News in brief: Telegram crack ‘fake’; superuser passwords leaked; election systems ‘critical infrastructure’

Telegram

Your daily round-up of some of the other security stories in the news

Telegram crack “likely to be fake”

Telegram spokesperson Markus Ra has denied a claim that the secure instant messaging app has been compromised, telling Business Insider “We think the report is likely to be fake”.

The claim is made in one of a collection of memos published by BuzzFeed that contain, in the site’s own words, “unverified, and potentially unverifiable allegations” about one Donald J Trump.

Alongside its unsubstantiated claims about the president-elect the document also asserts that Telegram has been “cracked” by Russian intelligence:

Telegram claim

In terms of other technical IT platforms, an FSB cyber operative flagged up the ‘Telegram’ enciphered commercial system as having been of especial concern and therefore heavily targeted by the FSB, not least because it was used frequently by Russian internal political activists and oppositionists. His/her understanding was that the FSB now successfully had cracked this communications software and therefore it was no longer secure to use.

CCTV vendor leaks superuser passwords

In October 2016 CCTV vendor Xiongmai made the news after it ordered a recall of 10,000 vulnerable CCTV cameras.

The company’s products were amongst those targeted by Mirai malware and used to launch a number of record breaking DDoS (Distributed Denial-of-Service) attacks. Following the attacks the cameras needed to be locked down but, embarrassingly, it seemed that the internet-connected cameras could be exploited remotely but could only be secured by sneakernet.

The company is back in the news again for all the wrong reasons.

The Register reports that a list of Xiongmai superuser passwords that could be used to “remotely take over certain CCTV systems” has been discovered on a CCTV installer’s LinkedIn page.

Election systems are ‘critical infrastructure’

Following allegations of Russian interference in the recent US election the The USA’s Department of Homeland Security (DHS) has determined that from now on election systems should be treated as “critical infrastructure”.

Secretary of Homeland Security Jeh Johnson declared in a press release that “it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law”. Those systems and assets are:

…storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments.

State and local governments will continue to run and administer elections as before but will now be able to call upon the considerable resources of the DHS for assistance with cybersecurity.

Catch up with all of today’s stories on Naked Security