STE WILLIAMS

Anonymous is claiming to have begun shutting down UK government websites in protest of the treatment of Julian Assange.

At around 8pm UT, the UK Justice Department website went down under a distributed denial of service attack. About 40 minutes later the Department of Work and Pensions website was also taken offline. Both operations were carried out under the name #OpFreeAssange, Anonymous Twitter feeds report.

#OpFreeAssange: TANGO DOWN! justice.gov.uk [500 Internal Server Error] [#Anonymous #WikiLeaks]

— Anonymous Operations (@Anon_Central) August 20, 2012

According to the latest attack data, the next target is the website for the Prime Minister’s Number 10, and automated attack tools are being distributed that try to DDoS that site too.

Number 10 looks to be next on the list (click to enlarge)

All this activity is unlikely to change the government’s attitude to Julian Assange, however. The police cordon around the Ecuadorian embassy is still in place and everyone going in and out is being checked. Downing a few websites is hardly an attack on infrastructure.

Yesterday Assange addressed supporters from the embassy, looking not a little like Graham Chapman in Life of Brian. Assange called on the US to end its “witch-hunt” of WikiLeaks and to free Bradley Manning, the source of the US diplomatic cables. Manning has spent over 800 days in solitary confinement since being arrested. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/anonymous_uk_government_atack/

ICANN’s trademark clearinghouse guidelines for the introduction of gTLDs have been slammed by one of Australia’s largest domain registrars, Melbourne IT.

Melbourne IT has warned that high profile trademark holders will be vulnerable to attack from cyber squatters and counterfeiters unless policy is swiftly changed.

In a new discussion paper, ‘Minimizing HARM‘, Melbourne IT said that under the current regime brands would be forced to pay hundreds of thousands of dollars, as a defensive measure, to register their trademarks under each new generic gTLD to protect their brand from fraud or consumer confusion.

“In a new gTLD world, organizations will still need to be more proactive in monitoring for online infringements, that is not going to disappear; but what we are asking ICANN for is a stronger process to increase consumer protection by shielding high at-risk names that are regularly abused by cybersquatters, phishers and counterfeiters online. ICANN’s current guidelines and initiatives to protect trademark holders do not go far enough,” said Melbourne IT CEO and MD, Theo Hnarakis.

The paper suggests a raft of measures to protect HARM (High At-Risk Trademarks) including the creation of a list of HARMs, which will give those brands greater protection and the introduction of ‘sunrise privileges’ which will allow brands to pay a one-off blocking fee to register the name, waiving any on-going renewal fees. It also recommends the implementation of a rapid take down procedure – within 48 hours of a Uniform Rapid Suspension (URS) complaint- unless a Response Fee is paid equivalent to the URS fee paid by the complainant.

The findings from Melbourne IT’s discussion paper will be presented to the ICANN community for consideration at ICANN’s Toronto meeting in October. Melbourne IT will also hold a working group summit in Washington D.C. on September 18th to further discuss the proposal and the issues it raises.

®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/gtld_brand_headache_for_icann/

AMD’s blog was taken offline after a hacker broke into the chipmaker’s site and lifted a small number of user credentials.

Black hat hacking crew r00tbeersec subsequently uploaded 189 usernames, a similar number of email addresses and and what seems like PHPass-hashed passwords, which it claims were swiped from AMD’s WordPress-driven blog site. The credentials were dumped in a file that tipped the scales at a minuscule 32KB.

Most (174 from 185) of the email addressees appear to relate to AMD and its PR representatives. A few of the records include an unexplained field called “user_activation_key”.

While it’s definitely time to change up passwords for the small number of people involved, the hack appears to pose no danger to AMD’s customers or partners, security watchers reckon.

“All in all, a small deal in the history of security breaches. More of a hackette than a hack, and no AMD customers need to panic, which is good news,” writes Paul Ducklin of Sophos in a blog post covering the breach.

It’s unclear how the breach was carried out or what motivated the attack, beyond pure devilment. AMD replaced its blog with a holding message stating the site was undergoing “routine maintenance”. A screenshot can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/amd_blog_hack/

A strain of resilient Android Trojan has infected 500,000 devices, mainly in China.

SMSZombie is designed to exploit security shortcomings in the mobile payment system used by China Mobile to generate unauthorised payments. The malware also steals bank card numbers and money transfer receipt information, mobile security firm TrustGo explains.

The malware poses as “wallpaper” applications featuring racy titles and nude photos. Users who install these dodgy apps get infected. Disinfecting devices is a tricky process because the malware disables users’ ability to simply delete it, TrustGo warns.

Security Week adds that the malware has already infected 500,000 smartphones and other devices running Android.

SMSZombie has been found on China’s largest mobile app marketplace, GFan. TrustGo’s SMSZombie removal instructions can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/android_smszombie/

Assange calls for help from … Quakers?

Peers out window, appeals for freedom, lectures world

By Simon Sharwood, APAC Editor • Get more from this author

Posted in Security, 20th August 2012 03:58 GMT

Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises

Julian Assange has revealed himself to the world from the balcony of London’s Ecuadorean embassy and made a statement that lays the blame for his predicament on the hypocrisy of the USA.

In the statement Assange calls on the USA to “… return to and reaffirm the values it was founded on” and stop pursuing him lest we find ourselves in “… a dangerous and oppressive world in which journalists fall silent under the fear of prosecution and citizens must whisper in the dark?”

Assange did not specify just which values he wants the USA to revert to, so it’s not clear if he’s referring to taxation without representation and a right to trial by jury mentioned in the USA’s Declaration of Independence, or the desire for freedom of religious expression that was such an important reason for British Dissenters to establish colonies in North America. And let’s not forget the slavery.

We suspect his appeal is for the USA to respect his right to freedom of speech and the principle of freedom of the press … which of course were only floated in 1789, more than a year after the nation’s founding. Both were signed off as an American value with the advent of the First Amendment in 1791, three years after the USA summoned itself into existence.

Assange also made numerous calls for justice for whistle-blowers, calling for “absolute unity and determination in the response” to those who would oppose freedom of speech.

In a speech that only mentioned Sweden in passing and thanked Ecuador for justly throwing him a lifeline, Assange called on President Obama to stop the FBI investigation into WikiLeaks and “renounce its witch-hunt” against the organisation. ®

Free whitepaper – Audi-Volkswagen Middle East improves procurement control

• Send corrections
  
• 30 commentsPost a comment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/assange_to_obama_stop_please/

Shake it Up, a Disney sitcom that screens on The Disney Channel around the world, has slipped in an insult to open source software.

The show, which tracks the activities of a group of aspiring dancers on a TV show called “Shake it Up, Chicago”, appears to be aimed at tweens. We make that assertion based on the age of comments on its web site, the brightly-coloured costumes and stereotypical big-brush-strokes characters.

In the offending episode one such character, a squeaky-voiced, glasses-and-argyle-jumper-wearing kid who is clearly meant to be a nerd, is asked to fix another character’s stricken computer.

His diagnostic repartee sees him ask:

“Did you use open source code to save time, and the virus was hidden in it?”

Upon winning a grudging admission that this course of action was indeed was the cause of digital malaise, the nerd replies that using open source in this way was a “rookie mistake”.

Purloined YouTube footage of the incident is already available, here and below.

Disney will doubtless cause its erasure within moments, so we grabbed a screen shot of the annoying kid to give you the flavour of the show.

Freetards are, at the time of writing, yet to erupt in protest, but that can’t be far off.

In a company the size of Disney it is understandable that the left hand sometimes scarcely knows the other even exists, so there is a jolly good chance this all happened without any knowledge that Disney-owned Pixar recently released some of its production code under an open source licence. ®

Watch Video

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/disney_sitcom_open_source_insecure/

Onion routing – which in spite of its DARPA genealogy are disliked by national security types – could be made more anonymous, according to a an Iranian researcher now working on a PhD at Concordia University in Montreal.

In this Arxiv-published paper, Ehsan Saboori and co-author Shahriar Mohammadi propose separating the “request” and “response” paths on onion networks to improve user anonymity.

Saboori’s paper notes that over time, a user of a technology such as the TOR project can be identified by analysis of network traffic.

His proposal depends on trusted supernodes (someone at Concordia could have proofread the paper, since it’s mis-spelled “suppernode” throughout) to maintain peer lists of participants, and provide peer information to a requester joining the network.

The requester then randomly chooses two paths for its communications: one path to contact the responder (the host the peer is trying to contact), and a different path for responses.

The idea is that traffic analysis becomes more complex, since each requester on the network is able to periodically – and randomly – select new paths to the responder. This makes it difficult for an intruder to identify the origin path of transferred data.

While the supernodes, if compromised, could reveal participants in the network, the existence of the peers doesn’t identify what routes were chosen by a given requester at a given point in time. Anonymity would, however, depend on scale: if a supernode architecture has too few peers, they would be relatively easy to identify.

Saboori also notes that the scheme needs multiple supernodes so that they don’t become a single point of failure (allowing the onion network to be attacked by a DoS against a supernode). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/20/making_onion_networks_more_secure/

Analysis A new academic study has set out to illuminate for the first time the size and structure of the Chinese online underground, and found it affected nearly a quarter of the country’s internet users last year and cost the economy over 5 billion yuan (£500m).

Investigating China’s Online Underground Economy was put together by researchers at California University’s Institute on Global Conflict and Co-operation to highlight the scale and sophistication of China’s cyber black market and to aid global collaboration efforts against hi-tech crime.

The report claims that in 2011 the online underground involved over 90,000 participants, costing the local economy 5.36 billion yuan (£536bn), making victims of 110m internet users (roughly 22 per cent) and affecting 1.1m web sites (20 per cent).

To calculate these figures, the report used stats provided by the major local security vendors, court room documents detailing high profile cases and messages from the underground markets themselves which were relatively easy to track down on certain public web platforms.

It focuses on four main interdependent value chains – the stealing of ‘real assets’ such as banking information; ‘network virtual assets’ such as virtual currency; taking advantage of hacked resources such as botnets, with the intent of making money; selling ‘black hat’ tools, techniques and training to others.

As elsewhere, real assets are mainly stolen by phishing and Trojans. Once those tools do their work, the assets are either sold on the underground market or profited from by being used directly to carry out ID fraud.

Network virtual asset theft, on the other hand, is an increasingly attractive draw for criminals because current consumer laws in China still don’t adequately cover this area, the report said.

Botnets are rented, as in other underground economies, to launch spam rums, DDoS attacks, click fraud and other scams. Smartphones are an increasingly popular attack target.

Black hat operators, meanwhile, discover the vulnerabilities, write the malware or build the attack tools and sell them into the other three value chains along with their own labour in the form of training or physically launching attacks.

All of which paints the picture of a highly developed, completely online, underground cyber crime world not too dissimilar from those which we know already operate across other geographies.

A very Chinese approach to cyber crime

However, the researchers found some differences in the Chinese approach – individual participants were much more prone to use public web platforms to conduct their communications:

In major western countries, the online underground economy typically uses Internet Relay Chat (IRC) protocols to build black market advertising and communication channels. However, due to the uniqueness of the usage behaviour of Chinese internet users, the Chinese online underground economy employs different channels for advertising and communication, such as web forums and QQ chatting groups.

In the online underground economy, there are different social roles and value chains, and participants always hope that their own published supply and demand information will be visible to other participants, enabling a deal to be made on favourable terms for more substantial returns. Thus, internet miscreants often choose simple and convenient ways to build the underground market, relying on jargon to increase concealment on a best effort basis.

Many of the bad actors in this world use Baidu’s PostBar (Tieba) web forum platform and Tencent’s QQ chat service, escaping detection by using a variety of slang, the report claimed.

The researchers said they painstakingly searched through 84 such terms – including “horse” (ma, 马), “channel traders” (baoxiao shang, 包销商) and “material washing” (xi liao, 洗料) – and found 129 post bars dedicated to the underground market.

Baidu PostBar has been claimed to be the largest Chinese web forum on the internet. It provides a keyword-based forum organisation, as well as a loose and convenient login and post mechanism. As a result it has attracted a large number of participants to the online underground economy. Certain slang terms are used as keywords to build underground black markets, such as “material” (liao, 料) post bar. Normal internet users who are not aware of the terminology of the online underground economy will not access this hidden post bar simply due to their ignorance

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/18/baidu_tencent_used_by_chinese_cyber_crims/

While most malware these days tries to work under the radar to avoid detection, a new species has been reported that wipes the drives of the systems it infects.

The Shamoon software carries out a two stage attack, according to an analysis by Israeli security firm Seculert. Once a system on a network is infected, the code scrapes data from other systems via network shares, including those not connected to the internet. It then wipes all the data on the target systems and overwrites the master boot record to brick the system.

The attack appears to be fairly localized, and Symantec reports that at least one energy company has been hit by the malware. It’s not known if the code was responsible for the shutdown of the Saudi Arabian Oil Co network on Wednesday, although the Saudis say oil production was not harmed.

Shamoon’s unusual operating technique has set tongues wagging that this code may be from the same school of writers as Flame. Kaspersky notes that both contain some similar file names, but points out that the similarities are fleeting and probably unrelated.

“It is more likely that this is a copycat, the work of a script kiddies inspired by the story. Nowadays, destructive malware is rare; the main focus of cybercriminals is financial profit. Cases like the one here do not appear very often,” it said in a blog posting. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/17/shamoon_malware_energy/

An anti-WikiLeaks group has admitted responsibility for a sustained DDoS attack that made the Russia Today website intermittently unavailable on Friday.

The Kremlin-funded channel features a talk show hosted by Julian Assange but posts by AntiLeaks, the group which launched the attack, suggest the assault has more to do with the controversial guilty verdict in the trial of Russian feminist punk rockers Pussy Riot.

All three members of Pussy Riot were jailed for two years on Friday after they were convicted for singing an anti-Putin song in Moscow’s Orthodox Cathedral. They were convicted of “hooliganism motivated by religious hatred”.

Russian Today (RT) confirmed a wave of assaults against its main website in a series of Twitter updates (here and here) and in a story on its website.

WikiLeaks condemned the attack on RT as an assault on free speech. “WikiLeaks condemns the attempt to censor RT. RT is an important alternative voice in the West,” a tweet by the whistle-blowing group said.

RT’s editorial line generally supports both Assange and Russian president Vladimir Putin.

Jeremy Nicholls, channel business development director at DDoS mitigation specialists Arbor Networks, commented: “The attack against Russia Today highlights how DDoS is increasingly being used as a method of protest by activist groups in order to voice their frustrations.

“Hackers understand the damage they can inflict upon an organisation when they hit them with a DDoS attack, as they essentially shut down their entire business – meaning customers are unable to access their site, causing significant financial and reputational damage.

“It is therefore extremely important that organisations take the threat posed by cyber-criminals seriously. Organisations should not ask themselves if they will be attacked, they should ask themselves when they will be attacked. It is important for organisations to identify where their most critical assets lie within their network and ensure they are comprehensively protected from opportunistic hackers,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/08/17/rt_ddos_antileaks/