Archive

Archive for January, 2011

Anonymous, WikiLeaks, DDoS and the rights and wrongs of it all

January 28, 2011 Leave a comment

Anonymous, the anonymous hacktivist group, poses a very difficult question: at what point does illegal activity for a cause in which we believe cease to be unacceptable and start to be heroic (and vice versa, of course)?

Anonymous is the group that has claimed responsibility for the ‘retaliatory’ DDoS attacks against companies such as MasterCard, Visa and PayPal for withdrawing support for WikiLeaks. But is also the group that has targeted both the Zimbabwean and Tunisian governments:

“We are targeting Mugabe and his regime in the Zanu-PF who have outlawed the free press and threaten to sue anyone publishing Wikileaks,” the group said at the time.
BBC News: 4 Jan 2011

Anonymous, the loosely-organized band of hacker activists and vigilantes, has chosen its next victim: The government of Tunisia. (They’ve taken down its official website.) Why? In part, because it tried to block access to secret-sharing website Wikileaks.
Gawker: 3 Jan 2011

By 10 Jan, elements within Anonymous had begun to provide support to Tunisians who might be under threat from a repressive government:

In an effort to support a restriction-free Internet in Tunisia, members of Anonymous have gathered to promote links to what they’re calling a care package for Tunisian protestors. In it, they have included how-to guides for a number of things including homemade gas masks. In addition, they are circulating information on TOR usage, links to Tunisian proxies, instructions for LiveCD usage, and a book titled Bypassing Internet Censorship.
The Tech Herald: 10 Jan 2011

So the question is this: are the members of Anonymous freedom fighters or cyberterrorists?

Yesterday, the UK Metropolitan Police announced that five people had been arrested:

The arrests are in relation to recent and ongoing ‘distributed denial of service’ attacks (DDoS) by an online group calling themselves ‘Anonymous’.

They are part of an ongoing MPS investigation in to Anonymous which began last year following criminal allegations of DDoS attacks by the group against several companies.

This investigation is being carried out in conjunction with international law enforcement agencies in Europe and the US.

But are these people heroes for defending the freedom of the press in repressive states like Zimbabwe and Tunisia, or are they cyber-terrorists for attacking companies like MasterCard and Visa?

Claire Sellick, Event Director for Infosecurity Europe, has no doubts. “Whilst the Anonymous group has received a lot of positive attention, most recently in the toppling of the government in Tunisia, the reality of a DDoS attack on a commercial organisation is that it paralyses that firm’s Web site and, in many cases, costs them money – both directly and indirectly,” she said.

“And whilst those staging the DDoS attacks may feel they are carrying out their acts of cybervandalism with good intentions, the reality is that a team of IT professionals has to sort out the mess behind the scenes,” she added.

I am not at all so certain. I am not willing to say that I will do whatever ‘the Law’ tells me to do just because it tells me to do it. Recent European history demonstrates that there is no objectivity to this approach. The same people who were doing what they had to do by virtue of their national law, were later executed as war criminals. The judgment over what is ‘right’ is a personal one; and I insist on the right – even duty – to ignore the law if it is morally repugnant to me.

So, was Anonymous right in attacking MasterCard, Visa and PayPal? Frankly, I don’t know. But MasterCard, Visa and PayPal were most definitely wrong to withdraw their services from WikiLeaks.

Categories: All, Politics

You cut off the head to kill the snake – the threat to Julian Assange

January 27, 2011 2 comments

If there is one journalist I trust above all others, it is John Pilger. If there is one journalist in whom I believe above all others, it is John Pilger. So when he writes:

In recent weeks, the US Justice Department has established a secret grand jury just across the river from Washington in the eastern district of the state of Virginia. The object is to indict Julian Assange under a discredited espionage act used to arrest peace activists during the first world war, or one of the “war on terror” conspiracy statutes that have degraded American justice. Judicial experts describe the jury as a “deliberate set up”, pointing out that this corner of Virginia is home to the employees and families of the Pentagon, CIA, Department of Homeland Security and other pillars of American power.

then I start to get worried. This is not some tabloid guttersnipe journo seeking to gain reputation through sensationalism. This is John Pilger. So believe it. And be worried.

Crushing individuals like Julian Assange and Bradley Manning is not difficult for a great power, however craven. The point is, we should not allow it to happen, which means those of us meant to keep the record straight should not collaborate in any way. Transparency and information, to paraphrase Thomas Jefferson, are the “currency” of democratic freedom. “Every news organisation,” a leading American constitutional lawyer told me, “should recognise that Julian Assange is one of them, and that his prosecution will have a huge and chilling effect on journalism”.

Read the full article and weep for the world we believe in. It doesn’t exist. It probably never existed. But that doesn’t mean we should ever cease fighting for it.

The war on WikiLeaks: A John Pilger investigation and interview with Julian Assange

Categories: All, Politics

Big Government that knows what we want, even though we haven’t realised it, and insists…

January 27, 2011 Leave a comment

It is one of those sad facts that the parliamentarian in opposition accepts and even revels in being a servant of the people; but the same parliamentarian in government suddenly considers himself a master of those very same people.

So it has proven with the UK’s Coalition Government. The Big Society only exists when society agrees with our masters. Otherwise government reverts to the Big Government that knows what we want, even though we haven’t realised it, and insists that we have it for our own good.

Please click and sign...

Now, since starting this post, grown to 247101 signatures

So it is with our forests. Note that. Our forests. Not theirs. Ours. They want to sell our forests. We don’t want them to. They are not theirs to sell. They are ours. They belong to the people.

At the time of writing this, 246,959 people have signed the petition at Save Our Forests. That’s a hell of a lot of people who have found the petition and bothered to sign it.

The people have spoken. Back off. Cameron, Clegg, lose that arrogance and listen to the people you serve.

If you haven’t signed the petition yet, please do so now and Save Our Forests

Categories: All, Politics

If it looks like it, smells like it and tastes like it, make sure you don’t tread in it

January 25, 2011 Leave a comment

I had a Direct Message tweet from a friend and work colleague. It didn’t ring true – see for yourself:

suspect DM

If you get offered a free iPhone – run!

If anyone offers you a free iPhone, RUN!

But curiosity is a wonderful, if dangerous, thing. I had a look. First warning came from Bit.Ly. Multiple shortenings are things bad guys sometimes do to fool us:

Click for full size

Bit.Ly filters URLs that have been shortened more than once

But I persisted. I went there anyway (protected by NoScript) and asked both Web of Trust (WOT) and McAfee TrustedSource for their opinion. WOT was not very reassuring:

WOT score

Hmm. No, don't think I should go there...

And McAfee was positively damning:

mcafee warning

Further down the page, McAfee specifically warns of phishing activity

…specifically associating the website with phishing attempts. I’m sure glad I didn’t tread in it!

But what it does mean is that my friend and colleague has been hacked. And when I think about it, I know very little about Twitter hacks. So I asked Kaspersky’s Ram Herkanaidu to explain things to me.

click for full size

Ram Herkanaidu, security researcher at Kaspersky Lab

“This type of attack is nothing new,” he said. “The criminals know the potential of Twitter as an infection vector, and social networks in general are an increasingly effective way for cybercriminals to deliver malware. In this instance, the account used for spamming would have had its password stolen, and the victim will not know anything about it until the criminals starts using it.”

OK; but how do the criminals go about stealing Twitter credentials?

“This is typically done using malware; many spy or password stealing Trojans can get this information,” he explained. “There are also numerous offers on the black market for stolen Twitter accounts. Another way is to use Twitter’s trending topics. They monitor the latest buzz words and use that to get people to click on the links.  These lead to sites which host malware. A typical way is tell the user that they do not have the right codec (converter) to play a video. By clicking ‘Yes’ to install the codec it actually downloads the malware.”

In other words, apart from standard spyware, a common way to steal Twitter credentials is to use Twitter! So how do we defend ourselves. I asked Ram Herkanaidu for his top tips; and he said:

  • Don’t respond to trending topics especially if it has a short URL.
  • Use preview extension to see what the real URL is.
  • Pay special attention to any tweets coming with 2 or more trending topics in the body, since these are highly likely to be malicious.
  • Use a good Internet security suite.
  • Use ‘https’, i.e. an encrypted connection, to log in to Twitter.
  • Try to avoid logging in from open (not encrypted) WiFi networks.
  • Don’t log in from a public PC available at airports, Internet cafés and elsewhere.

Kaspersky

Categories: All, Security Issues

Fraud as a Service: a new industry for the 2010s

January 24, 2011 Leave a comment

The economic downturn is affecting everyone; there’s just not a lot money going around these days. So spare a thought for the criminal – with less money to steal, he has to work harder for his living.

Click for full size

Panda Security's report on the cybercrime black market

And that is certainly the conclusion to be drawn from Panda Security’s latest report: The Cyber-Crime Black Market: Uncovered. We have already seen in a previous post that complex viruses are being developed and used, probably to run interference for the trojans. By tying up the AV industry’s top engineers in locating, unravelling and disarming these viruses, the online criminals hope to keep the work of their data-stealing trojans operational over a longer period. But just consider the organizational skills that this requires: it’s an underground black market industry that mirrors the organisation of legitimate industry. Whatever you want, you can have: at the market price.

The report comes out of Panda’s decision to have a closer look at the internet’s black market, “to see what kind of services they are selling today,” explained technical director Luis Corrons. “We found that basically it is the same as what’s been going on for years – only now the service is more specialised, and the availability more widespread. In the past they sold things like infection kits, spam services, stolen credit cards; and yes that is still available. But now the criminals are offering far more services. In the past you could buy a number of credit cards; and depending on the amount you buy, the price goes up or down.” This is still available said Corrons, “but now the criminals have started offering guarantees. OK, you can pay, say, $2 for a credit card; but if you want access to a bank account with a certain amount of money guaranteed, you pay more – and you can have that. You can even request bank accounts with more than $80,000 – but to get such credentials you’d have to pay $700.”

Apart from the guarantees, the whole process has become more integrated. “You can buy the credit card details which you can use,” he continued, “and then you can hire additional services so they will take care of and make all the money transfers for an additional fee. Or, let’s say you buy some luxury items with these stolen credit card details – such as a big LCD TV. Well you can’t have it sent straight to your house because obviously the police can track it. No problem. There are people offering to do this for you. You want to buy this – we’ll do it for you, and take care of sending it to your house.”

From the comfort of an office or bedroom, with a single computer and spurred on by the lack of international legislation or cooperation between countries to facilitate investigations and arrests, cyber-criminals have been making a lucrative living from these activities.

Corrons even described a site in Russia that offers to provide you with anything you want for just 20% of the usual cost. How? Well FAQs on the site explain that they will use stolen credit cards to buy primarily from US online stores, and let you have the goods for 20% of the cost – which they take from you for their fee. This Russian site only supplies Russian residents, but is indicative of how the black market is evolving.

Typical services and prices from the new industry: Fraud as a
Service
Products Price
Credit card details From $2-$90
Physical credit cards From $190 + cost of details
Card cloners From $200-$1000
Fake ATMs Up to $35,000
Bank credentials From $80 to 700$ (with guaranteed
balance)
Bank transfers and cashing
checks
From 10 to 40% of the total $10
for simple account without guaranteed balance
Online stores and pay
platforms
From $80-$1500 with guaranteed
balance
Design and publishing of fake
online stores
According to the project (not
specified)
Purchase and forwarding of
products
From $30-$300 (depending on the
project)
Spam rental From $15
SMTP rental From $20 to $40 for three
months
VPN rental $20 for three months

Clearly, there is so much money to be made from these activities, even in difficult times, that what Panda is describing is the beginning of a new industry: cloud-based Fraud as a Service.

Panda
Report

“In the last two years, we have seen a growing number of new viruses…” Panda’s Luis Corrons explains

January 20, 2011 Leave a comment

Differentiating between one type of malware and another is neither easy nor, ultimately, particularly useful. Nevertheless, there is a temptation to say that the purpose of a virus is to attack and probably harm the target, while the purpose of a Trojan is to steal from the target. In other words, a virus is a weapon and a Trojan is a tool.

Panda malware 2005

New malware in 2005

The very nature of cybercrime is changing: it is evolving from the indiscriminate carnage wreaked by earlier viruses, into an organised criminal business. It is little wonder then, that by 2005, the number of new viruses (weapons) was being dwarfed by the number of new Trojans (business tools). Figures from Panda’s new report, The Cyber-Crime Black Market: Uncovered (of which more in a later post) show that the generation of new viruses was so small that it had to be included in the ‘other malware’ category. Trojans, however, accounted for nearly half (49%) of all new malware.

Luis Corrons, PandaLabs’ technical director, told me that the latest figures show an even greater dominance of new Trojans, so that by 2010 Trojans account for just about 56% of all new malware. Again, this is not surprising. Trojans are the tool by which cybercriminals extort, steal and fraudulently obtain their income. The surprise, however, is that the virus is showing signs of a recovery: no longer lost within the 10% of other malware, during 2010 it accounted for more than 22% of all new malware.

click for full size

New malware in 2101

Why? Why should an uneconomic attack weapon resurface when logic would suggest it continue to decline. I asked Luis Corrons to explain.

“We used to get a lot of viruses in the past; and then everything became Trojans and worms, and there were only a few new viruses,” he said. “But in the last 2 years we have seen a growing number of new viruses appearing; not necessarily many different ones, but many new variants of the same ones.”

The cause remains a mystery. “We often ask ourselves, why should this happen?” His answer is a bit surprising. “The virus is, for us, a really painful process; even though as an industry it’s where we come from. A virus is far more complex to detect than any other threat, such as a Trojan or a worm. In the final analysis,” he continued, “with a Trojan or a worm, the whole file is malicious.”

Viruses are different. “The virus embeds itself into good files, making detection considerably more tricky. But the bottom line for us isn’t just detection; it’s disinfection. And we have to remove every trace of the virus from the file, returning it to a clean state similar to its condition before the infection. This takes a lot of time and is something that we cannot completely automate. So it involves high level engineers spending a lot of time on the problem.”

Luis Corrons, PandaLabs

Luis Corrons, technical director, PandaLabs

In short, Corrons is explaining that a disproportionate amount of time and expertise has to be spent on anti-virus rather than anti-Trojan activities. But here’s the anomaly. “Some of the new viruses we are seeing these days are really, really complex and could only be written be very skilled people. But most of these viruses don’t have any Trojan content, so financial gain is not a motivation.”

So, what is the motivation?

“Our guess,” he suggests, “although we don’t have any hard proof of this, is that the trojan criminals are also engaged in the creation of these high level computer viruses so that it takes a lot of our time and resources to prevent us focusing on their real business: Trojans and financial theft. We’ve tried to find a better explanation, but we really cannot.”

And that’s a bit worrying. It suggests that the criminal gangs are more organised, better resourced, and more determined than I for one had realised.

Categories: All, Security Issues

iPhone and iPad versus Atrix and Dock – the battle for the pocket

January 20, 2011 Leave a comment
Karen Kiffney

Karen Kiffney: Senior Manager, Product Marketing, RSA

While researching a major new analysis of the market for biometric authentication on smartphones (due to be published by Goode Intelligence next month), I spoke to Karen Kiffney, Senior Manager, Product Marketing with RSA. One comment really struck me. “I think that when it launched the iPhone,” she said, “[Apple] wasn’t really aiming it at the corporate market – it was primarily for personal use. So now that it’s being adopted for business, Apple has some catch-up to do: and I’m not sure it really knows yet exactly what it should be doing.”

This would explain an apparent anomaly. The history of computing has been one of expanding power and reducing size, until we now have the computer-in-the-hand known as the smartphone. But the iPad came after the iPhone and reverses this trend – computers are getting bigger again. Unless Apple got it wrong (heaven forfend!). The iPhone was never intended to be a tiny computer; it was always just a fancy phone. The tiny computer was always intended to be the iPad.

So what will the business adoption of the iPhone do to sales of the iPad?

Well, the iPad is selling very well, thank you very much. In the quarter ending 25 December 2010, Apple sold 7.33 million iPads. But in the same quarter, it sold more than double that number of iPhones: 16.24 million (hat tip to Guidance Software for pointing out these figures for me).

But will a businessman buy both, or choose one over the other? Will the attraction of the ultimate in portability (a fully functional computer that slips into your pocket or handbag rather than a larger device that needs some form of briefcase) benefit the phone? And, one has to ask, is Karen Kiffney right: Apple doesn’t really know what it should be doing, and has ended up caught between a computer that is the ultimate in portability but is difficult to use and one that is easier to use but less portable?

motorola atrix

Motorola Atrix Laptop Dock

Confusion is another name for opportunity. So will this confusion allow competitors to step up? One very interesting new development is Motorola’s new Atrix 4G smartphone with its separate Laptop Dock. The dock is just a keyboard and screen. All of the computing power comes from the Atrix phone that plugs into the laptop dock: so it combines the portability of the smartphone with the ease of the tablet. I can see companies buying their staff one phone and two docks: a dock for the office and a dock for the home and a phone for the travel. And, since it runs the more open Android software rather than the anal iOS, there is far greater potential for a wider range of software.

I think we’re in for exciting times. The battle for the desktop will continue; but now we also have the battle for the pocket. And it’s only just beginning.

Categories: All

Kaspersky warns about shortened URLs and Rogueware

January 6, 2011 Leave a comment

Kaspersky has released its latest report: December’s malware activity. It draws particular attention to “cybercriminals turning to shortened URLs as a means to direct users to infected websites,” often with the intent to download Rogueware.

In December, the top trends on Twitter’s main page included a number of entries with links that had been shortened and which, after several redirects, eventually led to infected websites.

You will forgive me if I say quite bluntly that there is no excuse for being caught by this. Just use or switch to Firefox for your browser, and install the NoScript add-on. Firefox can provide a lot of protection by itself. NoScript will stop malware loading from infected websites. So even if you go somewhere you shouldn’t, you’ll still be protected.

See my discussion with Kaspersky’s David Emm for details on Rogueware’s more serious brother: Ransomware: Kaspersky’s David Emm explains the threat to small business and home users; and see my interview with the developer of NoScript for further details on the protection it offers: NoScript and hijacked trustworthy websites (such as TechCrunch and SongLyrics).

Kaspersky

Kaspersky has released its latest report: December’s malware

activity. It draws particular attention to “cybercriminals

turning to shortened URLs as a means to direct users to

infected websites,” often with the intent to get you to

download Rogueware.

In December, the top trends on Twitter’s main page included a

number of entries with links that had been shortened and

which, after several redirects, eventually led to infected

websites.

You will forgive me if I say quite bluntly that there is no

excuse for being caught by this. Just use or switch to Firefox

for your browser, and install the NoScript add-on. Firefox can

provide a lot of protection by itself. NoScript will stop

malware loading from infected websites. So even if you go

somewhere you shouldn’t, you’ll still be protected.

See my discussion with Kaspersky’s David Emm for details on

Rogueware’s more serious brother: Ransomware: Kaspersky’s

David Emm explains the threat to small business and home users

https://kevtownsend.wordpress.com/2010/12/05/ransomware-kasper

skys-david-emm-explains-the-threat-to-small-business-and-home-

users/ ; and see my interview with the developer of NoScript

for further details on the protection it offers: NoScript and

hijacked trustworthy websites (such as TechCrunch and

SongLyrics)

https://kevtownsend.wordpress.com/2010/09/23/noscript-and-hija

cked-trustworthy-websites-such-as-techcrunch-and-songlyrics/

Categories: All, Security Issues
Follow

Get every new post delivered to your Inbox.

Join 127 other followers