STE WILLIAMS

A teenage computer crook faces prison after admitting hacking offences, including breaking into former British Prime Minister Tony Blair’s electronic address and phone book.

Junaid Hussain, 18, of Birmingham, swiped the sensitive information after unlawfully accessing a GMail account used by Katie Kay, a Blair aide. The hacker, who was a member of hacktivist crew TeaMp0isoN, also admitted publishing the purloined contacts list online, a move that triggered safety fears for the Blairs at the time.

Hussain (aka “TriCK”) also pleaded guilty at London’s Southwark Crown Court to flooding the UK’s national anti-terrorism hotline with more than 100 automated calls in a denial-of-service attack. His antics were said to have prevented legitimate callers from contacting officials.

Judge Peter Testar asked for reports from probation officials, and warned Hussain he was likely to go to jail for his offences when he reappears in court for sentencing on 27 July. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/03/terror_hotline_cybercrook_faces_jail/

Microsoft has named two individuals who it says are the leaders behind the Zeus botnet and has passed on its dossier on them to the FBI.

Redmond fingered Yevhen Kulibaba and Yuriy Konovalenko as the two key players behind the botnet in an amended criminal complaint and told the FBI that the two were key to both the botnet itself, and to finding other individuals who were responsible for spreading an operating the malware and laundering the funds it was used to steal.

The FBI isn’t going to have to look far for the duo however, as they are serving four years sentences in British prisons for Zeus-related charges. After they have finished their terms at Her Majesty’s pleasure then the US can join the queue of countries looking to extradite the pair.

The two men, both Ukrainian, pleaded guilty to charges of conspiracy to defraud and received four year and eight months sentences. They, and 11 other co-conspirators, were arrested after an investigation by the UK’s Central E-Crime Unit (PCeU).

“We will continue our efforts to serve defendants Kulibaba and Konovalenko, and the John Doe defendants, with this amended complaint,” said Richard Boscovich, senior attorney Microsoft’s Digital Crimes Unit in a blog post.

“Meanwhile, the botnets’ command and control domains remain disabled. It is Microsoft’s goal to ensure that these domains ultimately remain disabled, and we hope the evidence collected from these domains leads to a criminal investigation.”

Boscovich said that the takedown of the botnet had been a major success and the number of infected PCs found in the wild has fallen from 779,816 in March to 336,393 for the last week in June. Spam messages purporting to come from the Electronic Payments Association that were used by the malware operators have also dropped around 90 per cent. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/03/microsoft_names_zeus_ringleaders/

Chinese internet darling Qihoo 360 Technology has been accused by the research arm of hacktivist group Anonymous of deliberately overstating the volume of traffic to its site in order to attract advertisers, allegations which if true could see it kicked off the New York Stock Exchange.

Qihoo has had a spectacular impact on its domestic market since it broke onto the scene in 2006, and now claims there are over 410 million active users of its AV software and web browser offerings.

The firm also followed rival Chinese web giants Baidu and Alibaba recently in announcing plans to launch an own-brand smartphone in an attempt to attract more users to its online services.

The firm makes most of its money out of advertising, but according to a new Anonymous Analytics report it is exaggerating traffic stats in order to charge exorbitant fees.

Qihoo’s primary revenue generator is directory page hao.360.cn. A small percentage of money comes from Google, thanks to a search box embedded on the page, with the majority coming from direct links, said Anonymous.

Qihoo states that on average it can charge approximately 320,000 yuan to 350,000 yuan [£32-35,000] per month, per link on its directory page. In some cases, Qihoo claims it can charge up to 1 million yuan [£100,280] per month per link in its “Famous Sites” section.

These figures may seem like exorbitant monthly sums to charge clients to simply place a link on a crowded directory page – and they are. As we previously mentioned, we know of no other company, public or otherwise, that has generated material revenue by selling links on a directory page, much less created a sustainable business from this model.

Given that so much rests on the authenticity of Qihoo’s apparently huge user base, analysts and investors called on the firm to verify the stats via a third party, so it reached out to comScore, according to the report.

However, after adding a comScore tag to the HTML source code of hao.360.cn at the beginning of the year, Qihoo abruptly removed it again last month without explanation because it didn’t like what it saw, claimed Anonymous.

The report then reveals what it claims to be data collected during that time which shows traffic to the directory page less than 50 per cent that of Baidu’s own directory site – despite Qihoo claiming to have more visitors than its web rival.

“The reality is that Qihoo is an internet company whose primary prospect is a delisting,” the report alleges. “We have uncovered smoking gun evidence that Qihoo is grotesquely exaggerating its traffic volume, and in the process committed securities fraud.”

This is not the first time Qihoo has been in the dock over alleged fraud. Online short seller site Citron Research produced a lengthy and damming assessment of the firm in December last year.

For a counter-argument, take a look at this blog post from Bill Bishop, the founder of financial news site MarketWatch.

Qihoo has also been in trouble with Apple most recently, when its web browser, security suite and instant-messaging client were all chucked out of the Chinese iTunes store for a few days.

The Register contacted comScore and Qihoo for a response to the allegations but none was forthcoming at the time of writing. The Chinese firm did deny all allegations to Bloomberg as innacurate, however.

“This report is basically a repetition of what other short sellers said before,” the firm’s CFO Alex Xu told the newswire. Shares in the firm apparently dropped 7.5 per cent on the news.

On this point, it’s worth noting that Anonymous admits that some of the contributors to the report may have a vested interest in besmirching Qihoo:

You should assume that certain contributors to this report, as well as their members, partners, affiliates, colleagues, employees, consultants, clients and investors, as well as our clients have a short position in the stock of Qihoo 360 and/or options of the stock, and therefore stand to gain substantially in the event that the price of the stock declines.

®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/03/qihoo_fraud_traffic_comscore/

Cisco was forced into reverse ferret mode late last week, after it automatically updated some of its Linksys routers in such a way as to make use of its Cloud-based management console obligatory.

But – following howls of protest from its customers – Cisco began offering punters the option of rolling back the firmware update to its EA Series of routers on Friday.

Some users posting on forums were particularly upset that Cisco had applied the changes to the routers where customers had previously agreed to have their firmware automatically updated.

One Reg reader alerted us to the issue by grumbling about the terms of service imposed by the networking kit giant.

As noted by Computer World, which was first to report the update causing concern among customers, some had expressed doubts about the security of cloud-based local area network (LAN) administration over Cisco’s service.

Those attempting to control their routers without an internet connection found they were greeted with a local management interface that was strikingly different to the one found on the previous firmware.

It was claimed that routers could only be configured in a limited fashion for specific network and security settings. Other options such as parental controls and USB storage were only accessible after the device was plugged back into the internet.

One customer with the handle TonyPHX on Cisco’s home community forum said:

I was actually really looking forward to the potential for the cloud apps on the 4500. What I see now is a serious deficiency in having to be forced to go through the cloud for basic router functionality. The interface is pretty but functionally inferior and slow to do edits with. Honestly, it is a real let down.

But to restrict functionality and access to functions UNLESS signed into the cloud? No way jose. Cisco, you are a hardware manufacturer, NOT my network administrator by proxy.

The routers subjected to the firmware update were the EA4500, EA3500 and EA2700 models. That kit had been specifically designed by Cisco to run third-party apps.

The devices were only released in April this year and at the time Cisco did say that it would begin offering free software that would allow the routers to be managed remotely via its cloud service.

A Cisco administrator said in the post detailing how customers could roll back to the older version of the firmware:

We are sorry to see you downgrading to our Classic software (non-Cloud) on your EA Series Router. Your EA series router with Cisco Connect Cloud software provides you a new way to experience your connected home and a growing ecosystem of apps. By downgrading your firmware to Cisco Connect 1.4 you are not able to take full advantage of your new EA Series Router.

However, the Cisco wonk then went on to explain in detail how to downgrade.

The networking giant’s privacy policy was also lambasted by Cisco customers, who complained that the company’s terms of service were “intrusive”.

Another customer claimed among other things that Cisco would track a user’s internet history and manage bandwidth and usage.

The Register asked Cisco to comment on this story. It declined to give us a statement and instead steered your correspondent toward a blog post penned by its home networking veep Brett Wingo.

“When a customer signs up for a Cisco Connect Cloud account, personal information is used only to establish an account in order to provide customer support,” he said.

“Cisco Connect Cloud does not actively track, collect or store personal info or usage data for any other purposes, nor is it transmitted to third parties.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/02/cisco_router_firmware_update_too_cloudy_for_some/

Facebook has found an innovative way to encourage use of its email service: reach into users’ mobile phone address books and change the email addresses stored against each contact to their Facebook email account.

It has emerged that Facebook’s war on competing services now extends beyond the manipulated Timeline and into punters’ pockets. The social network’s mobile app appears to be altering address book entries to direct messages to Facebook mail accounts. A user composing an email on his or her phone will send the missive to a Facebook inbox the recipient has probably never looked at, and as the original email address is overwritten there’s no alternative.

According to reports, address books on iOS and Android devices are being updated by the Facebook app whenever there’s an entry in the address book linked to a Facebook account. In some cases it seems the @facebook.com address is being appended to the contact details, but other users are reporting that it’s being overwritten too.

Some punters, such as Sam Bibble, found new and separate entries for each of his Facebook contacts, leading to duplication – but at least he didn’t lose the original email addresses.

There are also reports of email messages disappearing entirely – but Facebook tells us that such messages have probably ended up filed in the “Other” category which becomes available when one clicks on “Messages” at the left of one’s Facebook home. That doesn’t alter the fact that data on users’ handsets (their friends’ preferred email addresses) has been deleted without warning.

Facebook tells us its engineers are looking into it, and they’ll let us have more details when they come in. We’ve had no reports of UK users suffering the same plight, but it might be wise to remove the Facebook app for a while anyway, just until the situation becomes clear. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/02/facebook_contact_push/

A trio of cybercrooks that used malware to carry out electronic banking fraud have been jailed.

Pavel Cyganok and Ilja Zakrevski, from Lithunia and Estonia respectively, were arrested by detectives from the Met’s Police Central eCrime Unit after a tip-off from their counterparts in Estonia. Cyganok was convicted and sentenced to five years behind bars while Ilja Zakrevski was sentenced to four years imprisonment.

Both men pleaded guilty at London’s Southwark Crown Court on 24 May prior to a sentencing hearing on Friday.

Aldis Krummins, from Latvia, was jailed for two years after he was convicted for money-laundering crimes over the same scam, which netted an estimated £100,000 ($155,000). An estimated 1,000 computers were infected with malware.

The trio claimed victims not only in the UK but in Denmark, The Netherlands and New Zealand. The group used the SpyEye Trojan to compromise online banking accounts which were then used to finance the purchase of luxury goods, which were then sold on auction sites. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/02/ebanking_fraudsters_jailed/

Prosecutors have called for tough penalties and mid-level fines against the self-confessed Scarlett Johansson nude photo hacker.

Christopher Chaney, of Jacksonville, Florida, 35, pleaded guilty in March to hacking into the webmail account of numerous celebs including Mila Kunis and Scarlett Johansson and changing settings to forwards emails to accounts under his control.

The tactic allowed Chaney to gain access to personal emails and photographs sent through smartphones and linked webmail services, including images of celebs in various states of undress that were intended for viewing only by their partners. Johansson said her photos were sent to her then-husband Ryan Reynolds three years prior to their publication last year.

Risque photographs harvested by Chaney found their way onto gossip websites. Police, called in to investigate the leaks, soon traced the hacks back to Chaney, resulting in his arrest.

“In most cases, Chaney accessed the administrative settings on the victims’ accounts so that all of their emails would automatically be forwarded to a separate email account that he controlled.

“This form of wiretapping allowed Chaney to continually receive victims’ emails even after a password had been reset,” explains an FBI statement issued at the time of his arrest last October.

The offences took place between November 2010 and February 2011. Chaney used the contact books of compromised accounts to draw up list of fresh victims to target. It’s unclear how he obtained access to targeted accounts but guessing password reset questions would seem the most likely approach.

Prosecutors are calling for judges to jail Chaney for six years (71 months) and for him to pay more than $150,000 in restitution, celeb news site TMZ reports.

Specifically, Chaney ought to pay $66,000 to Scarlett Johansson, $77,000 to actress and singer Renee Olstead and $7,500 to Christina Aguilera for the publication of semi-nude snaps, allegedly grabbed from her personal stylist’s account.

The police investigation (dubbed Operation Hackerazzi) was launched following a wave of hacking attacks against the email accounts of around 50 celebrities including Lady Gaga and Miley Cyrus as well as Johansson and Aguilera.

Chaney says his webmail photo hacking exploits were driven by compulsion. He claims to have obtained evidence using the same techniques that various male celebrities are secretly gay.

There’s no evidence of extortion and little suggestion that he tried to sell the illicit content he purloined. These mitigating factors may count in his favour when he appears in a Los Angeles federal court for a sentencing hearing, scheduled for 23 July.

Commentary on the security aspects of the case, principally the need to secure and monitor webmail accounts, can be found in a blog post by Graham Cluley of Sophos here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/07/02/scarlett_johansson_photo_hacker/

Apple is building in automatic update checking into the next version of Mac OS X – Mountain Lion.

OS X 10.8 Mountain Lion can be configured to automatically poll for security updates every day instead of waiting for users to check for them, which describes the current set-up, AppleInsider reports.

Alternatively, Mountain Lion can be set up to phone home for updates every time a computer is restarted. In either case, users can select to automatically apply available security updates.

“Of course, most days it is unlikely that Apple will have released a security update – but for those times when they have, this feature will hopefully reduce the window of opportunity for malicious hackers to exploit any vulnerabilities in OS X,” notes Graham Cluley, senior technology consultant at net security firm Sophos.

The automatic update feature appeared alongside the latest build of Mountain Lion Developer Preview, where it is known as “OS X Security Update Test 1.0” and available through the Mac App Store.

In addition, the latest laptops from Apple will come with a “PowerNap” feature, allowing security updates to be downloaded while the rest of the computer is in sleep mode.

Both features will help ensure that more Macs are kept more up-to-date. Whether or not they remain secure will still depend on the timely publication of security updates from Apple, an issue highlighted by the infamous Flashback Trojan. Flashback exploited a Java vulnerability to infect 600,000 Macs worldwide. The malware exploited a cross-platform flaw in Java that was patched on Windows machines weeks before creating mayhem on Macs. But Apple took much longer to respond, eventually belatedly responding with Java updates and clean-up tools.

Chastened by the experience, Apple is reportedly making security improvements a key feature in Mountain Lion, which is due to debut in mid-July. Other changes in the pipeline may include mandating secure connection to Apple’s update servers. Earlier this month it emerged that the Flame cyber-espionage tool had used a “man-in-the-middle” attack against the Windows update system. If Apple introduces security updates over SSL connections then it will move ahead of the game in thwarting this type of attack.

It’s unclear to what extent Apple will retro-fit these various security improvements into previous versions of Mac OS X.

In a related moved, Apple recently removed assertions that the Mac “doesn’t get PC viruses” in favour of the less strident statement that its computers are “built to be safe”.

The increased popularity of Macs in business Apple will need to develop tools (or at least settings) to make patching more manageable in corporate environments.

“In business environments the concept of automatic, silent updates to the Mac operating system may be less popular,” Cluley explained. “Often organisations prefer to test a security update before rolling it out across a large number of computers, in case there are bugs or conflicts.

“Furthermore, companies may not like the idea of lots of their Mac computers individually pulling down hefty security updates and gobbling up their internet bandwidth. Presumably Apple will provide mechanisms for businesses to handle these issues when OS X ships next month,” he concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/29/apple_debuts_auto_security_updates/

Stratfor has agreed to forgo $1.75m in income to settle a class action lawsuit arising from a high-profile hack by hacktivist group Anonymous against the global intelligence firm’s systems last December.

Anonymous-affiliated hackers broke into Stratfor’s systems in the run-up to Christmas last year before publishing hundreds of thousands of email addresses belonging to subscribers along with an estimated 4,000 customer credit records. Various Anons boasted of plans to use the stolen credit card data to make donations to charities, including the Red Cross. Any such transaction would have more than likely been identified and reversed, however.

Stratfor’s website was also thrashed during the attack, which allowed hackers to extract confidential internal emails, which soon found their way onto WikiLeaks.

Chief among several mistakes that left Stratfor wide open to attack was a failure to encrypt the credit card files that hacktivists stole and later dumped online. David Sterling of Sterling Sterling, a New York-area insurance broker and Stratfor subscriber, filed a class-action lawsuit over the breach.

Stratfor has offered to settle the suit by offering each claimant free access to its service for a month, something that would normally cost $29, as well an eBook published by Stratfor called The Blue Book, priced at $12.99. Supplying these goods and services at no charge will leave Stratfor an estimated $1.75m out of pocket, Reuters reports. The private intelligence firm also agreed to pay $400,000 in legal fees.

US District Judge Denis Hurley gave his preliminary stamp of approval to the settlement earlier this month. A final hearing is set for 28 September.

Jeremy Hammond, 27, of Chicago, Illinois, was charged in March with access device fraud and hacking offences in relation to to the Stratfor hack. He is alleged to be the infamous Anonymous figure “Anarchaos”.

Hammond’s arrest took place with the assistance of LulzSec suspect turned FBI informant, Hector Xavier ‘Sabu’ Monsegur, officials said. Court documents reveal that Monsegur offered an FBI-supplied server as a repository for 20GB of data extracted from Stratfor, an offer that was accepted. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/29/stratfor_settles_class_action_lawsuit/

Security researchers have intercepted a Mac-based Trojan attack targeting Uyghur human rights activists.

The Uyghur are a minority ethnic group that live in Eastern and Central Asia, mostly (but not exclusively) within the geographical borders of China. A run of infected emails sent to Uyghur activists, and intercepted by security researchers at Kaspersky Lab, featured an attached ZIP file, containing a jpg photo and a “MacOS X app”.

“The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs,” writes Costin Raiu, director of Kaspersky Lab’s global research analysis team, in a blog post. The Russian firm detects the malware as Backdoor OSX MaControl-B.

If executed, the malicious application opens a backdoor on compromised Mac computers, periodically querying a command and control server for instructions. This command and control server is located in China.

Human rights activists as well as high-tech firms, government agencies and military contractors have all been targeted for cyber-spying attacks over recent years. Most of these attacks are ultimately aimed at compromising Windows boxes on targeted networks but Mac machines are far from immune from assault. For example, security tools biz AlienVault warned of booby-trapped Microsoft Office designed to infect Macs and targeted against Tibetan activists back in April.

In other malware infecting human right site news. AlienVault’s research team warned on Friday that a large human rights web portal that has been compromised and is serving up malware to site visitors. The ASEAN site* has been hacked to expose visiting surfers to attacks based on a Windows XML Core zero-day vulnerability, AlienVault warns, referencing an advisory on the attack vector by Sophos published earlier last week. ®

*More specifically a Thailand NGO portal related to ASEAN (Association of Southeast Asian Nations) human rights.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/06/29/mac_trojan_targets_uyghur_activists/