This ‘zombie case’ could have big ramifications for cybersecurity firms | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Welcome to The Cybersecurity 202! Those ransomware gangs are such edgelords.

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.

Below: Trump-backed election fraud studies are a main focus under two probes, and a tool named after a popular internet meme was used to stall Islamic State activity online. First:

New court ruling sends a ‘chilling’ message to cyber companies, judge argues

An influential appeals court on Friday cleared the way for a lawsuit to proceed in a long-running feud between two manufacturers of anti-threat software. The decision could have wider ramifications for the cybersecurity industry.

The U.S. Court of Appeals for the 9th Circuit reversed a lower court’s decision to dismiss Enigma Software’s lawsuit against Malwarebytes from 2017. Enigma sued after Malwarebytes labeled Enigma’s software as “malicious,” “threats,” and “potentially unwanted programs.”

The ruling by the appeals court — which often hears appeals in suits from tech companies because its jurisdiction covers California — determined that such labels were statements of fact rather than opinion, meaning that Enigma could pursue its false advertising claim.

“Judges are not experts in the cybersecurity field,” wrote Judge Richard R. Clifton, who authored the majority opinion. “We should not presume that we are.”

But the dissenting judge, citing that same reasoning, said the majority’s opinion poses a danger to cyber firms.

With the ruling, Judge Patrick J. Bumatay wrote, “our court sends a chilling message to cybersecurity companies — civil liability may now attach if a court later disagrees with your classification of a program as ‘malware.’ But we have neither the authority nor the competence to arrogate to ourselves regulatory oversight over cybersecurity.”

In Clifton’s majority opinion, which Judge M. Miller Baker concurred with, the appeals court rejected the lower court’s ruling to dismiss the suit based on a jurisdictional question. It split the difference on two allegations that Malwarebytes wrongfully interfered with Enigma’s business and contractual relationships, siding with the district court for dismissing the suit for the latter but against the district court for the former.

  • Enigma alleged that Malwarebytes only applied the negative labels to its software after Enigma sued Bleeping Computer, claiming the website had offered “false, misleading, and deceptive information” about Enigma products because it received sales commissions from Malwarebytes, a competitor.
  • In 2016, Bleeping Computer’s lawyers called another Enigma lawsuit an “attempt to bully and censor Bleeping Computer” and said it was part of “Enigma’s long pattern of threats, intimidation and litigation.”
  • Malwarebytes sought dismissal because, as the opinion explained, the labels were “just [nonactionable] subjective opinions” instead of “verifiably false.”

Clifton wrote that the labels are actionable, however.

“Because whether software qualifies as malware is largely a question of objective fact, at least when that designation is given by a cybersecurity company in the business of identifying malware for its customers, Enigma plausibly alleged that Malwarebytes’s statements are factual assertions,” the opinion states.

Malwarebytes, Enigma and Bleeping Computer did not respond to requests for comment on Sunday.

In his dissent, Bumatay wrote that he saw the majority opinion as “plainly” wrong.

“We mistake subjective expressions of opinion for provable statements of fact — falling for the claim that some of these terms have an uncontested, objective meaning in the cybersecurity field,” he wrote.

Bumatay used adware as an example of how it can be difficult to have an objective definition of terms such as “malware,” which the majority defined by leaning on dictionary definitions related to whether something is created for a “nefarious purpose.”

  • “Adware monitors users’ online activities and habits, typically without their knowledge, and uses the collected data to display targeted advertisements or sell to third parties,” Bumatay wrote. “Adware usually comes bundled with free software (e.g., games, browser extensions, media players), allowing developers to generate revenue and continue developing useful and free software.”
  • “Adware can expose sensitive data and slow or disrupt one’s computer, though it also helps serve users with more relevant ads,” he continued. “And typically, the user has inadvertently authorized and consented to the adware’s operation via a terms and conditions agreement.”
  • “In such cases, has the adware been created and employed for ‘some nefarious purpose?’ This is plainly a subjective question that will elicit different responses from different people.”

The suit has proven to be a “zombie case,” said Eric Goldman, associate dean for research and professor at Santa Clara University School of Law. “It cannot be killed, and I don’t know why,” he told me.

“I don’t understand why it continues to wreck internet law,” he told me. “There’s something about this case that is just leaving a trail of destruction in its wake.”

Goldman has previously written about another element of the suit, related to Section 230 — which provides immunity against civil liability for online platforms — that has made its way through the court system before the Supreme Court declined to hear it in 2020.

  • The 9th Circuit had earlier created a “workaround” on Section 230 that introduced some ambiguity that muddied the waters on the matter, Goldman wrote. (Goldman had signed on to an amicus brief criticizing that decision.)
  • It also triggered commentary from Supreme Court Justice Clarence Thomas that it was “misguided,” in Goldman’s words. “This screed has perniciously inspired plaintiffs to position their Section 230 case for Supreme Court review and motivated #MAGA politicians to pursue ever-worse censorial regulatory ideas,” Goldman wrote. “The legacy of Justice Thomas’ blogging will live on long after the Enigma case is over.” (Many Republicans contend that they’ve been unfairly censored on social media platforms.)

Now, the Enigma-Malwarebytes case risks adding another dubious bullet point to its legacy, Goldman told me.

“This entire litigation casts a shadow on the entire industry of people who are keeping our computers safe,” he said. It could inspire others to “use litigation as a weapon to try and force anti-threat vendors to change their classifications or scare them from making a negative classification in the first instance, just by virtue of the litigation costs.”

It’s possible that Malwarebytes could push for a larger panel of the appeals court’s judges to rule on the opinion next. If that doesn’t happen or the case doesn’t go to the Supreme Court, the case would go back to the district court.

Trump-backed election fraud studies are main focus under two probes

Federal and state regulators are gearing their focus toward Trump-funded studies conducted by two firms to examine whether the results of the 2020 presidential election were fraudulent, our colleagues Josh Dawsey and Amy Gardner report.

“In recent days, the district attorney in Georgia’s Fulton County has asked both firms to provide research and data as investigators intensify their probe into Trump’s attempt to overturn the result of the 2020 presidential election in Georgia,” they write.

  • The research — which also involves probes into communications with Trump officials — is likely part of a broader aim to craft a racketeering case, three people familiar with the matter told our colleagues.
  • Josh and Amy write: “Federal investigators have extensively questioned witnesses about any pressure put on the firms to produce work that would give Trump results he wanted, two people with knowledge of the questioning said.”

“The hiring of the firms — which were paid about $1.5 million in total and whose work spanned November and December 2020 — originated from senior White House advisers and campaign officials who wanted to know whether any of the claims of electoral wrongdoing could be verified,” they write.

But the reports from Berkeley and Simpatico Software Systems, the research firms, indicates that some of the election claims were debunked even before Trump advisers made them public, their report adds.

Mexico leader of human rights probe targeted by Pegasus spyware

Around two years after Mexican President Andrés Manuel López Obrador established a truth commission to tackle human rights scandals the nation waged between the 1960s and 1980s, the commission’s lead investigator has been targeted with NSO Pegasus spyware, our colleagues Oscar Lopez and Mary Beth Sheridan report.

  • “Pegasus spyware was detected in the phone of Camilo Vicente Ovalle, according to the forensic analysis by Citizen Lab, a digital research center at the University of Toronto,” they write.
  • “Vicente Ovalle, who coordinates the work of the truth commission, had received an email in December from Apple warning he might have been targeted by ‘state-sponsored attackers,’” they add.

The alleged incident is part of a building probe that’s signaling citizens investigating abuses by Mexican armed forces are being targeted with malware, including journalists and people working closely with López Obrador.

  • Our colleagues add: “NSO, asked for comment on the Vicente Ovalle case, said it ‘only sells to intelligence and law enforcement customers who use these technologies to prevent crime and terror daily.’ In an emailed statement, it said Citizen Lab ‘continues to produce inconclusive reports that are unable to differentiate between the various cyber tools in use.’”

Mexican politicians have a long history of spying and espionage against their opponents. López Obrador had pledged to end political spying and has said that Pegasus is no longer in use, though Mexican digital rights groups say the nation’s military might have continued using it.

Australian cyber operators used tool named after ‘Rickrolling’ meme to disrupt Islamic State internet activity

The term “Rickrolling,” used to describe the internet meme in which 1980s pop star Rick Astley appears singing his famed song “Never Gonna Give You Up,” was used in the naming of a hacking tool that disrupt cripple online Islamic State militant efforts, Andrew Probyn reports for Australian Broadcasting Corporation.

ISIS, two years into its occupation of Mosul in 2016, was “using cyber as a tool to recruit, to coordinate, to raise funds, to spread ideology,” Mike Rogers, former director of the U.S. National Security Agency, told the outlet.

  • “Among the foreign fighters recruited by Islamic State were top-flight hackers and cybercriminals who were experts at disguising the militants’ battlefield communications,” the report adds.

Australia’s cyber intelligence agency, the Australian Signals Directorate (ASD), was tasked with helping Iraqi partner troops gain safe passage to liberate Mosul. ASD developed an internet-connected “payload” that denied the militant group’s ability to connect to the internet.

The payload contained different levels of power, and “its simplest” payload was named “Rickrolling,” Probyn writes.

  • “From a graffiti-walled basement several meters below ASD’s Canberra headquarters, on the other side of the world, operators would deploy ‘Rickrolling’ and other cyberweapons to coincide with bombs and bullets on the ground in Iraq,” he adds.

Former ASD director general Michael C. Burgess told ABC the effort was probably the first time a conventional ground-based armed force coordinated in real time with remote cyber operators.

CISA orders govt agencies to patch MOVEit bug used for data theft (Bleeping Computer)

The White House says Section 702 is critical for cybersecurity, yet public evidence is sparse (CyberScoop)

Moonlighter space-hacking satellite readies for launch (The Register)

These activists distrust voting machines. Just don’t call them election deniers. (New York Times)

YouTube to stop removing content making false claims on past elections (Reuters)

World’s spy chiefs meet in secret conclave in Singapore (Reuters)

Executive order on outbound investment will be ‘narrow’ and ‘administrable’ (The Information)

Senegal’s government suspends mobile internet access amid days of deadly clashes (The Associated Press)

Ireland will give ‘deep consideration’ to joining NATO, says Taoiseach (Buzz)

Lake Maggiore boat accident: Questions remain over spy deaths (BBC News)

Canada facing rising threat from cyberattacks, defence minister says (Reuters)

China cracks down on surge in AI-driven fraud (Wall Street Journal)

Scammers publish ads for hacking services on government websites (TechCrunch)

How to tell if your passwords were hacked—and what to do if they were (Wall Street Journal)

How university cybersecurity clinics can help cities fight ransomware (CyberScoop)

  • The Cato Institute holds an event on surveillance at 1 p.m. It holds a related event on Section 702 tomorrow at 1 p.m.
  • George Washington University holds a discussion on election security tomorrow at 1 p.m.

Thanks for reading. See you tomorrow.


Click Here For The Original Source.

National Cyber Security