Tag Archives: ransom

Court Orders Aussie ISPs to Block Dozens of Pirate Sites

Post Syndicated from Ernesto original https://torrentfreak.com/court-orders-aussie-isps-to-block-dozens-of-pirate-sites-170818/

Rather than taking site operators to court, copyright holders increasingly demand that Internet providers should block access to ‘pirate’ domains.

As a result, courts all around the world have ordered ISPs to block subscriber access to various pirate sites.

This is also happening in Australia where the first blockades were issued late last year. In December, the Federal Court ordered ISPs to block The Pirate Bay and several other sites, which happened soon after.

However, as is often the case with website blocking, one order is not enough as there are still plenty of pirate sites and proxies readily available. So, several rightsholders including movie studio Village Roadshow and local broadcaster Foxtel went back to court.

Today the Federal Court ruled on two applications that cover 59 pirate sites in total, including many popular torrent and streaming portals.

The first order was issued by Justice John Nicholas, who directed several Internet providers including IINet, Telstra, and TPG to block access to several pirate sites. The request came from Village Roadshow, which was backed by several major Hollywood studios.

The order directs the ISPs to stop passing on traffic to 41 torrent and streaming platforms including Demonoid, RARBG, EZTV, YTS, Gomovies, and Fmovies. The full list of blocked domains is even longer, as it also covers several proxies.

“The infringement or facilitation of infringement by the Online Locations is flagrant and reflect a blatant disregard for the rights of copyright owners,” the order reads.

“By way of illustration, one of the Online Locations is accessible via the domain name ‘istole.it’ and it and many others include notices encouraging users to implement technology to frustrate any legal action that might be taken by copyright owners.”

In a separate order handed down by Federal Court Judge Stephen Burley, another 17 sites are ordered blocked following a request from Foxtel. This includes popular pirate sites such as 1337x, Torlock, Putlocker, YesMovies, Vumoo, and LosMovies.

The second order also includes a wide variety of alternative locations, including proxies, which brings the total number of targeted domain names to more than 160.

As highlighted by SHM, the orders coincide with the launch of a new anti-piracy campaign dubbed “The Price of Piracy,” which is organized by Creative Content Australia. Lori Flekser, Executive director of the non-profit organization, believes that the blockades will help to significantly deter piracy.

“Not only is there decreasing traffic to pirate sites but there is a subsequent increase in traffic to legal sites,” she said.

At the same time, she warns people not to visit proxy and mirror sites, as these could be dangerous. This message is also repeated by her organization’s campaign, which warns that pirate sites can be filled with ransomware, spyware, trojans, viruses, bots, rootkits and worms.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS Partner Webinar Series – August 2017

Post Syndicated from Ana Visneski original https://aws.amazon.com/blogs/aws/aws-partner-webinar-series-august-2017/

We love bringing our customers helpful information and we have another cool series we are excited to tell you about. The AWS Partner Webinar Series is a selection of live and recorded presentations covering a broad range of topics at varying technical levels and scale. A little different from our AWS Online TechTalks, each AWS Partner Webinar is hosted by an AWS solutions architect and an AWS Competency Partner who has successfully helped customers evaluate and implement the tools, techniques, and technologies of AWS.

Check out this month’s webinars and let us know which ones you found the most helpful! All schedule times are shown in the Pacific Time (PDT) time zone.

Security Webinars

Sophos
Seeing More Clearly: ATLO Software Secures Online Training Solutions for Correctional Facilities with SophosUTM on AWS Link.
August 17th, 2017 | 10:00 AM PDT

F5
F5 on AWS: How MailControl Improved their Application Visibility and Security
August 23, 2017 | 10:00 AM PDT

Big Data Webinars

Tableau, Matillion, 47Lining, NorthBay
Unlock Insights and Reduce Costs by Modernizing Your Data Warehouse on AWS
August 22, 2017 | 10:00 AM PDT

Storage Webinars

StorReduce
How Globe Telecom does Primary Backups via StorReduce to the AWS Cloud
August 29, 2017 | 8:00 AM PDT

Commvault
Moving Forward Faster: How Monash University Automated Data Movement for 3500 Virtual Machines to AWS with Commvault
August 29, 2017 | 1:00 PM PDT

Dell EMC
Moving Forward Faster: Protect Your Workloads on AWS With Increased Scale and Performance
August 30, 2017 | 11:00 AM PDT

Druva
How Hatco Protects Against Ransomware with Druva on AWS
September 13, 2017 | 10:00 AM PDT

Piracy Narrative Isn’t About Ethics Anymore, It’s About “Danger”

Post Syndicated from Andy original https://torrentfreak.com/piracy-narrative-isnt-about-ethics-anymore-its-about-danger-170812/

Over the years there have been almost endless attempts to stop people from accessing copyright-infringing content online. Campaigns have come and gone and almost two decades later the battle is still ongoing.

Early on, when panic enveloped the music industry, the campaigns centered around people getting sued. Grabbing music online for free could be costly, the industry warned, while parading the heads of a few victims on pikes for the world to see.

Periodically, however, the aim has been to appeal to the public’s better nature. The idea is that people essentially want to do the ‘right thing’, so once they understand that largely hard-working Americans are losing their livelihoods, people will stop downloading from The Pirate Bay. For some, this probably had the desired effect but millions of people are still getting their fixes for free, so the job isn’t finished yet.

In more recent years, notably since the MPAA and RIAA had their eyes blacked in the wake of SOPA, the tone has shifted. In addition to educating the public, torrent and streaming sites are increasingly being painted as enemies of the public they claim to serve.

Several studies, largely carried out on behalf of the Digital Citizens Alliance (DCA), have claimed that pirate sites are hotbeds of malware, baiting consumers in with tasty pirate booty only to offload trojans, viruses, and God-knows-what. These reports have been ostensibly published as independent public interest documents but this week an advisor to the DCA suggested a deeper interest for the industry.

Hemanshu Nigam is a former federal prosecutor, ex-Chief Security Officer for News Corp and Fox Interactive Media, and former VP Worldwide Internet Enforcement at the MPAA. In an interview with Deadline this week, he spoke about alleged links between pirate sites and malware distributors. He also indicated that warning people about the dangers of pirate sites has become Hollywood’s latest anti-piracy strategy.

“The industry narrative has changed. When I was at the MPAA, we would tell people that stealing content is wrong and young people would say, yeah, whatever, you guys make a lot of money, too bad,” he told the publication.

“It has gone from an ethical discussion to a dangerous one. Now, your parents’ bank account can be raided, your teenage daughter can be spied on in her bedroom and extorted with the footage, or your computer can be locked up along with everything in it and held for ransom.”

Nigam’s stance isn’t really a surprise since he’s currently working for the Digital Citizens Alliance as an advisor. In turn, the Alliance is at least partly financed by the MPAA. There’s no suggestion whatsoever that Nigam is involved in any propaganda effort, but recent signs suggest that the DCA’s work in malware awareness is more about directing people away from pirate sites than protecting them from the alleged dangers within.

That being said and despite the bias, it’s still worth giving experts like Nigam an opportunity to speak. Largely thanks to industry efforts with brands, pirate sites are increasingly being forced to display lower-tier ads, which can be problematic. On top, some sites’ policies mean they don’t deserve any visitors at all.

In the Deadline piece, however, Nigam alleges that hackers have previously reached out to pirate websites offering $200 to $5000 per day “depending on the size of the pirate website” to have the site infect users with malware. If true, that’s a serious situation and people who would ordinarily use ‘pirate’ sites would definitely appreciate the details.

For example, to which sites did hackers make this offer and, crucially, which sites turned down the offer and which ones accepted?

It’s important to remember that pirates are just another type of consumer and they would boycott sites in a heartbeat if they discovered they’d been paid to infect them with malware. But, as usual, the claims are extremely light in detail. Instead, there’s simply a blanket warning to stay away from all unauthorized sites, which isn’t particularly helpful.

In some cases, of course, operational security will prevent some details coming to light but without these, people who don’t get infected on a ‘pirate’ site (the vast majority) simply won’t believe the allegations. As the author of the Deadline piece pointed out, it’s a bit like Reefer Madness all over again.

The point here is that without hard independent evidence to back up these claims, with reports listing sites alongside the malware they’ve supposed to have spread and when, few people will respond to perceived scaremongering. Free content trumps a few distant worries almost every time, whether that involves malware or the threat of a lawsuit.

It’ll be up to the DCA and their MPAA paymasters to consider whether the approach is working but thus far, not even having government heavyweights on board has helped.

Earlier this year the DCA launched a video campaign, enrolling 15 attorney generals to publish their own anti-piracy PSAs on YouTube. Thus far, interest has been minimal, to say the least.

At the time of writing the 15 PSAs have 3,986 views in total, with 2,441 of those contributed by a single video contributed by Wisconsin Attorney General Brad Schimel. Despite the relative success, even that got slammed with 2 upvotes and 127 downvotes.

A few of the other videos have a couple of hundred views each but more than half have less than 70. Perhaps most worryingly for the DCA, apart from the Schimel PSA, none have any upvotes at all, only down. It’s unclear who the viewers were but it seems reasonable to conclude they weren’t entertained.

The bottom line is nobody likes malware or having their banking details stolen but yet again, people who claim to have the public interest at heart aren’t actually making a difference on the ground. It could be argued that groups advocating online safety should be publishing guides on how to stay protected on the Internet period, not merely advising people to stay away from certain sites.

But of course, that wouldn’t achieve the goals of the MPAA Digital Citizens Alliance.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

More on the Vulnerabilities Equities Process

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/more_on_the_vul_1.html

Richard Ledgett — a former Deputy Director of the NSA — argues against the US government disclosing all vulnerabilities:

Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sense — but it is a gross oversimplification of the problem, one that not only would not have the desired effect but that also would be dangerous.

Actually, he doesn’t make that argument at all. He basically says that security is a lot more complicated than finding and disclosing vulnerabilities — something I don’t think anyone disagrees with. His conclusion:

Malicious software like WannaCry and Petya is a scourge in our digital lives, and we need to take concerted action to protect ourselves. That action must be grounded in an accurate understanding of how the vulnerability ecosystem works. Software vendors need to continue working to build better software and to provide patching support for software deployed in critical infrastructure. Customers need to budget and plan for upgrades as part of the going-in cost of IT, or for compensatory measures when upgrades are impossible. Those who discover vulnerabilities need to responsibly disclose them or, if they are retained for national security purposes, adequately safeguard them. And the partnership of intelligence, law enforcement and industry needs to work together to identify and disrupt actors who use these vulnerabilities for their criminal and destructive ends. No single set of actions will solve the problem; we must work together to protect ourselves. As for blame, we should place it where it really lies: on the criminals who intentionally and maliciously assembled this destructive ransomware and released it on the world.

I don’t think anyone would argue with any of that, either. The question is whether the US government should prioritize attack over defense, and security over surveillance. Disclosing, especially in a world where the secrecy of zero-day vulnerabilities is so fragile, greatly improves the security of our critical systems.

Hackers Leak More Confidential Game of Thrones Files

Post Syndicated from Ernesto original https://torrentfreak.com/hackers-leak-more-confidential-game-of-thrones-files-170808/

Last week, news broke that a hacker, or hackers, had compromised the network of the American cable and television network HBO.

Those responsible sent out an email to reporters, announcing the prominent breach, and leaked files surfaced on the dedicated website Winter-leak.com.

While the latter is no longer accessible, the hackers are not done yet. Another curated batch of leaked files has now appeared online, revealing more Game of Thrones spoilers, marketing plans, and other confidential HBO files.

The first leak put a preliminary outline of the fourth episode of the current Game of Thrones season in the spotlight, and the second batch follows up with the same for the upcoming fifth episode.

Although the outline was prepared over a year ago, it likely contains various accurate spoilers, which we won’t repeat here.

Preliminary outline S07E05

The new data dump, which is a subsection of the 1.5 terabytes of data the hackers claimed to have in their possession, also lists a variety of other Game of Thrones related files.

Among other items, there’s a confidential cast list for the current season, a highly confidential “Game of Ideas” brief, an outline of GoT marketing strategies, and a Game of Thrones roadmap. The information all appears to be a few months old.

The hackers took a screenshot of several folders, where the files may have been taken from, as seen below.

Folders screenshot

In addition, the hackers provided ‘proof’ that they have emails, which according to AP point to HBO’s vice president for film programming Leslie Cohen.

Finally, the new batch contains a video letter to HBO CEO Richard Plepler, titled “First letter to HBO,” where a certain Mr. Smith takes credit for the hack. The letter offered to keep the information away from the public, in exchange for a ransom payment.

First letter to HBO

For spoiler-eager Game of Thrones fans the hack is a true treasure trove. However, like the first batch, no leaked episodes are included. And, based on another screenshot, these are probably not on the way either.

A “Series Screenshot” includes a list of likely compromised titles, such as The Deviant Ones and the previously leaked Barry, Ballers, and Room 104, but no Game of Thrones.

A leak of the fourth GoT episode did appear online late last week, but this wasn’t linked to the breach of HBO’s network. Still, HBO is likely not amused and will do everything in its power to catch those responsible.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top Ten Ways to Protect Yourself Against Phishing Attacks

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/top-ten-ways-protect-phishing-attacks/

It’s hard to miss the increasing frequency of phishing attacks in the news. Earlier this year, a major phishing attack targeted Google Docs users, and attempted to compromise at least one million Google Docs accounts. Experts say the “phish” was convincing and sophisticated, and even people who thought they would never be fooled by a phishing attack were caught in its net.

What is phishing?

Phishing attacks use seemingly trustworthy but malicious emails and websites to obtain your personal account or banking information. The attacks are cunning and highly effective because they often appear to come from an organization or business you actually use. The scam comes into play by tricking you into visiting a website you believe belongs to the trustworthy organization, but in fact is under the control of the phisher attempting to extract your private information.

Phishing attacks are once again in the news due to a handful of high profile ransomware incidents. Ransomware invades a user’s computer, encrypts their data files, and demands payment to decrypt the files. Ransomware most often makes its way onto a user’s computer through a phishing exploit, which gives the ransomware access to the user’s computer.

The best strategy against phishing is to scrutinize every email and message you receive and never to get caught. Easier said than done—even smart people sometimes fall victim to a phishing attack. To minimize the damage in an event of a phishing attack, backing up your data is the best ultimate defense and should be part of your anti-phishing and overall anti-malware strategy.

How do you recognize a phishing attack?

A phishing attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem with your account. When users respond with the requested information, attackers can use it to gain access to the accounts.

The image below is a mockup of how a phishing attempt might appear. In this example, courtesy of Wikipedia, the bank is fictional, but in a real attempt the sender would use an actual bank, perhaps even the bank where the targeted victim does business. The sender is attempting to trick the recipient into revealing confidential information by getting the victim to visit the phisher’s website. Note the misspelling of the words “received” and “discrepancy” as recieved and discrepency. Misspellings sometimes are indications of a phishing attack. Also note that although the URL of the bank’s webpage appears to be legitimate, the hyperlink would actually take you to the phisher’s webpage, which would be altogether different from the URL displayed in the message.

By Andrew Levine – en:Image:PhishingTrustedBank.png, Public Domain, https://commons.wikimedia.org/w/index.php?curid=549747

Top ten ways to protect yourself against phishing attacks

  1. Always think twice when presented with a link in any kind of email or message before you click on it. Ask yourself whether the sender would ask you to do what it is requesting. Most banks and reputable service providers won’t ask you to reveal your account information or password via email. If in doubt, don’t use the link in the message and instead open a new webpage and go directly to the known website of the organization. Sign in to the site in the normal manner to verify that the request is legitimate.
  2. A good precaution is to always hover over a link before clicking on it and observe the status line in your browser to verify that the link in the text and the destination link are in fact the same.
  3. Phishers are clever, and they’re getting better all the time, and you might be fooled by a simple ruse to make you think the link is one you recognize. Links can have hard-to-detect misspellings that would result in visiting a site very different than what you expected.
  4. Be wary even of emails and message from people you know. It’s very easy to spoof an email so it appears to come from someone you know, or to create a URL that appears to be legitimate, but isn’t.

For example, let’s say that you work for roughmedia.com and you get an email from Chuck in accounting ([email protected]) that has an attachment for you, perhaps a company form you need to fill out. You likely wouldn’t notice in the sender address that the phisher has replaced the “m” in media with an “r” and an “n” that look very much like an “m.” You think it’s good old Chuck in finance and it’s actually someone “phishing” for you to open the attachment and infect your computer. This type of attack is known as “spear phishing” because it’s targeted at a specific individual and is using social engineering—specifically familiarity with the sender—as part of the scheme to fool you into trusting the attachment. This technique is by far the most successful on the internet today. (This example is based on Gimlet Media’s Reply All Podcast Episode, “What Kind of Idiot Gets Phished?“)

  1. Use anti-malware software, but don’t rely on it to catch all attacks. Phishers change their approach often to keep ahead of the software attack detectors.
  2. If you are asked to enter any valuable information, only do so if you’re on a secure connection. Look for the “https” prefix before the site URL, indicating the site is employing SSL (Secure Socket Layer). If there is no “s” after “http,” it’s best not to enter any confidential information.
By Fabio Lanari – Internet1.jpg by Rock1997 modified., GFDL, https://commons.wikimedia.org/w/index.php?curid=20995390
  1. Avoid logging in to online banks and similar services via public Wi-Fi networks. Criminals can compromise open networks with man-in-the-middle attacks that capture your information or spoof website addresses over the connection and redirect you to a fake page they control.
  2. Email, instant messaging, and gaming social channels are all possible vehicles to deliver phishing attacks, so be vigilant!
  3. Lay the foundation for a good defense by choosing reputable tech vendors and service providers that respect your privacy and take steps to protect your data. At Backblaze, we have full-time security teams constantly looking for ways to improve our security.
  4. When it is available, always take advantage of multi-factor verification to protect your accounts. The standard categories used for authentication are 1) something you know (e.g. your username and password), 2) something you are (e.g. your fingerprint or retina pattern), and 3) something you have (e.g. an authenticator app on your smartphone). An account that allows only a single factor for authentication is more susceptible to hacking than one that supports multiple factors. Backblaze supports multi-factor authentication to protect customer accounts.

Be a good internet citizen, and help reduce phishing and other malware attacks by notifying the organization being impersonated in the phishing attempt, or by forwarding suspicious messages to the Federal Trade Commission at [email protected]. Some email clients and services, such as Microsoft Outlook and Google Gmail, give you the ability to easily report suspicious emails. Phishing emails misrepresenting Apple can be reported to [email protected].

Backing up your data is an important part of a strong defense against phishing and other malware

The best way to avoid becoming a victim is to be vigilant against suspicious messages and emails, but also to assume that no matter what you do, it is very possible that your system will be compromised. Even the most sophisticated and tech-savvy of us can be ensnared if we are tired, in a rush, or just unfamiliar with the latest methods hackers are using. Remember that hackers are working full-time on ways to fool us, so it’s very difficult to keep ahead of them.

The best defense is to make sure that any data that could compromised by hackers—basically all of the data that is reachable via your computer—is not your only copy. You do that by maintaining an active and reliable backup strategy.

Files that are backed up to cloud storage, such as with Backblaze, are not vulnerable to attacks on your local computer in the way that local files, attached drives, network drives, or sync services like Dropbox that have local directories on your computer are.

In the event that your computer is compromised and your files are lost or encrypted, you can recover your files if you have a cloud backup that is beyond the reach of attacks on your computer.

The post Top Ten Ways to Protect Yourself Against Phishing Attacks appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

The Terrible Horrors of ‘Kodi Boxes’ Shock The UK

Post Syndicated from Andy original https://torrentfreak.com/the-terrible-horrors-of-kodi-boxes-shock-the-uk-170702/

In the beginning, we were told that Kodi Boxes are probably going to destroy Hollywood, not to mention companies like Sky and The Premier League. But who cares about the big people in suits drinking champagne from gold swimming pools?

No, what the unwashed masses need to hear are stories that make us realize that these little plastic wonder boxes are going to ruin our miserable lives. Luckily, they’ve been appearing thick and fast this past couple of weeks.

It turns out that Kodi Boxes are not only likely to burn your house down, but they’re also part of a master plan to pick away at the delicate threads holding family life together.

Forget about the piracy, that doesn’t matter. The powers that be need you to understand that Kodi Boxes are Trojan horses of misery that people are willingly bringing in to their own homes. Can you believe people are being so stupid?

According to an article in this week’s The Mirror, for example, kids’ movies spewed out by these evil devices are now being interrupted by adverts for alcohol. Well, it makes a change from seeing Phil Mitchell smashed out of his mind at 8pm on BBC1, doesn’t it?

At the same time, Kodi Boxes are straining relationships between father and son, not to mention subjecting unsuspecting parents to malware threats. They include scams purporting to be from the ‘FBI’ which demand money for using Popcorn Time inside Kodi. The world truly has gone mad.

Of course, if only one person sees this nonsense it’s too much, and The Mirror piece is quite rightly filled with quotes from real people who gave up piracy as a result of their bad experiences. It also has plenty of useful advice from the UK’s leading anti-piracy outfit, as you’d expect.

Intrigued, we decided to carry out our own research among a handful of the millions of maniacs who are still prepared to plug one of these death devices into their UK mains supply. And we were shocked – not by a dodgy power adaptor from China – but by the huge numbers of other problems these Kodi Boxes can foist upon the honest working man.

A user called Neil told us that he’d bought a Kodi Box off eBay after hearing all the hype in the media. His plan was to watch Premier League football without paying a penny. However, instead of scooping up that forbidden 3pm kick-off excitement, all it did was ruin his enjoyment of the beautiful game.

“I’d been out drinking all day with the lads. I was proper, proper smashed. I got home and shoved the thing into the nearest telly to watch Liverpool versus Manchester United and although I felt really sick, couldn’t focus on the screen, and soon fell unconscious, I think the picture wasn’t too bad,” he said.

“I don’t think I saw that wheel thing spinning in the middle of the screen and everything stopping either, which is a big plus for me on a free box. And to top it all, Liverpool beat United 2:1, which was a real bonus.

“However, when discussing the game the next day with my dad who watched the game on Sky with a proper subscription, I was horrified to learn that Manchester United actually won the game 3:0 – against Arsenal! It just goes to show, you get what you pay for. My box is now where it should have been all along – in the bin.”

A man called Rich told us that he’d also heard good things about Kodi Boxes but was really upset after being completely misled by the person who sold him one.

“I used to be a subscriber to Sky’s top package, including those fifty channels nobody watches but they force you to have. I also forked out for all their boxing PPVs that come on at stupid o’clock in the morning, and bought several blu-ray discs each time I got paid. All in all I must’ve spent £140 a month.

“So, when a bloke down the pub who I’ve never met before told me that I could legally get the same stuff for free using a Kodi Box, I immediately believed him. I mean, what reasonable bloke wouldn’t? He had just one left as well, how lucky was that?”

But it didn’t take long for Rich’s enthusiasm to wane. The thought of owning a potential incendiary device filled with content provided by a Russian crime syndicate and funded by Columbian drug barons was too much.

“I watched a couple of films on it without my house burning down, but then I started reading horror stories in the paper about these boxes shoving drinks adverts in our kids’ faces,” he told us.

“Enough was enough. After being lied to by the seller the thought of my kids demanding toys and beer for Christmas was just too much, it just wasn’t worth the risk. So I went straight back to giving Sky over a grand a year and life’s never been better.”

Kodi Box user Peter told us that he could really relate to warnings published in the papers this week that set-top box users had been hit with popups demanding their bank details.

“I was hoping to watch the big fight last weekend but it only came on for a few minutes and then suddenly went off,” he explained. “Then a notice appeared telling me to ring a number with my credit card details. Well, I’d heard about these ransomware attacks and I wasn’t going to fall for that old trick.

“However, imagine my surprise when I realized that I’d accidentally put on my official satellite box instead of Kodi, and the message was actually from my pay-per-view provider. Just goes to show, everybody wants your money these days, and these crooks can rope you in for years, and make it really hard to cancel.”

Another chap called James told us that he never considered getting a Kodi Box until he saw an article in a UK tabloid explaining how Kodi Boxes pose a risk for families with children.

“The article quoted some anti-piracy company. They said that parents don’t realize that Kodi Boxes allow easy access to hardcore pornography. And it’s true, I had no idea,” James said.

“But I live alone, so I wasted no time buying one off eBay. I’m watching it in the shed with a fire extinguisher in the other hand, just to be safe.”

But while James clearly has his hands full, our last user is much less satisfied.

Sue told us that she was assured her Kodi box was a miracle device with endless uses. However, after its addons recently stopped working she decided to test the claim by sliding the failing unit under the leg of a wobbly table. It soon became clear the hardware had been massively oversold.

“They say these boxes can do anything but mine clearly wasn’t fit for purpose. It was way too thick so when I put it under the leg, the table sat at a really steep angle. If anything, it was more unstable than it was before.

“I dread to think what could’ve happened if I’d put a pot of boiling oil on it next to the baby. No wonder health and safety are up in arms.”

Tune in next week when we reveal how Kodi Boxes can cause unsightly hair growth and unwanted pregnancies.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Yet more reasons to disagree with experts on nPetya

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/07/yet-more-reasons-to-disagree-with.html

In WW II, they looked at planes returning from bombing missions that were shot full of holes. Their natural conclusion was to add more armor to the sections that were damaged, to protect them in the future. But wait, said the statisticians. The original damage is likely spread evenly across the plane. Damage on returning planes indicates where they could damage and still return. The undamaged areas are where they were hit and couldn’t return. Thus, it’s the undamaged areas you need to protect.

This is called survivorship bias.
Many experts are making the same mistake with regards to the nPetya ransomware. 
I hate to point this out, because they are all experts I admire and respect, especially @MalwareJake, but it’s still an error. An example is this tweet:
The context of this tweet is the discussion of why nPetya was well written with regards to spreading, but full of bugs with regards to collecting on the ransom. The conclusion therefore that it wasn’t intended to be ransomware, but was intended to simply be a “wiper”, to cause destruction.
But this is just survivorship bias. If nPetya had been written the other way, with excellent ransomware features and poor spreading, we would not now be talking about it. Even that initial seeding with the trojaned MeDoc update wouldn’t have spread it far enough.
In other words, all malware samples we get are good at spreading, either on their own, or because the creator did a good job seeding them. It’s because we never see the ones that didn’t spread.
With regards to nPetya, a lot of experts are making this claim. Since it spread so well, but had hopelessly crippled ransomware features, that must have been the intent all along. Yet, as we see from survivorship bias, none of us would’ve seen nPetya had it not been for the spreading feature.

NonPetya: no evidence it was a "smokescreen"

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/06/nonpetya-no-evidence-it-was-smokescreen.html

Many well-regarded experts claim that the not-Petya ransomware wasn’t “ransomware” at all, but a “wiper” whose goal was to destroy files, without any intent at letting victims recover their files. I want to point out that there is no real evidence of this.

Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.

But these things aren’t evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.

The simplest, Occam’s Razor explanation explanation is that they were simple mistakes. Such mistakes are common among ransomware. We think of virus writers as professional software developers who thoroughly test their code. Decades of evidence show the opposite, that such software is of poor quality with shockingly bad bugs.

It’s true that effectively, nPetya is a wiper. Matthieu Suiche‏ does a great job describing one flaw that prevents it working. @hasherezade does a great job explaining another flaw.  But best explanation isn’t that this is intentional. Even if these bugs didn’t exist, it’d still be a wiper if the perpetrators simply ignored the decryption requests. They need not intentionally make the decryption fail.

Thus, the simpler explanation is that it’s simply a bug. Ransomware authors test the bits they care about, and test less well the bits they don’t. It’s quite plausible to believe that just before shipping the code, they’d add a few extra features, and forget to regression test the entire suite. I mean, I do that all the time with my code.

Some have pointed to the sophistication of the code as proof that such simple errors are unlikely. This isn’t true. While it’s more sophisticated than WannaCry, it’s about average for the current state-of-the-art for ransomware in general. What people think of, such the Petya base, or using PsExec to spread throughout a Windows domain, is already at least a year old.

Indeed, the use of PsExec itself is a bit clumsy, when the code for doing the same thing is already public. It’s just a few calls to basic Windows networking APIs. A sophisticated virus would do this itself, rather than clumsily use PsExec.

Infamy doesn’t mean skill. People keep making the mistake that the more widespread something is in the news, the more skill, the more of a “conspiracy” there must be behind it. This is not true. Virus/worm writers often do newsworthy things by accident. Indeed, the history of worms, starting with the Morris Worm, has been things running out of control more than the author’s expectations.

What makes nPetya newsworthy isn’t the EternalBlue exploit or the wiper feature. Instead, the creators got lucky with MeDoc. The software is used by every major organization in the Ukraine, and at the same time, their website was horribly insecure — laughably insecure. Furthermore, it’s autoupdate feature didn’t check cryptographic signatures. No hacker can plan for this level of widespread incompetence — it’s just extreme luck.

Thus, the effect of bumbling around is something that hit the Ukraine pretty hard, but it’s not necessarily the intent of the creators. It’s like how the Slammer worm hit South Korea pretty hard, or how the Witty worm hit the DoD pretty hard. These things look “targeted”, especially to the victims, but it was by pure chance (provably so, in the case of Witty).

Certainly, MeDoc was targeted. But then, targeting a single organization is the norm for ransomware. They have to do it that way, giving each target a different Bitcoin address for payment. That it then spread to the entire Ukraine, and further, is the sort of thing that typically surprises worm writers.

Finally, there’s little reason to believe that there needs to be a “smokescreen”. Russian hackers are targeting the Ukraine all the time. Whether Russian hackers are to blame for “ransomware” vs. “wiper” makes little difference.

Conclusion

We know that Russian hackers are constantly targeting the Ukraine. Therefore, the theory that this was nPetya’s goal all along, to destroy Ukraines computers, is a good one.

Yet, there’s no actual “evidence” of this. nPetya’s issues are just as easily explained by normal software bugs. The smokescreen isn’t needed. The boot record bug isn’t needed. The single email address that was shutdown isn’t significant, since half of all ransomware uses the same technique.

The experts who disagree with me are really smart/experienced people who you should generally trust. It’s just that I can’t see their evidence.

Update: I wrote another blogpost about “survivorship bias“, refuting the claim by many experts talking about the sophistication of the spreading feature.


Update: comment asks “why is there no Internet spreading code?”. The answer is “I don’t know”, but unanswerable questions aren’t evidence of a conspiracy. “What aren’t there any stars in the background?” isn’t proof the moon landings are fake, such because you can’t answer the question. One guess is that you never want ransomware to spread that far, until you’ve figured out how to get payment from so many people.

NotPetya Ransomeware Wreaking Havoc

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/0IfKiBP5jIo/

The latest splash has been made by the Petya or NotPetya Ransomware that exploded in Ukraine and is infecting companies all over the World. It’s getting some people in deep trouble as there’s no way to recover the files once encrypted. The malware seems to be trying to hide it’s intent as it doesn’t really […]

The post NotPetya Ransomeware…

Read the full post at darknet.org.uk

South Korean Webhost Nayana Pays USD1 Million Ransom

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/jTy5T4S7TZQ/

So far this Nayana payout is the biggest ransomware payment I’ve seen reported, there’s probably some bigger ones been paid but kept undercover. Certainly a good deal for the bad actors in this play, and well using an outdated Kernel along with PHP and Apache versions from 2006 you can’t feel too sorry for Nayana. […]

The post South Korean…

Read the full post at darknet.org.uk