STE WILLIAMS

Cybercrooks latched onto the release of Diablo III on Monday with a run of scams themed around the widely anticipated video game.

Blizzard’s games systems collapsed due to the higher than expected demand for the demon-slaying game, The Guardian reports.

The software company is attempting to stop pirates from nicking the new game by forcing wannabe warriors to log into its servers before they can start playing the role-playing game, even if they only want to try a single-player offline campaign.

This has created a bottleneck centered around log-in systems at Blizzard, which has struggled to service demand.

Technical glitches at Blizzard were an unexpected bonus for scammers, who have launched a raft of scams featuring the promotion of bogus crack and keygen sites. These fake sites might potentially be more attractive than they normally would be as gamers struggle to get their hands on legitimate content through regular channels.

Some of the scam sites that GFI Software has identified include supposed online key purchasing websites, that actually install dodgy software on the users’ PC. Other spammy Diablo 3-themed links collated by the security firm actually lead to unrelated flash games, spam linkdumps and a “donation experiment” where installs of the software on offer enter marks into a supposed prize draw giveaway. Other shenanigans on show include links to survey scams and YouTube videos offering “expert tips” on the hours-old video game.

These various scams are being promoted through the web at large and social media websites, including Facebook and Pinterest.

More details of these scams can be found in a blog post by GFI Software here.

Chris Boyd, senior threat researcher at GFI Software, and an expert in gaming security, told El Reg that the scams coinciding with the release of Diablo 3 are similar to those that have accompanied a succession of major gaming releases over recent months.

“Major releases have been an excellent target of scammers for some time now, from Fake AV [anti-virus] to SEO poisonings. There have been a number of scams targeting those stuck on Red Dead Redemption‘s treasure map hunts in 2010 and malware links posted to Twitter aimed at fans of Portal 2 in 2011. The most recent example of scammers looking to profit comes from Mass Effect 3, where scammers utilised surveys that promised an alternative ending to the game.”

More scams accompanying future high-profile video game releases are almost inevitable, Boyd warned.

“Diablo 3 is one of the most anticipated titles of the last few years and it’s only natural that dubious downloads are now in circulation. Games are now a huge draw for anybody looking to turn a fast profit,” he concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/15/diablo_3_scams/

Bitcoin exchange Bitcoinica remains offline following a hack against its systems last week that resulted in the theft of digital currency valued at approximately $90,000 (£56k).

The digital currency exchange took its servers offline on Friday following the discovery of a breach on Friday, as a statement on Bitcoinica’s website explains.

It is with much regret that we write to inform our users of a recent security breach at Bitcoinica. At approximately 1:00pm GMT, our live production servers were compromised by an attacker and they used this access to deplete our online wallet of 18547 BTC.

Follow-up reports on the Bitcointrader blog suggest that surfers visiting Bitcoinica were redirected to a porn site at the time of the hack, an odd tactic as cyber-theft would seem to have been the only motive for the assault, and since the tactic then drew attention to a deeper breach that might otherwise have gone undetected for longer. The redirection has been curtailed by the bitcoin exchange, but Bitcoinica’s services might not return to normal for some time, a follow-up Bitcointrader post suggests.

Bitcoinica said it was suspending its operations for an unspecified period while it runs an investigation into the breach, the second it has suffered over recent months. The exchange is keen to stress that the thief stole from the exchange itself rather than from accounts maintained by clients, stressing that all withdrawal requests would be honoured.

However Bitcoinica that its database was “likely compromised”, and that customers’ usernames, email addresses and account histories could be at risk. Such information might provide fodder for future phishing attacks.

Passwords and identifying documents were kept in encrypted files and ought to be safe. Even so, the exchange still advises users who have used their Bitcoinica password elsewhere on the web to change up their passwords as a precaution.

The latest assault follows a hack against Bitcoinica’s hosting firm that led to the theft of $225,000 (£149,200) worth of Bitcoins only two months ago. Earlier reports suggested $70K (£43k) had been swiped following a cyberheist against web host Linode, but these figures were later revised upwards.

The Bitcoin virtual currency also hit the news last week with the leak of an (unclassified) FBI internal report on the digital currency. The leaked memo (PDF) argues that that the digital currency is likely to become a payment option for cybercrooks alongside established virtual currencies in the digital underground such as Webmoney and e-Gold. Bitcoin’s decentralised nature poses increased challenges for investigators compared to other virtual currencies, it warns, adding that crooks are highly likely to target third-party Bitcoin services to raid individual Bitcoin wallets.

The coincidence in the timing of the Bitcoinica hack and the leak of the FBI memo of Bitcoin sparked a number of conspiracy theories speculating that the two events might somehow be linked.

Rob Rachwald, director of security strategy at Imperva, commented: “The Bitcoin attack introduces an interesting paradigm: hackers hacking hackers may be more effective than direct law enforcement activity. Like a mafia war where criminals kill each other, law enforcement just sits back and sees who’s left.”

More commentary on the attack can be found in a post on Sophos’s Naked Security blog here.

Bitcoinica members are discussing the attack on the bitcointalk.org Bitcoin forum here and here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/15/bitcoinica_hack/

Apple has released patches that defend users of its older Mac OS X 10.5 Leopard operating system against security threats.

Monday’s security fixes help defend Mac users stuck on the two-year-old operating system against assaults by the infamous Flashback Trojan. Users of the newer Snow Leopard (10.6) and Lion (10.7) operating systems received equivalent fixes last month.

Apple’s Leopard Flashback Removal Security Update is designed to clean up Macs running the legacy OS which are not yet running an anti-virus package. In addition, the security update disables Safari’s Java plugin by default.

Meanwhile Leopard Security Update 2012-003 disables older versions of Adobe Flash Player, encouraging users to get the latest version directly from Adobe’s website.

Both updates can be applied via the Software Update feature built into Mac OS X, but will only “take” if the latest version of that particular track of the operating system, Mac OS X Leopard version 10.5.8, has already been applied.

Apple is acting to prevent users of legacy versions of its operating system from harbouring the Flashback Trojan, which tarnished its reputation for security as a result. Such support is unlikely to continue indefinitely and likely to disappear entirely once Apple updates Mac OS X 10.7 Lion. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/15/mac_leopard_security_update/

A team of Russian developers is touting a technology it says can kill off BitTorrent-based P2P file sharing – and says it has attracted investment from Microsoft.

According to a story in Russia Beyond the Headlines, the technology developed by Andrei Klimenko, his brother Alexei, and Dmitry Shuvaev has attracted $US100,000 from Microsoft’s seed investment fund, and another $US34,000 from the Bortnik Fund.

The company they have founded, called Pirate Pay, also claims to have conducted successful proof-of-concept tests, blocking “50,000” downloads of the movie Vysotsky: Thanks go God I’m Alive in the month after its release.

What’s not clear, either from the original story or the TorrentFreak follow-up, is exactly how the technology works. From the hints dropped by Andrei Klimenko, Pirate Pay operates what is essentially a BitTorrent-specific, cloud-based denial of service.

“We used a number of servers to make a connection to each and every p2p client that distributed this film,” Klimenko says of the technology test. “Then Pirate Pay sent specific traffic to confuse these clients about the real I.P. addresses of other clients and to make them disconnect from each other.” (Emphasis added).

If El Reg’s understanding of the service is accurate, then it would live in a legal grey area. For example, this explanation from the Australian Federal Police makes it clear that Australian law regards any denial-of-service as illegal, but “for a matter to fall within the jurisdiction of Australian police” both the attacker and target have to be in Australia. Anything else would need to invoke international co-operation, and that would assume that the attacking computer was somewhere amenable to such co-operation.

However, what’s also clear at least under laws familiar to El Reg is that computer crimes legislation doesn’t distinguish between “good” and “evil” DoS. It defines any “impairment of electronic communication to or from a computer” as breaking the law. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/13/pirate_pay_dos_against_torrents/

Adobe backed down on Friday and promised to release a fix for earlier versions of its Photoshop software after previously insisting users who wanted to safeguard themselves from a critical security vulnerability had to pay for an upgrade.

A security flaw in Adobe Photoshop version CS5 and earlier means users could be exposed to malware providing they were tricked into opening a boobytrapped .TIF file. Adobe’s initial response to the discovery of the flaw was an issue an advisory pointing out that users of the latest Adobe Photoshop version CS6 were immune to the cross-platform flaw. The software giant initially declined the issue a security patch for earlier versions of the software on the dubious grounds that because Photoshop “has historically not been a target for attackers”, the risk level was supposedly low.

This view was mistaken for several reasons, including the plausibility of possible exploits and the fact that Adobe applications, in general, have become a prime target for hackers over the last two or three years.

Instead of offering a security patch, Adobe initially advised users of earlier versions of Photoshop to “exercise caution” over what files they open with their applications. If that wasn’t good enough then an upgrade to Adobe Photoshop CS6 would do the trick, at a cost of $199 (£124) or more. Adobe Photoshop CS6 was only released in early May 2012, just days before the security issue with earlier versions of the product became public knowledge.

Photoshop version CS5.5, released last year, doesn’t need to be patched.

Adobe Photoshop version CS5 is around two years old and certainly not a discontinued product. The widely used application remains on sale through various channels.

Adobe Illustrator CS5.5 and earlier, and Adobe Flash Professional CS5.5 (11.5.1.349) and earlier are also vulnerable to the same vulnerability. In each case users were initially advised to upgrade to the CS6 versions of the expensive design product if they wanted security software.

Security watchers wasted little time on heaping scorn on Adobe’s stance, arguing that the vendor was abusing its monopoly position and pushing its customers towards choosing between paying for a security upgrade or leaving themselves at greater risk of hacking attacks. They said Adobe was effectively charging paying customers for security fixes.

“Adobe has abdicated this responsibility,” Graham Cluley, senior technology consultant at security vendor Sophos argued. “It has found a critical vulnerability — a security flaw in Photoshop CS5 — that puts its users at risk, and instead of fixing it, the company is advertising the fact that there is a problem where the solution is that you pay for an upgrade to Photoshop CS6.”

Photoshop users also vented their frustrations on social networking websites.

As late as Friday afternoon, in response to questions from El Reg, Adobe continued to defend its controversial no-patch-for-CS5 stance.

While Adobe did resolve the vulnerabilities addressed in the security bulletin you are referencing below (APSB12-11) in the Adobe Photoshop CS6 major release, no dot release was scheduled or released for Adobe Photoshop CS5.

In looking at all aspects, including the vulnerabilities themselves and the threat landscape, the team did not believe the real-world risk to customers warranted an out-of-band release for the CS5 version to resolve these issues.

The security bulletin for Photoshop is rated as a Priority 3 update, indicating that it is a product that has historically not been a target for attackers, and in this case we are not aware of any exploits targeting any of the issues fixed. Installation of the upgrade is therefore at the user’s/administrator’s discretion.

Hours later, Adobe performed an abrupt U-turn and promised to issue a fix for Adobe Photoshop version CS5, something it should have done in the first place. Arguments advanced by Adobe last week – that the vulnerability was “theoretical” or that hackers weren’t after its software – were shown to be weak and just plain wrong more than 10 years ago, as Microsoft would be able to testify.

Adobe has modified its original 8 May advisory to say it is developing patches for the critical holes in the CS5.x versions of Adobe Photoshop, Adobe Illustrator CS5.x and Adobe Flash Professional CS5.x. It’s unclear when these patches will become available.

“Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities,” the revised version of the advisory continues to say. “We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/14/adobe_paid_security_fix_row/

A group of Russian developers is touting a technology they say can kill off BitTorrent-based P2P file sharing – and says they have attracted investment from Microsoft.

According to a story in Russia Beyond the Headlines, the technology developed by Andrei Klimenko, his brother Alexei, and Dmitry Shuvaev has attracted $US100,000 from Microsoft’s seed investment fund, and another $US34,000 from the Bortnik Fund.

The company they have founded, called Pirate Pay, also claims to have conducted successful proof-of-concept tests, blocking “50,000” downloads of the movie Vysotsky: Thanks go God I’m Alive in the month after its release.

What’s not clear, either from the original story or the TorrentFreak follow-up, is exactly how the technology works. From the hints dropped by Andrei Klimenko, Pirate Pay operates what is essentially a BitTorrent-specific, cloud-based denial of service.

“We used a number of servers to make a connection to each and every p2p client that distributed this film,” Klimenko says of the technology test. “Then Pirate Pay sent specific traffic to confuse these clients about the real I.P. addresses of other clients and to make them disconnect from each other.” (Emphasis added).

If El Reg’s understanding of the service is accurate, then it would live in a legal grey area. For example, this explanation from the Australian Federal Police makes it clear that Australian law regards any denial-of-service as illegal, but “for a matter to fall within the jurisdiction of Australian police” both the attacker and target have to be in Australia. Anything else would need to invoke international co-operation, and that would assume that the attacking computer was somewhere amenable to such co-operation.

However, what’s also clear at least under laws familiar to El Reg is that computer crimes legislation doesn’t distinguish between “good” and “evil” DoS. It defines any “impairment of electronic communication to or from a computer” as breaking the law. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/13/pirate_pay_dos_against_torrents/

Amnesty International UK’s website was hacked early this week in an assault ultimately geared towards planting malware onto the PCs of visiting surfers.

Malicious Java code was planted on the site in a bid to push the Gh0st RAT Trojan onto vulnerable Windows machines. If successful, the attack plants malware onto machines that is capable of extracting the user’s files, email, passwords and other sensitive personal information.

The attack, which ran between 7 and 9 May, was detected by web security firm Websense, which informed Amnesty about the threat. The human rights organisation has since cleaned up its site.

Amnesty International is no stranger to this type of attack. Its UK site was hit by a similar drive-by-download-style attack back in 2009, and a similar assault was launched against its Hong Kong site a year later.

Websense has a write-up of the latest assault in a blog post here.

The Gh0st Trojan has been used by suspected Chinese hackers in several advanced persistent threat (APT) style attacks, most notably the ‘Nitro’ attacks against energy firms in 2011. Chinese involvement in the Amnesty International attack is suspected but unproven.

“Yesterday [Wednesday] Amnesty.org.uk was infected with a piece of malicious code. As soon as we became aware of the infection we worked with our hosting company to isolate it and remove it as a matter of urgency. The problem was resolved by yesterday lunchtime,” the organization told El Reg in a statement.

“Security is very important to us and as well as extensive security measure in place to prevent exploits such as this, we also have constant monitoring in place to alert us immediately when incidents like this occur. ‘All our users profiles are held on a completely separate website and server and were in no way compromised by this incident.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/11/amnesty_malware_rat/

British cyber-cops have arrested a third suspected member of the infamous TeaMp0isoN hacker crew.

The unnamed 17-year-old was cuffed in Newcastle on suspicion of breaking the Computer Misuse Act. Detectives seized computer equipment for forensic analysis, and quizzed the youngster on Wednesday at a nearby cop shop. Met Police said enquiries are ongoing and no charges have been brought:

On Wednesday evening, 9 May, the MPS Police Central eCrime Unit (PCeU), supported by officers from Northumberland Constabulary, arrested a 17-year-old man in Newcastle in connection with alleged offences against the Computer Misuse Act 1990.

The suspect, who is believed to use the online nickname ‘MLT’, is allegedly a member of and spokesperson for TeaMp0isoN (‘TeamPoison’) – a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the UK and around the world.

The man has been taken to a local police station for interview. Computer equipment has been seized and is undergoing a detailed forensic examination. Enquiries continue between the PCeU and other relevant law enforcement agencies in this continuing and wide-ranging investigation.

The arrest is part of an ongoing investigation by the PCeU into TeaMp0isoN, the politically motivated hacking team that caused a stink last year when it defaced a BlackBerry blog during the London riots and claimed responsibility for swamping the UK’s counter-terrorism hotline with automated nuisance calls.

Two other teenagers were arrested days after the hotline DDoS attack early last month. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/11/third_teamp0ison_hack_suspect_arrest/

Multinationals based in China are increasingly worried about their local workforce stealing valuable intellectual property but many are failing to act in a timely and proactive manner to combat information security threats, according to a panel of security experts.

Speaking at the 13th annual Info-Security Conference in Hong Kong earlier this week, Verizon manager Ian Christofis argued that the risk of IP theft was one of the key concerns for multinationals in the region.

“In my experience, a number of foreign companies – for example US-based or Taiwan-based firms – that are manufacturing in China have particular concerns about loss of IP such as industrial designs from their business units based in China, due to employees leaking information,” he clarified in a follow-up email to The Reg.

“This concern seems well-founded. Some of these companies have good evidence of losses of IP from China.”

For those China-bashers looking to blame the insidious hand of the government once again, however, there’s bad news – Christofis explained that such attacks tend to be financially motivated rather than state sponsored.

Cultural issues could also play a significant part in the level of risk facing these organisations – something that could be pretty hard to insure against.

“The norms we expect in more developed economies, in terms of loyalty to one’s employer and business ethics, seem to be less well-developed or at least significantly different in China,” Christofis told The Reg.

“This may be partly due to low wages and poorer working conditions, although these continue to improve.”

Co-panellists at the conference argued that firms are failing to take a suitably strategic approach to combat such risks.

“Compliance does trigger some proactivity but I agree that it doesn’t really lead to an improvement in the security posture,” said Guido Crucq, general manager of security solutions at services firm Dimension Data.

“They need to take a step back from operations, see where they are and decide on a plan.”

Forrester principal analyst John Kindervag added that user education and awareness training are to a great extent a waste of time, claiming that organisations should design and strictly enforce access controls on a need-to-know basis.

“Even if we do user awareness training the users are going to do what they would anyway,” he argued. “I don’t think asking them to participate in what we do as security professionals is realistic.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/11/china_firms_ip_theft_worry/

Multinationals based in China are increasingly worried about their local workforce pilfering valuable intellectual property but many are failing to act in a timely and proactive manner to combat information security threats, according to a panel of security experts.

Speaking at the 13th annual Info-Security Conference in Hong Kong earlier this week, Verizon manager Ian Christofis argued that the risk of IP theft was one of the key concerns for multinationals in the region.

“In my experience, a number of foreign companies – for example US-based or Taiwan-based firms – that are manufacturing in China have particular concerns about loss of IP such as industrial designs from their business units based in China, due to employees leaking information,” he clarified in a follow-up email to The Reg.

“This concern seems well-founded. Some of these companies have good evidence of losses of IP from China.”

For those China-bashers looking to blame the insidious hand of the government once again, however, there’s bad news – Christofis explained that such attacks tend to be financially motivated rather than state sponsored.

Cultural issues could also play a significant part in the level of risk facing these organisations – something that could be pretty hard to insure against.

“The norms we expect in more developed economies, in terms of loyalty to one’s employer and business ethics, seem to be less well-developed or at least significantly different in China,” Christofis told The Reg.

“This may be partly due to low wages and poorer working conditions, although these continue to improve.”

Co-panellists at the conference argued that firms are failing to take a suitably strategic approach to combat such risks.

“Compliance does trigger some proactivity but I agree that it doesn’t really lead to an improvement in the security posture,” said Guido Crucq, general manager of security solutions at services firm Dimension Data.

“They need to take a step back from operations, see where they are and decide on a plan.”

Forrester principal analyst John Kindervag added that user education and awareness training are to a great extent a waste of time, claiming that organisations should design and strictly enforce access controls on a need-to-know basis.

“Even if we do user awareness training the users are going to do what they would anyway,” he argued. “I don’t think asking them to participate in what we do as security professionals is realistic.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/11/china_firms_ip_theft_worry/