STE WILLIAMS

On September 15, VMware issued a notice that some versions of ESXi, Workstation and Fusion are affected by an out-of-bounds write vulnerability.

VMware makes virtualisation software that allows one computer (the host) to pretend to be one or more pseudo-computers (the guests).

Each guest is a “virtual machine” or VM that thinks it’s a real computer. The VMs are isolated from each other and the host by the virtualisation software.

That isolation is especially important in a hosting environment, where one physical server may provide virtual server instances to several different customers at the same time.

The out-of-bounds write vulnerability in VMware’s products allows guests to break out of their isolation—an attacker could escape the confines of a virtual machine and execute malicious code on the machine the VM is running on.

The impact of this vulnerability is potentially quite high, which is why VMware rates this vulnerability as critical; however, the Zero Day Initiative, which worked with the two researchers who discovered this issue to disclose it to VMware, gives this vulnerability only a medium score of 6.2.

The nuance behind ZDI’s reasoning is that while the impact is potentially high, this is not an easy vulnerability to exploit—it requires local access (either physical access or local shell), and the access complexity is high—in this case, the attacker must already be able to execute low-privilege code on the virtual machine to trigger this vulnerability.

Thankfully VMware issued a fix for this vulnerability (CVE-2017-4924 for those keeping track at home), so the standard advice of “patch ASAP” applies.

ESXi version 6.5, Workstation 12.x, and Fusion 8.x on OSX are all vulnerable to this bug, so update as soon as you can if you haven’t yet.

Follow @NakedSecurity
Follow @mvarmazis

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/BmtB1RJXx3U/

You might not be aware of a porn site titled teen[sexual orientation][bodypart].com.

You most certainly don’t want to discover that site when you type in your company’s URL and get redirected to teen[sexual orientation][bodypart].com… all thanks to refusing to pay a $10,000 ransom to an IT admin contractor from Hell.

The IT admin is Tavis Tso, a 40-year-old Arizona man who’s confessed to lying to a client company in Phoenix, telling them he didn’t have the login information for their account with the registrar GoDaddy (likely for domain name or hosting).

Tso had renewed the company’s GoDaddy account in 2011. In May 2015, the company wanted to update its contact details with the domain registrar. Can’t help, Tso said; I don’t have the login anymore.

Fibber. He did have the login.

He just didn’t want to give it to them, instead changing the contact information in the GoDaddy account so he could defraud the company, Tso said in a plea deal. Then, he went ahead and set up his own account with Microsoft to take over the company’s domain.

This all went down between May and June 2015.

By tweaking the account, Tso made it so the company’s employees couldn’t use their email accounts. At first, he redirected the company’s homepage to a blank page. Then, he offered to make it all better… in exchange for a cool $10,000 for returning everything to normal.

No dice, the company said. After the company refused to pay the ransom, Tso redirected the company’s homepage to the porn site. Visitors to the company’s website were redirected for several days, during which they found themselves looking at teen something-something, before the company’s homepage was returned to normal.

According to a release from the Arizona US Attorney’s Office, Tso was sentenced on Monday to four years of probation and an order to pay $9,145 in restitution after having pleaded guilty to one count of wire fraud.

And just how did this young extortionist IT admin from Hell escape jail time? According to the sentencing memorandum, posted courtesy of Ars Technica, assistant US Attorney Matthew Binford said that the crime, committed by Tso when he was 39, was apparently out of character: a “one-time lapse.”

Given the fact that this appears to be a one-time lapse in judgment, a term of probation is the best way to address the seriousness of this offense, while affording adequate deterrence to future criminal conduct and protecting the public from future crimes.

How to keep your domain from redirecting to What the (*^?!

As we’ve advised in the past, a sound course of action in dealing with security breaches, be they from malicious insiders, insiders who make mistakes or contractors, is to have an incident-handling plan in place before a breach takes place, rather than after.

For example, a good incident-handling plan includes things such as the distribution of call cards, which could help in the event that normal communications are held hostage by a malicious insider who disrupts access to the LAN so that nobody can find anyone else’s phone number and email.

Knowing how to report crimes and engage law enforcement can also be important.

Naked Security has published a series of quick guides on reporting computer crimes that should help your organization find out who to contact if you need them.

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/VraoZaQkFwY/

Slack is distributing open Linux-based versions of its technology that are not digitally signed, contrary to industry best practice.

The absence of a digital signature creates a means for miscreants to sling around doctored versions of the software that users wouldn’t easily be able to distinguish from the real thing.

El Reg learned of the issue from reader Trevor Hemsley, who reported the problem to Slack back in August and only notified the media after a promised fix failed to appear.

“Slack distribute Linux packages for their app and those packages come from a yum repository that does not have a GPG key and the packages are not signed,” Hemsley explained.

“This means that anyone who has installed Slack on an RPM-based Linux system has effectively given root access to packages that contain unknown and unverified content. If Slack were to get owned in the same way as MeDoc in the Ukraine, all Slack users would just pull down hacked packages and merrily install them on the system, giving instant root access.”

Slack is whack

Standard practice is for software packages to be signed with a key, and for people to trust only packages signed by either the distro team or someone they trust.

GPG signing RPMs on RedHat/CentOS/Fedora, etc, is recommended. The Slack RPM is not signed. El Reg approached Slack’s PR team for comment and was told: “Slack takes security very seriously and we’re constantly looking for ways to improve. This is something we’re indeed working on. It’s been on our roadmap for quite some time and is coming very soon.” ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/09/21/slack_linux/

Cisco’s Talos security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded it’s purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to targeted companies.

The malware that made its way into CCleaner gathers information about its host and sends it to what Talos calls the “C2 server”. Whoever is behind the malware then reviews the hosts its code has compromised. It then tries to infect some of those hosts with what Talos characterises as “specialized secondary payloads”.

Those payloads sometimes seek out top tech companies: Talos says its examination of code on the C2 server lists targets including itself, Microsoft, Sony, Intel, VMware, Samsung, D-Link, Epson, MSI, Linksys, Singtel and the dvrdns.org domain, which resolves to dyn.org.

The malware aimed at those companies creates a backdoor into machines it infects, leading Talos to suggest “This would suggest a very focused actor after valuable intellectual property.” The firm’s researchers also suggest China could be the source of the attack, noting that the malware specifies use of Peoples Republic’s timezone and that it shares code with tools associated with thought-to-have-Chinese-origins hackers known as “Group 72” that is felt to be involved in previous attacks attempting IP theft.

Talos says it can “… confirm that at least 20 victim machines were served specialized secondary payloads.” The firm doesn’t name the victims or specify that they are any of the tech companies named above, as its researchers say the list of target companies changes. Cisco informed those it believes have been infected.

Kill it with fire. Twice, if possible

“These new findings raise our level of concern about these events, as elements of our research point towards a possible unknown, sophisticated actor,” Talos’ post says. “These findings also support and reinforce our previous recommendation that those impacted by this supply chain attack should not simply remove the affected version of CCleaner or update to the latest version, but should restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system.”

What are you waiting for, people? Get to those backups now! ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/09/21/ccleaner_secondary_payload_targeted_top_tech_companies/

It has been a mantra for so long that it’s a cliché: Humans are the weakest link in the cybersecurity chain. The best technology in the world can’t protect an organization from an employee (and that includes top management) falling for a well-crafted social media or phishing attack.

Of course, the best security awareness training in the world might help strengthen that link, but according to people like Lance Spitzner, training director for the SANS Securing the Human Program, it’s not happening.

“We have invested a huge amount of effort in the past 15-20 years securing one type of operating system (Windows OS) while investing almost nothing in securing the other operating system (Human OS),” he said.

A point he made with this tongue-in-cheek chart:

So it should come as no surprise that the latest report from the Ponemon Institute, which surveyed 1,000 IT professionals across North America and the UK, finds that a majority – 54% – of those that suffered data breaches said the root cause was “negligent employees.”

In spite of constant calls for better security awareness training, that percentage is up from last year’s 48%. And it could be even worse, since, “almost a third of the companies in this research could not determine the root cause (of the breach),” the report said.

The anecdotal evidence, going back years, supports the statistics. At 2012’s DEF CON, Shane MacDougall won the social engineering “capture the flag” contest by getting a Wal-Mart store manager to give him 75 pieces of information over the phone in 20 minutes.

Wired reporter Mat Honan reported in the same year that, “in the space of one hour, my entire digital life was destroyed,” thanks to his own security lapses (no 2FA!) and the “helpfulness” of Amazon and Apple tech support.

And just this week, the BBC reported on the sacking of a finance director who fell for an order from his “boss” to pay £50,000 to a supplier.

The results of that weakest link are also depressingly familiar. Ponemon reports that:

• Cyber attacks against small and medium-sized businesses (SMBs) increased from 55% to 61% in the past 12 months.
• Ransomware showed a huge spike, from a reported 2% last year to 52% this year, with 79% saying the ransomware got into their systems through phishing/social engineering.
• While strong passwords and biometrics are “an essential part of the security defense … 59% of respondents said they do not have visibility into employees’ password practices …”
• The average cost of attacks rose, from $879,582 to $1,027,053 for damage or theft of IT assets and infrastructure; and from $955,429 to $1,207,965 for disruption to normal operations.

And the reasons why this is so are also familiar. Among them:

• Attackers take advantage of the general tendency of people to want to be helpful.
• People are trained to be compliant with authority figures, hence they are more likely to fall for attackers posing as law enforcement, top management or even HR.
• Phishing continues to improve. In the case of the finance director mentioned above, the email address looked genuine, and since the real boss had posted pictures on social media of his Greek island getaway, it made sense when the fake boss said he didn’t want to be disturbed because he was on holiday.

All of which should be a signal to company leadership that IT clichés like PEBKAC (Problem Exists Between Keyboard and Chair) or “you can’t patch stupid” are getting in the way.

It’s an attitude that sets people like Spitzner off.

“The reason people continue to be the weakest link is that most organizations continue to fail to invest in them,” he told Naked Security. “If you want your awareness program to really be a success, put a FTE in charge of it. Too many programs have minimal support and maybe 15% of someone’s time.”

And in a post this week on the SANS blog, he said that since people “store, process and transfer information,” they are targets just like operating systems, apps and other computing technology.

His blunt assessment: “we the security community have failed to secure them.”

To do that, he said, will require, “mature awareness programs that focus on key behaviors that people can easily exhibit. We have failed to engage people in their own terms that they can easily understand.”

But there is also some ongoing debate about the best way to do that. At last year’s Black Hat, several presenters argued that making employees hyper-vigilant could create paranoia leading to a, “constant state of distrust,” and would interfere with, “how people actually do their jobs.”

But Kevin Mitnick, once known as the “world’s most wanted hacker” and now head of Mitnick Security Consulting, said at the time that regular, even intense, awareness training shouldn’t have a negative effect on morale or productivity.

“That would be like saying wearing a seat belt takes away the enjoyment of driving. Or locking your car makes people drive poorly,” he said. “In the world we live in, security precautions become second nature, and people adapt.”

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/_ALYYwJDt60/

FedEx has estimated this year’s NotPetya ransomware outbreak cost it $300m in lost business and cleanup costs.

Most of the victims of June’s NotPetya epidemic were based in Ukraine, but several global corporations were also infected by the software nasty – including shipping giant Maersk, ad behemoth WPP, pharmaceutical beast Merck, and FedEx’s TNT Express division.

An update on TNT’s progress in restoring systems to normal as well as estimates of the financial toll taken by the outbreak came as the biz reported reduced earnings during the three months to August 31.

FedEx execs reckon systems will only be fully restored at the end of September, three months after the file-scrambling nasty romped through networks.

“Most TNT Express services resumed during the quarter and substantially all TNT Express critical operational systems have been restored,” FedEx said in a statement yesterday. “However, TNT Express volume, revenue and profit still remain below previous levels.”

“Operating results declined due to an estimated $300m impact from the cyberattack, which was partially offset by the benefits from revenue growth, lower incentive compensation accruals and ongoing cost management initiatives,” it added.

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

READ MORE

During a conference call with financial analysts on Tuesday, FedEx’s chief information officer Rob Carter explained that the delivery giant had traced the cyber-break-in back to an infected tax software update to its Ukrainian office.

By that, Carter means tainted updates of MeDoc, Ukraine’s most popular accounting software, which were silently poisoned with NotPetya by hackers. Once the upgrade was downloaded and installed by victims, the software nasty, hidden within the update, got to work scrambling documents across orghanizations.

Carter explained that the infection was extremely disruptive even though it didn’t expose any customer data. “This attack was the result of [a] nation state targeting Ukraine and companies that do business there,” he said, adding that the delivery firm was accelerating efforts to upgrade TNT legacy systems in hubs and depots worldwide.

The BBC reports that staff were faced with tens of thousands of unprocessed packages in the immediate aftermath of the ransomware instead of a “handful” of unsorted items.

FedEx’s chief operating officer David Bronczek defended the decision not to turn away business “despite being reduced to manual processes for pick-up, sort and delivery” in the immediate aftermath of the assault.

Other corporate victims of the NotPetya ransomware outbreak are also counting the cost. Maersk also estimates it is $300m out of pocket as a result of the outbreak. Reckitt Benckiser – the consumer goods firm behind the Dettol brand and Durex condoms – said the attack cost it £100m ($136m). ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/09/20/fedex_notpetya_damages/

A Chinese national has admitted he coordinated a massive piracy ring that shifted more than $100m in bootleg Microsoft gear.

Orland Liu, 37, was said to be part of an international operation that included himself and at least seven other counterfeiters and resellers in the US who knowingly shifted knock-off copies of software from Microsoft and Adobe.

The US Attorney’s office of Missouri accused Liu of obtaining hundreds of thousands of legit product keys from someone within China that could be used to activate software from both Microsoft and Adobe.

Liu’s indictment [PDF] charged that after getting the product keys from his source in China, he enlisted the help of resellers in the US to design counterfeit activation cards and copies of software that were then sold as genuine, in an operation that ran from 2010 until 2015 and generated more than $100m in revenues. Agents who broke up the ring say they have also seized more than $20m in unsold products.

At least some of the product keys were presented to punters as codes assigned to Chinese PC shifter Lenovo, prosecutors claimed.

While the resellers in the US handled much of the sales through their own websites or on Amazon and eBay, Liu himself also had a hand in some of the transactions. In 2015, he admitted to selling 500 Microsoft Office product keys for $35,000 to one of Uncle Sam’s undercover g-men.

Liu, who was collared in Dallas on his way back to China from a US trip, was found to be carrying nearly $80m worth of stolen Microsoft product keys at the time of his arrest. He also helped orchestrate the design and printing of the boxes, discs, and product activation cards for the counterfeit software.

He now faces up to 10 years in an American cooler after pleading guilty on Tuesday to one count of conspiracy and one count of trafficking in counterfeit labels.

Spokespeople for Lenovo, Microsoft and Adobe were not immediately available for comment. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/09/20/chap_busted_100m_software_piracy_racket/

For years, we’ve known that there’s a flaw in the backbone of the public switched telephone network (PSTN) that makes it vulnerable to hackers, crooks and surveillance-happy governments.

The flaw is in Signaling System No. 7 (SS7): the telephony signaling protocols used to establish interoperability across more than 800 service providers worldwide. SS7 is what lets you receive an SMS text from anywhere, be it at home, in a moving car or traveling abroad, using a foreign network.

Unfortunately, third parties can breach SS7, enabling spying, data interception and redirection of two-factor authentication (2FA) codes that a bank sends to its customers.

That’s what we saw in May: crooks pried open that SS7 vulnerability to raid consumers’ online bank accounts. It was a two-pronged attack that zeroed in on SS7 call-forwarding features that allow networks to validate your SIM card when you travel internationally. First, the hackers sent phishing emails; then, they vacuumed up account numbers, phone numbers and passwords, set up a redirect for the victim’s mobile phone number to a handset they controlled, then swooped in late at night to log onto the accounts and set up money transfers.

Now, we have yet more troubling news on the SS7 front and more evidence that you shouldn’t use texts for two-factor authentication (2FA). In a video uploaded on Monday, researchers from the Russian security firm Positive Technologies demonstrated that they were able to use the SS7 flaws to take control of a Coinbase Bitcoin wallet and suck out funds.

Here’s the video:

Being security researchers, they didn’t steal anything, but they did show that it’s easy as pie to do so. All a hacker needs is a bitcoin wallet users’ first name, last name and mobile phone number.

As the video shows, the Positive researchers targeted a Coinbase account protected by 2FA. The bitcoin account was registered to a Gmail account that was also protected by 2FA.

They started at Gmail, using Google’s service to find an email account with a victim’s phone number. Once they identified an email address, the hackers used it to reset the password, which is done via email. Since the hacker in this scenario knows the victim’s phone number, they can exploit SS7 vulnerabilities to intercept the SMS text that contains the one-time authorization codes for account recovery.

Next, the attacker chooses a new password and takes over the Gmail account. Next, it’s on to the Coinbase website, where they do another password reset by using the email account they’ve just hijacked.

The vulnerability of Gmail and Coinbase/Bitcoin to this attack is only the latest in a long history of SS7 exploits. At the time of the SS7-facilitated bank account raids in May, Bank Info Security summarized the exploit history of SS7, which was developed in 1975 and has since been picked apart in oh, so many ways:

• Tobias Engel’s 2008 Chaos Communication Congress presentation showed how unauthorized SS7 users could track a phone’s location.
• Ed Snowden’s 2013 document dump revealed that the NSA was using SS7 to spy on individuals.
• Karsten Nohl’s 2014 Chaos Communication Congress presentation showed how SS7 could be hacked, enabling hackers to listen to calls, read short messages, and intercept internet traffic. (He even demonstrated the technique by hacking a US Congressman’s messages on America’s number one news documentary program, 60 Minutes.)
• The same year, Positive Technologies demonstrated even more powerful SS7 message interception and redirection hacks using standard Linux PCs and freely accessible software tools, reporting that “the world’s 10 largest mobile telephony providers were vulnerable… and that blocking related exploits was difficult, because attacks could be crafted using legitimate SS7 messages, meaning it was almost impossible to filter them out.”
• Also in 2014, Ukraine’s telecommunications regulator reported evidence of “in the wild” SS7 attacks apparently coming from Russia.

As Naked Security has noted in the past, the long-term solution is to fix SS7. According to the UK’s National Security Cyber Centre, they’re already at work at hardening SS7, with the aim of stopping “trivial re-routing of UK traffic,” to make it much tougher to pull UK machines into scaled distributed denial-of-service (DDoS) attacks, and to ultimately get the hardened protocols propagated out into the major phone exchanges. The US National Institute for Standards and Technology (NIST) also recently published new guideliness forbidding SMS-based authentication for the US public service.

SS7 hacks are, in fact, only one of the ways that thieves can divert a target’s SMS messages and calls to another device. They can also social engineer a customer service person at the phone company, for one, or they can drain accounts in what’s known as a SIM swap.

As Naked Security’s Paul Ducklin has explained, SIM swaps – when you swap out your subscriber identity module (SIM) card in order to activate a new handset – can be done fraudulently. In fraudulent SIM swaps, crooks’ objectives are to intercept your 2FA codes; change as many profile settings on your account as they can; add new payment recipient accounts belonging to accomplices; and to milk money out of your account and into an account from which it can be withdrawn quickly in cash, never to be seen again.

Paul gives a ton of good advice about how to avoid falling prey to SIM swaps, which are common enough that ActionFraud UK, part of the UK’s National Fraud Intelligence Bureau (NFIB), warned about it recently.

For example, you might consider switching from SMS-based 2FA codes to codes generated by an authenticator app. Doing so means that the crooks have to steal your phone and figure out your lock code in order to access the app that generates your unique sequence of logon codes.

Indeed, that’s the advice that Coinbase is giving customers. Daniel Romero, Coinbase vice president of operations, told Forbes that the company has been talking to customers about migrating from SMS-based 2FA to apps like Google Authenticator, among other things:

Additionally, we’ve enhanced our own monitoring systems to prevent phone-related security threats. We are continuing to monitor this vigilantly.

But as Paul notes, even avoiding SMS-based 2FA codes isn’t a cure-all:

Malware on your phone may be able to coerce the authenticator app into generating the next token without you realising it – and canny scammers may even phone you up and try to trick you into reading out your next logon code, often pretending they’re doing some sort of “fraud check”.

If in doubt, don’t give it out!

To learn more about the dangers of SIM swaps and what you can do about them, read Fraudsters draining accounts with ‘SIM swaps’ – what to do.

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/c-XndbGk0Ec/

World infamous torrent site The Pirate Bay should probably have told its visitors it planned to use their browsers for mining cryptocurrency, but pirates don’t make a living by asking first.

Signs something was afoot surfaced on Reddit last Saturday, where users started complaining about extremely high CPU utilisation when they loaded certain pages.

Said one visitor:

Just a heads up because I think it’s very unusual and suspicious behaviour.

Made aware of complaints, within hours a site admin owned up:

We really want to get rid of all the ads. But we also need enough money to keep the site running. Do you want ads or do you want to give away a few of your CPU cycles every time you visit the site?

The Pirate Bay, it transpired, had embedded coin-hive JavaScript code on search pages to mine the booming Monero (XMR) cryptocurrency.

The site’s response to the complaints? Adjust the miner so CPU time dropped from the reported 80-100% to only “20-30%”.

The intriguing issue is whether The Pirate Bay (unreachable from many countries but accessed through special proxies, a VPN, or Tor) has inadvertently hit on an idea that might help other sites move on from ads and help currency mining jump from the dark side.

Unauthorised web cryptocurrency mining has been around for years but it normally turns up in malware. The economics are simple: mining needs lots of computing power and electricity so hijacking other people’s computer to do the job reduces the fixed costs to zero. Get mining malware on to lots of computers and the potential profits scale invitingly.

Only this week, new research reported that mining malware has surged six-fold during 2017, with almost all of the growth coming from Monero, which uses the CryptoNight algorithm.

Monero seems to be the hot button thanks to the increased privacy it offers compared to Bitcoin, which is why it’s reputedly popular on the dark web and why the WannaCry authors preferred it to their bitcoins.

Sidestepping the tangled ethics of borrowing CPU without consent from visitors to a site accused of hosting illegal content, mining is also not a bad fit for The Pirate Bay. Users spend longer on Torrent pages than they might on a simple content site, which in theory gives the miner more time to do its job.

Although it didn’t go down well with Pirate Bay users to begin with, borrowing CPU time might still, for some people, be preferable to the intrusive ad surveillance model that supports many mainstream sites.

In fact, the idea of borrowing CPU cycles is already central to SETI@home, a long-running University of California at Berkeley project that distributes the gargantuan task of spotting extra-terrestrial life in radio transmissions to the PCs of volunteers. This kicks in when it detects the PC is not being used so owners are not hindered.

A problem is that browser-based mining is easy to block – users can either disable JavaScript entirely or use a plugin like NoScript, or an ad-blocker, to knock out unwanted code.

And yet, among the Reddit response to the mining test, there emerged some support:

I don’t really mind spending extra CPU if it helps tpb.

Others said they would be supportive if the high-CPU issue could be solved.

In the end, the ultimate success of the browser mining idea will depend on consent, and the stability and image of cryptocurrencies themselves. These remain in their infancy and they have numerous critics. Consenting cryptocurrency mining is feasible but don’t expect big-brand websites to drop their surveillance ads just yet.

Follow @NakedSecurity
Follow @JohnEDunn

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/qRwqfHZ-LKo/

Twitter KOs terror-related accounts

Twitter has suspended nearly a million accounts for promoting terrorism in the last two years.

The social networking giant outlined the activity in its latest transparency report. The report is designed to share information about government terms of service (TOS) requests Twitter receives and how it handles them. The new report focuses heavily on the suspension of terrorist-related accounts.

In the past year, Twitter said the second-highest volume of requests from governments around the world dealt with terrorism:

We are referring to accounts that actively incite or promote violence associated with internationally recognized terrorist organizations, promote internationally recognized terrorist organizations, and accounts attempting to evade prior enforcement.

The microblogging platform also reports that it’s seen an 80% reduction in such accounts reported by governments compared to the previous reporting period (the six months leading up to the end of December 2016.)

Twitter received a total of 6448 global government requests for account information between January and June, with the USA accounting for about one third.

WhatsApp says UK can’t tap encrypted messages

Instant messaging service WhatsApp has said no to UK government demands that it offer access to encrypted messages, according to Sky News.

The UK’s concern is that terrorists are “frequent users of encrypted apps” like WhatsApp and Telegram, and that the government’s inability to access terrorists’ encrypted conversations is creating a “black hole” for security services. That concern has grown significantly because encrypted messaging apps were used ahead of the attacks on Westminster, Manchester and London Bridge, Sky News said.

WhatsApp said in a statement that it “appreciates the work that law enforcement agencies do to keep people safe around the world” and are prepared to “carefully review, validate and respond to law enforcement requests based on applicable law and policy.”

But in this case, WhatsApp said it can’t offer up that kind of data because WhatsApp doesn’t collect/store message contents.

Apps like WhatsApp, Telegram and Apple iMessage use end-to-end encryption, which scrambles messages via code on the user’s device. As a result, the app providers can’t access the content of a message. And while WhatsApp  didn’t mention it directly, there has been a larger concern among privacy advocates that weakening encryption for some weakens it for all.

The UK is now pushing for a technical solution that will allow such access in the future, and has asked WhatsApp and the others to come together to find a compromise.

Russia targets dark web drug market

The Russian Interior Ministry has pulled the plug an online drug market operating through Tor, according to the state-run TASS news agency and The Moscow Times.

The Russian Anonymous Marketplace (RAMP) has apparently been in business since 2012 and has grown to an estimated 14,000 members. The Moscow Times said:

RAMP reportedly served as an online forum for buyers to connect with dealers. Transactions were then made outside the forum and deliveries made via “dead drops.”

Deputy Interior Minister Mikhail Vanichkin told TASS that RAMP was shut down in July.

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @BillBrenner70

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/73Up_nHqzI0/