Subscribe to:

Subscribe to :: TheGuruReview.net ::

Are Hackers From North Korea Stealing Bitcoins

September 21, 2017 by  
Filed under Around The Net

North Korea’s hackers may be stealing bitcoin and other virtual currencies in a bid to evade sanctions and obtain hard currencies to fund the regime.

That’s according to a blog post by security firm FireEye. While state-sponsored North Korean cyber-criminals have been targeting banks and the global financial system for some time in order to fund the isolated state, FireEye believes that hackers are now attempting to steal virtual currencies too.

Since May 2017, FireEye says it has observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds.

“The spearphishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016,” it said.

FireEye suggested that the attacks were not the only link between North Korea and cryptocurrencies. It said there were also “ties between North Korean operators and a watering hole compromise of a bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner” – which references Kaspersky Lab’s finding of a direct link between the Lazarus group banking heist hackers, whereby hackers installed Monero cryptocurrency mining software, and North Korea.

According to FireEye, spearphishing attempts against one South Korean exchange began early in May, and later that month another exchange in South Korea was compromised. In early June, more suspected North Korean activity targeting ‘unknown victims’  – which FireEye believes are cryptocurrency service providers in South Korea – was reported, and in July a third South Korean exchange was targeted, once again through spearphishing a personal account.

Prior to this activity, four wallets on Yapizon, a South Korean cryptocurrency exchange were compromised on 22 April, although FireEye says there is no indication of North Korea involvement with this.

The cyber security firm believes that the 26 April announcement by the US of increased economic sanctions against North Korea may have played a part in driving North Korean interest in cryptocurrency. By focusing on cryptocurrencies, attackers may benefit from lax anti-money laundering controls as the regulatory environment around these currencies is still emerging.

“While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential,” FireEye said.

“Cyber criminals may no longer be the only nefarious actors in this space,” it concluded.

Courtesy-TheInq

Did The CIA Spy On Intel’s Partners

September 1, 2017 by  
Filed under Around The Net

The FBI and Homeland Security, who relied on the CIA for tech support for biometric data, were being targeted by spyware.

According to what is fairly likely to be Russian intelligence leaked to Wikileaks, the CIA wrote a program called ExpressLane, is designed to be deployed alongside a biometric collection system that the CIA provides to partner agencies.

Since 2009 this software has been siphoning data back to the CIA on the off-chance those partners are holding out on them.

ExpressLane masquerades as a software update, delivered in-person by CIA technicians — but the documents make clear that the program itself will remain unchanged. The program siphons the system’s data to a thumb drive, where agents can examine it to see if there’s anything the partner system is holding back. If the partners refuse the phoney update, there’s a hidden kill-switch that lets agents shut down the entire system after a set period of time, requiring an in-person visit to restore the system.

WikiLeaks’s “sources” claim the program was primarily used against US agencies like the FBI and Department of Homeland Security, although the documents themselves do not say that. In fact the CIA doesn’t maintain any significant biometric database of its own, it’s also unclear what the agency would do with any data it obtained. 

WikiLeaks continues to release the agency’s hacking tools as part of the Vault 7 campaign.

Courtesy-Fud

Has The Playstation Network Suffered Another Breach

August 28, 2017 by  
Filed under Gaming

The hacker group known as OurMine has reportedly cracked into Sony and made off with a collection of PlayStation Network (PSN) logins.

Legitimately, OurMine offers to protect your online accounts and presence and keep it secure on a monthly paid for basis. It also busts its way into systems, picks them apart and exposes their weaknesses all while wearing a lovely white hat.

We have already seen it at work this month when it took on HBO and Game of Thrones and managed to come out of it with Twitter control and a couple of script treatments. 

The benevolent group is not planning on leaking any of the information that it took from PSN and got quite indignant at the suggestion in one of its own tweets, suggesting that Sony just needed to get in touch and avail itself of the OurMine services and this would all be over.

“No, we aren’t going to share it, we are a security group, if you works at PlayStation then please go to our website ourmine . org,” it said on Twitter.

Reports claim that the hack of Sony’s social media accounts was achieved using its Sprout Social management account, which also gave OurMine access to user registration information such as names and email addresses.

It is tough to imagine that Sony’s PlayStation people would welcome this third-party intervention. The firm has had to deal with hackers before in 2001 when it went after the cracker known as Geohot. Then, the firm was taken offline for almost three weeks and had tens of millions of PSN user details pinched.

Sony’s Facebook account also got taken over for a short while this weekend putting users off the service and sparing other people from cat pictures and happy couples. Unfortunately, though, this only had a brief impact.

Courtesy-TheInq

Did NotPetya Cost Maersk Cost Over 100 Million In Lost Revenue

August 24, 2017 by  
Filed under Around The Net

Maersk has warned that the NotPetya malware that struck the company in June will cost it between $200m and $300m in lost revenues.

In a statement released on Wednesday, Maersk CEO Søren Skou said: “In the last week of the [second] quarter we were hit by a cyber-attack, which mainly impacted Maersk Line, APM Terminals and Damco.

“Business volumes were negatively affected for a couple of weeks in July and, as a consequence, our third quarter results will be impacted. We expect that the cyber-attack will impact results negatively by [between] $200 and $300m.”

However, while the malware depressed the company’s revenues, it was still able to report revenue up by $1bn compared to the same quarter a year earlier, and profits up by $490m.

The sum is the first time that the company has been able to publicly release a figure on the cost of NotPetya and dealing with the aftermath of the malware. 

At the beginning of July, the shipping company admitted that NotPetya had affected a number of ports around the world that it operates, causing a large backlog of shipments to build up. Back then, it admitted that it had suffered cancellations as a result, but couldn’t quantify them, or put a figure on the cost.

Maersk was one of a handful of global companies affected by NotPetya via operations in Ukraine, which appeared to be the primary target of the malware.

Other companies affected include fast-moving consumer goods company Reckitt Benckiser, which has said that the outbreak would cost the company around $100m or more in lost revenues in the second quarter; and confectionery firm Cadbury’s, which admitted that factories and warehouse systems had been affected by NotPetya, delaying shipments.

The most badly affected major organisation, though, would appear to be global parcel delivery company TNT Express, which has warned of permanent data loss as a result of NotPetya. Even three weeks after the outbreak, the company was still struggling to operate effectively, with paperwork lost in the company’s borked IT systems and staff forced to resort to manual processes.

Courtesy-TheInq

Apple’s iOS 11 Has ‘Cop Button’ Feature

August 22, 2017 by  
Filed under Mobile

Apple has added a brand new feature to easily disable Touch ID in iOS 11.

The feature, which is designed to aid calls for emergencies, allows users to quickly tap the power button five times to call 911 on an iPhone 7.

While this won’t automatically dial emergency services, it brings up the option to call 911 or temporarily disable Touch ID until the iPhone’s owner enters their passcode.

The new setting was first discovered by Twitter users in the iOS 11 public beta. They’ve since nicknamed the feature a “cop button,” notably after the FBI’s attempt to force Apple to unlock an iPhone used by Syed Farook, who killed 14 people in a 2015 terrorist attack in San Bernardino, California.

The incident led to a highly publicized war of words last year between the tech giant and the US government over security and privacy. Apple didn’t immediately respond to a request for comment.

 

New High-Level Phishing Attack Focuses On Politicians

July 26, 2017 by  
Filed under Around The Net

Bitdefender has uncovered a new high-level spear-phishing attack targeting political figures and senior business users.

Dubbed ‘Inexsmar’, the attack appears to be operated by the DarkHotel group, which has been perpetrating similar threats since 2007.

DarkHotel attacks often merge whaling with malware and other threat avenues, with both attacker and victim on the same (hotel) WiFi network. Inexsmar is slightly different, in both its targets and payload delivery mechanism. Bitdefender has dated its samples back to September 2016, but it has dated samples with a high level of similarity to April 2011.

Liviu Arsene, a senior e-threat analyst at Bitdefender, told INQ: “The new attack vector involves carefully-crafted spear-phishing emails… where the use of legitimate names and email address is supposed to convince victims of the email’s legitimacy.

“When executed, the attachment actually displays a valid document, so as not to raise any suspicion from the victim, while malware is installed in the background. This is why the current campaign is a major departure from [DarkHotel’s] approach, in which the attacker would have to share the same Wi-Fi as its victim.”

The dummy document that Arsene mentions is called ‘Pyongyang Directory Group email SEPTEMBER 2016 RC_Office_Coordination_Associate.docx’.

Various tasks are undertaken in the background, with the aim of determining if the host computer is a valid target. If it is not, the malware stops functioning; otherwise, the malware installs the full payload by contacting the C2 server.

The DarkHotel group has traditionally targeted senior business users, such as CEOs, developers and corporate researchers, who can access sensitive company information like intellectual property and source code. Vectors like zero day exploits, stolen or factored digital certificates and layered encryption for samples are a few of the attack methods the group has used in the past.

BitDefender writes: “We presume that this method of pairing social engineering with a multi-stage Trojan downloader is also an evolutionary step to keep [DarkHotel’s] malware competitive as their victims’ defences improve.

“This approach serves their purpose much better as it both assures the malware stays up to date via system persistence – not achievable directly using an exploit – and gives the attacker more flexibility in malware distribution (the domains don’t have to be up all the time – not achievable directly using an exploit).’

BitDefender’s whitepaper goes into more detail on the attack.

Courtesy-TheInq

Court Grants FBI Right To Continue Secret Surveillance Requests

July 19, 2017 by  
Filed under Around The Net

The FBI will be allowed to continue sending surveillance orders to tech companies and ban them from disclosing those requests, an appeals court ruled Monday.

Internet company Cloudflare and wireless network operator CREDO Mobile sued the federal government to be allowed to disclose public national security letters they have received. They argued that the letters, which are administrative subpoenas issued by the government to gather information for national security purposes, are unconstitutional because they violate the First Amendment’s freedom of speech protections.

Critics of national security letters — like the Electronic Frontier Foundation, which represented Cloudflare and CREDO in the case — say they “allow the FBI to secretly demand data about ordinary American citizens’ private communications and internet activity without any meaningful oversight or prior judicial review.” Companies that receive national security letters, or NSLs, are subject to gag orders, which means they can’t even disclose they’ve received such orders unless the letters become declassified. And those gag orders last indefinitely.

A three-judge panel on a US court of appeals in San Francisco on Monday upheld a lower court ruling that NSLs can remain secret. In their unanimous ruling, they said the Supreme Court “has concluded that some restrictions on speech are constitutional, provided they survive the appropriate level of scrutiny.”

The law behind national security letters considers that disclosing the orders could result in danger to the national security of the US, interference with an investigation, interference with diplomatic relations; or danger to the life or physical safety of any person, the judges said in their opinion.

“We therefore conclude that the 2015 NSL law is narrowly tailored to serve a compelling government interest, both as to inclusiveness and duration,” the opinion said. “Accordingly, we hold that the nondisclosure requirement … survives strict scrutiny.”

Andrew Crocker, an attorney with EFF, said in a statement that he’s disappointed the court “failed to recognize that the NSL statute violates the free speech rights of technology companies that are required to turn over customer data to the FBI and banned indefinitely from ever publicly discussing the requests.”

He added that NSLs prevent companies from being open with their customers.

“Unfortunately, the Ninth Circuit avoided addressing the serious First Amendment problems with NSLs, particularly the fact that they are often left in place permanently,” Crocker said. “We’re considering our options for next steps in challenging this unconstitutional authority.”

The US Justice Department declined to comment on the ruling.

Will NotPetya Victim Get The Files Vack

July 12, 2017 by  
Filed under Computing

The so-called ‘NotPetya’ ransomware, which was first identified in Ukraine and quickly spread worldwide, is reportedly designed to destroy data with the ransomware element intended as little more than a cover.

Security software company Kaspersky has warned that there is “little hope for victims to recover their data” if they fall victim to the ransomware bastard because the installation ID displayed in the ransomware note, sent with the ransom so that the appropriate decryption key can be sent back, is entirely randomly generated.

As a result, victims that pay the estimated £300 ransom in Bitcoin won’t be able to get their files back.

“We have analysed the high-level code of the encryption routine and we have figured Kaspersky Company in a statement.

“To decrypt a victim’s disk threat actors need the installation ID. In previous versions of ‘similar’ ransomware, like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. 

“ExPetr [Kaspersky’s name for the malware] does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data.”

Kaspersky’s warning comes as a number of security software and services companies publish their initial analyses of the NotPetya/ExPetr malware – all coming to similar conclusions.

Kaspersky itself claims that around 2,000 organisations have fallen victim to it so far, with firms in Russia and Ukraine worst affected, although Norwegian shipping company Maesk also fell victim. The company also confirmed the use of two US National Security Agency (NSA) exploits, exposed by the Shadow Brokers group, called EternalBlue and EternalRomance, which have helped automatically propagate the malware.

People and organisations with their Windows operating systems patched up-to-date and running equally up-to-date antivirus software ought to be protected, Kaspersky added.

However, organisations that aren’t properly patched can see the malware use flaws in Microsoft’s SMB networking protocol, via the EternalBlue exploit, to infect multiple machines.

According to Kasperksy, researchers Anton Ivanov and Orkhan Mamedov, the “installation key” supposedly presented to users in the NotPetya ransom note is simply a random string.

“That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim and, as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID,” they warned.

That means, even paying the ransom won’t result in a decryption key being sent. “This reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive,” they added.

Likewise, Matt Suiche, founder of cloud security company Comae Technologies, agreed. “The ransomware was a lure for the media. This variant of Petya is a disguised wiper,” he warned. 

He added: “The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative.

“Ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) – a wiper would simply destroy and exclude possibilities of restoration.”

The key presented in the ransomware note, he also confirmed, is “fake and randomly generated”.

He added that the ransomware element was probably intended to distract attention from the idea that a nation-state attacker of some sort was behind it, citing the Shamoon malware in 2012, while the attacker simply repacked existing ransomware. 

Not everyone is convinced that the NotPetya malware is state sponsored, however, with software engineer and malware analyst @hasherezade on Twitter suggesting that the author of the original Petya might be behind it. ‘

Courtesy-TheInq

nVidia Jump Into Digital Mining

July 10, 2017 by  
Filed under Around The Net

Nvidia hopes to take custom away from its rival AMD by building a chip which is designed for digital currency mining.

 AMD’s new  chips have been taken off the shelves as soon as they arrive because digital currency miners want lots of them to make money.  Nvidia has been doing well off the craze, but AMD is finding it difficult to get enough chips out there and this has caused GPU prices to rocket.

Nvidia wants to release graphics cards specifically designed for cryptocurrency. From a product listing on ASUS’ website: “ASUS Mining P106 is designed for coin mining with high-efficiency components — delivering maximum hash-rate production at minimum cost. ASUS Mining P106 enhances the megahash rate by up to 36 per cent compared cards in the same segment that are not tailored for mining.

The new card is also engineered to be seriously durable, enabling 24/7 operation for uninterrupted coin production.” The ASUS Mining P106 uses an Nvidia chip, according to the specifications page on the website. 

Nvidia, AMD and ASUS have not officially announced the digital currency mining cards, according to their website press pages. It is not certain when the cards will be available for sale. Nvidia is likely making the cards designed for this use so that the surging digital currency demand doesn’t affect its ability to serve the lucrative PC gaming market.

Courtesy-Fud

Ransomware-as-a-Service Now Targeting Macs

June 22, 2017 by  
Filed under Computing

Security researchers have found the first evidence of ransomware-as-a-service (RaaS) affecting Apple machines, dubbed ‘MacRansom.’

Fortinet’s security research team, FortiGuard Labs, uncovered the tool, which uses a web portal hosted in a TOR network (an anonymous network that bounces the signal around a relay of volunteer computers, to conceal the source); an increasingly-popular form of attack. The variant is not readily available through the portal, and instead, buyers must contact the author(s) directly to build the ransomware.

MacRansom uses a basic delivery vector, in that the owner of the machine must agree to run a programme from an unidentified developer before the infection takes place, or have it physically installed from an external drive. If they do so, the ransomware will check two things: if it is being run in a non-Mac environment, and if it is being debugged. If either condition is not met, it will terminate.

The next step is to create a launch point (the file name purposefully mimics a legitimate file). The ransomware will run on every start up and encrypts on a specified trigger time. When that time comes, the ransomware begins to encrypt files on the computer – in what FortiGuard notes is a slightly unusual but still effective method. A maximum of 128 files will be locked.

FortiGuard was looking for any RSA-crypto routines; however, like the delivery vector, the ransomware itself is not very sophisticated and instead uses a symmetric encryption with a hardcoded key. Two sets of keys are used: ReadmeKey (0x3127DE5F0F9BA796), which decrypts the ransom notes and instructions, and TargetFileKey (0x39A622DDB50B49E9), which performs the encrypt/decrypt on the user’s files.

TargetFileKey is altered with a random number generator: the encrypted files cannot be decrypted once the malware has terminated, in other words. It also has no function to communicate with the command and control server, so there is no readily-available copy of the key to use. While recovery of the TargetFileKey is still technically possible using a brute force attack, FortiGuard is ‘sceptical’ of the author’s claim to be able to decrypt the hijacked files.

Users are instructed to contact a specific email address and send some of their encrypted files, which will be decrypted as proof. The author asks for 0.25 Bitcoin (about £540) to unlock all of the files.

Ransomware is still not common on Mac computers, and most found there today is significantly less advanced than that targeting Windows. However, MacRansom can still capably encrypt files.

FortiGuard believes that MacRansom is being developed by copycats, as it contains code and ideas that appear to have been taken from previous ransomware targeting OS X.

Courtesy-TheInq

Silicon Valley Tech Giants Ask NSA To Change Spying Tactics

May 31, 2017 by  
Filed under Around The Net

Silicon Valley’s giants are frustrated with the United State’s government National Security Agency.

In a letter  signed by 31 tech companies, including Google, Amazon, Facebook and Microsoft, the firms are asking Congress to make reforms to Section 702 of the Foreign Intelligence Surveillance Act. That’s the section that allows the National Security Agency to gather web data of citizens outside of the US — and in some cases, against Americans.

Section 702 was first revealed by whistleblower Edward Snowden in bombshell leaks surrounding the NSA’s mass surveillance program. The snooping combed through everything a person did digitally, putting tech companies at odds with the government for years. The section is set to expire by December 31 unless Congress decides to renew the program.

Silicon Valley leaders hope the politicians on Capitol Hill choose to change Section 702, instead of renewing it. In the letter (PDF), they offered five recommendations for internet surveillance reform, including greater transparency on how many Americans are swept up in the snooping, narrowing the scope to prevent innocent people from being spied on, and greater oversight on the program.

“We are writing to express our support for reforms to Section 702 that would maintain its utility to the U.S intelligence community while increasing the program’s privacy protections and transparency,” the group wrote.

Since 2013, Google has wanted to disclose what data they’re legally required to hand over to the government, which the feds prohibit. Apple has faced battles of its own, with the San Bernardino terrorist’s locked iPhone and the FBI’s order to crack it open. In just the second half of 2016, national security orders for Apple doubled to 6,000 requests since the first half of the year.

Apple was not among the 31 tech companies who wrote to House Judiciary Committee Chairman Bob Goodlatte, a Virginia Republican, on Friday, even while the debate on privacy vs. national security rages on. Apple did not respond to requests for comment on Friday.

In March, the Internet Infrastructure Coalition wrote a letter to the Judiciary Committee warning that Section 702 could have “grave economic consequences” if it were not reformed.

It’s still unclear how many Americans were swept up by the wide-reaching surveillance, but Section 702 is estimated to be behind a quarter of the NSA’s snooping in 2014.

Hacked Dallas Emergency Sirens Add Extra Encryption

April 13, 2017 by  
Filed under Around The Net

Dallas city officials have put in place additional encryption and other security measures to the outdoor warning sirens hacked last week.

The hack also prompted the city to evaluate critical systems for potential vulnerabilities, City Manager T.C. Broadnax said in a statement late Monday. City officials are reviewing security for financial systems, a flood warning system, police-fire dispatch and the 911/311 system.

Broadnax told reporters separately on Monday that the hack came over a radio frequency and not over a wired computer network. The attack was “not a system software issue; it was a radio issue,” he told the Dallas Observer and others.

The city believes the hack came from the Dallas area, but officials haven’t detailed how it occurred. Dallas police are working with the FBI and the Federal Communications Commission (FCC) to validate what they think happened and find the source. The hack caused all 156 emergency sirens to activate for about 90 minutes, scaring some residents and doubling the number of calls to 911.

Radio security experts theorized the incident may have been a simple “replay attack” where the hacker recorded the radio signal sent out on April 5 at noon as part of a monthly test of the emergency siren system. Then, the hacker could have played that signal back repeatedly early Saturday. It would take a hacker with a software defined radio (SDR) or other off-the-shelf radio frequency test equipment to pull off the attack, said Chris Risley, CEO of Bastille Networks, a company that remediates radio frequency vulnerabilities.

Frequencies used for outdoor sirens are public and are managed by the FCC. Various security techniques, including encryption, are used to protect signals sent by radio.

Even if a “replay attack” was not used, the regularly scheduled siren test would allow an attacker to make multiple recordings of the “activate sirens” radio stream over several months and then analyze it for specific commands to trigger the alert, he added. SDRs are becoming cheaper and more capable and there is an abundance of open source software that can decode activation protocols.

Risley said other cities are probably just as vulnerable as Dallas.

The Dallas incident highlights how vulnerable and unprotected U.S. enterprises and government authorities are, said Matt Little, chief product officer for encryption provider PKWare. “Traditional security perimeters are breaking down. This attack reaffirms how necessary encryption is,” he said.

Many siren systems are decades old and Dallas may have been relying on low-level encryption, perhaps even 64-bit encryption based on the Data Encryption Standard (DES) from the late 1970s, he said.

“Sirens are analogous to a lot of aging critical infrastructure that was built for high availability, and always has to be online, so security took a back seat to that,” Little said.

Dallas may have decided after the hack to upgrade encryption or improve the authentication system regarding who gets access to encryption keys, Little said.

FBI Used Malware To Hack Computers In 120 Countries

February 14, 2017 by  
Filed under Around The Net

Privacy advocates have alleged in court that an FBI hacking operation to bust up a child pornography site was unconstitutional and violated international law.

That’s because the operation involved the FBI hacking 8,700 computers in 120 countries, based on a single warrant, they said.

“How will other countries react to the FBI hacking in their jurisdictions without prior consent?” wrote Scarlet Kim, a legal officer with U.K.-based Privacy International.

On Friday, that group, along with the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union of Massachusetts, filed briefs in a lawsuit involving the FBI’s hacking operation against Playpen. The child pornography site was accessible through Tor, a browser designed for anonymous web surfing. But in 2014, the FBI managed to take it over.

In a controversial move, the agency then decided to use the site to essentially infect visitors with malware as a way to track them down.

As a result, the FBI is prosecuting hundreds who were found visiting the site, but it also happened to hack into computers from 120 countries.

On Friday, the three privacy groups filed briefs in a case involving Alex Levin, a suspect in the FBI’s Playpen investigation who’s appealing the way the agency used malware to gather evidence against him.

Privacy International claims that the warrant the FBI used to conduct the hacking is invalid. This is because the U.S. was overstepping its bounds by conducting an investigation outside its borders without the consent of affected countries, the group said.

According to Privacy International, the case also raises important questions: What if a foreign country had carried out a similar hacking operation that affected U.S. citizens? Would the U.S. welcome this?

The EFF and ACLU also claim that the FBI’s warrant was invalid, but they cite the U.S. Constitution, which protects citizens from unreasonable searches.

“Here, on the basis of a single warrant, the FBI searched 8,000 computers located all over the world,” EFF attorney Mark Rumold wrote in a blog post. “If the FBI tried to get a single warrant to search 8,000 houses, such a request would unquestionably be denied.”

A key concern is that a warrant to hack into so many computers will set a precedent. “Even serious crimes can’t justify throwing out our basic constitutional principles,” Rumold said.

Lavabit Unveils New End-to-end Email Encryption

January 24, 2017 by  
Filed under Around The Net

The creators of Lavabit, an email service that noted leaker Edward Snowden used, is releasing source code for an open-source, end-to-end encrypted email standard that promises surveillance-proof messaging.

The code for the Dark Internet Mail Environment (DIME) standard will become available on Github, along with an associated mail server program, said its developer, Ladar Levison, on Friday.

DIME will work across different service providers and perhaps crucially will be “flexible enough to allow users to continue using their email without a Ph.D. in cryptology,” said Levison.

To coincide with its launch, Levison is also reviving Lavabit. The encrypted email service shut down in 2013 when federal agents investigating Snowden demanded access to email messages of his 410,000 customers, including their private encryption keys.

 Levison decided to shut it down rather than help the U.S. government violate his customers’ privacy, he wrote on Friday.

“I chose Freedom,” he said. “Much has changed since my decision, but unfortunately much has not in our post-Snowden world.”

Levison said he is relaunching the service, citing “recent jaw-dropping headlines” over how email remains insecure.

“Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security,” he wrote on Lavabit’s site.

The revived Lavabit is also built with DIME, which Levison started with a Kickstarter fund in 2014. It is designed to encrypt the email and its transmission, including the metadata such as the message’s subject line, sender and recipient.

The new Lavabit will operate in three encryption modes that range from Trustful, Cautious to Paranoid. Each mode handles message encryption and private key storage differently at the expense of ease of use.

Initially, however, Lavabit will only be accessible to existing users of the service and only in Trustful mode. New users must pre-register and wait for the eventual rollout.

Lavabit is a subscription-based service. On Friday, it was offering a discount deal. For $15 annually, a user can have access to 5GB of email storage. For $30, a user can have access to 20 GB of space.

Darknet Market Places Feeling The Heat From Authorities Worldwide

November 3, 2016 by  
Filed under Around The Net

dark-web-150x150Law enforcement agencies worldwide staged a crackdown on so-called darknet web sites last week, targeting merchants and thousands of customers who were looking to obtain illegal drugs and goods.

From Oct. 22 to Oct. 28, the agencies took action against merchants and customers that used these sites for illicit items, U.S. Immigration and Customs Enforcement said in a statement on Monday.

Unlike other websites, these underground marketplaces reside within the darknet — a sort of parallel internet accessible to visitors via anonymizing software like Tor. While the software has legitimate uses, such as safeguarding communications in authoritarian countries, it has been adopted for more illicit means.

Last week’s crackdown was global in scale. In addition to the U.S., Europol and law enforcement agencies from Australia, Canada, New Zealand and the U.K. participated in the operation.

In the U.S., the FBI said it made “contact” with 150 individuals suspected of buying illicit items from darknet marketplaces. “Some of these individuals confessed to ordering a range of illegal drugs and controlled substances online, including heroin, cocaine, morphine, and ketamine,” the FBI said.

It’s unclear how U.S. investigators found out about the suspects’ activities. But a video posted online shows agents searching for illegal goods by opening packages at a Los Angeles mail facility. Among the items seized were live turtles sent from Las Vegas, a counterfeit bong made in China, and fake Ray-Ban sunglasses.

In other countries such as Sweden, local police said they had identified more than 3,000 suspected buyers of drugs sold over the darknet. Police were able to identify the suspects because six of the largest Swedish merchants on the darknet had been arrested in the past year.

Police in Netherlands also said they took “some criminal justice actions” as part of last week’s operation. Authorities there have even published a website, naming which vendors are still active on the darknet, and which have already been arrested.

Next Page »