Tuesday, 2 September 2014

Tox, a Skype Replacement Built On 'Privacy First'

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.
When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.
Eventually, they settled on the name Tox, and you can already download prototypes of the surprisingly easy-to-use tool. The tool is part of a widespread effort to create secure online communication tools that are controlled not only by any one company, but by the world at large—a continued reaction to the Snowden revelations. This includes everything from instant messaging tools to email services.

Twitter Patents Technique To Detect Mobile Malware

So it was discovered that Twitter has been granted a patent which covers detection of mobile malware on websites to protect its user base. The patent was filed back in 2012, but well – as we know these things take time.
The method is something like the technology Google uses in Chrome to warn you if a webpage is malicious and it prompts you not to visit.
Twitter Patent to Detect Mobile Malware
It utilises multiple signals to detect mobile malware and protect the user from being infected (by calculating the probably of the page being malicious).
Twitter has been granted a patent for detecting malware on mobile sites, according to a filing made public this month.
According to the patent, filed back in 2012, Twitter could protect users from malware by crawling websites with “an emulated mobile device to cause behaviors to occur which may be malicious.” After Twitter’s bot visits a given mobile site, the “behaviors … are stored [and] classified as hard or soft signals.”
From there, Twitter’s patent describes a method for assessing the “probability of the webpage being malicious,” after which it is “classified as malicious or non-malicious.” Finally, Twitter describes how visitors of the site, the site’s developer, and the “distributor of the webpage” (perhaps the user who tweeted the link) will be alerted if the site has been classified as malware.

It seems like social networks, search engines etc want to take more responsibility for protecting their users (like the malware warnings on search results within Google and the Chrome warning splash page.
They think it adds value to their networks, which it does in a way – and of course it makes the user experience more positive, which is always a benefit. And this is definitely a more pro-active response than just acting on user reports and spam flags.
Most interestingly, the patent mirrors a similar system already implemented by Google on Google.com and within Chrome. Google alerts users with a warning splash page [below] which attempts to block users from accessing the site.
Twitter’s interest in preventing the spread of malware highlights new responsibilities for the social network as it continues to grow. Implementing such a system does not directly affect Twitter in the way the company’s anti-spam efforts have. Instead, this initiative to crawl the mobile web for malware would be a preventative effort to keep Twitter’s name clean.
In VentureBeat’s own tests, Twitter did not flag any sites known by Google for distributing malware on iOS or desktop, suggesting that the tech behind the patent is not publicly in use. Reached for comment, Twitter offered a boilerplate response.
It seems the technology is not yet actually in use on the Twitter platform, as you can still spread malware laden URLs without warning.
Perhaps the technology is still in staging/testing phase – or perhaps they are starting to realise how long it takes to spider the web for malware. A very long time.
It’ll be interesting to see if they start using it soon.

Why Russian hackers are beating us

Russian cybercriminals approach hacking like a chess game, staying many steps ahead of targets in defense and offense

Russian hackers like the ones who breached the computer systems of JP Morgan Chase and at least four other banks win because they think strategically like the best chess players.
"Russians are more intelligent than Americans," Tom Kellermann, chief cyber-security officer for Trend Micro, said. "They're more intelligent because they think through every action they take to a point where it's incredibly strategic.

[Ukraine says Russia is attacking critical infrastructure]
"They're operating at eight to 12 steps ahead on both the offensive and defensive side of the (chess) board."
The attacks that occurred this month resulted in the loss of gigabytes of customer data. One of the banks has linked the breach to state-sponsored hackers in Russia, Bloomberg reported Thursday.
The FBI is investigating whether the attacks are in retaliation to U.S.-imposed sanctions for Russia's involvement in the battle between the Ukranian government and Kremlin-supported separatists.
Trend Micro has studied Russian hackers for years. In 2012, the company released a research paper called "Russian Underground 101" that described in details the tools and services available in online marketplaces.
Russian hackers operate within a grey area in which cybercrime is ignored as long as it occurs outside the country and the hackers are willing to conduct government-sponsored campaigns when asked, Kellermann said.
"The regime essentially sees the underground of hacking as a national resource, as long as the hackers in Russia abide by the rules," he said.
Attacks typically start with target reconnaissance to gain an understanding of the network topology and then predicting the security tools and controls that will have to be bypassed to infect systems and get data out.
"They're complete geniuses because of how they operate with their very chess-like perspective on IT and cybersecurity," Kellermann said.
The hackers develop automated attack platforms and exploit kits with some of the most advanced capabilities and are adept at finding and exploiting zero-day vulnerabilities in software.
Indeed, the hackers responsible for the latest breach exploited a zero-day flaw in at least one bank's website.
Tools are available for each attack stage, including the delivery of the exploit, the lateral movement of malware in the network, data mining and the exfiltration of data.
"It (Russia) is the most advanced marketplace for hacking services in the world and it maintains, what I would consider, the true Silicon Valley of the East," Kellermann said. "It has the greatest expertise when it comes to ethical hacking, penetration testing and black-hat hacking."
Russia has used hackers before to strike political targets. In 2007, the country was behind distributed denial of service (DDoS) attacks that took down Estonian government websites during a disagreement over the relocation of a Soviet-era grave marker and war graves.
In 2008, Russia orchestrated an attack that disrupted Internet communications in Georgia several weeks before invading the country.
Without cooperation from the Russian government, arresting hackers in the country is nearly impossible. Therefore, U.S. companies have to change their security paradigm from keeping hackers out to catching them once they are in the computer network.

[Feds probing possible hacking incident at JP Morgan Chase]
The first step is to collect intelligence on the most likely attackers and then perform penetration testing on critical software most likely to be on the path hackers would take in the network, Kellermann said.
Secondly, spending should be less concentrated on antivirus software, firewalls and intrusion detection systems and shifted to technology that detects malware and its lateral movement within a network.