The Cybersecurity 202 | Monday, May 16, 2022:
Pro-Russia hackers tried to disrupt the Eurovision Song Contest
Welcome to The Cybersecurity 202! We try to keep current here, but today's edition references a 32-year-old Dana Carvey impersonation. No, it's not George H.W. Bush. Not Johnny Carson either. See below.
Below: The Justice Department is conducting its first prosecution for using cryptocurrency to evade sanctions, and the NSA pledges it won’t undermine the next generation of encryption.
Russia's animosity towards Ukraine is also shown in hacktivism
Pro-Russia hackers tried – but failed – to disrupt the Eurovision Song Contest this weekend in an effort to mar a runaway victory by Ukrainian band Kalush Orchestra.
It’s the latest in a spate of recent hacks aimed at undermining or embarrassing geopolitical adversaries under a media spotlight.
The hacks, conducted by partisans for both Russia and Ukraine, essentially borrow a page from hacktivist collectives like Anonymous. They’re aimed more at making a splash and stoking anger and anxiety than at causing real damage.
The Russia-allied hacking group Killnet attacked Eurovision's network infrastructure in Turin, Italy, during both the semifinals May 10 and the final this weekend, authorities said. Law enforcement blocked all the attacks, which were aimed at disrupting performances and audience voting.
The hackers broadcast their plans in advance to ratchet up tension. Killnet had been threatening for days on its Telegram channel to launch denial of service attacks against Eurovision’s voting system — essentially overwhelming the system with phony Internet requests so real votes couldn’t get through. It’s not clear if Killnet’s activities are directed in any way by the Kremlin or merely inspired by Russian patriotism.
The attempted Eurovision hacks came shortly after a rash of Killnet attacks targeting Italian institutions, including the nation’s Parliament, military and National Health Institute. The group earlier targeted websites for Romania’s Ministry of Defense, border police and national railway.
Pro-Ukraine hackers have conducted similar operations.
- They hacked Internet-connected Russian TVs to display antiwar messages during Russia’s May 9 Victory Day holiday, which commemorates the Soviet victory over Nazi Germany.
- The messages, which also appeared on Russian search engines, declared “the blood of thousands of Ukrainians and hundreds of murdered children is on your hands.”
- Ukraine supporters have also spent weeks defacing a slew of Russian websites with messages accusing the Kremlin of censoring real news about the war.
The hacks have played an outsize role in the Russia-Ukraine cyber conflict, which has seen few major disruptive attacks that had a material impact on the broader military conflict.
Back in 2018, Kremlin-backed hackers tried to disrupt the Winter Olympics Opening Ceremonies as retribution after Russian teams were banned from competition for doping.
What if: A hack that successfully disrupted Eurovision performances or voting would have been a major blow to a bizarre but beloved European cultural institution and a thumb in the eye to a continent that has unified to oppose Russia’s Ukraine invasion with blistering sanctions.
Mildly cheeky analysis from former United Kingdom cyber chief Ciaran Martin:
Eurovision’s audience votes are collected by phone, SMS text message and through an official app. Russia was banned from competition this year.
Killnet likely hoped to undermine a victory that helped rally Ukrainians in defending their homeland.
- Immediately following Kalush Orchestra’s victory, the folk-rap group released a video of its winning song “Stefania” focused on the devastation caused by the Russian invasion.
- Ukraine’s President Volodymyr Zelensky applauded the victory and pledged to host next year’s contest in Mariupol, Ukraine, which is currently the site of intense fighting between Russian and Ukrainian forces.
- “Our courage impresses the world, our music conquers Europe! … I am sure our victorious chord in the battle with the enemy is not far off,” Zelensky said.
If successful, the attack might have given a boost to sagging Russian morale.
Analysis from Jason Atwell, Mandiant principal adviser for global intelligence:
Political hacking has targeted the Eurovision contest in the past.
Israel’s webcast of the contest semifinal was hacked to show animated images of explosions in Tel Aviv in 2019. The city was hosting the contest that year.
Israel’s national broadcaster blamed the hack on Hamas militants.
Prosecutors can pursue criminal case involving cryptocurrency and sanctions evasion, judge says
A judge found that U.S. sanctions apply to $10 million that a U.S. citizen sent to a sanctioned country — even though the transactions took place using cryptocurrency rather than traditional currency, Spencer S. Hsu reports. The case is still sealed, so the identity of the alleged sanctions violator and some other details still aren't public.
The watershed opinion is a shot across the bow at countries and cybercriminals who try to use cryptocurrency to evade U.S. sanctions. The issue has taken on greater importance as the United States and allies ratchet up sanctions against Russia, which houses large numbers of cybercriminals.
It's the first criminal prosecution solely targeting the use of cryptocurrency in a sanctions case, said former Treasury Department official Ari Redbord. “What we are seeing is that the Department of Justice is going to actively go after actors that attempt to use cryptocurrency, but also that it is hard to use cryptocurrency to evade sanctions,” Redbord told Spencer.
Issue one: Judge Zia Faruqui’s unusual nine-page opinion cited a decades-old “Saturday Night Live” sketch to make his point. The sketch pokes fun at American political TV commentator John McLaughlin, who died in 2016. “Issue One: virtual currency is untraceable? WRONG. Issue Two: sanctions do not apply to virtual currency? WRONG,” Faruqui wrote.
U.S. authorities have gone after alleged cybercriminals using cryptocurrency in recent months:
- This month, the Treasury Department sanctioned the first cryptocurrency “mixer,” a tool that lets people obscure the ownership of digital assets. North Korean hackers used the service to process more than $20 million worth of stolen cryptocurrency, authorities said.
- The Justice Department’s “KleptoCapture” task force is “targeting efforts to use cryptocurrency to evade U.S. sanctions” imposed on Russia, the Justice Department said in March
- In February, prosecutors charged a couple who allegedly tried to launder billions of dollars worth of stolen cryptocurrency. In a judicial opinion at the time, Faruqui called cryptocurrency and tools for tracking it “[t]he wave of the future, Dude. One hundred percent electronic,” citing the cult classic film “The Big Lebowski.”
Lawmakers are homing in on cybersecurity this month
Cybersecurity leaders will testify before Congress about efforts to improve the federal government's cybersecurity this week.
- Deputy National Cyber and Federal Chief Information Security Officer Chris DeRusha and CISA Executive Assistant Director Eric Goldstein will appear at a House Homeland Security subcommittee hearing Tuesday. It comes as lawmakers look at updating the government’s cybersecurity standards and cloud security guidelines.
The hearing comes amid a burst of congressional cyber work.
- A bipartisan bill aimed at boosting the federal government’s supply chain cybersecurity is set to become law after the House passed it last week. The bill will set up a training program to help federal workers determine whether software they plan to purchase could pose cybersecurity threats.
- The lower chamber also passed a cybersecurity workforce bill, sending it to Biden’s desk. That bill will set up a rotation program for cybersecurity workers in the federal government to move more easily from agency to agency.
- On Thursday, Biden signed into law cybersecurity legislation authorizing the Department of Homeland Security to work with the National Cybersecurity Preparedness Consortium to boost cybersecurity training, coordination and assistance.
NSA pledges there are no ‘back doors’ in new quantum-proof encryption standards
NSA officials have tested encryption algorithms submitted by the cybersecurity community aimed at withstanding the code-breaking power of future quantum computers, Bloomberg News’s Katrina Manson reports. But “there are no back doors” in those algorithms, NSA Cybersecurity Director Rob Joyce told the outlet.
The NSA wasn’t involved in making decisions about the algorithms, a spokesperson for the Commerce Department division developing the algorithms told Bloomberg News.
The declaration comes after years of scrutiny over the secretive agency’s role in trying to crack through encryption for spying purposes:
- A 2010 memo prepared for U.K. intelligence officials explained that the NSA had for a decade “led an aggressive, multipronged effort to break widely used Internet encryption technologies,” the New York Times reported in 2013. The NSA secretly added vulnerabilities to encryption standards, the Times reported.
- The NSA awarded security firm RSA a $10 million contract to make an NSA formula the default in RSA software, Reuters reported in 2013. Company officials told the outlet at the time that the firm didn’t know that the NSA had introduced a “back door.” The revelations prompted some security experts to boycott RSA’s annual security conference, The Post reported.
- In 2014, The Post reported the NSA was racing to build its own “cryptologically useful quantum computer” that could break the strongest forms of encryption at the time.
Securing the ballot
- Jonah Force Hill, the director for cybersecurity and emerging technology policy at the National Security Council, discusses quantum innovation and cybersecurity at a Center for Strategic and International Studies event Monday at 3 p.m.
- The House Homeland Security Committee’s cybersecurity subcommittee holds a hearing on the cybersecurity of federal networks Tuesday at 2 p.m.
- The Senate Health, Education, Labor and Pensions Committee holds a hearing on the cybersecurity of the health and education sectors Wednesday at 10 a.m.
- Rep. Michael McCaul (R-Tex.), Rep. Elissa Slotkin (D-Mich.) and Bob Kolasky, a senior vice president for critical infrastructure at Exiger who previously led CISA’s National Risk Management Center, discuss cybersecurity at a Washington Post Live event Wednesday at 2:30 p.m.
- The Senate Rules Committee holds a hearing on election administration Thursday at 11 a.m.
- The U.S. Chamber of Commerce hosts a briefing on Russian cyberthreats with FBI and CISA officials Thursday at 2 p.m.
- Deputy Attorney General Lisa Monaco, National Cyber Director Chris Inglis and CISA Director Jen Easterly speak at an Institute for Security and Technology event on the first year of the Ransomware Task Force on Friday at 10:30 a.m