STE WILLIAMS

UK cybercops have managed to dismantle more than 2,000 fraudulent shopping websites that have ripped off thousands.

The Met’s Police Central e-Crime Unit (PCeU) hopes smashing the online rogue traders will make online shopping in the run-up to Christmas much safer. The dodgy sites targeted by the action purported to sell a raft of designer goods, including brands such as Nike, GHD, Tiffany and Ugg at bargain prices. In reality many of the sites either took money without delivering the goods or supplied knock-offs.

The scam sites, which hoodwinked thousands and netted fraudsters millions, also created an identity theft risk. Credit card details and other personal information supplied to the sites might easily have been used to make fraudulent internet purchases or to establish lines of credit under false names.

The coppers worked with domain name registries and registrars to investigate the sites prior to the take-down operation, which was announced on Friday.

Detective Inspector Paul Hoare of the PCeU commented: “The sites suspended are registered in bulk by crime groups with the sole intention of duping consumers into parting with their money for, at best, poor quality counterfeit goods, or, at worst, nothing at all. In the run up to Christmas the PCeU will continue to work with Nominet and others to disable as many such sites as possible, but I would urge customers to take all precautions to ensure they buy from legitimate sites only.”

Further advice on safe online shopping can be found at Get Safe Online, Consumer Direct and The Metropolitan Police Service Fraud Alert site. Although billed as a fraud alert websites most of the content offers advice to both consumers and business on commonplace scams, rather than specific warnings about particular websites. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/21/uk_cybercops_fruad_site_takedown/

It isn’t actually news as such: while the DoE’s own Sandia Labs has warned that the notorious Stop Online Piracy Act is a threat to the deployment of secure DNS – DNSSEC to its friends – the fragility of the protocol has been discussed for ages.

The problem is this: an end-to-end protocol is the simplest way to ensure that a browsing session isn’t hijacked along the way by a fake DNS record. Sandia’s letter is, in that sense, merely reiterating what’s already known.

DNSSEC proposes just such an end-to-end protocol. In today’s insecure world, the ordinary end user has very little opportunity to verify that foo.bar really is 192.168.0.10 rather than 192.168.1.10* – which opens the way to DNS hijacking and makes DNSSEC necessary.

The secured version of DNS performs the same basic function of DNS: it’s still a distributed, queryable database that allows humans to put http://www.theregister.co.uk/ into their browser bar, and get directed to 92.52.96.89 to actually get the content. But it mandates that the domain record used for that resolution is cryptographically signed.

As this paper, cited by Sandia, puts it:

“When implemented end-to-end between authoritative nameservers and requesting applications, DNSSEC prevents man-in-the-middle attacks on DNS queries by allowing for provable authenticity of DNS records and provable inauthenticity of forged data. This secure authentication is critical for combatting the distribution of malware and other problematic Internet behavior.

“Authentication flaws, including in the DNS, expose personal information, credit card data, e-mails, documents, stock data, and other sensitive information, and represent one of the primary techniques by which hackers break into and harm American assets.”

The paper was published in May 2011, in response to a different piece of mandated DNS poisoning stupidity, and is entitled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill.

“By mandating redirection, PROTECT IP would require and legitimize the very behavior DNSSEC is designed to detect and suppress,” the paper states. “[A] DNSSEC-enabled browser or other application cannot accept an unsigned response; doing so would defeat the purpose of secure DNS. Consistent with DNSSEC, the nameserver charged with retrieving responses to a user’s DNSSEC queries cannot sign any alternate response in any manner that would enable it to validate a query.”

(It’s worth noting that this latter statement only holds true in a world that’s completely adopted DNSSEC; as Sandia points out, when the majority of assets are still unsigned, browsers will still accept unsigned responses.)

In other words, the fools sockpuppets legislators proposing SOPA’s DNS-interference mechanism have done so when the impact of their thought-bubble was already known.

Moreover, as was pointed out to The Register by Australian Internet luminary Geoff Huston, DNSSEC is designed such that if a fake record is returned – for example, if a US court orders that infringing-site.com returns any address other than the authoritative record – it’s detectable.

“The NXDOMAIN response is a visible fake response in a DNSSEC world. And if you chose to block by non-response, then the DNSSEC NSEC records will again show that this is a lie,” he told us in an e-mail.

Even worse, Huston said, legislation like SOPA could encourage the formation of “darknet” alternative DNSs.

“This will not switch off the content, but will provide impetus for the formation of ‘alternate’ DNS worlds which include the blocked domain names,” he wrote.

“To what extent these alternative worlds will then be populated by ‘fake’ banks, ‘fake’ governments and all other kinds of attempts at trickery is an open question, but it is unlikely that the darker alternate DNS world will be any better than what we have today. So in effect, they argue, these attempts to suppress bad content through mucking around with the DNS encourages other forms of mucking around with the DNS, and that’s not a good thing.”

Nor will the measures proposed in SOPA actually block the content, since users will still be able to locate the “banned” resource directly using the IP address, by running a local resolver, using a foreign resolver, or by editing their hosts file.

As Sandia states, “Even non-technical users could learn to bypass filtering provisions.” ®

*Yes, I know 192.168.nnn.nnn is reserved. It’s an example. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/20/sopa_breaks_dnssec/

Software used to target ads for rental cars has been successfully applied to keeping British youngsters in education or employment after leaving school.

The predictive risk modelling software from IBM was turned to an unusual use by the Kent-based Medway Youth Trust after an employee had a brainwave.

Aware that it is easier to help kids before they get into trouble rather than when they’re unemployed, unqualified and dabbling in petty crime, Data Quality Manager Gary Seaman decided to apply customer behaviour algorithms to information about young people to predict who was likely to wind up in trouble so that the youth services could reach them before they did.

And they decided to use software bought by companies like Avis and life insurers. The result is the Hidden Patterns social enterprise that aims to rescue kids with data. IBM donate the charity their predictive behaviour software for free and the trial has been running since February.

Using data to predict who’s going to get into trouble

Medway CEO Graham Clewes told us that out of the 732 Year 11 students identified by the software in February, 648 were currently in some kind of further education or job: an outcome which is more positive than expected and has saved the 16-17 year olds who were all at risk of dropping out of the system from becoming NEETs, the hard to reach “Not in Education, Employment or Training” group. NEETs ends up costing the government hundreds of thousands of pounds in benefits, healthcare and other problems.

“It’s much easier to get to a young person if they’re still in learning than if they’ve been out for several months,” says Clewes.

The software has saved weeks of staff time as research tasks that could have spanned a fortnight were whittled down to a matter of hours when automated by a computer. It also helps the Medway Trust access and correlate info that would otherwise have been lost.

The stats that show you’re on the wrong path

The IBM software is particularly powerful because it will search through text as well as statistics. This means it brings in information that other data scrapers miss and provides a more complete picture than previously possible.

Information scraped by Medway software includes: CVs, medical records, school reports, write-ups of interviews with youth workers, social care reports and statements by the young person.

That info is combined with date of birth, ethnicity and reports on the young person’s family situation.

“We looked at a lot of technology companies,” says Clewes. “The key thing is that the IBM software analyses text data … it meant that we were able to draw out what patterns might be hidden.”

For example, if a young person is getting alcohol counselling through their local church not through the NHS a straightforward trawl of stats wouldn’t find that info, but if the issue has come up in a conversation with a youth worker, then it will be noted by the Hidden Pattern software.

Clewes stressed that all teens sign consent forms before their data gets used. It is kept confidential and teens can opt for their parents not to see the reports.

The software that can predict insurance sales – and teenagers

The kid-saving software is from the IBM SPSS Predictive analytics suite acquired by IBM when they bought out SPSS in October 2009. It analyses data to predict behaviour.

IBM explain that it uses:

Advanced mathematical and statistical expertise to extract predictive knowledge that when deployed into existing processes makes them adaptive to improve outcomes.

The modeller is the engine of the programme:

IBM SPSS Modeler enables you to discover hidden relationships in both structured and unstructured (text) data – and anticipate the outcomes of future interactions.

Medway Youth Trust has now set up a social enterprise which aims to help other charities, local authorities and central government organisations develop similar models for predicting and reducing NEET status among young people. Over 30 local authorities have expressed interest and Medway are in discussion with the department of Education. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/21/ibm_risk_modelling_software_used_to_keep_kids_in_school/

It isn’t actually news as such: while the DoE’s own Sandia Labs has warned that the notorious Stop Online Piracy Act is a threat to the deployment of secure DNS – DNSSEC to its friends – the fragility of the protocol has been discussed for ages.

The problem is this: an end-to-end protocol is the simplest way to ensure that a browsing session isn’t hijacked along the way by a fake DNS record. Sandia’s letter is, in that sense, merely reiterating what’s already known.

DNSSEC proposes just such an end-to-end protocol. In today’s insecure world, the ordinary end user has very little opportunity to verify that foo.bar really is 192.168.0.10 rather than 192.168.1.10* – which opens the way to DNS hijacking and makes DNSSEC necessary.

The secured version of DNS performs the same basic function of DNS: it’s still a distributed, queryable database that allows humans to put http://www.theregister.co.uk/ into their browser bar, and get directed to 92.52.96.89 to actually get the content. But it mandates that the domain record used for that resolution is cryptographically signed.

As this paper, cited by Sandia, puts it:

“When implemented end-to-end between authoritative nameservers and requesting applications, DNSSEC prevents man-in-the-middle attacks on DNS queries by allowing for provable authenticity of DNS records and provable inauthenticity of forged data. This secure authentication is critical for combatting the distribution of malware and other problematic Internet behavior.

“Authentication flaws, including in the DNS, expose personal information, credit card data, e-mails, documents, stock data, and other sensitive information, and represent one of the primary techniques by which hackers break into and harm American assets.”

The paper was published in May 2011, in response to a different piece of mandated DNS poisoning stupidity, and is entitled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill.

“By mandating redirection, PROTECT IP would require and legitimize the very behavior DNSSEC is designed to detect and suppress,” the paper states. “[A] DNSSEC-enabled browser or other application cannot accept an unsigned response; doing so would defeat the purpose of secure DNS. Consistent with DNSSEC, the nameserver charged with retrieving responses to a user’s DNSSEC queries cannot sign any alternate response in any manner that would enable it to validate a query.”

(It’s worth noting that this latter statement only holds true in a world that’s completely adopted DNSSEC; as Sandia points out, when the majority of assets are still unsigned, browsers will still accept unsigned responses.)

In other words, the fools sockpuppets legislators proposing SOPA’s DNS-interference mechanism have done so when the impact of their thought-bubble was already known.

Moreover, as was pointed out to The Register by Australian Internet luminary Geoff Huston, DNSSEC is designed such that if a fake record is returned – for example, if a US court orders that infringing-site.com returns any address other than the authoritative record – it’s detectable.

“The NXDOMAIN response is a visible fake response in a DNSSEC world. And if you chose to block by non-response, then the DNSSEC NSEC records will again show that this is a lie,” he told us in an e-mail.

Even worse, Huston said, legislation like SOPA could encourage the formation of “darknet” alternative DNSs.

“This will not switch off the content, but will provide impetus for the formation of ‘alternate’ DNS worlds which include the blocked domain names,” he wrote.

“To what extent these alternative worlds will then be populated by ‘fake’ banks, ‘fake’ governments and all other kinds of attempts at trickery is an open question, but it is unlikely that the darker alternate DNS world will be any better than what we have today. So in effect, they argue, these attempts to suppress bad content through mucking around with the DNS encourages other forms of mucking around with the DNS, and that’s not a good thing.”

Nor will the measures proposed in SOPA actually block the content, since users will still be able to locate the “banned” resource directly using the IP address, by running a local resolver, using a foreign resolver, or by editing their hosts file.

As Sandia states, “Even non-technical users could learn to bypass filtering provisions.” ®

*Yes, I know 192.168.nnn.nnn is reserved. It’s an example. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/20/sopa_breaks_dnssec/

Images posted online suggest that hackers may have gained unauthorized access to computers controlling a second water treatment facility, a claim that raises additional concerns about of the security of the US’s critical infrastructure.

Five computer screenshots posted early Friday purport to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas. They were posted by someone calling himself pr0f to counter comments included in a Register article posted on Thursday in which a US Department of Homeland Security spokesman responded to reports of an attack on a separate water plant by saying there was no “credible corroborated data” indicating critical infrastructure was at risk.

“I dislike, immensely, how the DHS tend to downplay how absolutely FUCKED the state of national infrastructure is,” the post stated. “I’ve also seen various people doubt the possibility an attack like this could be done.”

pr0f went on to post what he claims is proof that internet-connected computers controlling other industrial equipment are easily accessible to unauthorized parties. The five pictures show what appears to be the HMI, or human machine interface, controlling highly sensitive equipment used by South Houston’s Water and Sewer personnel. One interface depicts an apparatus for monitoring and controlling the city’s waste-water treatment plant, including a power generator and what appear to be “blowers”, which control air flow.

     

One of five images posted by ‘pr0f’ (click to enlarge)

The Register was unable to confirm claims that the images were obtained through the unauthorized access of the system. City officials have yet to confirm or deny pr0f’s claims, and representatives with DHS didn’t respond to an email seeking comment. The possibility that screen captures of the city’s industrial control systems were made by authorized employees for training or other purposes and later obtained by pr0f can’t be ruled out.

The posting comes a day after industrial control systems security expert Joe Weiss disclosed contents of a November 10 report from the Illinois Statewide Terrorism and Intelligence Center. It claimed that attackers destroyed a pump belonging to a regional water utility in that state by hackers who gained access to supervisory control and data acquisition systems that manage the utility’s machinery. That report remains unconfirmed, although the DHS spokesman said officials from his agency and the FBI are investigating.

While the events over the past two days have yet to be verified, there’s no denying that huge amounts of machinery used in gas refineries, power plants, and other industrial facilities are controlled by computers that are connected to the internet. This raises the specter of core parts of the nation’s infrastructure being taken over and sabotaged if hackers figure out ways to bypass their security controls. Officials are frequently aware of the risks, but financial constraints and personnel matters often trump those concerns.

“For folks with less resources available and tighter budgets, (there’s) web-based remote access,” said Michael Assante, a SCADA security expert and president of the National Board of Information Security Examiners, a nonprofit focused on security workforce training. Having controls available over the internet means many cash-strapped agencies don’t have to have dedicated SCADA engineers on premises around the clock, he explained. “They’re trying to use the technology to maximize the resources they have available to them.” ®

This article was updated to clarify blowers.

Follow @dangoodin001 on Twitter.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/second_water_utility_hack/

The US Securities and Exchange Commission has closed down an investment scam that was touting pre-IPO shares in Facebook, Twitter, Zynga and Groupon.

The SEC alleges that Florida resident John Mattera and others set up a new hedge fund named The Praetorian Global Fund. The Commission alleged that the suspects had claimed to potential investors that they, and other entities, had tens of millions of dollars worth of shares in the tech firms before their initial public offering.

Mattera and his partners Brad Van Siclen, David Howard, Joseph Almazon and John Arnold, allegedly encouraged the investors to part with their cash to be put into an escrow fund to purchase the shares when the time came, and the SEC said they had managed to bag $12m from investors all over the US in the last 15 months.

According to the SEC, none of the individuals ever had any shares in the companies, which also included firms like Bloom Energy and Fisker Auto. The money that was supposed to be going into escrow was actually just going into the personal accounts of Mattera and Arnold, the SEC said.

The Commission asserted that after Arnold had taken his cut, Mattera then grabbed the rest of the dosh to “afford his lavish personal expenses” and to pay the rest of the gang.

“By conjuring up a seemingly prestigious hedge fund and touting the safety of an escrow agent, these men exploited investors’ desire to get an inside track on a wave of hyped future IPOs,” George Canellos, director of the SEC’s New York office, said in a canned statement.

“Even as investors believed their funds were sitting safely in escrow accounts, Mattera plundered those accounts to bankroll a lifestyle of private jets, luxury cars, and fine art.”

The US attorney’s office for the southern district of New York, which was carrying on a parallel investigation, has now filed criminal charges against Mattera and arrested him.

The SEC is now looking for the courts to freeze the assets of all five men and eight different corporate entities listed in the complaint (PDF).

Apparently, it’s not the first time some of these guys have been involved in white-collar crime. Mattera has been in trouble with the SEC before and been “the subject of several state criminal actions”, while Howard was charged by the commission earlier this year for his part in a boiler room operation (a busy and slick telephone operation to sell questionable goods or go the whole hog and do some outright stock fraud). ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/pre_ipo_share_scam_facebook_twitter/

Cryptocard has acquired the patents and intellectual property of GrIDsure, a UK pattern-based authentication start-up that became insolvent earlier this month. Term of the deal, announced Friday, were undisclosed.

The acquired technology will be added to Cryptocard’s existing cloud-based authentication services portfolio, which already offers secure logins to enterprises and service providers based on SMS, software and hardware tokens. Adding grid-based tokens to the mix add another option to Cryptocard’s BlackShield SaaS platform.

GrIDsure’s technology offers a mildly bothersome alternative to passwords. Users memorise the position of (say) four tiles on a grid of numbers instead of a static password. The numbers presented to users changes every time they login, but the position of the required tiles remains secret to the punter – as the video below shows:

The firm marketed its technology as an alternative to hardware tokens from the likes of RSA but it failed to gain traction in the marketplace fast enough. GrIDsure went into liquidation earlier this month after its investors declined to pump more money into its business, CRN reports.

A representative of Cryptocard confirmed that GrIDsure was insolvent; Companies House lists the biz as in liquidation. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/cryptocard_gridsure/

Android mobile malware samples have increased more than five-fold since July alone, according to a study by Juniper Networks.

The ability of anyone to develop and publish an application to the Android Market – in contrast to the more restrictive model applied by Apple for iOS – is at least partly to blame for the huge increase of 472 per cent in little over three months, according to Juniper. The network infrastructure firm also blames the absence of an “adequate code-review mechanism” for the rise.

A blog post by Juniper explains:

These days, it seems all you need is a developer account, that is relatively easy to anonymise, pay $25 and you can post your applications. With no upfront review process, no one checking to see that your application does what it says, just the world’s largest majority of smartphone users skimming past your application’s description page with whatever description of the application the developer chooses to include.

Applications can be removed from the Android marketplace following complaints, but by then any rogue application would have hit hundreds or perhaps thousands of victims. In addition to increased volumes of Android malware (growing exponentially, according to Juniper), the firm is also seeing a growth in the sophistication of malware sample for the smartphone platform. One increasingly popular tactic is establishing a backdoor on compromised devices that can later be used to push secondary infectors or updates onto pwned smartphones, as Juniper explains.

In the early spring, we began seeing Android malware that was capable of leveraging one of several platform vulnerabilities that allowed malware to gain root access on the device, in the background, and then install additional packages to the device to extend the functionality of the malware.

Today, just about every piece of malware that is released contains this capability, simply because the vulnerabilities remain prevalent in nearly 90 per cent of Android devices being carried around today. Attackers know this, and they’re using it to gain privilege escalation on the device in order to gain access to data and services that wouldn’t otherwise be available.

More than half (55 per cent) of known Android malware samples bundle spyware functionality. Malware strains that send text messages to premium rate numbers – netting cyber-crooks a commission fee in the process – are also commonplace. Most malicious applications target communications, location, or other personal identifying information.

Talk of exponential malware growth is alarming – and justified – but needs to be put into context: that this growth started from a low base dwarfed in volumes by the quantity of windows malware. Specialist mobile security firm Lookout, for example, estimates mobile malware instances have more than doubled to nearly 1,000 over the last four months alone. Windows malware estimates routinely exceed 5 million and above.

Juniper reckons that bad guys who used to write malware for Symbian and Windows mobile devices have moved over to Android as Google’s platform has increased in popularity. Android malware instances have increased as a result. In the meantime strains of iOS malware have been limited to the infamous rickrolling worm and a similar banking Trojan a couple of years back, and limited to unlocked devices. Apple’s app store polices – rather than inherent features of either smartphone platform – explain why Android malware is abundant while Apple smartphone malware is almost unheard of, according to Juniper.

The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores. Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware.

Famed researcher Charlie Miller managed to get a malicious application into Apple’s App Store, so Apple is not immune to problems in this area, as Juniper acknowledges. However, in the case of Android, no such restrictions even exist. Juniper concludes:

There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught… which means Android will remain the target of mobile malware writers around the world.

Juniper’s malicious mobile threats report can be downloaded here (registration required). A commentary of its main findings, alongside an infographic, can be found here.

Some security watchers have described Android as the new Windows because of the security problems that are beginning to congregate around the platform. Some operating systems attract malware writers while others are largely avoided for reasons that don’t have much to do with the inherent security of an operating system. Widespread adoption, knowledge among VXers on how to write malware, documentation, and virus creation tools are more important factors.

Android ticks all of these boxes, just as Windows did before it. Unless the lessons of the past are learned, and learned quickly, we risk repeating the same pox-plagued history of Windows desktops on smartphones. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/android_malware_surge/

A security researcher said that he has developed malware for Microsoft’s forthcoming Windows 8 operating system that is able to load during boot-up when it’s run on older PCs.

Peter Kleissner said Stoned Lite – as the latest version of his bootkit is called – doesn’t bypass defenses that will be available to people using Windows 8 on newer machines.

Specifically, he said in a series of Twitter messages, it doesn’t work against PCs using UEFI (Unified Extensible Firmware Interface), which is being held out as a replacement to Bios ROM firmware. Stoned Lite also doesn’t attack a low-level security feature known as Secured Boot, which scans boot drives for invalid signatures prior to starting up.

A previous boot kit – which Kleissner called Stoned – works on Windows 2000 through Windows 7 and is able to load before Windows starts by attaching itself to the master boot record of a targeted PC’s hard drive. Stoned Lite is able to do the same thing for Windows Server 2008 and Windows 8, the Vienna-based developer and researcher said. It works by bypassing the Windows User Account Control, and with a footprint of just 14KB, it can easily be unleashed from a USB or CD drive.

Kleissner said he plans to release further details at next week’s Malcon conference in India.

Microsoft’s announcement in September that it planned to use UEFI was almost immediately met with suspicion from open-source boosters, who claimed the feature could make it impossible to run systems such as Linux and FreeBSD on computers that had adopted the alternative firmware. Microsoft has denied such claims, but many critics still aren’t convinced.

Whatever the merits of that argument, the inability of Stoned Lite to penetrate UEFI and Secured Boot are the strongest endorsements to date that the features work as advertised. At least for now. ®

This article was updated to clarify UEFI and Secured Boot.

Follow @dangoodin001 on Twitter.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/windows_8_bootkit/

Julian Assange has ditched his Swedish legal counsel and lined up a new defence team in readiness for a likely return to the country to face allegations of sexual molestation and rape against two women.

His new lawyers include Per Samuelson, who in 2009 represented Carl Lundström – one of the co-founders of notorious BitTorrent tracker website The Pirate Bay.

At the start of November, WikiLeaks founder Assange was ordered by a High Court judge in London to return to Sweden.

He was arrested by Scotland Yard police 11 months ago and was granted bail earlier this year, after his lawyers secured funds of around £200,000 from a number of celebrity friends.

Swedish prosecutors have repeatedly requested that Assange make himself available for questioning. They issued a warrant for the WikiLeaker’s arrest, however they are yet to file charges in the case.

Assange is still fighting that extradition order. Lawyers acting for him in the UK filed appeal papers with the Supreme Court earlier this week.

But that really is his final chance to appeal against being banished from Blighty to Sweden.

Assange reportedly confirmed in a petition lodged with the Stockholm District Court yesterday that he wanted to work with attorneys Per E Samuelson and Thomas Olsson, according to the Local.

He ditched his previous lawyer, Björn Hurtig, who had represented the WikiLeaker-in-chief in Sweden since September last year.

Olsson told TT news agency that he has had only limited contact with Assange so far. “He’ll have to explain his motivation behind changing defenders,” the lawyer said, who is now reviewing Assange’s case.

Hurtig said there was no conflict between him and Assange over the legal team switch.

“You’ll have to ask him why he’s decided to change. But it’s not unusual that someone change lawyers and he’s chosen two superb new representatives. I wish him the best of luck,” he said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/18/assange_hires_pirate_bay_lawyer/