A computer virus has infected more than 10,000 machines and directed them to connect with and attempt to overwhelm online forums critical of the ruling Vietnamese Communist Party, security researchers said on Thursday.
The resulting denial-of-service attacks on a handful of sites show how such programs are increasingly being used to target opposition voices.
Similar attacks have been waged on anti-Russian sites operated from conflict zones in the Caucuses and on some more mainstream sites run by politicians at odds with the Kremlin.
Researchers at SecureWorks, who dubbed the new virus Vecebot, said they couldn’t prove that it was unleashed by the government or someone working for it. Such software is rarely traced to an author.
But they noted a piece of interesting timing. On Oct. 19, a Vietnamese blogger using the name Dieu Cay was to be released after serving a 30-month sentence. Read more
A phishing attack aimed at small businesses accounted for as much as a third of all global junk email–or more than a quarter of all e-mail–for a 15-minute period Friday, showing that the Zeus family of keystroke-logging software remains a force to be reckoned with despite a recent spate of arrests.
The attack took the form of e-mails that had subject headings beginning “Your Federal Tax Payment” and said an electronic transfer had been rejected because of an invalid corporate identification number. Following a recent trend in such scams, the e-mails contain links to a genuine web page, in this case a US site that collects tax payment information including bank account numbers. Read more
Ukraine authorities said on Tuesday that the 20 suspects, including 5 key targets they detained as part of a global crackdown on crime rings using the Zeus malware to steal from online bank accounts, brought a total of $40m into the country.
At a press conference covered by the FT’s Mark Rachkevych, officials from the Ukraine’s SBU confirmed that the alleged kingpins had been released, but said the five could expect to be charged this week.
Potentially among them are money laundering, interfering with computer transmissions, and distributing malicious programs. Prison terms for conviction on the second or third of those start at two years, while money laundering can fetch as many as 15. Read more
A researcher on Thursday posted software tools that he said would enable widespread eavesdropping on calls made over GSM networks with less than $2,000 worth of equipment.
Speaking at the second day of the Black Hat technology security conference in Las Vegas, researcher Karsten Nohl, who had previously reported that he had cracked GSM encryption, said he was distributing the tools free in order to pressure carriers to make fairly simple changes to fix the vulnerability. Read more
More than a hundred innocuous-looking wallpaper applications for Android handsets have been harvesting users’ phone numbers and SIM card information and sending them off to a Website based in China, researchers said Wednesday at the Black Hat tech security conference in Las Vegas.
The wallpapers–background pictures of ponies, basketball scenes and the like–have been downloaded more than a million times, the researchers said in highlighting growing concern about potential for malicious applications on Android, Apple’s iPhone and other smartphones that are rapidly gaining popularity. Read more
Most of the organised hacking rings aiming at bank fraud these days are stealing login credentials and then taking advantage of the relatively recent opportunities provided by online account access, wire transfers and other means for mis-shipping electronic funds.
But a newly discovered Russian group was using networks of compromised personal computers and techniques for hacking into databases to write $9m in counterfeit checks, thought until now to be the purview mainly of old-time loners. Read more
Google’s horrendous breach of privacy with its StreetView data-collection gaffe may at least have one beneficial consequence: making WiFi users think more about security.
Consumer Watchdog, which has emerged as one of the main anti-Google agitators, decided to follow in the tracks of the StreetView cars – literally. It sent out its own vehicle to “sniff” the WiFi networks of certain members of the US Congress whose homes have been photographed by the Google service. Read more
Security firm KnujOn (backwards for No Junk, reflecting the small outfit’s anti-spam roots) has a new report out this morning, pointing a finger at website registrars for facilitating a wide range of internet crime.
My story in today’s FT centres on the case KnujOn makes against eNom, the No. 2 seller of domain names and a profitable unit of Demand Media, which would probably prefer that any stink wait until after its anticipated IPO.
But the bigger picture is more important. Read more
The debut of Apple’s iPad, along with Thursday’s disclosure of new rules preventing developers from writing in more languages Apple doesn’t like, has rekindled what had seemed a settled debate about the comparative virtues of open and closed technology platforms.
The New York Times weighed in with a column Sunday saying the boom in iPhone apps proved that an environment closely policed by one benevolent master could provide healthy progress, reversing prior assumptions. Earlier, Harvard’s Jonathan Zittrain and Cory Doctorow, among others, had complained that the iPad was far too restrictive and would hinder innovation in software.
But few on either side have pointed to the impact of cybercrime on the success of Apple’s strategy. Guardian technology editor Charles Arthur is an exception: He recently argued that the disastrous state of security on Windows machines provides a compelling reason for the iPad’s existence. Read more
Access to Google search results from within mainland China was blocked recently for many hours, then restored, even as the US company switched explanations for what was happening.
In the meantime, Yahoo email users in China specialising in politically sensitive material complained that their accounts had been compromised, while malicious software tried to install itself on computers in Vietnam used by critics of a Chinese mining investment in that country. Read more
China benefits from open network links to the rest of the world. An FT editorial says any big step now in the direction of restricting access could have longer-term repercussions.
Its repressive stance has set a dubious leadership for regimes elsewhere, with the open internet under attack in many parts of the world. Diplomatic and economic pressure may have more effect elsewhere. If the global drift towards a more restrictive internet is to be halted, now is the time to draw a line in the sand.
“Google decided that its brand, which depends on its image as a champion of liberalism, was worth more than a slice of China’s still-nascent online advertising market,” writes the FT’s David Pilling. Now, he says, “Google’s decision has presented Chinese authorities with a quandary.”
Some officials have sensibly sought to characterise the pull-out as a purely commercial decision of little broader significance. To escalate the affair risks jeopardising China’s official stance of being welcoming to business and further poisoning already strained relations with the US. More, to paint the withdrawal in ideological hues risks putting Beijing into conflict with a subset of its own netizens who are embarrassed that a great company such as Google cannot operate freely in a great country such as China.
A bipartisan bill introduced in the Senate on Tuesday would require the US to penalise countries that don’t do enough to crack down on cybercrime that attacks US individuals, companies or federal assets.
Backed by Kirsten Gillibrand, a New York Democrat, and Orrin Hatch, a Utah Republican, the bill would have the president identify countries of concern and establish benchmarks for rectifying the problems. Read more
As a new cybersecurity bill paves the way for the US government to share classified information with private sector operators of ‘critical infrastructure’, author Misha Glenny (pictured) writes in the FT that the internet’s uncharted territory is being rapidly nationalised.
While there is clearly a pressing need to define rules that apply in cyberspace, they are emerging at speed with little coherent strategy behind them. Nobody knows where this process will lead for two central reasons. The speed of technological change means that the traditional tools of state used to carve up the world in the 19th century, such as laws and treaties, are often inadequate, if not entirely irrelevant, when applied to this new domain.