Joseph Menn

One of the best-known networks of compromised personal computers, assembled largely through deceptive web links sent from Facebook accounts, earns its proprietors about $2m a year.

That’s one of the conclusions in a study released Friday by Information Warfare Monitor researcher Nart Villeneuve, who won access to archives of the software that the Russian criminals used to control the program known as Koobface, which is an anagram of Facebook. Read more

Joseph Menn

A computer virus has infected more than 10,000 machines and directed them to connect with and attempt to overwhelm online forums critical of the ruling Vietnamese Communist Party, security researchers said on Thursday.

The resulting denial-of-service attacks on a handful of sites show how such programs are increasingly being used to target opposition voices.

Similar attacks have been waged on anti-Russian sites operated from conflict zones in the Caucuses and on some more mainstream sites run by politicians at odds with the Kremlin.

Researchers at SecureWorks, who dubbed the new virus Vecebot, said they couldn’t prove that it was unleashed by the government or someone working for it. Such software is rarely traced to an author.

But they noted a piece of interesting timing. On Oct. 19, a Vietnamese blogger using the name Dieu Cay was to be released after serving a 30-month sentence. Read more

Joseph Menn

A phishing attack aimed at small businesses accounted for as much as a third of all global junk email–or more than a quarter of all e-mail–for a 15-minute period Friday, showing that the Zeus family of keystroke-logging software remains a force to be reckoned with despite a recent spate of arrests.

The attack took the form of e-mails that had subject headings beginning “Your Federal Tax Payment” and said an electronic transfer had been rejected because of an invalid corporate identification number. Following a recent trend in such scams, the e-mails contain links to a genuine web page, in this case a US site that collects tax payment information including bank account numbers. Read more

Joseph Menn

Ukraine authorities said on Tuesday that the 20 suspects, including 5 key targets they detained as part of a global crackdown on crime rings using the Zeus malware to steal from online bank accounts, brought a total of $40m into the country.

At a press conference covered by the FT’s Mark Rachkevych, officials from the Ukraine’s SBU confirmed that the alleged kingpins had been released, but said the five could expect to be charged this week.

Potentially among them are money laundering, interfering with computer transmissions, and distributing malicious programs. Prison terms for conviction on the second or third of those start at two years, while money laundering can fetch as many as 15. Read more

David Gelles

Back in February we reported on a truly unsavoury story of compromised privacy in the digital age. School administrators outside Philadelphia had issued new laptops to 1,800 students, then used the webcams to remotely spy on the students.

A student sued and weeks later, when a separate criminal investigation was announced, we said that “The Lower Merion School District is not going to get off with just a slap on the wrist.”

Turns out Federal prosecutors had a different opinion. This morning they announced that no charges will be brought against the school district or its employees, according to the Associated PressRead more

Joseph Menn

A researcher on Thursday posted software tools that he said would enable widespread eavesdropping on calls made over GSM networks with less than $2,000 worth of equipment.

Speaking at the second day of the Black Hat technology security conference in Las Vegas, researcher Karsten Nohl, who had previously reported that he had cracked GSM encryption, said he was distributing the tools free in order to pressure carriers to make fairly simple changes to fix the vulnerability. Read more

Joseph Menn

More than a hundred innocuous-looking wallpaper applications for Android handsets have been harvesting users’ phone numbers and SIM card information and sending them off to a Website based in China, researchers said Wednesday at the Black Hat tech security conference in Las Vegas.

The wallpapers–background pictures of ponies, basketball scenes and the like–have been downloaded more than a million times, the researchers said in highlighting growing concern about potential for malicious applications on Android, Apple’s iPhone and other smartphones that are rapidly gaining popularity. Read more

Joseph Menn

Most of the organised hacking rings aiming at bank fraud these days are stealing login credentials and then taking advantage of the relatively recent opportunities provided by online account access, wire transfers and other means for mis-shipping electronic funds.

But a newly discovered Russian group was using networks of compromised personal computers and techniques for hacking into databases to write $9m in counterfeit checks, thought until now to be the purview mainly of old-time loners. Read more

Richard Waters

Google’s horrendous breach of privacy with its StreetView data-collection gaffe may at least have one beneficial consequence: making WiFi users think more about security.

Consumer Watchdog, which has emerged as one of the main anti-Google agitators, decided to follow in the tracks of the StreetView cars – literally. It sent out its own vehicle to “sniff” the WiFi networks of certain members of the US Congress whose homes have been photographed by the Google service. Read more

Joseph Menn

Security firm KnujOn (backwards for No Junk, reflecting the small outfit’s anti-spam roots) has a new report out this morning, pointing a finger at website registrars for facilitating a wide range of internet crime.

My story in today’s FT centres on the case KnujOn makes against eNom, the No. 2 seller of domain names and a profitable unit of Demand Media, which would probably prefer that any stink wait until after its anticipated IPO.

But the bigger picture is more important. Read more

Chris Nuttall

With behavioural targeting and privacy becoming hot internet issues, a coalition of consumer and privacy advocacy groups is taking their fight for online rights to Capitol Hill.

Their joint letter to Congress, ahead of an impending bill, warns that the “tracking and targeting of consumers online have reached alarming levels.” Read more

Joseph Menn

The debut of Apple’s iPad, along with Thursday’s disclosure of new rules preventing developers from writing in more languages Apple doesn’t like, has rekindled what had seemed a settled debate about the comparative virtues of open and closed technology platforms.

The New York Times weighed in with a column Sunday saying the boom in iPhone apps proved that an environment closely policed by one benevolent master could provide healthy progress, reversing prior assumptions. Earlier, Harvard’s Jonathan Zittrain and Cory Doctorow, among others, had complained that the iPad was far too restrictive and would hinder innovation in software.

But few on either side have pointed to the impact of cybercrime on the success of Apple’s strategy. Guardian technology editor Charles Arthur is an exception: He recently argued that the disastrous state of security on Windows machines provides a compelling reason for the iPad’s existence. Read more

Access to Google search results from within mainland China was blocked recently for many hours, then restored, even as the US company switched explanations for what was happening.

In the meantime, Yahoo email users in China specialising in politically sensitive material complained that their accounts had been compromised, while malicious software tried to install itself on computers in Vietnam used by critics of a Chinese mining investment in that country. Read more

China benefits from open network links to the rest of the world. An FT editorial says any big step now in the direction of restricting access could have longer-term repercussions.

Its repressive stance has set a dubious leadership for regimes elsewhere, with the open internet under attack in many parts of the world. Diplomatic and economic pressure may have more effect elsewhere. If the global drift towards a more restrictive internet is to be halted, now is the time to draw a line in the sand.

 Read more

David Gelles

The hacker who hijacked the Twitter accounts of celebrities including Britney Spears and US President Barack Obama was arrested in France on Wednesday, only to be released and ordered to appear in court in June.

“Hacker Croll” gained notoriety last year by taking over some of the most prominent accounts on Twitter, then sending out fake messages to millions of unsuspecting followers. A hacker by the same name also accessed a trove of internal corporate documents from Twitter and leaked them to TechCrunch, though it was not immediately clear if the man arrested on Wednesday was responsible for both attacks.

The AFP reported that the arrest was the culmination of a months-long operation that involved French authorities and the FBI. It was not immediately clear if the man was charged with a crime. Read more

“Google decided that its brand, which depends on its image as a champion of liberalism, was worth more than a slice of China’s still-nascent online advertising market,” writes the FT’s David Pilling. Now, he says, “Google’s decision has presented Chinese authorities with a quandary.”

Some officials have sensibly sought to characterise the pull-out as a purely commercial decision of little broader significance. To escalate the affair risks jeopardising China’s official stance of being welcoming to business and further poisoning already strained relations with the US. More, to paint the withdrawal in ideological hues risks putting Beijing into conflict with a subset of its own netizens who are embarrassed that a great company such as Google cannot operate freely in a great country such as China.

 Read more

Joseph Menn

A bipartisan bill introduced in the Senate on Tuesday would require the US to penalise countries that don’t do enough to crack down on cybercrime that attacks US individuals, companies or federal assets.

Backed by Kirsten Gillibrand, a New York Democrat, and Orrin Hatch, a Utah Republican, the bill would have the president identify countries of concern and establish benchmarks for rectifying the problems. Read more

David Gelles

After taking so much flack for its frequent outages and the regular attacks on its system, it is only fair that Twitter gets to toot its own horn once in a while.

In a bit of very good news for the company, Twitter says it has finally gotten spam on the site under control.

As Twitter was going through its major growth spurt last year, spammers and scammers flocked to the site. From May through October, as much as 9 per cent of all tweets were spam, according to Twitter’s own numbers. Now that number is down to about 1 per cent, said Twitter chief scientist Abdur Chowdhury in a blog post. Read more

As a new cybersecurity bill paves the way for the US government to share classified information with private sector operators of ‘critical infrastructure’, author Misha Glenny (pictured) writes in the FT that the internet’s uncharted territory is being rapidly nationalised.

While there is clearly a pressing need to define rules that apply in cyberspace, they are emerging at speed with little coherent strategy behind them. Nobody knows where this process will lead for two central reasons. The speed of technological change means that the traditional tools of state used to carve up the world in the 19th century, such as laws and treaties, are often inadequate, if not entirely irrelevant, when applied to this new domain.

 Read more

Tim Bradshaw

It’s been a tough seven days for Facebook in the UK. Last week the social network was splashed on the front page of most newspapers after “Facebook killer” Peter Chapman murdered a 17-year-old girl he met through the site.

The Daily Mail in particular went to town on the story, even risking legal action with a piece by an “expert” claiming that within 90 seconds of logging into Facebook, “a middle-aged man wanted to perform a sex act in front of me”. The Mail had to apologise when it emerged the site in question wasn’t Facebook after all but a (still-unnamed) “different social networking website”.

It didn’t take long for politicians to jump on the bandwagon in this election year. Read more