Skip Navigation
BlackBerry Blog

This Week in Security: Cyber Military, Cyber-Heists, Now With 20% More Cyber!

Even More Cyber Military!

It’s no longer surprising news to hear of state-level military and intelligence units hacking the ever-living crap out of everything, but it’s still interesting to keep up with revelations as they become public. First up is US-CERT releasing details on North Korea’s DDoS botnet, codenamed HIDDEN COBRA.

While the report recommends that DHS further investigate North Korean cyber and hacking capabilities, it does make clear that this infrastructure takes advantage of older and unsupported Windows systems, as well as Adobe Flash and Microsoft Silverlight vulnerabilities.

If you still haven’t uninstalled Adobe Flash, you should strongly consider isolation between those systems and anything valuable on your systems. Thankfully, this isn’t a problem where experts just tell users to go patch, as CERT has released multiple Indicators of Compromise (IoCs) and YARA rules in their report, enabling administrators to root out and report HIDDEN COBRA infections.

Next, is probably the billionth tiny step towards a ghost-in-the-shell-esque fully cyber-integrated military, with the Pentagon experimenting with embedding specialists in electronic warfare into ground troops, as well as within opposing forces in training exercises.

One example of the change this introduces is using a jammer to disrupt radio communications for a tank assault, stopping the assault and leaving the unit vulnerable to decimating ambush. Others include spying on military communications, or sowing confusion with disinformation. One can only hope that this means we’ll see 802.11 antennas and wifi pineapples at army surplus outlets soon!

Also, police are now routinely extracting information from cellphones of arrestees using forensics tools, an ongoing investigation has revealed. As a computer in your pocket that records everything you do, this leaves the police with a detailed map of the life of anyone they arrest.

Given the hundreds of times these forensic extraction devices were used each year, and the Mesa police department’s somewhat vague guidelines for when they could be used, essentially everyone is vulnerable. But, maybe not currently for iPhone 6 or 7 users, which do not appear on the lists of searched devices. We suggest you hedge your bets by enabling device encryption on your iPhone or Android, set a very strong passphrase, and turn your phone off in a panic every time you see a Ford Crown Victoria.

Cyber-Heisting a Gazillion Dollars, and How to Spend It

Blockchain fans may recall the massive attack on Ethereum’s DAO earlier this year, the millions in cryptocurrency it leaked, and the resulting drama that has since played out. But for those of us who didn’t follow the spectacle at the time, Bloomberg has an interesting article detailing the heist and resulting fallout.

With a shadowy perpetrator shrouded in secrecy, whitehats attempting to Robin-Hood the goods to a safe place, the hard fork and following sectarianism, and ultimately the $67.4 million getaway, the story leaves one asking, “Is this real life?” If anyone wants to finally produce a sequel to “Hackers,” just recreate this saga verbatim with selectively curated 90s techno and house.

Now, what on earth someone would do with $67.4 million? I wouldn’t know what to invest in beyond avocado toast. Well, how about swinging an election with a coordinated disinformation campaign? Researchers at Trend Micro recently examined various underground “fake news” and influence marketplaces offering services ranging from discrediting journalists to sustained influence campaigns aimed at effecting actions such as elections.

Old techniques of manipulation have found renewed strength in social media, with combinations of clickbait, social media marketing, “like” farms and good ‘ol disinformation. While there is certainly a lot of overlap with Search Engine Optimization and more “legitimate” marketing, there is also a significant focus on political manipulation.

Information can be spread with a variety of techniques, ranging from bots on social media, to sites that gamify human social media users to “Like” content and visit pages in exchange for tokens, which can then be sold on the underground. There are also services to manipulate online voting and poll systems such as

For their part, the researchers have a few recommendations for avoiding falling prey to this manipulation through “fake news” articles. Their advice, quite frankly, is worth considering for all news, not just that with a political slant:

  • Watch out for hyperbolic clickbait headlines, disreputable news sources, poor spelling and grammar, and poor web design.
  • Check content for photoshopped or inaccurate photos, and the lack of author names, publish dates or sources.
  • Cross-check the story with other sources, scrutinize sources and the author, and escape any echo chambers by reading a variety of reputable sources.
The Cylance Research and Intelligence Team

About The Cylance Research and Intelligence Team

Exploring the boundaries of the information security field

The Cylance Research and Intelligence team explores the boundaries of the information security field identifying emerging threats and remaining at the forefront of attacks. With insights gained from these endeavors, Cylance stays ahead of the threats.