New Episode Alert EP108

Looks like China Hacked Equifax! 🔥

February 17, 2020

Weekly Blaze PodcastEpisode 108February 17 2020

Equifax Hacked by ChinaIsraeli Voter Registry ExposedHow the CIA Owned Encryption

Hopefully you've been paying attention to the news and the telecom carriers with their recent promotion of 5G mobile networks and devices. And while we have a long way to go to see full adoption of this new technology, there have already been concerns about the health risks of 5G which right now, are unknown. But even if governments and health organizations say there is no evidence that 5G or other wireless technology could be harmful to the human body, it's still highly recommended to put your smartphone in a faraday bag to block all wireless signal when you're not using it. And that means Silent Pocket has you covered. Pick up one of Silent Pocket's stylish faraday bag's at

silentpocket.com

and be sure to use discount code "sharedsecurity" at checkout to receive 15% off your order.

U.S. charges four Chinese military hackers in 2017 Equifax breach

In breaking news last week the US Justice Department

announced a nine count indictment against four Chinese officers of the People's Liberation Army

who are accused of committing the data breach of consumer credit bureau Equifax in 2017. The Equifax data breach compromised the personal details of 150 million Americans, that's roughly half of the United States population. Details were also released in the inditement which stated that the four hackers spent weeks within the Equifax network stealing company secrets and personal data by routing traffic through approximately 34 servers that were located in nearly 20 countries in an attempt to obfuscate their real location. Sources also say that it's very unlikely that the US Government will actually take these individuals into custody or try them in a court of law. However, the purpose of these inditements appear to send a clear message to China that the US knows what they are up to. This is, of course, not the first time that China has been blamed for a massive data breach in the United States. Chinese hackers were also blamed for the Office of Personnel Management data breach in 2015. That breach exposed the names and social security numbers of more than 22 million current and former US federal employees and contractors, including 5.6 million fingerprints. The other big breach China has been blamed for was the massive Marriott International data breach which exposed the personal details of over 500 million Marriott customers.

So what's the end game for China and why might they be targeting US companies and government organizations? Well,

the speculation abounds!

They could be gathering as much personal data as possible to be used for a future attack, blackmail on a massive scale, or for further analysis of US consumers and how China may be able to leverage this data to their own competitive advantage. One thing is clear, trade secret theft is a well-known activity of the Chinese regime and according to the FBI China may be the biggest foreign threat to the United States.

Netanyahu's party left Israel's entire voter registry exposed

Elections across the world seem to have major problems when technology is introduced into the election process. From the smartphone app being used to cast votes in Seattle, to the Iowa Caucus app that was coded so poorly that it significantly delayed the results of the election, there is no shortage of news stories that show the problems when traditional voting systems are attempted to be modernized. So what recently happened in Israel, shouldn't be a surprise, but what is a surprise is how easy it was to access voter details for 6.5 million people. Apparently, the political party of Israeli Prime Minister Benjamin Netanyahu uploaded the entire Israeli voter registry to their Elector voter management app,

which had exposed developer user names and passwords within the HTML code

on the main webpage of the app. That’s right, simply right-click to "view source" in your web browser and you were able to login as the developers to access all the data. No real technical skill required! This is also not the first time that there has been a security problem with this particular app. Back in September of last year there were other flaws reported that included

vulnerabilities that could be used to modify the vote count!

Look, smart phone apps and other "modern" technology is just not ready for use in the election process. In every case, these apps are all poorly developed, don't go through any security testing, and are simply rushed out the door just hoping that they will work. This is why cybersecurity experts have for years said voting or counting votes by smartphone apps or by using the Internet in the election process is a really bad idea. Let's just hope that governments world-wide start to realize that the traditional way of voting may still the best way to secure an election.

CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments

In other government related news,

a story in the Washington Post last week revealed that a Swiss encryption equipment company called "Crypto AG", in business for over fifty years, was owned by the US Central Intelligence Agency in partnership with the West German BND intelligence service

. This is according to CIA documents obtained by the Washington Post. The encryption equipment sold by Crypto AG was used by more than 100 governments around the world (ironically, not China or Russia). In fact, evidence now supports that the US was using this "backdoor" to monitor communications at various times throughout history including the Egypt-Israel peace accord meeting in 1978 and the Iranian hostage crisis in 1979. Surprisingly, Crypto AG products are still being used all over the world. However, the company was sold and liquidated in 2018 and the assets purchased by two companies, CyOne Security and Crypto International. Both companies said that they have no ongoing connection to any intelligence service but it does bring into question the massive amounts of ethical issues, deception of Crypto AG employees, and the fact that they were selling backdoored systems the entire time the company was in existence. However, in other documents obtained from the CIA, the CIA stated that this program, code named Rubicon, as quote "a triumph of espionage" and quote "the most profitable intelligence venture of the Cold War".

The full article, which we have linked in our show notes, is a fascinating read and dives deep into the CIA's operations regarding the ownership of Crypto AG, and the CIA's relationship with the West German BND…it truly, reads like a spy novel. This story also makes you realize that our governments are still trying to backdoor products and other encryption services. And you never know, which ones may be backdoored already. This is one of many reasons that open source encryption and related security products are so important and why proprietary encryption is always a bad idea.

JanuaryMonthly ShowEpisode 96In episode 96 of our monthly we discuss the controversy of voting by smartphone in our elections, the Jeff Bezos hacking incident, and the recent Microsoft support security breach.

Watch this episode on our YouTube Channel!

Top 10 Episodesin 2019We've had a fantastic year bringing you the latest cybersecurity and privacy topics and news. Thank you for being a listener and supporting the show!If you haven't listened to our most downloaded episodes from the year, here's your chance. Click the link below to listen to each episode and share with your friends!

Shared Security is now on GetVokl!

We live stream our monthly show on a new interactive video chat and streaming service called GetVokl!

Click here to subscribe to our channel

to get notified when we will be live and to watch previous episodes!

Thank you to our sponsor

Silent Pocket!

Take advantage of this exclusive offer and help support this podcast!

Visit

silent-pocket.com

to shop Silent Pocket's great line of privacy focused products.