Security economics: black market price of hacked servers drops to $6

5900608214_8c609f61e7_b (1)

A new Kaspersky report analyzes an online hacker marketplace called xDedic, where access to 70,000 hacked servers -- multiplayer game servers, billing servers, cellular/ISP servers, dating servers, betting servers, government and university servers -- in 173 countries can be bought for $6 and up. Read the rest

Edward Snowden performs radical surgery on a phone to make it "go black"

animation (1)

If you think that your phone may have been hacked so that your adversaries can watch you through the cameras and listen through the mics, one way to solve the problem is to remove the cameras and microphones, and only use the phone with a headset that you unplug when it's not in use. Read the rest

Google warns that Google.com hosts malware

googletransparencyreport
Google is pointing a finger at its own website, declaring it "partially unsafe" for web visitors. It's not clear if the report is one part of the sprawling company telling the truth about another part, a mistake, or a clever "googlebomb" of inbound links designed to trigger this result.

In any case, the warnings posted are delicious.

Some pages on this website install malware on visitors' computers.

Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information).

Some pages on this website redirect visitors to dangerous websites that install malware on visitors' computers, including: 7b726aeb-a-62cb3a1a-s-sites.googlegroups.com, polnu4ewtan4iwki.ws, and 40d0dfd9-a-62cb3a1a-s-sites.googlegroups.com.

Dangerous websites have been sending visitors to this website, including: maeaflordapele.com, valeimaginar.blogspot.com, and bou7out.blogspot.com.

Read the rest

Hacking Team supplied cyber-weapons to corrupt Latin American governments for human rights abuses

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1040

In Hacking Team Malware Para La Vigilancia en América Latina, a new report from Derechos Digitales, we learn how Hacking Team, the hacked-and-disgraced cyber-arms dealer (previously) supplied weapons to corrupt state actors in latinamerica who used them to spy on political opposition, journalists and academics. Read the rest

Cunning malware scam targets drivers whose GPS data is leaking

HACKERS

A Philadelphia-area police department is warning locals about fake emails sent in its name to try and get people to install malware. The clever part: the emails contain accurate speeding data, targeting drivers whose GPS data is leaked to the scammers by shady apps.

It's suspected that the data is coming from an app with permission to track phone GPS data. That could either be a legitimate app that has been compromised, or a purpose-built malicious app that was uploaded online. As anyone who has used a GPS navigator knows, location data can be used to roughly calculate your travel speed. The emails ask for payment of the speeding ticket, but no apparatus is set up to receive such fines. Instead, a link that claims to lead to a photo of the user's license plate instead loads malware onto the user's device. This particular scam appears to be hyperlocal at the moment, however, it does show how these scams can progress. Like con artists, most of these scams rely on fooling users into thinking they're from a legitimate source.

An example email:

From: Speeding Citation To: (Accurate Email Removed) Date: 03/11/2016 03:08 PM Subject: [External] Notification of excess speed First Name: (Accurate Name removed) Last Name: (Accurate Name removed) Notification of excess speed Route: (Accurate Local Township Road –removed) Date: 8 March 2016 Time: 7:55 am Speed Limit: 40 Detected Speed: 52 The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.

Read the rest

Ransomware hackers steal a hospital. Again.

methodhop

A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest

Hack-attacks with stolen certs tell you the future of FBI vs Apple

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x989

Since 2014, Suckfly, a hacker group apparently based in Chengdu, China, has used at least 9 signing certs to make their malware indistinguishable from official updates from the vendor. Read the rest

The Malware Museum

malwaremuseum

At The Malware Musuem you can enjoy the experience of DOS-era viruses, trojans and other digital beasties without any of the risk. Many of them manifested as wild graphical tricks and other spectacular coding feats, distracting you as they formatted hard drives or corrupted files.

The Malware Museum is a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers. Once they infected a system, they would sometimes show animation or messages that you had been infected. Through the use of emulations, and additionally removing any destructive routines within the viruses, this collection allows you to experience virus infection of decades ago with safety.

Pictured above is LSD.COM Read the rest

Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from)

Congressman_Will_Hurd_official_photo

The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines. Read the rest

Head of NSA's hacker squad explains how to armor networks against the likes of him

Rob-Joyce-NSA-TAO-582x435

Rob Joyce runs the NSA's Tailored Access Operations group, the spies who figure out how to hack systems, publishing a spook's version of the Skymall catalog, filled with software and hardware that other spies can order for use. Read the rest

Your smartwatch knows your ATM and phone PIN

animation (1)

Because a PIN-pad is so constrained and predictable, the accelerometer in your smartwatch is able to guess with a high degree of confidence (73%) what you enter into it -- it can also serve as a general-purpose keylogger, though with less accuracy (59%), thanks to the complexity of the keyboard. Read the rest

Help wanted: malware researcher for U of T's Citizenlab

citlab-cities

Ronald Deibert from the University of Toronto's Citizenlab (previously) sez, "The Citizen Lab at the Munk School of Global Affairs, University of Toronto has a job posting for a security researcher/malware analyst. Read the rest

Startup uses ultrasound chirps to covertly link and track all your devices

animation (2)

Silverpush, a startup that's just received $1.25M in venture capital, uses ultrasonic chirps that are emitted by apps, websites, and TV commercials to combine the identities associated with different devices (tablets, phones, computers, etc), so that your activity on all of them can be aggregated and sold to marketers. Read the rest

The Economist's anti-ad-blocking tool was hacked and infected readers' computers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x822

Pagefair is an ad-blocking circumvention tool that publishers can use to track readers who've taken technological countermeasures to protect their privacy. The company has sold its service to many publishers -- including the Economist -- by deploying moral arguments about the evils of ad-blocking. Read the rest

It's been ten years since Sony Music infected the world with its rootkit

privacy-policy-445156_1280

Oct 31 2005: Security researcher Mark Russinovich blows the whistle on Sony-BMG, whose latest "audio CDs" were actually multi-session data-discs, deliberately designed to covertly infect Windows computers when inserted into their optical drives. Read the rest

Smurfs vs phones: GCHQ's smartphone malware can take pics, listen in even when phone is off

smurfs-wallpaper-the-smurfs-251131_1024_768

In a new episode of the BBC's Panorama, Edward Snowden describes the secret mobile phone malware developed by GCHQ and the NSA, which has the power to listen in through your phone's mic and follow you around, even when your phone is switched off. Read the rest

Newly disclosed Android bugs affect all devices

1443658669609635

The newly released bugs are part of the Stagefright family of vulnerabilities, disclosed by Zimperium Zlabs. Read the rest

More posts