Tag: malware

FBI allow a “paedophile” to go free

The Untouchables do not want to be touched by a court demands that it explain how its Tor hack works.

The court wanted to know how the FBI located a child porn suspect, and federal prosecutors responded by dropping all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.

The case is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the government’s ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed.

Annette Hayes, a federal prosecutor, wrote in a court filing that the government had to choose between disclosure of classified information and dismissal of its indictment.

“Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there comes a time within the statute of limitations when and the government be able to provide the requested discovery.”

The Department of Justice is currently prosecuting over 135 people nationwide whom they believe accessed the illegal website.

To find those them, federal authorities seized and operated the site for 13 days before closing it down. During that period, the FBI deployed a Tor exploit that allowed them to find out those users’ real IP addresses.

The DOJ has called this exploit a “network investigative technique,” (NIT) while many security experts have dubbed it as “malware.” Defense attorneys want the NIT’s source code as part of the criminal discovery process.

Last year, US District Judge Robert Bryan ordered the government to hand over the NIT’s source code in Michaud. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending.

On the plus side many of the Playpen defendants have pleaded guilty, and only a few have had charges dropped altogether.

Lots of Americans would give up sex to avoid being hacked

8d64f8b6-7567-4d48-b0ac-b6438cdef185More than 40 percent of Americans would give up sex for a year to never have to worry about being hacked, according to one new study.

Emmanuel Schalit, CEO of online password management firm Dashlane, which commissioned the survey of 2,000 U.S adults, said that the company used the “quirky angles” of food and sex to show just how much in mind cybersecurity is for Americans today.

Apparently, 41 percent of Americans would rather give up their favourite food for a month than go through the password reset process for all their online accounts — a process that is recommended as routine for all online account holders to help prevent hacks.

Schalit said that cybersecurity was a very real concern for a large portion of the population.

“A vast proportion of people understand the threat of hacking in daily life, and would sacrifice something fundamental to avoid it.”

The study found that 43 percent of millennials would trade in sex for online safety; while 64 percent of those aged 18-34 showed themselves to be “more trusting,” said Schalit, saying they’ve shared or received passwords to other people’s accounts; 37 percent of those 35 and older said they’d shared passwords.

“The youngest people in our sample tend to be more trusting than older people for all sorts of reasons. This is in part that has to do with having a different attitude toward life, as a result, of being  being younger and having been born in an age when the internet already existed,” said Schalit.

While the study shows that millennials are more inclined to share passwords, Schalit asserts that this doesn’t necessarily mean they’re doing so blindly or irresponsibly.

“It’s not a bad thing to share a password within a family or a company that has a [shared] Facebook account. The real problem is how you share it. If you share it over email that’s a bad idea because email is always the first thing to get hacked.”

Dashlane’s survey found that in their passwords, 31 percent of Americans have used a pet’s name, 23 percent have used number sequences, 22 percent have used a family member’s name, and 21 percent have used a birthday.

Wrong sort of virus shuts down three UK hospitals

t9v4906 750xx1100-1467-0-0Malware has forced three UK hospitals to cancel routine operations and outpatient appointments.

The Northern Lincolnshire and Goole NHS Foundation Trust says a “major incident” has been caused by a “computer virus” which infected its electronic systems over weekend.

The hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus.

Dr Karen Dunderdale, the trust’s deputy chief executive said that the hospital following expert advice, had shut down most its systems so it could be isolated and destroyed.

The use of a shared IT system also means the United Lincolnshire Hospitals Trust has been taken offline as staff attempt to combat the attack.

Outpatient appointments and diagnostic procedures that were set to take place at the infected hospitals on Monday and Tuesday have been cancelled, while medical emergencies involving major trauma and women in high-risk labour are being diverted to neighbouring hospitals.

Some areas, including audiology psiological measurement, antenatal, community and therapy, chemotherapy, paediatrics, and gynaecology, are still going.

Northern Lincolnshire and Goole NHS Foundation Trust says it is reviewing the situation on an hourly basis and offers its apologies to patients who are being affected.

It is unclear what the “virus” is, or whether or not is ransomware which is fast becoming the tool of choice of hackers.



Ransomeware writers quickly adapt

maxresdefaultRansomware writers have already adapted to a decryption tool offered by Kaspersky.

The CryptXXX family encrypts files on the victim’s computer and network shares and then immediately demand $500 Bitcoin to reverse the encryption. Kaspersky came up with a fix which would decrypt the files last week.

Researchers at Proofpoint, who first discovered CryptXXX a few weeks ago, have detected a new variant in the wild which gets around Kaspersky’s fix.e.

After that tool became public, the authors of CryptXXX released a new version of the Ransomware, one that defeats Kaspersky’s offering and applies some cosmetic enhancements.

In addition to countering Kaspersky’s tool, version 2.006 of CryptXXX locks the screen and renders the infected unusable.

Writing in their bog,  Proofpoint said that initially it thought that the new lock screen was a quick and dirty way to make it more difficult for the victim to use the Kaspersky decryption tool.

“But upon further inspection, we found that the authors discovered a way to bypass the latest version of the decryption tool.”

Exactly how CryptXXX is defeating Kaspersky isn’t clear, but Proofpoint speculates that it has something to do with how zlib 1.2.2 is being embedded.

CryptXXX is rapidly emerging as one of the top ransomware families in the wild, especially among those working primarily via exploit kits.

“With the introduction of version 2.006, CryptXXX authors have, for now, rendered the existing free decryption tool ineffective. While new decryption tools may emerge, CryptXXX’s active development and rapid evolution suggest that this new ransomware will continue to compete strongly in malware ecosystems,” Proofpoint  said.

Malware writer told to pay $6.9 million damages

top-10-hacker-arrests-in-2013_NikitaA Russian man who spent about three years behind bars in the United States for creating the computer malware known as Gozi has been told to pay $6.9 million to cover losses to bank customers.

Nikita Kuzmin, 28, could have received more prison time but was sentenced to time served at a hearing in Manhattan federal court. He was jailed in August 2011 and held for 37 months before authorities released him.

Apparently he got a lot of time off for helping coppers with their inquiries.  Kuzmin’s attorney, Alan Futerfas, confirmed the sentence and said Kuzmin was glad to put the episode behind him and move on to the next stage of his life. He declined to say what Kuzmin’s plans were.

It is not clear if Kuzmin had a spare $6.9 million lying around, but at the time Prosecutors described Kuzmin as an innovator in online crime, saying he not only created Gozi but rented it out to criminals who used it to steal tens of millions of dollars from bank accounts.

Kuzmin was arrested in 2010 after he travelled to a conference in the United States. He pleaded guilty in May 2011 in a cooperation agreement with US prosecutors.

Cyber crims adopt “best practice”

M24025-1A_C 001

M24025-1A_C 001

Hackers and cyber-criminals are acting a lot more professional and adopting all those annoying “best practice” systems and standards.

A new report says that the approach is improving the efficiency of their attacks against enterprises and consumers.

Kevin Haley, director, Symantec Security Response said that advanced criminal attack groups now echo the skill sets of nation-state attackers.

“They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off. We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams.”

These professional attack groups are the first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditised.

In 2015, the number of zero-day vulnerabilities discovered more than doubled to a record-breaking 54, a 125 percent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks, according to Symantec’s Internet Security Threat Report.

Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging their vast resources in attempt to overwhelm defenses and enter corporate networks.


Apple faces more cyber attacks

Apple blossom, Mike MageeA report said that malware aimed at Apple devices has doubled this year, and will face further attacks in 2016.

The BBC reported that Symantec and FireEye are predicting that Apple will face increased threats in 2016.

The Apple operating system – OS X – is subject to way fewer attacks than Windows, Symantec said, but the number was seven times greater this year and last.

Attacks on Apple’s iOS operating system, used in iPads and iPhones is also increasing.

Apple notebooks have shown steady growth during 2015 while Windows notebook sales have been flat.

That may be the reason for hackers taking time to devise methods involving Apple users.

Apple finds more malware in its App store

bugAfter lecturing the world about how its autocratic controls protect users from malware, Apple has been forced to pull apps from its app store because of… er… malware.

Jobs’ Mob has admitted that it had removed “a few” applications from its App Store, expressing its concern that the security of some users’ personal data could be compromised in certain circumstances.

The company said the apps threatened users’ security by installing certificates that can expose data to monitoring by third parties. The company did not specify the precise number of apps at issue and its standard defence against any major issue is that “it only effects as small number of users” even when it is most of the user base.

“Apple is deeply committed to protecting customer privacy and security. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.”

Apps with so-called root certificates route user data to servers where it can be analyzed. That opens the door for network providers to view encrypted traffic, leaving users vulnerable to data breaches.

One of the apps removed was Been Choice, which has attracted attention for its ability to block advertising in apps.

An Apple spokeswoman said the company would release a support page to help users remove the apps in question from their devices.

For years Apple fanboys have mocked Android users because the Google Play store was “full of malware.” They claimed that Apple’s ruthless censorship of apps to suit the needs and desires of the right-wing Bible belt was protecting them from malware.

Spending on IT security continues

Barbed wireSpending on IT security will realise sales of $75.4 billion this year, a rise of close to 4.7 percent compared to 2014.

Gartner said the increase in spend is due to government initiatives, more legislation and highly publicised data breaches.

But because of the strength of the US dollar, pricing in some regions will rise by as much as 20 percent and that will force customers to reduce spending towards the end of this year.

There will be a rebound in spending in 2016, Gartner predicts.

Elizabeth Kim, a research analyst at the firm, said that interest in security technologies is because of cloud, mobile computing and the internet of things.

Vendors will benefit from an increased interest in endpoint detection, threat intelligence and cloud security tools, including encryption.

She predicts that enterprises will invest in network “sandboxing” coupled to network firewalls and content security packages. These “sandboxes” allow enterprises to detect threat outside of the core networks but are seen as too expensive to midsize enterprises, or enterprises which don’t have enough dedicated IT staff.

AVG spies and sells private data to advertisers

spyIf you are worried about your private data ending up in the hands of advertisers it is probably better to avoid installing the free version of  AVG “security software.”

A change to its privacy policy has confirmed that AVG thinks it is a great idea to collect “non-personal data” and sell it to the highest bidder. This is a little odd given that you normally by security software to stop this sort of thing happening.

The new privacy policy comes into effect on 15 October so you might want to buy more sensible security software before then.

AVG explained that the ability to collect search history data had also been included in previous privacy policies, albeit with different wording. So if you were unfortunate enough to run AVG software you might have already sold the family silver without being aware of it.

Alexander Hanff security expert and chief executive of Think Privacy warned that AVG had now officially become spyware.

He told Wired that antivirus software runs on our devices with elevated privileges so it can detect and block malware, adware, spyware and other threats.

“It is utterly unethical to [the] highest degree and a complete and total abuse of the trust we give our security software.”

Previous versions of AVG’s privacy policy stated it could collect data on “the words you search”, but didn’t make it clear that browser history data could also be collected and sold to third parties. In a statement AVG said it had updated its privacy policy to be more transparent about how it could collect and use customer data.

AVG spokesperson told Wired that it was either spying or it would have to pack in its free security software.

“Those users who do not want us to use non-personal data in this way will be able to turn it off, without any decrease in the functionality our apps will provide. While AVG has not utilised data models to date, we may, in the future, provided that it is anonymous, non-personal data, and we are confident that our users have sufficient information and control to make an informed choice.”

It is a pity really. AVG is the third most popular antivirus product in the world and has an 8.6 percent share of the global market. Avast, which also provides free security software, admits that it collects certain non-personal information and sell it to advertisers.