STE WILLIAMS

Marcus Hutchins, the security researcher who helped halt the spread of the WannaCry attack, pleads guilty to two charges related to writing malware.

Marcus Hutchins, British security researcher best known for stopping the WannaCry ransomware outbreak, has pleaded guilty to federal charges for writing malware.

In a statement, Hutchins says the activity occurred “in the years prior to my career in security.”

“I regret these actions and accept full responsibility for my mistakes,” he writes. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Hutchins, who operates his blog and Twitter handle under the name MalwareTech, was arrested in August 2017 after the Black Hat USA and DEF CON cybersecurity conferences in Las Vegas. Federal authorities charged Hutchins, then 24, with the creation and distribution of Kronos banking malware – designed to lift online banking data – between July 2014 and 2015.

The FBI handed down a six-count indictment, accusing Hutchins of conspiring to commit computer fraud, illegally accessing computers, and distributing and advertising an illegal communication-interception device, among other allegations. Hutchins pleaded not guilty to all of the above and was released on bail but not allowed to return home to the United Kingdom.

Fast-forward to June 2018, when a superceding indictment tacked on four new charges. Three accused Hutchins of writing and distributing Upas Kit malware; one accused him of lying to the FBI about his role in Kronos. Authorities alleged that Hutchins created Upas, which steals credentials and data on target systems, and gave it to a co-conspirator who sold it for $1,500.

Hutchins has now pleaded guilty to two charges: one with conspiracy; the other with a violation of U.S.C. Title 18, Section 2512. The latter describes conduct involving devices “primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications,” as stated by the DoJ. The government will dismiss the remaining charges.

With these two counts, Hutchins faces a penalty of up to five years in prison and $250,000 in fines, as stated in a plea agreement filed with the Eastern District of Washington. The agreement does note that “acceptance of responsibility” can reduce his sentence.

The security researcher rose to infosec fame in May 2017 when he stopped the global WannaCry ransomware attack by registering a domain he spotted in the malware. His move had a “kill switch” effect, which essentially halted the spread of WannaCry around the world.

His 2017 arrest stunned the cybersecurity community. Many had trouble believing the charges against him, and many shared opinions on the legal battle. Some, like George Washington University Law School professor Orin Kerr, said the government was overly aggressive and would struggle to prove things like malicious intent. “For the charge to fit the statute, the government has to prove two things that it may or may not be able to prove,” he said.

Some professionals have expressed disappointment and concern about what this could mean for the future of security research, where white-hat hackers venture into gray areas when it comes to exploring malware and other cybersecurity threats.

Related Content:

• 8 ‘SOC-as-a-Service’ Offerings
• Third-Party Cyber-Risk by the Numbers
• 6 Takeaways from Ransomware Attacks in Q1
• GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/endpoint/wannacry-hero-hutchins-pleads-guilty-to-malware-charges-/d/d-id/1334496?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.

A recent cyberattack campaign employed a weaponized version of TeamViewer and malware disguised as a top secret US government document to target officials in several embassies in Europe.

The malware, phishing documents, and other artifacts used in the attacks appear to all be the work of a single individual using the handle EvaPiks, who’s been active in an illegal Russian-carding forum for some time. However, what’s still not entirely clear is if the same individual is also solely carrying out the attacks as well, or if others are involved, according to researchers at Check Point Software Technologies who spotted the attacks.

“According to our findings, we can tell that EvaPiks is behind the development of the entire infection chain,” says Lotem Finkelsteen, threat intelligence group manager at Check Point.

But the type of victims being targeted, and the multiple-stage nature of the attacks, are more indicative of nation-sponsored actors or sophisticated cyber groups, he says.

“Therefore, we wonder whether he joined others to carry [these] attacks, or he just tunneled others’ attack through his successful infection chain,” using an attack-as-a-service model, Finkelsteen says.

Embassy officials from at least seven countries have been targeted so far—Italy, Kenya, Bermuda, Nepal, Guyana, Lebanon, and Liberia. In each instance, the targeted individuals appeared to have been carefully selected and were tied to government revenue related roles and the financial sector, suggesting a possible financial motive for the attack.

So far though, there’s no evidence of the attacker attempting to gain access to any bank accounts belonging to the governments that have been targeted, Finkelsteen says. Espionage is another possible explanation for the attacks, but it’s hard to tell for sure if there are any geopolitical motives based solely on the list of country’s and victims targeted, he notes.

‘Military Financing Program’

In each attack, the threat actors have sent targeted individuals an XLSM document containing malicious macros via email with the subject “Military Financing Program.”

The document itself is reasonably well-crafted, with a logo of the US Department of State on it and marked as top secret. But while EvaPiks appears to have put in some effort to make the document look authentic, he appears to have overlooked certain Cyrillic artifacts within that point to the source of the attack, Check Point said.

The macros – when enabled – extract two files from encoded cells within the XLSM document. One of them is a legitimate AutoHotkey (AHK) program. The other is a malicious version of AHK that connects to a command-and-control server and downloads and executes a malicious version of TeamViewer that allows the attacker to take remote control of the infected system.

The malicious TeamViewer can also download and execute other commands, including one for hiding the TeamViewer interface so the victim doesn’t know it’s running, and another for saving session credentials to a text file.

Evolving Functionality

Check Point says its research shows that EvaPiks has been involved in previous campaigns where a weaponized version of TeamViewer was used to try and gain remote control of targeted systems. Over the course of these campaigns, the hacker has kept changing the functionality of the malicious TeamViewer DLL.

The first variant that Check Point analyzed had the ability to send some basic system information back to the attacker and to self-delete. A second version that surfaced in 2018 featured a new command system and a long list of banks, crypto markets, and ecommerce sites of interest to the attacker.

The third and current variant has added a DLL execution feature and uses external AutoHotKey scripts to gather information and session credentials, Check Point said.

Overall, the infection chain is not all that sophisticated. Even so, the attacker has succeeded in going under the radar and victimizing officials in key positions, Finkelsteen says. “It means that you don’t have to introduce an innovative attack in order to do a good job.”

Related Content:

• Who Gets Targeted Most in Cyberattack Campaigns
• Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
• Microsoft Office: The Go-To Platform for Zero-Day Exploits
• Real-World Threats That Trump Spectre Meltdown

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/endpoint/trojanized-teamviewer-used-in-targeted-attacks-against-multiple-embassies/d/d-id/1334497?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Internet Crime Complaint Center (IC3) last year received an average of 900+ reports daily of Internet-enabled theft, fraud, and exploitation.

The FBI’s Internet Crime Complaint Center (IC3) in 2018 received 351,936 complaints of Internet-related crimes and scams that amassed some $2.7 billion in financial losses.

The most common reports were of non-payment/non-delivery scams, extortion, and personal data breaches, with the most losses to business email compromise (BEC), romance fraud, and investment scams. US citizens over the age of 50 were hit the most by these crimes.

“The 2018 report shows how prevalent these crimes are,” said Donna Gregory, chief of the IC3. “It also shows that the financial toll is substantial and a victim can be anyone who uses a connected device. Awareness is one powerful tool in efforts to combat and prevent these crimes. Reporting is another. The more information that comes into the IC3, the better law enforcement is able to respond.”

There was one bit of positive news: the IC3’s new Recovery Asset Team last year was able to retrieve $192 million in losses to scammed businesses.

Read more here. 

 

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/risk/fbi-$27-billion-in-losses-to-cyber-enabled-crimes-in-2018/d/d-id/1334498?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Last week we wrote about “ransomware from afar” – attacks in which cybercrooks apparently aim ransomware at you across the internet.

Whether they hack someone else’s computer on which to run the malware program, or deliberately set up a sacrificial laptop or virtual machine (software-based computer) of their own, the outcome is the same.

The point is that many ransomware samples, with no modification or reprogramming needed, automatically scramble any and all connected drives they can see when the malware kicks off.

That pretty much guarantees that your C: drive will get zapped, because almost every Windows user has one of those, but if you also have an S: drive, for example, mapped across the network to access the company’s shared server folders…

…then you can kiss all that data goodbye, too.

The servers get affected even though it’s you who’s infected.

In other words, if the crooks can find any devices on your network that have inadvertently been shared out on the internet, and if they can guess your password, then they can map your files as a shared drive on their sacrificial computer.

Then they can take you down with ransomware, without any malware infection ever showing up on your devices.

Those shared folders could be on your laptop or on your NAS (network attached storage) device, but the outcome is the same: an extortion demand offering to let you “buy” the decryption key to get your precious files back.

Learn how this sort of attack can happen, and how to stop it:

(Watch directly on YouTube if the video won’t play here.)

By the way, if you like the shirt in the video (who doesn’t?), head to https://shop.sophos.com/ to buy one of your own.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/uOCSijJCt5A/

Don’t let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.

Social media has become the No. 1 marketing tool for businesses, with 82% of organizations now using social media as a key communication and promotional tactic. It has become the window to a business, enabling companies to build a following, engage with clients and consumers, and share news and updates in a cost-effective way.

While social media can be a great tool, there are also a number of associated security threats. Just by having a presence on the platforms, organizations of all sizes put themselves at risk.

There are four main ways that social media threatens businesses:

1. Reputational Damage
High-profile individuals, brands, and organizations are regularly caught out for saying the wrong thing or posting something inappropriate. For example, last year, Jeff Bezos, CEO and president of Amazon, tweeted an image of himself dog sledding in the Arctic Circle while on vacation. This was amid a wave of criticism around the company’s wages, causing a huge backlash from employees and high-profile individuals about its insensitivity and the pay gap within the organization. 

These incidents can happen via the corporate account itself, or via employees who are associated with the company. Businesses must understand that the networks created on social media act as the face of the company. If an employee, director, or owner posts pictures of themselves drinking excessively or discussing views that aren’t held by the company, behavior or sentiment is often attributed to the company itself, with the reputational damage faling on the organization rather than the individual.

2. The Slip of a Finger
With 64% of marketers confirming that social media is just one aspect of their job, it’s clear that many employees cannot always dedicate the time needed to properly manage corporate accounts. This is where mistakes happen and have the potential to ultimately cost businesses.

A common occurrence of this happening is when an employee accidently responds to the wrong message. An employee might be responding to one customer enquiry but actually sends their reply to a totally different customer — meaning sensitive information about a customer is shared with an unintended recipient.

A further threat is when a private message is instead shared via the corporate social media feed. While an employee thinks they’re replying privately, they actually share the entire message — again, containing sensitive information relating to a customer — publicly. While the message can be removed from the timeline, anyone could have taken a screengrab of the information. In this public setting, companies must be conscious of the fact that this is not only a compliance breach but a reputational issue as well.

With General Data Protection Regulation compliance fines of up to €20 million (or 4% of global revenue), a small mistake like this can have big consequences. For example, if Google were to share customer data accidentally on its corporate Twitter account, this could mean a fine of $1.4 billion.

3. Social Phishing
Phishing is a prevalent cyberattack method, often carried out via email as a way to steal sensitive information from businesses or to infect corporate networks with malware. However, cybercriminals use social media to trick employees into allowing access to sensitive information about the company for which they work.

LinkedIn, in particular, has the biggest challenge with this because some employees use it a lot. Salespeople use the platform every day to find new business, track down information about people they’re going to meet, and look for new job roles. Salespeople quite frequently receive incoming messages asking them to a click a link, and links can be malicious. Furthermore, those using LinkedIn tend to go to the site via a laptop during working hours, so cybercriminals know they’re more likely to reach the corporate network because laptops often offer the quickest route to the company server.

4. Lack of Awareness 
Social media use has become a part of our everyday lives, both personally and professionally. However, there are some simple steps that businesses should take to ensure everything stays safe on company social accounts:

• Employees should be trained on corporate social media policies and be given a “best use” guide, demonstrating what they can and can’t do on corporate social media accounts.
• Information about cyberattacks via social platforms should be circulated so employees know what to look out for and how to prevent a potential attack from happening.
• Having simple practices in place, such as internal reviewing of content, means no tweet goes live without multiple approvals, reducing mistakes that have huge reputational impacts.
• Limited access to the social corporate accounts should be in place. Not all employees should be given the passwords for the accounts; instead, the individuals that require access, or have been granted access, should have the login details sent to them privately and confidentially.
• Passwords should be changed regularly and most definitely changed when an employee who had access leaves the organization.

Social media is a great marketing tool for businesses. However, if companies continue to ignore — or misunderstand — the threat that it poses, it will become the go-to platform for cybercriminals looking to steal sensitive information or cause huge reputational damage when silly mistakes are missed.

Related Content:

• Your Employees Want to Learn. How Should You Teach Them?
• The ‘Twitterverse’ Is Not the Security Community
• Senate Bill Would Ban Social Networks’ Social Engineering Tricks
• Social Media Platforms Double as Major Malware Distribution Centers

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Guy Bunker is an internationally renowned IT expert with over 20 years’ experience in information security and IT management. He currently holds the position of CTO at data security company Clearswift, and was previously the Global Security Architect for HP. Prior to that, he … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/4-tips-to-protect-your-business-against-social-media-mistakes/a/d-id/1334417?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The featured image comes from @MalwareTechBlog, the Twitter feed of Marcus Hutchins.
Louise Mensch is an independent British/American journalist.

Remember the reluctant WannaCry hero?

WannaCry was ransomware that made big headlines in mid-2017 for two important reasons.

First, it was a true computer worm, or virus, that automatically propagated itself to the next guy, and the next guy…

…and so on, meaning that although it drew attention to itself very quickly, it was nevertheless able to spread far and fast.

SophosLabs estimated that it infected 200,000 computers in 150 countries within four days of showing up in the wild.

Second, WannaCry’s spreading mechanism used a exploit code known as ETERNALBLUE, allegedly developed by the US National Security Agency for secret intelligence-gathering purposes.

That exploit, along with many others, was subsequently stolen in a data breach at the NSA, offered for sale for a while at an outrageous price, and finally dumped for anyone to use for free around the start of 2017.

Microsoft pushed out a patch at the start of 2017 that effectively immunised everybody who applied it, but those who neglected or declined that update ended up at risk.

Enter our hero

Amongst the WannaCry panic, a youngster in the UK calmly analysed the behaviour of the virus and quickly spotted what’s known as a “kill switch” in its programming.

If the ransomware was able to connect to a specific, weirdly named server, it would let you off and not scramble your files.

But if the call-home failed then the ransomware attack went ahead and you ended up facing a $300 extortion fee to get your files back.

For reasons we shall probably never know, the crooks who wrote WannaCry didn’t bother to purchase the domain name used by this safety valve, so our hero quietly registered the domain himself.

Then he set up a webserver that turned the safety valve on, so that pretty much everyone in the world with half-decent internet connectivity was automatically shielded from the data-zapping payload of the WannaCry attack.

This prompt and decisive action almost certainly saved many innocent users from those pay-$300-in-Bitcoin-right-now demands and prevented plenty of global heartache.

Reluctant stardom

At first, our hero kept a low profile, but he was soon identified by the UK media – to an understandably warm welcome – as Marcus Hutchins.

His disarming likeability made his initial reticence seem like little more than youthful shyness, but a more serious reason for him to have avoided the spotlight soon appeared.

Pitched suddenly into cybersecurity stardom, Hutchins was invited to attend the 2017 DEF CON hacker convention, so he jetted off to Las Vegas, Nevada, where the event is held.

Unfortunately for Hutchins, US law enforcement, in the form of the FBI, already had their eyes on him; indeed, it seems he’d been a “person of interest” to them for a while, despite his youth (he had just turned 23 at the time of his DEF CON trip).

The FBI had formed the opinion that Hutchins had not only written malware as a youngster but also sold it on, knowing that the purchasers wanted it for criminal purposes.

Writing viruses might not itself be a crime, in the US at least, but using malware to attack computers, steal data and make money is another matter.

Anyway, in the week or so that Hutchins was in Nevada, the Feds got their paperwork together, and at the last moment – apparently while he was waiting for his flight home at McArran airport in Las Vegas – they showed up to arrest Hutchins and take him into custody.

Presumption of innocence

The initial reaction from many in the cybersecurity community was an efflux of scorn and hatred against American law enforcement.

Even amongst those who knew him only in passing or via his online presence, Hutchins was a hero who’d spent his own money on helping others people, so he was very widely assumed to be innocent, and the charges to be a pile of rot.

Investigative journalist Brian Krebs admits that he too wanted to believe in Hutchins’s innocence, but figured that he’d better dig into Hutchins’s background a bit before forming an opinion.

After three weeks of “joining the dots”, Krebs published a piece in which he said:

At first, I did not believe the charges against Hutchins would hold up under scrutiny. But as I began to dig deeper into the history tied to dozens of hacker forum pseudonyms, email addresses and domains he apparently used over the past decade, a very different picture began to emerge.

Admission of guilt

Hutchins pleaded not guilty at the outset of his case and managed to get bail, but had to hand over his passport and stay in the US.

And so things stood until last week, when Hutchins himself tweeted:

Statement About My Legal Case
malwaretech.com/public-stateme…

—
MalwareTech (@MalwareTechBlog) April 19, 2019

The article linked to by the tweet is short and simple:

As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.

This isn’t the typical mea culpa admission we’ve seen in the past from cybercriminals.

Hutchins isn’t trying to blame his victims for not patching, for example; or to blame the operating system vendors for writing buggy code; or to blame the world in general for not paying attention to bug reports in the firy place; or claiming that cyberattacks don’t really count because they don’t hurt anyone like violent crime does.

We’re aware, of course, that the words and structure of this terse and carefully formed statement were probably devised by Hutchins’s lawyers as a formal requirement of his plea arrangement…

…but in this case, we’re inclined to believe him.

He hasn’t been sentenced yet, so we can’t tell you what effect, if any, this statement will have.

Apparently the maximum jail time allowed for his offences is five years, but a lot of people in the cybersecurity community seem to be rooting for Hutchins to be treated leniently, even though he’s now officially a convicted cybercriminal.

What next?

We’re not expecting Hutchins to get away with a suspended jail term or a fine followed immediately by deportation to the UK, however effective such a sentence might sound.

After all, the US courts may want to establish a clear disincentive for other youngsters who are toying with the idea of a “career” that involves attacking the online lives of innocent victims with malware.

So we’re guessing that he’ll go to prison to serve some sort of custodial sentence, although we can’t see him getting a full five-year stretch, and given his guilty plea and his public admission of wrongdoing, we hope he doesn’t.

Hutchins does seem genuinely remorseful, and has even taken to Twitter with some wise advice for those following in his footsteps:

There’s misconception that to be a security expert you must dabble in the dark side. It’s not true. You can learn e… twitter.com/i/web/status/1…

—
MalwareTech (@MalwareTechBlog) April 20, 2019

Have your say

What do you think he’ll get?

And what do you think he deserves, given that he’s now convicted of making and selling malware for criminal purposes?

Tell us in the comments below.

---

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/uJrh25ijTYU/

More than two years of billing records from a drug and alcohol rehabilitation center were made freely available on the internet, a security researcher has discovered.

Justin Paine has been scouring the internet for Elastic Search databases and has previously found access logs from streaming services, app developers and online casinos – but the database from the Steps to Recovery rehab center in Ohio was by far the most disturbing so far.

The database covers the center’s billing system and while it doesn’t include things like credit card numbers or other forms of ID, it does include patient names alongside patient IDs, provider IDs, and descriptions of services alongside the date they were provided, along with medical billing codes and the fees charged.

Such information is highly personal and confidential. Anyone with access can easily see when someone was admitted to the rehab, and left, and what treatment they received while there. As examples, code 0901 is for electric shock treatment while 0916 for family psychotherapy.

No response

Paine contacted the rehab center as well as the company hosting the database and a day later, security was applied and the database is no longer publicly readable but he notes that he was never contacted by the company and it’s unclear whether it has informed patients that their personal data was available online.

The database itself was 1.45GB and contained nearly five million documents from mid-2016 to late 2018 that he estimated covered around 150,000 patients. He also notes that given the patient names and locations – Ohio – it was easy to find more information on the exposed identities through simple web searches.

Such information in the wrong hands is a recipe for disaster and could easily be used to blackmail, harass, con or steal people’s identities, among many other malicious uses.

We have contacted the center and asked for more information on what happened, if they have informed affected customers, and what steps they are taking to ensure it doesn’t happen again and will update this story if it responds.

In the meantime, it should serve as a reminder that every sysadmin should check and periodically recheck that their databases are locked down. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/19/rehab_patients_details_exposed/

A trio of Belgium-based boffins have created a ward that renders wearers unrecognizable to software trained to detect people.

In a research paper distributed through ArXiv in advance of its presentation at computer vision workshop CV-COPS 2019, Simen Thys, Wiebe Van Ranst and Toon Goedeme from KU Leuven describe how some colorful abstract signage can defend against Darknet, an open source neural network framework that supports You Only Look Once (YOLO) object detection.

The paper is titled “Fooling automated surveillance cameras: adversarial patches to attack person detection.”

Adversarial images that dupe machine learning systems have been the subject of considerable research in recent years. While there have been many examples of specially crafted objects that trip up computer vision systems, like stickers that can render stop signs unrecognizable, the KU Leuven boffins contend no previous work has explored adversarial images that mask a class of things as diverse as people.

“The idea behind this work is to be able to circumvent security systems that use a person detector to generate an alarm when a person enters the view of a camera,” explained Wiebe Van Ranst, a PhD researcher at KU Leuven, in an email to The Register. “Our idea is to generate an occlusion pattern that can be worn by a possible intruder to conceal the intruder from for the detector.”

What makes the work challenging, he said, is how varied people are in the way they appear, with different clothing, poses, and so on.

The researchers targeted the popular YOLOv2 convolutional neural network by feeding it their dataset of images to return bounding boxes that outline people identified by the detection algorithm.

“On a fixed position relative to these bounding boxes, we then apply the current version of our patch to the image under different transformations,” they explain in their paper.

“The resulting image is then fed (in a batch together with other images) into the detector. We measure the score of the persons that are still detected, which we use to calculate a loss function. Using back propagation over the entire network, the optimiser then changes the pixels in the patch further in order to fool the detector even more.”

Van Ranst said having access to footage from a surveillance camera can be used to train a more reliable patch. “However, this is not strictly necessary, we can also use an existing database of images as training data (as we do in the paper),” he said.

“In later experiments we did however notice that our current technique can be quite sensitive to the dataset our detector was trained on. Making it more robust to these cases is something we would like to investigate in the future.”

The result of this process, a colorful patch that’s 40cm (~15 inch) square, is just a bit larger than the cardboard sleeve of a vinyl record or a glossy magazine. It has been formulated to throw off the YOLOv2 software’s ability to identify people.

The researcher’s work can be seen in this YouTube video.

“In most cases our patch is able to successfully hide the person from the detector,” the researchers explain in their paper. “Where this is not the case, the patch is not aligned to the center of the person.”

Looking ahead, the researchers hope to generalize their work to other neural network architectures like Faster R-CNN. They believe that they will be able turn their pattern into a T-shirt print that will make people “virtually invisible” to object-detection algorithms in automatic surveillance cameras.

Presently, however, the pattern needs to be directly visible to the camera being fooled. According to Van Ranst, further work needs to be done to make the pattern functional when viewed at an angle. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/19/defense_against_the_darknet_or_how_to_accessorize_to_defeat_surveillance/

Marcus Hutchins, the British security researcher who shot to fame after successfully halting the Wannacry ransomware epidemic, has pleaded guilty to crafting online bank-account-raiding malware.

For nearly two years now, Hutchins, 24, has been under house arrest in the US after being collared at Las Vegas airport by FBI agents acting on a tip-off. The Brit, who was at the time trying to fly back home to Blighty after attending the Black Hat and DEF CON security conferences, was accused of creating and selling the Kronos banking trojan, and denied any wrongdoing.

The US government subsequently piled on charges, and it now appears that the pressure has been too much: on Friday this week, Hutchins accepted a plea deal [PDF], and admitted two charges of malware development.

“I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” he said in a statement.

Lawyers for Marcus Hutchins: His ‘I made malware’ jail phone call isn’t proper evidence

READ MORE

“I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Each of the two counts carries a maximum penalty of five years behind bars, a $250,000 fine, and a year of probation. As with most plea deals, he’s likely to get less than that, though he may still spend some time in an American cooler.

While being held in jail after his arrest, Hutchins apparently admitted creating the software nasty. According to the Feds, the Brit at one point told an unnamed associate over a recorded telephone line: “I used to write malware, they picked me up on some old shit,” later adding: “I wrote code for a guy a while back who then incorporated it into a banking malware.”

Now the FBI have their guilty plea, and Hutchins – a professional malware reverse-engineer these days – is facing an uncertain future. But you have to wonder if it was all really worth it for the US authorities. After all, plenty of today’s cyber-security engineers and researchers have toyed with writing malware, even for research purposes. Thus, a stretch behind bars would be a very hard sentence for an offense committed when he was a teen. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/19/marcus_hutchins_pleads_guilty/

Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.

Researchers at the US Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory (ARL), and Towson University have jointly developed techniques that should allow analysts to identify threats faster and with much less data than current methods.

In their research, the scientists found that malicious software tends to be malicious sooner, rather than later, in its network presence. This discovery has allowed them to perform analysis after transmitting much less traffic from an intrusion detection sensor to the analyst than is typically the case. The issue of intrusion detection sensor data volume has become critical as network traffic and malicious activity have both increased, leading to a dramatic increase in the sheer amount of data delivered for analysis.

The research goal is to use less than 10% of the original required data to perform analysis with less than 1% loss of security alerts. That compression will be the topic of the next phase in the research.

The research was presented in a paper at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics.

Read more here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/researchers-find-clues-for-dramatically-reducing-ids-traffic-volume/d/d-id/1334488?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple