Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Softpanorama Malware Protection Bulletin, 2016

Malware 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010
2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Dec 26, 2016] Congress Passes BOTS Act To Ban Ticket-Buying Software

Dec 26, 2016 | yro.slashdot.org
(arstechnica.com) 221 Posted by BeauHD on Thursday December 08, 2016 @05:05PM from the level-the-playing-field dept. Congress passed a bill yesterday that will make it illegal for people to use software bots to buy concert tickets . Ars Technica reports: The Better Online Ticket Sales (BOTS) Act makes it illegal to bypass any computer security system designed to limit ticket sales to concerts, Broadway musicals, and other public events with a capacity of more than 200 persons. Violations will be treated as "unfair or deceptive acts" and can be prosecuted by the Federal Trade Commission or the states. The bill passed the Senate by unanimous consent last week, and the House of Representatives voted yesterday to pass it as well. It now proceeds to President Barack Obama for his signature. Computer programs that automatically buy tickets have been a frustration for the concert industry and fans for a few years now. The issue had wide exposure after a 2013 New York Times story on the issue. Earlier this year, the office of New York Attorney General Eric Schneiderman completed an investigation into bots. The New York AG's ticket sales report (PDF) found that the tens of thousands of tickets snatched up by bots were marked up by an average of 49 percent.

[Dec 26, 2016] You Can Now Rent A Mirai Botnet Of 400,000 Bots

Dec 26, 2016 | it.slashdot.org
(bleepingcomputer.com) 62 Posted by EditorDavid on Sunday November 27, 2016 @05:35PM from the telnetting-for-dollars dept. An anonymous reader writes: Two hackers are renting access to a massive Mirai botnet , which they claim has more than 400,000 infected bots, ready to carry out DDoS attacks at anyone's behest. The hackers have quite a reputation on the hacking underground and have previously been linked to the GovRAT malware, which was used to steal data from several US companies. Renting around 50,000 bots costs between $3,000-$4,000 for 2 weeks, meaning renting the whole thing costs between $20,000-$30,000.

After the Mirai source code leaked, there are countless smaller Mirai botnets around, but this one is [believed to be the one] accounting for more than half of all infected IoT devices...that supposedly shut down Internet access in Liberia . The original Mirai botnet was limited to only 200,000 bots because there were only 200,000 IoT devices connected online that had their Telnet ports open. The botnet that's up for rent now has received improvements and can also spread to IoT devices via SSH, hence the 400,000 bots total.
Interestingly, the article claims the botnet's creators had access \to the Mirai source code "long before it went public ."

[Dec 26, 2016] Uber Wants To Track Your Location Even When You're Not Using the App, Here's Why

Dec 26, 2016 | yro.slashdot.org
(businessinsider.com) 131 Posted by msmash on Wednesday November 30, 2016 @04:00PM from the why-they-do-what-they-do dept. With the most recent update to Uber's ride-hailing app, the company has begun requesting users if they are willing to share their location data with Uber app even while the app is not in use . The company says it plans to use the data gained to improve user experience -- including offering improved pick-up times and locations. From an article on Business Insider: In August the company moved away from using Google Maps for its service and began using its own mapping technology. Google's lack of accuracy in many non-Western countries led to increased friction between consumers and drivers. This means the company needs to boost the amount of location data it has. Location data could also be used to provide new channels of revenue for the digital platform. This could include serving ads of local businesses or recommending nearby places of interest to users. Mobile marketing, which relies on accurate location data is a rapidly growing industry and could serve as a revenue windfall for Uber in the years ahead as it faces increasing competition. In fact, revenue from location-targeted mobile ads is expected to grow at an annualized rate of almost 34% between 2014 and 2019, surpassing $18 billion, according to a forecast from BIA/Kelsey.

[Dec 26, 2016] International Authorities Take Down Massive 'Avalanche' Botnet, Sinkhole Over 800,000 Domains

Dec 26, 2016 | it.slashdot.org
(arstechnica.com) 53 Posted by BeauHD on Thursday December 01, 2016 @10:30PM from the largest-ever dept. plover writes: Investigators from the U.S. Department of Justice, the FBI, Eurojust, Europol, and other global partners announced the takedown of a massive botnet named "Avalanche ," estimated to have involved as many as 500,000 infected computers worldwide on a daily basis. A Europol release says: "The global effort to take down this network involved the crucial support of prosecutors and investigators from 30 countries. As a result, five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. In addition, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked." Sean Gallagher writes via Ars Technica: "The domains seized have been 'sinkholed' to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world. The Justice Department's Office for the Western Federal District of Pennsylvania and the FBI's Pittsburgh office led the U.S. portion of the takedown. 'The monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of dollars worldwide, although exact calculations are difficult due to the high number of malware families present on the network,' the FBI and DOJ said in their joint statement. In 2010, an Anti-Phishing Working Group report called out Avalanche as 'the world's most prolific phishing gang,' noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). 'During that time, it targeted more than 40 major financial institutions, online services, and job search providers,' APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."

[Dec 26, 2016] Watchdog Group Claims Smart Toys Are Spying On Kids

Dec 26, 2016 | yro.slashdot.org
(mashable.com) 70 Posted by BeauHD on Thursday December 08, 2016 @07:05PM from the always-listening dept. The Center for Digital Democracy has filed a complaint with the Federal Trade Commission warning of security and privacy holes associated with a pair of smart toys designed for children. Mashable reports: "This complaint concerns toys that spy," reads the complaint, which claims the Genesis Toys' My Friend Cayla and i-QUE Intelligent Robot can record and collect private conversations and offer no limitations on the collection and use of personal information . Both toys use voice recognition, internet connectivity and Bluetooth to engage with children in conversational manner and answer questions. The CDD claims they do all of this in wildly insecure and invasive ways. Both My Friend Cayla and i-QUE use Nuance Communications' voice-recognition platform to listen and respond to queries. On the Genesis Toy site, the manufacturer notes that while "most of Cayla's conversational features can be accessed offline," searching for information may require an internet connection. The promotional video for Cayla encourages children to "ask Cayla almost anything." The dolls work in concert with mobile apps. Some questions can be asked directly, but the toys maintain a constant Bluetooth connection to the dolls so they can also react to actions in the app and even appear to identify objects the child taps on on screen. While some of the questions children ask the dolls are apparently recorded and sent to Nuance's servers for parsing, it's unclear how much of the information is personal in nature. The Genesis Privacy Policy promises to anonymize information. The CDD also claims, however, that My Friend Cayla and i-Que employ Bluetooth in the least secure way possible. Instead of requiring a PIN code to complete pairing between the toy and a smartphone or iPad, "Cayla and i-Que do not employ... authentication mechanisms to establish a Bluetooth connection between the doll and a smartphone or tablet. The dolls do not implement any other security measure to prevent unauthorized Bluetooth pairing." Without a pairing notification on the toy or any authentication strategy, anyone with a Bluetooth device could connect to the toys' open Bluetooth networks, according to the complaint.

[Dec 26, 2016] Ransomware Compromises San Francisco's Mass Transit System

Dec 26, 2016 | news.slashdot.org
(cbslocal.com) 141

osted by EditorDavid on Sunday November 27, 2016 @01:34PM

Buses and light rail cars make San Francisco's "Muni" fleet the seventh largest mass transit system in America. But yesterday its arrival-time screens just displayed the message "You Hacked, ALL Data Encrypted" -- and all the rides were free, according to a local CBS report shared by RAYinNYC :

Inside sources say the system has been hacked for days . The San Francisco Municipal Transportation Agency has officially confirmed the hack, but says it has not affected any service... The hack affects employees, as well. According to sources, SFMTA workers are not sure if they will get paid this week. Cyber attackers also hit Muni's email systems.
Though the article claims "The transit agency has no idea who is behind it, or what the hackers are demanding in return," Business Insider reports "The attack seems to be an example of ransomware, where a computer system is taken over and the users are locked out until a certain amount of money is sent to the attacker." In addition, they're reporting the attack "reportedly included an email address where Muni officials could ask for the key to unlock its systems."

One San Francisco local told CBS, "I think it is terrifying. I really do I think if they can start doing this here, we're not safe anywhere."

[Dec 26, 2016] Adobe Flash Responsible For Six of the Top 10 Bugs Used By Exploit Kits In 2016

Dec 26, 2016 | it.slashdot.org
(onthewire.io) 72 Posted by BeauHD on Wednesday December 07, 2016 @09:05PM from the majority-rules dept. Trailrunner7 quotes a report from On the Wire: Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year , with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from their ease of use and the ability for attackers to add exploits for new vulnerabilities as needed. While there are dozens of exploit kits available, a handful of them attract the most use and attention, including Angler, Neutrino, Nuclear, and Rig. Researchers at Recorded Future looked at more than 140 exploit kits and analyzed which exploits appeared in the most kits in the last year, and it's no surprise that Flash and IE exploits dominated the landscape. Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it's deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future's analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups. "Adobe Flash Player's CVE-2015-7645, number 10 in terms of references to exploit kits, stands out as the vulnerability with the most adoption by exploit kits. Exploit kits adopting the Adobe bug in the past year include Neutrino, Angler, Magnitude, RIG, Nuclear Pack, Spartan, and Hunter," the analysis by Recorded Future says .

[Dec 26, 2016] Snowden: 'The Central Problem of the Future' Is Control of User Data

Dec 26, 2016 | tech.slashdot.org
(techcrunch.com) 157 Posted by BeauHD on Wednesday December 14, 2016 @05:00AM from the no-place-to-hide dept. Twitter CEO Jack Dorsey interviewed Edward Snowden via Periscope about the wide world of technology. The NSA whistleblower " discussed the data that many online companies continue to collect about their users , creating a 'quantified world' -- and more opportunities for government surveillance," reports TechCrunch. Snowden said, "If you are being tracked, this is something you should agree to, this is something you should understand, this is something you should be aware of and can change at any time." TechCrunch reports: Snowden acknowledged that there's a distinction between collecting the content of your communication (i.e., what you said during a phone call) and the metadata (information like who you called and how long it lasted). For some, surveillance that just collects metadata might seem less alarming, but in Snowden's view, "That metadata is in many cases much more dangerous and much more intrusive, because it can be understood at scale." He added that we currently face unprecedented perils because of all the data that's now available -- in the past, there was no way for the government to get a list of all the magazines you'd read, or every book you'd checked out from the library. "[In the past,] your beliefs, your future, your hopes, your dreams belonged to you," Snowden said. "Increasingly, these things belong to companies, and these companies can share them however they want, without a lot of oversight." He wasn't arguing that companies shouldn't collect user data at all, but rather that "the people who need to be in control of that are the users." "This is the central problem of the future, is how do we return control of our identities to the people themselves?" Snowden said.

[Dec 26, 2016] NSA's Best Are 'Leaving In Big Numbers,' Insiders Say

Dec 26, 2016 | yro.slashdot.org
(cyberscoop.com) 412 Posted by EditorDavid on Sunday December 11, 2016 @11:34AM from the blaming-Oliver-Stone dept. schwit1 quotes CyberScoop: Low morale at the National Security Agency is causing some of the agency's most talented people to leave in favor of private sector jobs , former NSA Director Keith Alexander told a room full of journalism students, professors and cybersecurity executives Tuesday. The retired general and other insiders say a combination of economic and social factors including negative press coverage -- have played a part... "I am honestly surprised that some of these people in cyber companies make up to seven figures. That's five times what the chairman of the Joint Chiefs of Staff makes. Right? And these are people that are 32 years old. Do the math. [The NSA] has great competition," he said.

The rate at which these cyber-tacticians are exiting public service has increased over the last several years and has gotten considerably worse over the last 12 months, multiple former NSA officials and D.C. area-based cybersecurity employers have told CyberScoop in recent weeks... In large part, Alexander blamed the press for propagating an image of the NSA that causes people to believe they are being spied on at all times by the U.S. government regardless of their independent actions.
"What really bothers me is that the people of NSA, these folks who take paltry government salaries to protect this nation, are made to look like they are doing something wrong," the former NSA Director added. "They are doing exactly what our nation has asked them to do to protect us. They are the heroes."

[Nov 25, 2016] Is Obama presiding over a national security state gone rogue? by Michael Cohen

National security state gone rogue is fascism. Frankly, I don't see evidence of huge abuse of US liberties. But I do see our foreign policy distorted by a counter-terror obsession
Notable quotes:
"... the government's interpretation of that law ..."
"... "One reports a crime; and one commits a crime." ..."
"... but does not include differences of opinion concerning public policy matters ..."
Jun 21, 2013 | The Guardian

Jump to comments (118)

Two weeks ago, the Guardian began publishing a series of eye-opening revelations about the National Security Agency and its surveillance efforts both in the United States and overseas. These stories raised long-moribund and often-ignored questions about the pervasiveness of government surveillance and the extent to which privacy rights are being violated by this secret and seemingly unaccountable security apparatus.

However, over the past two weeks, we've begun to get a clearer understanding of the story and the implications of what has been published – informed in part by a new-found (if forced upon them) transparency from the intelligence community. So here's one columnist's effort to sort the wheat from the chaff and offer a few answers to the big questions that have been raised.

These revelations are a big deal, right?

To fully answer this question, it's important to clarify the revelations that have sparked such controversy. The Guardian (along with the Washington Post) has broken a number of stories, each of which tells us very different things about what is happening inside the US government around matters of surveillance and cyber operations. Some are relatively mundane, others more controversial.

The story that has shaped press coverage and received the most attention was the first one – namely, the publication of a judicial order from the Fisa court to Verizon that indicated the US is "hoovering" up millions of phone records (so-called "metadata") into a giant NSA database. When it broke, the story was quickly portrayed as a frightening tale of government overreach and violation of privacy rights. After all, such metadata – though it contains no actual content – can be used rather easily as a stepping-stone to more intrusive forms of surveillance.

But what is the true extent of the story here: is this picture of government Big Brotherism correct or is this massive government surveillance actually quite benign?

First of all, such a collection of data is not, in and of itself, illegal. The Obama administration was clearly acting within the constraints of federal law and received judicial approval for this broad request for data. That doesn't necessarily mean that the law is good or that the government's interpretation of that law is not too broad, but unlike the Bush "warrantless wiretapping" stories of several years ago, the US government is here acting within the law.

The real question that should concern us is one raised by the TV writer David Simon in a widely cited blogpost looking at the issues raised by the Guardian's reporting, namely:

"Is government accessing the data for the legitimate public safety needs of the society, or are they accessing it in ways that abuse individual liberties and violate personal privacy – and in a manner that is unsupervised."

We know, for example, that the NSA is required to abide by laws that prevent the international targeting of American citizens (you can read more about that here). So, while metadata about phone calls made can be used to discover information about the individuals making the calls, there are "minimization" rules, procedures and laws that guide the use of such data and prevent possible abuse and misuse of protected data.

The minimization procedures used by the NSA are controlled by secret Fisa courts. In fact, last year, the Fisa court ruled that these procedures didn't pass constitutional muster and had to be rewritten.

Sure, the potential for abuse exists – but so, too, does the potential for the lawful use of metadata in a way that protects the privacy of individual Americans – and also assists the US government in pursuit of potential terrorist suspects. Of course, without information on the specific procedures used by the NSA to minimize the collection of protected data, it is impossible to know that no laws are being broken or no abuse is occurring.

In that sense, we have to take the government's word for it. And that is especially problematic when you consider the Fisa court decisions authorizing this snooping are secret and the congressional intelligence committees tasked with conducting oversight tend to be toothless.

But assumptions of bad faith and violations of privacy by the US government are just that assumptions. When President Obama says that the NSA is not violating privacy rights because it would be against the law, we can't simply disregard such statements as self-serving. Moreover, when one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame.

Edward Snowden: is he a hero or a traitor?

One of the key questions that have emerged over this story is the motivation of the leaker in question, Edward Snowden. In his initial public interview, with Glenn Greenwald on 9 June, Snowden explained his actions, in part, thus:

"I'm willing to sacrifice because I can't in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they're secretly building."

Now, while one can argue that Snowden's actions do not involve personal sacrifice, whether they are heroic is a much higher bar to cross. First of all, it's far from clear that the US government is destroying privacy, internet freedom and basic liberties for people around the world. Snowden may sincere about being "valiant for truth", but he wouldn't be the first person to believe himself such and yet be wrong.

Second, one can make the case that there is a public interest in knowing that the US is collecting reams of phone records, but where is the public interest – and indeed, to Snowden's own justification, the violation of privacy – in leaking a presidential directive on cyber operations or leaking that the US is spying on the Russian president?

The latter is both not a crime it's actually what the NSA was established to do! In his recent online chat hosted by the Guardian, Snowden suggested that the US should not be spying on any country with whom it's not formally at war. That is, at best, a dubious assertion, and one that is at odds with years of spycraft.

On the presidential directive on cyber operations, the damning evidence that Snowden revealed was that President Obama has asked his advisers to create a list of potential targets for cyber operations – but such planning efforts are rather routine contingency operations. For example, if the US military drew up war plans in case conflict ever occurred between the US and North Korea – and that included offensive operations – would that be considered untoward or perhaps illegitimate military planning?

This does not mean, however, that Snowden is a traitor. Leaking classified data is a serious offense, but treason is something else altogether.

The problem for Snowden is that he has now also leaked classified information about ongoing US intelligence-gathering efforts to foreign governments, including China and Russia. That may be crossing a line, which means that the jury is still out on what label we should use to describe Snowden.

Shouldn't Snowden be protected as a whistleblower?

This question of leakers v whistleblowers has frequently been conflated in the public reporting about the NSA leak (and many others). But this is a crucial error. As Tara Lee, a lawyer at the law firm DLA Piper, with expertise in defense industry and national security litigation said to me there is an important distinction between leakers and whistleblowers, "One reports a crime; and one commits a crime."

Traditionally (and often technically), whistleblowing refers to specific actions that are taken to bring to attention illegal behavior, fraud, waste, abuse etc. Moreover, the US government provides federal employees and contractors with the protection to blow the whistle on wrongdoing. In the case of Snowden, he could have gone to the inspector general at the Department of Justice or relevant congressional committees.

From all accounts, it appears that he did not go down this path. Of course, since the material he was releasing was approved by the Fisa court and had the sign-off of the intelligence committee, he had good reason to believe that he would have not received the most receptive hearing for his complaints.

Nevertheless, that does not give him carte blanche to leak to the press – and certainly doesn't give him carte blanche to leak information on activities that he personally finds objectionable but are clearly legal. Indeed, according to the Intelligence Community Whistleblower Protection Act (ICWPA), whistleblowers can make complaints over matter of what the law calls "urgent concern", which includes "a serious or flagrant problem, abuse, violation of law or executive order, or deficiency relating to the funding, administration, or operations of an intelligence activity involving classified information, but does not include differences of opinion concerning public policy matters [my italics]."

In other words, simply believing that a law or government action is wrong does not give one the right to leak information; and in the eyes of the law, it is not considered whistleblowing. Even if one accepts the view that the leaked Verizon order fell within the bounds of being in the "public interest", it's a harder case to make for the presidential directive on cyber operations or the eavesdropping on foreign leaders.

The same problem is evident in the incorrect description of Bradley Manning as a whistleblower. When you leak hundreds of thousands of documents – not all of which you reviewed and most of which contain the mundane and not illegal diplomatic behavior of the US government – you're leaking. Both Manning and now Snowden have taken it upon themselves to decide what should be in the public domain; quite simply, they don't have the right to do that. If every government employee decided actions that offended their sense of morality should be leaked, the government would never be able to keep any secrets at all and, frankly, would be unable to operate effectively.

So, like Manning, Snowden is almost certainly not a whistleblower, but rather a leaker. And that would mean that he, like Manning, is liable to prosecution for leaking classified material.

Are Democrats hypocrites over the NSA's activities?

A couple of days ago, my Guardian colleague, Glenn Greenwald made the following assertion:

"The most vehement defenders of NSA surveillance have been, by far, Democratic (especially Obama-loyal) pundits. One of the most significant aspects of the Obama legacy has been the transformation of Democrats from pretend-opponents of the Bush "war on terror" and national security state into their biggest proponents."

This is regular line of argument from Glenn, but it's one that, for a variety of reasons, I believe is not fair. (I don't say this because I'm an Obama partisan – though I may be called one for writing this.)

First, the lion's share of criticism of these recent revelations has come, overwhelmingly, from Democrats and, indeed, from many of the same people, including Greenwald, who were up in arms when the so-called warrantless wiretapping program was revealed in 2006. The reality is that outside a minority of activists, it's not clear that many Americans – Democrats or Republicans – get all that excited about these types of stories. (Not that this is necessarily a good thing.)

Second, opposition to the Bush program was two-fold: first, it was illegal and was conducted with no judicial or congressional oversight; second, Bush's surveillance policies did not occur in a vacuum – they were part of a pattern of law-breaking, disastrous policy decisions and Manichean rhetoric over the "war on terror". So, if you opposed the manner in which Bush waged war on the "axis of evil", it's not surprising that you would oppose its specific elements. In the same way, if you now support how President Obama conducts counter-terrorism efforts, it's not surprising that you'd be more inclined to view specific anti-terror policies as more benign.

Critics will, of course, argue – and rightly so – that we are a country of laws first. In which case it shouldn't matter who is the president, but rather what the laws are that govern his or her conduct. Back in the world of political reality, though, that's not how most Americans think of their government. Their perceptions are defined in large measure by how the current president conducts himself, so there is nothing at all surprising about Republicans having greater confidence in a Republican president and Democrats having greater confidence in a Democratic one, when asked about specific government programs.

Beyond that, simply having greater confidence in President Obama than President Bush to wield the awesome powers granted the commander-in-chief to conduct foreign policy is not partisanship. It's common sense.

George Bush was, undoubtedly, one of the two or three worst foreign policy presidents in American history (and arguably, our worst president, period). He and Dick Cheney habitually broke the law, including but not limited to the abuse of NSA surveillance. President Obama is far from perfect: he made the terrible decision to surge in Afghanistan, and he's fought two wars of dubious legality in Libya and Pakistan, but he's very far from the sheer awfulness of the Bush/Cheney years.

Unless you believe the US should have no NSA, and conduct no intelligence-gathering in the fight against terrorism, you have to choose a president to manage that agency. And there is nothing hypocritical or partisan about believing that one president is better than another to handle those responsibilities.

Has NSA surveillance prevented terrorist attacks, as claimed?

In congressional testimony this week, officials from the Department of Justice and the NSA argued that surveillance efforts stopped "potential terrorist events over 50 times since 9/11". Having spent far too many years listening to public officials describe terrifying terror plots that fell apart under greater scrutiny, this assertion sets off for me a set of red flags (even though it may be true).

I have no doubt that NSA surveillance has contributed to national security investigations, but whether it's as extensive or as vital as the claims of government officials is more doubtful. To be honest, I'm not sure it matters. Part of the reason the US government conducts NSA surveillance in the first place is not necessarily to stop every potential attack (though that would be nice), but to deter potential terrorists from acting in the first place.

Critics of the program like to argue that "of course, terrorists know their phones are being tapped and emails are being read", but that's kind of the point. If they know this, it forces them to choose more inefficient means of communicating, and perhaps to put aside potential attacks for fear of being uncovered.

We also know that not every terrorist has the skills of a Jason Bourne. In fact, many appear to be not terribly bright, which means that even if they know about the NSA's enormous dragnet, it doesn't mean they won't occasionally screw up and get caught.

Yet, this gets to a larger issue that is raised by the NSA revelations.

When is enough counter-terrorism enough?

Over the past 12 years, the US has developed what can best be described as a dysfunctional relationship with terrorism. We've become obsessed with it and with a zero-tolerance approach to stopping it. While the former is obviously an important goal, it has led the US to take steps that not only undermine our values (such as torture), but also make us weaker (the invasion of Iraq, the surge in Afghanistan, etc).

To be sure, this is not true of every anti-terror program of the past dozen years. For example, the US does a better job of sharing intelligence among government agencies, and of screening those who are entering the country. And military efforts in the early days of the "war on terror" clearly did enormous damage to al-Qaida's capabilities.

In general, though, when one considers the relatively low risk of terrorist attacks – and the formidable defenses of the United States – the US response to terrorism has been one of hysterical over-reaction. Indeed, the balance we so often hear about when it comes to protecting privacy while also ensuring security is only one part of the equation. The other is how do we balance the need to stop terrorists (who certainly aspire to attack the United States) and the need to prevent anti-terrorism from driving our foreign policy to a disproportionate degree. While the NSA revelations might not be proof that we've gone too far in one direction, there's not doubt that, for much of the past 12 years, terrorism has distorted and marred our foreign policy.

Last month, President Obama gave a seminal speech at the National Defense University, in which he essentially declared the "war on terror" over. With troops coming home from Afghanistan, and drone strikes on the decline, that certainly seems to be the case. But as the national freakout over the Boston Marathon bombing – and the extraordinary over-reaction of a city-wide lockdown for one wounded terrorist on the loose – remind us, we still have a ways to go.

Moreover, since no politician wants to find him- or herself in a situation after a terrorist attack when the criticism "why didn't you do more?" can be aired, that political imperative of zero tolerance will drive our counterterrorism policies. At some point, that needs to end.

In fact, nine years ago, our current secretary of state, John Kerry, made this exact point; it's worth reviewing his words:

"We have to get back to the place we were, where terrorists are not the focus of our lives, but they're a nuisance I know we're never going to end prostitution. We're never going to end illegal gambling. But we're going to reduce it, organized crime, to a level where it isn't on the rise. It isn't threatening people's lives every day, and fundamentally, it's something that you continue to fight, but it's not threatening the fabric of your life.''

What the NSA revelations should spark is not just a debate on surveillance, but on the way we think about terrorism and the steps that we should be willing to take both to stop it and ensure that it does not control us. We're not there yet.

007Prometheus

No GCHQ - MI5 - MI6 - NSA - CIA - FBI etc........... ad nausem!

How many Billions / Trillions are spent on these services? If 11/9 and 7/7 were homegrown attacks, then i think, they will take us all down with them.

NOTaREALmerican

@007Prometheus

Re: How many Billions / Trillions are spent on these services?

The wonderful thing about living in a "Keynesian" perpetually increasing debt paradise is you NEVER have to say you can't afford anything. (Well, unless you want to say it, but if you do it's just political bullshit).

So, to answer your question... A "Keynesian" never asks how much, just how much do you want.

bloopie2

"Frankly, I don't see evidence of huge abuse of US liberties"

Just wait until they come for you.

bloopie2

"When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online, highly-regulated data-mining by the NSA seems relatively tame."

Dear Sir: Please post your email addresses, bank accounts, and passwords. We'd like to look at everything.

Got a problem with that?

Tonieja

"When one considers the privacy violations that Americans willingly submit to at airports, what personal data they give to the government in their tax returns, and what is regularly posted voluntarily on Facebook, sent via email and searched for online [...]"

Wow! I don't really care about my personal email. I do care about all political activists, journalists, lawyers etc. That a journalist would support Stasi style surveillance state is astonishing.

gisbournelove

I wish I had the time to go through this article and demolish it sentence by sentence as it so richly deserves, but at the moment I don't. Instead, might I suggest to the author that he go to the guardian archive, read every single story about this in chronological order and then read every damn link posted in the comment threads on the three most recent stories.

Most especially the links in the comment threads. If after that, he cannot see why we "civil libertarian freaks" are not just outraged, but frightened, he frankly lacks both historical knowledge and any ability to analyze the facts that are staring him in the face. I can't believe I am going to have to say this again but here goes: YOU do not get to give away my contitutional rights, Mr. Cohen.

I don't give a shit how much you trust Obama compared to dubya. The Bill of Rights states in clear, unambiguous language what the Federal government may NOT do do its citizens no matter WHO is president.

goodkurtz

Michael Cohen
Frankly, I don't see evidence of huge abuse of US liberties.

Well of course you wont see them.
But the abuses are very probably already happening on a one to one basis in the same shadows in which the intelligence was first gathered.

[Nov 24, 2016] Dutch media company VPRO and Amsterdam based interactive design company Studio Moniker have created the site to remind online users about the big data and privacy

Nov 24, 2016 | yro.slashdot.org
(news.com.au) 74

Posted by BeauHD on Tuesday November 22, 2016 @05:00AM from the creepy-websites dept.

mi writes:

The site called ClickClickClick annotates your every move on its one and only page . Turn on the sound to listen to verbal annotations in addition to reading them. The same is possible for, and therefore done by, the regular sites as they attempt to study visitors looking for various trends -- better to gauge our opinions and sell us things. While not a surprise to regular Slashdotters, it is certainly a good illustration...

Dutch media company VPRO and Amsterdam based interactive design company Studio Moniker have created the site to remind online users about the "serious themes of big data and privacy." Studio Monkier designer Roel Wouters said , "It seemed fun to thematize this in a simple and lighthearted way."

[Nov 18, 2016] On Clapper resignation

Notable quotes:
"... "Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time. ..."
"... Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around. ..."
Nov 18, 2016 | www.nakedcapitalism.com

paulmeli November 17, 2016 at 3:00 pm

"Top US intelligence official: I submitted my resignation" As of January 20th or so. When he was going to be gone anyway. Just had to get his name in the news one more time.

Peter Pan November 17, 2016 at 6:37 pm

Clapper has been like a difficult to eradicate sexually transmitted disease in the intelligence community. Unfortunately, I suspect he may have already infected others who will remain and pass it around.

fresno dan November 17, 2016 at 6:54 pm

paulmeli
November 17, 2016 at 3:00 pm

So, is Obama gonna pardon him? Silly me, I keep forgetting that indisputable violations of the law are not prosecuted when done by those at the top

[Nov 07, 2016] Under the Din of the Presidential Race Lies a Once and Future Threat Cyberwarfare

This neocon propagandists (or more correctly neocon provocateur) got all major facts wrong. And who unleashed Flame and Stuxnet I would like to ask him. Was it Russians? And who invented the concept of "color revolution" in which influencing of election was the major part of strategy ? And which nation instituted the program of covert access to email boxes of all major webmail providers? He should study the history of malware and the USA covert operations before writing this propagandist/provocateur opus to look a little bit more credible...
Notable quotes:
"... Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. ..."
www.nytimes.com

The 2016 presidential race will be remembered for many ugly moments, but the most lasting historical marker may be one that neither voters nor American intelligence agencies saw coming: It is the first time that a foreign power has unleashed cyberweapons to disrupt, or perhaps influence, a United States election.

And there is a foreboding sense that, in elections to come, there is no turning back.

The steady drumbeat of allegations of Russian troublemaking - leaks from stolen emails and probes of election-system defenses - has continued through the campaign's last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election.

"Most of the biggest stories of this election cycle have had a cybercomponent to them - or the use of information warfare techniques that the Russians, in particular, honed over decades," said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. "From stolen emails, to WikiLeaks, to the hacking of the N.S.A.'s tools, and even the debate about how much of this the Russians are responsible for, it's dominated in a way that we haven't seen in any prior election."

The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access. Yet the lessons have ranged from the intensely personal to the geostrategic.

Email, a main conduit of communication for two decades, now appears so vulnerable that the nation seems to be wondering whether its bursting inboxes can ever be safe. Election systems, the underpinning of democracy, seem to be at such risk that it is unimaginable that the United States will go into another national election without treating them as "critical infrastructure."

But President Obama has been oddly quiet on these issues. He delivered a private warning to President Vladimir V. Putin of Russia during their final face-to-face encounter two months ago, aides say. Still, Mr. Obama has barely spoken publicly about the implications of foreign meddling in the election. His instincts, those who have worked with him on cyberissues say, are to deal with the problem by developing new norms of international behavior or authorizing covert action rather than direct confrontation.

After a series of debates in the Situation Room, Mr. Obama and his aides concluded that any public retaliation should be postponed until after the election - to avoid the appearance that politics influenced his decision and to avoid provoking Russian counterstrikes while voting is underway. It remains unclear whether Mr. Obama will act after Tuesday, as his aides hint, or leave the decision about a "proportional response" to his successor.

Cybersleuths, historians and strategists will debate for years whether Russia's actions reflected a grand campaign of interference or mere opportunism on the part of Mr. Putin. While the administration has warned for years about the possibility of catastrophic attacks, what has happened in the past six months has been far more subtle.

Russia has used the techniques - what they call "hybrid war," mixing new technologies with old-fashioned propaganda, misinformation and disruption - for years in former Soviet states and elsewhere in Europe. The only surprise was that Mr. Putin, as he intensified confrontations with Washington as part of a nationalist campaign to solidify his own power amid a deteriorating economy, was willing to take them to American shores.

The most common theory is that while the Russian leader would prefer the election of Donald J. Trump - in part because Mr. Trump has suggested that NATO is irrelevant and that the United States should pull its troops back to American shores - his primary motive is to undercut what he views as a smug American sense of superiority about its democratic processes.

Madeleine K. Albright, a former secretary of state who is vigorously supporting Hillary Clinton, wrote recently that Mr. Putin's goal was "to create doubt about the validity of the U.S. election results, and to make us seem hypocritical when we question the conduct of elections in other countries."

If so, this is a very different use of power than what the Obama administration has long prepared the nation for.

Four years ago, Leon E. Panetta, the defense secretary at the time, warned of an impending "cyber Pearl Harbor" in which enemies could "contaminate the water supply in major cities or shut down the power grid across large parts of the country," perhaps in conjunction with a conventional attack.

[Oct 22, 2016] Botnets can use internet enabled devices other then PC, tablets and phones

Oct 22, 2016 | www.nakedcapitalism.com

Not mentioned in the News of the Wired snips: the Dyn DDOS was the latest using a megascale IOT botnet. Coming soon to a Smart Toaster|Thermostat|Fridge|WasherDryer|EggTimer|PencilSharpener|Dishwasher|GarbageCompacter|BabyMonitor near you!

hunkerdown October 21, 2016 at 7:36 pm

I suspect various enforcement agencies are using those cameras for something else, like mass video surveillance, and having just lost a lot of TLS vulnerabilities, are motivated to keep their sources' name out of the news (as befits TS/SI NOFORN projects), though steering the industry's and the commercial market economy's Confidence Fairy out of an imminent uncontrolled landing would suffice to explain the quiet.

OpenThePodBayDoorsHAL October 21, 2016 at 7:38 pm

For people who understand what that means it is mind-blowing, the processors in your parking garage gate or your nursery's NannyCam being used in a giant global concerto of digital disruption. Smells like the NSA in a desperate attempt to disrupt the flows from Wiki, they already gave the Clinton camp their best spyware (FoxAcid) and this would be par for the course given the level of lawbreaking and dirty tricks.

cm October 22, 2016 at 1:13 am

Will be illuminating to see if Congress demands IOT accountabilty. IMO the IOT manufacturers should be held to the same level of accountability as car manufacturers,

[Oct 08, 2016] Yahoo Email Scanner Was Installed by Government

Oct 07, 2016 | news.antiwar.com
Software Could've Given NSA Much More Access Than Just Emails
Former employees of Yahoo have corroborated this week's stories about the company scanning all emails coming into their servers on behalf of the NSA, saying that the "email scanner" software was not Yahoo-built, but actually made and installed by the US government .

The employees, including at least one on Yahoo's own internal security team, reported finding the software on the email server and believing they were begin hacked, before executives informed them the government had done it. They described the software as a broader "rootkit" that could give the NSA access to much more than just emails.

To make matters worse, the employees say the government's software was "buggy" and poorly-designed , meaning it could've given other hackers who discovered it the same access to the Yahoo server, adding to the danger it posed to customers' privacy.

Yahoo itself has been mostly mum on the matter, issuing a statement claiming the initial reports were "misleading" but not elaborating at all. The NSA denied the claim outright, though they have been repeatedly caught lying about similar programs in the past.

[Sep 26, 2016] Probe of leaked U.S. NSA hacking tools examines operatives mistake

Notable quotes:
"... A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer ..."
"... The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. ..."
"... But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said. ..."
"... That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them. ..."
"... Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said. ..."
Reuters
A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible

... ... ...

But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other's missteps.

Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

That could have helped identify rival powers' hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

[Sep 18, 2016] Long-Secret Stingray Manuals Detail How Police Can Spy on Phones

Sep 18, 2016 | theintercept.com

Richard Tynan, a technologist with Privacy International, told The Intercept that the " manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

[Sep 16, 2016] Edward Snowdens New Revelations Are Truly Chilling

Notable quotes:
"... Submitted by Sophie McAdam via TrueActivist.com, ..."
"... He disclosed that government spies can legally hack into any citizen's phone to listen in to what's happening in the room, view files, messages and photos, pinpoint exactly where a person is (to a much more sophisticated level than a normal GPS system), and monitor a person's every move and every conversation, even when the phone is turned off. ..."
"... "Nosey Smurf": lets spies turn the microphone on and listen in on users, even if the phone itself is turned off ..."
"... Snowden says: "They want to own your phone instead of you." It sounds very much like he means we are being purposefully encouraged to buy our own tracking devices. That kinda saved the government some money, didn't it? ..."
"... It's one more reason to conclude that smartphones suck. And as much as we convince ourselves how cool they are, it's hard to deny their invention has resulted in a tendency for humans to behave like zombies , encouraged child labor, made us more lonely than ever, turned some of us into narcissistic selfie – addicts , and prevented us from communicating with those who really matter (the ones in the same room at the same time). Now, Snowden has given us yet another reason to believe that smartphones might be the dumbest thing we could have ever inflicted on ourselves. ..."
Oct 08, 2015 | Zero Hedge reprinted from TrueActivist.com

Submitted by Sophie McAdam via TrueActivist.com,

In an interview with the BBC's 'Panorama' which aired in Britain last week, Edward Snowden spoke in detail about the spying capabilities of the UK intelligence agency GCHQ. He disclosed that government spies can legally hack into any citizen's phone to listen in to what's happening in the room, view files, messages and photos, pinpoint exactly where a person is (to a much more sophisticated level than a normal GPS system), and monitor a person's every move and every conversation, even when the phone is turned off. These technologies are named after Smurfs, those little blue cartoon characters who had a recent Hollywood makeover. But despite the cute name, these technologies are very disturbing; each one is built to spy on you in a different way:

Snowden says: "They want to own your phone instead of you." It sounds very much like he means we are being purposefully encouraged to buy our own tracking devices. That kinda saved the government some money, didn't it?

His revelations should worry anyone who cares about human rights, especially in an era where the threat of terrorism is used to justify all sorts of governmental crimes against civil liberties. We have willingly given up our freedoms in the name of security; as a result we have neither. We seem to have forgotten that to live as a free person is a basic human right: we are essentially free beings. We are born naked and without certification; we do not belong to any government nor monarchy nor individual, we don't even belong to any nation or culture or religion- these are all social constructs. We belong only to the universe that created us, or whatever your equivalent belief. It is therefore a natural human right not to be not be under secret surveillance by your own government, those corruptible liars who are supposedly elected by and therefore accountable to the people.

The danger for law-abiding citizens who say they have nothing to fear because they are not terrorists, beware: many peaceful British protesters have been arrested under the Prevention Of Terrorism Act since its introduction in 2005. Edward Snowden's disclosure confirms just how far the attack on civil liberties has gone since 9/11 and the London bombings. Both events have allowed governments the legal right to essentially wage war on their own people, through the Patriot Act in the USA and the Prevention Of Terrorism Act in the UK. In Britain, as in the USA, terrorism and activism seem to have morphed into one entity, while nobody really knows who the real terrorists are any more. A sad but absolutely realistic fact of life in 2015: if you went to a peaceful protest at weekend and got detained, you're probably getting hacked right now.

It's one more reason to conclude that smartphones suck. And as much as we convince ourselves how cool they are, it's hard to deny their invention has resulted in a tendency for humans to behave like zombies, encouraged child labor, made us more lonely than ever, turned some of us into narcissistic selfie–addicts, and prevented us from communicating with those who really matter (the ones in the same room at the same time). Now, Snowden has given us yet another reason to believe that smartphones might be the dumbest thing we could have ever inflicted on ourselves.

[Sep 16, 2016] Leaked Demo Video Shows How Government Spyware Infects a Computer

Sep 16, 2016 | news.slashdot.org
(vice.com) 116

by BeauHD on Thursday September 08, 2016 @03:00AM

An anonymous reader quotes a report from Motherboard: Motherboard has obtained a never-before-seen 10-minute video showing a live demo for a spyware solution made by a little known Italian surveillance contractor called RCS Lab . Unlike Hacking Team, RCS Lab has been able to fly under the radar for years, and very little is known about its products, or its customers. The video shows an RCS Lab employee performing a live demo of the company's spyware to an unidentified man , including a tutorial on how to use the spyware's control software to perform a man-in-the-middle attack and infect a target computer who wanted to visit a specific website. RCS Lab's spyware, called Mito3 , allows agents to easily set up these kind of attacks just by applying a rule in the software settings. An agent can choose whatever site he or she wants to use as a vector, click on a dropdown menu and select "inject HTML" to force the malicious popup to appear, according to the video. Mito3 allows customers to listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard. The company's employee shows how such an attack would work, setting mirc.com (the site of a popular IRC chat client) to be injected with malware (this is shown around 4:45 minutes in). Once the fictitious target navigates to the page, a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware. A direct link to the YouTube video can be found here .

[Sep 16, 2016] Modified USB Ethernet Adapter Can Steal Windows and Mac Credentials

Sep 16, 2016 | apple.slashdot.org
(softpedia.com) 82

Posted by BeauHD on Wednesday September 07, 2016 @08:30PM from the stolen-credentials dept. An anonymous reader writes from a report via Softpedia: An attacker can use a modified USB Ethernet adapter to fool Windows and Mac computers into giving away their login credentials . The attack relies on using a modified USB Ethernet adapter that runs special software, which tricks the attacked computer into accepting the Ethernet adapter as the network gateway, DNS, and WPAD server. The attack is possible because most computers will automatically install any plug-and-play (PnP) USB device. Even worse, when installing the new (rogue) USB Ethernet adapter, the computer will give out the local credentials needed to install the device. The custom software installed on the USB intercepts these credentials and logs them to an SQLite database. This attack can take around 13 seconds to carry out, and the USB Ethernet adapter can be equipped with an LED that tells the attacker when the login credentials have been stolen.

[Sep 16, 2016] Wyden Calls on Senate to Prevent Expansion of Government Hacking On the Wire

Sep 16, 2016 | www.onthewire.io

A proposed change to a little-known criminal procedure "would make us less safe, not more" by allowing law enforcement agencies to hack an unlimited number of computers with a single warrant, Sen. Ron Wyden said Thursday.

Wyden (D-Ore.) spoke on the Senate floor about the proposed change to Rule 41 of the Federal Rules of Criminal Procedure, which covers the limits of search and seizure. The modification would would simplify the process for a judge to issue a search warrant for a remote search of an electronic device. It would allow judges to authorize the search of any number of devices anywhere in the United States. Because of the way the rule making process works, the change, proposed by the Department of Justice, will go into effect on Dec. 1 unless Congress passes legislation to prevent it.

In May, Wyden introduced a one-sentence bill that would prevent the change. The Senate has taken no action on the bill thus far and Wyden on Thursday warned that continued inaction on the issue would be dangerous.

"If the Senate does nothing, if the Senate fails to act, what's ahead for Americans is a massive expansion of government hacking and surveillance powers," he said. "If the Congress just says, aw gee, we have other things to do, these rules go into effect."

"What's ahead for Americans is a massive expansion of government hacking."

Wyden asked the Senate to pass his bill by unanimous consent, but Sen. John Cornyn (R-Texas) objected, saying that the change to Rule 41 was a simple one that would help law enforcement agencies know which venue is the correct one to ask for a warrant.

"These aren't substantive changes. The government must still go before a judge and make the requisite showing in order to get a search warrant," Cornyn said. "I can't imagine circumstances where we'd say the Fourth Amendment is trumped by the right to privacy. We can't let that happen and that's why these changes are so important."

Cornyn cited recent reports about hacks of the election systems in some states, possibly by foreign governments, as evidence of the need for the change.

"This isn't a time to retreat and allow cyberspace to be run amok by cybercriminals," Cornyn said. "This is a very sensible tool of venue."

Wyden said there is nothing "routine at all" about the change to Rule 41, and scolded his colleagues for not taking any action on his bill.

"The government can search potentially millions of computers with one single warrant issued by one single judge. This isn't an issue where the Seate can do some kind of ostrich act and do nothing. In my view, the limits of search and seizure are unquestionably an issue for Congress to debate."

[Sep 16, 2016] Malware Infects 70% of Seagate Central NAS Drives, Earns $86,400

Sep 16, 2016 | news.slashdot.org
(softpedia.com) 98 by EditorDavid on Saturday September 10, 2016 @09:50PM

An anonymous Slashdot reader writes: A new malware family has infected over 70% of all Seagate Central NAS devices connected to the Internet . The malware, named Miner-C or PhotoMiner, uses these hard-drives as an intermediary point to infect connected PCs and install software that mines for the Monero cryptocurrency... The crooks made over $86,000 from Monero mining so far.

The hard drives are easy to infect because Seagate does not allow users to delete or deactivate a certain "shared" folder when the device is exposed to the Internet. Over 5,000 Seagate Central NAS devices are currently infected.
Researchers estimates the malware is now responsible for 2.5% of all mining activity for the Monero cryptocurrency , according to the article. "The quandary is that Seagate Central owners have no way to protect their device. Turning off the remote access NAS feature can prevent the infection, but also means they lose the ability to access the device from a remote location, one of the reasons they purchased the hard drive in the first place."

[Sep 16, 2016] Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is

Sep 16, 2016 | yro.slashdot.org
(theintercept.com) 94 Posted by manishs on Monday September 12, 2016 @04:00PM from the truth-is-out-there dept. The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device , which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report: The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of " Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

[Sep 09, 2016] Some thoughts on the DNC email hacking scandal

Notable quotes:
"... Cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection. "We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. because of evidence from FireEye." ..."
"... FireEye is also interesting as it, along with the US Department of Defense, funds the CEPA (publishers of Ed Lucas's and Pomerantsev's screed on fighting Kremlin influence): ..."
"... I recall the FireEye story well – they used the exact same logic; the code was written on Cyrillic-keyboard machines and during Moscow working hours. Their conclusion was "It just looks so much like something the Russians would do that it must be them". No allowance for the possibility that someone else did it who wanted the USA to arrive at exactly that conclusion. Someone who has done it before, lots of times, and who makes a science out of picking fights on Uncle Sam's behalf. ..."
"... Cozy Bear and Fancy Bear? Is there proof that they actually exist? I mean real proof, not WADA proof. ..."
"... They are just code names given by a particular security outfit. Different outfits will use different names for the same entities, much in the same way that a given virus/trojan/etc will be given different names by different AV corporations. The names reflect observable characteristics such as threat type, coding style, code structure, distribution network, similar earlier threats, etc rather than a specific single person. ..."
Aug 07, 2016 | marknesop.wordpress.com
Jeremn , August 5, 2016 at 2:53 am
Some thoughts on the hacking "scandal". This article

http://www.defenseone.com/technology/2016/07/how-putin-weaponized-wikileaks-influence-election-american-president/130163/

blames the Russians thus:

"On June 14, cybersecurity company CrowdStrike, under contract with the DNC, announced in a blog post that two separate Russian intelligence groups had gained access to the DNC network. One group, FANCY BEAR or APT 28, gained access in April. The other, COZY BEAR, (also called Cozy Duke and APT 29) first breached the network in the summer of 2015. Cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection. "We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. because of evidence from FireEye."

Crowdstrike – their Co-Founder, Alperovitch, is an Atlantic Council fellow. The other firm, FireEye, has the CIA as a stakeholder:

http://venturebeat.com/2009/11/18/cias-in-q-tel-funds-fireeye-anti-botnet-security-firm/

Should give pause to thought that the intelligence services are interfering in US democracy?

No?

FireEye is also interesting as it, along with the US Department of Defense, funds the CEPA (publishers of Ed Lucas's and Pomerantsev's screed on fighting Kremlin influence):

marknesop , August 5, 2016 at 9:56 am
I recall the FireEye story well – they used the exact same logic; the code was written on Cyrillic-keyboard machines and during Moscow working hours. Their conclusion was "It just looks so much like something the Russians would do that it must be them". No allowance for the possibility that someone else did it who wanted the USA to arrive at exactly that conclusion. Someone who has done it before, lots of times, and who makes a science out of picking fights on Uncle Sam's behalf.

In the case of both FireEye and Crowdstrike, they would stop looking as soon as they arrived upon a conclusion which suited them anyway.

ucgsblog , August 5, 2016 at 12:58 pm
Cozy Bear and Fancy Bear? Is there proof that they actually exist? I mean real proof, not WADA proof.
Yonatan , August 5, 2016 at 3:04 pm
They are just code names given by a particular security outfit. Different outfits will use different names for the same entities, much in the same way that a given virus/trojan/etc will be given different names by different AV corporations. The names reflect observable characteristics such as threat type, coding style, code structure, distribution network, similar earlier threats, etc rather than a specific single person.
marknesop , August 5, 2016 at 3:23 pm
Yes, 'APT' stands for something, I forget what it was but they said it. Advanced Persistent Threat, something like that. Reply

[Sep 03, 2016] There is interesting and expert commentary to NSO group software in the Hacker News forum

Sep 03, 2016 | www.nakedcapitalism.com
Pavel , September 3, 2016 at 8:11 am

I just found this via Hacker News… perhaps it was in yesterday's links and I missed it. Truly scary in the Orwellian sense and yet another reason not to use a smartphone. Chilling read.

SAN FRANCISCO - Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like - just check out the company's price list.

The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user's location and personal contacts. These tools can even turn the phone into a secret recording device.

Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government.

Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals.

–NY Times: How Spy Tech Firms Let Governments See Everything on a Smartphone

There is interesting and expert commentary in the Hacker News forum: https://news.ycombinator.com/item?id=12417938.

Pat , September 3, 2016 at 12:01 pm

I could be wrong, but the promos for Sixty Minutes on the local news make it seem they might be about this subject. Either way it is another scare you about what your cell phone can do story, possibly justified this time.

Jeotsu , September 3, 2016 at 2:15 pm

An anecdote which I cannot support with links or other evidence:

A friend of mine used to work for a (non USA) security intelligence service. I was bouncing ideas off him for a book I'm working on, specifically ideas about how monitoring/electronics/spying can be used to measure and manipulate societies. He was useful for telling if my ideas (for a Science Fiction novel) were plausible without ever getting into details. Always very careful to keep his replies in the "white" world of what any computer security person would know, without delving into anything classified.

One day we were way out in the back blocks, and I laid out one scenario for him to see if it would be plausible. All he did was small cryptically, and point at a cell phone lying on a table 10 meters away. He wouldn't say a word on the subject.

It wasn't his cellphone, and we were in a relatively remote region with no cell phone coverage.

It told me that my book idea was far too plausible. It also told me that every cellphone is likely recording everything all the time, for later upload when back in signal range. (Or at least there was the inescapable possibility that the cell phones were doing so, and that he had to assume foreign (or domestic?) agencies could be following him through monitoring of cell phones of friends and neighbors.)

It was a clarifying moment for me.

Every cellphone has a monumental amount of storage space (especially for audio files). Almost every cellphone only has a software "switch" for turning it off, not a hardware interlock where you can be sure off is off. So how can you ever really be sure it is "off"? Answer- you can't

Sobering thought. Especially when you consider the Bluffdale facility in the USA.

[Sep 03, 2016] How Spy Tech Firms Let Governments See Everything on a Smartphone

Sep 03, 2016 | www.nytimes.com

The New York Times

There are dozens of digital spying companies that can track everything a target does on a smartphone. Credit Spencer Platt/Getty Images

SAN FRANCISCO - Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like - just check out the company's price list.

The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user's location and personal contacts. These tools can even turn the phone into a secret recording device.

Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government.

Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals.

The company is one of dozens of digital spying outfits that track everything a target does on a smartphone. They aggressively market their services to governments and law enforcement agencies around the world. The industry argues that this spying is necessary to track terrorists, kidnappers and drug lords. The NSO Group's corporate mission statement is "Make the world a safe place."

Ten people familiar with the company's sales, who refused to be identified, said that the NSO Group has a strict internal vetting process to determine who it will sell to. An ethics committee made up of employees and external counsel vets potential customers based on human rights rankings set by the World Bank and other global bodies. And to date, these people all said, NSO has yet to be denied an export license.

But critics note that the company's spyware has also been used to track journalists and human rights activists.

"There's no check on this," said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto's Munk School of Global Affairs. "Once NSO's systems are sold, governments can essentially use them however they want. NSO can say they're trying to make the world a safer place, but they are also making the world a more surveilled place."

The NSO Group's capabilities are in higher demand now that companies like Apple, Facebook and Google are using stronger encryption to protect data in their systems, in the process making it harder for government agencies to track suspects.

The NSO Group's spyware finds ways around encryption by baiting targets to click unwittingly on texts containing malicious links or by exploiting previously undiscovered software flaws. It was taking advantage of three such flaws in Apple software - since fixed - when it was discovered by researchers last month.

The cyberarms industry typified by the NSO Group operates in a legal gray area, and it is often left to the companies to decide how far they are willing to dig into a target's personal life and what governments they will do business with. Israel has strict export controls for digital weaponry, but the country has never barred the sale of NSO Group technology.

Since it is privately held, not much is known about the NSO Group's finances, but its business is clearly growing. Two years ago, the NSO Group sold a controlling stake in its business to Francisco Partners, a private equity firm based in San Francisco, for $120 million. Nearly a year later, Francisco Partners was exploring a sale of the company for 10 times that amount, according to two people approached by the firm but forbidden to speak about the discussions.

The company's internal documents detail pitches to countries throughout Europe and multimillion-dollar contracts with Mexico, which paid the NSO Group more than $15 million for three projects over three years, according to internal NSO Group emails dated in 2013.

"Our intelligence systems are subject to Mexico's relevant legislation and have legal authorization," Ricardo Alday, a spokesman for the Mexican embassy in Washington, said in an emailed statement. "They are not used against journalists or activists. All contracts with the federal government are done in accordance with the law."

Zamir Dahbash, an NSO Group spokesman, said that the sale of its spyware was restricted to authorized governments and that it was used solely for criminal and terrorist investigations. He declined to comment on whether the company would cease selling to the U.A.E. and Mexico after last week's disclosures.

For the last six years, the NSO Group's main product, a tracking system called Pegasus, has been used by a growing number of government agencies to target a range of smartphones - including iPhones, Androids, and BlackBerry and Symbian systems - without leaving a trace.

Among the Pegasus system's capabilities, NSO Group contracts assert, are the abilities to extract text messages, contact lists, calendar records, emails, instant messages and GPS locations. One capability that the NSO Group calls "room tap" can gather sounds in and around the room, using the phone's own microphone.

Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone's web browser. And all of the data can be sent back to the agency's server in real time.

In its commercial proposals, the NSO Group asserts that its tracking software and hardware can install itself in any number of ways, including "over the air stealth installation," tailored text messages and emails, through public Wi-Fi hot spots rigged to secretly install NSO Group software, or the old-fashioned way, by spies in person.

Much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users - on top of the setup fee, according to one commercial proposal.

You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter.

What that gets you, NSO Group documents say, is "unlimited access to a target's mobile devices." In short, the company says: You can "remotely and covertly collect information about your target's relationships, location, phone calls, plans and activities - whenever and wherever they are."

And, its proposal adds, "It leaves no traces whatsoever."

[Aug 21, 2016] The NSA Leak Is Real, Snowden Documents Confirm by Sam Biddle

Notable quotes:
"... The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE. ..."
Aug 19, 2016 | theintercept.com
On Monday, a hacking group calling itself the "ShadowBrokers" announced an auction for what it claimed were "cyber weapons" made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.

The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA's virtual fingerprints and clearly originates from the agency.

The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, "ace02468bdf13579." That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.

SECONDDATE plays a specialized role inside a complex global system built by the U.S. government to infect and monitor what one document estimated to be millions of computers around the world. Its release by ShadowBrokers, alongside dozens of other malicious tools, marks the first time any full copies of the NSA's offensive software have been available to the public, providing a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world, as well as concrete evidence that NSA hackers don't always have the last word when it comes to computer exploitation.

But malicious software of this sophistication doesn't just pose a threat to foreign governments, Johns Hopkins University cryptographer Matthew Green told The Intercept:

The danger of these exploits is that they can be used to target anyone who is using a vulnerable router. This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It's worse, in fact, because many of these exploits are not available through any other means, so they're just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable.

So the risk is twofold: first, that the person or persons who stole this information might have used them against us. If this is indeed Russia, then one assumes that they probably have their own exploits, but there's no need to give them any more. And now that the exploits have been released, we run the risk that ordinary criminals will use them against corporate targets.

The NSA did not respond to questions concerning ShadowBrokers, the Snowden documents, or its malware.

A Memorable SECONDDATE

The offensive tools released by ShadowBrokers are organized under a litany of code names such as POLARSNEEZE and ELIGIBLE BOMBSHELL, and their exact purpose is still being assessed. But we do know more about one of the weapons: SECONDDATE.

SECONDDATE is a tool designed to intercept web requests and redirect browsers on target computers to an NSA web server. That server, in turn, is designed to infect them with malware. SECONDDATE's existence was first reported by The Intercept in 2014, as part of a look at a global computer exploitation effort code-named TURBINE. The malware server, known as FOXACID, has also been described in previously released Snowden documents.

Other documents released by The Intercept today not only tie SECONDDATE to the ShadowBrokers leak but also provide new detail on how it fits into the NSA's broader surveillance and infection network. They also show how SECONDDATE has been used, including to spy on Pakistan and a computer system in Lebanon.

The top-secret manual that authenticates the SECONDDATE found in the wild as the same one used within the NSA is a 31-page document titled "FOXACID SOP for Operational Management" and marked as a draft. It dates to no earlier than 2010. A section within the manual describes administrative tools for tracking how victims are funneled into FOXACID, including a set of tags used to catalogue servers. When such a tag is created in relation to a SECONDDATE-related infection, the document says, a certain distinctive identifier must be used:

The same SECONDDATE MSGID string appears in 14 different files throughout the ShadowBrokers leak, including in a file titled SecondDate-3021.exe. Viewed through a code-editing program (screenshot below), the NSA's secret number can be found hiding in plain sight:

All told, throughout many of the folders contained in the ShadowBrokers' package (screenshot below), there are 47 files with SECONDDATE-related names, including different versions of the raw code required to execute a SECONDDATE attack, instructions for how to use it, and other related files.

.

After viewing the code, Green told The Intercept the MSGID string's occurrence in both an NSA training document and this week's leak is "unlikely to be a coincidence." Computer security researcher Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies, who has been particularly vocal in his analysis of the ShadowBrokers this week, told The Intercept "there is no way" the MSGID string's appearance in both places is a coincidence.

Where SECONDDATE Fits In

This overview jibes with previously unpublished classified files provided by Snowden that illustrate how SECONDDATE is a component of BADDECISION, a broader NSA infiltration tool. SECONDDATE helps the NSA pull off a "man in the middle" attack against users on a wireless network, tricking them into thinking they're talking to a safe website when in reality they've been sent a malicious payload from an NSA server.

According to one December 2010 PowerPoint presentation titled "Introduction to BADDECISION," that tool is also designed to send users of a wireless network, sometimes referred to as an 802.11 network, to FOXACID malware servers. Or, as the presentation puts it, BADDECISION is an "802.11 CNE [computer network exploitation] tool that uses a true man-in-the-middle attack and a frame injection technique to redirect a target client to a FOXACID server." As another top-secret slide puts it, the attack homes in on "the greatest vulnerability to your computer: your web browser."

One slide points out that the attack works on users with an encrypted wireless connection to the internet.

That trick, it seems, often involves BADDECISION and SECONDDATE, with the latter described as a "component" for the former. A series of diagrams in the "Introduction to BADDECISION" presentation show how an NSA operator "uses SECONDDATE to inject a redirection payload at [a] Target Client," invisibly hijacking a user's web browser as the user attempts to visit a benign website (in the example given, it's CNN.com). Executed correctly, the file explains, a "Target Client continues normal webpage browsing, completely unaware," lands on a malware-filled NSA server, and becomes infected with as much of that malware as possible - or as the presentation puts it, the user will be left "WHACKED!" In the other top-secret presentations, it's put plainly: "How do we redirect the target to the FOXACID server without being noticed"? Simple: "Use NIGHTSTAND or BADDECISION."

The sheer number of interlocking tools available to crack a computer is dizzying. In the FOXACID manual, government hackers are told an NSA hacker ought to be familiar with using SECONDDATE along with similar man-in-the-middle wi-fi attacks code-named MAGIC SQUIRREL and MAGICBEAN. A top-secret presentation on FOXACID lists further ways to redirect targets to the malware server system.

To position themselves within range of a vulnerable wireless network, NSA operators can use a mobile antenna system running software code-named BLINDDATE, depicted in the field in what appears to be Kabul. The software can even be attached to a drone. BLINDDATE in turn can run BADDECISION, which allows for a SECONDDATE attack:

Elsewhere in these files, there are at least two documented cases of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon. In the first, NSA hackers used SECONDDATE to breach "targets in Pakistan's National Telecommunications Corporation's (NTC) VIP Division," which contained documents pertaining to "the backbone of Pakistan's Green Line communications network" used by "civilian and military leadership."

In the latter, the NSA used SECONDDATE to pull off a man-in-the-middle attack in Lebanon "for the first time ever," infecting a Lebanese ISP to extract "100+ MB of Hizballah Unit 1800 data," a special subset of the terrorist group dedicated to aiding Palestinian militants.

SECONDDATE is just one method that the NSA uses to get its target's browser pointed at a FOXACID server. Other methods include sending spam that attempts to exploit bugs in popular web-based email providers or entices targets to click on malicious links that lead to a FOXACID server. One document, a newsletter for the NSA's Special Source Operations division, describes how NSA software other than SECONDDATE was used to repeatedly direct targets in Pakistan to FOXACID malware web servers, eventually infecting the targets' computers.

A Potentially Mundane Hack

Snowden, who worked for NSA contractors Dell and Booz Allen Hamilton, has offered some context and a relatively mundane possible explanation for the leak: that the NSA headquarters was not hacked, but rather one of the computers the agency uses to plan and execute attacks was compromised. In a series of tweets, he pointed out that the NSA often lurks on systems that are supposed to be controlled by others, and it's possible someone at the agency took control of a server and failed to clean up after themselves. A regime, hacker group, or intelligence agency could have seized the files and the opportunity to embarrass the agency.

Documents

Documents published with this story:

[Aug 01, 2016] FSB Detects Cyberattacks on 20 Russian Organizations, Including Military Targets

Notable quotes:
"... "Instances of planting of malicious software designed for cyber espionage in computer networks of some 20 organizations located on the territory of Russia have been exposed Information resources of public authorities, scientific and military institutions, enterprises of the military - industrial complex and other objects of country's critical infrastructure were contaminated," the statement read. ..."
sputniknews.com

Instances of planting of malicious software designed for cyber espionage in computer networks of some 20 organizations located on the territory of Russia have been exposed, according to FSB press service.

MOSCOW (Sputnik) - Russian Federal Security Service (FSB) exposed planting of malicious software designed for cyber espionage in computer networks of about 20 Russian institutions, including government and military bodies, FSB press service said Saturday.

"Instances of planting of malicious software designed for cyber espionage in computer networks of some 20 organizations located on the territory of Russia have been exposed Information resources of public authorities, scientific and military institutions, enterprises of the military - industrial complex and other objects of country's critical infrastructure were contaminated," the statement read.

The press service stressed that the attack was professionally planned, has similar traits with the previously exposed attacks from all over the world.

"The latest sets of software are made for each 'victim' individually, based on the unique characteristics of the targeted PC. The spread of the virus is carried out by the means of targeted attacks on PC by sending an e-mail containing a malicious attachment," the statement continued adding that the software made it possible to do screenshots, turn on web-camera and microphones, collect data from the keyboard use.

FSB in cooperation with the ministries and agencies took a number of measures to identify all the "victims" of the malicious program on the Russian territory, as well as to localize the threats and minimize the consequences caused by its spread.

[Aug 01, 2016] Google Bans Israeli Babylon

Notable quotes:
"... On paper, Babylon looks like an inoffensive provider of online dictionaries. In the screenshot reproduced below, one can see the home page featured in many Bolivian internet kiosks. It is a Babylon search page, designed to look like a Google search page; note the odd code appearing in its address line (a long string of nonsense numbers and letters serving as directives to the company's server, in contrast look at the address of this page), that's the first sign something is wrong. ..."
"... The second sign appears while using it; the computer reacts slowly since it is busy sending data to its Babylonian masters. This happens despite Bolivians being unable to spend money on the web; Bolivian money is not a free floating currency and thus it is banned by the international financial system. This search page is defined as a default in the user's browser while installing Babylon's dictionary. ..."
www.4thmedia.org

ProPeace | Jul 30, 2016 9:53:10 AM | 99

@98 Reppz FYI: The 4th Media " Google Bans Israeli Babylon

Bab·y·lon [noun] : In the Book of Revelation, the name of a whore who rules over the kings of the earth and rides upon a seven-headed beast. "Mystery, Babylon the Great, the Mother of Harlots and of the Abominations of the Earth."-Revelations 17:5

Internet giant Yahoo! announced on November 10, 2013, that it won't end its revenue sharing contract with Israeli Babylon, despite Google terminating its similar contract on November 30.

Google provided above 40% of Babylon's revenues during the second quarter of 2013; Yahoo! provided over 30%, which amounts to almost $20 million...

Babylon is the largest company in what is mockingly known as the Israeli Download Valley,* or in a more serious term the field of directing users. Israel has conquered several internet and information-technology niche markets. This is true to the extent that most American citizens are unwillingly sharing their secrets with the State of Israel.

I reviewed Babylon a few months ago in Microsoft Strikes Israeli Software after the American giant limited the activity of Babylon and similar companies on its browsers. Google decision was the result of pressure coming from users of its browser Chrome that correctly understood they were being robbed by Babylon.

"But, they are just nice kids translating stuff!"

On paper, Babylon looks like an inoffensive provider of online dictionaries. In the screenshot reproduced below, one can see the home page featured in many Bolivian internet kiosks. It is a Babylon search page, designed to look like a Google search page; note the odd code appearing in its address line (a long string of nonsense numbers and letters serving as directives to the company's server, in contrast look at the address of this page), that's the first sign something is wrong.

The second sign appears while using it; the computer reacts slowly since it is busy sending data to its Babylonian masters. This happens despite Bolivians being unable to spend money on the web; Bolivian money is not a free floating currency and thus it is banned by the international financial system. This search page is defined as a default in the user's browser while installing Babylon's dictionary.

Since the page looks like Google's, few users realize that their home page has been replaced, or that they had clicked on a button asking for this change while installing the dictionary. "Same, same" they say to themselves and begin telling Babylon everything about themselves. The following week, they buy a book named "French Cooking;" a few days later-so that they won't suspect the link between the events-they get a pamphlet advertising a French restaurant near their home. In thanks for the blunt violation of privacy, the Babylonian masters in Israel get a few silver coins. [...]

ProPeace | Jul 30, 2016 10:02:54 AM | 100

[...] *Mocking Silicon Valley, other players in the Israeli Download Valley are Waze, Perion, the manager of the IncrediMail, Smilebox and SweetIM brands, VisualBee, Montiera, Fried Cookie Software, WebPick, Linkury, Bundlore, iBario and KeyDownload. These are Israel's Weapons of Mass Distraction.

Another niche market is far more dangerous. An offshoot of Golden Pages, the Israeli business phone directory company, Amdocs develops, implements and manages software and services for business support systems, including billing, customer relationship management, and for operations support systems. If your phone company is AT&T, BT Group, Sprint, T-Mobile, Vodafone, Bell Canada, Telus, Rogers Communications, Telekom Austria, Cellcom, Comcast, DirecTV, Elisa Oyj, TeliaSonera or O2-Ireland, then Israel has access to much of your communications and bills, including credit cards numbers.

Also important in this context is Check Point, a provider of software and combined hardware and software products for IT security, including network security, endpoint security, data security and security management. In other words, the supermarket near your home probably uses products from this giant to secure its transactions. Israel has access to all of them. This apparently innocent company got so rich that its CEO sits in a penthouse office atop Tel Aviv's highest tower.

See Waze of Israel: Google Beats Facebook for a detailed description of how one of this companies operates as more than a spying device allowing to coordinate agents on the field.

[Jul 06, 2016] Researchers dubbed the malware HummingBad.

fortune.com

The gang juiced clicks to make about $300,000 per month in fraudulent revenue.

In case you needed a reminder that hacking is big business: a group of cybercriminals operating as part of a Chinese advertising firm, has been running a malicious ad racket that rakes in roughly $300,000 monthly, according to Check Point, an Israeli cybersecurity company.

The researchers who exposed the alleged scam found that apps from Yingmob, the Chinese ad firm, were installed on nearly 85 million mobile devices running Google's goog Android operating system. Of those, nearly 10 million were found to be running malicious software developed by the firm to display ads, generate illegitimate clicks, download fraudulent apps, and make money.

"It would just take a flip of the switch, and this could turn into a botnet that could do more nefarious things than serve advertisements," Dan Wiley, Check Point's chkp head of incident response, said on a call with Fortune.

The malicious software, he said, could easily be used to steal data from its targets, wage denial of service attacks against companies, or spy on people's activities. He said that the group could turn all of Yingmob's apps (200, of which 50 were deemed malicious) into malware with a simple update, and then sell access to those tens of millions of compromised machines to the highest bidder who would then have free range to do as he or she pleased.

The malware worked by installing a bundle of software known as a rootkit that gives computer crackers total control over infected devices, letting them engage in ad fraud. The campaign, dubbed "HummingBad" by the researchers, allowed the group to discreetly display a total of 20 million ads, generate 2.5 million clicks, and download 50,000 apps on the compromised machines per day, earning them about $10,000 daily.

Infected devices were mostly in China (1.6 million) and India (1.4 million). The Philippines and Indonesia represented half a million infected devices each, while the United States accounted for about 287,000 and Russia 208,000, among other countries.

[Jun 28, 2016] Malvertising, a hack that takes advantage of comprised ad networks and which is increasingly sited by privacy and security advocates as a reason to use ad-blockers.

Notable quotes:
"... The New York Times ..."
www.wired.com

Last weekend, hackers hijacked ad campaigns that ran across the web sites of the BBC, The New York Times, Newsweek, and other high-profile news domains, according to the security firm Malwarebytes, whose researchers first spotted the activity. As reported by The Guardian, the malware targeted US visitors and took advantage of numerous exploits to attempt to download itself on people's computers, encrypt their hard-drives, and then demand bitcoin payment in order to decrypt their data.

This episode combines two hot-button issues in online security right now: ransomware, the hostage-style hack that is on the rise, and malvertising, a hack that takes advantage of comprised ad networks and which is increasingly sited by privacy and security advocates as a reason to use controversial ad-blockers.

[Jun 09, 2016] Mcrosoft wont back down from Windows 10 nagware trick

That's pretty disingenuous approach that means that Windows 10 is a malware. Shame on Microsoft leadership. This dirty trick with assuming that closing dialof means saying yes to upgrade is actually a typical malware authors approach. Like one commenter said "Total asshattery. "We decided to screw you over and we meant it"."
Notable quotes:
"... Redmond recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red "X" to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade. ..."
"... The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK. ..."
May 26, 2016 | The Register
Recent Articles

Microsoft is hurt and disappointed that people would think it was trying to "trick" them with a confusing Windows 10 upgrade dialog that scheduled an upgrade without users explicitly agreeing to do so.

Redmond recently created a new Windows 10 nagware reminder that presented a dialog asking you to install the OS. But if users clicked the red "X" to close the dialog - standard behaviour for dispelling a dialog without agreeing to do anything - Microsoft took that as permission for the upgrade.

Redmond (via its flacks) has e-mailed The Register – and, we presume, World+Dog – to say that the UI had worked like that for ages: "the UI of our 'your upgrade is scheduled' notification is nothing new (including the ability to just 'X-out' of the notification with no further action needed to schedule your upgrade) – it's been part of the notification UI for months" (their emphasis, not ours).

In this Knowledge Base article, Microsoft notes that "Based on customer feedback, in the most recent version of the Get Windows 10 (GWX) app, we confirm the time of your scheduled upgrade and provide you an additional opportunity for cancelling or rescheduling the upgrade."

+Comment: You'll have noticed that Microsoft didn't say it would re-write the app so that closing the app is taken as a "no", as happens for just about every other dialog Windows offers.

Or is Redmond saying users who didn't like the UI sleight-of-hand are at fault for delving into its Knowledge Base every time they find a dialog confusing? We'd expect commenters to have an opinion on this …

Ralph B
My opinion on this?

My opinion on this.

robidy
Re: My opinion on this?

Ralph, you post doesn't do the link justice.

You should clarify that the link is to a remarkably helpful tool that will stop the nagware, prevent inadvertent deployment of Windows 10 by desktop users, recover lost disk space and hopefully prevent mobile users busting their data limits downloading a large Windows 10 installer.

It has a helpful command line interface for use in enterprise environments which is vital for smooth and effective deployment.

It will also clear up gigabytes of disk space lost when GWX installs, some people have claimed it's freed up over 10GB!

PS. I have no connection with the author.

PPS. User beware - take the usual precautions before deploying any application...test it!

Anonymous Coward
Re: My opinion on this?

OK, so I've run the software and restarted, and the nagware is gone from my system tray but the Windows 10 update is still in the Control Panel Windows Update and still a default selection. Was I just expecting too much?

Ralph B

Re: My opinion on this?

> Was I just expecting too much?

Never10 doesn't/can't stop the Windows Update from downloading the Control Panel Windows Update. It just stops the update from being used - via Microsoft's official group policy settings.

cornz 1

Re: My opinion on this?

Hmm, this is nothing more than a tool to automate the creation/destruction of 2 registry keys.

Surrounded (as typical for GRC) with a great deal of fanfare, like its some major achievement.

He moans about the file size being 56k, well, here you go, in 244 bytes.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Gwx]

"DisableGwx"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

"DisableOSUpgrade"=dword:00000001

Because all the program does is create or delete those 2 keys.

That's it.. And this is new information how exactly?

RayStantz

Re: My opinion on this?

Awwww Microsofts feelings are hurt.... I DOUBT IT!!!

It doesn't take a genius or even someone with a degrees in social behavior or even Engineering to point out how right out horrible an idea this is to FORCE people to download Windows 10, this is NOTHING to do with if its a good program or not, it has all to do with people and their right to choose as well as the damage this has done by ignorantly having the program install without even the knowledge of the owner of the computer even being aware of it if they happen to not be around the computer at the time it installs.

The damage it has done to some computers, the loss of personal information and money its caused not to mention how it interrupted people at work for a long period of time and more not even mentioning the stress shows how this is by no means something "good" Microsoft was doing for their customers, it was them forcing their will on people as they saw fit, something that is as close to digital rape as one can get in my opinion and to add to the insult they act like they know better then we do, for months they asked people if they want to upgrade to windows 10, harassing them with this like its an ad and people were fully aware of the choice to upgrade or not and so at this point the people who didn't were all saying NO!!! So how is this justified??? HOW!!! You have no way to opt out unless you turn off the updates MAYBE and/or go to some other outside application like i did to stop it from being forced on my system!!

So Microsoft is "hurt" BULL, its a simple case of them not caring and forcing others but in this case its caused damage and in my opinion, they are liable, class action sounds good about now!

Also, i hear a lot of good things about Apple!

Mark 85

Re: My opinion on this?

Awwww Microsofts feelings are hurt.... I DOUBT IT!!!

Sure they are, just like the advertisers' feeling are hurt that we use adblockers, or the malware writers' feelings are hurt because we won't respond to their attempts, or Microsoft Techs' feelings are hurt because we won't allow them to get rid of all the viruses on our computers.

Oh wait.. Hurt=Bottom Line... Tough.. hurt all you want, you bastards.

Ralph B

Re: so

> Thus failing Microsofts own 'Windows Certification' then?

He's right, you know.

[quote]

The Close button on the title bar should have the same effect as the Cancel or Close button within the dialog box. Never give it the same effect as OK.

[/quote]

Anonymous Coward

Re: so

Microsoft Marketing / Terry Myerson :

Nothing like Microsoft's own documentation to bring a Company down and cause it to grovel out of a situation. (One rule for them, another rule for the rest of us)

You'll be changing that Dialog Box pronto then, to avoid a Class Action Lawsuit? Thought so.

Great find (The Windows Certification Documentation)...Thank you.

For all the folk with limited eyesight, dexterity problems, or other disabilities that have put up with the MS shit for months now. Shame on you Microsoft, we have laws against this type of inequality.

[Jun 03, 2016] OEM software update tools preloaded on PCs are a security mess by Lucian Constantin

May 31, 2016 | PCWorld

Researchers found remote code execution flaws in support tools from Acer, Asus, Lenovo, Dell, and HP.

Serious vulnerabilities have crept into the software tools that PC manufacturers preload on Windows computers, but the full extent of the problem is much worse than previously thought.

Researchers from security firm Duo Security have tested the software updaters that come installed by default on laptops from five PC OEMs (original equipment manufacturers) -- Acer, ASUSTeK Computer, Lenovo, Dell and HP -- and all of them had at least one serious vulnerability. The flaws could have allowed attackers to remotely execute code with system privileges, leading to a full system compromise.

In most cases, the problems resulted from the OEM software updaters not using encrypted HTTPS connections when checking for or downloading updates. In addition, some updaters didn't verify that the downloaded files were digitally signed by the OEM before executing them.

The lack of encryption for the communication channel between an update tool and the OEM's servers allows attackers to intercept requests and to serve malicious software that would be executed by the tool. This is known as a man-in-the-middle attack and can be launched from insecure wireless networks, from compromised routers, or from higher up in the Internet infrastructure by rogue ISPs or intelligence agencies.

Who designed this stuff?

In some cases, even when the OEMs implemented HTTPS and digital signature validation, there were other oversights and flaws that could have allowed attackers to bypass the security measures, the Duo Security researchers found.

"During our research, we were often greeted by an intricate mess of system services, web services, COM servers, browser extensions, sockets, and named pipes," the researchers said in their report. "Many confusing design decisions made us wonder if projects were assembled entirely from poor StackOverflow posts."

The five companies did not immediately respond to requests for comment on the Duo Security report.

The security and behavior of the update tools were not even consistent on the same system, let alone the same manufacturer. In some cases, OEMs had different tools that downloaded updates from different sources with significantly different levels of security, the researchers found.

For example, the Lenovo Solutions Center (LSC) was one of the best software updaters tested by the researchers, with solid man-in-the-middle protections. This might be because other flaws were found in LSC several times in the past, drawing the company's attention to it.

On the other hand, the tested Lenovo systems also had a second update tool installed called UpdateAgent that had absolutely no security features and was one of the worst updaters Duo Security analyzed.

The tools preloaded by Dell, namely the Dell Update software and the update plugin of the Dell Foundation Services (DFS), were some of the most well-designed updaters, but that's only if a critical issue caused by the self-signed eDellRoot certificate, found by Duo Security back in November, is excluded.

Since then Dell seems to have beefed up its software update implementations. The Duo researchers found several other issues in the DFS version that came preinstalled on their system, but Dell silently patched them in an update in January before they even had a chance to report them.

HP's updater, the HP Support Solutions Framework (HPSSF) with its HP Download and Install Assistant component, also had decent security in place at first glance. However, the researchers found several ways to bypass some of those protections, mainly because of inconsistent implementations.

The issues with HPSSF stem from its large number of components and the different ways in which they interact with each other. Sometimes the same type of protection, like the signature verification was implemented in multiple places in different ways.

HP's bloatware was the worst

This tendency for complexity was also observed in HP's decision to install an unusually large number of support tools on its PCs.

HP "exposed the most attack surface due to the enormous number of proprietary tools included with the machine," the researchers said. "We're not really sure what they all do and we kind of got sick of reversing them after a while, so we stopped."

The updaters that fared worse, aside from Lenovo's UpdateAgent, which the company plans to retire and remove from systems in June, were those from Acer and Asus. Not only did they lack HTTPS or file signature validation, but according to Duo Security, the issues remain unpatched.

The main advice of the Duo researchers for users is to wipe the preloaded Windows version that comes with their computer and to install a clean copy of Windows. In most cases they should be able to use their existing license key, which in newer Windows versions is detected automatically during Windows installation.

"The level of sophistication required to exploit most of the vulnerabilities we found is somewhere between that possessed by a coffee stain on the Duo lunch room floor and your average potted plant -- meaning, trivial," the Duo researchers said in a blog post.

And that's based only on an analysis of OEM update tools, not all the third-party software that vendors commonly install on new computers. Who knows what other flaws those applications might have?

[May 24, 2016] New DMA Locker ransomware is ramping up for widespread attacks By Lucian Constantin

It is unclear what is the distribution mechanism for this ransomware.

A new ransomware program called DMA Locker has reached maturity and shows signs of being distributed in widespread attacks.

Another big change is that the encryption routine now relies on a command-and-control server to generate unique public and private RSA keys for each infection.

The malware first generates a unique AES (Advanced Encryption Standard) key for every file that it encrypts. That key is then encrypted with a public RSA key and gets appended to the beginning of the file.

In order to decrypt the affected files, users need the corresponding private RSA key that is in the attacker's possession in order to recover the AES keys for each of their files and then use those keys to decrypt their content.

Previous DMA Locker versions did not use a command-and-control server so the RSA private key was either stored locally on the computer and could be recovered by reverse-engineering, or the same public-private key pair was used for an entire campaign. This meant that if someone paid for the private RSA key, that same key would work on multiple computers and could be shared with other victims.

All of these issues have been fixed by adopting a server-based model, which is typical for how most other ransomware programs work. Once it infects a computer, DMA Locker will now wait for a connection with the server to be established so it can send a unique computer ID and have a unique RSA public key generated for it.

The good news it that, for now, the server is not hosted on the Tor anonymity network, so it should be fairly easy to block by security products, preventing the malware from ever initiating its encryption routine.

DMA Locker also stands out by how it chooses the files to encrypt. Almost all file-encryption ransomware programs have a list of file extensions that they will target. Instead, DMA Locker has a list of extensions that it will not touch, encrypting everything else and potentially causing more damage.

It will also encrypt files on network shares where the computer has write access, even if those shares have not been mapped locally to a drive letter.

As always, with ransomware programs prevention is key. Performing regular backups to locations that are only temporarily accessible from the computer, such as an USB hard disk drive that's only connected during backup operations, is very important.

[Apr 16, 2016] Out-of-Date Apps Put 3 Million Servers At Risk of Crypto Ransomware Infections

[Apr 16, 2016] Researchers Find Hybrid GozNym Malware, 24 Financial Institutions Already Affected

This new type of ransomware makes using VPN proxy much more desirable. Also for all site outside trusted list you need to use the highest level of security,
It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation.
securityintelligence.com
Posted by manishs on Saturday April 16, 2016 @10:30AM from the keep-an-eye-on-your-bank dept.

An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers.

It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym."

[Apr 12, 2016] The ransomware that knows where you live

Email based ransomware hunts for dupes. and is very successful in this activity. But they are still dupes. This danger is several years old and is covered by media to death (Cryptolocker appeared around September, 2013). That's why " it might be so "hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware."
For some individuals without backups, paying the ransom might be the only way to retrieve their data.
"However, every person that does that makes the business more valuable for the criminal and the world worse for everyone," he said.
Apr 12, 2016 | bbc.com

A widely distributed scam email that quoted people's postal addresses links to a dangerous form of ransomware, according to a security researcher.

Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4's You and Yours that discussed the phishing scam.

Mr Brandt discovered that the emails linked to ransomware called Maktub.

The malware encrypts victims' files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained.

One of the emails was received by You and Yours reporter Shari Vahl. "It's incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive - it happens in seconds," Mr Brandt told the BBC. "This is the desktop version of a smash and grab - they want a quick payoff." --[This is baloney, speed of encryption is limited by the speed of writing to the hard drive, so for the hard drive with sizable user data (especially such as photo, music and video) this ten of minutes probably more then an an hour not seconds --NNB]

Maktub doesn't just demand a ransom, it increases the fee - which is to be paid in bitcoins - as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately $580. This rises to 1.9 bitcoins, or $790, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not. One of the organisations named was the Koestler Trust, a charity which helps ex-offenders and prisoners produce artwork. "We rely on generous members of the public and we were very distressed when we discovered that people felt they had received emails from us asking for money, when indeed they had not been generated by us at all," chief executive Sally Taylor told You and Yours. Addresses included

One remarkable feature of the scam emails was the fact that they included not just the victim's name, but also their postal address. Many, including BBC staff, have noted that the addresses are generally highly accurate. According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it's still not clear how scammers were able to gather people's addresses and link them to names and emails. The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

[Apr 12, 2016] Petya ransomware encryption system cracked

Apr 11, 2016 | BBC News

Petya ransomware victims can now unlock infected computers without paying.

An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up.

In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer.

The malware, which started circulating in large numbers in March, demands a ransom of 0.9 bitcoins (£265).

It hid itself in documents attached to emails purporting to come from people looking for work.

Scrambling schemes

Security researcher Lawrence Abrams, from the Bleeping Computer news site, said the key generator could unlock a Petya-encrypted computer in seven seconds.

But the key generator requires victims to extract some information from specific memory locations on the infected drive.

And Mr Abrams said: "Unfortunately, for many victims extracting this data is not an easy task."

This would probably involve removing the drive and then connecting it up to another virus-free computer running Windows, he said.

Another tool can then extract the data, which can be used on the website set up to help people unlock their computer.

Independent security analyst Graham Cluley said there had been other occasions when ransomware makers had "bungled" their encryption system.

Cryptolocker, Linux.encoder and one other ransomware variant were all rendered harmless when their scrambling schemes were reverse-engineered.

"Of course," said Mr Cluley, "the best thing is to have safety secured backups rather than relying upon ransomware criminals goofing up."

arstechnica.com with Slashdot discussion

Posted by manishs on Saturday April 16, 2016 @05:30PM from the patch-it-already dept.

An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites

Top articles

Sites



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September, 19, 2017