In this week’s episode (#115), noted hardware enthusiast and hacker Joe Grand (aka “Kingpin”) told reporters from Bloomberg that finding an in-the-wild supply chain hack implanting malicious hardware on motherboards was akin to witnessing “a unicorn jumping over a rainbow.” They went with their story about just such an attack anyway. Joe joins us in the Security Ledger studios to talk about whether Bloomberg got it right. Also, Adam Meyers of Crowdstrike comes into the studio to talk about the U.S. Department of Justice indictment of seven Russian nationals. Adam talks about the hacks behind the charges and what comes next.
China
BLU settles with FTC over unauthorized transmission of personal customer data to China
Florida-based mobile device maker BLU has settled with the Federal Trade Commission (FTC) over charges it allowed a Chinese partner to collect detailed personal customer information from some of its devices without authorization or consent.
WeChat set to become China’s official electronic ID | Security Affairs
Officials in the Nansha District of Guangzhou, China plan to allow citizens to use the WeChat social networking application as a form of official identification for access government and private sector services, Security Affairs reports.
Spy Eyes In the Sky: DHS says DJI Drones spy for Chinese Government, Industry
The Department of Homeland Security is warning that commercial drones made by the China-based firm Da Jian Innovations (DJI) may be providing “U.S. critical infrastructure and law enforcement data” to the Chinese government and favored industries in that country, according to a copy of an August, 2017 Intelligence Bulletin (PDF) published by the website Public Intelligence.
Harvard Publishes Guide for Securing Political Campaigns
A new guide from Harvard University’s Kennedy School of Government is offering guidance to political campaigns that wish to keep hackers at bay.