Subscribe to:

Subscribe to :: TheGuruReview.net ::

Court Grants FBI Right To Continue Secret Surveillance Requests

July 19, 2017 by  
Filed under Around The Net

The FBI will be allowed to continue sending surveillance orders to tech companies and ban them from disclosing those requests, an appeals court ruled Monday.

Internet company Cloudflare and wireless network operator CREDO Mobile sued the federal government to be allowed to disclose public national security letters they have received. They argued that the letters, which are administrative subpoenas issued by the government to gather information for national security purposes, are unconstitutional because they violate the First Amendment’s freedom of speech protections.

Critics of national security letters — like the Electronic Frontier Foundation, which represented Cloudflare and CREDO in the case — say they “allow the FBI to secretly demand data about ordinary American citizens’ private communications and internet activity without any meaningful oversight or prior judicial review.” Companies that receive national security letters, or NSLs, are subject to gag orders, which means they can’t even disclose they’ve received such orders unless the letters become declassified. And those gag orders last indefinitely.

A three-judge panel on a US court of appeals in San Francisco on Monday upheld a lower court ruling that NSLs can remain secret. In their unanimous ruling, they said the Supreme Court “has concluded that some restrictions on speech are constitutional, provided they survive the appropriate level of scrutiny.”

The law behind national security letters considers that disclosing the orders could result in danger to the national security of the US, interference with an investigation, interference with diplomatic relations; or danger to the life or physical safety of any person, the judges said in their opinion.

“We therefore conclude that the 2015 NSL law is narrowly tailored to serve a compelling government interest, both as to inclusiveness and duration,” the opinion said. “Accordingly, we hold that the nondisclosure requirement … survives strict scrutiny.”

Andrew Crocker, an attorney with EFF, said in a statement that he’s disappointed the court “failed to recognize that the NSL statute violates the free speech rights of technology companies that are required to turn over customer data to the FBI and banned indefinitely from ever publicly discussing the requests.”

He added that NSLs prevent companies from being open with their customers.

“Unfortunately, the Ninth Circuit avoided addressing the serious First Amendment problems with NSLs, particularly the fact that they are often left in place permanently,” Crocker said. “We’re considering our options for next steps in challenging this unconstitutional authority.”

The US Justice Department declined to comment on the ruling.

Will NotPetya Victim Get The Files Vack

July 12, 2017 by  
Filed under Computing

The so-called ‘NotPetya’ ransomware, which was first identified in Ukraine and quickly spread worldwide, is reportedly designed to destroy data with the ransomware element intended as little more than a cover.

Security software company Kaspersky has warned that there is “little hope for victims to recover their data” if they fall victim to the ransomware bastard because the installation ID displayed in the ransomware note, sent with the ransom so that the appropriate decryption key can be sent back, is entirely randomly generated.

As a result, victims that pay the estimated £300 ransom in Bitcoin won’t be able to get their files back.

“We have analysed the high-level code of the encryption routine and we have figured Kaspersky Company in a statement.

“To decrypt a victim’s disk threat actors need the installation ID. In previous versions of ‘similar’ ransomware, like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. 

“ExPetr [Kaspersky’s name for the malware] does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data.”

Kaspersky’s warning comes as a number of security software and services companies publish their initial analyses of the NotPetya/ExPetr malware – all coming to similar conclusions.

Kaspersky itself claims that around 2,000 organisations have fallen victim to it so far, with firms in Russia and Ukraine worst affected, although Norwegian shipping company Maesk also fell victim. The company also confirmed the use of two US National Security Agency (NSA) exploits, exposed by the Shadow Brokers group, called EternalBlue and EternalRomance, which have helped automatically propagate the malware.

People and organisations with their Windows operating systems patched up-to-date and running equally up-to-date antivirus software ought to be protected, Kaspersky added.

However, organisations that aren’t properly patched can see the malware use flaws in Microsoft’s SMB networking protocol, via the EternalBlue exploit, to infect multiple machines.

According to Kasperksy, researchers Anton Ivanov and Orkhan Mamedov, the “installation key” supposedly presented to users in the NotPetya ransom note is simply a random string.

“That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim and, as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID,” they warned.

That means, even paying the ransom won’t result in a decryption key being sent. “This reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive,” they added.

Likewise, Matt Suiche, founder of cloud security company Comae Technologies, agreed. “The ransomware was a lure for the media. This variant of Petya is a disguised wiper,” he warned. 

He added: “The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative.

“Ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) – a wiper would simply destroy and exclude possibilities of restoration.”

The key presented in the ransomware note, he also confirmed, is “fake and randomly generated”.

He added that the ransomware element was probably intended to distract attention from the idea that a nation-state attacker of some sort was behind it, citing the Shamoon malware in 2012, while the attacker simply repacked existing ransomware. 

Not everyone is convinced that the NotPetya malware is state sponsored, however, with software engineer and malware analyst @hasherezade on Twitter suggesting that the author of the original Petya might be behind it. ‘

Courtesy-TheInq

nVidia Jump Into Digital Mining

July 10, 2017 by  
Filed under Around The Net

Nvidia hopes to take custom away from its rival AMD by building a chip which is designed for digital currency mining.

 AMD’s new  chips have been taken off the shelves as soon as they arrive because digital currency miners want lots of them to make money.  Nvidia has been doing well off the craze, but AMD is finding it difficult to get enough chips out there and this has caused GPU prices to rocket.

Nvidia wants to release graphics cards specifically designed for cryptocurrency. From a product listing on ASUS’ website: “ASUS Mining P106 is designed for coin mining with high-efficiency components — delivering maximum hash-rate production at minimum cost. ASUS Mining P106 enhances the megahash rate by up to 36 per cent compared cards in the same segment that are not tailored for mining.

The new card is also engineered to be seriously durable, enabling 24/7 operation for uninterrupted coin production.” The ASUS Mining P106 uses an Nvidia chip, according to the specifications page on the website. 

Nvidia, AMD and ASUS have not officially announced the digital currency mining cards, according to their website press pages. It is not certain when the cards will be available for sale. Nvidia is likely making the cards designed for this use so that the surging digital currency demand doesn’t affect its ability to serve the lucrative PC gaming market.

Courtesy-Fud

Ransomware-as-a-Service Now Targeting Macs

June 22, 2017 by  
Filed under Computing

Security researchers have found the first evidence of ransomware-as-a-service (RaaS) affecting Apple machines, dubbed ‘MacRansom.’

Fortinet’s security research team, FortiGuard Labs, uncovered the tool, which uses a web portal hosted in a TOR network (an anonymous network that bounces the signal around a relay of volunteer computers, to conceal the source); an increasingly-popular form of attack. The variant is not readily available through the portal, and instead, buyers must contact the author(s) directly to build the ransomware.

MacRansom uses a basic delivery vector, in that the owner of the machine must agree to run a programme from an unidentified developer before the infection takes place, or have it physically installed from an external drive. If they do so, the ransomware will check two things: if it is being run in a non-Mac environment, and if it is being debugged. If either condition is not met, it will terminate.

The next step is to create a launch point (the file name purposefully mimics a legitimate file). The ransomware will run on every start up and encrypts on a specified trigger time. When that time comes, the ransomware begins to encrypt files on the computer – in what FortiGuard notes is a slightly unusual but still effective method. A maximum of 128 files will be locked.

FortiGuard was looking for any RSA-crypto routines; however, like the delivery vector, the ransomware itself is not very sophisticated and instead uses a symmetric encryption with a hardcoded key. Two sets of keys are used: ReadmeKey (0x3127DE5F0F9BA796), which decrypts the ransom notes and instructions, and TargetFileKey (0x39A622DDB50B49E9), which performs the encrypt/decrypt on the user’s files.

TargetFileKey is altered with a random number generator: the encrypted files cannot be decrypted once the malware has terminated, in other words. It also has no function to communicate with the command and control server, so there is no readily-available copy of the key to use. While recovery of the TargetFileKey is still technically possible using a brute force attack, FortiGuard is ‘sceptical’ of the author’s claim to be able to decrypt the hijacked files.

Users are instructed to contact a specific email address and send some of their encrypted files, which will be decrypted as proof. The author asks for 0.25 Bitcoin (about £540) to unlock all of the files.

Ransomware is still not common on Mac computers, and most found there today is significantly less advanced than that targeting Windows. However, MacRansom can still capably encrypt files.

FortiGuard believes that MacRansom is being developed by copycats, as it contains code and ideas that appear to have been taken from previous ransomware targeting OS X.

Courtesy-TheInq

Silicon Valley Tech Giants Ask NSA To Change Spying Tactics

May 31, 2017 by  
Filed under Around The Net

Silicon Valley’s giants are frustrated with the United State’s government National Security Agency.

In a letter  signed by 31 tech companies, including Google, Amazon, Facebook and Microsoft, the firms are asking Congress to make reforms to Section 702 of the Foreign Intelligence Surveillance Act. That’s the section that allows the National Security Agency to gather web data of citizens outside of the US — and in some cases, against Americans.

Section 702 was first revealed by whistleblower Edward Snowden in bombshell leaks surrounding the NSA’s mass surveillance program. The snooping combed through everything a person did digitally, putting tech companies at odds with the government for years. The section is set to expire by December 31 unless Congress decides to renew the program.

Silicon Valley leaders hope the politicians on Capitol Hill choose to change Section 702, instead of renewing it. In the letter (PDF), they offered five recommendations for internet surveillance reform, including greater transparency on how many Americans are swept up in the snooping, narrowing the scope to prevent innocent people from being spied on, and greater oversight on the program.

“We are writing to express our support for reforms to Section 702 that would maintain its utility to the U.S intelligence community while increasing the program’s privacy protections and transparency,” the group wrote.

Since 2013, Google has wanted to disclose what data they’re legally required to hand over to the government, which the feds prohibit. Apple has faced battles of its own, with the San Bernardino terrorist’s locked iPhone and the FBI’s order to crack it open. In just the second half of 2016, national security orders for Apple doubled to 6,000 requests since the first half of the year.

Apple was not among the 31 tech companies who wrote to House Judiciary Committee Chairman Bob Goodlatte, a Virginia Republican, on Friday, even while the debate on privacy vs. national security rages on. Apple did not respond to requests for comment on Friday.

In March, the Internet Infrastructure Coalition wrote a letter to the Judiciary Committee warning that Section 702 could have “grave economic consequences” if it were not reformed.

It’s still unclear how many Americans were swept up by the wide-reaching surveillance, but Section 702 is estimated to be behind a quarter of the NSA’s snooping in 2014.

Hacked Dallas Emergency Sirens Add Extra Encryption

April 13, 2017 by  
Filed under Around The Net

Dallas city officials have put in place additional encryption and other security measures to the outdoor warning sirens hacked last week.

The hack also prompted the city to evaluate critical systems for potential vulnerabilities, City Manager T.C. Broadnax said in a statement late Monday. City officials are reviewing security for financial systems, a flood warning system, police-fire dispatch and the 911/311 system.

Broadnax told reporters separately on Monday that the hack came over a radio frequency and not over a wired computer network. The attack was “not a system software issue; it was a radio issue,” he told the Dallas Observer and others.

The city believes the hack came from the Dallas area, but officials haven’t detailed how it occurred. Dallas police are working with the FBI and the Federal Communications Commission (FCC) to validate what they think happened and find the source. The hack caused all 156 emergency sirens to activate for about 90 minutes, scaring some residents and doubling the number of calls to 911.

Radio security experts theorized the incident may have been a simple “replay attack” where the hacker recorded the radio signal sent out on April 5 at noon as part of a monthly test of the emergency siren system. Then, the hacker could have played that signal back repeatedly early Saturday. It would take a hacker with a software defined radio (SDR) or other off-the-shelf radio frequency test equipment to pull off the attack, said Chris Risley, CEO of Bastille Networks, a company that remediates radio frequency vulnerabilities.

Frequencies used for outdoor sirens are public and are managed by the FCC. Various security techniques, including encryption, are used to protect signals sent by radio.

Even if a “replay attack” was not used, the regularly scheduled siren test would allow an attacker to make multiple recordings of the “activate sirens” radio stream over several months and then analyze it for specific commands to trigger the alert, he added. SDRs are becoming cheaper and more capable and there is an abundance of open source software that can decode activation protocols.

Risley said other cities are probably just as vulnerable as Dallas.

The Dallas incident highlights how vulnerable and unprotected U.S. enterprises and government authorities are, said Matt Little, chief product officer for encryption provider PKWare. “Traditional security perimeters are breaking down. This attack reaffirms how necessary encryption is,” he said.

Many siren systems are decades old and Dallas may have been relying on low-level encryption, perhaps even 64-bit encryption based on the Data Encryption Standard (DES) from the late 1970s, he said.

“Sirens are analogous to a lot of aging critical infrastructure that was built for high availability, and always has to be online, so security took a back seat to that,” Little said.

Dallas may have decided after the hack to upgrade encryption or improve the authentication system regarding who gets access to encryption keys, Little said.

FBI Used Malware To Hack Computers In 120 Countries

February 14, 2017 by  
Filed under Around The Net

Privacy advocates have alleged in court that an FBI hacking operation to bust up a child pornography site was unconstitutional and violated international law.

That’s because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.

“How will other countries react to the FBI hacking in their jurisdictions without prior consent?” wrote Scarlet Kim, a legal officer with U.K.-based Privacy International.

On Friday, that group, along with the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union of Massachusetts, filed briefs in a lawsuit involving the FBI’s hacking operation against Playpen. The child pornography site was accessible through Tor, a browser designed for anonymous web surfing. But in 2014, the FBI managed to take it over.

In a controversial move, the agency then decided to use the site to essentially infect visitors with malware as a way to track them down.

As a result, the FBI is prosecuting hundreds who were found visiting the site, but it also happened to hack into computers from 120 countries.

On Friday, the three privacy groups filed briefs in a case involving Alex Levin, a suspect in the FBI’s Playpen investigation who’s appealing the way the agency used malware to gather evidence against him.

Privacy International claims that the warrant the FBI used to conduct the hacking is invalid. This is because the U.S. was overstepping its bounds by conducting an investigation outside its borders without the consent of affected countries, the group said.

According to Privacy International, the case also raises important questions: What if a foreign country had carried out a similar hacking operation that affected U.S. citizens? Would the U.S. welcome this?

The EFF and ACLU also claim that the FBI’s warrant was invalid, but they cite the U.S. Constitution, which protects citizens from unreasonable searches.

“Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world,” EFF attorney Mark Rumold wrote in a blog post. “If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied.”

A key concern is that a warrant to hack into so many computers will set a precedent. “Even serious crimes can’t justify throwing out our basic constitutional principles,” Rumold said.

Lavabit Unveils New End-to-end Email Encryption

January 24, 2017 by  
Filed under Around The Net

The creators of Lavabit, an email service that noted leaker Edward Snowden used, is releasing source code for an open-source, end-to-end encrypted email standard that promises surveillance-proof messaging.

The code for the Dark Internet Mail Environment (DIME) standard will become available on Github, along with an associated mail server program, said its developer, Ladar Levison, on Friday.

DIME will work across different service providers and perhaps crucially will be “flexible enough to allow users to continue using their email without a Ph.D. in cryptology,” said Levison.

To coincide with its launch, Levison is also reviving Lavabit. The encrypted email service shut down in 2013 when federal agents investigating Snowden demanded access to email messages of his 410,000 customers, including their private encryption keys.

 Levison decided to shut it down rather than help the U.S. government violate his customers’ privacy, he wrote on Friday.

“I chose Freedom,” he said. “Much has changed since my decision, but unfortunately much has not in our post-Snowden world.”

Levison said he is relaunching the service, citing “recent jaw-dropping headlines” over how email remains insecure.

“Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security,” he wrote on Lavabit’s site.

The revived Lavabit is also built with DIME, which Levison started with a Kickstarter fund in 2014. It is designed to encrypt the email and its transmission, including the metadata such as the message’s subject line, sender and recipient.

The new Lavabit will operate in three encryption modes that range from Trustful, Cautious to Paranoid. Each mode handles message encryption and private key storage differently at the expense of ease of use.

Initially, however, Lavabit will only be accessible to existing users of the service and only in Trustful mode. New users must pre-register and wait for the eventual rollout.

Lavabit is a subscription-based service. On Friday, it was offering a discount deal. For $15 annually, a user can have access to 5GB of email storage. For $30, a user can have access to 20 GB of space.

Darknet Market Places Feeling The Heat From Authorities Worldwide

November 3, 2016 by  
Filed under Around The Net

dark-web-150x150Law enforcement agencies worldwide staged a crackdown on so-called darknet web sites last week, targeting merchants and thousands of customers who were looking to obtain illegal drugs and goods.

From Oct. 22 to Oct. 28, the agencies took action against merchants and customers that used these sites for illicit items, U.S. Immigration and Customs Enforcement said in a statement on Monday.

Unlike other websites, these underground marketplaces reside within the darknet — a sort of parallel internet accessible to visitors via anonymizing software like Tor. While the software has legitimate uses, such as safeguarding communications in authoritarian countries, it has been adopted for more illicit means.

Last week’s crackdown was global in scale. In addition to the U.S., Europol and law enforcement agencies from Australia, Canada, New Zealand and the U.K. participated in the operation.

In the U.S., the FBI said it made “contact” with 150 individuals suspected of buying illicit items from darknet marketplaces. “Some of these individuals confessed to ordering a range of illegal drugs and controlled substances online, including heroin, cocaine, morphine, and ketamine,” the FBI said.

It’s unclear how U.S. investigators found out about the suspects’ activities. But a video posted online shows agents searching for illegal goods by opening packages at a Los Angeles mail facility. Among the items seized were live turtles sent from Las Vegas, a counterfeit bong made in China, and fake Ray-Ban sunglasses.

In other countries such as Sweden, local police said they had identified more than 3,000 suspected buyers of drugs sold over the darknet. Police were able to identify the suspects because six of the largest Swedish merchants on the darknet had been arrested in the past year.

Police in Netherlands also said they took “some criminal justice actions” as part of last week’s operation. Authorities there have even published a website, naming which vendors are still active on the darknet, and which have already been arrested.

NHTSA Urge Automakers To Prioritize Cyber Security

October 25, 2016 by  
Filed under Around The Net

nhtsa-150x150Automakers should make protecting the electronic and computer systems of vehicles from hackers a top priority, developing layers of protection that can secure a vehicle throughout its life, U.S. regulators said.

The cyber security guidelines issued by the U.S. National Highway Traffic Safety Administration are recommendations, not enforceable rules. However, they mark a step toward establishing a road map for industry behavior as lawmakers and consumers pressure automakers to show how they will protect increasingly connected and automated vehicles from cyber attacks.

Some of the agency’s proposals, included in a paper titled “Cybersecurity Best Practices for Modern Vehicles,” echo moves major manufacturers are making already, including establishing a group to share information about cyber security threats.

Automakers will carefully review the technical aspects of the agency’s proposals as well as proposals related to the disclosure of information about “the secret sauce” of electrical and data systems, which is highly competitive, Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, said in an interview on Monday. The group, often referred to as the AUTO-ISAC, was established by automakers as a clearinghouse for companies to share information about cyber security threats and countermeasures.

Automakers accelerated efforts to address hacking threats over the past year after data security researchers successfully took remote control of a Jeep Cherokee and publicized their feat. Fiat Chrysler Automobiles in July 2015 recalled 1.4 million vehicles to install software to protect against future data breaches.

Other automakers, including BMW AG and Tesla Motors Inc, have disclosed actions to fix potential data security gaps.

The security of data and communications systems in vehicles is also critical as more auto manufacturers gear up to follow Tesla’s lead and begin offering significant vehicle upgrades through wireless data links. The Federal Bureau of Investigation earlier this year warned that criminals could exploit online vehicle software updates.

The NHTSA recommends manufacturers conduct tests of vehicle systems to see if the cyber security systems can be breached, and document their testing and their assessment of the risks.

Democratic U.S. Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut said the NHTSA should do more. “If modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger,” the lawmakers said in a statement Monday.

The Alliance of Automobile Manufacturers said on Monday the NHTSA guidelines appear to support the steps being taken by the AUTO-ISAC. The Alliance represents General Motors Co, Ford Motor Co and Daimler AG, among others.

Linux Botnets Appear To Be On The Rise

August 8, 2016 by  
Filed under Computing

Kaspersky Lab is warning that the Linux botnet is not only a thing but on the rise.

The report said that the share of attacks from Linux botnets almost doubled (to 70 per cent) – and Linux bots are the most effective tool for the SYN-DDoS attack method. This is the first time that Kaspersky DDoS Intelligence has registered such an imbalance between the activities of Linux- and Windows-based DDoS bots.

SYN DDoS is one of the most common attack scenarios, but the proportion of attacks using the SYN DDoS method increased 1.4 times compared to the previous quarter and accounted for 76 per cent.

Oleg Kupreev, lead malware analyst at Kaspersky Lab said that it is Linux which is to blame.

“Linux servers often contain common vulnerabilities but no protection from a reliable security solution, making them prone to bot infections”, says. “These factors make them a convenient tool for botnet owners. Attacks carried out by Linux-based bots are simple but effective; they can last for weeks, while the owner of the server has no idea it is the source of an attack. Moreover, by using a single server, cybercriminals can carry out an attack equal in strength to hundreds of individual computers. That’s why companies need to be prepared in advance for such a scenario, ensuring reliable protection against DDoS attacks of any complexity and duration”.

Brazil, Italy and Israel all appeared among the leading countries hosting botnet Command and Control (C&C) servers. South Korea is the clear leader in terms of the number of C&C servers located on its territory, with its share amounting to 70 per cent. Brazil, Italy and Israel saw the amount of active C&C servers hosted in these countries nearly triple.

DDoS attacks affected resources in 70 countries over the report period, with targets in China suffering the most (77 per cent of all attacks). Germany and Canada both dropped out of the top 10 rating of most targeted countries, to be replaced by France and the Netherlands.

The report also identifies an increase in the duration of DDoS attacks. While the proportion of attacks that lasted up to four hours fell from 68 per cent in Q1 to 60 percent in Q2, the proportion of longer attacks grew considerably – those lasting 20-49 hours accounted for nine per cent (and those lasting 50-99 hours accounted for four per cent (one per cent in Q1).

The longest DDoS attack in Q2 2016 lasted 291 hours (12 days), an increase on the Q1 maximum of eight days.

Courtesy-Fud

 

Intel and Kaspersky Join Forces To Thwart Ransomware

July 29, 2016 by  
Filed under Computing

Intel Security, Kaspersky Lab and Europol have teamed up to launch a new initiative designed to educate people about the threat of ransomware and offer keys that can unlock devices without having to pay the fraudsters.

The No More Ransom portal, which also has the backing of the Dutch National Police, has been put together in response to the rising threat from ransomware which had almost one million victims in Europe last year.

The portal will contain material designed to educate users about the threat of ransomware and where it comes from, but it is the access to some 160,000 keys that is most notable. These cover numerous ransomware strains, most notably the Shade trojan that emerged in 2014. This is a particularly nasty ransomware spread via websites and infected email attachments.

However, the command and control servers for Shade that stored the decryption keys were seized by law enforcement, and the keys were given to Kaspersky and Intel Security.

These have now been entered into the No More Ransom portal so that victims can access their data without paying the criminals.

Jornt van der Wiel, security researcher with Kaspersky’s global research and analysis team, explained that the portal will help people to take a stand against the rise of ransomware.

“The biggest problem with crypto-ransomware today is that when users have precious data locked down they readily pay criminals to get it back. That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result,” he said.

“We can only change the situation if we coordinate our efforts to fight against ransomware. The appearance of decryption tools is just the first step on this road.”

Raj Samani, EMEA chief technology officer at Intel Security, echoed this sentiment. “This collaboration goes beyond intelligence sharing, consumer education and takedowns to actually help repair the damage inflicted on victims,” he said.

“By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.”

Courtesy-TheInq

 

Is Mozilla Going After The FBI?

May 18, 2016 by  
Filed under Computing

Mozilla is taking legal action to find out whether its code was affected during an FBI investigation into Tor, the privacy browser that shares a lot of Firefox code.

Mozilla has concerns that the FBI has found a vulnerability that it will not disclose. The firm wants to know what it might be so that it can apply a fix. The FBI has not helped out, so the software company has taken its case to the courts.

“User security is paramount. Vulnerabilities can weaken security and ultimately harm users. We want people who identify security vulnerabilities in our products to disclose them to us so we can fix them as soon as possible,” said Mozilla lawyer Denelle Dixon-Thayer in a blog post as she explained that this is not a political action.

“Today, we filed a brief in an ongoing criminal case asking the court to ensure that, if our code is implicated in a security vulnerability, the government must disclose the vulnerability to us before it is disclosed to any other party.

“We aren’t taking sides in the case, but we are on the side of the hundreds of millions of users who could benefit from timely disclosure.”

The situation arose after an FBI investigation into a Tor-based child abuse site. The site was closed down, and the FBI reportedly installed malware to trace the users.

This suggests that the FBI has a decent way into the software, which raises concerns for Mozilla.

“The relevant issue in this case relates to a vulnerability allegedly exploited by the government in the Tor Browser,” said Dixon-Thayer.

“The Tor Browser is partially based on our Firefox browser code. Some have speculated, including members of the defence team, that the vulnerability might exist in the portion of the Firefox browser code relied on by the Tor Browser.

“At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base.

“The judge in this case ordered the government to disclose the vulnerability to the defence team but not to any of the entities that could actually fix the vulnerability. We don’t believe that this makes sense because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.”

Mozilla would like the FBI to follow the same disclosure procedures as the technology industry and do the decent thing by letting the company know as soon as possible.

“Court-ordered disclosure of vulnerabilities should follow the best practice of advance disclosure that is standard in the security research community,” she said.

“In this instance, the judge should require the government to disclose the vulnerability to the affected technology companies first, so it can be patched quickly.

“Governments and technology companies both have a role to play in ensuring people’s security online. Disclosing vulnerabilities to technology companies first allows us to do our job to prevent users being harmed and to make the web more secure.”

Courtesy-TheInq

 

California Moving Forward With Outlawing Ransomware

April 14, 2016 by  
Filed under Around The Net

California lawmakers are moving forward in outlawing the use of so-called “ransomware” to hijack computers for money, passing a bill through its first committee with the support of law enforcement.

The legislation, which would call for hackers using ransomware to be prosecuted under a statute similar to extortion but geared specifically to cyber crime, easily cleared the state senate’s public safety committee.

Senate Bill 1137 moves next to that body’s appropriations committee. It must be approved by both houses of the California legislature and be signed by Governor Jerry Brown to become law.

A spokesman for the measure’s author, state Senator Bob Hertzberg, said the measure, which was co-sponsored by the Los Angeles County District Attorney’s Office, had been met with little opposition so far.

“We don’t anticipate any problems with the bill, it seems to be getting very strong support,” said Andrew LaMar, communications director for Hertzberg, a Democrat.

Authorities say ransomware attacks, in which hackers use malicious software to lock up data in computers and leave messages demanding payment have surged this year.

More than $209 million in ransomware payments were made in the United States alone during the first three months of 2016, according to FBI statistics cited by Hertzberg’s office.

In March, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $17,000 to regain access to its systems.

Los Angeles prosecutors, in a letter to the state senate’s public safety committee, said that the bill was needed because current extortion laws are not well tailored toward prosecuting ransomware attacks.

While such attacks have been around longer than a decade, security experts say they have become far more threatening and prevalent in recent years because of state-of-the-art encryption, modules that infect backup systems, and the ability to infect large numbers of computers over a single network.

 

 

WhatsApp Gives Users End-to-End Encryption

April 7, 2016 by  
Filed under Around The Net

Facebook-owned WhatsApp has strengthened the encryption of its wildly popular instant messaging app, a development that in theory makes it harder for law enforcement to gain access to communications.

WhatsApp’s founders said that the application now implements end-to-end encryption, which means only authorized users can decrypt messages.

“The idea is simple: When you send a message, the only person who can read it is the person or group chat that you send that message to,” Jan Koum and Brian Acton wrote in a blog post. “No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.”

The move by WhatsApp comes after fierce debate over the increasing use of encryption and how it affects law enforcement investigations. WhatsApp said in February it had 1 billion users.

In February, a federal magistrate judge ordered Apple to create a special version of its mobile operating system that would help the FBI get into a phone used by one of the San Bernardino mass shooters. Apple objected, setting off a widespread debate.

The order was vacated after the FBI said it had found a way to unlock the phone with the help of a third party. But there are similar cases outstanding.

Devices using WhatsApp hold the encryption and decryption keys to messages sent over the service. That means law enforcement could not go to WhatsApp or another service provider to obtain the keys.

Alternatively, law enforcement could get access to WhatsApp messages if a suspect divulged his or her phone’s passcode or the passcode could be obtained another way.

It is also possible that a software vulnerability in the app could allow law enforcement access. Experts believe that may have been how the FBI unlocked the San Bernardino shooter’s iPhone.

WhatsApp’s encryption uses an open-source protocol called Signal, which is also used in an encrypted messaging app of the same name. Signal was developed by Open Whisper Systems.

 

Next Page »