ITSecurity.org

Technology Security Controls

President Trump

Trump Fires Security Chief Christopher Krebs

by

President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.

Chris Krebs. Image: CISA.

Krebs, 43, is a former Microsoft executive appointed by Trump to head the Cybersecurity and Infrastructure Security Agency (CISA), a division of the U.S. Department of Homeland Security. As part of that role, Krebs organized federal and state efforts to improve election security, and to dispel disinformation about the integrity of the voting process.

Krebs’ dismissal was hardly unexpected. Last week, in the face of repeated statements by Trump that the president was robbed of re-election by buggy voting machines and millions of fraudulently cast ballots, Krebs’ agency rejected the claims as “unfounded,” asserting that “the November 3rd election was the most secure in American history.”

In a statement on Nov. 12, CISA declared “there is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

But in a tweet Tuesday evening, Trump called that assessment “highly inaccurate,” alleging there were “massive improprieties and fraud — including dead people voting, Poll watchers not allowed into polling locations, ‘glitches’ in the voting machines that changed votes from Trump to Biden, late voting, and many more.”

Twitter, as it has done with a remarkable number of the president’s tweets lately, flagged the statements as disputed.

By most accounts, Krebs was one of the more competent and transparent leaders in the Trump administration. But that same transparency may have cost him his job: Krebs’ agency earlier this year launched “Rumor Control,” a blog that sought to address many of the conspiracy theories the president has perpetuated in recent days.

Sen. Richard Burr, a Republican from North Carolina, said Krebs had done “a remarkable job during a challenging time,” and that the “creative and innovative campaign CISA developed to promote cybersecurity should serve as a model for other government agencies.”

Sen. Angus King, an Independent from Maine and co-chair of a commission to improve the nation’s cyber defense posture, called Krebs “an incredibly bright, high-performing, and dedicated public servant who has helped build up new cyber capabilities in the face of swiftly-evolving dangers.”

“By firing Mr. Krebs for simply doing his job, President Trump is inflicting severe damage on all Americans – who rely on CISA’s defenses, even if they don’t know it,” King said in a written statement. “If there’s any silver lining in this unjust decision, it’s this: I hope that President-elect Biden will recognize Chris’s contributions, and consult with him as the Biden administration charts the future of this critically important agency.”

KrebsOnSecurity has received more than a few messages these past two weeks from readers who wondered why the much-anticipated threat from Russian or other state-sponsored hackers never appeared to materialize in this election cycle.

That seems a bit like asking why the year 2000 came to pass with very few meaningful disruptions from the Y2K computer date rollover problem. After all, in advance of the new millennium, the federal government organized a series of task forces that helped coordinate readiness for the changeover, and to minimize the impact of any disruptions.

But the question also ignores a key goal of previous foreign election interference attempts leading up to the 2016 U.S. presidential and 2018 mid-term elections. Namely, to sow fear, uncertainty, doubt, distrust and animosity among the electorate about the democratic process and its outcomes.

To that end, it’s difficult to see how anyone has done more to advance that agenda than President Trump himself, who has yet to concede the race and continues to challenge the result in state courts and in his public statements.

Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies

by

Many of the same shadowy organizations that pay people to promote male erectile dysfunction drugs via spam and hacked websites recently have enjoyed a surge in demand for medicines used to fight malaria, lupus and arthritis, thanks largely to unfounded suggestions that these therapies can help combat the COVID-19 pandemic.

A review of the sales figures from some of the top pharmacy affiliate programs suggests sales of drugs containing hydroxychloroquine rivaled that of their primary product — generic Viagra and Cialis — and that this as-yet-unproven Coronavirus treatment accounted for as much as 25 to 30 percent of all sales over the past month.

A Google Trends graph depicting the incidence of Web searches for “chloroquine” over the past 90 days.

KrebsOnSecurity reviewed a number of the most popular online pharmacy enterprises, in part by turning to some of the same accounts at these invite-only affiliate programs I relied upon for researching my 2014 book, Spam Nation: The Inside Story of Organized Cybercrime, from Global Epidemic to Your Front Door.

Many of these affiliate programs — going by names such as EvaPharmacy, Rx-Partners and Mailien/Alientarget — have been around for more than a decade, and were major, early catalysts for the creation of large-scale botnets and malicious software designed to enslave computers for the sending of junk email.

Their products do not require a prescription, are largely sourced directly from pharmaceutical production facilities in India and China, and are shipped via international parcel post to customers around the world.

In mid-March, two influential figures — President Trump and Tesla CEO Elon Muskbegan suggesting that hydroxychloroquine should be more strongly considered as a treatment for COVID-19.

The pharmacy affiliate programs immediately took notice of a major moneymaking opportunity, noting that keyword searches for terms related to chloroquine suddenly were many times more popular than for the other mainstays of their business.

“Everyone is hysterical,” wrote one member of the Russian language affiliate forum gofuckbiz[.]com on Mar. 17. “Time to make extra money. Do any [pharmacy affiliate] programs sell drugs for Coronavirus or flu?”

The larger affiliate programs quickly pounced on the opportunity, which turned out to be a major — albeit short-lived — moneymaker. Below is a screenshot of the overall product sales statistics for the previous 30 days from all affiliates of PharmCash. As we can see, Aralen — a chloroquine drug used to treat and prevent malaria — was the third biggest seller behind Viagra and Cialis.

Recent 30-day sales figures from the pharmacy affiliate program PharmCash.

In mid-March, the affiliate program Rx-Partners saw a huge spike in demand for Aralen and other drugs containing chloroquine phosphate, and began encouraging affiliates to promote a new set of product teasers targeting people anxiously seeking remedies for COVID-19.

Their main promotion page — still online at about-coronavirus2019[.]com — touts the potential of Aralen, generic hydroxychloroquine, and generic Kaletra/Lopinavir, a drug used to treat HIV/AIDS.

An ad promoting various unproven remedies for COVID-19, from the pharmacy affiliate program Rx-Partners.

On Mar. 18, a manager for Rx-Partners said that like PharmCash, drugs which included chloroquine phosphate had already risen to the top of sales for non-erectile dysfunction drugs across the program.

But the boost in sales from the global chloroquine frenzy would be short-lived. Demand for chloroquine phosphate became so acute worldwide that India — the world’s largest producer of hydroxychloroquine — announced it would ban exports of the drug. On Mar. 25, India also began shutting down its major international shipping ports, leaving the pharmacy affiliate programs scrambling to source their products from other countries.

A Mar. 31 message to affiliates working with the Union Pharm program, noting that supplies of Aralen had dried up due to the shipping closures in India.

India recently said it would resume exports of the drug, and judging from recent posts at the aforementioned affiliate site gofuckbiz[.]com, denizens of various pharmacy affiliate programs are anxiously awaiting news of exactly when shipments of chloroquine drugs will continue.

“As soon as India opens and starts mail, then we will start everything, so get ready,” wrote one of Rx-Partners’ senior recruiters. “I am sure that there will still be demand for pills.”

Global demand for these pills, combined with India’s recent ban on exports, have conspired to create shortages of the drug for patients who rely on it to treat chronic autoimmune diseases, including lupus and rheumatoid arthritis.

While hydroxychloroquine has long been considered a relatively safe drug, some people have been so anxious to secure their own stash of the drug that they’ve turned to unorthodox sources.

On March 19, Fox News ran a story about how demand for hydroxychloroquine had driven up prices on eBay for bottles of chloroquine phosphate designed for removing parasites from fish tanks. A week later, an Arizona man died and his wife was hospitalized after the couple ingested one such fish tank product in hopes of girding their immune systems against the Coronavirus.

Despite many claims that hydroxychloroquine can be effective at fighting COVID-19, there is little real data showing how it benefits patients stricken with the disease. The largest test of the drug’s efficacy against Coronavirus showed no benefit in a large analysis of its use in U.S. veterans hospitals. On the contrary, there were more deaths among those given hydroxychloroquine versus standard care, researchers reported.

In an advisory released today, the U.S. Food and Drug Administration (FDA) cautioned against use of hydroxychloroquine or chloroquine for COVID-19 outside of the hospital setting or a clinical trial due to risk of heart rhythm problems.