Spies can't make cyberspace secure AND vulnerable to their own attacks


In his Sunday Observer column, John Naughton makes an important point that's hammered home by the escape of the NSA/GCHQ Regin cyberweapon into the wild: spies who make war on the Internet can't be trusted with its security.

Read the rest

E-cigs and malware: real threat or Yellow Peril 2.0?


After a redditor claimed to have gotten a computer virus from factory-installed malware on an e-cig charger, the Guardian reported out the story and concluded that it's possible.

Read the rest

FBI secretly seeking legal power to hack any computer, anywhere


The Bureau is seeking a rule-change from the Administrative Office of the US Courts that would give it the power to distribute malware, hack, and trick any computer, anywhere in the world, in the course of investigations; it's the biggest expansion of FBI spying power in its history and they're hoping to grab it without an act of Congress or any public scrutiny or debate.

Read the rest

Malware authors use Gmail drafts as dead-drops to talk to bots

Once you've successfully infected your victim's computer with malware, you want to be able to send it orders -- so you spawn an invisible Internet Explorer window, login to an anonymous Gmail account, and check in the Drafts folder for secret orders.

Read the rest

Malware needs to know if it's in the Matrix


Once a security researcher discovers a new strain of malicious software -- running a virtual machine on a test-bench -- and adds its signature to anti-virus and network monitor blacklists, it's game over. So today's malware devotes enormous energy to figuring out if it's running on a real computer, or inside one of its enemies' virtual worlds.

Read the rest

Animation explains the dangers of Computercop, the malware that US police agencies distribute to the public

Dave from EFF writes, "Here's a funny, easy-to-understand animation explaining why ComputerCOP parental monitoring software is actually dangerous to kids. More than 245 local law enforcement agencies have purchased this software in bulk and handed it out to families for free."

Using an imaginary kid named Timmy, who gets "pantsed" by ComputerCOP, the animation by Fusion also ties ComputerCOP to the unnecessary equipment locals cops have obtained, like mine-resistant trucks. Fusion's cartoon is based on an EFF investigation published on Wednesday.

Who needs the NSA? Anyone could spy on your kids thanks to ComputerCop

(Thanks, Dave!)

Mobile malware infections race through Hong Kong's Umbrella Revolution


The protesters are dependent on mobile apps to coordinate their huge, seemingly unstoppable uprising, and someone -- maybe the Politburo, maybe a contractor -- has released virulent Ios and Android malware into their cohort, and the pathogens are blazing through their electronic ecosystem.

Read the rest

Hundreds of US police forces have distributed malware as "Internet safety software"

Law enforcement agencies have been buying and distributing Computercop, advising citizens that the software is the "first step" for protecting their kids; one sheriff bought copies for every family in the county.

Read the rest

Researchers publish secret details of cops' phone-surveillance malware


Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.

The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.

Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.

The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.

Read the rest

100 creeps busted in massive voyeurware sweep


More than 100 people around the world have been arrested in a coordinated sweep of RATers (people who deploy "remote access trojans" that let them spy on people through their computers cameras and mics, as well as capturing their keystrokes and files). The accused are said to have used the Blackshades trojan, which sold for $40 from bshades.eu, mostly for sexual exploitation of victims (though some were also accused of committing financial fraud).

A US District Court in Manhattan handed down indictments for Alex Yücel and Brendan Johnston, who are said to have operated bshades.eu. Yücel, a Swedish national, was arrested in Moldova and is awaiting extradition to the USA. Johnstone is alleged to have been employed by Yücel to market and support Blackshades.

Read the rest

Forged certificates common in HTTPS sessions

In Analyzing Forged SSL Certificates in the Wild [PDF] a paper authored by researchers at CMU and Facebook, we learn that "a small but significant percentage" of HTTPS connections are made using forged certificates generated by adware and malware. Disturbingly, some of this malware may be working by attacking anti-virus software and stealing its keys, and the authors also speculate that anti-virus authors may be giving their keys out to governments in order to allow police to carry out man-in-the-middle attacks.

The researchers used a technique to detect forged-cert connections that has post-Heartbleed applications, since it would allow sites to discover whether their visitors are being man-in-the-middled through keys stolen before Heartbleed was widely known. This all points to a larger problem with HTTPS, which has been under increased scrutiny since Heartbleed, but whose defects were well understood within the security community for a long time. I co-wrote this editorial for Nature with Ben Laurie in 2012 describing a system called "Certificate Transparency" that makes it easier to audit and remediate problems with SSL certificates, which Google is now adding to Chrome.

Read the rest

xkcd explains how the Heartbleed bug works

Here's a larger version. And here is a literal explanation.

Fedbizopps: the US government's searchable database of defense-contractor opportunities


Dave from the Electronic Frontier Foundation sez, "The government often makes itself more accessible to businesses than the general public. For Sunshine Week, we compiled this guide to using FedBizOpps to keep an eye on surveillance technology contracts."

Fedbizopps is a weird, revealing window into the world of creepy surveillance, arms, and technology contractors who build and maintain the most oppressive and unethical parts of the apparatus of the US government. Everything from drone-testing of biological and chemical weapons to license plate cameras to weaponized bugs and other malware are there. The EFF post also has links to data-mining tools that help estimate just how much money the private arms dealers extract from the tax-coffers.

Read the rest

Samsung Galaxy back-door allows for over-the-air filesystem access


Developers from the Replicant project (a free Android offshoot) have documented a serious software back-door in Samsung's Android phones, which "provides remote access to the data stored on the device." They believe it is "likely" that the backdoor could provide "over-the-air remote control" to "access the phone's file system."

At issue is Samsung's proprietary IPC protocol, used in its modems. This protocol implements a set of commands called "RFS commands." The Replicant team says that it can't find "any particular legitimacy nor relevant use-case" for adding these commands, but adds that "it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door. Nevertheless, the result is the same and it allows the modem to access the phone's storage."

The Replicant site includes proof-of-concept sourcecode for a program that will access the file-system over the modem. Replicant has created a replacement for the relevant Samsung software that does not allow for back-door access.

Read the rest

How the NSA plans to automatically infect "millions" of computers with spyware




A new Snowden leak, detailed in a long, fascinating piece in The Intercept, explains the NSA's TURBINE initiative, intended to automate malicious software infections. These infections -- called "implants" in spy jargon -- have historically been carried out on a narrow, surgical scale, targeted at people of demonstrated value to spies, due to the expense and difficulty of arranging the attacks.

But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once.

The article mentions an internal NSA message-board posting called "I hunt sys admins," sheds some light on the surveillance practices at the NSA. In the post, an NSA operative explains that he targets systems administrators at companies, especially telecoms companies, as a "means to an end" -- that is, infiltrating the companies' networks. As Glenn Greenwald and Ryan Gallagher point out, this admission shows that malware attacks are not targeted solely or even particularly at people suspected of terrorism or other crimes -- rather, they are aimed at the people who maintain the infrastructure of critical networks and systems to allow the NSA to control those systems.

The malware that TURBINE implants can compromise systems in a variety of ways, including hijacking computer cameras and microphones, harvesting Web-browsing history and email traffic, logging passwords and other keystrokes, etc.

Read the rest