China

Malware Targets Skype Users, Records Conversations (softpedia.com) 31

An anonymous reader writes: A new backdoor trojan is making the rounds, coming equipped with features that allow it to steal files, take screengrabs, and record Skype conversations. Currently detected targeting US organizations, researchers linked it to previous malware developed by a Chinese cyber-espionage group called Admin@338. Besides recording Skype conversations, the malware can also steal Office documents, and includes a complicated installation procedure that allows it to avoid antivirus software installed on the machine.
Security

Neutrino Exploit Kit Has a New Way To Detect Security Researchers (csoonline.com) 37

itwbennett writes: [The Neutrino exploit kit] is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave researchers who found that computers they were using for research couldn't make a connection with servers that delivered Neutrino. Daniel Chechik, senior security researcher at Trustwave's SpiderLabs division wrote that they tried changing IP addresses and Web browsers to avoid whatever was causing the Neutrino server to not respond, but it didn't work. But by fiddling with some data traffic that Trustwave's computers were sending to the Neutrino server, they figured out what was going on.
Botnet

Online Museum Displays Decades of Malware (thestack.com) 39

An anonymous reader writes: archive.org has launched a Museum of Malware, which devotes itself to a historical look at DOS-based viruses of the 1980s and 1990s, and gives viewers the opportunity to run the viruses in a DOS game emulator, and to download 'neutered' versions of the code. With an estimated 50,000 DOS-based viruses in existence by the year 2000, the Malware Museum's 65 examples should be seen as representative of an annoying, but more innocent era of digital vandalism.
Government

UK Wants Authority To Serve Warrants In U.S. (usatoday.com) 136

schwit1 writes with this news, as reported by USA Today: British and U.S. officials have been negotiating a plan that could allow British authorities to directly serve wiretap orders on U.S. communications companies in criminal and national security inquiries, U.S. officials confirmed Thursday. The talks are aimed at allowing British authorities access to a range of data, from interceptions of live communications to archived emails involving British suspects, according to the officials, who are not authorized to comment publicly. ... Under the proposed plan, British authorities would not have access to records of U.S. citizens if they emerged in the British investigations. Congressional approval would be required of any deal negotiated by the two countries.
Google

Google Targets Fake "Download" and "Play" Buttons (torrentfreak.com) 117

AmiMoJo writes: Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites. According to a new announcement from the company titled 'No More Deceptive Download Buttons', Google says it will expand its eight-year-old Safe Browsing initiative to target some of the problems highlighted above. 'You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads,' the company says.
Crime

Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com) 84

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.
Censorship

Julian Assange May Surrender To British Police On Friday (twitter.com) 325

bestweasel writes: As reported by The Guardian and others, Julian Assange has announced via Wikileaks that: "Should the UN announce tomorrow that I have lost my case against the United Kingdom and Sweden, I shall exit the embassy at noon on Friday to accept arrest by British police as there is no meaningful prospect of further appeal. ... However, should I prevail and the state parties be found to have acted unlawfully, I expect the immediate return of my passport and the termination of further attempts to arrest me."
China

Duplicate Login Details Enabled Hack of More Than 20 Million Chinese Consumers (thestack.com) 14

An anonymous reader writes: According to various Chinese sources including Techweb (Chinese language), police in Zhejiang held a conference on Monday announcing that 20.59 million users of the 'Chinese eBay', taobao.com, had their login details stolen by proxy, when hackers ran user/pass combos from a stolen database of 99 million other users and found that more than 20% were using the same login credentials across different ecommerce sites.
Crime

Dutch Police Train Bald Eagles To Take Out Drones 137

Qbertino writes: Heise.de (German article) reports that the Dutch police is training raptor birds — bald eagles, too — to take down drones. There's a video (narrated and interviewed in Dutch) linked in TFA. It's a test phase and not yet determined if this is going real — concerns about the birds getting injured are among the counter-arguments against this course of action. This all is conducted by a company called "Guard from above," which designs systems to prevent smugling via drones. The article also mentions MTU's net-shooting quadcopter concept of a drone-predator. Of course, there are also 'untrained' birds taking out quadcopters, as you might have seen already.
Crime

San Francisco Bay Area In Superbowl Surveillance Mode (wired.com) 95

An anonymous reader links to Wired's description of a surveillance society in miniature assembling right now in San Francisco: Super Bowl 50 will be big in every way. A hundred million people will watch the game on TV. Over the next ten days, 1 million people are expected to descend on the San Francisco Bay Area for the festivities. And, according to the FBI, 60 federal, state, and local agencies are working together to coordinate surveillance and security at what is the biggest national security event of the year.
Previous year's Superbowl security measures have included WMD sensors, database-backed facial recognition, and gamma-ray vehicle scanners. Given the fears and cautions in the air about this year's contest, it's easy to guess that the scanning and sensing will be even more prevalent this time.
EU

Europe Now Has Its Own "Most Wanted Fugitives" Web Page (eumostwanted.eu) 208

New submitter ffkom writes: European police organization Europol was probably jealous of the fame and popularity of the FBI's Most Wanted site, so they finally launched their own, European version. And if you want to know what a peaceful place Europe is, just consider this: You don't even have to kill anyone to get on the current "Most Wanted Fugitives" list. A mere fraud worth 12€ is currently enough to get you into this "Hall of questionable fame."
Crime

The Dark Arts: Meet the LulzSec Hackers (hackaday.com) 63

szczys writes: Reputations are earned. When a small group of hackers who were part of Anonymous learned they were being targeted for doxing (having their identities exposed) they went after the would-be doxxer's company, hard, taking down two of the company websites, the CEO's Facebook, Twitter, Yahoo, and even his World of Warcraft accounts. The process was fast, professional, and like nothing ever seen before. This was the foundation of Lulz Security and the birth of a reputation that makes LulzSec an important part of black hat history. Good companion piece and update to some of our earlier posts about the hack; that would-be doxxer was Aaron Barr.
Communications

The Widely Reported ISIS Encrypted Messaging App Is Not Real 113

blottsie writes: Despite widespread reports to the contrary, an app created for Islamic State militants to send private encrypted messages does not exist, a week-long Daily Dot investigation found. All of the media articles on the Alrawi app showed screenshots of a different app entirely, one that is a glorified RSS reader with a totally different name. The Defense One journalist who first reported on GSG's claims about the app told the Daily Dot that he hadn't seen any version of Alrawi at all, and the subsequent reports on the app largely relied on Defense One's reporting. The Daily Dot was the first media outlet to receive, on Jan. 18, what GSG claimed was the Alrawi encryption app. The app, called "Alrawi.apk," contained no ability to send or encrypt messages. It was created using MIT's App Inventor, a plug-and-play tool meant primarily for children.
Crime

12 Years Later, Warrantless Wiretaps Whistleblower Facing Misconduct Charges (usnews.com) 96

cold fjord writes: Former Justice Department attorney Thomas Tamm sparked an intense public debate about warrantless surveillance nearly a decade before Edward Snowden. Tamm tipped reporters in 2004 about the use of nonstandard warrantless procedures under the Bush administration for intercepting international phone calls and emails of Americans. New York Times reporters James Risen and Eric Lichtblau used Tamm's revelations to help them win a Pulitzer Prize. Barack Obama criticized the program and the Obama administration Justice Department announced in 2011 that it would not bring criminal charges against him. Unfortunately Tamm is now facing disciplinary hearings before the D.C. Office of Disciplinary Counsel which prosecutes the D.C. Bar's disciplinary cases. Tamm is facing ethics charges that could result is his disbarment, revoking his law license. Tamm is alleged to have "failed to refer information in his possession that persons within the Department of Justice were violating their legal obligations to higher authority within the Department" and "revealed to a newspaper reporter confidences or secrets of his client, the Department of Justice." Tamm currently resides in Maryland where he is a public defender. The effect of the D.C. case on him there is unclear. Tamm's attorney, Georgetown University law professor Michael Frisch, says the delays seen in this case are not unusual in D.C., it can take years for matters to play out. Another of Frisch's clients, who exposed the interrogation of "American Taliban" John Walker Lindh, believes the prosecution is political persecution.
Crime

Ransomware Hits Three Indian Banks, Causes Millions In Damages (malwarebytes.org) 76

An anonymous reader writes: Ransomware has locked computers in three major Indian banks and one pharmaceutical company. While the ransom note asks for 1 Bitcoin, so many computers have been infected that damages racked up millions of dollars. According to an antivirus company that analyzed the ransomware, it's not even that complex, and seems the work of some amateur Russians.
Crime

Utah Bill Would Require IT Workers To Report Child Porn (ksl.com) 391

Mr.Intel writes: A Utah lawmaker wants computer technicians to face jail time if they don't immediately report child pornography they discover on someone's computer. The proposal would require computer technicians to report child pornography to law enforcement or a federal cyber tip line if they encounter the material, but they would not be required to go searching for it. If they find it and don't report it, they could be given up to six months in jail and a $1,000 fine. It would mirror laws already on the books in at least 12 other states, according to the National Conference of State Legislatures.
Advertising

Google Says It Killed 780 Million 'Bad Ads' In 2015 (cio.com) 92

itwbennett writes: According to a new Google report, the search giant disabled more than 780 million "bad ads," including include ads for counterfeit products, misleading or unapproved pharmaceuticals, weight loss scams, phishing ploys, unwanted software and "trick-to-click" cons, globally last year. This marks a 49 percent increase over 2014. For perspective, it would take an individual nearly 25 years to look at the 780 million ads Google removed last year for just one second each, according to Google. If the trend continues, Google's team of more than 1,000 staffers dedicated to killing spam will be even busier in 2016, and they could disable more than a billion junky ads.
Crime

FBI "Took Over World's Biggest Child Porn Website" (telegraph.co.uk) 301

An anonymous reader writes with this excerpt from The Telegraph: The FBI took over the world biggest child pornography website in a sting operation intended to catch viewers of sexual images of children sometimes 'barely old enough for kindergarten', it has been revealed. The controversial operation ran for nearly two weeks last year, when the bureau took control of the Playpen website in an effort to weed out users who would normally be hidden because they accessed such sites through encrypted addresses. Agents have defended the dubious of ethics of a government agency running a child porn site by insisting there was no other way to catch offenders.
Crime

Symantec Disavows Business Partner Caught Running a Tech Support Scam (malwarebytes.org) 85

An anonymous reader writes: Malwarebytes has caught one of Symantec's resellers running a tech support scam that was scaring users into thinking they were infected with malware and then graciously offering to sell Symantec's security software at inflated rates. Malwarebytes played along with their scam and found out the company behind it was Silurian Tech Support, located somewhere in North India. Symantec told El Reg that it terminated the reseller's contract and will work with law enforcement to defend its brand and intellectual property.
Crime

Bank Heists - Another Profession That Technology Is Killing Off 131

HughPickens.com writes: In 1992 there were 847 bank robberies in the UK; by 2011 that had dropped to just 66. Now Lawrence Dobbs writes in the Telegraph about how technology is killing off this age old profession. "The development of more sophisticated alarm systems and CCTV, as well as supporting forensic developments such as DNA analysis and facial recognition software, all serve to assist police," says Jim Dickie, a former detective who spent more than 30 years with the Metropolitan Police. Those who do try are either feckless opportunists or "serial offenders" who have already served time and are easily found on police databases. "Hands-on heists are a dying art, because those who have a background in it are literally dying off."

In 2015 a gang of aging jewel thieves pulled off one last spectacular job. Using a diamond-tipped drill and a 10-ton hydraulic ram, they broke into the Hatton Garden Safe Deposit Ltd vault and made off with at least £14million in precious stones, gems, bullion and jewelry in the largest burglary in English history. But the Hatton Garden burglars were caught because they used one of their own cars within view of a security camera. According to David Kelly, it's CCTV which has changed things most. "It's now virtually impossible to travel through any public space in a major metropolitan area without being captured. They're everywhere, the image quality is better, and the ability to store images for longer has increased." Then there are your physical alarm devices: motion sensors, window monitors which detect glass shattering, or devices which trigger when a door is opened. "These devices can now be deployed wirelessly – in an older building, where you might not have wires in place," says Kelly. "There are also tools at the disposal of the private sector, in cooperation with the public sector, which are perhaps not matters of common knowledge, and there's a tactical advantage to our clients in them remaining that way." Add to this the various technologies used to protect or track the loot itself – dye packs hiding inside stacks of banknotes, which explode when they leave a certain range; GPS tracking on security vans and inside cash containers – and you can see why even a hardened criminal might prefer to stay in bed.

Slashdot Top Deals