Ukraine hacktivism fights threaten open-source software

Open-source sabotage is a new battlefront

There’s a new battlefront in the raging debate over whether civilian technologists should play any role in punishing Russia for invading Ukraine. 

A volunteer who maintains an immensely popular open-source software tool updated the tool to wipe data from computers in Russia and its ally Belarus, Joseph Cox reports for Motherboard. The updated tool replaced the erased data with a heart emoji.

  • It’s not clear how much damage the update caused, but it has the potential to wreak havoc on computers used by civilian companies and individuals inside Russia and Belarus — similar to what might be caused by a malicious hacking campaign.

Context: The move comes as large numbers of cyber volunteers in Ukraine and elsewhere have joined an “IT army,” that’s conducting digital attacks and information operations in Russia that skirt and sometimes cross legal red lines. 

The aggressive actions by cyber pros not backed by national governments are alarming many analysts who fear they could undermine efforts to impose rules of the road in cyberspace or create confusion that leads to escalating cyber exchanges between Russia and NATO nations. 

The malicious code update quickly caused an uproar in the community of mostly volunteer open-source developers who create and maintain libraries of computer code that power large portions of the Internet. 

  • Critics of the developer, who uses the online handle RIAEvangelist, argued his actions are far more likely to harm Russian civilians than military and political leaders.
  • The update might also backfire and accidentally impact people outside Russia and Belarus or whose Internet was being routed through those countries.
  • Most importantly, the move could set a precedent that sabotaging open-source software is a legitimate form of protest, making the Internet substantially less safe for everyone.
  • RIAEvangelist told Motherboard that he did not intend for the software to erase computer data, only to place a file on the user’s desktop.

The move comes as officials are reassessing cyber dangers posed by open-source software in the wake of the massive log4j bug

That bug allowed hackers to potentially gain deep access to huge numbers of computer systems that run an incredibly common piece of open-source software. Most of the log4j damage appears to have been mitigated by fast patching in industry and government, but it prompted a White House summit with industry to probe whether the volunteer-led nature of open-source tools is up to the task of protecting technology against a wave of malicious hackers. 

Now, sabotage is yet another danger the open-source community will have to reckon with

The software RIAEvangelist updated, called node-IPC, is not as common as the one impacted by log4j, but it’s downloaded as much as 1 million times each week. 

The report comes as officials’ anxiety remains high about the possibility of cyber blowback from Ukraine hitting the United States

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned satellite communications firms to be on high alert for Russian hacks. 

The move was prompted by an increasingly clear picture that’s emerging of a hack against the satellite firm Viasat that significantly disrupted Ukrainian communications during the early days of the Russian invasion. That attack has not been definitively linked to the Kremlin, but U.S. officials are investigating whether Russia was responsible. 

There’s also concern that Russian cyberattacks — which have been relatively limited during the invasion so far — could become more aggressive as its military operations are bogged down and Western sanctions squeeze the Russian public. 

“The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust,” former CISA director Chris Krebs warned in a Financial Times op ed.

More from Krebs: “Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west, sending a clear message: ‘knock it off, we can make this much worse for you.’ Russian ransomware actors may also take advantage of the situation, possibly resorting to cybercrime as one of the few means of revenue generation.”

NRA belatedly confirms ransomware hack

The ransomware hacking gang Grief claimed that it locked up computers and stole data from the National Rifle Association in October, but the gun rights advocacy group refused to confirm the hack at the time. 

The NRA belatedly acknowledged in a Federal Elections Commission filing this month that the attack blocked its access to email and other computer services for two weeks, Lucas Ropek reports for Gizmodo. The filing was prompted because the NRA failed to report about $2,500 in credit card donations because the receipts were misplaced while it was coming back online. 

The NRA said back in October that it would not discuss physical or cybersecurity challenges. 

“We would also like to emphasize that our organization has implemented additional cybersecurity measures to reduce the likelihood of a recurrence,” the NRA said.

Geofence warrants have exploded in popularity, but they can violate rights, judges say

Two judges recently raised concerns about the warrants, in which prosecutors ask companies like Google for a list of devices that were active in a geographic area, Justin Jouvenal and Rachel Weiner report. 

The warrants have been helpful for police trying to narrow down suspects, but critics say they violate the rights against unreasonable searches of dozens or even hundreds of law-abiding citizens whose information can be scooped up with them.

Proliferating use: “Such ‘geofence’ search warrants have exploded nearly 600 percent in Virginia in recent years and 1,200 percent nationwide, according to Google, helping police crack bank robberies, find suspects in killings and ferret out people who were present at the Jan. 6 riot in Washington,” Justin and Rachel report

U.S. District Judge M. Hannah Lauck is one of two judges who might rein in the warrants. She ruled last month that one use of the warrants after a motel shooting was too indiscriminate and violated the rights of other motel guests.  

Lauck called on lawmakers to address the proliferating use of geofencing warrants. Lawmakers should address Lauck’s “deep concern … that current Fourth Amendment doctrine may be materially lagging behind technological innovations,” the judge wrote. 

“The rulings are likely to reverberate across Virginia and the nation as a debate over the legality of geofence warrants intensifies with their proliferation,” Justin and Rachel write. “A handful of other federal magistrate judges have turned down applications for geofence warrants, but in the vast majority of cases, they have been approved with few questions until now.”

Russians are circumventing Internet restrictions to get news about Ukraine

Russians are using virtual private networks and the anonymity software Tor to access sites blocked by Russia’s government — and that’s leading to conflict with friends and family who believe state media propaganda, Cat Zakrzewski and Gerrit De Vynck report. The use of the propaganda breaking tools is also deepening a generational divide between young, tech-savvy Russians and older people who mostly get their information from television.

“Alexander, a tech worker from Moscow in his 20s, said he’s aware of people who’ve unfriended each other online, writing posts about how they’ll never shake a certain person’s hand again because of their opinion on the war,” they write. Alexander’s aunt “stopped talking to a few of her friends whom she knew for ages,” he told Cat and Gerrit. 

Russians seem determined to get around the Internet restrictions. 

  • The top five VPNs were downloaded more than 6 million times on Apple and Google’s app stores between Feb. 24 and March 13.
  • That’s a massive increase when compared with the three weeks before Russia invaded Ukraine. During that time, the apps were downloaded just 253,000 times, according to digital intelligence firm Sensor Tower.

Chip sanctions complicate Russia’s high-tech ambitions

Russia needs advanced chips to fulfill its goals for artificial intelligence, robots and 5G wireless technology, the Wall Street Journal’s Yang Jie and Jiyoung Sohn report. But the Biden administration’s February move to restrict chip exports to Russia could significantly inhibit those plans. Russia does not have a large domestic chip industry and mostly relies on imports from companies like Taiwan Semiconductor Manufacturing Company (TSMC).

“Some of the leading Russian-designed chips are assembled by TSMC,” Jie and Sohn write. “Russia could lose access to some of these chips, though it couldn’t be determined whether these chips would be hit by sanctions.” TSMC told the Journal it is committed to complying with the export rules, but the firm declined to comment beyond that.

  • Rinki Sethi, Twitter’s former chief information security officer, joined Bill.com as vice president and chief information security officer.
  • Matt Ashburn has joined LangleyCyber as its chief strategy officer. Ashburn is a former CIA cybersecurity official.
  • Homeland Security Secretary Alejandro Mayorkas, CISA Director Jen Easterly, National Cyber Director Chris Inglis and other U.S. government officials speak at the Hack the Port 2020 conference this week.
  • Senate Homeland Security Committee Chairman Gary Peters (D-Mich.) speaks at an Information Technology Industry Council Bridge for Innovation event on Wednesday at 11 a.m.
  • CISA Executive Assistant Director Eric Goldstein and Department of Energy cybersecurity official Puesh Kumar speak at Accenture’s operational technology cybersecurity event on Wednesday at 1:30 p.m.
  • CISA senior adviser and strategist Allan Friedman speaks at an Institute for Critical Infrastructure Technology event on Thursday at 1 p.m.
  • The ShmooCon hacker convention convenes in Washington from Thursday through Saturday.
  • Inglis speaks at the Atlantic Council’s opening of its DC Cyber 9/12 Strategy Challenge on Friday at 8:30 a.m. 

Thanks for reading. See you tomorrow.