19 February 2015

Infectious Porn Video Back on Facebook

The new pretend-porn trojan was fast enough: it has infected over 110,000 Facebook users in a couple days. It works as follows: one of user’s Facebook friends shares a porn video and it appears in the user’s news feed. After it is clicked, it asks the user to install an update for the Flash software, instead installing malware.
 
screenshot_406.png
The malware tags the infected user’s friends in a post containing porn video clip. The clip itself can’t be played, as it asks to download a (fake) flash player to run. Of course, instead it downloads the actual malware. Security experts revealed they have been monitoring the new malware for the last 2 days where it managed to infect over 110,00 users and remains on the rise.
Once the trojan infects someone’s account, it re-shares the video adding up to 20 tags of their friends. This helps it spread faster than previous malware, which was distributing itself through private messaging on Facebook. The experts dubbed the new malware “Magnet” and explained it was able to hijack victims’ keyboard and mouse movements.
Of course, this is not the first time porn videos have been used in Facebook-targeted malware scams. For example, last summer, there was a scam designed to look like a YouTube video of someone stripping in front of their webcam.
In response, Facebook said they were aware of the latest malware, and were doing what they could to stop it spreading further across the network. Facebook used several automated systems in order to identify potentially harmful links and stop them from spreading. The company also explained that these malware varieties are normally hosted as browser extensions and distributed via links on social networks. Facebook blocks links to the scams, offers cleanup options and extra measures to make sure its users are safe.

15 February 2015

Journalist and Anonymous Member Sentenced to 63 Months

Barrett Brown, a journalist and one-time member of Anonymous, was recently sentenced to 63 months in prison. His supporters from across the web had hoped the 33-year-old would be able to walk free with his 31 months of time served for “merely linking to hacked content”. However, the court decided it in the other way: Brown, who used to act as a spokesman for Anonymous hacking ring, has got more than twice that sentence. Moreover, he was also ordered to pay over $890,000 in restitution and fines.
 
screenshot_384.png

Barrett Brown was sarcastic about the sentence, saying that the government must have decided that since he did such a great job investigating the cyber-industrial complex, they’re now sending him to investigate the prison-industrial complex.

On the other hand, Brown was facing a possible combined sentence of more than a century. However, when prosecutors dropped some charges against him following a plea deal, his sentencing parameters were reduced.

The industry observers pointed out that long sentence would set a precedent for journalists, because it means that if anyone shares a link to publicly available content without knowing what’s in it, they could be prosecuted.

Barrett Brown is known as an investigative journalist, essayist and satirist. He was working for the Onion, Vanity Fair, the Huffington Post, and the Guardian. The journalist has split with Anonymous in 2011. In addition, it is known that Barrett founded Project PM – this is a crowdsourced investigative thinktank disclosing the abuses by companies in surveillance.

He was arrested in September 2012 for allegedly threatening a federal agent in a YouTube video. After being held for 2 weeks without charge, Brown was indicted on charges of making an online threat and conspiring to release personal data about a government employee. After two more months, Barrett was indicted on a dozen of further charges connected with the hacking of private intelligence contractor Stratfor in 2011. In the meantime, the hacker who actually hacked Stratfor was already caught and sentenced to 10 years term in prison, while Brown was punished for merely linking to hacked content.

Brown remains a great speaker. In his statement to the judge before his sentencing, he said he regrets about posting the “idiotic” threatening videos, while pointing out that those were made in a manic state brought on by drug withdrawal. At the same time, Barrett also criticized the government for its methods in pursuing the case. He was particularly concerned that contributors to Project PM also might be indicted under the same charges.

After the judge announced the ruling, Barrett struck a different tone, claiming that for the next 32 months, he has a great job – he will get free food, clothes and housing while seeking to expose wrondgoing by Bureau of Prisons officials and otherwise report on “news and culture in the world’s greatest prison system”.

The interesting fact is that Ladar Levison, the operator of the Lavabit email service used by Edward Snowden, attended the court for the verdict. As you may remember, Levison preferred to close down his service rather than let the FBI in.

WikiLeaks Will Sue Google and US Government over Email Revelations

The online service is determined to fight back in an escalating war with both the tech giant Google and the American government, claiming that it is going to start legal action the day after demanding answers for the Google’s handover of WikiLeaks’ Gmail contents to the US government.

screenshot_390.png
 
The problem is that the targets of the investigation weren’t informed until 2.5 years after secret search warrants were issued and served by the Federal Bureau of Investigation. WikiLeaks claimed it would be looking at legal action not only with Google, but also those who actually turned in the “illegal and arbitrary” order. The whistleblowing service also insists that any information used from the taking of documents this way should be considered as biased and illegal and therefore can’t be used in the proceedings.

WikiLeaks insists that was a clear violation of rights. In response, Goggle pointed out that its policy is to tell people about government requests for their data, except for the cases when they are gagged by a court order. Unfortunately, this happens quite frequently. Google also claimed that it has challenged many orders related to WikiLeaks and pushed to unseal all the documents related to the investigation.

The problem is that WikiLeaks received the notification of the court order from Google only before Christmas 2014 and published it online. As for the tech giant, it insisted that the legal process was initially subject to a nondisclosure order, which barred the company from disclosing the very existence of the legal process. In the meantime, WikiLeaks doesn’t even know whether Google even went to court at all, and if it didn’t, that would not be good, because Google is expected to litigate on behalf of its subscribers.

It is known that the Google court order targeted 3 employees of the whistleblowing service: two journalists and a spokesperson. According to the wide-ranging scope of the order, all email content, including all messages (even deleted ones), drafts, login data and contact lists had to be handed over to the US law enforcement.

WikiLeaks also pointed to Twitter as an example of best practices for tech firms responding to government requests. The microblog notified the target of a similar demand from the law enforcement, and the warrant in question could be fought in court.

Microsoft Will Distribute Windows 10 for Free

The software giant announced the end of nearly 3 decades of history, launching its first free version of Windows. Microsoft recently unveiled Windows 10, its first update in 2 years, while announcing that a new operating system would be a free upgrade (only for the first year though) for users of Windows 7, Windows 8.1 and Windows Phone. Microsoft is planning to release Windows 10 later in 2015, but no specific date is set yet.
 
screenshot_382.png

However, there were even more surprises from Microsoft: the company also unveiled its headset, Hololens, which will work with Windows 10 by allowing people to interact with 3D holograms, including holographic Skype calls. It should be noted that the development comes shortly after Google shut down the development phase of Google Glass, its online-enabled headset.

The industry observers point out that the decision to distribute Windows 10 for free marks a major shift for Microsoft, because the company has always made most of its profits from selling its OS – Bill Gates launched its first version, Windows 1, back in 1985. Although the company does not provide specific figures for Windows’ revenues anymore, it is known that they were eclipsed by its Office suite of services in 2013.

Microsoft still dominates the market of personal computers, but loses to Google’s Android and Apple’s iOS in mobile computing. The company was previously called to offer its operating system for free in order to outrun its rivals, which do not charge for their software.

Windows 10 will be able to run across personal computers, mobiles, tablets and even Microsoft’s Xbox gaming console. The new version of Windows will also bring back Windows Start menu, which was dropped in Windows 8. The latter, by the way, failed to convince many Microsoft users to upgrade – the statistics say that the OS, launched three years ago, is currently on 10% of PCs and 20% of tablets.

Microsoft previewed the new version of Windows to business customers back in 2014 and announced that it would skip Windows 9 in its attempt to mark a break with the past (or maybe just because Windows 9 could have problems due to being confused with Windows 95 and 98 by some software). The developer preview has been downloaded 1.7 million times and 800,000 pieces of feedback have been left.

Dotcom Announced End-to-End Encrypted Voice Chat

Dotcom’s encrypted cyberlocker Mega has announced free end-to-end encrypted voice and video chat supported through the web browser. New MegaChat promises to keep users’ video chats secure and private, and is dubbed a “Skype killer” by its creator.
 
screenshot_386.png
The New Zealand entrepreneur announced the step-by-step release of #MegaChat, which currently offers video calling and is going to provide text chat and video conferencing soon as well. The service requires no software beyond an Internet browser to operate, unlike many other similar services. However, the developers also offered plugins for Google’s Chrome and Firefox for “faster loading and added resilience against attacks”.

MegaChat allows Internet users to share encrypted files after previously sharing a personal decryption key with them. Kim Dotcom is sure that no online service provider based in the United States can be trusted with data these days and Skype is no exception – it also must provide the American government with backdoors. Kim Dotcom pointed at Edward Snowden revelation of Microsoft providing the NSA access to encrypted messages.

Now Dotcom positions MegaChat as a secure alternative to Skype, which can’t be tracked by security services that use end-to-end encryption to keep privacy. MegaChat service is based in New Zealand. The MegaUpload founder also promised to offer encrypted video conferencing, email and text chat later.

In the meantime, the industry experts point out that Mega’s security credentials have been questioned previously. For example, user passwords were stolen from Mega shortly after its launch two years ago, which made security researchers question whether new Dotcom’s service could live up to its security promises.

11 February 2015

Hackers May Use Home Routers for DDoS Attacks

According to security experts, the well-known hacking group Lizard Squad may have been using hacked home routers in order to run its LizardStresser service. The latter helps launch DDoS attacks to take online portals offline. The hackers started their LizardStresser a few weeks ago, shortly after their own attacks affected Sony’s PlayStation Network and Microsoft’s Xbox Live services over Christmas.

05271614-14fa-4182-88db-d2860daa3d2c-620x372.th.png

The LizardStresser online service charges anyone between $6 and $500 to start their own attacks against any websites and services they want. The high-profile console attacks work as a large marketing scheme for the hackers’ commercial ambitions.

The industry experts believe that LizardStresser can run because many Internet users don’t change their default passwords on home routers. Apparently, the service draws on the bandwidth from the cracked home routers all over the world, because many of them are not protected by anything else except for factory-default usernames and passwords.

The security researchers point out that the malware used by the hackers with the purpose to build its network of “stresser bots” has been operating for about a year now, and is able to affect commercial routers at educational institutions and businesses, let alone households.

In the meantime, the security experts point out that aside from turning the infected host into attack zombies, the malware uses the infected system to scan the web for other devices that could allow access through the default credentials, like “admin/admin” or “login/password”. In other words, all infected hosts keep trying to spread the malware to other home Internet routers and other devices that are able to accept incoming connections (through telnet) with default settings.

A group of the researchers who desired to remain unnamed is currently cooperating with the law enforcement officials and Internet service providers in order to help take infected systems down. Their ultimate goal is to disrupt the LizardStresser botnet entirely.

While they are on their way to achieve their goal, all Internet users are recommended to make sure they changed the default credentials on their home broadband router, such as the username and password. In addition, it will appear useful to also encrypt the connection in case of using a wireless router.

Transatlantic Cyber War Games Are to Start Soon

The UK and US intelligence agencies are going to conduct transatlantic cyber “war games” in order to test their resilience to the global cyber attacks. The heads of the two countries have started negotiations on the topic and will announce that a simulated attack will target banks in the City of London and Wall Street later in 2015.
Barack-Obama-012.th.jpg


The simulated “war game” against the financial sector will be carried out with the help of specialists of the Bank of England and other financial institutions and coordinated by a new joint “cyber-cell” of the two countries. The latter will be created by agents from GCHQ and MI5 on the UK side and the NSA and the FBI on the US side.

The US and UK leaders do not underestimate the threat of Islamist extremists in Syria, Iraq and in Europe and the dangers represented by cyber-warfare. Obama pointed to the “urgent and growing danger” posed by cyber attacks, and the example was a recent attack on 

Sony
 Pictures. Previously, the president spoke of the need for a “shared mission” with the participation of the government and the private sector. Considering that most of the “critical infrastructure” of the United States is owned by the private sector and runs on networks connected to the Internet, the conclusion can be made that neither the government nor the private sector can defend the nation alone.

Cooperation between the US and the UK is supposed to pool their effort and allow them stay one step ahead of those who seek to attack. The heads of the states believe that the joint exercises and training of the next generation of cyber experts may ensure that the countries have the capability required to protect critical sectors like energy, transport and financial infrastructure from the potential threats.

In the meantime, David Cameron has some questions to ask Obama and will apparently press him to influence the tech giants, including 

Facebook
 and Twitter, to intensify their efforts in cooperating with the intelligence agencies, which want to monitor the communications of suspected terrorists. David Cameron has announced his plans a few days ago to build a stronger legal framework that would allow intelligence agencies to break into encrypted communications of the suspects, but he needs support of the US-based companies, including the largest social media websites.

08 February 2015

New Design Google Glass is arriving soon

05 February 2015

370 Russian Bloggers Registered Under New Law

Back in 2014, Russia enforced a new “bloggers” law, which requires bloggers and social media users who have over 3,000 daily visitors to register with the government. As a result, Intel had shut down its Russian forums and blogs. Despite the fact that the law was enforced quite a lot of time ago, only less than 370 blogs and social media accounts have currently registered.
russia.png

When asked why bloggers would want to register, Russian authorities claimed that registering could help attract more advertising dollars. In the meantime, the blogger law is intended to improve the quality of Russian blogging, by lowering the amount of profanity, unverified information, and libel. However, the critics believe that the law is aimed at silencing criticism.

Another interesting fact is that 3 of the 370 blogs on the registry contain the word “fuck” in their names: one of them is the community “Fuckbet,” a sports analysis website, another is “Fuck_Humor”, a group specializing in amusing memes.

Back in 2014, Russian officials threatened to block social networks like Twitter and 

Facebook
 for not cooperating with the new registry plans. The most hilarious move of the authorities was the following: since Twitter fails to cooperate on the registry requirement, Russian Twitter users were asked to post screenshots of their analytics page to show that they're getting too many visitors. This doesn’t seem to help, because the 10 Twitter users who are currently on the blogger registry are pro-Kremlin media figures and Internet celebrities.

At the moment, it remains unknown what Russia will do with bloggers who have failed to register. Anyway, the bloggers law is still concerning for supporters of free speech.

Silk Road Trial Started

Ross William Ulbricht is accused of murder-for-hire, with the Silk Road trial finally starting for a San Francisco man charged with operating an Internet black market where drugs were traded.

ross-ulbricht.th.jpg

US district judge overruled defense objections, concluding that prosecutors could provide evidence about 6 murder plots into the trial. In respond, prosecutors claim that Ulbricht operated an underground online portal known as Silk Road, where over 100,000 customers purchased hundreds of kilograms of cocaine, heroin and other drugs. Ross Ulbricht has pleaded not guilty and denies that he was known as “Dread Pirate Roberts” online.

The government alleges that Ross Ulbricht tried to protect his illegal business by asking others to kill people who posed a threat to the Silk Road. The judge admitted that the evidence was prejudicial to the defendant and injects an element of violence into the case, but that prejudicial effect was reduced by the government’s stipulation that no actual murders happened.

In the meantime, the judge added that the charges in the case were very serious, because Ross Ulbricht was charged not with just taking part in drug distribution conspiracy, but with creating and running an Internet criminal entity of a huge scale, which could bring him tens of millions of dollars in fees. This means that evidence that Ross was trying to protect this sprawling business by soliciting murders-for-hire is therefore not unduly prejudicial.

Silk Road operator was arrested by FBI more than a year ago at a public library, where agents seized his computer. According to the government, Ross launched an online black market four years ago, claiming that he wanted to design a place for people to buy anything anonymously. The government pointed out that a spreadsheet found on Ulbricht’s computer listed “sr inc” as an asset worth $104 million.

Ross William Ulbricht was charged in Manhattan with conspiring to commit drugs trafficking, as well as with conspiring to commit computer hacking and money laundering. The prosecution claims that this scheme has been working for two and a half years. Ulbricht is also charged in federal court in Baltimore.

The industry observers admit that if convicted in both cases, Ross could face up to life sentence.