Blocking of DNS services in Russia, ProtonMail scandal and other cybersecurity events
We have compiled the most important cybersecurity news of the week.
- Experts reported that Roskomnadzor is testing blocks on Google and Cloudflare DNS services.
- Media reported that WhatsApp reads users’ private messages when reviewing content complaints.
- Almost 500,000 Fortinet VPN usernames and passwords have been made publicly accessible.
Roskomnadzor warned about testing the blocking of foreign internet protocols
In early September Roskomnadzor asked state-owned companies to report on their possible use of encryption protocols that hide the name of the site, writes «Ъ». The matter concerns Google’s and Cloudflare’s DNS services and the DoH service being implemented by Mozilla and Google.
To ensure network resilience, companies were invited to connect to DNS services of Russian operators or the National Domain Name System by September 9.
On 8 September, several experts reported that the blocking tests had begun.
Media: WhatsApp regularly decrypts users’ private messages
The messaging app WhatsApp, owned by Facebook, regularly decrypts users’ private messages to review content complaints. This was reported by ProPublica.
According to the outlet, the company uses contractors who study the content the complaint pertains to using specialized software.
The outlet notes that employees only have access to messages flagged by users themselves and automatically routed to the company as potentially offensive.
“The check is one element of a broader monitoring during which the company also reviews unencrypted materials, including data about the sender and their account”.
The company also studies unencrypted data, including names, phone numbers, profile photos, the unique mobile phone identifier and IP address, among others.
ProtonMail updated its privacy policy after disclosure of a user IP address to French authorities
The encrypted email service ProtonMail revised its privacy policy following the scandal over the disclosure of a user IP address to French authorities.
The case concerns a ProtonMail user who took part in protests against gentrification in Paris last year. French police and Europol contacted Swiss authorities, where ProtonMail is headquartered, and asked for help identifying the activist. He was subsequently arrested.
In ProtonMail, they said they had received an order from Swiss authorities that they are obliged to comply with.
According to law, the company “may be compelled to collect information about user accounts under investigation in Switzerland”.
“Of course, this is not done by default, but only if Proton receives a legal order for a specific account”,
According to Ars Technica, it previously stated that the company “by default does not log IP addresses that could be linked to an anonymous email account”.
“ProtonMail is email that respects privacy and puts people (not advertisers) first”.
The REvil gang’s site is back online
Analysts found that Happy Blog, used by the REvil hacker group to publish victim data, is back online.
As yet no new posts have appeared on the site, so it remains unclear whether this signals a revival of the attackers’ activities.
As a reminder, this year REvil victims included several major companies. The hackers were behind attacks on the world’s largest meat producer JBS, the company Acer and the American software developer Kaseya. For decrypting files they demanded a cryptocurrency ransom.
In July the group’s sites suddenly went offline. Later in Kaseya it was stated that they had obtained a “universal decryptor key” for the REvil-infected files without paying the ransom.
Hackers breached the United Nations computer network
Earlier this year, hackers breached the United Nations computer networks and stole data that could be used against the organisation’s institutions and staff, Bloomberg reports.
Allegedly the intruders gained access using a stolen UN employee username and password purchased on the dark web.
The account used by the hackers was not protected by two-factor authentication.
Germany secretly bought Pegasus spyware
The Federal Criminal Police Office of Germany, “under strict secrecy,” bought Pegasus spyware from the Israeli company NSO Group, reports say. The agency confirmed the purchase.
In the version purchased by the agency, some features were blocked to prevent abuse, officials clarified.
“However, it is unclear how this works in practice,” the media notes.
It is reported that the agency bought the Pegasus Trojan version in late 2020. It has been used in anti-terrorism and organised crime operations since March this year.
Almost half a million Fortinet VPN usernames and passwords leaked online
Researchers found on hacker forums a database of almost 500,000 Fortinet VPN usernames and passwords. They are believed to have been obtained from vulnerable devices last summer.
The hackers claim the Fortinet vulnerability has already been fixed, but many credentials are still valid.
“This leak is a serious incident because VPN credentials can allow attackers to gain access to networks to steal data, install malware and launch ransomware attacks”, Bleeping Computer notes.
Also on ForkLog:
- “Яндекс” стал жертвой крупнейшей DDoS-атаки в истории интернета.
- The hacker behind the DeFi protocol Cream Finance returned $17.6 million.
What to read this weekend?
Earlier this year, amendments to Russia’s legislation regulating the dissemination of information on social networks came into force. They require owners of such networks to monitor user content. ForkLog has consulted with lawyers to explain what the new rules mean and what they mean for business and users.
Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!