Today’s topics include the U.S. indicting 13 Russians for influencing the 2016 U.S. presidential election; FedEx customer data leaked on a cloud storage server; the U.S. accusing Russia of launching the NotPetya ransomware attack; and Google acquiring LogMeIn’s Xively IoT management platform.
A group of 13 Russians, Russia’s Internet Research Agency and two companies closely related to Russian President Vladimir Putin were indicted last week for carrying out a series of cyber-crimes over three years to disrupt the 2016 U.S. presidential election.
The indictments, announced by Deputy U.S. Attorney General Rod Rosenstein, reveal a wide range of illegal activities on social media sites Facebook, Twitter and Instagram, as well as identity theft, which was used to provide information to open PayPal and bank accounts.
The indictment also alleges that Russian operatives tried to cover their crimes by erasing or manipulating email and social media information and that they constructed fake personalities to pretend to be U.S.-based political activists to procure computer hardware and services in the U.S. Some of the activities included creating fictional groups that were opposed to each other, and then arranging rallies for the same time and place, in hopes that the opposing sides would attack each other.
On Feb. 15, security firm Kromtech reported that it discovered an unsecured cloud storage repository containing 119,000 scanned documents containing personally identifiable information from the FedEx-owned company Bongo International.
The data was collected as part of an application process for individuals to get mail delivery through an agent from 2009 through 2012, before FedEx acquired Bongo in 2014. The scanned information included driver’s licenses, passports and other forms of security identification.
FedEx said it has taken steps to secure the data, adding that it found no indication that any information has been misappropriated. The data stored by Bongo was hosted in an improperly configured Amazon S3 bucket, enabling public access for people who knew where to look.
When organizations in the Ukraine first began reporting in June 2017 that they had been impacted by a ransomware attack known as NotPetya, there was early speculation that Russia was involved.
Now seven months later, global governments including the U.S., U.K., Canada and Australia are formally accusing Russia of being behind the attack, which the White House called “the most destructive and costly cyber-attack in history … causing billions of dollars in damage across Europe, Asia, and the Americas.” Russian officials have repeatedly denied any involvement.
The White House stated, “It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.” The U.K.’s Foreign Office Minister agreed, saying, “The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.” Greta Bossenmaier, chief of the Canadian Security Establishment agency, and the Australian government are also blaming Russia.
Google will acquire LogMeIn’s Xively business unit for $50 million, improving its capabilities in the internet of things device management space. Xively’s IoT management, messaging and dashboard technologies will become part of Google’s Cloud IoT Core.
Xively says its IoT Platform is designed to help organizations connect almost anything they use to the internet, giving organizations a way to collect and use information such as status, usage and error conditions from these connected systems to improve quality, modify existing products and troubleshoot them.
Xively’s connectivity technologies include a device-messaging tool, an embedded IoT client agent and mobile SDK for Android and iOS. Xively also offers management tools for storing time-series data collected from IoT systems and performing analytics on the collected data.