Tag Archives: fake

More on My LinkedIn Account

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/more_on_my_link.html

I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first — and only — post on that account:

My Only LinkedIn Post (Yes, Really)

Welcome to my LinkedIn page. It looks empty because I’m never here. I don’t log in, I never post anything, and I won’t read any notes or comments you leave on this site. Nor will I accept any invitations or click on any “connect” links. I’m sure LinkedIn is a nice place; I just don’t have the time.

If you’re looking for me, visit my webpage at www.schneier.com. There you’ll find my blog, and just about everything I’ve written. My e-mail address is [email protected], if you want to talk to me personally.

I mirror my blog on my Facebook page (https://www.facebook.com/bruce.schneier/) and my Twitter feed (@schneierblog), but I don’t visit those, either.

Now I hear that LinkedIn is e-mailing people on my behalf, suggesting that they friend, follow, connect, or whatever they do there with me. I assure you that I have nothing to do with any of those e-mails, nor do I care what anyone does in response.

faker.js – Tool To Generate Fake Data For Testing

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/0ycnOUzHDxU/

faker.js is a tool to generate fake data in Node.js and in the browser, it has a lot of different data types to enable you to generate very customised and complete sets of fake or mock data for testing purposes. It also supports multiple languages and locales and can generate a lot of data types […]

The post faker.js – Tool To…

Read the full post at darknet.org.uk

Friday Squid Blogging: Squid Fake News

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/friday_squid_bl_587.html

I never imagined that there would be fake news about squid. (That website lets you write your own stories.)

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Detecting Stingrays

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/detecting_sting.html

Researchers are developing technologies that can detect IMSI-catchers: those fake cell phone towers that can be used to surveil people in the area.

This is good work, but it’s unclear to me whether these devices can detect all the newer IMSI-catchers that are being sold to governments worldwide.

News article.

Apple Bans VPNs From App Store in China

Post Syndicated from Ernesto original https://torrentfreak.com/apple-bans-vpns-from-app-store-in-china-170729/

Apple is known to have a rigorous app-review policy.

Over the past several years, dozens of apps have been rejected from the App Store because they mention the word BitTorrent, for example.

The mere association with piracy is good enough to warrant a ban. This policy is now expanding to the privacy-sphere as well, at least in China.

It is no secret that the Chinese Government is preventing users from accessing certain sites and services. The so-called ‘Great Firewall’ works reasonably well, but can be circumvented through VPN services and other encryption tools.

These tools are a thorn in the side of Chinese authorities, which are now receiving help from Apple to limit their availability.

Over the past few hours, Apple has removed many of the most-used VPN applications from the Chinese app store. In a short email, VPN providers are informed that VPN applications are considered illegal in China.

“We are writing to notify you that your application will be removed from the China App Store because it includes content that is illegal in China, which is not in compliance with the App Store Review Guidelines,” Apple informed the affected VPNs.

Apple’s email to VPN providers

VPN providers and users are complaining bitterly about the rigorous action. However, it doesn’t come as a complete surprise. Over the past few months there have been various signals that the Chinese Government would crack down on non-authorized VPN providers.

In January, a notice published by China’s Ministry of Industry and Information Technology said that the government had launched a 14-month campaign to crack down on local ‘unauthorized’ Internet platforms.

This essentially means that all VPN services have to be pre-approved by the Government if they want to operate there.

Earlier this month Bloomberg broke the news that China’s Government had ordered telecommunications carriers to block individuals’ access to VPNs. The Chinese Government denied that this was the case, but it’s clear that these services remain a high-profile target.

Thanks to Apple, China’s Government no longer has to worry about iOS users having easy access to the most popular VPN applications. Those users who search the local app store for “VPN” still see plenty of results, but, ironically, many of these applications are fake.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Hackers Use Pirate Sites to Ruin Your Life, State Attorneys General Warn

Post Syndicated from Ernesto original https://torrentfreak.com/hackers-use-pirate-sites-to-ruin-your-life-state-attorneys-general-warn-170727/

In recent years copyright holders have tried many things to dissuade the public from visiting pirate websites.

They often claim that piracy costs the entertainment industry thousands of jobs, for example. Another strategy to is to scare the public at large directly, by pointing out all the ills people may encounter on pirate sites.

The Digital Citizens Alliance (DCA), which has deep ties to the content industries, is a proponent of the latter strategy. The group has released a variety of reports pointing out that pirate sites are a hotbed for malware, identity theft, hacking and other evils.

To add some political weight to this message, the DCA recently helped to launch a new series of public service announcements where a group of 15 State Attorneys General warn the public about these threats.

The participating Attorneys General include Arizona’s Mark Brnovich, Kentucky’s Andy Bashear, Washington DC’s Karl Racine, and Wisconsin’s Brad Schimel, who all repeat the exact same words in their PSAs.

“Nowadays we all have to worry about cybersecurity. Hackers are always looking for new ways to break into our computers. Something as simple as visiting pirate websites can put your computer at risk.”

“Hackers use pirate websites to infect your computer and steal your ID and financial information, or even take over your computer’s camera without you knowing it,” the Attorneys General add.

Organized by the Digital Citizens Alliance, the campaign in question runs on TV and radio in several states and also appears on social media during the summer.

The warnings, while over dramatized, do raise a real concern. There are a lot of pirate sites that have lower-tier advertising, where malware regularly slips through. And some ads lead users to fake websites where people should probably not leave their credit card information.

Variety points out that the Attorneys General are tasked with the goal to keep their citizens safe, so the PSA’s message is certainly fitting.

Still, one has to wonder whether the main driver of these ads is online safety. Could perhaps the interests of the entertainment industry play a role too? It certainly won’t be the first time that State Attorneys General have helped out Hollywood.

Just a few years ago the MPAA secretly pushed Mississippi State Attorney General Jim Hood to revive SOPA-like anti-piracy efforts in the United States. That was part of the MPAA’s “Project Goliath,” which was aimed at “convincing state prosecutors to take up the fight” against Google, under an anti-piracy umbrella.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top Ten Ways to Protect Yourself Against Phishing Attacks

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/top-ten-ways-protect-phishing-attacks/

It’s hard to miss the increasing frequency of phishing attacks in the news. Earlier this year, a major phishing attack targeted Google Docs users, and attempted to compromise at least one million Google Docs accounts. Experts say the “phish” was convincing and sophisticated, and even people who thought they would never be fooled by a phishing attack were caught in its net.

What is phishing?

Phishing attacks use seemingly trustworthy but malicious emails and websites to obtain your personal account or banking information. The attacks are cunning and highly effective because they often appear to come from an organization or business you actually use. The scam comes into play by tricking you into visiting a website you believe belongs to the trustworthy organization, but in fact is under the control of the phisher attempting to extract your private information.

Phishing attacks are once again in the news due to a handful of high profile ransomware incidents. Ransomware invades a user’s computer, encrypts their data files, and demands payment to decrypt the files. Ransomware most often makes its way onto a user’s computer through a phishing exploit, which gives the ransomware access to the user’s computer.

The best strategy against phishing is to scrutinize every email and message you receive and never to get caught. Easier said than done—even smart people sometimes fall victim to a phishing attack. To minimize the damage in an event of a phishing attack, backing up your data is the best ultimate defense and should be part of your anti-phishing and overall anti-malware strategy.

How do you recognize a phishing attack?

A phishing attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem with your account. When users respond with the requested information, attackers can use it to gain access to the accounts.

The image below is a mockup of how a phishing attempt might appear. In this example, courtesy of Wikipedia, the bank is fictional, but in a real attempt the sender would use an actual bank, perhaps even the bank where the targeted victim does business. The sender is attempting to trick the recipient into revealing confidential information by getting the victim to visit the phisher’s website. Note the misspelling of the words “received” and “discrepancy” as recieved and discrepency. Misspellings sometimes are indications of a phishing attack. Also note that although the URL of the bank’s webpage appears to be legitimate, the hyperlink would actually take you to the phisher’s webpage, which would be altogether different from the URL displayed in the message.

By Andrew Levine – en:Image:PhishingTrustedBank.png, Public Domain, https://commons.wikimedia.org/w/index.php?curid=549747

Top ten ways to protect yourself against phishing attacks

  1. Always think twice when presented with a link in any kind of email or message before you click on it. Ask yourself whether the sender would ask you to do what it is requesting. Most banks and reputable service providers won’t ask you to reveal your account information or password via email. If in doubt, don’t use the link in the message and instead open a new webpage and go directly to the known website of the organization. Sign in to the site in the normal manner to verify that the request is legitimate.
  2. A good precaution is to always hover over a link before clicking on it and observe the status line in your browser to verify that the link in the text and the destination link are in fact the same.
  3. Phishers are clever, and they’re getting better all the time, and you might be fooled by a simple ruse to make you think the link is one you recognize. Links can have hard-to-detect misspellings that would result in visiting a site very different than what you expected.
  4. Be wary even of emails and message from people you know. It’s very easy to spoof an email so it appears to come from someone you know, or to create a URL that appears to be legitimate, but isn’t.

For example, let’s say that you work for roughmedia.com and you get an email from Chuck in accounting ([email protected]) that has an attachment for you, perhaps a company form you need to fill out. You likely wouldn’t notice in the sender address that the phisher has replaced the “m” in media with an “r” and an “n” that look very much like an “m.” You think it’s good old Chuck in finance and it’s actually someone “phishing” for you to open the attachment and infect your computer. This type of attack is known as “spear phishing” because it’s targeted at a specific individual and is using social engineering—specifically familiarity with the sender—as part of the scheme to fool you into trusting the attachment. This technique is by far the most successful on the internet today. (This example is based on Gimlet Media’s Reply All Podcast Episode, “What Kind of Idiot Gets Phished?“)

  1. Use anti-malware software, but don’t rely on it to catch all attacks. Phishers change their approach often to keep ahead of the software attack detectors.
  2. If you are asked to enter any valuable information, only do so if you’re on a secure connection. Look for the “https” prefix before the site URL, indicating the site is employing SSL (Secure Socket Layer). If there is no “s” after “http,” it’s best not to enter any confidential information.
By Fabio Lanari – Internet1.jpg by Rock1997 modified., GFDL, https://commons.wikimedia.org/w/index.php?curid=20995390
  1. Avoid logging in to online banks and similar services via public Wi-Fi networks. Criminals can compromise open networks with man-in-the-middle attacks that capture your information or spoof website addresses over the connection and redirect you to a fake page they control.
  2. Email, instant messaging, and gaming social channels are all possible vehicles to deliver phishing attacks, so be vigilant!
  3. Lay the foundation for a good defense by choosing reputable tech vendors and service providers that respect your privacy and take steps to protect your data. At Backblaze, we have full-time security teams constantly looking for ways to improve our security.
  4. When it is available, always take advantage of multi-factor verification to protect your accounts. The standard categories used for authentication are 1) something you know (e.g. your username and password), 2) something you are (e.g. your fingerprint or retina pattern), and 3) something you have (e.g. an authenticator app on your smartphone). An account that allows only a single factor for authentication is more susceptible to hacking than one that supports multiple factors. Backblaze supports multi-factor authentication to protect customer accounts.

Be a good internet citizen, and help reduce phishing and other malware attacks by notifying the organization being impersonated in the phishing attempt, or by forwarding suspicious messages to the Federal Trade Commission at [email protected]. Some email clients and services, such as Microsoft Outlook and Google Gmail, give you the ability to easily report suspicious emails. Phishing emails misrepresenting Apple can be reported to [email protected].

Backing up your data is an important part of a strong defense against phishing and other malware

The best way to avoid becoming a victim is to be vigilant against suspicious messages and emails, but also to assume that no matter what you do, it is very possible that your system will be compromised. Even the most sophisticated and tech-savvy of us can be ensnared if we are tired, in a rush, or just unfamiliar with the latest methods hackers are using. Remember that hackers are working full-time on ways to fool us, so it’s very difficult to keep ahead of them.

The best defense is to make sure that any data that could compromised by hackers—basically all of the data that is reachable via your computer—is not your only copy. You do that by maintaining an active and reliable backup strategy.

Files that are backed up to cloud storage, such as with Backblaze, are not vulnerable to attacks on your local computer in the way that local files, attached drives, network drives, or sync services like Dropbox that have local directories on your computer are.

In the event that your computer is compromised and your files are lost or encrypted, you can recover your files if you have a cloud backup that is beyond the reach of attacks on your computer.

The post Top Ten Ways to Protect Yourself Against Phishing Attacks appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Kim Dotcom Spying Fiasco Puts Prime Minister Under Pressure

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-spying-fiasco-puts-prime-minister-under-pressure-170725/

In the lead up to the January 2012 raid on cloud storage site Megaupload, authorities in New Zealand used the Government Communications Security Bureau (GCSB) agency to spy on Kim and Mona Dotcom, plus Megaupload co-defendant Bram van der Kolk. That should not have happened.

Intelligence agency GCSB was forbidden by law from conducting surveillance on its own citizens or permanent residents in the country. Former Prime Minister John Key later apologized for the glaring error but for Dotcom, that wasn’t enough. The entrepreneur launched legal action in pursuit of the information illegally obtained by GCSB and appropriate compensation.

Last week the High Court decided that Dotcom wouldn’t get access to the information but it also revealed something of much interest. Instead of confirming that the illegal spying on Dotcom took place December 16, 2011, through to January 20, 2012, the range was extended by two months to March 22, 2012.

The implications of the extension are numerous, not least that GCSB continued to spy on Dotcom even after it knew it was acting illegally. The reveal also undermines an earlier affidavit from a GCSB staff member, problems which are now returning to haunt New Zealand Prime Minister, Bill English.

When the spying was taking place, John Key was Prime Minister but when Key traveled overseas, English was left at the helm. As a result, when the possibility that Dotcom had been spied on was raised during court hearings in 2012, it was English who was approached by the GCSB with a request to have its involvement made a state secret.

According to NZHerald, English was briefed by then-GCSB director Ian Fletcher and former acting director Hugh Wolfensohn on GCSB’s assistance to the police in the Dotcom case.

The content of those discussion has not been made public but English appears to have been convinced of the need to keep the information private. He subsequently signed a ministerial certificate, which barred disclosure of GCSB activities, even by people asked to provide them in a court of law.

However, since GCSB had broken the law by illegally spying on the Dotcoms and van Der Kolk, the certificate subsequently collapsed. But, like a dog with a bone, Dotcom isn’t letting this go, claiming that acting Prime Minister English acted unlawfully by signing the certificate in an effort to suppress wrong-doing.

“The ministerial certificate was an attempted cover-up. Bill English must have been briefed that GCSB was facing legal troubles because of unlawful conduct,” he told NZHerald.

“And only after the attempted gag-order failed in the High Court did the Government admit unlawful spying with a fake narrative that it was all a big mistake, a misunderstanding of the law, an error.”

Following the judgment last week that revealed the extended spying period, Dotcom confirms that there will be fresh legal action to obtain information from GCSB.

“The new revelations completely undermine the government narrative and it raises new questions about what really happened,” Dotcom concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Ghost Phisher – Phishing Attack Tool With GUI

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/mogKZIEOkns/

Ghost Phisher is a Wireless and Ethernet security auditing and phishing attack tool written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy. The tool comes with a fake DNS server, fake DHCP server, fake HTTP server and also has an integrated area […]

The post Ghost…

Read the full post at darknet.org.uk

That Horrible Sinking Feeling When You See a Pirate’s Dark Future

Post Syndicated from Andy original https://torrentfreak.com/that-horrible-sinking-feeling-when-you-see-a-pirates-dark-future-170716/

In the very early days of BitTorrent, making a list of decent file-sharing sites wasn’t particularly difficult. There was a list of ten or so that everyone knew, with a couple of dozen sundry others that mattered to the people who ran them and few others.

Then, out of nowhere, everything exploded. Soon it was impossible to keep up, sites appeared like mushrooms overnight and the lists got longer and longer. Today there isn’t a comprehensive list anywhere that can claim to cover them all, although some anti-piracy outfits think they’re close.

With that in mind, whenever a new and significant site or service appears seemingly out of nowhere, it’s always of interest to us at TF. With so many other pirate competitors around, how did this one manage to burst to the top so quickly? And, of course, when is it likely to do something newsworthy and how can we get in touch?

Getting information often involves asking around contacts built up over the years but everyday Internet tools also do a great job. After seeing where a site is hosted (special thanks to Cloudflare for making that more difficult), one of the early ports of call is a basic domain WHOIS. In the early days, these were often a goldmine. Today, thanks to increased security awareness, they’re much less useful.

But not always.

A couple of months ago it became apparent that a new streaming site/service was getting a lot of attention on various discussion platforms. The people who tried it said it was good, one of the best they’d seen actually. There was a lot of praise for the people behind the site too but no contact of mine had any idea who they were. That’s the idea, of course, but having this information never hurts when building the bigger picture.

So off to WHOIS we go, expecting something useless. A name was there alongside an address, but they’re often fake so there’s never much optimism at this point. Google StreetView showed the address exists but it never stood out as authentic. However, there was an email address and a reverse search showed that other domains were connected to the same person.

In the old days, nobody thought to isolate their pirate activity from their other stuff, so searches like this were usually quite useful. These days people are more savvy. Correction: some people are.

Although the same name was present on the other non-piracy related domains, the street address was different but the same on each. One of the domains also had a phone number that was confirmed real. So, armed with a name, email address and this telephone number, a Google search was formulated and a handful of results came up. One in particular stood out.

The page had been indexed by Google some time ago but the posting on the third party site had gone, probably because it became outdated. Of course, the Internet never forgets and Google Cache returned the post to its former glory. The forum post had been made by a somewhat likeable unemployed guy, clearly brilliant with computers, trying to get back on his feet with a fresh job.

I’m not entirely sure what image people have when they think of people who run pirate sites but much of the media has been bathed in the images of The Pirate Bay founders and their “screw you” approach. But this guy was polite to a fault and didn’t mind telling the forum’s users that despite his undeniable skills managing servers, he’d been battling depression and could no longer work full time.

At this juncture, you realize that while at one point you’d been trying to find out something about a swashbuckling pirate, instead you’ve actually found a real-life and perhaps vulnerable human being. And with further crucial details culled from this post (that linked to a previously uncovered domain and sundry other pieces of private information), there was little doubt this was the same guy.

Several weeks after that plea for work, the streaming site/service that prompted these searches got off the ground and as far as we know has been going full steam ahead ever since. It wouldn’t be a surprise, however, to see it disappear in a cloud of smoke.

All of the information above, when put together, leads to a proper company, run by a gentleman with the same name as the one in the domain’s WHOIS. The address for the company is fake, which offers some security, but the guy doesn’t appear to have considered that it’s possible to cross-reference with other companies incorporated in the past. In this case, the second company leads to his home address and other members of his family.

It’s a strange mixture of feelings when digging around on the Internet like this pays off. On the one hand, there’s a sense of achievement in piecing together the puzzle for research purposes. But on behalf of the guy at the other end, in this case there’s a sense of impending doom. Yes, he’s breaking the law. Yes, he should know better. But we’ve been writing about this stuff for long enough to know what might come next.

With just a few minutes of searching, there’s not much more to learn about this guy now, apart from his online alias, which is what I was hoping to find out in the beginning. In some ways i’d settle for that now – it’s not pleasant worrying about the future of people you don’t even know.

The bottom line is that i’m probably not alone in searching for this kind of information. Given the size of the operation, the attention it’s already receiving, and the content it offers and where, this same information is likely to be common knowledge at one anti-piracy group at least.

We all know it’s impossible to scrub the Internet clean but what’s most amazing in 2017 is that brilliant computer engineers have no idea how to keep themselves safe online. In this case, if it all goes bad, a criminal prosecution is likely. Upon conviction and given similar previous cases, a jail sentence is probable.

Unless this is the best decoy job ever undertaken by a careful pirate. In which case, it’s by far the best i’ve ever seen. Bravo…

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The Future of Forgeries

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/07/the_future_of_f_1.html

This article argues that AI technologies will make image, audio, and video forgeries much easier in the future.

Combined, the trajectory of cheap, high-quality media forgeries is worrying. At the current pace of progress, it may be as little as two or three years before realistic audio forgeries are good enough to fool the untrained ear, and only five or 10 years before forgeries can fool at least some types of forensic analysis. When tools for producing fake video perform at higher quality than today’s CGI and are simultaneously available to untrained amateurs, these forgeries might comprise a large part of the information ecosystem. The growth in this technology will transform the meaning of evidence and truth in domains across journalism, government communications, testimony in criminal justice, and, of course, national security.

I am not worried about fooling the “untrained ear,” and more worried about fooling forensic analysis. But there’s an arms race here. Recording technologies will get more sophisticated, too, making their outputs harder to forge. Still, I agree that the advantage will go to the forgers and not the forgery detectors.

State Dept, MPAA, RIAA “Fake Twitter Feud” Plan Backfires

Post Syndicated from Andy original https://torrentfreak.com/state-dept-mpaa-riaa-fake-twitter-feud-plan-backfires-170706/

By the first quarter of 2017, Twitter had 328 million users. It’s the perfect platform to give anyone a voice online and when like-minded people act together to make something “trend”, stories and ideas can go viral.

When this happens organically, through sharing based on a genuine appreciation of topics and ideas, it can be an awe-inspiring thing to behold. However, the mechanism doesn’t have to be spontaneous to reach a large audience, if it’s organized properly.

That was the plan of the US State Department when it sent an email to Stanford Law School. With the Office of Intellectual Property Enforcement involved, the State Department’s Bureau of Economic Affairs asked the law school to participate in a “fake Twitter feud” to promote Intellectual Property protection.

Leaked by a Stanford law professor to Mike Masnick at Techdirt, the email outlines the aims of the looming online war.

“This summer, we want to activate an audience of young professionals – the kind of folks who are interested in foreign policy, but who aren’t aware that intellectual property protection touches every part of their lives. I think the law school students at your institution may be the type of community that we would like to engage,” the email reads.

“The Bureau of Economic and Business Affairs wants to start a fake Twitter feud. For this feud, we would like to invite you and other similar academic institutions to participate and throw in your own ideas!” the email reads.

The plan clearly has some momentum. According to the email, big names in IP protection are already on board, including the US Patent and Trademark Office, the powerful Copyright Alliance, not to mention the Motion Picture Association of America and the Recording Industry Association of America.

The above groups can call on thousands of individuals to get involved so participation could be significant. Helpfully, the email also suggests how the ‘conflict’ should play out, suggesting various topics and important figures to fire up the debate.

“The week after the 4th of July, when everyone gets back from vacation but will still feel patriotic and summery, we want to tweet an audacious statement like, ‘Bet you couldn’t see the Independence Day fireworks without bifocals; first American diplomat Ben Franklin invented them #bestIPmoment @StateDept’,” the email reads.

As one of the Founding Fathers of the United States, Benjamin Franklin is indeed one of the most important figures in US history. And, as the inventor of not only bifocals, the lighting rod, and myriad other useful devices, his contribution to science and society is unquestionable.

Attaching him to this campaign, however, is a huge faux pas.

Despite inventing swim fins, the Franklin stove, the flexible catheter, a 24-hour three-wheel clock, a long-arm device to reach books from a high shelf, and becoming the first person to use the words “positive” and “negative” to describe electricity,
Franklin refused to patent any of his inventions.

“As we benefit from the inventions of others, we should be glad to share our own…freely and gladly,” he wrote in his autobiography.

It’s abundantly clear that using Franklin as the seed for an IP protection campaign is problematic, to say the least. His inventions have enriched the lives of millions due to his kindness and desire to share.

Who knows what might have happened if patents for bifocals and lightning rods had been aggressively enforced. Certainly, the groups already committed to this campaign wouldn’t have given up such valuable Intellectual Property so easily.

To be fair to the Bureau of Economic and Business Affairs, the decision to use the term “fake Twitter feud” seems more misguided than malicious and it seems unlikely that any conflict could have broken out when all participants are saying the same thing.

That being said, with the Copyright Alliance, MPAA and RIAA on board, the complexion changes somewhat. All three have an extremely tough stance on IP enforcement so will have a key interest in influencing how the “feud” develops and who gets sucked in.

The big question now, however, is if this campaign will now go ahead as laid out in the email. The suggested hashtags (#MostAmericanIP and #BestIPMoment) have little traction so far and now everyone will know that far from being a spontaneous event, the whole thing will have been coordinated. That probably isn’t the best look.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Analysis of Top-N DynamoDB Objects using Amazon Athena and Amazon QuickSight

Post Syndicated from Rendy Oka original https://aws.amazon.com/blogs/big-data/analysis-of-top-n-dynamodb-objects-using-amazon-athena-and-amazon-quicksight/

If you run an operation that continuously generates a large amount of data, you may want to know what kind of data is being inserted by your application. The ability to analyze data intake quickly can be very valuable for business units, such as operations and marketing. For many operations, it’s important to see what is driving the business at any particular moment. For retail companies, for example, understanding which products are currently popular can aid in planning for future growth. Similarly, for PR companies, understanding the impact of an advertising campaign can help them market their products more effectively.

This post covers an architecture that helps you analyze your streaming data. You’ll build a solution using Amazon DynamoDB Streams, AWS Lambda, Amazon Kinesis Firehose, and Amazon Athena to analyze data intake at a frequency that you choose. And because this is a serverless architecture, you can use all of the services here without the need to provision or manage servers.

The data source

You’ll collect a random sampling of tweets via Twitter’s API and store a variety of attributes in your DynamoDB table, such as: Twitter handle, tweet ID, hashtags, location, and Time-To-Live (TTL) value.

In DynamoDB, the primary key is used as an input to an internal hash function. The output from this function determines the partition in which the data will be stored. When using a combination of primary key and sort key as a DynamoDB schema, you need to make sure that no single partition key contains many more objects than the other partition keys because this can cause partition level throttling. For the demonstration in this blog, the Twitter handle will be the primary key and the tweet ID will be the sort key. This allows you to group and sort tweets from each user.

To help you get started, I have written a script that pulls a live Twitter stream that you can use to generate your data. All you need to do is provide your own Twitter Apps credentials, and it should generate the data immediately. Alternatively, I have also provided a script that you can use to generate random Tweets with little effort.

You can find both scripts in the Github repository:

https://github.com/awslabs/aws-blog-dynamodb-analysis

There are some modules that you may need to install to run these scripts. You can find them in Python’s module repository:

To get your own Twitter credentials, go to https://www.twitter.com/ and sign up for a free account, if you don’t already have one. After your account is set up, go to https://apps.twitter.com/. On the main landing page, choose the Create New App button. After the application is created, go to Keys and Access Tokens to get your credentials to use the Twitter API. You’ll need to generate Customer Tokens/Secret and Access Token/Secret. All four keys will be used to authenticate your request.

Architecture overview

Before we begin, let’s take a look at the overall flow of information will look like, from data ingestion into DynamoDB to visualization of results in Amazon QuickSight.

As illustrated in the architecture diagram above, any changes made to the items in DynamoDB will be captured and processed using DynamoDB Streams. Next, a Lambda function will be invoked by a trigger that is configured to respond to events in DynamoDB Streams. The Lambda function processes the data prior to pushing to Amazon Kinesis Firehose, which will output to Amazon S3. Finally, you use Amazon Athena to analyze the streaming data landing in Amazon S3. The result can be explored and visualized in Amazon QuickSight for your company’s business analytics.

You’ll need to implement your custom Lambda function to help transform the raw <key, value> data stored in DynamoDB to a JSON format for Athena to digest, but I can help you with a sample code that you are free to modify.

Implementation

In the following sections, I’ll walk through how you can set up the architecture discussed earlier.

Create your DynamoDB table

First, let’s create a DynamoDB table and enable DynamoDB Streams. This will enable data to be copied out of this table. From the console, use the user_id as the partition key and tweet_id as the sort key:

After the table is ready, you can enable DynamoDB Streams. This process operates asynchronously, so there is no performance impact on the table when you enable this feature. The easiest way to manage DynamoDB Streams is also through the DynamoDB console.

In the Overview tab of your newly created table, click Manage Stream. In the window, choose the information that will be written to the stream whenever data in the table is added or modified. In this example, you can choose either New image or New and old images.

For more details on this process, check out our documentation:

http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html

Configure Kinesis Firehose

Before creating the Lambda function, you need to configure Kinesis Firehose delivery stream so that it’s ready to accept data from Lambda. Open the Firehose console and choose Create Firehose Delivery Stream. From here, choose S3 as the destination and use the following to information to configure the resource. Note the Delivery stream name because you will use it in the next step.

For more details on this process, check out our documentation:

http://docs.aws.amazon.com/firehose/latest/dev/basic-create.html#console-to-s3

Create your Lambda function

Now that Kinesis Firehose is ready to accept data, you can create your Lambda function.

From the AWS Lambda console, choose the Create a Lambda function button and use the Blank Function. Enter a name and description, and choose Python 2.7 as the Runtime. Note your Lambda function name because you’ll need it in the next step.

In the Lambda function code field, you can paste the script that I have written for this purpose. All this function needs is the name of your Firehose stream name set as an environment variable.

import boto3
import json
import os

# Initiate Firehose client
firehose_client = boto3.client('firehose')

def lambda_handler(event, context):
    records = []
    batch   = []
    try :
        for record in event['Records']:
            tweet = {}
            t_stats = '{ "table_name":"%s", "user_id":"%s", "tweet_id":"%s", "approx_post_time":"%d" }\n' \
                      % ( record['eventSourceARN'].split('/')[1], \
                          record['dynamodb']['Keys']['user_id']['S'], \
                          record['dynamodb']['Keys']['tweet_id']['N'], \
                          int(record['dynamodb']['ApproximateCreationDateTime']) )
            tweet["Data"] = t_stats
            records.append(tweet)
        batch.append(records)
        res = firehose_client.put_record_batch(
            DeliveryStreamName = os.environ['firehose_stream_name'],
            Records = batch[0]
        )
        return 'Successfully processed {} records.'.format(len(event['Records']))
    except Exception :
        pass

The handler should be set to lambda_function.lambda_handler and you can use the existing lambda_dynamodb_streams role that’s been created by default.

Enable DynamoDB trigger and start collecting data

Everything is ready to go. Open your table using the DynamoDB console and go to the Triggers tab. Select the Create trigger drop down list and choose Existing Lambda function. In the pop-up window, select the function that you just created, and choose the Create button.

At this point, you can start collecting data with the Python script that I’ve provided. The first one will create a script that will pull public Twitter data and the other will generate fake tweets using Lorem Ipsum text.

Configure Amazon Athena to read the data

Next, you will configure Amazon Athena so that it can read the data Kinesis Firehose outputs to Amazon S3 and allow you to analyze the data as needed. You can connect to Athena directly from the Athena console, and you can establish a connection using JDBC or the Athena API. In this example, I’m going to demonstrate what this looks like on the Athena console.

First, create a new database and a new table. You can do this by running the following two queries. The first query creates a new database:

CREATE DATABASE IF NOT EXISTS ddbtablestats

And the second query creates a new table:

CREATE EXTERNAL TABLE IF NOT EXISTS ddbtablestats.twitterfeed (
    `table_name` string,
    `user_id` string,
    `tweet_id` bigint,
    `approx_post_time` timestamp 
) PARTITIONED BY (
    year string,
    month string,
    day string,
    hour string 
)
ROW FORMAT SERDE 'org.openx.data.jsonserde.JsonSerDe'
WITH SERDEPROPERTIES ('serialization.format' = '1')
LOCATION 's3://myBucket/dynamodb/streams/transactions/'

Note that this table is created using partitions. Partitioning separates your data into logical parts based on certain criteria, such as date, location, language, etc. This allows Athena to selectively pull your data without needing to process the entire data set. This effectively minimizes the query execution time, and it also allows you to have greater control over the data that you want to query.

After the query has completed, you should be able to see the table in the left side pane of the Athena dashboard.

After the database and table have been created, execute the ALTER TABLE query to populate the partitions in your table. Replace the date with the current date when the script was executed.

ALTER TABLE ddbtablestats.TwitterFeed ADD IF NOT EXISTS
PARTITION (year='2017',month='05',day='17',hour='01') location 's3://myBucket/dynamodb/streams/transactions/2017/05/17/01/'

Using the Athena console, you’ll need to manually populate each partition for each additional partition that you’d like to analyze, however you can programmatically automate this process by using the JDBC driver or any AWS SDK of your choice.

For more information on partitioning in Athena, check out our documentation:

http://docs.aws.amazon.com/athena/latest/ug/partitions.html

Querying the data in Amazon Athena

This is it! Let’s run this query to see the top 10 most active Twitter users in the last 24 hours. You can do this from the Athena console:

SELECT user_id, COUNT(DISTINCT tweet_id) tweets FROM ddbTableStats.TwitterFeed
WHERE year='2017' AND month='05' AND day='17'
GROUP BY user_id
ORDER BY tweets DESC
LIMIT 10

The result should look similar to the following:

Linking Athena to Amazon QuickSight

Finally, to make this data available to a larger audience, let’s visualize this data in Amazon QuickSight. Amazon QuickSight provides native connectivity to AWS data sources such as Amazon Redshift, Amazon RDS, and Amazon Athena. Amazon QuickSight can also connect to on-premises databases, Excel, or CSV files, and it can connect to cloud data sources such as Salesforce.com. For this solution, we will connect Amazon QuickSight to the Athena table we just created.

Amazon QuickSight has a free tier that provides 1 user and 1GB of SPICE (Superfast Parallel In-memory Calculated Engine) capacity free. So you can sign up and use QuickSight free of charge.

When you are signing up for Amazon QuickSight, ensure that you grant permissions for QuickSight to connect to Athena and the S3 bucket where the data is stored.

After you’ve signed up, navigate to the new analysis button, and choose new data set, and then select the Athena data source option. Create a new name for your data source and proceed to the next prompt. At this point, you should see the Athena table you created earlier.

Choose the option to import the data to SPICE for a quicker analysis. SPICE is an in-memory optimized calculation engine that is designed for quick data visualization through parallel processing. SPICE also enables you to refresh your data sets at a regular interval or on-demand as you want.

In the dialog box, confirm this data set creation, and you’ll arrive on the landing page where you can start building your graph. The X-axis will represent the user_id and the Value will be used to represent the SUM total of the tweets from each user.

The Amazon QuickSight report looks like this:

Through this visualization, I can easily see that there are 3 users that tweeted over 20 times that day and that the majority of the users have fewer than 10 tweets that day. I can also set up a scheduled refresh of my SPICE dataset so that I have a dashboard that is regularly updated with the latest data.

Closing thoughts

Here are the benefits that you can gain from using this architecture:

  1. You can optimize the design of your DynamoDB schema that follows AWS best practice recommendations.
  1. You can run analysis and data intelligence in order to understand the current customer demands for your business.
  1. You can store incremental backup for future auditing.

The flexibility of our AWS services invites you to create and design the ideal workflow for your production at any scale, and, as always, if you ever need some guidance, don’t hesitate to reach out to us.I  hope this has been helpful to you! Please leave any questions and comments below.

 


Additional Reading

Learn how to analyze VPC Flow Logs with Amazon Kinesis Firehose, Amazon Athena, and Amazon QuickSight.


About the Author

Rendy Oka is a Big Data Support Engineer for Amazon Web Services. He provides consultations and architectural designs and partners with the TAMs, Solution Architects, and AWS product teams to help develop solutions for our customers. He is also a team lead for the big data support team in Seattle. Rendy has traveled to dozens of countries around the world and takes every opportunity to experience the local culture wherever he goes

 

 

 

 

NonPetya: no evidence it was a "smokescreen"

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/06/nonpetya-no-evidence-it-was-smokescreen.html

Many well-regarded experts claim that the not-Petya ransomware wasn’t “ransomware” at all, but a “wiper” whose goal was to destroy files, without any intent at letting victims recover their files. I want to point out that there is no real evidence of this.

Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.

But these things aren’t evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.

The simplest, Occam’s Razor explanation explanation is that they were simple mistakes. Such mistakes are common among ransomware. We think of virus writers as professional software developers who thoroughly test their code. Decades of evidence show the opposite, that such software is of poor quality with shockingly bad bugs.

It’s true that effectively, nPetya is a wiper. Matthieu Suiche‏ does a great job describing one flaw that prevents it working. @hasherezade does a great job explaining another flaw.  But best explanation isn’t that this is intentional. Even if these bugs didn’t exist, it’d still be a wiper if the perpetrators simply ignored the decryption requests. They need not intentionally make the decryption fail.

Thus, the simpler explanation is that it’s simply a bug. Ransomware authors test the bits they care about, and test less well the bits they don’t. It’s quite plausible to believe that just before shipping the code, they’d add a few extra features, and forget to regression test the entire suite. I mean, I do that all the time with my code.

Some have pointed to the sophistication of the code as proof that such simple errors are unlikely. This isn’t true. While it’s more sophisticated than WannaCry, it’s about average for the current state-of-the-art for ransomware in general. What people think of, such the Petya base, or using PsExec to spread throughout a Windows domain, is already at least a year old.

Indeed, the use of PsExec itself is a bit clumsy, when the code for doing the same thing is already public. It’s just a few calls to basic Windows networking APIs. A sophisticated virus would do this itself, rather than clumsily use PsExec.

Infamy doesn’t mean skill. People keep making the mistake that the more widespread something is in the news, the more skill, the more of a “conspiracy” there must be behind it. This is not true. Virus/worm writers often do newsworthy things by accident. Indeed, the history of worms, starting with the Morris Worm, has been things running out of control more than the author’s expectations.

What makes nPetya newsworthy isn’t the EternalBlue exploit or the wiper feature. Instead, the creators got lucky with MeDoc. The software is used by every major organization in the Ukraine, and at the same time, their website was horribly insecure — laughably insecure. Furthermore, it’s autoupdate feature didn’t check cryptographic signatures. No hacker can plan for this level of widespread incompetence — it’s just extreme luck.

Thus, the effect of bumbling around is something that hit the Ukraine pretty hard, but it’s not necessarily the intent of the creators. It’s like how the Slammer worm hit South Korea pretty hard, or how the Witty worm hit the DoD pretty hard. These things look “targeted”, especially to the victims, but it was by pure chance (provably so, in the case of Witty).

Certainly, MeDoc was targeted. But then, targeting a single organization is the norm for ransomware. They have to do it that way, giving each target a different Bitcoin address for payment. That it then spread to the entire Ukraine, and further, is the sort of thing that typically surprises worm writers.

Finally, there’s little reason to believe that there needs to be a “smokescreen”. Russian hackers are targeting the Ukraine all the time. Whether Russian hackers are to blame for “ransomware” vs. “wiper” makes little difference.

Conclusion

We know that Russian hackers are constantly targeting the Ukraine. Therefore, the theory that this was nPetya’s goal all along, to destroy Ukraines computers, is a good one.

Yet, there’s no actual “evidence” of this. nPetya’s issues are just as easily explained by normal software bugs. The smokescreen isn’t needed. The boot record bug isn’t needed. The single email address that was shutdown isn’t significant, since half of all ransomware uses the same technique.

The experts who disagree with me are really smart/experienced people who you should generally trust. It’s just that I can’t see their evidence.

Update: I wrote another blogpost about “survivorship bias“, refuting the claim by many experts talking about the sophistication of the spreading feature.


Update: comment asks “why is there no Internet spreading code?”. The answer is “I don’t know”, but unanswerable questions aren’t evidence of a conspiracy. “What aren’t there any stars in the background?” isn’t proof the moon landings are fake, such because you can’t answer the question. One guess is that you never want ransomware to spread that far, until you’ve figured out how to get payment from so many people.

Scammers Pick Up NYAA Torrents Domain Name

Post Syndicated from Ernesto original https://torrentfreak.com/scammers-pick-up-nyaa-torrents-domain-name-170624/

For years NYAA Torrents was heralded as one of the top sources for anime content, serving an audience of millions of users.

This changed abruptly early last month when the site’s domain names were deactivated and stopped working.

TorrentFreak heard from several people, including site moderators and other people close to the site, that NYAA’s owner decided to close the site voluntarily. However, no comments were made in public.

While many former users moved on to other sites, some started to see something familiar when they checked their old bookmarks this week. All of a sudden, NYAA.eu was loading just fine, albeit with a twist.

“Due to the regulation & security issues with Bittorrent, the Nyaa Team has decided to move from torrent to a faster & secure part of the internet!” a message posted on the site reads.

Instead, the site says it’s going underground, encouraging visitors to download the brand new free “binary client.” At the same time, it warns against ‘fake’ NYAA sites.

“We wish we could keep up the torrent tracker, but it is to risky for our torrent crew as well as for our fans. Nyaa.se has been shut down as well. All other sites claiming to be the new Nyaa are Fake!”

Fake NYAA

The truth is, however, that the site itself is “fake.” After the domain name was deactivated it was put back into rotation by the .EU registry, allowing outsiders to pick it up. These people are now trying to monetize it with their download offer.

According to the Whois information, NYAA.eu is registered to the German company Goodlabs, which specializes in domain name monetization.

The client download link on the site points to a Goo.gl shorturl, which in turn redirects to an affiliate link for a Usenet service. At least, last time we checked.

The people who registered the domain hope that people will sign up there, assuming that it’s somehow connected to the old NYAA crew.

Thus far, over 27,000 people have clicked on the link in just a few days. This means that the domain name still generates significant traffic, mostly from Japan, The United States, and France.

While it is likely new to former NYAA users, this type of scam is pretty common. There are a few file-sharing related domains with similar messages, including Demonoid.to, Isohunts.to, All4nothin.net, Torrenthounds.com, Proxyindex.net, Ddgamez.com and many others.

Some offer links to affiliate deals and others point to direct downloads of .exe files. It’s safe to say, that it’s best to stay far away from all of these.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

US Embassy Threatens to Close Domain Registry Over ‘Pirate Bay’ Domain

Post Syndicated from Andy original https://torrentfreak.com/us-embassy-threatens-to-close-domain-registry-over-pirate-bay-domain-170620/

Domains have become an integral part of the piracy wars and no one knows this better than The Pirate Bay.

The site has burned through numerous domains over the years, with copyright holders and authorities successfully pressurizing registries to destabilize the site.

The latest news on this front comes from the Central American country of Costa Rica, where the local domain registry is having problems with the United States government.

The drama is detailed in a letter to ICANN penned by Dr. Pedro León Azofeifa, President of the Costa Rican Academy of Science, which operates NIC Costa Rica, the registry in charge of local .CR domain names.

Azofeifa’s letter is addressed to ICANN board member Thomas Schneider and pulls no punches. It claims that for the past two years the United States Embassy in Costa Rica has been pressuring NIC Costa Rica to take action against a particular domain.

“Since 2015, the United Estates Embassy in Costa Rica, who represents the interests of the United States Department of Commerce, has frequently contacted our organization regarding the domain name thepiratebay.cr,” the letter to ICANN reads.

“These interactions with the United States Embassy have escalated with time and include great pressure since 2016 that is exemplified by several phone calls, emails, and meetings urging our ccTLD to take down the domain, even though this would go against our domain name policies.”

The letter states that following pressure from the US, the Costa Rican Ministry of Commerce carried out an investigation which concluded that not taking down the domain was in line with best practices that only require suspensions following a local court order. That didn’t satisfy the United States though, far from it.

“The representative of the United States Embassy, Mr. Kevin Ludeke, Economic Specialist, who claims to represent the interests of the US Department of
Commerce, has mentioned threats to close our registry, with repeated harassment
regarding our practices and operation policies,” the letter to ICANN reads.

Ludeke is indeed listed on the US Embassy site for Costa Rica. He’s also referenced in a 2008 diplomatic cable leaked previously by Wikileaks. Contacted via email, Ludeke did not immediately respond to TorrentFreak’s request for comment.

Extract from the letter to ICANN

Surprisingly, Azofeifa says the US representative then got personal, making negative comments towards his Executive Director, “based on no clear evidence or statistical data to support his claims, as a way to pressure our organization to take down the domain name without following our current policies.”

Citing the Tunis Agenda for the Information Society of 2005, Azofeifa asserts that “policy authority for Internet-related public policy issues is the sovereign right of the States,” which in Costa Rica’s case means that there must be “a final judgment from the Courts of Justice of the Republic of Costa Rica” before the registry will suspend a domain.

But it seems legal action was not the preferred route of the US Embassy. Demanding that NIC Costa Rica take unilateral action, Mr. Ludeke continued with “pressure and harassment to take down the domain name without its proper process and local court order.”

Azofeifa’s letter to ICANN, which is cc’d to Stafford Fitzgerald Haney, United States Ambassador to Costa Rica and various people in the Costa Rican Ministry of Commerce, concludes with a request for suggestions on how to deal with the matter.

While the response should prove very interesting, none of the parties involved appear to have noticed that ThePirateBay.cr isn’t officially connected to The Pirate Bay

The domain and associated site appeared in the wake of the December 2014 shut down of The Pirate Bay, claiming to be the real deal and even going as far as making fake accounts in the names of famous ‘pirate’ groups including ettv and YIFY.

Today it acts as an unofficial and unaffiliated reverse proxy to The Pirate Bay while presenting the site’s content as its own. It’s also affiliated with a fake KickassTorrents site, Kickass.cd, which to this day claims that it’s a reincarnation of the defunct torrent giant.

But perhaps the most glaring issue in this worrying case is the apparent willingness of the United States to call out Costa Rica for not doing anything about a .CR domain run by third parties, when the real Pirate Bay’s .org domain is under United States’ jurisdiction.

Registered by the Public Interest Registry in Reston, Virginia, ThePirateBay.org is the famous site’s main domain. TorrentFreak asked PIR if anyone from the US government had ever requested action against the domain but at the time of publication, we had received no response.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Fake News As A Service (FNaaS?) – $400k To Rig An Election

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/UqEqmi9y3oY/

This is pretty interesting, the prices for Fake News as a Service have come out after some research by Trend Micro, imagine that you can create a fake celebrity with 300,000 followers for only $2,600. Now we all know this Fake News thing has been going on for a while, and of course, if it’s […]

The post Fake News As A Service (FNaaS?)…

Read the full post at darknet.org.uk

Team DIMENSION Returns to The Piracy Scene

Post Syndicated from Ernesto original https://torrentfreak.com/team-dimension-returns-to-the-piracy-scene-170608/

In April, one of the best known TV Scene groups suddenly disappeared.

DIMENSION has been a high profile name for over a decade, both in the Scene and on torrent sites, good for tens of thousands of TV-show releases.

Nearly two months had passed since the sudden disappearance and most followers had already said their virtual goodbyes. Out of nowhere, however, several new DIMENSION releases began popping up this week.

It started with a Gotham episode on Tuesday, followed by Angie Tribeca and Pretty Little Liars. The sudden reapparance came without a public explanation, but it’s pretty clear that the group is back in full swing.

DIMENSION returns

The question remains why the group was absent for so long and if the old crew is intact. TorrentFreak spoke to a source who says that the leader and several top members are no longer with the group.

A recent Scene notice titled “Farewell.To.Team-DIMENSION” appeared to confirm that there were internal struggles in the group. However, this appears to be fake, as it was copied from an earlier notice.

Still, there is no doubt that DIMENSION (and the associated LOL “group,” which releases the SD versions) has picked up where it left a few weeks ago, with new TV-releases coming out on a regular basis.

And while reputation is key in the Scene, the average downloader probably can’t be bothered by internal troubles and politics.

They just want their TV fix.

Pirate responses to the comeback

Update: The Scene notice referred to in this article is fake, we updated the article to reflect this.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Online Platforms Should Collaborate to Ban Piracy and Terrorism, Report Suggests

Post Syndicated from Andy original https://torrentfreak.com/online-platforms-collaborate-ban-piracy-terrorism-report-suggests-170608/

With deep ties to the content industries, the Digital Citizens Alliance periodically produces reports on Internet piracy. It has published reports on cyberlockers and tried to blame Cloudflare for the spread of malware, for example.

One of the key themes pursued by DCA is that Internet piracy is inextricably linked to a whole bunch of other online evils and that tackling the former could deliver a much-needed body blow to the latter.

Its new report, titled ‘Trouble in Our Digital Midst’, takes this notion and runs with it, bundling piracy with everything from fake news to hacking, to malware and brand protection, to the sextortion of “young girls and boys” via their computer cameras.

The premise of the report is that cybercrime as a whole is undermining America’s trust in the Internet, noting that 64% of US citizens say that their trust in digital platforms has dropped in the last year. Given the topics under the spotlight, it doesn’t take long to see where this is going – Internet platforms like Google, Facebook and YouTube must tackle the problem.

“When asked, ‘In your opinion, are digital platforms doing enough to keep the Internet safe and trustworthy, or are do they need to do more?’ a staggering 75 percent responded that they need to do more to keep the Internet safe,” the report notes.

It’s abundantly clear that the report is mostly about piracy but a lot of effort has been expended to ensure that people support its general call for the Internet to be cleaned up. By drawing attention to things that even most pirates might find offensive, it’s easy to find more people in agreement.

“Nearly three-quarters of respondents see the pairing of brand name advertising with offensive online content – like ISIS/terrorism recruiting videos – as a threat to the continued trust and integrity of the Internet,” the report notes.

Of course, this is an incredibly sensitive topic. When big brand ads turned up next to terrorist recruiting videos on YouTube, there was an almighty stink, and rightly so. However, at every turn, the DCA report manages to weave the issue of piracy into the equation, noting that the problem includes the “$200 million in advertising that shows up on illegal content theft websites often unbeknownst to the brands.”

The overriding theme is that platforms like Google, Facebook, and YouTube should be able to tackle all of these problems in the same way. Filtering out a terrorist video is the same as removing a pirate movie. And making sure that ads for big brands don’t appear alongside terrorist videos will be just as easy as starving pirates of revenue, the suggestion goes.

But if terrorism doesn’t grind your gears, what about fake news?

“64 percent of Americans say that the Fake News issue has made them less likely to trust the Internet as a source of information,” the report notes.

At this juncture, Facebook gets a gentle pat on the back for dealing with fake news and employing 3,000 people to monitor for violent videos being posted to the network. This shows that the company “takes seriously” the potential harm bad actors pose to Internet safety. But in keeping with the theme running throughout the report, it’s clear DCA are carefully easing in the thin end of the wedge.

“We are at only the beginning of thinking through other kinds of illicit and illegal activity happening on digital platforms right now that we must gain or re-gain control over,” DCA writes.

Quite. In the very next sentence, the group goes on to warn about the sale of drugs and stolen credit cards, adding that the sale of illicit streaming devices (modified Kodi boxes etc) is actually an “insidious yet effective delivery mechanism to infect computers with malware such as Remote Access Trojans.”

Both Amazon and Facebook receive praise in the report for their recent banning (1,2) of augmented Kodi devices but their actions are actually framed as the companies protecting their own reputations, rather than the interests of the media groups that have been putting them under pressure.

“And though this issue underscores the challenges faced by digital platforms – not all of which act with the same level of responsibility – it also highlights the fact digital platforms can and will step up when their own brands are at stake,” the report reads.

But pirate content and Remote Access Trojans through Kodi boxes are only the beginning. Pirate sites are playing a huge part as well, DCA claims, with one in three “content theft websites” exposing people to identify theft, ransomware, and sextortion via “the computer cameras of young girls and boys.”

Worst still, if that was possible, the lack of policing by online platforms means that people are able to “showcase live sexual assaults, murders, and other illegal conduct.”

DCA says that with all this in mind, Americans are looking for online digital platforms to help them. The group claims that citizens need proactive protection from these ills and want companies like Facebook to take similar steps to those taken when warning consumers about fake news and violent content.

So what can be done to stop this tsunami of illegality? According to DCA, platforms like Google, Facebook, YouTube, and Twitter need to up their game and tackle the problem together.

“While digital platforms collaborate on policy and technical issues, there is no evidence that they are sharing information about the bad actors themselves. That enables criminals and bad actors to move seamlessly from platform to platform,” DCA writes.

“There are numerous examples of industry working together to identify and share information about exploitive behavior. For example, casinos share information about card sharks and cheats, and for decades the retail industry has shared information about fraudulent credit cards. A similar model would enable digital platforms and law enforcement to more quickly identify and combat those seeking to leverage the platforms to harm consumers.”

How this kind of collaboration could take place in the real world is open to interpretation but the DCA has a few suggestions of its own. Again, it doesn’t shy away from pulling people on side with something extremely offensive (in this case child pornography) in order to push what is clearly an underlying anti-piracy agenda.

“With a little help from engineers, digital platforms could create fingerprints of unlawful conduct that is shared across platforms to proactively block such conduct, as is done in a limited capacity with child pornography,” DCA explains.

“If these and other newly developed measures were adopted, digital platforms would have the information to enable them to make decisions whether to de-list or demote websites offering illicit goods and services, and the ability to stop the spread of illegal behavior that victimizes its users.”

The careful framing of the DCA report means that there’s something for everyone. If you don’t agree with them on tackling piracy, then their malware, fake news, or child exploitation angles might do the trick. It’s quite a clever strategy but one that the likes of Google, Facebook, and YouTube will recognize immediately.

And they need to – because apparently, it’s their job to sort all of this out. Good luck with that.

The full report can be found here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Symantec Patent Protects Torrent Users Against Malware

Post Syndicated from Ernesto original https://torrentfreak.com/symantec-patent-protects-torrent-users-against-malware-170606/

In recent years we have documented a wide range of patent applications, several of which had a clear anti-piracy angle.

Symantec Corporation, known for the popular anti-virus software Norton Security, is taking a more torrent-friendly approach. At least, that’s what a recently obtained patent suggests.

The patent describes a system that can be used to identify fake torrents and malware-infected downloads, which are a common problem on badly-moderated torrent sites. Downloaders of these torrents are often redirected to scam websites or lured into installing malware.

Here’s where Symantec comes in with their automatic torrent moderating solution. Last week the company obtained a patent for a system that can rate the trustworthiness of torrents and block suspicious content to protect users.

“While the BitTorrent protocol represents a popular method for distributing files, this protocol also represents a common means for distributing malicious software. Unfortunately, torrent hosting sites generally fail to provide sufficient information to reliably predict whether such files are trustworthy,” the patent reads.

Unlike traditional virus scans, where the file itself is scanned for malicious traits, the patented technology uses a reputation score to make the evaluation.

The trustworthiness of torrents is determined by factors including the reputation of the original uploaders, torrent sites, trackers and other peers. For example, if an IP-address of a seeder is linked to several malicious torrents, it will get a low reputation score.

“For example, if an entity has been involved in several torrent transactions that involved malware-infected target files, the reputation information associated with the entity may indicate that the entity has a poor reputation, indicating a high likelihood that the target file represents a potential security risk,” Symantec notes.

In contrast, if a torrent is seeded by a user that only shares non-malicious files, the trustworthiness factor goes up.

Reputation information

If a torrent file has a high likelihood of being linked to malware or other malicious content, the system can take appropriate “security actions.” This may be as simple as deleting the suspicious torrent, or a more complex respone such as blocking all related network traffic.

“Examples of such security actions include, without limitation, alerting a user of the potential security risk, blocking access to the target file until overridden by the user, blocking network traffic associated with the torrent transaction, quarantining the target file, and/or deleting the target file,” Symantec writes.

Security actions

Symantec Corporation applied for the pattern nearly four years ago, but thus far we haven’t seen it used in the real world.

Many torrent users would likely appreciate an extra layer of security, although they might be concerned about overblocking and possible monitoring of their download habits. This means that, for now, they will have to rely on site moderators, and most importantly, common sense.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.