STE WILLIAMS

New trojan masquerades as Microsoft enforcement-ware

Malware-makers have created a strain of ransomware Trojan which masquerades as a Microsoft utility.

The Ransom-AN Trojan claims that a user’s Windows machine is running an unlicensed copy of Windows and threatens to cripple the victim’s computer unless marks pay €100 to obtain an unlock code, which can be purchased via credit card via a scam website. The malware attempts to spook intended victims with entirely bogus claims that a criminal prosecution will be launched unless payment is received within 48 hours. In addition, the Trojan says that all data and applications on targeted systems will be “permanently lost”.

The malware, which targets German-speaking users (as illustrated by a screenshot here), is being distributed via spam and P2P downloads. Panda Software, the Spanish net security firm which detected the threat, warned that the Trojan is difficult to remove manually.

“These types of Trojans are very dangerous because once they infect the computer it is extremely difficult to remove them manually, forcing users to pay the ransom or reformat their devices,” said Luis Corrons, technical director of PandaLabs. “In addition, because Ransom.AN appears to come from Microsoft and threatens actions from authorities, many users believe what the Trojan says and make the payment out of fear.”

More details on Ransom-AN, including an unlock code, useful in cases where users are unlucky enough to become infected, can be found in a blog post by Panda here.

Previous ransomware strains have encrypted files in a bid to force users into paying for getting infected. The tactics used by Ransom-AN Trojan are a more aggressive extension of the basic scam, using threats of prosecution and outwardly convincing screenshots supposedly from Microsoft to peddle the ruse. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/ms_ruse_ransomware_trojan/

Court bans man called Peter from calling himself Peter

A man called Peter has been banned from using the name “Peter” on the internet as a bail condition after being charged today with unauthorised use of a computer.

Peter David Gibson, 22, from Hartlepool, was among three men and one unnamed 17-year-old charged at the City of Westminster Magistrates Court this morning for offences in connection with the LulzSec and Anonymous hacks.

The other three accused – Ashley Rhodes, 26, from Kennington in South London; Christopher Weatherhead, 20 from Northampton; and the 17-year-old student from Chester – were also bailed. All three were banned from using particular internet handles as a condition of their bail. They each face separate charges of conspiracy to carry out an unauthorised act in relation to a computer.

The bail conditions from the City of Westminster Magistrates court state that Gibson has also been forbidden from taking part in any communication over internet relay – ie, taking part in chatrooms or IRCs.

The court records state that bail has been granted on the following conditions:

1) Not to be part of any internet relay and not to participate in any internet relay action.

2) Not to use the internet using the name “Peter”.

The reason given was “to prevent reoffending”.

Luckily Peter David Gibson seems to have two forenames so he shouldn’t be stuck for alternative handles.

The men and the unnamed minor are due back in court on 18 November. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/anonymous_lulzsec_hacking_trial_peter_cannot_use_name/

South Africa joins the call for BlackBerry messaging keys

South Africa has joined the call for access to the BlackBerry Messaging service, quoting the usual security concerns and pointing out that the UK plans much the same thing.

BBM, the BlackBerry messaging service, has become the medium of choice for the discerning ne’er-do-well, which is strange considering it is a good deal less secure than the email offered by the same handset. But the instant nature of messaging appeals to everyone, prompting the new action from the South Africans:

“There is evidence that criminals are now using BBM to plan and execute crime,” the deputy comms minister told his audience at a London conference on African telecommunications: “We want to review BBM like in the UK and Saudi Arabia.”

BlackBerry email services are very hard to intercept when hosted by an enterprise, but surprisingly easy to tap into when hosted by RIM itself. “Email messages that are sent between the BlackBerry Internet Service and your BlackBerry device are not encrypted,” the company admits (PDF), depending instead on the carrier’s cryptography. That doesn’t mean the messages are in clear, almost all GSM networks encrypt their traffic (not that this matters in the case of government surveillance) but one might imagine the unique PIN attached to every BlackBerry Messenger account would make it more secure.

Sadly (for the criminals) that is not the case:

“By default, each device uses the same global PIN encryption key, which Research In Motion adds to the device during the manufacturing process”, the documentation on BlackBerry’s enterprise server explains. “Because all devices share the same global PIN encryption key, there is a limit to how effectively PIN messages are encrypted … Encryption using the global PIN encryption key is sometimes referred to as ‘scrambling’.”

It seems that RIM has already shared that key with India, Saudi Arabia probably has a copy too and one can be certain that the UK and US governments wouldn’t be without a copy.

So if you’re a South African criminal, or a London rioter, then you need to get yourself a BlackBerry server and use email for your planning. Or perhaps you shouldn’t. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/south_africa_rim_keys/

Cyber crime now bigger than the drugs trade

The global cost of cybercrime is greater than the combined effect on the global economy of trafficking in marijuana, heroin and cocaine, which is estimated at $388bn, a new headline-grabbing study reported.

The Norton Cybercrime Report puts the straight-up financial costs of cyberattacks worldwide at $114bn, with time lost dealing with the crime adding the remaining $274bn, while the global black market in the three drugs costs $288bn.

Every second, 14 adults become the victim of some sort of cybercaper, adding up to over a million victims every day, the report from Norton-maker Symantec said, with young men who access the web on their mobiles the most likely victims.

But despite the large number of victims, people aren’t doing enough to stop it for themselves. Although 74 per cent of people say they’re aware of cybercrime, 41 per cent of them don’t have up-to-date security software and 61 per cent don’t use complex, regularly-changing passwords.

“There is a serious disconnect in how people view the threat of cybercrime,” said Adam Palmer, Norton’s lead cybersecurity advisor. “Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year.”

The most common cybercrime issues are malware and viruses, which have affected 54 percent of those surveyed, with online scams second (11 per cent), and phishing catching 10 per cent of adults out. Cyber-villainy is also on the up on phones, with 10 per cent of adults having been victims of an attack on their mobile, according to the study. The study surveyed almost 20,000 people in 24 countries. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/cost_is_more_than_some_drug_trafficking/

Much of the human race made up of thieves, says BSA

Almost a half of all PCs in operation worldwide use pirated software, according to the Business Software Alliance (BSA).

The industry body came to the number after tasking research firm Ipsos Public Affairs with a poll of 15,000 users in 32 countries, albeit a tiny fraction of the more than one billion clients used across the planet.

It found found that the lion’s share of illegal software purchases were made in developing economies – buying single licences and loading them onto multiple systems or downloading from peer-to-peer sites.

The highest instances of pirated software were in China, followed by Nigeria, Vietnam, Ukraine, Malaysia, Thailand, Indonesia, Saudi Arabia and South Korea.

Users in good old Blighty were in the bottom third of the dishonesty stakes, with only 30 per cent of those interviewed using – or at least admitting to using – illegal programs.

Japan, where the BSA has just secured a $5.7m settlement with a computer software planning and production business – the largest on record – was just above the Brits in the league of shame.

The defence of pirated software users in developed countries was ignorance of the law or a join them rather than beat them mentality.

“It took hundreds of millions of thieves to steal $59bn worth of software last year. Now we have a better understanding of what they’re thinking,” said BSA president and CEO Robert Holleyman.

“The evidence is clear: the way to lower software piracy is by educating businesses and individuals about what is legal – and ramping up enforcement of intellectual property laws to send clearer deterrent signals to the marketplace.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/bsa_survey_pirate_software/

Skype: Microsoft’s $8.5 billion identity tool

Open…and Shut In 2005, eBay bought Skype for $2.6 billion to bring voice communications to the online auction site, claiming the combination would “revolutionise the ease with which people can communicate through the internet.” Four years later, eBay sold Skype for $2.75 billion because no one wanted to talk to the other party in a transaction.

Now that Microsoft has picked up Skype in an $8.5 billion deal, let’s hope that it appreciates what eBay never did: Skype is more valuable as an identity tool than as a VOIP service. Identity is the Holy Grail for the Internet, which is why Google and Facebook desperately want users to be themselves, and not a pseudonym.

Google has been more upfront about this, perhaps because Facebook doesn’t really have to coax users into using their real names. Facebook is where you hang out with high school friends and that person you met at a bar: fake identities just don’t work very well for true social networking.

In other words, Facebook has identity data, and Google wants it. Skype? It could help Microsoft map the identities of over 100 million Skype users, adding to the more than 500 million MSN users Microsoft claims. Such users, however, are largely anonymous. I have an MSN account (two or three, actually), and use them under different names for different reasons (mostly to collect spam when I sign up for things online).

And I’m one of the “good guys.” The proliferation of fake online identities is a real problem, with as much as 40 per cent of website user accounts being fraudulent.

Adding Skype, which only works if the two (or more) parties to a voice or IM chat actually know the identity of the person on the other end, can provide a real richness to Microsoft MSN user data, and also offers a platform for further mapping out identity online. I have been surprised by how mainstream Skype has become among older, less technically savvy people that I know.

Such people aren’t hiding behind pseudonyms. They want their children living abroad to be able to easily find and add them as contacts. Yes, there are great reasons for Microsoft to use Skype’s collaboration features in its Office and other products. But just as eBay could have benefited much more from using Skype to add identity data to its online transactions, further deepening trust between buyers and sellers, so too might Microsoft find Skype’s identity data more useful than its VOIP service.

Even as the web makes it easy to do business with an obscure buyer or seller on the other side of the globe, the need for trust – for trusting the other’s identity – has never been greater.

Skype offers communication tools, yes. But it’s ability to deliver identity is much more valuable. ®

Matt Asay is senior vice president of business development at Strobe, a startup that offers an open source framework for building mobile apps. He was formerly chief operating officer of Ubuntu commercial operation Canonical. With more than a decade spent in open source, Asay served as Alfresco’s general manager for the Americas and vice president of business development, and he helped put Novell on its open source track. Asay is an emeritus board member of the Open Source Initiative (OSI). His column, Open…and Shut, appears twice a week on The Register.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/asay_on_skype/

Most bosses monitor or block social-network use at work

Viruses, loss of confidential data and fear of employees tooling around doing sweet FA on Twitter are the top reasons that employers give for putting the brakes on social media in the workplace. And it’s stopping them benefiting from new collaborative technologies, says ClearSwift Research.

The company surveyed 1,529 employees and 906 managers in companies across the world about social media in the office. The survey found that 60 per cent of employers worried that giving their employees free access to Web 2.0 would bring in viruses and worms, 49 per cent feared the loss of confidential data through employee carelessness, or hacking (45 per cent), while many also worried that it had a negative impact on productivity (40 per cent) and posed a threat of reputational damage if used inappropriately (37 per cent).

Overall, 91 per cent of UK companies said that concerns about security and data loss were preventing technology adoption.

ClearSwift – an information-security company – stated that this caution was holding companies back from the “significant” advantages of social media. According to the survey-slingers, these include: improving internal communication, making employees happy, keeping people up to date with new information and improving contact with clients.

“Successful use of ‘Web 2.0’ is still seen as critical to future success by both groups, and there is ongoing investment in this area,” the report stated. “Technology adoption is, however, being hampered by security concerns, with high-profile data loss incidents generating scepticism about new collaboration technologies.”

To keep tabs on staff internet use, employers used a range of tactics: 71 per cent issued a best practice policy on internet use, 68 per cent said they monitored employee internet activity and 56 per cent went the whole hog and blocked access to certain social networking sites in the workplace.

However the survey suggested that blocking or clamping down on social media made staff twitchy and sad:

“[Employees] feel disconnected from the risks of Web 2.0 – they have little sense of what they are being protected from, and therefore respond negatively to monitoring and security measures. Since they see little rationale for blocking and monitoring, they are likely to disconnect from their employers if policies are perceived as unreasonable.”

Young employees in particular found social media bans at work difficult to deal with: only 35 per cent of 18-24 year olds and 44 per cent of 25-34-year-olds would happily stay at a job if they found their employer’s social media policy too restrictive.

Forty-three percent of companies had actually experienced a security incident resulting from internet use. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/fear_of_social_media_holds_back_tech_adoption_survey/

GlobalSign stops issuing SSL certs, probes hacker claims

GlobalSign has suspended the publication of SSL certificates as a precaution in the wake of unverified claims by a hacker linked to attacks on Comodo and DigiNotar.

The self-named Comodohacker used pastebook in March to claim responsibility for hacks against Comodo that allowed the publication of bogus SSL certificates. The hacker, after months of silence, claimed responsibility this week for the DigiNotar hack and boasted that he was still able to created fake certificates after compromising systems at four other certificate authorities. The hacker, who claims to be an Iranian working alone with no connections to the Iranian government, named one of the compromised CAs as GlobalSign. However, he didn’t provide any proof that GlobalSign had been compromised nor did he name the three other supposed victims.

Comodohacker’s latest self-aggrandising post suggests that his claimed hack against GlobalSign was ultimately thwarted. “GlobalSign, StartCom was lucky enough, I already connected to their HSM, got access to their HSM, sent my request, but lucky Eddy [StartCom CEO Eddy Nigg] was sitting behind HSM and was doing manual verification.”

GlobalSign has responded to the accusation by suspending the publication of digital certificates while it investigates the claims and audits the security of its systems. The firm apologised for the inconvenience while giving no immediate indication on when it might be able to restore services in a statement (extract below) published on its website on Tuesday.

On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to four further high profile Certificate Authorities, and named GlobalSign as one of the four.

GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible.

We apologise for any inconvenience.

The bold and decisive move contrasts sharply with delays in getting to the root of the problem or going public by DigiNotar after it confirmed its systems had been compromised, to say nothing about the shockingly insecure state of its systems prior to the attack.

Forged certificates created the mechanism to pose as the targeted websites as part of either man-in-the-middle or phishing attacks. Forged Google.com SSL credentials were used to spy on 300,000 Iranian internet users, according to authentication lookup logs on DigiNotar’s systems, and separate evidence from Trend Micro.

The Comodohacker posted portions of what purports to be the offending library from systems run by an Italian Comodo reseller to pastebin in order to substantiate claims he was behind the Comodo forged SSL cert hack back in March. In addition, Comodohacker signed a copy of Windows calculator using the private key of a fraudulently-issued Google digital certificate obtained via the Comodo hack. This is solid evidence and contrasts with the lack of proof supplied for other hacks claimed by the Comodogate hacker.

He supplied the supposed admin password of DigiNotar’s network in follow-up posts this week, but has yet to supply any evidence that would suggest GlobalSign is compromised.

Security watchers, including Sophos, have praised GlobalSign for forgoing an income stream in order to properly investigate what may turn out to be unsubstantiated claims. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/globalsign_suspends_ssl_cert_biz/

Phone-hack plods arrest another man in pre-dawn raid

Phone-hack plods arrest another man in pre-dawn raid

  • alert
  • print
  • comment
  • tweet

Scotland Yard dicks up early and out of office this time

Free whitepaper – Ten Errors to Avoid When Commissioning a Data Center

Scotland Yard officers investigating alleged phone-hacking at the now defunct tabloid the News of the World arrested a 35-year-old man in an early morning pounce on his home today (7 September).

Cops took the unnamed man into custody at a north London police station on suspicion of conspiracy to intercept voicemail messages, contrary to the 1977 Criminal Law Act.

The arrest at 5:55am this morning was uncharacteristic for Operation Weeting.

Many of the other people brought in for questioning in relation to alleged illegal phone hacking practices at the NotW have come in by appointment. ®

Free whitepaper – The Advantages of Row and Rack-oriented Cooling Architectures for Data Centers

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/operation_weeting_arrest/

Twitter users charged with terrorism for false tweets

Mexican prosecutors are pursuing terrorism and sabotage charges against two Twitter users who falsely reported an armed attack by drug gangs was in progress at a local elementary school.

The tweets falsely claimed gunmen had stormed several schools in the Mexican state of Veracruz and either injured or kidnapped children. A Veracruz prosecutor compared public reaction to the series erroneous tweets to the mass panic that greeted Orson Wells’s 1938 radio broadcast The War of the Worlds and claimed that it touched off 26 traffic accidents as parents rushed to schools to save their children.

The charges stem from tweets made on August 25 by math tutor Gilberto Martinez Vera, 47, and Maria de Jesus Bravo Pagola, a 57-year-old journalist and radio commentator.

“My sister-in-law just called me all upset, they just kidnapped five children from the school,” Martinez wrote in one tweet.

Three days earlier, “they mowed down six kids between 13 and 15 in the Hidalgo neighborhood,” he claimed in a separate dispatch. While a similar attack had occurred, it didn’t involve children. Martinez had also claimed that kidnappers “took 5 kids, armed group, total psychosis in the zone.”

Over the past few years, Mexico’s drug war has claimed more than 40,000 people, many of them civilians caught in crossfire, according to The Los Angeles Times. In mid August suspected cartel members tossed a grenade outside a Veracruz aquarium, killing a man and injuring a woman and two children.

With traditional media outlets reluctant to report on the violence for fear of reprisals, more and more Mexicans are turning to social media to exchange information about attacks, The Los Angeles Times said.

Attorneys for the the accused pair have criticized the charges because they carry a maximum of 30 years in prison.

“There was no intent on their part to generate this situation,” the attorney said. “They simply informed, incorrectly, but they informed.”

A state prosecutor warned that other “cyber terrorists” would also be investigated for allegedly “disinforming” the public.

The case brings to mind charges brought last year against a UK man after he tweeted his intention to bomb an airport if it didn’t open in time for his scheduled flight. Paul Chambers was ultimately ordered to pay more than £2,000 despite his insistence the update was a joke.

More about the terrorism charges filed against the Mexican pair is here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/07/twitter_terrorism_charges/