President Joe Biden has warned that cyberattacks could escalate into a full-blown war as tensions with Russia and China mounted over a series of hacking incidents targeting US government agencies, companies, and infrastructure.
Biden said on Tuesday that cyber threats including ransomware attacks “increasingly are able to cause damage and disruption in the real world.”
“If we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach,” the president said in a speech at the Office for the Director of National Intelligence, which oversees 18 US intelligence agencies.
A number of recent hacks revealed the extent of US cyber vulnerability, ranging from extensive espionage breaches that have struck at the heart of government to ransomware attacks that have brought operations at an important oil pipeline and meat packing plants to a halt.
The Biden administration has accused the governments of Russia and China, or hackers based inside the two countries, of some of the attacks. US officials have warned that the administration would respond with a “mix of tools seen and unseen” actions, but cyber breaches have continued.
Although he did not say who such a war might be fought against, Biden immediately name-checked Russia’s president Vladimir Putin, alleging that Russia was spreading misinformation ahead of the 2022 US midterm elections.
“It’s a pure violation of our sovereignty,” he said.
“Mr. Putin… has a real problem. He is sitting on top of an economy that has nuclear weapons and oil wells and nothing else. Nothing else,” Biden said. “He knows he’s in real trouble, which makes him even more dangerous.”
At a June summit in Geneva, Biden personally warned Putin that the US would “respond with cyber” if the Russian state or Russian-based hackers targeted critical US infrastructure.
The prohibited sectors spanned energy, health care, IT, and commercial facilities, all of which have already allegedly been targeted by Russian hackers since the 2020 US elections. Others included transport, financial services, and chemicals.
Biden also said Chinese President Xi Jinping was “deadly earnest” about China becoming the most powerful military force in the world by the 2040s, as well as the largest and most prominent economy.
“It’s real… This boy’s got a plan,” Biden said, adding: “We better figure out how we’re going to keep pace without exacerbating [the situation].”
Biden stressed that cyberattacks were just one aspect of the growing threats facing the US, saying that there would be more developments in the next 10 years than in the past 50, placing a tremendous burden on the intelligence community.
Amid ever-increasing government Internet control, surveillance, and censorship in Iran, a new Android app aims to give Iranians a way to speak freely.
Nahoft, which means “hidden” in Farsi, is an encryption tool that turns up to 1,000 characters of Farsi text into a jumble of random words. You can send this mélange to a friend over any communication platform—Telegram, WhatsApp, Google Chat, etc.—and then they run it through Nahoft on their device to decipher what you’ve said.
Released last week on Google Play by United for Iran, a San Francisco–based human rights and civil liberties group, Nahoft is designed to address multiple aspects of Iran’s Internet crackdown. In addition to generating coded messages, the app can also encrypt communications and embed them imperceptibly in image files, a technique known as steganography. Recipients then use Nahoft to inspect the image file on their end and extract the hidden message.
Iranians can use end-to-end encrypted apps like WhatsApp for secure communications, but Nahoft, which is open source, has a crucial feature in its back pocket for when those aren’t accessible. The Iranian regime has repeatedly imposed near-total Internet blackouts in particular regions or across the entire country, including for a full week in November 2019. Even without connectivity, though, if you already have Nahoft downloaded, you can still use it locally on your device. Enter the message you want to encrypt, and the app spits out the coded Farsi message. From there you can write that string of seemingly random words in a letter, or read it to another Nahoft user over the phone, and they can enter it into their app manually to see what you were really trying to say.
“When the Internet goes down in Iran, people can’t communicate with their families inside and outside the country, and for activists everything comes to a screeching halt,” says Firuzeh Mahmoudi, United for Iran’s executive director, who lived through the 1979 Iranian revolution and left the country when she was 12. “And more and more the government is moving toward layered filtering, banning different digital platforms, and trying to come up with alternatives for international services like social media. This is not looking great; it’s the direction that we definitely don’t want to see. So this is where the app comes in.”
Iran is a highly connected country. More than 57 million of its 83 million citizens use the Internet. But in recent years the country’s government has been extremely focused on developing a massive state-controlled network, or intranet, known as the “National Information Network” or SHOMA. This increasingly gives the government the ability to filter and censor data, and to block specific services, from social networks to circumvention tools like proxies and VPNs.
This is why Nahoft was intentionally designed as an app that functions locally on your device rather than as a communication platform. In the case of a full Internet shutdown, users will need to have already downloaded the app to use it. But in general, it will be difficult for the Iranian government to block Nahoft as long as Google Play is still accessible there, according to United for Iran strategic adviser Reza Ghazinouri. Since Google Play traffic is encrypted, Iranian surveillance can’t see which apps users download. So far, Nahoft has been downloaded 4,300 times. It’s possible, Ghazinouri says, that the government will eventually develop its own app store and block international offerings, but for now that capability seems far off. In China, for example, Google Play is banned in favor of offerings from Chinese tech giants like Huawei and a curated version of the iOS App Store.
Ghazinouri and journalist Mohammad Heydari came up with the idea for Nahoft in 2012 and submitted it as part of United for Iran’s second “Irancubator” tech accelerator, which started last year. Operator Foundation, a Texas nonprofit development group focused on Internet freedom, engineered the Nahoft app. And the German penetration testing firm Cure53 conducted two security audits of the app and its encryption scheme, which draws from proven protocols. United for Iran has published the findings from these audits along with detailed reports about how it fixed the problems Cure53 found. In the original app review from December 2020, for example, Cure53 found some major issues, including critical weaknesses in the steganographic technique used to embed messages in photo files. All of these vulnerabilities were fixed before the second audit, which turned up more moderate issues like Android denial-of-service vulnerabilities and a bypass for the in-app auto-delete passcode. Those issues were also fixed before launch, and the app’s Github repository contains notes about the improvements.
The stakes are extremely high for an app that Iranians could rely on to circumvent government surveillance and restrictions. Any flaws in the cryptography’s implementation could put people’s secret communications, and potentially their safety, at risk. Ghazinouri says the group took every precaution it could think of. For example, the random word jumbles the app produces are specifically designed to seem inconspicuous and benign. Using real words makes it less likely that a content scanner will flag the coded messages. And United for Iran researchers worked with Operator Foundation to confirm that current off-the-shelf scanning tools don’t detect the encryption algorithm used to generate the coded words. That makes it less likely that censors will be able to detect encoded messages and create a filter to block them.
You can set a passcode needed to open Nahoft and set an additional “destruction code” that will wipe all data from the app when entered.
“There has always been a gap between communities in need and the people who claim to work for them and develop tools for them,” Ghazinouri says. “We’re trying to shrink that gap. And the app is open source, so experts can audit the code for themselves. Encryption is an area where you can’t just ask people to trust you, and we don’t expect anyone to trust us blindly.”
In a 2020 academic keynote, “Crypto for the People,” Brown University cryptographer Seny Kamara made a similar point. The forces and incentives that typically guide cryptographic inquiry and creation of encryption tools, he argued, overlook and dismiss the specific community needs of marginalized people.
Kamara has not audited the code or cryptographic design of Nahoft, but he told WIRED that the goals of the project fit with his ideas about encryption tools made by the people, for the people.
“In terms of what the app is trying to accomplish, I think this is a good example of an important security and privacy problem that the tech industry and academia have no incentive to solve,” he says.
With Iran’s Internet freedom rapidly deteriorating, Nahoft could become a vital lifeline to keep open communication going within the country and beyond.
SpaceX’s Starlink satellite-broadband service will emerge from beta in October, CEO Elon Musk said last night. Musk provided the answer of “next month” in response to a Twitter user who asked when Starlink will come out of beta.
SpaceX began sending email invitations to Starlink’s public beta in October 2020. The service is far from perfect as trees can disrupt the line-of-sight connections to satellites and the satellite dishes go into “thermal shutdown” in hot areas. But for people in areas where wired ISPs have never deployed cable or fiber, Starlink is still a promising alternative and service should improve as SpaceX launches more satellites and refines its software.
SpaceX has said it is serving over 100,000 Starlink users in a dozen countries from more than 1,700 satellites. The company has been taking preorders for post-beta service and said in May that “over half a million people have placed an order or put down a deposit for Starlink.”
It is still possible to place pre-orders and submit $99 deposits at the Starlink website, but the site notes that “Depending on location, some orders may take 6 months or more to fulfill.” The deposits are fully refundable.
First 500,000 to order will “likely” get service
There are capacity limits imposed by the laws of physics, and SpaceX hasn’t guaranteed that every person who pre-ordered will actually get Starlink. Musk said in May that the first 500,000 people will “most likely” get service, but that SpaceX will face “[m]ore of a challenge when we get into the several million user range.”
We asked Musk today how many orders will be fulfilled by the end of 2021 and will update this article if we get a response. Musk has said the capacity limits will primarily be a problem in densely populated urban areas, so rural people should have a good chance at getting service.
SpaceX has US permission to deploy 1 million user terminals across the country and is seeking a license to deploy up to 5 million terminals. The number of Starlink pre-orders is up to 600,000 and SpaceX is reportedly speeding up its production of dishes to meet demand, as PCMag wrote last week.
No changes to pricing yet
In beta, SpaceX has been charging a one-time fee of $499 for the user terminal, mounting tripod, and router, plus $99 per month for service. SpaceX hasn’t announced any changes to the pricing, but that could change when it moves from beta to commercial availability.
In April, SpaceX president and COO Gwynne Shotwell said that Starlink will likely avoid “tiered pricing” and “try to keep [pricing] as simple as possible and transparent as possible.” Shotwell said that SpaceX would keep Starlink in beta “until the network is reliable and great and something we’d be proud of.” SpaceX is also working on ruggedized user terminals for aircraft, ships, large trucks, and RVs.
SpaceX has a Federal Communications Commission license to launch nearly 12,000 low-Earth orbit satellites and is seeking permission to launch an additional 30,000. Amazon, which plans its own satellite constellation, has been urging the FCC to reject the current version of SpaceX’s next-generation Starlink plan. Satellite operator Viasat supported Amazon’s protest and separately urged a federal appeals court to halt SpaceX launches, but judges rejected Viasat’s request for a stay.
Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web.
An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks on the popular messaging platform, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.
In many cases, the content resembled that of the marketplaces found on the dark web, a group of hidden websites that are popular among hackers and accessed using specific anonymizing software.
“We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals,” said Tal Samra, cyber threat analyst at Cyberint.
“Its encrypted messaging service is increasingly popular among threat actors conducting fraudulent activity and selling stolen data… as it is more convenient to use than the dark web.”
Launched in 2013, Telegram allows users to broadcast messages to a following via “channels” or create public and private groups that are simple for others to access. Users can also send and receive large data files, including text and zip files, directly via the app.
The platform said it has more than 500 million active users and topped 1 billion downloads in August, according to data from SensorTower.
But its use by the cyber criminal underworld could increase pressure on the Dubai-headquartered platform to bolster its content moderation as it plans a future initial public offering and explores introducing advertising to its service.
According to Cyberint, the number of mentions in Telegram of “Email:pass” and “Combo”—hacker parlance used to indicate that stolen email and passwords lists are being shared—rose fourfold over the past year, to nearly 3,400.
In one public Telegram channel called “combolist,” which had more than 47,000 subscribers, hackers sell or simply circulate large data dumps of hundreds of thousands of leaked usernames and passwords.
A post titled “Combo List Gaming HQ” offered 300,000 emails and passwords that it claimed were useful for hacking video game platforms such as Minecraft, Origin, or Uplay. Another purported to have 600,000 logins for users of the services of Russian Internet group Yandex, others for Google and Yahoo.
Telegram removed the channel on Thursday after it was contacted by the Financial Times for comment.
Yet email password leaks account for only a fraction of the worrisome activity on the Telegram marketplace. Other types of data traded include financial data such as credit card information, copies of passports and credentials for bank accounts and sites such as Netflix, the research found. Online criminals also share malicious software, exploits and hacking guides via the app, Cyberint said.
Meanwhile, links to Telegram groups or channels shared inside forums on the dark web jumped to more than 1 million in 2021, from 172,035 the previous year, as hackers increasingly direct users to the platform as an easier-to-use alternative or parallel information center.
The research follows a separate report earlier this year by vpnMentor, which found data dumps circulating on Telegram from previous hacks and data leaks of companies including Facebook, marketing software provider Click.org, and dating site Meet Mindful, among others.
“In general, it appears that most data leaks and hacks are only shared on Telegram after being sold on the dark web—or the hacker failed to find a buyer and decided to share the information publicly and move on,” vpnMentor said.
Still, it dubbed the trend “a serious escalation in the ongoing surge of cyber crime,” noting that some users in these groups appeared less tech savvy than a typical dark web user.
Telegram said it was unable to verify the vpnMentor findings because the researchers had not shared details identifying which channels these alleged leaks were in.
Samra said the transition for cybercriminals from the dark web to Telegram was taking place in part because of the anonymity afforded by encryption—but noted that many of these groups were also public.
Telegram is also more accessible, provides better functionality, and is generally less likely to be tracked by law enforcement when compared to dark web forums, he added.
“In some cases, it’s easier to find buyers on Telegram rather than a forum because everything is smoother and quicker. Access is easier… and data can be shared much more openly.”
Hackers are less inclined to use WhatsApp both for privacy reasons and because it displays users’ numbers in group chats, unlike Telegram, Cyberint said. Encrypted app Signal remains smaller and tends to be used for more general messaging among people who know each other rather than forum-style groups, it added.
Telegram has long taken a more lax approach to content moderation than larger social media apps such as Facebook and Twitter, attracting scrutiny for allowing hate groups and conspiracy theories to flourish. In January, it began shutting down public extremist and white supremacist groups—for the first time—in the wake of the Capitol riots amid concerns it was being used to promote violence.
The Cyberint research—particularly the uncovering of public, searchable groups for cybercriminals—raises further questions about Telegram’s content moderation policies and enforcement at a time when chief executive Pavel Durov has said the company is preparing to sell advertisements in public Telegram channels.
It also comes as the company prepares to head for public markets after raising more than $1 billion through bond sales in March to investors including to Mubadala Investment Company, the Gulf emirate’s large sovereign wealth fund, and Abu Dhabi Catalyst Partners, a joint venture between Mubadala and the $4 billion New York hedge fund Falcon Edge Capital.
Telegram said in a statement that it “has a policy for removing personal data shared without consent.” It added that each day, its “ever growing force of professional moderators” removes more than 10,000 public communities for terms of service violations following user reports.