Ebay Server Is Down

The graphic speaks for itself. Members can log in to eBay but there’s no functionality as of 2am ET.


DownDetector is showing large-scale outages in the UK and Germany with spotty problems in US states. However, the DownDetector map is notoriously off scale. So, take its representation more as a scattershot than a true image of the outage range.

ebay out 3_15

eBay’s Twitter feeds do not acknowledge any technical issues or problems with its website. Its Announcements page is also blank.


Five Hours and Counting Til Reconnect?

FB 3_13_19
Facebook Outage Map by DownDetector.com, 3-13-2019.

Down Detector and Twitter became the lifeline for users of social media giant Facebook and its family of apps – Instagram, Messenger and WhatsApp – as connectivity was lost. Frustrated by their blocked access, users swarmed Twitter looking for an explanation. Initial puzzlement turned to jokes and then anger as the hours ticked by with no resolution.

The main outage at Facebook started around 12pm ET (4pm GMT) and affected all or some of the applications in the USA, spread to UK, India, Singapore, Europe and across the globe.

Facebook has given no explanation for the outage but in its last tweet recognizing the problems, it did exclude a DDoS attack.

dd outages
Outages overview for the UK includes Facebook and its family of apps as well as games, one commerce site and Gmail. DownDetector.com, 3-13-2019.


Bowing to Global Pressure, Boeing Grounds 737 MAX Jets


It took the total loss of two Boeing 737 MAX 8 commercial jets, the lives of over 300 passengers and crew and grounding from every major country except the U.S. before Boeing execs submitted to reason.

Today, using Donald Trump as its spokesperson, the world’s largest aviation manufacturer agreed to stop flights of all models in the 737 MAX family, effective immediately.

In a press statement following Trump’s remarks, the company expressed “full confidence” in the 737 MAX line but after consulting with the FAA, the U.S. National Transportation Safety Board, aviation authorities and its customers, “Boeing has determined — out of an abundance of caution and in order to reassure the flying public of the aircraft’s safety — to recommend to the FAA the temporary suspension of operations of the entire global fleet of 371 737 MAX aircraft.”

Dennis Muellenberg, CEO of Boeing, expressed “deepest sympathies to the families and loved ones of those who have lost their lives in these two tragic accidents.” He also emphasized the grounding was a “proactive step out of an abundance of caution.”

Muellenberg refused to describe the crashes as due to technical or mechanical issues with the jets. He also made no mention of the software upgrade mentioned in previous reports. This software enhancement would address the flight control system, specifically the Maneuvering Characteristics Augmentation System (MCAS), used by pilots to bring the aircraft’s nose down while in the air.

Muellenberg did say his company is “doing everything we can to understand the cause of the accidents in partnership with the investigators, deploy safety enhancements and help ensure this does not happen again.”


Venezuela Plunged Into Cyber Darkness

NetBlocks.org visual of network disruption across Venezuela, 9 March 2019.

NetBlocks has reported the steady plunge into cyber darkness accompanying the widespread power outages and political turmoil in Venezuela.

Below is a chronology from March 2 through March 10 as published at the NetBlocks website.


The NetBlocks internet observatory has identified internet outages attributed to power supply disruptions affecting Venezuela’s eastern regions covering Táchira, San Cristóbal, Mérida, Trujillo, Barinas and Santa Barbara del Zulia. Measurements show the disruptions began just after 4:00AM UTC (12:00 AM VET) Friday. The incident has been ongoing for over 20 hours with six distinct, brief intermissions. READ MORE.


Twitter image and video servers and platform backends have been blocked in Venezuela from 3:10 PM UTC on state provider CANTV (AS8048) and its mobile network Movistar, as interim leader Juan Guaidó is set to arrive in Caracas after a tour of neighboring countries. The restrictions have been implemented as the leader calls supporters to the streets under the hashtags #4MVzlaALaCalle, #VamosVzla and #VamosJuntosALaCalle. READ MORE.


YouTube has been restricted by Venezuela’s state-run internet provider CANTV (AS8048) for over twenty hours, according to current network measurements from the NetBlocks internet observatory. Incident timings indicate a start time coinciding with live broadcasts from the country’s National Assembly on Wednesday. READ MORE.


The NetBlocks internet observatory has identified critical infrastructure outages across Venezuela starting 8:55 PM UTC (4:55 PM VET) Thursday 7 March, as a power disruption has knocked much of Venezuela’s internet connectivity and its utilities offline. The outage is the largest in recent network measurement records across Latin America. READ MORE.


The NetBlocks internet observatory has identified a second, major national power outage affecting critical infrastructure outages across Venezuela starting 3:40 PM UTC (11:40 AM VET) Saturday 9 March, sending 96% of the country’s telecommunications infrastructure offline. On Thursday, a widespread power disruption knocked much of Venezuela’s internet connectivity and its utilities offline. READ MORE.


Network connectivity data from the NetBlocks internet observatory shows a slow recovery for Venezuela, with 80% of the country still offline after a second nationwide power outage hit the country on Saturday. The setback followed a nationwide blackout on Thursday which left only 2% of the country connected. Venezuela has been largely offline for 68 hours with only pockets of intermittent connectivity amid an ongoing presidential crisis. READ MORE.


Boeing Jet Grounded in Major Markets Except North America

A memorial at the scene of the Ethiopian Air crash. (Sylvia Thomson/CBC)

The unexplained total loss of a Boeing 737 Max 8 jet in Ethiopia two days ago has triggered a mass rejection of the jet in major aviation markets. The European Union was the latest to ground the 737 Max 8 and 9 this afternoon following India, China, Nigeria, Australia, Singapore, Oman, Indonesia and Ethiopia, among other countries. The United States and Canada still maintain all flights and expressed confidence in the planes.

Ethiopian Airlines Flight 302 came down shortly after takeout from Addis Ababa on Sunday, killing all 157 souls aboard. The black boxes have been recovered and will be shipped out of Ethiopia for recovery.

This is the second total loss of a Boeing 737 MAX in five months, coming after a Lion Air plane carrying 189 people crashed into the Java Sea just minutes after taking off from Jakarta, Indonesia.

Boeing says it is planning a software update for the 737 MAX 8 while the Federal Aviation Authority is overseeing design changes.


Cyber Campaign Launched Against U.S. Critical Infrastructure and Defense Industries


Dozens of major companies, including in the nuclear industry, were targeted in a cyber espionage campaign that began in late October according to a spokesperson at McAfee.

According to Raj Samani, chief scientist at McAfee, 87 firms were enmeshed in the cyber assault. Individuals at the affected companies received information through social media related to job recruitment. These materials directed them to Microsoft Word documents via a Dropbox link. The documents contained malware which allowed hackers to access their systems.

A report from McAfee said that the hackers “tried to penetrate the computer networks of at least 87 companies in the nuclear, defense, energy and financial industries.”

“We don’t know what their ultimate purpose is,” said Samani, adding it is “quite likely” they were able to penetrate the company networks.

The code used in the malware is a signature of the so-called Lazarus Group, associated with the North Korean government’s intelligence services. However, McAfee also cautioned about a false flag operation.

The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.



Cozy Bear Returns Via Heather Nauert

Cozy Bear, the Russian hacking group tied to the break-in of the Democratic National Committee, made an appearance on November 4, attacking U.S. officials via email files purportedly from Heather Nauert. On the same day, officials in Germany also reported intrusions by the same group.

Nauert was subsequently named as the U.S. ambassador to the United Nations, replacing Nikki Haley.

Reuters said the hacking group was an arm of the SVR Russian Foreign Intelligence Service. The group goes by various names including Cozy Bear, CozyDuke, the Dukes, Power Dukes, Fancy Bear and APT29.

“The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emails that appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters.”

The State Department did not release information on numbers of compromised computers.

Security company FireEye said the phishing attempt targeted more than 20 of their customers, including in defense, law enforcement, media, and pharmaceuticals.

On the same day, German authorities told Der Spiegel magazine they had detected an attack targeting email accounts belonging to the country’s lawmakers, military, and embassies.



Email Hacked at National Republican Congressional Committee


Politico broke a story that four email accounts of senior aides at the National Republican Congressional Committee (NRCC) were surveilled for several months, and top GOP leadership was unaware of the intrusion until contacted by the news service.

The hack occurred during the 2018 midterm election campaigns and was discovered by a NRCC vendor. Thousands of “sensitive emails” were exposed to an outside intruder. The spying was discovered in April and then reported to the organization’s security arm and the FBI. An internal investigation was initiated.

At the time of Politico‘s report in early December, House Speaker Paul Ryan, incoming Minority Leader Kevin McCarthy and Majority Whip Steve Scalise were all in the dark about the hack as well as other members of the party.



Massive Marriott Hack Breaches Reservation Data of 500M Guests


A historically large cyber attack against a company revealed today involved the Starwood hotel properties of the global Marriott hotel chain.

The breach affected the guest reservation database of the Starwood hotels which includes the Westin and Sheraton among others. Company officials admit that 500 million guests who booked rooms through the system had their private information accessed.

Marriott purchased the Starwood chain in 2016. The breach occurred two years before the purchase and continued for four years, magnifying the depth and the numbers affected.

According to CBS, the breach included a wide swath of personal data:

For about 327 million of that number, the compromised information includes data such as names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences.

Marriott responded to its guests by setting up a web page dedicated to the security incident with FAQs and a detailed report while its stocks took an immediate nose dive. Marriott is working with law enforcement. There is no indication of the actors behind the cyber attack.



Update on VPNFilter

The Cyber Threat Alliance (CTA) posted an update on the perilous VPNFilter malware first reported in May 2018. According to its blog, the combined efforts of federal law enforcement, members of the CTA and affected networks diluted the most dangerous aspect of the multilevel malware.

Here is an excerpt from the report by Neil Jenkins:

… the destructive module of VPNFilter was never employed. So that’s a good thing. Based on our collective visibility it appears that VPNFilter activity has been severely degraded since the release of information in May and operational coordination actions with law enforcement, intelligence organizations, and CTA and its members. Talos has seen no signs of the actor trying to reconnect with the devices that still have the Stage 1 malware, and most C2 channels for the malware have been mitigated. While it is highly unlikely that the highly capable actor behind VPNFilter has stopped their activities, it does appear that they were forced to abandon the VPNFilter framework due to these coordinated actions.