Robin’s Newsletter #87

16 February 2020. Volume 3, Issue 7
Huawei, Crypto AG, and all the nations doin' all the cybers; plus Emotet.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

All the nations doin’ all the cybers

A few stories this week all circling the tech divide theme (aka ‘digital sovereignty’ or ‘digital Balkanisation.’) A lot of posturing as the rollout of 5G networks picks up.

The US brought allegations that Huawei can covertly access their customer networks. The Washington Post ran the full story of how Crypto AG, a Swiss company that sold diplomatic encryption machines, was secretly run by the CIA. Wired focuses on the temptations of introducing backdoors.

The Huawei story is interesting because it is, I believe, the first time the US has made a specific accusation in the on-going desire to keep the telecommunications company out of its critical national infrastructure. Charges were also brought against Huawei for stealing intellectual property from six US companies. Lawfare picked up on a change in the language being used by Huawei: from deliberate backdoors being ‘impossible,’ to ‘implausible [and that they] would be discovered immediately.’

The Crypto AG story is a reminder of the lengths and audacity that intelligence agencies go to. Also, sometimes, it’s easier to buy what you need, rather than force your way in. In economic terms, not only did it reduce the CIA’s costs to collect intelligence, they made a tidy profit off the back of joint ownership with Germany’s BND. It’s well written, spy-thriller from WaPo.

The conclusion from it all, of course, is that no side is clean in this: all the nations are doing all the cybers. Intelligence agencies will always look for ways to advance their agendas, collect information, or build an advantage. Huawei:,,, Crypto AG:,

Interesting stats

31% of incident start with phishing (2018: ~50%) as infection vector… 29% of incidents now start with existing, compromised credentials. 85% of 8.5 billion breached records in 2019 were result of misconfigured cloud storage, according to IBM

93% of passwords haven’t been breached, despite ever growing number and size of data breaches, @BeckyPinkard

1/10 Americans use stalker ware to track partners, exes… 2x more likely to be men than women, according to. Harris Poll for NortonLifeLock

467,361 cybercrime complains to the FBI’s Internet Crime Complaint Center (IC3), totalling $3.5 billion total losses in 2019, of which $1.77 billion was as the result of Business Email Compromise (BEC) fraud, that’s 33x the direct financial impact than corporate data breaches. $75,000 average loss for each BEC complaint, compared to $4,400 average loss for each ransomware complain., (PDF)

Other newsy bits

Emotet malware can now spread itself via wifi networks

A new module for the Emotet malware family gives it the capability to brute force the password of nearby wireless networks. Where successful the malware could jump between business and personal networks physically located near to each other. It’s a novel way of increasing access to different networks, especially in built-up, urban environments (I can see 15 networks from where I am writing this in London.) Calling your wifi ‘FBI Surveillance Van’ or ‘Pretty Fly for a WiFi’ is unlikely to help, but setting a more complex wireless password is.

As Tesla gets more aggressive in revoking paid software features, people are jailbreaking their cars

Interesting post, originally on car site Jalopnik and subsequently Motherboard, about car owners choosing to hack and ‘jailbreak’ the firmware on their Tesla cars. It seems Tesla is remotely disabling some options from vehicles when they are resold (like ‘Ludicrous’ mode, autopilot, etc) even though the options are advertised in the sale. The articles point out: you wouldn’t expect Ford to come and take your 20” alloy wheels back. Digital transformation has opened up new commercial opportunities for businesses, perhaps re-selling $8,000 options to each user is part of Tesla’s business model? The result points to less secure, and less safe vehicles.,

US charges four Chinese nationals over Equifax breach

Nine charges have been brought against members of the People’s Liberation Army of China for perpetrating the 2017 Equifax data breach. That answer’s the ‘why has none of the data appeared on the dark web’ question. The PLA has been fingered for several high profile data breaches in the US in the second half of the last decade: the Office of Personnel Management, Anthem and Marriott/Starwood, as well as Equifax. When you combine all of those data sets you get an intelligence agency’s dream: travel, health and credit worthiness info, to combine with lists of known security clearance levels. It gives the Chinese an unprecedented database of US intelligence community and who may be most susceptible to coercion.,

How North Korea uses the Internet to circumvent international sanctions

Recorded Future has published an interesting analysis of North Korea’s internet usage. It’s up 300% since 2017, and has shifted from ‘leisure’ weekend usage to ‘professional’ 9-5, Monday-Friday usage. It comes alongside an increase in the use of the Internet to raise funds for a regime under tight sanctions. Attacks against SWIFT connections, cryptocurrency mining schemes and intellectual property theft. (H/T Brad Jones!)

In brief

Attacks, incidents & breaches

  • Software error exposed the ID numbers for 1.26 million Danish citizens to Adobe, Google Analytics
  • Nedbank says 1.7 million customers impacted by breach at third-party marketing company
  • PhotoSquared app exposed customer photos and shipping labels

Threat intel

  • MalwareBytes 2020 State of Malware Report (PDF)
  • February 2020 Patch Tuesday, one of Microsoft’s biggest ever, fixes 99 security bugs
  • Phishing scams are costing us more than ever, gift card fraud on the rise
  • WordPress Cookie Consent Plugin Fixes Critical Flaw for 700K Users

Security engineering

  • OpenSSH adds support for FIDO/U2F security keys
  • From March, Firefox will block weak HTTPS connections using TLS 1.0, 1.1

Internet of Things

  • Connected car rentals - still able to use car app weeks after returning the vehicle (Always find the infotainment ‘reset’ option when hiring a car!)


  • A new Senate bill would create a US data protection agency

Mergers, acquisitions and investments

  • Deep Instinct nabs $43M for a deep-learning cybersecurity solution that can suss an attack before it happens

And finally

When physical security gets in the way of digital security…

The cryptographic keys that help protect and authenticate the ‘root’ Domain Name System (DNS) are kept behind a complex set of physical and procedural security arrangements. DNS is the ‘Internet phonebook’ used to match human readable domain names to computer routable addresses. Every three months this cryptographic material is updated, only this week the whole ‘ceremony’ was delayed because of a physical fault in one of the safes. Bruce Schneier has a good write up and link to other resources if you want to geek out.


  Robin's Newsletter - Volume 3

  Huawei Crypto AG Emotet Wifi Central Intelligence Agency Business Email Compromise Stalkerware Credential Stuffing Tesla Jailbreaking Automotive Equifax China North Korea