Tuesday, 8 July 2014

Spamhaus says denial of service suspects are still at large

spam
ANTISPAM OUTFIT Spamhaus has welcomed two arrests for denial of service attacks on its network, but wants to see the capture of five more suspects who are still at large.
The firm said that the five more suspects need to be arrested and said they are in the United States, Russia and China. It has fingered them for their roles in the 2013 attacks that were carried out by an outfit called Stophaus.
With two people already under arrest, a Dutch national and a Brit, Spamhaus wants the rest to come in and face accusations. It said that the 2013 denial of service attack was a very big one that spread from one target to another.
"The record-breaking attacks were initially directed at Spamhaus infrastructure such as websites, mailservers and nameservers," it said.
"Then, over the course of the following two weeks, the attacks escalated to targeting Spamhaus' supporting networks and services including various onternet exchanges."
The British suspect was charged last week, and according to the National Crime Agency he is 17 years old. He was arrested last year.
The antispam outfit says that it and law enforcement authorities have identified the other "peripheral" suspects.
"With two of the attackers now charged and awaiting trial, Spamhaus has hopes that the other conspirators, consisting of two United States nationals, two Russians and a Chinese national will also soon be charged," it added.
"Several more spammers and cybercrime-involved server hosting company owners were peripherally involved and at this time most have been identified by both Spamhaus and law enforcement."

Cyber-Senate's cyber-security cyber-law cyber-scares cyber-rights cyber-fighters

On Tuesday the US Senate will meet in a closed-door session to mark up the forthcoming Cybersecurity Information Sharing Act of 2014 (CISA) – and the proposed new rules on data sharing between big biz and government have privacy groups seriously worried.
CISA is an offshoot of the proposed Cyber Intelligence Sharing and Protection Act (CISPA), which was introduced nearly three years ago and has had a rocky road. The ostensible reason for the new law is to formalize information sharing between the US government and companies on ongoing security threats – provided firms hand over users' information to the government to help identify new attack vectors.
CISPA passed a vote in the US House of Representatives, but went no further. CISA is the Senate's response to CISPA, and was cowritten by NSA-friendly Dianne Feinstein (D-CA), chairwoman of the Senate Select Committee on Intelligence.
The new bill is somewhat broader in scope than CISPA and the language used so far has led more than 30 groups, from both sides of the political spectrum, to issue an open letter on its failings.
"In the year since Edward Snowden revealed the existence of sweeping surveillance programs, authorized in secret and under classified and flawed legal reasoning, Americans have overwhelmingly asked for meaningful privacy reform and a roll back of the surveillance state created since passage of the Patriot Act. This bill would do exactly the opposite," the open letter [PDF] warns.
Under the terms of the new legislation, the government would be allowed to collect people's data from firms not just for cyber threats to infrastructure, but also for terms of service violations, the prosecution of identity theft, aiding prosecutions under the Espionage Act, or even to find the identity of whistleblowers.
The data that companies hand over should be stripped of personally identifiable information, but according to the new bill this only applies if the supplying firm has evidence that the user is a US citizen and if the information isn't directly related to a "cybersecurity threat."
In addition, companies that take part in such information sharing are exempt from public disclosure laws that would require them to tell users what is going on. Government agencies using that data also get broad liability protection and have very limited oversight.
"We do not discount the legitimate dangers posed by cyber threats, both from domestic criminals and hostile foreign powers," concludes the letter writers – which include the likes of the EFF, the ACLU and the National Latino Farmers and Ranchers Trade Association.
"But, as with all national security authorities, we need not sacrifice crucial civil liberties and privacy safeguards, and especially whistleblower protections, in order to effectively address such dangers. We urge the committee and Congress to carefully reconsider CISA as drafted, and to bring it in line with our law, our Constitution and our national values."
The White House has shown concern over the overarching scope of the CISPA/CISA legislation and sort-of threatened to veto the laws as they stand – but we all know how jellylike President Obama's promises can be.

Gendarmes grab French Bitcoin exchange in €200k sting

The operators of an illegal French Bitcoin exchange have been collared by the gendarmes and their Bitcoin holdings confiscated.
A sketchy story out of Reuters says that the raid netted €200,000 worth of the crypto-currency, but doesn't outline what specific laws the exchange is accused of breaking.
The Reuters story merely states: “Two people in the Riviera coastal cities of Cannes and Nice were placed under formal investigation on Friday and detained on suspicion that they operated a website which illegally sold and lent Bitcoins to its users.”
It adds that the people charged were also under investigation for possible “illegal banking, money laundering and illegally operating a gambling website” charges.
French outlet Le Point is more forthcoming. It explains that three people, not two, were arrested (the third was in Toulouse and seems to have been released).
“The respondents were the administrator of this illegal site, his wife and one of its suppliers”, Le Point states.
As well as 388 Bitcoin (€200,000 at the time of the arrest), the gendarmes also seized €9,000 in cash, along with credit cards and computer hardware (since the only way to “seize” a Bitcoin is to confiscate the machine holding the relevant data).
The police explained to Le Point that the site was operating without the approval of the Autorité de Contrôle Prudentiel et de Resolution – France's banking supervisor – and between November 2013 and July 2014 had handled 2,750 transactions on “at least 2,500 Bitcoins”.

Doctor Who season eight scripts leak online

Scripts for the first five episodes of the yet-to-be-screened and highly-anticipated series eight of Doctor Who have been leaked online.
The leak is said to have come from BBC Worldwide's new Miami office, which was arranging translation of the new series for non-English speaking markets. The scripts are said to bear a BBC watermark, the name of a staffer and to be extremely detailed post-production scripts describing on-screen action as well as dialogue.
Unconfirmed rumours claimed the scripts were placed on a public server which was indexed by a search engine. An innocent search stumbled upon the scripts, which eventually made their way into torrents and sites such as Scribd.
The Reg shan't reveal any details, in line with the BBC's plea to keep the scripts under wraps.
"BBC Worldwide is currently investigating a security issue around Doctor Who Series 8 where unfinished material has inadvertently been made public. We deeply regret this and apologise to all the show's fans, the BBC and the cast and crew who have worked tirelessly making the series," the BBC said in a statement.
"We would like to make a plea to anyone who might have any of this material and spoilers associated with it not to share it with a wider audience so that everyone can enjoy the show as it should be seen when it launches."
Doctor Who screenwriter Mark Gatiss tweeted his frustration at the leak.

More rumourmill-meat claims video footage was also leaked on the server which also contained scripts for Beeb programmes Top Gear and Call the Midwife.
Doctor Who fan sites appear to be heeding the BBC's call. Jonathan Carlyle, identified by ABC radio as a moderator of Doctor Who forums, said he read the scripts, but only so it will be easier to find and delete spoilers posted to the boards he tends.

IEEE expands malware initiatives

Standards body the IEEE has launched two new anti-malware initiatives designed to help software and security vendors spot malware that's been inserted into other software, and improve the performance of malware detection by cutting down on false positives.
The organisation's Anti-Malware Support Service (AMSS) is designed to fight back against malware authors who hijack software from legitimate vendors, and also wants to help mitigate the spread and impact of malware.
There are two components of the service: a Clean file Metadata eXchange (CMX) and the Taggant system.
CMX lets software publishers create and publish the metadata of an application at the time of final build. That way, if a malware author takes the “real” program and modifies it to carry malware, it's easier to detect, while at the same time hopefully reducing the number of false positives reported by anti-virus software.
The metadata would include hashes (like MD5, SHA-1 or SHA-256) of the final-build software, the installed filename of a program, its destination path, digital signature data (if used) and file version information.
Large vendors will be invited to take part, while others will be able to submit the metadata with a Class 3 code signing certificate. The program will also allow vetted organisations to provide metadata for third parties. The program is being hosted at Avira in Germany, which will provide the metadata to registered users.
For users of the CMX – those wanting to validate software against the system, including anti-malware vendors – CMX Consumer membership is $US8,000 a year.
The Taggat System “places a cryptographically secure marker in the packed and obfuscated files created by commercial software distribution packaging programs (packers).”
Designed for software packer vendors (SPVs, who provide commercial software obfuscation and packing programs) and software security vendors, Taggant identifies packer user's license key that's been used to create an instance of packed malware.
Future files that match the packer user will be marked as suspicious and the user blacklisted.
Back in 2009, the IEEE created a multi-vendor alliance designed to improve the sharing of malware between outfits like McAfee, AVG, Sophos, Symantec and Trend Micro.

Chinese Deep Panda hackers focus on Iraq over oil interests

Chinese hackers have switched targets, says CrowdStrike
Security firm CrowdStrike has reported that a Chinese hacking group, which it has dubbed Deep Panda, has switched targets from the US to Iraq.
CrowdStrike said Deep Panda is one of the most capable hacking teams that it studies, calling it "one of the most advanced Chinese nation-state cyber-intrusion groups".
"For almost three years now, CrowdStrike has monitored Deep Panda targeting critical and strategic business verticals, including government, defence, financial, legal, and the telecommunications industries," said the firm.
"At the think tanks, Falcon Host detected targeting of senior individuals involved in geopolitical policy issues, in particular in the China/Asia Pacific region. However, last week the unprecedented real-time visibility provided by [CrowdStrike's endpoint security tool] Falcon Host into this actor's escapades allowed analysts to observe a radical change in targeting."
The firm said the group "suddenly began targeting individuals with a tie to Iraq or Middle East issues", with a potential interest in the oil market and any US involvement in the local military.
"Iraq happens to be the fifth-largest source of crude oil imports for China and the country is the largest foreign investor in Iraq's oil sector," it added.
"Thus, it wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper US military involvement that could help protect the Chinese oil infrastructure in Iraq."
Reuters, which was in attendance at a news briefing held by the Chinese government, reports that the official line is that the claims are baseless.
A Chinese government spokesman said: "Some US internet security firms ignore the US threat to the internet and constantly seize upon the so-called China internet threat. The evidence they produce is fundamentally untrustworthy and unworthy of comment."