Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/09/notpetya_1.html
Wired has a long article on NotPetya.
EDITED TO ADD (9/12): Another good article on NotPetya.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/09/notpetya_1.html
Wired has a long article on NotPetya.
EDITED TO ADD (9/12): Another good article on NotPetya.
Post Syndicated from Andy original https://torrentfreak.com/search-engines-given-six-hours-to-delete-pirate-links-under-new-law-190903/
Copyright holders who want unlicensed copies of their material removed from online platforms are able to file requests under various laws in the United States and EU, for example.
Search engines such as Google also comply with such requests to remove links from their indexes, often doing so quickly, in many cases just a matter of hours. In Russia, however, removing links from search engines has proven problematic until a war of words in 2018 boiled over into an agreement between major entertainment companies and rights holders.
The memorandum saw companies like Yandex and other search providers agree to interface with a centralized database of allegedly-infringing content to take down links to content quickly. The voluntary agreement wasn’t part of Russian law but work has been going on to formalize its terms.
Local news outlet Vedomosti reports that is has been able to review the text of proposed amendments to copyright law, which the publication says are the result of negotiations between the largest TV companies, streaming providers (generically ‘online cinemas’), as well as Yandex and Mail.ru Group.
Overseen by telecoms watchdog Roscomnadzor, the amendments are an attempt to plug perceived holes in existing legislation. It’s currently possible to have ‘pirate’ web pages blocked quickly using the Moscow Court but the only deletions of specific URLs from search engines thus far have been voluntary ones, carried out under the memorandum.
The amendments will allow copyright holders to force search engines to delete allegedly-infringing links from their indexes without going to court, and within an extremely tight timeframe of six hours from notification.
According to local sources, copyright holders will be able to hire Roscomnadzor-approved companies to maintain databases of allegedly-infringing content on their behalf. There will not be any limit placed on the number of registries in use, as long as the authorities approve them.
Once these registries have been established, search engines will be required to interface with them within 10 days to obtain the details of allegedly infringing content. From the moment new content is registered, search companies will have to delete the corresponding entries from their indexes within six hours. Registries will have to be queried every five minutes.
It appears that after months of struggling with the details, the amendments to the law have now been completed are being sent to the presidential administration. From there they will be transferred to the State Duma’s Information Policy Committee for additional work before being submitted to parliament.
The chairman of the committee, Leonid Levin, confirmed he would receive the texts of the amendments in the coming days but added no further detail. It remains unclear whether a rightsholders’ request to have entire domains delisted from search results is still being entertained.
In common with many similar initiatives, this one has taken longer than expected. The draft anti-piracy amendments should’ve been submitted to the State Duma before the end of August because the clock was ticking on the terms of the voluntary memorandum, which according to the official timetable ran out September 1, 2019.
However, it was previously agreed that the parties involved would extend the memorandum beyond that date while the amendments are pushed through into law.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/08/the_threat_of_f.html
Post Syndicated from Andy original https://torrentfreak.com/man-tried-to-burn-down-telecoms-watchdog-to-avenge-pirate-site-blocking-190817/
While copyright holders and many governments see site-blocking as a reasoned and measured response to copyright infringement, some people view it as overkill.
People should be able to access whatever content they want without rich corporations deciding what should and should not appear on computer screens, the argument goes.
For former student Pavel Kopylov, blocking of pirate sites in Russia has gone too far. So, to make his displeasure obvious to Roscomnadzor, the government entity responsible for carrying it out, last year he attempted to burn one of its offices down – three times.
On April 2, 2018, reportedly dissatisfied that his favorite torrent tracker had been blocked, Kopylov went to the local offices of Roscomnadzor,
smashed a window, and threw a bottle of flammable liquid inside together with a burning match. The attempt was a failure – the fire didn’t ignite and a guard was alerted by the noise.
Almost two weeks later, Kopylov returned for a second try. This time a fire did ensue but it was put out, without causing catastrophic damage. A third attempt, on May 9, 2018, ended in complete failure, with a guard catching the would-be arsonist before he could carry out his plan.
Nevertheless, the prosecutor’s office saw the attacks as an attempt to destroy Roscomnadzor’s property by arson, an offense carrying a penalty of up to five years in prison. The prosecution sought two years but in the end, had to settle for considerably less.
Interfax reports that a court in the Ulyanovsk region has now sentenced the man for repeatedly trying to burn down Roscomnadzor’s regional office. He received 18 months probation but the prosecution intends to appeal, describing the sentence as excessively lenient.
Post Syndicated from Andy original https://torrentfreak.com/legal-movie-sites-could-get-special-tag-in-search-results-to-deter-piracy-190731/
While many pirate site users already know the direct URLs of their favorite free movie resources, entertainment industry groups feel that search engines still play a key role in unlicensed content discovery.
As a result, anti-piracy companies are continuously tasked with having allegedly-infringing results removed from search results offered by companies such as Google, in an effort to minimize traffic to pirate sites.
In Russia, which is rapidly emerging as world-leader in anti-piracy strategies, the government now wants to take things a step further by modifying search results to include a ‘tag’ or marker that clearly identifies legal video platforms.
According to local news outlet Vedomosti, the proposal forms part of an amendment to copyright law penned by Russia’s Ministry of Culture.
“We expect that in this way users will make a more informed choice not in favor of pirates, but in favor of legal platforms,” says Olga Lyubimova, director of the cinematography department of the Ministry of Culture.
While having a gold star or similar marker next to a site’s listing may help users to better identify legal offerings, the government isn’t planning to hand out endorsements on a whim. Movie and TV companies want to get a better idea of what content is being viewed and in what volumes. As a result, sites to be considered for preferential marking will have to give something back.
Russian cinemas are already required to report data on all tickets sold but there is no equivalent for online viewing resources, leaving production companies to complain that they need more information. The current proposals would require legal online providers to provide such data to content companies and the government.
If they do not, it’s suggested they could be declared illegal with various repercussions, not least the inability to be highlighted in search results as a legitimate provider.
The proposal to highlight legal platforms in search results is in addition to a ground-breaking agreement reached in Moscow last year. Signed by major rightsholders, Internet companies, and search providers, the pact sees Internet platforms query a centralized database of infringing content to ensure that none of it is presented on their platforms.
It’s expected to be written into law but in common with the search tagging proposal, the precise details are still being hammered out.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/07/hackers_expose_.html
More nation-state activity in cyberspace, this time from Russia:
Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects since 2009 for FSB unit 71330 and for fellow contractor Quantum. Projects include:
- Nautilus — a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn).
- Nautilus-S — a project for deanonymizing Tor traffic with the help of rogue Tor servers.
- Reward — a project to covertly penetrate P2P networks, like the one used for torrents.
- Mentor — a project to monitor and search email communications on the servers of Russian companies.
- Hope — a project to investigate the topology of the Russian internet and how it connects to other countries’ network.
- Tax-3 — a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state’s IT networks.
BBC Russia, who received the full trove of documents, claims there were other older projects for researching other network protocols such as Jabber (instant messaging), ED2K (eDonkey), and OpenFT (enterprise file transfer).
Other files posted on the Digital Revolution Twitter account claimed that the FSB was also tracking students and pensioners.
Post Syndicated from Andy original https://torrentfreak.com/google-fined-again-for-not-removing-banned-sites-from-search-results-190720/
In order to control what kind of information its citizens have access to online, Russia operates an Internet ‘blacklist’.
Known locally as FGIS (Unified Register of Prohibited Information), the database contains the domains of thousands of sites containing anything from extremist material to pirated copies of movies and TV shows.
Major online technology platforms are expected to interface with FGIS to ensure they receive up-to-date information on which sites are forbidden in Russia. In the case of search engines, the database provides details on which sites should be removed from search results.
After failing to connect its systems to the FGIS and deindexing sites as required, last December Google was fined by Russian authorities. That was followed by threats from local telecoms watch Roscomnadzor early 2019 that the US-based company could be fined again for non-compliance, as well as facing a potential block itself.
In February 2019 it was reported that Google was finally playing ball and everything was running more smoothly. However, that appears not have been the case. According to an announcement published this week by Roscomnadzor, Google has been fined again.
“The company has not complied with the requirements of the law..[..]..by excluding from search results links to Internet resources with illegal information, access to which is restricted in Russia,” Roscomndazor said.
“The control event recorded that Google carries out selective filtering of search results – more than a third of the links from a single registry of prohibited information are still preserved in its search results.”
Explaining that Google has been told repeatedly of the legal requirements in Russia, the watchdog revealed that the fine handed down was 700,000 rubles – just US$11,098 – a drop in the ocean as far as Google is concerned.
Digital rights group Roscomsvoboda reports that in April 2019, Google had removed 80% of the specified banned content from its search results. However, data covering the period ending May, for which the fine was levied, showed that removal levels had fallen to 67.5%.
Last month, when Google learned that it was in line for another fine after a warning from Roscomnadzor, the company expressed surprise.
“We have not changed anything. A couple of months ago we agreed that we will not connect to the registry of banned sites and will not blindly delete anything, but consider requests to delete content, and where it meets the requirements, we remove content from the Russian service,” a spokesperson said.
“We do not understand why Roscomnadzor is talking about a new case or where they get these figures from.”
Whether Google will eventually connect to the FGIS isn’t clear. It currently receives a daily list of sites to be blocked and acts on those as it sees fit. Only time will tell whether that will be enough for Roscomndazor moving forward.
Post Syndicated from Andy original https://torrentfreak.com/kaspersky-vpn-now-blocks-pirate-sites-in-russia-190703/
In order to prevent citizens from accessing objectionable content, from pirate sites through to extremist material, Russia operates a national blacklist.
This centralized database of domains, known locally as FGIS (Federal State Information System), is checked by Internet service providers which then block their subscribers from accessing forbidden sites. Of course, services like VPNs, Tor and various anonymizers, are able to circumvent these measures, a point not lost on the authorities.
In 2017, a new bill was signed into law aiming to close the loophole. As a result, if tools with the ability to circumvent the blacklist don’t play ball by respecting its contents, they also face being blocked by ISPs.
This proposal came to head earlier this year when telecoms watchdog Roscomnadzor wrote to several major VPN providers – NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN – demanding compliance.
The VPN services above were given 30 days to respond but most either ignored or flat-out rejected the demands. Only Russia-based Kaspersky offered to cooperate and it now appears the security company is censoring websites as ordered.
According to digital rights group Roskomsvoboda, Kaspersky is now fully respecting the contents of the FGIS database and actively blocking domains, including the many ‘pirate’ sites that are permanently blocked in Russia after repeatedly failing to respond to copyright complaints.
Citing tests carried out by various users of Kaspersky Secure Connection, the group says that attempts to access banned domains now result in a warning that the material is inaccessible via the service.
Users of Kaspersky’s mobile application are reportedly less-well-informed. Rather than the blocking page above which appears in desktop-based browsers, users are greeted with an ‘ERR CONNECTION RESET’ message when they attempt to access a ‘banned’ site.
It’s unclear whether Kaspersky decided to comply simply because it’s based in Russia or whether being blocked itself would be a step too far for the company. It’s likely that both played a role but fresh news coming out of the country suggests that earlier claims that non-compliant VPN providers would be blocked themselves may have been a little premature.
At the start of June, telecoms watchdog Roscomnadzor indicated that the blocking of nine previously-contacted VPN providers was imminent but now, less than a month later, authorities might be pulling back from the brink.
“We have the right to block VPN services that do not comply with the law, but there is no obligation to do so at any specific time,” said the head of Roskomnadzor, Alexander Zharov.
“There are nine services that do not execute the law. We may wait for fines under a new law. We are not ready to discuss a specific plan for our actions.”
Last week, Library Genesis (Libgen), a huge online repository of free books and academic articles, became the latest ‘pirate’ addition to Russia’s national blacklist.
Following a lawsuit filed by Springer Nature in 2018, the platform has now been labeled a repeat infringer, meaning that the domains libgen.io and lgmag.org are now permanently blocked by the country’s ISPs.
Post Syndicated from Andy original https://torrentfreak.com/rightsholders-want-to-completely-delist-pirate-domains-from-search-results-190621/
The anti-piracy wars are fought on many fronts, from plugging leaks to issuing millions of takedown notices to both sites and search engines.
Despite no deliberate role in piracy, the latter are often described as facilitators of piracy who could do more, by making pirate sites less visible in search results, for example.
While companies like Google have taken such steps both voluntarily (UK) and in response to legal requirements (Australia 1,2), rightsholders would like more. In Russia, where new anti-piracy legislation is currently being debated, there’s an opportunity to set the standard.
Last year, several rightsholders and Internet platforms signed a memorandum of understanding which set out a basic framework for cooperation moving forward. The terms of that agreement are now the subject of negotiations before being turned into law sometime in the next few months.
During a closed-door meeting this week, held at telecoms watchdog Roscomnadzor and reported by a Kommersant source, rightsholders set out new tough demands. In order to limit traffic being sent to pirate sites by search engines, they want companies like Yandex (and ultimately Google) to completely delist ‘pirate’ domains from search results.
Under the current terms of the memorandum, signatory companies delist search results (typically URLs) when they appear in a centralized database populated with links provided by content companies and their anti-piracy partners. The new proposals demand that sites considered as repeat infringers should disappear altogether.
Alexei Byrdin, General Director of the Internet Video Association, said that his group had identified a number of measures taken by pirate sites to limit the effectiveness of current measures. This means a more aggressive approach is needed.
“Our response is a draft rule on the removal of the entire domain of a site that systematically violates copyrights [from search results],” he told Kommersant.
While not all sites that receive multiple complaints will be affected (social networks and video hosting platforms would be excluded, for example), Internet companies are said to be opposed to the proposals. Among them Yandex, Russia’s largest search engine.
“It is necessary that any measures that entail inaccessibility to users of entire sites are based on a court decision. We are sure that such a solution will be found,” the company’s press office commented.
Channel One, the National Media Group, Gazprom-Media, the Internet Video Association, the Association of Film and Television Producers, Yandex, Rambler Group, Mail.Ru Group, vKontakte, and RuTube, are all signatories of the current memorandum.
The framework is set to expire on September 1, 2019, but could be extended if consensus isn’t reached by that date. However, aside from the deletion of entire domains from search results, it’s reported that the parties are largely in agreement, meaning that Russia is on course to expand its anti-piracy laws significantly, once again.
Post Syndicated from Andy original https://torrentfreak.com/russia-says-it-will-soon-begin-blocking-major-vpns/
When it comes to site-blocking, Russia is one of the most aggressive countries in the world.
Thousands of pirate sites are blocked on copyright grounds while others are restricted for containing various types of “banned information”, such as extremist material.
The domains of these platforms are contained in a national blacklist. Service providers of many types are required to interface with this database, in order to block sites from being accessible via their systems. This includes VPN providers, particular those that ordinarily provide censorship workarounds.
Back in March, telecoms watchdog Roscomnadzor wrote to ten major VPN providers – NordVPN, ExpressVPN, TorGuard, IPVanish, VPN Unlimited, VyprVPN, Kaspersky Secure Connection, HideMyAss!, Hola VPN, and OpenVPN – ordering them to connect to the database. Many did not want to play ball.
NordVPN, for example, flat-out refused to comply, stating that doing so would violate service agreements made with its customers. IPVanish also rejected any censorship, as did VPN Unlimited, VyprVPN and OpenVPN.
The VPN services in question were given a limited time to respond (30 days) but according to Roscomnadzor, most are digging in their heels. In fact, of the companies contacted with the demands, only one has agreed to the watchdog’s terms.
“We sent out ten notifications to VPNs. Only one of them – Kaspersky Secure Connection – connected to the registry,” Roscomnadzor chief Alexander Zharov informs Interfax.
“All the others did not answer, moreover, they wrote on their websites that they would not comply with Russian law. And the law says unequivocally if the company refuses to comply with the law – it should be blocked.”
And it appears that Roscomnadzor is prepared to carry through with its threat. When questioned on the timeline for blocking, Zharov said that the matter could be closed within a month.
If that happens, the non-compliant providers will themselves be placed on the country’s blacklist (known locally as FGIS), meaning that local ISPs will have to prevent their users from accessing them. It is not yet clear whether that means their web presences, their VPN servers, or both.
In the case of the latter, it’s currently unclear whether there will be a battle or not. TorGuard has already pulled its servers out of Russia and ExpressVPN currently lists no servers in the country. The same is true for OpenVPN although VyprVPN still lists servers in Moscow, as does HideMyAss.
Even if Roscomnadzor is successful in blocking any or all of the non-compliant services, there are still dozens more to choose from, a fact acknowledged by Zharov.
“These ten VPNs do not exhaust the entire list of proxy programs available to our citizens. I don’t think there will be a tragedy if they are blocked, although I feel very sorry about it,” Zharov concludes.
Post Syndicated from Andy original https://torrentfreak.com/pirate-cam-king-1xbet-becomes-russias-3rd-largest-online-advertiser-190604/
Since 2018, it’s likely that Internet users searching for the latest pirate ‘cam’ copies of Hollywood movies will have been exposed to the brand 1XBET.
1XBET is an online gambling company based in Russia that currently has more than 140 of its URLs blocked by the Russian government after being declared illegal. However, it is still managing to attract eyeballs all around the world via online advertising, including via ads placed in pirated copies of movies.
In a TF report published last month, we covered some of the activities being associated with the company, along with thoughts from local anti-piracy sources. Interestingly, 1XBET is now making headlines in Russia for being one of the most prolific online advertisers in the entire region.
The information comes from a new study, published by research company Mediascope, ranking the companies that placed the greatest volume of advertising online in Russia during the first quarter of 2019.
At the top of the pile with 3.3% market share is Google, which doesn’t comes as a huge surprise. The search giant is followed by PepsiCo in second position with 3.1%. In a remarkable third place sits 1XBET, with a significant 2.4% of the market.
To give some perspective, food giant Danone claims 2.3% of the market while Universal Pictures Russia has even less with 1.9%.
What makes this achievement even more bewildering is that last year, another ‘sponsor’ of piracy releases was also making headlines for similar reasons.
Azino 777, another gambling company closely connected to ‘pirate’ releases, previously took the top spot for advertising online in Russia with 6.7% of the market. This year the company was ranked just 60th. It’s believed that the anti-piracy memorandum signed last year is at least partly responsible for the decline since participants are able to delete ‘pirate’ sites from search results.
Mediascope data published by local news outlet RBC shows that during the first quarter of 2018, researchers found Azino 777 adverts on 670 sites but during the same period in 2019, that had fallen to just 143. Additionally, the volume of ad impressions for Azino 777 in videos delivered via Yandex’s video service was 11 times smaller during the same period.
Russia’s Internet Video Association, which represents legal online video operators, has been filing complaints with telecoms watchdog Roscomnadzor against sites where Azino 777 ads can be viewed. Of around 500 complaints filed in 2019, around half – which include streaming sites and torrent indexes – have been blocked.
But despite the progress against Azino 777, the job still isn’t finished. The rise of 1XBET indicates there are still problems with gambling advertising connected with piracy.
“This indirectly indicates that piracy is still flourishing,” Maxim Ryabyko, director general of the Association for the Protection of Copyright on the Internet, told RBC.
According to Mediascope, in the first quarter of 2018, 1XBET ads appeared on 59 sites that were monitored. In the same period during 2019, that had risen to 447. In addition, advertising on Yandex video players grew 27 times over the volumes observed during the first three months of 2018.
During the past week alone, 1XBET-branded ‘cams’ have continued to hit the Internet. Among them copies of Ma, Rocketman, and Godzilla: King of the Monsters. 1XBET and/or its affiliates are clearly not yet done with their mission to grab the eyes and wallets of pirate consumers, in Russia and around the world.
Post Syndicated from Andy original https://torrentfreak.com/media-telecoms-companies-reveal-self-learning-anti-piracy-system-190529/
Last November, major media and tech companies in Russia signed a landmark memorandum in order to tackle the rise of pirated content on the Internet.
Central to the agreement was the creation of a database populated with links to material deemed copyright-infringing by entertainment industry groups
Operators of search platforms agreed to query the database every five minutes and then, within six hours, remove links to the content from their search results. The same applies to sites that actually host content, such as Yandex.video and RuTube, for example.
Population of the database got quickly underway and according to the Media Communication Union (MKC), which represents the interests of major media and telecoms companies, now contains around 300,000 links. However, the companies involved feel that the system can be much improved with the addition of custom software.
To that end, this week the MKC revealed that it has begun testing a new anti-piracy system that will allow content to be added to the database more quickly and efficiently. The tool not only allows URLs to be entered manually but also accepts input from “specialized search systems” that are able to identify illegal content.
“An automated solution based on specially trained neural networks is used to analyze the content of sites specified in the rights holders’ reports,” MKC announced.
MKC says that manual testing is also used in a number of cases, with the results being sent to the neural network for “additional training.” As the project develops, the aim is to require the intervention of human operators on much fewer occasions.
“A modern software solution based on self-learning systems will significantly increase the effectiveness of the fight against Internet piracy and will further increase the consumption of legal video services,” said MKS President Mikhail Demin.
An almost fully-automated anti-piracy seems like a big ask, particularly when machines are often blamed for erroneous takedowns. However, for the head of Russian telecoms watchdog Roskomndazor, removing humans from the equation where possible will make the system more effective.
“This is a significant event for both sides of the Memorandum,” Alexander Zharov says.
“An automated solution for interaction within the framework of the Memorandum will help to increase the reaction times and reduce the risks associated with the ‘human factor’.”
It is not yet clear whether the system under development represents anything drastically new in the anti-piracy space, or whether the “self-learning” component will amount to anything more than scraping allegedly-infringing URLs and then sending these to the registry.
Nevetherless, beta tests are already underway and it’s expected that the finished product will be with rightsholders before the end of July.
The memorandum and supporting technical efforts are currently in operation voluntarily until the terms of the agreement run out November 1, 2019. However, given the level of commitment being shown by the parties involved, it’s expected to continue until the terms of the memorandum can be written into local law.
Post Syndicated from Andy original https://torrentfreak.com/1xbet-the-bizarre-cam-brand-that-movie-pirates-love-to-hate-190526/
For several decades, movie pirates have visited cinemas with cameras to record the latest movies.
In the early 80s, for example, pirate copies of E.T. the Extra-Terrestrial made their way all over the planet, mainly for consumption via VHS and Betamax tapes. The quality was always dire but back then, beggars certainly couldn’t be choosers.
Since the early 2000s, things have changed dramatically. With the advent of high-quality cameras, sometimes operated by near-professional volunteers, the act of ‘camming’ turned into an artform.
Now-defunct groups including Centropy and maVen graced the web with outstandingly good copies of the latest titles, driven in part by a desire to create the best possible products and with them a lasting legacy. If these groups had a voice in 2019, they’d be horrified at the ‘camming’ state of play.
For reasons that appear to be entirely motivated by money, large numbers of cam copies hitting the web today are doing so in a defaced fashion. While studios have been watermarking their content for close to 20 years to defeat piracy, pirates are now disfiguring videos themselves in order to promote big business.
While they are not the only culprit (some streaming sites also carry out the practice), online betting site 1XBET has its brand stamped all over dozens of pirate releases.
Indeed, it seems that most of the big ‘cammed’ movies these days can’t avoid the clutches of 1XBET advertising. From Avengers: Endgame and John Wick 3, to Hellboy and Pokémon Detective Pikachu, 1XBET ‘sponsored’ releases are an incredibly invasive species.
In addition to the kind of watermarks shown above, downloaders of 1XBET-labeled releases are now being ‘treated’ to full-blown ads for the gambling platform in the middle of movies. And there’s no escaping them.
For example, the recent release of ‘Shazam’ doesn’t even get six minutes into the movie before a glaring 30-second advert for the platform kicks in, complete with promo codes in several different languages. If pirates thought that downloading movies from pirate sites was a convenient way to avoid intrusive advertising, 1XBET releases are not a good option.
Dmitry Tyunkin, Deputy Director of Anti-Piracy and Brand Protection at cyber-security firm Group-IB, says that cam watermarking is a cost-effective way to promote the gambling platform.
“1XBET is a gambling company originating from Russia that uses cam copies to advertise itself internationally. The strategy became popular and widespread because it is a relatively cheap way to promote their services – a raw cam copy would cost 300-400 USD, 600-700 USD after editing,” Tyunkin informs TF.
“According to our data, usually those who film cam copies sell them to camcording piracy groups, who offer to integrate the ads to gambling companies, such as 1XBET. [They then upload] the pirated copies to torrent websites, which spread [them] very fast across the Internet with watermarks and ads included in the pirated film.”
Many surprising things have happened in the piracy world over the past couple of decades but this recent phenomenon ranks up there with the most outlandish.
These are pirate releases, of some of Hollywood’s biggest titles, carrying advertising for a multi-million dollar gambling company. Group-IB says 1XBET has been involved in the practice since 2018, primarily targeting developing English-speaking countries, such as India.
But at least as far as we can see, little is being done about it.
Hollywood itself hasn’t made any public statement. The USTR, which ordinarily attempts to protect the interests of US companies, hasn’t complained about the advertising in its piracy reports calling out other nations.
That is puzzling, to say the least. But it’s nothing short of bewildering when one considers that 1XBET is the ‘International Presenting Partner’ of Italy’s ‘Serie A’, a soccer league that has been very vocal about the threats presented by online piracy.
“As part of the agreement, 1xBet will be featured in all match graphics, idents and virtual goal mat advertising across every live Serie A game, on all platforms that are broadcast in the regions covered in the terms of the deal,” a report on the partnership reads.
It’s important to note that there’s no overwhelming evidence available to the general public that 1XBET itself is driving camming ‘sponsorship’ directly. Some have suggested that overenthusiastic affiliates may have taken this upon themselves but it’s so unorthodox that few explanations would come as a surprise.
Either way, it doesn’t just look bad for 1XBET.
The horrible watermarks and intrusive advertising are making many of the big releases look bad when viewed by pirates too. Never in the history of camming have cammed copies of movies been made to look deliberately worse before being uploaded online.
Pirate sites are littered with negative comments in respect of 1XBET ‘releases’. Pirates love getting the movies early but absolutely hate the ads. For now, however, there doesn’t appear to be much of an opportunity to get away from them.
When everything is considered it’s one of the most puzzling developments to come out of the piracy world, not just recently, but ever. The big question is how long it will continue. Until it stops paying off, perhaps.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/visiting_the_ns.html
Yesterday, I visited the NSA. It was Cyber Command’s birthday, but that’s not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT — get it? We have a web page, but it’s badly out of date.)
It was a full day of meetings, all unclassified but under the Chatham House Rule. Gen. Nakasone welcomed us and took questions at the start. Various senior officials spoke with us on a variety of topics, but mostly focused on three areas:
It was all interesting. Those first two topics are ones that I am thinking and writing about, and it was good to hear their perspective. I find that I am much more closely aligned with the NSA about cybersecurity than I am about privacy, which made the meeting much less fraught than it would have been if we were discussing Section 702 of the FISA Amendments Act, Section 215 the USA Freedom Act (up for renewal next year), or any 4th Amendment violations. I don’t think we’re past those issues by any means, but they make up less of what I am working on.
Post Syndicated from Andrew Fitch original https://blog.cloudflare.com/moscow-developers-join-cloudflare-yandex-at-our-meetup/
Are you based in Moscow? Cloudflare is partnering with Yandex to produce a meetup this month in Yandex’s Moscow headquarters. We would love to invite you to join us to learn about the newest in the Internet industry. You’ll join Cloudflare’s users, stakeholders from the tech community, and Engineers and Product Managers from both Cloudflare and Yandex.
Tuesday, May 30, 2019: 18:00 – 22:00
Location: Yandex – Ulitsa L’va Tolstogo, 16, Moskva, Russia, 119021
Talks will include “Performance and scalability at Cloudflare”, “Security at Yandex Cloud”, and “Edge computing”.
Speakers will include Evgeny Sidorov, Information Security Engineer at Yandex, Ivan Babrou, Performance Engineer at Cloudflare, Alex Cruz Farmer, Product Manager for Firewall at Cloudflare, and Olga Skobeleva, Solutions Engineer at Cloudflare.
18:00 – 19:00 – Registration and welcome cocktail
19:00 – 19:10 – Cloudflare overview
19:10 – 19:40 – Performance and scalability at Cloudflare
19:40 – 20:10 – Security at Yandex Cloud
20:10 – 20:40 – Cloudflare security solutions and industry security trends
20:40 – 21:10 – Edge computing
The talks will be followed by food, drinks, and networking.
We’ll hope to meet you soon.
Разработчики, присоединяйтесь к Cloudflare и Яндексу на нашей предстоящей встрече в Москве!
Cloudflare сотрудничает с Яндексом, чтобы организовать мероприятие в этом месяце в штаб-квартире Яндекса. Мы приглашаем вас присоединиться к встрече посвященной новейшим достижениям в интернет-индустрии. На мероприятии соберутся клиенты Cloudflare, профессионалы из технического сообщества, инженеры из Cloudflare и Яндекса.
Вторник, 30 мая: 18:00 – 22:00
Место встречи: Яндекс, улица Льва Толстого, 16, Москва, Россия, 119021
Доклады будут включать себя такие темы как «Решения безопасности Cloudflare и тренды в области безопасности», «Безопасность в Yandex Cloud», “Производительность и масштабируемость в Cloudflare и «Edge computing» от докладчиков из Cloudflare и Яндекса.
Среди докладчиков будут Евгений Сидоров, Заместитель руководителя группы безопасности сервисов в Яндексе, Иван Бобров, Инженер по производительности в Cloudflare, Алекс Круз Фармер, Менеджер продукта Firewall в Cloudflare, и Ольга Скобелева, Инженер по внедрению в Cloudflare.
18:00 – 19:00 – Регистрация, напитки и общение
19:00 – 19:10 – Обзор Cloudflare
19:10 – 19:40 – Производительность и масштабируемость в Cloudflare
19:40 – 20:10 – Решения для обеспечения безопасности в Яндексе
20:10 – 20:40 – Решения безопасности Cloudflare и тренды в области безопасности
20:40 – 21:10 – Примеры Serverless-решений по безопасности
Вслед за презентациям последует общение, еда и напитки.
Ждем встречи с вами!
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/cryptanalyzing_.html
A pair of Russia-designed cryptographic algorithms — the Kuznyechik block cipher and the Streebog hash function — have the same flawed S-box that is almost certainly an intentional backdoor. It’s just not the kind of mistake you make by accident, not in 2014.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/05/leaked_nsa_hack.html
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own cyberweapons seriously into question.
Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way? I don’t think anyone has any idea. But this certainly illustrates how dangerous it is for the NSA — or US Cyber Command — to hoard zero-day vulnerabilities.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/russia_is_testi.html
This is a bad idea:
A second innovation will allow “electronic absentee voting” within voters’ home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital’s city council in September. The details of how the experiment will work are not yet known; the State Duma’s proposal on Internet voting does not include logistical specifics. The Central Election Commission’s reference materials on the matter simply reference “absentee voting, blockchain technology.” When Dmitry Vyatkin, one of the bill’s co-sponsors, attempted to describe how exactly blockchains would be involved in the system, his explanation was entirely disconnected from the actual functions of that technology. A discussion of this new type of voting is planned for an upcoming public forum in Moscow.
Surely the Russians know that online voting is insecure. Could they not care, or do they think the surveillance is worth the risk?
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/cybersecurity_i_2.html
This will complicate things:
To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile or warlike action in time of peace or war” exemption.
I get that $100 million is real money, but the insurance industry needs to figure out how to properly insure commercial networks against this sort of thing.
Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/10/was_the_triton_.html
I don’t know. FireEye likes to attribute all sorts of things to Russia, but the evidence here look pretty good.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.