Category: Security

Lithuania miffed to find Putin’s spyware

putin-buzz1Lithuania which is on the frontline of growing tensions between the West and Russia, says the Kremlin is responsible for cyber-attacks that have hit government computers over the last two years.

Three cases of Russian spyware on its government computers had been discovered since 2015, and there had been 20 attempts to infect them this year.

Rimtautas Cerniauskas, head of the Lithuanian Cyber Security Centre said the spyware has been active for six months before it was detected.

Tsar Putin of all the Russias’ spokesman Dmitry Peskov told Reuters they were “laughable” and unsubstantiated.

“Did the spyware have ‘Made in Russia’ written on it?” quipped Peskov. “We absolutely refute this nonsense.” He said Russia itself was targeted in cyber-attacks “round the clock,” but said it would be stupid to accuse foreign governments.

Fears of Russian cyber-attacks have come to the fore since the US election campaign when hacking of Democratic Party emails led to allegations from U.S. intelligence that Moscow was involved.

Lithuania, Estonia and Latvia were all ruled by Moscow in communist times and have been alarmed by Russia’s annexation of Ukraine’s Crimea peninsula in 2014 and its support for pro-Russian separatists in eastern Ukraine.

Lithuanian intelligence services said that cyber-attacks have moved from being mainly targeted at financial crimes to more political spying on state institutions.

Russian spyware was transferring all documents it could find, as well as all passwords entered on websites such as GMail or Facebook, to an internet address commonly used by Russian spy agencies, Cerniaukas said.

 

 

Businesses mostly pay up on ransomware extortion

KraysAn IBM Security report reveals that 70 percent of businesses will pay out if they are hit by Ransomware pay attackers, but there is hope in sight, as IBM’s Resilient Incident Response Platform adds a new Dynamic Playbook to help organisations respond to attacks.

According to a new security study, Biggish Blue is reporting that 70 percent of businesses impacted by ransomware end up paying the ransom.

The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the US, and 46 percent of business respondents reported that they had experienced ransomware in their organisations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organisation paid the ransom.

The amount paid to ransomware attackers varies, but of those business respondents that paid a ransom, 20 percent paid over $40,000, 25 percent paid between $20,000 and $40,000 and 11 percent paid between $10,00 to $20,000.

IBM’s study found that the propensity to pay a ransom varies depending on whether or not the victim is a parent. 55 percent of consumers that identified themselves as being parents said they would pay a ransom to recover access to photos that had been encrypted, versus only 39 percent for consumers that don’t have children.

IBM might be interested in attracting attention to the issue because it has a product it thinks can protect businesses from Ransomware attacks.  IBM’s Resilient Incident Response Platform (IRP) is being enhanced with a new Dynamic Playbook for ransomware.

Ted Julian, Vice President of Product Management and Co-Founder at Resilient, an IBM Company, explained that the basic idea behind the Dynamic Playbooks is to help provide organizations with an automated workflow or ‘playbook’ for how to deal with a particular security incident.

The Resilient platform also enables organisations to run simulations to practice responses to potential attacks. Being prepared and having a plan for how to deal with security incidents is a good way for organisations to help control both the costs and the risks of a potential attack.

“Part of the value is giving organizations a platform to practice incident response, get educated and in doing so, bring order to what would otherwise be a very chaotic process,” Julian said.

Yahoo hacked again

13.-Hacker-1-696x464Yahoo has said that it was hacked again and data from more than a billion user accounts was nicked.

Apparently the attack happened in August 2013, making it the largest breach in history and we just found out about it.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.

Verizon said about the latest attack that it would be reviewing the impact of this new development before reaching any final conclusions.

A Yahoo spokesman said the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.

A spokesYahoo added it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.

However some analysts have said that the company has screwed up and was found not to have been taking security seriously enough.

Yahoo said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.

Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.

 

Microsoft loses security Edge

Edge_confirms_new_U2_album_is_on_the_way_Songs_Of_Experience_Brian_Eno_music_scen_irelandMicrosoft’s Edge browser comes with a feature which could be used by technical support scammers.

The Edge browser’s ability to warn users of dodgy sites, or other security alerts can be abused to display native and legitimate-looking warning messages. This is a gift for tech support scammers who could use it to get the great unwashed to call them thinking they have been hacked.

The flaws exist in Voles ms-appx and ms-appx-web protocols which the browser uses to present warning messages when phishing or malware delivery sites are located.

When Edge detects suspected Malicious sites it colours them red with a feature called “SmartScreen”.

However, Buenos Aires security tester Manuel Caballero said it was a doddle for scammers to create warnings that replace SmartScreen text and phone numbers indicating that a nominated site also displayed in the address bar is infected.

All they must do is altering URL characters and appending a hash and a URL of a legitimate-looking site.

Those errors could be avoided by changing a single character in URL, and the displayed address changed to a legitimate site by appending a hash. It is not clear if Microsoft is doing anything about the problem yet.

UK coppers break encryption with staged muggings

copper UK coppers have decided it is not worth the effort of trying to break the encryption on a suspect’s mobile phone. Instead they are just stealing the phone before the suspect can stick their security up.

Scotland Yard’s cybercrime unit smashed a fake credit card fraud racket recently but appeared to use some unorthodox methods to do it.

Inspector Knacker of the Yard realised crucial evidence in the investigation was concealed on a suspect’s iPhone – but it would be unobtainable if the device was locked. So they waited for him to be on a call and then seized the phone in the street. This beat all the security settings.

Gabriel Yew had been under investigation for the suspected manufacture of fake cards that gangs were using across Europe to buy luxury goods. Detectives suspected that he was using an iPhone exclusively to communicate to other members of the network but knew if they arrested him, he could refuse to unlock it and they would never see incriminating evidence.

It was all because they knew they could not legally force a suspect’s finger or thumb on to the device’s fingerprint reader to unlock it.

However, for some reason UK law did allow them to stage their own lawful “street robbery” – using a similar snatch technique to a thief – and in June a team set out to do precisely that.

Undercover surveillance officers trailed Yew and waited for him to unlock his phone to make a call – thereby disabling the encryption.

One officer then rushed in to seize the phone from Yew’s hand – just as would happen in a criminal mugging. As his colleagues restrained the suspect, the officer continually “swiped” through the phone’s screens to prevent it from locking before they had downloaded its data.

Det Ch Insp Andrew Gould who led the operation said the evidence was crucial to the prosecution.

The phone revealed shed-loads of data on  Yew’s  business practices. He had orders for fake cards and there was evidence linking him to four men who were subsequently convicted and a further 100 potential suspects.
Yew pleaded guilty to fraud and weapons offences and at a sentencing hearing this week at Blackfriars Crown Court was jailed for five and a half years.

Reddit finally to crack down on Trump trolls

Donald-Trump-funny

The social notworking site Reddit is finally going to crack down on Orangemen carrying out online harassment campaigns against those who fail to support Donald “Prince of Orange” Trump.

The problem has been ongoing for a while based around a collection of trolls who inhabit a couple of groups dedicated to Trump the biggest being r/The_Donald. The attacks are often racist, sexist and bullying, but Reddit has been attempting to negotiate treaties with the main participants. After all the site is supposed to be about free speech.

However, all that changed when the trolls, empowered by their election win, decided to attack the Reddit Chief Executive Steve Huffman. Suddenly the gloves are coming off.

Huffman said that Reddit’s content policy prohibits harassment, but that it had not been adequately enforced.

“Personal message harassment is the most cut and dry. Right now we are in an interesting position where my inbox is full of them, it’s easy to start with me.”

Reddit will also  monitor user reports, add greater filtering capacity, and be more proactive role in policing its platform rather than relying on community moderators.

Last week, Reddit banned Pizzagate, a community devoted to a conspiracy theory, with no evidence to back it up, that links Clinton to a pedophile ring at a Washington, DC pizza parlour.

Reddit has a more permissive attitude than Facebook and Twitter when it comes to what it allows on its site, but r/The_Donald users frequently crossed a line, Huffman said, including by trying to manipulate voting to ensure their posts appear on prominent Reddit pages.

Reddit has stepped up its efforts to combat abuse on the site over the past year, creating what it called an “anti-evil” team of engineers dedicated to fighting harassment.

“The fact I was saying that combating harassment was important and then letting that openly happen to me, the CEO, there’s a disconnect there,” Huffman said.

In the past, Reddit has worked with moderators of communities to try to enforce its rules.

With r/The_Donald in particular, “we haven’t found that to be particularly effective. We might see flashes of success, but things kind of revert,” Huffman said.

Huffman said he had been asked by many Reddit users “to ban r/The_Donald outright, but he had rejected that idea, because “if there is anything about this election that we have learned, it is that there are communities that feel alienated and just want to be heard, and Reddit has always been a place where those voices can be heard”.

 

 

VPN outfits expect to make a fortune out of Theresa May

teresa may evilVPN outfits are rubbing their paws with glee thanks to the UK government’s Investigatory Powers Bill.

Theresa May and her Conservative minions hope to save the UK from terrorists by insisting that ISPs keep detailed records of their customer’s online doings.

The Investigatory Powers Bill was approved by the House of Lords on 19 November and is due to become law before the end of 2016.

Now, several virtual private network (VPN) operators have seized on its introduction to promote their offerings.

For those who don’t know, VPNs digitally scramble a user’s internet traffic and send it to one of their own servers before passing it on to a site or app in a form they can make sense of. ISPs would only have a log to the VPN.

The VPNs can be based outside the UK in countries with no data retention laws.  Even if servers are confiscated, there would be nothing on them. To make matters worse for Mrs May, the UK government would find it difficult to prevent the use of such workarounds.

While the legislation specifically mentions connection service providers and not just ISPs, and the assumption is that VPNs based in the UK must give up their logs under this law. However that does not apply to foreign companies who can just ignore it.

Even if the UK government made VPN’s illegal, it could not stop those services being available.  Lots of businesses use VPNs to provide staff with remote access to their email and other work-related files would also make it difficult to restrict the technology’s use.

 

Lots of Americans would give up sex to avoid being hacked

8d64f8b6-7567-4d48-b0ac-b6438cdef185More than 40 percent of Americans would give up sex for a year to never have to worry about being hacked, according to one new study.

Emmanuel Schalit, CEO of online password management firm Dashlane, which commissioned the survey of 2,000 U.S adults, said that the company used the “quirky angles” of food and sex to show just how much in mind cybersecurity is for Americans today.

Apparently, 41 percent of Americans would rather give up their favourite food for a month than go through the password reset process for all their online accounts — a process that is recommended as routine for all online account holders to help prevent hacks.

Schalit said that cybersecurity was a very real concern for a large portion of the population.

“A vast proportion of people understand the threat of hacking in daily life, and would sacrifice something fundamental to avoid it.”

The study found that 43 percent of millennials would trade in sex for online safety; while 64 percent of those aged 18-34 showed themselves to be “more trusting,” said Schalit, saying they’ve shared or received passwords to other people’s accounts; 37 percent of those 35 and older said they’d shared passwords.

“The youngest people in our sample tend to be more trusting than older people for all sorts of reasons. This is in part that has to do with having a different attitude toward life, as a result, of being  being younger and having been born in an age when the internet already existed,” said Schalit.

While the study shows that millennials are more inclined to share passwords, Schalit asserts that this doesn’t necessarily mean they’re doing so blindly or irresponsibly.

“It’s not a bad thing to share a password within a family or a company that has a [shared] Facebook account. The real problem is how you share it. If you share it over email that’s a bad idea because email is always the first thing to get hacked.”

Dashlane’s survey found that in their passwords, 31 percent of Americans have used a pet’s name, 23 percent have used number sequences, 22 percent have used a family member’s name, and 21 percent have used a birthday.

Three was hacked

maxresdefaultOne of Blighty’s biggest mobile phone companies, Three, has been hacked and its customer upgrade database may have been nicked.

The cyber security breach could put the private information of two thirds of Three’s nine million customers at risk.

A spokesthree said that the upgrade system does not include any customer payment, card information or bank account information.

However, the company said that is not the only bad thing that has been happening to the outfit. For the last month, it has been hit by a wave of attempted handset fraud.

“To date, we have confirmed approximately 400 high-value handsets have been stolen through burglaries and eight devices have been illegally obtained through the upgrade activity,” Carter said.

“This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices.”

At least the hackers appear have been identified. Three men have been arrested in connection with the breach at Three, the BBC said this morning.

The National Crime Agency arrested a man from Kent and two men from Manchester on Wednesday, the Beeb said. All three have been bailed pending further enquiries

Trump fans get cybersecurity CEO fired

AAEAAQAAAAAAAAZnAAAAJDk5YzljMTYwLWFjNGUtNGUxOS1iNDc2LTIxZjYxODgzY2Q3ZATrump fans demanded that the CEO of the cybersecurity firm PacketSled was fired or arrested for posting on his personal Facebook page that he would get a “sniper rifle” and kill the Donald Prince of Orange.

What is even more amazing is that his company PacketSled accepted Matt Harrigan’s resignation over the comments.

Harrigan made the statement on his personal Facebook page but the Trump supporters found the comments and contacted the cops.

“The PacketSled Board of Directors accepted the resignation of President and CEO Matthew Harrigan, effective immediately. We want to be very clear, PacketSled does not condone the comments made by Mr. Harrigan, which do not reflect the views or opinions of the company, its employees, investors or partners.”

In a previous statement, the company said it reported the information to the Secret Service and placed Harrigan on administrative leave.

Eh?  What?

Harrigan said the comments were meant to be a joke.

“My recent Facebook comment was intended to be a joke, in the context of a larger conversation, and only privately shared as such. Anyone who knows me, knows that I do not engage in this form of rhetoric with any level of seriousness and the comment most certainly does not represent my real personal views in any regard. I apologise if anything that I said was either taken seriously, was offensive, or caused any legitimate concern.”

It was bloody obviously a joke, or frustration expressed on Facebook.  Since when did that require you to lose your job?  Suddenly the US has lost its sense of humour completely.

There are lots of reasons to be concerned by this. Firstly, that humourless Trump supporters could get someone fired by mounting campaigns on social media and secondly that PacketSled can’t tell when the bloke who is leading them that he is joking and grass him up to Homeland security? This is so 1984 it is not funny.

Has the world gone bonkers? [Yes. Ed]