Hackers Attacked South Korean Banks

On the 20th of March, computer networks at a number of South Korean banks and TV broadcasters crashed due to a cyber attack, which paralysed ATMs across the country. South Korean authorities reacted quickly and set up a cyber crisis team, but this didn’t help. It turned out that the large scale attack overwhelmed the infrastructure, including Nonghyup Bank, Shinhan Bank, Munhwa Broadcasting Corp., YTN and Korea Broadcasting System.

Nobody has claimed responsibility for the hacker attack thus far, and South Korean officials are still not pointing fingers, but most experts think the attack was launched by North Korea, which always has a reason to attack the neighbour. Security experts admitted that the malware used in the attack wrecked the machines and destroyed their ability to reboot. A number of operators reported they saw skulls on the screens before their computers went down. Apparently, tech support had a bad day, but a number of services were restored in a few hours.
This hacker attack is considered the biggest cyber onslaught against the country in over 2 years. It is clear that simultaneous, coordinated attacks were carried out by an attacker with plenty of resources – for example, a state sponsored group. In the meantime, North Korea is believed to have a cyber warfare unit able to hack networks of the United States and South Korea. However, the level of sophistication used in the attacks is very surprising, taking into account the state of North Korea’s economy and infrastructure. It is easy to recruit hackers in the United States, Europe or Japan, but it isn’t so in a country having virtually no Internet and frequent power outages.
Still, it might be worth the effort. It is known that South Korea operates some of the fastest broadband networks in the world and its economy is heavily dependent on broadband access. In addition, such attack also poses a massive security risk, because multiple facilities can be targeted. Finally, a more serious attack could potentially wreak havoc on the country’s infrastructure.
In contrast, North Korea is almost unhackable – and this is not due to having the best cyber security program in the world or the wisest and greatest supreme leaders, but due to the fact that it has almost no Internet infrastructure at all.

South Korea Was Hacked from China?

The investigators of the tremendous hack which crippled the South Korean banking system have traced it back to… Chinese servers! However, even despite Chinese IP addresses being used in the hack, North Korea still remains the prime suspect.

As you know, IP addresses can be manipulated and the chances are that the intruders could just be hiding behind the Chinese servers. Previously, South Korea has accused its northern neighbour of starting massive cyber attacks, and the industry observers believe that North Korea is the one behind the latest attack, which disabled almost 32,000 machines used by three banks and three media outlets. The country’s authorities think this attack originated from a single organization.

In the meantime, the hack came amid high tensions in the Korean peninsula, thus representing an escalation of North Korean rhetoric. Recently, North Korea carried out its 3rd nuclear test, while making multiple threats against South Korea and US interests in the area. Last week, North Korea claimed it would attack American bases in Okinawa and Guam if provoked. Apparently, it doesn’t take much to provoke the country, so the United States should better watch its step in the region.

In addition, North Korea was eager to tell the world that the country now has its own drones through the state news agency, which claimed that its glorious armed forces carried out a mock drone attack on the South. According to the report, the drones went on to complete the mission and deliver a super-precision attack on enemy targets. At the same time, a missile defence unit shot down a target which mimicked a Tomahawk cruise missile. Of course, these reports can’t be independently confirmed, but US analysts can still find them quite amusing.

Windows 9 Might Arrive in 2014

The rumors are that Microsoft is going to release another version of Windows as soon as in 2014. The speculations are that next Windows OS can hit the streets a year from November next.

However, the rumors don’t explain why users should feel the need to upgrade to Windows 9 before Windows 8 takes off. In fact, at the moment lots of users are in the same boat, believing that Windows 7 is good enough. As for me, I personally think that a line should be drawn at Windows XP, which has never let me down, and I am not alone.

The rumors come from Win8China, which has provided a number of good Windows leaks before. Win8China reveals that Microsoft is developing Windows 9 for a tentative November 2014 product launch, with a beta expected to be out to try as early as next January.

Actually, the announced dates are around the time of year that we would be expecting a Windows yearly OS update. Taking all this into account, this does make it possible that new Windows OS could have a November 2014 release. In addition, there’s a chance that Microsoft has finally understood that making people pay for regular short term upgrades, like Apple, is a better business model than making users pay for a bigger one every few years.

US Authorities Go Paranoid about Hackers

It seems that the US Justice Department has become too paranoid about the hackers: for instance, last week Andrew Auernheimer went to prison for 41 months after obtaining the personal information of over 100,000 iPad owners from AT&T’s publicly accessible site.

The problem is that Andrew didn’t even hack anything – all he did was visiting the non-public bit of AT&T’s server and downloading the details. During the trial, Auernheimer, 26, was ruled guilty of one count of identity fraud and one count of conspiracy to access a machine without authorization. This was when he and his fellow developed a program to gather information on iPad owners which had been exposed by a security flaw in AT&T’s site. All they did was writing a program to send Get requests to the site.

Unfortunately, neither the prosecutors nor the jury knew or cared about technology. They somehow got a conviction based around the Computer Fraud and Abuse Act, which can’t make clear distinctions between criminal hacking and simple unauthorized access. As such, the innocent researchers whose activities are not criminal in intent can’t be protected. In other words, any sensible security expert will probably want to work for North Korea, whose authorities don’t arrest people for helping the IT industry.

In the meantime, Andrew Auernheimer and his colleague made no money from their hack, but instead contacted Gawker to report the vulnerability, claiming that AT&T must be held responsible for their insecure infrastructure. In response, prosecutors showed the court 150 pages of chat logs from an IRC channel where Spitler and Auernheimer admitted conducting the breach to destroy AT&T’s reputation and promote themselves as security specialists. In other words, the “hackers” were doing it for some form of gain, and the prosecutor’s attitude is odd – should anyone promoting themselves by showing a need for their services be banged up?

This situation puts the United States in a difficult position: on one side, the country is suffering from hacking attacks on companies with security flaws, while on the other side it is locking up those who expose those flaws. As a result, all the security experts will just give up doing their job and give the nation over to hackers elsewhere, by moving to places where their skills are appreciated.

জিপিএসের মাধ্যমে তৈরি হয় অবস্থানের ‘ফিঙ্গারপ্রিন্ট’

স্মার্টফোন ব্যবহারকারীদের গ্লোবাল পজিশনিং সিস্টেম (জিপিএস) থেকে পাওয়া তথ্য নিয়ে গবেষণা করেছে যুক্তরাষ্ট্রের ম্যাসাচুসেটস ইন্সটিটিউট অফ টেকনোলজি (এমআইটি) ও কয়েকটি প্রতিষ্ঠান। সিএনএন জানিয়েছে, জিপিএস ট্র্যাকিংয়ের মাধ্যমে দিন বা সপ্তাহের বিভিন্ন সময়ে স্মার্টফোন ব্যবহারকারীর অবস্থান সম্পর্কে তথ্য পাওয়া যায়, যা থেকে তাদের অবস্থানের ‘ফিঙ্গারপ্রিন্ট’ বানানো সম্ভব।

স্মার্টফোন ব্যবহারকারীদের বিভিন্ন সময়ে অবস্থান সম্পর্কে তথ্য জানতে জিপিএস উপাত্ত নিয়ে গবেষণায় দেখা গেছে, প্রত্যেক মোবাইল ফোন ব্যবহারকারী একটি নির্দিষ্ট নেটওয়ার্কের আওতায় অবস্থান করে। এতে টাওয়ারের মাধ্যমে বিভিন্ন সময়ে তাদের অবস্থান সম্পর্কে হালনাগাদ তথ্য জানা যায়, যেটা আগেকার যে কোন ট্র্যাকিং পদ্ধতির চেয়ে অনেক সহজ।

১৫ মাস ধরে চলা এ গবেষণায় ১৫ লাখ অপরিচিত মোবাইল ফোন ব্যবহারকারীদের অবস্থান ট্র্যাকিং করা হয়। এতে মোবাইল ফোন টাওয়ারের মাধ্যমে ৯৫ ভাগ ক্ষেত্রে ব্যবহারকারীর অবস্থান শনাক্ত করা গেছে। এছাড়া প্রতিজন মানুষের আচরণ আলাদা ও সবাই একটা সাপ্তাহিক অভ্যাস মেনে চলায় তাদের অবস্থান সম্পর্কে তথ্যের ‘ফিঙ্গারপ্রিন্ট’ জানা যায়। সপ্তাহে পাঁচদিন অফিস, একদিন প্রার্থনা করতে উপাসনালয়ে, বিকেলে কফি হাউস এভাবে একজন স্মার্টফোন ব্যবহারকারী কিভাবে দিন কিংবা সপ্তাহের সময় ব্যয় করেন সে তথ্য উঠে এসেছে গবেষণায়।

ইন্টারনেট ইতিহাসে সবচেয়ে বড় সাইবার আক্রমণের ঘটনাটি ঘটে গেছে ২৭ মার্চ

বিবিসি এবং নিউ ইয়র্ক টাইমসের প্রতিবেদনে বলা হয়েছে আক্রমণটি এতোটাই বড় ছিলো যে, এর ফলে কার্যত স্থবির হয়ে গিয়েছিলো পুরো বিশ্বের ইন্টারনেট সংযোগ ব্যবস্থা। প্রযুক্তি সংবাদ বিষয়ক সাইট টেক নিউজ ডেইলি জানিয়েছে, ওই সময়ে ডেটা ট্রান্সফারের হার ছাড়িয়ে গিয়েছিলো প্রতি সেকেন্ড ৩০০ গিগাবাইট। ওই সাইবার আক্রমণ বিষয়ে তদন্ত করতে এক সঙ্গে মাঠে নেমেছে পাঁচটি দেশের সাইবার পুলিশ।

‘সর্বকালের সবচেয়ে বড় সাইবার আক্রমণ’টির সূত্রপাত ল-ন ও জেনেভা ভিত্তক স্প্যাম ফিল্টার প্রতিষ্ঠান স্প্যামহস এবং ডাচ ওয়েব হোস্টিং প্রতিষ্ঠান সাইবারবাংকারের মধ্যে চলমান রেষারেষি থেকে। ল-ন ও জেনেভা ভিত্তিক প্রতিষ্ঠান স্প্যামহস একটি অলাভজনক প্রতিষ্ঠান যা ইমেইল সেবা দাতা প্রতিষ্ঠানগুলোকে স্প্যাম ফিল্টার করতে সাহায্য করে।

স্প্যামারদের হোস্ট করে এমন ওয়েব হোস্টিং প্রতিষ্ঠানগুলোর একটি ব্ল্যাকলিস্ট রয়েছে স্প্যামহসের। স্প্যাম এবং অপ্রয়োজনীয় ইমেইল আসা ঠেকাতে স্প্যামহসের তালিকাটির ব্যাপক ব্যবহার রয়েছে পুরো বিশ্বের ইন্টারনেট সার্ভিস প্রোভাইডারদের মধ্যে। 

অন্যদিকে ডাচ প্রতিষ্ঠান সাইবারবাংকারের বিরুদ্ধে রয়েছে স্প্যাম হোস্টিংয়ের পুরনো অভিযোগ। শিশু পর্ণোপ্রাফি আর সন্ত্রাসবাদী কন্টেন্ট বাদে যে কোনো কন্টেন্ট প্রতিষ্ঠানটি হোস্টিং করে বলে অভিযোগ রয়েছে আগে থেকেই। ১৯৯৮ সালে একদল হ্যাকার প্রতিষ্ঠা করে সাইবারবাংকার।

সম্প্রতি স্প্যামহস সাইবারবাংকারের কয়েকটি সার্ভার ব্লক করে দেয়ায় ক্ষেপে যায় হ্যাকারদের প্রতিষ্ঠানটি। স্প্যামহসের বিরুদ্ধে সাইবার আক্রমণ শুরু করে সাইবারবাংকারের হ্যাকাররা। প্রায় এক সপ্তাহ ধরে চলা সাইবার আক্রমণ চরম আকার ধারণ করে ২৭ মার্চ। ডিনায়াল অফ সার্ভিস (ডিডিওএস) আক্রমণের এক পর্যায়ে ডেটা ট্রান্সফার রেট প্রতি সেকেন্ড ৩০০ গিগাবাইট ছাড়িয়ে যায়।

সাইবারবাংকারের আক্রমণের ঘটনাটিকে ইতিহাসের সবচেয়ে বড় সাইবার আক্রমণের ঘটনা বলে চিহ্নিত করলেও ইন্টারনেটের ওপর এর প্রভাব কতোটা পরেছিলো তা নিয়ে বিপরীতমুখি তথ্য দিচ্ছে বিভিন্ন সংবাদমাধ্যম। মার্কিন দৈনিক নিউ নিয়র্ক টাইমস এবং বার্তা সংস্থা বিবিসি জানিয়েছে ওই সাইবার আক্রমণের ডেটা ট্রান্সফারের চাপে স্থবির হয়ে পরেছিলো পুরো বিশ্বের ইন্টারনেট সংযোগ। কিন্তু সিনেট এবং টেক নিউজ ডেইলির মতে প্রযুক্তি সংবাদ বিষয়ক সাইটগুলো বলছে পুরো দুনিয়া নয় কেবল পশ্চিম ইউরোপের কয়েকটি দেশের ওপর ইন্টারনেট সংযোগের ওপরই প্রভাব ফেলেছিলো ওই ঘটনা।

Europe Changed Its Mind over Online Porn

Just a few days ago it looked like the European Parliament was decided to ban online porn and tried to force ISPs to start doing so. However, the bill, which was to provide a blanket ban for porn, was itself censored before going before members.

The European Parliament took a decision to strike out the lively discussed extension of “media” into the worldwide web, effectively limiting the ban to advertising along with some undefined print media. They also removed a reference to the criminalization of any dissent against the report and the turning of broadband providers into thought cops from the bill.

With these amendments, all that is left for the Pirate Party to complain about was a decision to filter out its protests on the issue and to hide how the representatives voted on the report. According to the Pirate Party founder Rick Falkvinge, the legislation was dangerous to free speech, and it was also so broad that it even prevented sending sexual media between couples. Moreover, it would have even resulted in the criminalization of sexting.

The legislation was actually designed to prevent the use of sexist advertising and the sexualization of children and women in the media, as well as to stop the advertising of sex tourism. However, the bill appeared so general that it could be used to cover all forms of communication. This is a good thing that everything, which expanded “the media” in the bill to the web, was deleted before the vote.

What has miffed the Pirate Party founder was that the European Parliament responded by shutting off constituents’ protests. It seems that some Members of European Parliament had complained to the Parliament’s IT staff about emails from citizens protesting against the bill. As a result, protests against this report were classified as spam while countless emails protesting agricultural subsidies were still coming in to the MEPs’ inboxes. The Pirate Party claims that someone had rewritten the spam filter in such way that any mail containing the words “gender stereotypes” was recognized as spam.

The Pirate Party complained that Parliament didn’t care to do a so-called “roll call vote”, which is a vote where it shows who voted how. This means that they just decided collectively to disable their constituents from holding them accountable. Anyway, in the end the vote wasn’t as bad as it could have been.

Iran Failed to Block VPNs

An outfit running a VPN service for Iranian clients announced that the attempts of the local authorities to block the service during the weekend have failed.

The country tried to block VPN ports all across the country in order to prevent citizens from visiting banned websites like Facebook and Skype, but the owner of a Brazilian VPN service claimed these attempts have largely been inefficient. According to Joshua Van Raalte, the users of the “Hide My Ass” free proxy haven’t been affected by the ban.

He believes that the latest attempt of the government at Internet restriction will most likely be fruitless. Van Raalte pointed that the block on VPNs was confirmed by a local protester on Facebook, which should have been banned in Iran.

In the meanwhile, the Chinese government has also spent many years and millions of dollars on technology which should have blocked VPNs, but yet they still get through regardless. In addition, the provision of proxy technology, instruments and software has so far managed to circumvent all attempts at censorship.

Over 1,200 Iranians make use of HMA’s free proxy service every week, despite that fact that it is officially blocked by the Iranian authorities. Joshua Van Raalte promised that “Hide My Ass” will keep supporting Iranian users as much as it can, because the company’s mission is to promote openness and the global freedom of expression provided by the worldwide web.

Jailed Hacker Cracked Prison Network

Nicholas Webber, jailed for 5 years for creating a hacker’s forum website, was accidentally invited into an IT class in prison. As you might guess, the consequences of this move appeared difficult.

Now the prison authorities are arguing about who let it happen, but it actually doesn’t matter any more. For some reason, Nicholas Webber was allowed into an IT class in his prison, despite the fact that he was serving 5 years for launching a website called GhostMarket. The latter allowed people interested in writing computer viruses to partake of stolen IDs and enjoy private credit card data to congregate.

The hacker was caught using hacked personal data to purchase everything from smart devices to hotel stays. Although one might have thought that an IT class would have been dull for such expert, in fact inviting him to an IT class encouraged him to enjoy a little mischief. In result, the computer network at Her Majesty’s Prison Isis, South London, was hacked.

The mistake which led to the hacking back in 2011 has only come to light after the teacher at the IT class in jail, Michael Fox, launched a lawsuit against the college which employed him for unfair dismissal. The teacher claims he wasn’t aware that Webber had been a hacker. However, Prison Isis banned him and sent notes to other prisons that his talents were allegedly imperfect. As a result, Kensington and Chelsea College also laid him off.

According to the representatives of the prison, at the time of this incident the educational computer system at Isis was a closed network, without access to personal data or wider access to the worldwide web or other prison systems. However, the press reports announced that a “major panic” ensued. Michael Fox told an employment tribunal that the perceived problem was there was a tutor who had consequently been excluded by the jail and charged with allowing a hacker to crack the jail’s network.

Of course, someone must have known that Nicholas Webber was charged for hacking before he went to the IT class – the individual was sometimes referred to as a “notorious cyber-criminal”. It is unclear who might it have been if not Fox.

Her Majesty’s Prison Isis specializes in criminals under 25 and is located next to Her Majesty’s Prison, Belmarsh. It is also considered to be a maximum security facility. In the meantime, after the accident the BBC reported that the prison had been “bedeviled” with faulty technology

PC Market Expected to Decline in 2013

The personal computer slump is here to stay. The industry observers predict that shipments of personal computers will decline by 1.3% this year, on top of a 3.7% decline last year. Talking about numbers, approximately 345 million computers will be shipped in 2013.

Unfortunately, Windows 8 failed to rekindle interest in personal computers and the industry experts think that the lukewarm reception of Microsoft’s new operating system will keep plaguing the market. In the meantime, the users are still going after tablets, while Microsoft has had little luck pushing Windows RT and Windows 8 in the tablet space.

According to the estimations of the market observers, sales of desktop computers are expected to slow down in all markets. However, sales of portable PCs might increase in emerging markets. In other words, it’s quite good news for the producers of mid range and entry level laptops, as well as to some extent AMD, slated to introduce some very competitive low-end APUs soon. Nevertheless, it is still sad news for both Intel and AMD, because they will not cash in on the tablet craze in 2013.

According to IDC vice president Loren Loverde, increase in emerging markets has also slowed considerably. He also pointed out that the consumers are still choosing more portable alternatives over personal computers (tablets). Despite the fact that the PC makers do not consider tablets – with limited local storage, file system, and lesser focus on traditional productivity as functional competitors to personal computers, they are still winning consumer dollars, offering mobility and consumer appeal nevertheless. The only good news is that sales are predicted to pick up in the end of 2013, with Microsoft cutting support for Windows XP.