STE WILLIAMS

Just a few weeks after the US government effectively conceded defeat in its efforts to force tech companies to introduce backdoors into their software, the issue is being pulled back onto the table.

Both FBI director James Comey and deputy CTO Ed Felten have reopened discussions: Comey stating that tech companies like Apple and Google should simply stop offering end-to-end encryption; Felten asking for people to send in their comments on this “critical conversation.”

The moves follow a number of responses from politicians after gun attacks in Paris and California, including President Obama, Hillary Clinton, and Manhattan District Attorney Cyrus Vance.

Despite there being no evidence as yet that encryption had a role to play in the shootings, public concern over both has led for calls to limit the degree of privacy afforded all users of mobile phones.

Law enforcement officials have been quite blunt in requesting access to companies’ encryption systems.

“It’s not a technical issue,” Comey told the Senate Judiciary Committee this week. “There are plenty of companies today that provide secure services to their customers and still comply with court orders. There are plenty of folks who make good phones and are able to unlock them in response to a court order. In fact, the makers of phones that today can’t be unlocked, a year ago they could be unlocked.”

Magical

But the introduction of backdoors is something that the tech industry has persistently pointed out requires a level of “magical thinking,” since any hole in an encryption system makes it inherently insecure.

Meanwhile, politicians have sought to avoid technical realities in their calls for access to people’s data by simply talking about how tech companies are the “best and most creative in the world” and imploring them to come up with some as-yet unknown system that allows data to be provided to the “right” people.

All this is some way from the tenor of discussions just a few weeks ago, when President Obama stated that the White House would not be seeking legislation to force companies to introduce backdoors. Tech companies made it quite plain they were determined to provide full end-to-end encryption, and even the FBI’s general counsel admitted that the backdoor envisioned by the federal agency may be “scientifically and mathematically not possible.”

The lead proponent for breaking end-to-end encryption, FBI head Comey, was also the person who kicked off the debate in October last year. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law,” he argued at the time, earning the ire of Apple and Google, among others.

No back door

This week, Comey said that “the government doesn’t want a back door,” but it still wants some way to get a hold of data held primarily on phones. He told the Senate Judiciary Committee: “The government hopes to get to a place where if a judge issues an order, the company figures out how to supply that information to the judge and figures out on its own what would be the best way to do that.”

The same argument was put forward by Felton, who referenced a national address by the President over how the US government would handle the Islamic State.

“This conversation about encryption is also part of a broader conversation about what we, as a nation, can do to fight terrorism as it evolves online,” reads Felton’s plea. “That is why, in his address to the nation on Sunday, the President reiterated the Administration’s call for America’s technology community and law enforcement and counter-terrorism officials to work together to fight terrorism.”

Meanwhile, Comey used an example of a shooting in Texas back in May to explain why not having access was a problem. There were 109 text messages on one of the attacker’s phones that the FBI was not able to access, he noted, claiming that they were exchanged “with an overseas terrorist.”

All of this is clearly an effort to pressure tech companies to backtrack on the end-to-end encryption that is offered in the latest operating systems before it becomes an accepted norm.

Having ruled out legislation, the White House and FBI are putting pressure on the tech companies to backtrack and are using Congressional hearings and the pretext of wanting to “hear from you on encryption” to move the needle.

Let’s see

So far there has been no public comment from the tech companies in response to this second wave of pressure, although many privacy advocates remain steadfast in their opposition to any system that would allow ready access to private communications.

It is worth noting that Google, Apple, Facebook, et al decided to introduce end-to-end encryption for their customers and on their own networks in response to revelations by Edward Snowden that the US security services were taping everyone’s communications, including the tech companies’ own data centers.

It is also worth noting that despite the recent shootings in Paris and California being used as an argument for why full encryption should not be allowed, there remains no evidence that encryption played a part in those attacks and the information that has come out about their communications – so far, at least – showed that it was carried out in the open. ®

Sponsored:
Improve app performance in the hybrid enterprise

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/10/us_government_pushing_encryption_bypass/

Spy Banker spreading through Brazil via malicious links posted on social networks.

The Spy Banker Trojan is spreading through Brazil through the help of Google and Facebook, according to researchers at ZScaler ThreatLabZ.

Attackers host the Spy Banker downloader on Google Cloud servers. The downloader, in turn, installs the payload Spy Banker Trojan Telax.

Victims are infected by drive-by download or led to it via links (shortened with the bit.ly URL shortener) posted on social networking sites — 99 percent of the unsuspecting victims who clicked the link came through Facebook. The links claim to be for coupons or free software, including security software like Avast! anti-virus.

The Trojan has some stealthy capabilities. To stay out of the hands of security pros, one of the first things it does is check a machine for the presence of a virtual environment. It collects information about the anti-virus software running on the host machine and sends it back to the command-and-control server. It also contains both a 32-bit rookit and 64-bit rookit component.

This is not the first time Google is being used by attackers. In July, researchers discovered a phishing campaign that hosted malicious sites on Google Drive, and lured via phishing messages sent through Gmail. 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad … View Full Bio

Article source: http://www.darkreading.com/attacks-breaches/spy-banker-trojan-being-hosted-on-google-cloud/d/d-id/1323517?_mc=RSS_DR_EDT

A pledge of allegiance to the Islamic State (IS) – otherwise known as Daesh – that might have been posted to Facebook by suspected terrorist Tashfeen Malik has prompted US lawmakers to revive a bill that would require technology companies such as Facebook and Twitter to report suspected online terror activity.

Sen. Dianne Feinstein, a Democrat from California, is sponsoring the legislation along with Sen. Richard Burr, a Republican from North Carolina.

From her statement:

We’re in a new age where terrorist groups like [Islamic State of Iraq and the Levant, or ISIL] are using social media to reinvent how they recruit and plot attacks.

That information can be the key to identifying and stopping terrorist recruitment or a terrorist attack, but we need help from technology companies.

Feinstein said that under the legislation, companies wouldn’t have to go out of their way to uncover terrorist activity. But if they do happen upon it, they’d be required to report it to law enforcement.

The bill, known as the “Requiring Reporting of Online Terrorist Activity Act,” was shelved almost three months ago after its sponsors had a dispute with Sen. Ron Wyden, an Oregon Democrat.

Wyden placed a procedural hold on the legislation, saying it would “create a Facebook Bureau of Investigations.”

He still doesn’t like it.

From Wyden’s statement on the reintroduced bill:

It would create a perverse incentive for companies to avoid looking for terrorist content on their own networks, because if they saw something and failed to report it they would be breaking the law, but if they stuck their heads in the sand and avoided looking for terrorist content they would be absolved of responsibility.

Wyden cited testimony from FBI Director James Comey that social media companies are already “pretty good about telling us what they see.”

Social media companies must continue to do everything they can to “quickly remove terrorist content and report it to law enforcement,” Wyden said.

The editorial board at the Los Angeles Times, for one, joined Wyden in pointing out the bill’s shortcomings, including:

• There’s too much to catch. Facebook missed many of Malik’s posts, even though those posts alarmed her family back in Pakistan. Security analysts say that’s par for the course, given an internet that’s “awash” in terrorist recruiting and training materials that don’t get taken down.
• The bill doesn’t define terrorist activity.
• Tech workers aren’t trained to identify terrorist material or the people who should be scrutinized. As the LA Times board wrote, “…unlike child porn, there is no central database of images, videos and texts that could help identify terrorism-related activity online.”

Meanwhile, Google’s top guy is hoping to seek out and squash radical content as if it were a bunch of typos.

In an opinion piece for the New York Times, Google Executive Chairman Eric Schmidt on Monday proposed a “hate spell-checker” to suppress radical and terrorist content:

We should build tools to help de-escalate tensions on social media – sort of like spell-checkers, but for hate and harassment. 

Schmidt also wants online properties to target terrorist groups and remove their propaganda before it spreads:

We should target social accounts for terrorist groups like the Islamic State, and remove videos before they spread, or help those countering terrorist messages to find their voice.

But if silencing terrorists were an effective way to infiltrate their operations or to uncover and subvert their planned attacks, the government might as well just fund Anonymous-affiliated activists and thus start Rickrolling Daesh supporters.

The response of intelligence agencies to that scheme, which involved Anonymous retaliating against Daesh for the Paris attacks by taking down thousands of accounts and launching Rick Astley’s “Never Gonna Give You Up” at them, can be summed up in one word: counterproductive.

One of the security groups that rely on Daesh’s social media presence to infiltrate and monitor jihadist accounts and forums is Ghost Security Group, known as GhostSec.

Like Anonymous with its denial-of-service (DoS) attacks, and like Schmidt’s proposed “hate spell checker” and content removal, GhostSec takes down terrorist sites.

But it does so with far more discretion, aiming primarily for recruitment sites.

More importantly, GhostSec also reaps intelligence from Daesh accounts, including plans for major terrorist attacks and bomb-making instructions, that it passes on to US intelligence agencies, such as the FBI.

This, not Rickrolling or DoS, is the type of counter-terrorism cyber work that’s productive.

For example, GhostSec once passed information through a third party to the FBI that reportedly disrupted a suspected Daesh-linked cell in Tunisia as militants plotted a 4 July repeat of the Sousse beach massacre.

GhostSec pulled it off with a mixture of Twitter tracking and geolocation via Google Maps.

Once a site is trashed, its intelligence is unrecoverable, GhostSec has said.

In fact, Anonymous has taken down sites that the group could have otherwise mined for intelligence.

Just as the Requiring Reporting of Online Terrorist Activity Act has risen once again, so too has this vital question: How do you intercept intelligence once it’s been wiped offline?

Follow @NakedSecurity

Follow @LisaVaas

Image of Masked terrorist behind computer courtesy of Shutterstock.com

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/w9kh9KielLI/

Lots of us do it.

We know there’s an update available, and we know perfectly well that it serves a vital security purpose…

…so we promise ourselves we’ll install it Really Soon Now, perhaps even tomorrow.

And before we know it, it’s the end of next month, and we’re still putting off the download, or we still haven’t found a convenient time to reboot our laptop, and now we’re two updates behind.

Putting off updates is a bit like noticing that your driving licence just expired and figuring, “It’s only a couple of days over – I’ll stop at the Traffic Department on the way home and renew it.”

You’ll probably get away with it, just like you did last time, but there’s a lot that could go wrong, so you’re not really doing yourself, or anyone else, any favours.

We accept that it’s tempting to wait and see how everyone else gets along with a new update first, instead of being an early adopter.

But if everyone took that approach, we’d all be waiting for everyone else, and the crooks would be rubbing their hands together.

Remember: a brand new security update might cause you a problem, but show-stopping bugs in updates are actually rather rare these days.

On the other hand, an unpatched zero-day security vulnerability will leave your computer open to the crooks, and they will take advantage if they can.

Patch early, patch often!

LEARN MORE

Learn more about patching, and why security updates are important, in this Sophos Techknow podcast.

(Audio player above not working? Download MP3 or listen on Soundcloud.)

Follow @NakedSecurity

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ZMZGZCOHICg/

November’s high-profile Java deserialisation bug has bitten Cisco, with the company announcing vulnerabilities across the board in its huge product line.

The problem is so pervasive that it reaches into the most trivial activities of the sysadmin, such as serial number assessment services.

The original advisory made by FoxGlove Security focussed on the Apache Commons Collections (ACCs), but a few days ago, SourceClear warned that it appeared in a lot more libraries than originally believed.

Cisco agrees: in its advisory, it notes that “Any application or application framework could be vulnerable if it uses the ACC library and deserializes arbitrary, user-supplied Java serialized data”.

Under investigation are products in its collaboration software, endpoint client software, network acceleration, network content and security, network management and provisioning, switching and routing (including various versions of IOS), unified computing, unified communications, video, telepresence and wireless products.

Cisco’s cloud services are also getting the hard eye to see if the ACC bug affects them.

We’ve included below Cisco’s table of products so far confirmed vulnerable.

The Borg says it is now working on software updates. ®

Vulnerable products so far

Sponsored:
Go beyond APM with real-time IT operations analytics

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/10/cisco_java_deserialisation_bug/

Security researchers have uncovered a seven year-long malware campaign against Latin America.

Citizen Lab found that journalists, activists, politicians, and public figures in Argentina, Ecuador, Brazil and Venezuela have been targeted by a large-scale hacking campaign since 2008.

The campaign, dubbed Packrat, uses bogus websites and social media accounts for fake opposition groups and news organisations in order to distribute malware and conduct phishing attacks.

The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes. These countries are linked by a trade agreement as well as a cooperation on a range of non-financial matters.

Citizen Lab, an interdisciplinary lab focused on global security, partnered with security tools firm AlienVault in running the security research project.

The security researchers caught the scent of the Packrat attackers in Ecuador this year before tracing their nefarious activities back to attempts to compromise the devices of Alberto Nisman, an Argentine prosecutor known for doggedly probing a 1994 Buenos Aires bombing, and investigative journalist Jorge Lanata in Argentina last year. Further work revealed a pattern of systematic electronic spying dating back to 2007.

The researchers reckon Packrat is likely “sponsored by a state actor or actors, given their apparent lack of concern about discovery, their targets, and their persistence” without naming a likely culprit.

The long arm of Uncle Sam and the NSA would seem to be the most likely explanation but other scenarios are, perhaps, possible. ®

Sponsored:
Go beyond APM with real-time IT operations analytics

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/10/packrat_spying_latin_america/

WordPress hosting outfit WP Engine has confessed to a security breach, prompting it to reset 30,000 customers’ passwords.

“At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials,” it said in a statement yesterday.

“Out of an abundance of caution, we are proactively taking security measures across our entire customer base,” it added.

It said there was no evidence that the information was used inappropriately, but as a precaution it was invalidating passwords associated with the WP Engine account.

Apparently the company’s “best-in-class” technology is used across 120 countries.

WP Engine said its investigation was “ongoing” and that it would update customers as soon as its security team learns more.

Security firm Trend Micro has also warned that The Independent newspaper’s WordPress-based blog section has been compromised. ®

Sponsored:
Go beyond APM with real-time IT operations analytics

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/10/wordpress_hosting_biz_confesses_to_hack/

Even a hacker with the noblest intentions can run afoul of the law by not following six important do’s and don’ts.

So, you’re a young, idealistic hacker-type and thinking of starting a new business, routinely lauded for your skill in hacking computers, and usurping the most onerous technical controls. Why not follow your natural talents to develop a “killer app” that could be used as an offensive weapon in the world of security attacks? 

In August, six teenagers in the United Kingdom were arrested for utilizing Lizard Stresser, the for-hire hacking tool offered by the infamous meme group Lizard Squad, which launched a business in “booters,” or stress tools like Lizard Stresser. The price for DDoS is really cheap. For instance, a $2.99 payment via PayPal or Bitcoin would buy an attack for 100 seconds a month, while $69.99 gets 30,000 seconds (more than eight hours) of a Distributed Denial of Service takedown. There’s even an option for bulk-buy discounts, enabling you to save nearly $40 by purchasing a 30,000 second attack for five years.

Using the Lizard Squad as an indicator, you might think that there may actually be a future in developing businesses aimed at weaponizing the Internet and selling it as a service. Let’s explore what Lizard Squad is actually doing and look at some of the complications to their approach.

3 Don’ts

Don’t #1:  Advertise as a weapon, not a self-defense tool.
“Stresser” sites typically offer users the ability to pay for DDoS attacks against a target, and these sites promise to try to disguise the nature of the attack with the fig leaf of being legitimate load testing sites. That wasn’t so much the case with Lizard Stresser, as the botnet-for-hire was purportedly used by its subscribing members during the Christmas week for DDoS attacks on Microsoft’s Xbox Live network and Sony’s PlayStation Network as a form of advertising for the new service.

For bona fide, fine-standing businesses, the goal should be to provide a product or service that contributes to society. Even gun manufacturers and defense contractors have stated goals of providing for defensive uses and intentions.  If your product or service is designed for offensive uses, then one could argue that the business does not have a legitimate purpose and/or isn’t a business at all, but rather a weapon.   

Don’t #2:  Knowingly contribute to an illegal attack
Companies that knowingly contribute to illegal cyberattacks leave the business of selling a tool or service and enter the world of being a criminal accomplice. Many companies are not seeking to understand or prevent attacks that are wantonly illegal. Instead they attempt to indemnify themselves through End User License Agreements (EULAs) and other such contractual instruments – a slippery slope.    .

Don’t #3:  Register your business in lawless or uncooperative domiciles
If you really want to provide a reputable tool or service, then it will serve that many or most will want your business to operate within jurisdictions with well-established laws and regulations that is known to welcome adjudication of accused perpetrators.

3 Must Dos

Do #1:  Be a solution, not the problem
Real businesses strive to solve a problem. Weapons are designed to cause harm. Many businesses that make technology that can be weaponized often install “kill switch” features or other detection technologies to help law enforcement if the tool is used for malicious purposes.

Organizations uninterested in contributing to the solution eschew such control features and don’t concern themselves with the motives of the tools’ users.

Do #2:  Be transparent about customers and targets
Transparency is key is defending your intentions as a business. Who are your customers, what technology are you using, what approaches you are taking? If the technology is unique and valuable to you, then it should be protected by copyrights, trademarks and patents. If not, then no need to be cloaked in secrecy.

Realistically, things have not gone that well for Lizard Squad since the launch of LizardStresser. There have been numerous reports that the LizardStresser server itself was hacked, and its database was dumped and posted to known sites in a similar fashion to the Ashley Madison hack.

Usernames and passwords of nearly 13,000 Lizard Squad “customers,” along with logs of the Internet addresses that had been attacked by the router botnet, were laid bare for all to see. Police in the UK are now visiting over 50 addresses of registered LizardStresser users and aim to deter others from carrying out similar cybercrimes in the future.

Do #3:  Contribute to the security testing community by sharing information
Great cybersecurity means being able to react to fast-moving changes to the threat landscape, and vendors have a role in assisting the community at large. Numerous governments have been trying to rally the security vendor community into a collection of trusted information providers.

Even if a hacker has noble intentions, when cybercrime pops up in the news, it’s often portrayed in a negative light. If you keep in mind that the business you are in needs to traverse “squeaky clean” processes and procedures, you can successfully navigate the business of security and the ire of those who would object to the ethics of your decision in order to start the business.    

Best of luck for those of you interested in contributing to the body of security knowledge with a great and legal new business!

Carl is an IT security expert and currently manages Radware’s security practice in the Americas. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical … View Full Bio

Article source: http://www.darkreading.com/attacks-breaches/the-lizard-squad-cyber-weapon-or-business/a/d-id/1323505?_mc=RSS_DR_EDT

A bank industry group in Singapore is warning customers about malware hitting Android phones that can steal credit card numbers and other customer details for fraudulent purchases.

The malware also has the ability to intercept incoming SMS text messages, which allows cybercrooks to steal the one-time passwords (OTPs) often sent by banks as a form of two-factor authentication when making a transaction.

The malware sends the eavesdropped OTPs to a command-and-control (CC) server operated by the criminals.

The Association of Banks in Singapore (ABS) said its member banks have reported several incidents of Android banking malware infections over the past few months, affecting some of the 2.4 million mobile banking customers in Singapore.

There are different variations of the scam, which affects users who have been tricked into installing a malicious app.

According to ABS, banks have reported the malware disguising itself as a system update for Samsung devices.

SophosLabs has seen variations of this malware, disguised as Adobe Flash Player for Android. (The malware is identified by Sophos products as Andr/InfoStl-AZ and Andr/InfoStl-BM.)

If you download the malware, it repeatedly asks for Device Administrator privileges in the hope that you will eventually relent, and click [Accept].

This is a trick designed to make the malware harder to remove than a regular app.

Once it’s active, the malware pops up bogus requests for bank and credit card account credentials, supposedly in order to install application or device “updates.”

One of the malicious pop-ups claims to be from WhatsApp, a popular mobile messenger with over 900 million users worldwide (including 72% of mobile internet users in Singapore, according to Statista), giving good odds that potential victims will have WhatsApp installed on their devices.

The pop-up asks for “billing information” to extend your WhatsApp subscription, like this:

Add or update your billing information to extend your WhatsApp subscriptions (0.99$/year) automatically.

This kind of social engineering is similar to other types of phishing scam, according to SophosLabs researcher Ferenc László Nagy:

It seems like it works similarly to phishing pages.

When it detects that a targeted banking application is launched (e.g. for Commonwealth Bank of Australia or National Australia Bank) is started, the malware presents a fake login screen.

SophosLabs analysis also shows that the app targets Google Play and Play Music as well, by popping up a bogus request for payment details.

To buy time once you have triggered a banking transaction, the malware pops up a fake system update message in the hope you will wait long enough for the crooks to grab and misuse the OTP sent back by your bank.

Mobile banking is increasingly popular, with mobile apps widely available from banks around the world, making it a lucrative target.

Ong-Ang Ai Boon, director of ABS, offered some sound advice:

ABS would like to remind mobile banking customers that smartphones are as susceptible to malware as desktop computers or laptops. Consumers are reminded to download applications only from trusted sources. As cybercriminals’ mode of operations and the malware are constantly evolving, visit your bank’s website for more information, latest updates and malware signs to watch out for.

Although this particular variation of Android banking malware is a recent addition to the cybercriminals’ arsenal, SMS stealers aren’t new.

SophosLabs has seen malware of this sort targeting mobile devices going back to 2011, when the Zeus/Zbot crimeware kit began infecting Android, Symbian, Windows Mobile and BlackBerry devices.

Mobile security tips and tools

• Follow these tips for safer online banking
• Check out our tips to keep crooks out of your mobile device
• Learn about the history of mobile malware
• Find out how to clean up and remove bad apps using Android Safe Mode
• Install a mobile security product (Sophos has a free security product for Android).

Follow @NakedSecurity

Follow @JohnZorabedian

Image of flying money courtesy of Shutterstock.com.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/m_LQw_OT7JE/

A 48-year-old man from South Wales was jailed in June for planting child abuse images on the computers of other men and then extorting a total of £40,000 from them.

The reason we’re only hearing now about Lee Phillip Rees, of Roath, Cardiff, who was sentenced to 9 years in jail, was that South Wales police have been sharing intelligence with other forces: a combined effort that’s resulted in numerous busts of the pedophiles Rees was preying upon.

The investigations have been conducted worldwide: throughout the UK, as well as in 118 countries. Interpol, Europol, and the Child Exploitation and Online Protection Centre (CEOP) have been involved in arrests.

Rees has been arrested multiple times in connection with pedophilia and this scam.

According to the BBC, in 2011, after Rees separated from his wife, she and her new partner found a file on Rees’ computer that they suspected contained indecent images, so they turned it over to police.

Rees would conduct pedophile hunts by posing as a teenage girl in chat rooms, presenting himself as bait.

After his victims contacted Rees, he’d share a video with them.

The video was rigged with a Remote Access Trojan (RAT). That enabled Rees to plant obscene images on their machines.

He’d capture screenshots before threatening to forward their personal details to local schools and the media.

He also maintained a website where he published his victims’ details, including conversations and images captured after he encouraged his targets to expose themselves via webcam.

Then, he’d tell the pedophiles that their details would come down only if they paid a “fine.”

He wasn’t after criminals’ preferred virtual currency, Bitcoin. Rather, he demanded payment in Amazon vouchers.

He’d extort his victims for £25 to £100 in exchange for having their details removed.

Police found about 400 payments and have been investigating more than 4500 of Rees’s Skype contacts.

Police were told that he’d “terrify the living daylights” out of his victims.

Police found that Rees not only bragged about his crimes, claiming to have made about £1200 in one month; he also encouraged other people to “pedo hunt”.

Rees didn’t just lure and extort pedophiles. He was one himself.

As the Register reports, Rees had already been placed on probation for possession of child abuse images back in 1989, when a psychiatric report found he had the psychiatric disorder of pedophilia.

Rees went on to blackmail a further victim while on bail in 2014, according to the South Wales Evening Post.

Rees pleaded guilty to 31 offences including blackmail, distributing indecent photographs of children and computer hacking between 2010 and 2014.

Some commenters have raised the question of whether, by planting images on victims’ systems, Rees actually made it impossible to convict the child predators?

Would such an act undermine any investigations already under way?

Larry Magid, writing for CNET back in 2009, did some good work on this issue.

At the time, an Associated Press investigation found cases in which innocent people had been branded as pedophiles after child porn was found on their systems that had actually been planted by a virus.

Good computer forensics can, in fact, determine whether someone deliberately downloaded images onto their own systems or whether thousands of images might have been planted because of a virus or misdirected site.

Michael Geraghty, executive director of the National Center for Missing Exploited Children Technology Services Division, at the time told CNET that a good investigator would look at whether the suspect was actually sitting at the computer at the time the images were downloaded.

For example, was he using the computer to send email or visit other sites at the time?

Magid quoted him:

There is always some type of trail we can follow to determine if the person were likely actively involved in the process of downloading the material.

Other indications include time lapse between image downloads. When a computer forensics expert analyzed the computer of the innocent person covered in the Associated Press investigation, for example, it was revealed that the sites were opened and images downloaded faster than humanly possible.

Other computer forensics experts say it’s possible to examine the cache to determine if something was opened or saved to a file.

More evidence still can be found in search history: if a system shows no searches for child abuse images, that doesn’t quite jibe with a large collection of images.

But even if the “somebody else – a virus, maybe! – put it there” claim is actually true and not just a feeble excuse of a defense, good computer forensics cost money, and lots of it.

Take the case of Michael Fiola, the innocent man from the AP story.

Fiola and his wife fought the case, spending a total of $250,000 on legal fees. They had to liquidate their savings, take on a second mortgage, and sell their car.

Forensics showed that his laptop was severely infected.

We’re not interested in giving out advice to keep pedophiles safe, obviously.

But we do care about all you innocents, who should treat this case as yet another, very good reason to keep your system updated and protected with good security software, to protect against malware such as that Rees employed as well all the other flavors of bad that are out there.

Follow @NakedSecurity

Follow @LisaVaas

Image of hooded man behind computer screen courtesy of Shutterstock.com

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/0ndTHdW9FY8/