash.
Despite purporting to show otherwise in a now-deleted YouTube video, Albaryak only had access to login details leaked through other data breaches, according to Apple.
Albayrak was sentenced to a two-year suspended jail term, 300 hours of unpaid work, and a six-month electronic curfew at a London court on December 21.
Positive you should mitigate
And nothing screams the holidays better than a critical vulnerability impacting 80,000 companies worldwide.
On Monday (December 23) Positive Technologies disclosed a bug in two prominent Citrix applications that, if exploited, could allow an attacker to perform arbitrary code execution and obtain access to a company’s local network via the internet.
Citrix products are typically used so that employees can connect to their company’s internal applications remotely.
All versions of Citrix Application Delivery Controller (ACD) and Citrix Gateway are vulnerable to the flaw, which has been assigned as CVE-2019-19781 and is said to be easy to exploit since no authentication is required. A PoC has not been publicly released.
“Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat,” said Dmitry Serebryannikov, director of the security audit department at Positive Technologies in its blog post.
Companies operating in the US, the UK, Germany, the Netherlands, and Australia are among those affected. Citrix has advised these mitigation steps in its initial security bulletin from December 17. A patch is expected to be published in the near future.
And finally; Britain’s foreign intelligence service, MI6, has had a somewhat stressful festive season after sources in The Sun report that building plans for the agency’s iconic Vauxhall Cross headquarters had gone missing in the midst of refurbishment work.
More than 100 documents, which were sensitive but not classified, were implicated in the security breach, which is believed to have been an accident that occurred two weeks ago.
The source told the newspaper: “The whole building went into lockdown and all the construction workers were kept in isolation.
“To lose such sensitive documents was grossly irresponsible.
“They showed the layout of the building and specifically where alarms and other security measures were. The documents would be gold dust to any enemy agents or terrorists.”
Most of the documents were later found. Balfour Beatty, the construction company in charge of the renovation, was subsequently sacked.
Designed by Sir Terry Farrell, the MI6 HQ building, one that has become synonymous with the James Bond film franchise, was completed in 1994 for £135 ($177) million.
On reviewing the new addition to the Thames Embankment, British writer and design critic Deyan Sudjic is reported to have said: “It’s a design which combines high seriousness in its classical composition with a possible unwitting sense of humour.
“The building could be interpreted equally plausibly as a Mayan temple or a piece of clanking art deco machinery.”
Additional reporting by Catherine Chapman.