Cyber Security News Update 1/19/2018

The United States Government has accused North Korea as the actor behind the recent hacking of a South Korean cryptocurrency exchange that targeted employee accounts and access codes. The exchange, Coinlink, released their own report stating that there had been no attack of any kind, from anywhere in the world. The group behind this attack is believed to be the Lazarus Group, which was behind two other newsworthy cyberattacks and is believed to be a North Korean black hat hacker group. Initially Lazarus acted as a sort of hit squad, and they did their best to damage websites and infrastructure used by the United States and South Korea. However, as economic sanctions have applied pressure to North Korea, their aim shifted to activities with a better financial return. They’ve attacked several exchanges based in South Korea in an attempt to steal the crypto currency stored there, and if succesful, it’s converted to an untraceable currency like Monero. From there the Monero is used to buy back into other currencies that can be cashed out, which provides millions (if not billions) in funding.
Source: US Cybersecurity Agency Accuses North Korea of Cryptocurrency Cyber Heist

OnePlus, a China based smartphone manufacturer, confirmed that some 40,000 credit cards have been stolen in a cyberattack. In a statement to the public OnePlus said that the a piece of malignant code had been entered into their software that detected when credit card information was being entered. The code was injected into the server that processed payment requests, and has since been removed by OnePlus. They have quarantined the server until they can be absolutely sure that there are no other malicious pieces of code, a wise precaution considering how damaging the first one was. Consumers brought the issue to OnePlus’s attention, when they found fraudulent charges appearing within days of using their cards on a OnePlus device. OnePlus is working with law enforcement to investigate the issue, and they’re also looking into a more secure payment method.

An internal surveillance bill has been reapproved that allows for intelligence agencies to spy on US citizens, without a warrant. Section 702 of the Foreign Intelligence Surveillance Act, rather ironically, allows for intelligence agencies to spy domestically without supervision. There are arguments that this bill is necessary from both political parties, citing the need for information for anti-terrorism operations. Their argument boils down to warrants adding on too much time, that critical hours may be lost because a judge had to decide if the search was necessary. Opponents of the bill are citing the 4th Amendment, claiming that warrantless surveillance is unconstitutional and violates the protection against unreasonable search and seizure provided by it. Warrantless policing has a time and place, and in dire situations its justified. In those sort of situations however, police are already allowed to act without a warrant. The mass surveillance of citizens is troubling, and also the backdrop for most dystopian novels.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for since early 2017.