House Of Representatives Tech Team Blocks All Google Appspot Apps Because Of A Single Trojan

from the well-that's...-something dept

We started receiving reports of this last week, but I wanted to track down some details. You may have seen a few other reports, noting that the tech team at the House of Representatives recently started blocking YahooMail because of a big phishing attempt targeted at Congress. On April 30th, the House's "Technology Service Desk" sent around an email stating:

In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail, etc. The attacks are focused on putting “ransomware” on users’ computers. When a user clicks on the link in the attack e-mail, the malware encrypts all files on that computer, including shared files, making them unusable until a “ransom” is paid. The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders. The primary focus appears to be through YahooMail at this time.

The House Information Security Office is taking a number of steps to address this specific attack. As part of that effort, we will be blocking access to YahooMail on the House Network until further notice. We are making every effort to put other mitigating protections in place so that we can restore full access as soon as possible.

Please do your part to help us address this recent attack and protect the House Network going forward by following proper cyber practices at all times. Phishing e-mails can look very legitimate and appear to come from known senders. Be very careful about clicking on attachments or links in e-mails, particularly when you are using non-House e-mail systems.

Obviously, it's worth being careful and concerned about this kind of thing. Those encrypted ransomware attacks have become quite popular lately, and you can imagine why some would think it would be fun to target Congress specifically. Still, blocking all of YahooMail seems... like overkill? Yes, obviously, warn everyone to be careful, and highlight the details and what to watch out for. Perhaps institute some other kinds of protections. But a blanket ban on YahooMail just seems odd.

But... that's not all. Because a few days after that happened, the same tech staff also started blocking all of appspot.com. That's where a ton of apps actually live for things like Google's App Engine. Once again, this seemed like total overkill, so I reached out to people at the House to find out what was going on, and was given the following statement:

We began blocking appspot.com on May 3 in response to indicators that appspot.com as potentially still hosting a remote access Trojan named BLT that has been there since June 2015.

Now, this is kind of interesting for a variety of reasons. The Trojan.BLT has been "associated with a major APT [Advanced Persistent Threat] campaign." Furthermore, there has been some speculation connecting it to the Office of Personnel Management (OPM) hack that was exposed last year, based on a timely warning from the FBI about "cyber actors" using a series of exploits -- including BLT -- to gain access to personally identifiable information from the government. As the FBI noted:

Trojan.BLT- a RAT that is executed from its export CreateInstance, the mutex HFRM_ is created and a process instance of cmd.exe is launched to execute the command “ipconfig/all” to collect the victim system’s MAC address. Trojan.BLT will test network connectivity by establishing a connection with a legitimate website. This malware is capable of bypassing dyndns categorization by using a proxy through Google AppProxy’s hosted on appspot domains.

Trojan.BLT will validate the connection by checking the HTTP header “Service:IIS”. Trojan.BLT will then conduct further C2 activity.

So, yes, as I was told, Trojan.BLT was first discovered making use of Google's appspot domains last June -- so it's a little unclear why there's suddenly a renewed focus on it, and why it's cause to shut down access to appspot entirely -- especially since it appears that there are tools that can detect this particular trojan.

So, on the one hand, you can understand why the House's IT staff has pulled out the nuclear option in both these cases, first banning YahooMail and then banning access to basically all of Google's hosted 3rd party apps. Ransomware or an OPM-level hack on Congress would be a massive black eye for the House's tech staff. So it must feel a lot safer to just block entirely. Of course, it's also not that likely to be effective. Ted Henderson, the creator of a social network solely for Congressional staffers called Cloakroom, and who first alerted me and many other reporters to this, was pretty clearly frustrated by this move, which obviously cut off the vast majority of his userbase from actually being able to use the app. But, he's already found a workaround (which I know because I once did an AMA on the platform and still receive notifications from the app). All users received a notification on their phones to turn off their WiFi and use their cellular connections if they wished to use Cloakroom while on Capitol Hill.

And, of course, this shows the futility of just blocking all access to an entire ecosystem like Appspot. It's not going to stop people. It's just going to frustrate people and send them looking for other paths to get that info, which may actually be more dangerous. Instead, it seems worth asking why the House IT staff isn't focused on providing better protection against the actual threat, rather than just trying to bury access to massive platforms, just because lurking somewhere on those platforms there may be something harmful.

Remember, too, that the people in the House are the same ones legislating technology issues today, and they're getting a very warped idea of how technology works thanks to the House's tech desk. A small potential problem that could be avoided with some basic precautions? Shut down the whole damn thing. This seems like exactly the wrong lesson that our elected officials and their staffers should be learning right now about technology. Protecting their computers and devices is obviously important, but it seems like the House is resorting to overkill, and hopefully this does not lead out of touch Representatives to assume that similar overkill solutions -- such as entire site blocking -- are sensible for American citizens. The House Of Representatives is blocking all apps using Google%u2019s appspot.com

Filed Under: appspot, congress, cybersecurity, google appengine, house of representatives, ransomware, trojans, yahoomail
Companies: google, yahoo

It's 2015 And Congress Is Now, Finally, Allowed To Use Open Source Technologies

from the took-'em-long-enough dept

First, the good news: members of the House of Representatives in the US Congress are now allowed to use open source technology in their offices, rather than the very limited list of proprietary offerings they were given in the past. Second, the bad news: how the hell is it 2015 and this is only becoming an option now? I guess we can't change the past, and so let's celebrate the House of Reps finally getting to this point -- which just happens to coincide with the upcoming launch of the House Open Source Caucus (led by Reps. Blake Farenthold and Jared Polis). We've talked plenty about how little Congress understands technology, software and the internet today -- so actually introducing them to the basics of open source software can only help. And, yes, this comes on the heels of a Congressional rep making a pull request on Github. So, maybe (just maybe) we're starting to see more of our elected officials actually taking the time to understand the technologies that their policies will impact.

Filed Under: congress, house of representatives, open source

Boom: House Rejects Fast Track... For Now

from the down-it-goes dept

Without getting too down in the procedural weeds, just a little while ago, the House of Representatives effectively blocked "fast track authority" for the White House on trade deals -- for now. There was a lot of political maneuvering, and apparently the President started pushing hard on Congressional Democrats to support the trade deals. Many thought the last minute push would make it happen, but with Nancy Pelosi saying that Congress needed to "slow down" fast track, fast track basically came off the table. Again, how this was done involved a lot of gamesmanship and technically a later vote on fast track actually passed very narrowly (219 to 211), but it doesn't matter, because an earlier vote on a different, related measure, needed to pass as well, as the two issues were bundled together. After a bunch of confusing procedural moves, it appears that the House of Representatives will take another shot at this next week, but considering that the key provision went down by a 302 to 126 vote, a lot of arms need to be twisted in the next week and that may not be possible. If the vote next week fails, then things are extremely bleak for the future of "fast track" and the various trade agreements the USTR is pushing.

The whole setup was somewhat confusing, because that official 302 to 126 vote was against Trade Adjustment Assistance (TAA), a program for helping workers whose jobs are displaced by trade. Such a program is usually supported by Democrats, but was rejected here in order to block Trade Promotion Authority (TPA), which was bundled with TAA on the Senate side. The later "show vote" for TPA is meaningless, because it would now need to go back to the Senate for a new vote, and the Senate won't approve TPA without TAA. And, of course, all of this is needed for the USTR and Obama to get the TPP (Trans-Pacific Partnership) approved. And, if you're confused by the fact that TAA, TPA and TPP all sound sorta similar, don't worry: that's all on purpose to confuse the hell out of you and most of the rest of the public.

Rest assured, however, that what happened today was the House of Representatives pumping the brakes on trade agreements like the TPP, after months of really heavy pressure from the White House, which had really ramped up in the past few weeks and days. This is a big blow to the USTR's program. It doesn't mean the House won't eventually get there, but it's not going to be an easy path, and this certainly could put agreements like the TPP (and TTIP and TISA) at risk.

Filed Under: congress, fast track, house of representatives, taa, tpa, tpp, trade promotion, ustr

House Of Representatives Bans Spotify Because P2P Tech Must Be Evil!!

from the clueless-congress dept

Hey look, here's a story on which we at Techdirt actually agree with the RIAA. Shocking, I know. It appears that, for reasons that are unclear to just about everyone, the IT folks in the House of Representatives have banned the use of the perfectly legal and authorized music service Spotify because it's P2P technology. According to a report at Politico:

"To help protect House data, our IT policy generally prohibits the use of peer-to-peer (P2P) technologies while operating within the secure network," a spokesman for the Office of the Chief Administrative Officer told POLITICO this week. "While Spotify is currently not authorized, the CAO has and will continue to work with outside vendors to enable the popular services that improve member communication capabilities."

Not surprisingly, this has led to complaints from Spotify, but also from the RIAA, which finds the whole thing preposterous:

RIAA CEO Cary Sherman wrote to the Hill Tuesday to explain why Spotify shouldn't violate the House's IT policy and to lend a hand in getting the decision reversed: "These services are safe and secure, and assuring access to them not only respects the contractual relationship users may have with these services, but also achieves an important public policy goal of promoting legal, safe digital providers," Sherman wrote.

That's nice and all... though it's entirely possible the reason that there's a ban on P2P technology in the House is... due to the RIAA's own efforts in years past. You may recall that, the RIAA, MPAA and other copyright maximalists have pushed for Congressional hearings on just how evil P2P technology is, and why there need to be more laws about it. Ali Sternburg, at the DiscCo Project has the details:

It may be symptomatic of Congress being susceptible to lobbyists' generally oversimplifying and misunderstanding complex technology. As EFF's Parker Higgins tweeted in response: "The years of indiscriminately vilifying p2p technology are now coming back to haunt the content industry." In particular, the policy may be a consequence of three hearings on filesharing in the House from 2007 to 2009, which received testimony criticizing filesharing: "Inadvertent File Sharing over Peer-to-Peer Networks" on July 24, 2007, before the House Committee on Oversight and Government Reform; "H.R. 2221, the Data Accountability and Protection Act and H.R. 1319, the Informed P2P User Act" on May 5, 2009, before the House Committee on Energy and Commerce, Subcommittee on Commerce, Trade, and Consumer Protection; and "Inadvertent File Sharing over Peer-to-Peer Networks: How It Endangers Citizens and Jeopardizes National Security" on July 29, 2009, before the House Committee on Oversight and Government Reform. This context suggests that maybe those hearings caused technophobic Congressmen to panic, leading to a regulation that is now mindlessly enforced as a part of House IT policy.

She admits this is not definitely why it's banned, but it does seem notable. Perhaps, next time, rather than vilifying broadly usable technology, the RIAA and others might recognize that it can actually be the solution to their challenges as well. Nah... that'll never happen.

Filed Under: bans, congress, house of representatives, p2p technology
Companies: riaa, spotify

US House Of Representatives... Is A Rogue Site?

from the wouldn't-you-know-it? dept

As the US House of Representatives continues to push for SOPA to help go after foreign "pirates," it appears that some folks at home were doing their own "research," in a way. TorrentFreak, using the YouHaveDownloaded.com tool, have matched up the IP addresses owned by the US House of Representatives, and noticed that they're downloading plenty of material that's likely to be infringing. There are a lot of books, but also software like Microsoft Windows, and even some porn. Of course, there are lots of people who work at the House of Representatives, and there is free WiFi for guests. But, chances are that, like pretty much everywhere else, sometimes people just think it's easier to get the content they want through file sharing. And some of those people work in Congress.

So when do we get to see the House of Representatives get listed as a "rogue site"?

Filed Under: congress, house of representatives, infringement, sopa

House Trying To Rush Through Its Version Of PROTECT IP; Tech Industry Asks Why?

from the slow-down dept

For a few months now we've been hearing that the version of the PROTECT IP Act from the House of Representatives was going to be released "in a couple weeks." And yet, every time it got delayed -- often because new and unexpected opposition suddenly showed up. The supporters of PROTECT IP, such as the MPAA and the US Chamber of Commerce, had always figured that this was going to be the an extremely easy bill to pass, but the very vocal opposition caught them a bit by surprise. During this time, we kept hearing from various House members working on the bill, that they would be listening to all of the concerns. During a visit to Silicon Valley last month, Rep. Bob Goodlatte, who is helping to push PROTECT IP through the House, insisted that he'd heard the concerns from some in the tech community and that the bill would be noticeably different than the Senate version.

However, a variety of groups representing the tech industry -- including CCIA, NetCoalition and CEA -- pointed out a few weeks ago that they had not been consulted at all. This was problematic, since it was the entertainment industry driving PROTECT IP almost entirely, with almost no recognition of the serious problems it would cause for innovation and job growth. Just last Friday, members of the House working on PROTECT IP finally agreed to meet with these groups representing the tech industry, to hear their concerns. But rather than listening to those concerns and working together to fix the myriad problems with the bill, the latest report is that these Reps are about to release the bill they had been working on anyway, which retains basically all of the problems of the Senate bill... and that they're then planning an accelerated push to get it approved.

This is pretty disturbing. It suggests that even after they've been shown how this bill is a jobs-destroying, innovation-hindering, internet-breaking bill, they're going to rush it through anyway, without even listening to ideas on how to fix the bill. What a legacy these representatives must want.

As noted below, CCIA, NetCoalition and CEA have all asked members of the House of Representatives to slow down and let them actually be a part of the process. Let the tech industry be heard, and make sure that the problems with PROTECT IP aren't put into law, where those who support it will end up regretting it. Hopefully some folks in the House are willing to listen.

Filed Under: copyright, house of representatives, protect ip

Internet Used To Keep House Of Reps. Broadcasting After Closure

from the don't-stop-us-now dept

If you watch the way Congress acts some of the time, you could easily mistake them for kindergartners at times, with the way they have petty grievances and blow attacks on each other totally out of proportion. Both parties engage in these silly petty spats from time to time, so this is hardly a partisan thing -- though, fans of each party tend to highlight it when the other party acts this way, and ignore it or brush it off when their own party does. Belonging to neither party, and not liking either party, I have no horse in this race, but do find what happened on Friday in the House interesting. For the sake of keeping this from being a partisan post, I'll leave out the party names, though I'm sure in the comments partisans of either side will be sure to make it clear how evil the other one is.

Anyway, one party wanted to discuss some new energy legislation and the other did not. The party that did not, decided to adjourn and shut down the House for summer "vacation" (which is usually more like "go back to my district and campaign to be re-elected" time). Some members of the other party, though, chose to stick around, even though the lights and microphones were turned off and the C-SPAN broadcast was turned off. Not only that, but they continued making speeches about the energy bill and "broadcasting" what was going on using social media tools like Twitter and Qik. Much of this campaign was led by noted early adopter Rep. John Culberson, who has been fighting hard to make such tools acceptable in the House (though, all too often in a highly partisan manner).

Either way, no matter which party you support (or if you support neither), it is cool to see Representatives learning to make use of these tools to better connect with constituents and (sometimes) to route around some of the petty rules used to shut down debate. Now, if we could just figure out a way to get each side to stop playing silly games, while then getting each side to stop automatically blaming the other for shutting off debate (when they would do the exact same thing if roles were reversed), we might actually get somewhere. Unfortunately, I know of no such technology that's likely to do that any time soon.

Filed Under: congress, house of representatives, john culberson, partisan politics, social networks