Consider Cybersecurity topics, authors and tags that you are interested in when trying to search. You can also enter your own custom search criteria. You can also select a topic or syndication source below to filter all the blog posts.
Google has said it believes hackers backed by the North Korean government have been posing as computer security bloggers and using fake accounts on social media as part of attempts to steal information from researchers in the field.
North Korea has been linked to a number of major cyberattacks in recent years, such as a 2013 campaign which paralysed the servers of South Korean financial institutions, the hacking of Sony Pictures in 2014, and the WannaCry malware attack of 2017, but has denied involvement.
The tech company did not specify this week how successful the hackers had been or what kind of information could have been compromised.
Experts have said the country is working to improve its cyber skills and its ability to breach widely-used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system.
In an online report published late on Monday, Adam Weidemann, a researcher from Google’s Threat Analysis Group, said that hackers supposedly backed by North Korea created a fake research blog and multiple Twitter profiles to build credibility with security researchers.
After connecting with researchers, the hackers asked them if they wanted to collaborate on cyber-vulnerability research and share a tool that contained a code designed to install malicious software on the targets’ computers.
This then allowed the hackers to take control of the device and steal information from it.
Mr Weidemann said several targeted researchers were compromised after following a Twitter link to a blog set up by the hackers.
“At the time of these visits, the victim systems were running fully patched and up-to-date Windows 10 and Chrome browser versions,” he wrote in the report.
“At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have.”
Google also published a list of social media accounts and websites it said were controlled by the hackers, including 10 Twitter profiles and five LinkedIn profiles.
In 2019, the UN Security Council estimated that North Korea had earned as much as $2bn (£1.46bn) over several years through illicit cyber operations targeting cryptocurrency exchanges and…
The internet is many things to many people. Some of these things are good, while others are bad. Still, it should be fairly uncontroversial to say that the internet has generally done a good job of empowering ordinary people. With the advent of a platform sans gatekeepers, millions of people suddenly had a voice that they would not otherwise have been afforded. The result of this has been the explosion in blogs, podcasts, forums, and other outlets. The internet brings the ability to reach others and that has resulted in an explosion of thought and speech.
It will come as no surprise that plenty of national governments throughout the world aren’t huge fans of their people suddenly having this sort of voice and reach. After all, that kind of free expression can often times come in the form of critiques of those very governments, and that kind of reach can create movements of dissent. You may recall back in April when Glyn Moody detailed Tanzania’s attempt to tamp down this critical speech by forcing bloggers to register with the government at a cost greater than the average per capita income of its citizens. While this was a fairly naked attempt to keep the voices of its citizens from being heard, Glyn pointed out that the Tanzanian government was at least attempting to be cynically subtle about it.
The current Tanzanian government is not very happy about this uncontrolled flow of information to the people. But instead of anything so crude as shutting down blogs directly, it has come up with a more subtle, but no less effective, approach.
What a difference a few months make in the actions of an authoritarian regime. It seems this more subtle approach did not have the desired effect, as the Tanzanian government has now ordered that all unregistered bloggers simply shut themselves down or face criminal prosecution.
Tanzania ordered all unregistered bloggers and online forums on Monday to suspend their websites immediately or face criminal prosecution, as critics accuse the government of tightening control of internet content. Several sites, including popular online discussion platform Jamiiforums, said on Monday they had temporarily shut down after the state-run Tanzania Communications Regulatory Authority (TCRA) warned it would take legal action against all unlicensed websites.
Digital activists say the law is part of a crackdown on dissent and free speech by the government of President John Magufuli, who was elected in 2015. Government officials argue the new rules are aimed at tackling hate speech and other online crimes, including cyberbullying and pornography.
If this all sounds familiar to you, it should, because actions like these were very much the precursors to the Arab Spring. These types of attempts to control the internet, a platform that is well-designed to route around this type of control, rarely work for exactly that reason. People will generally find a way if they are motivated enough, which is what makes trying to disappear dissent a government’s first reaction so potentially disastrous.
Critics of this move are predicting the demise of Tanzanian blogging.
The Paris-based Reporters Without Borders group has said the new online content rules “will kill off Tanzania’s blogosphere”.
Perhaps that’s right. Or, perhaps, a move like this does more to spell the end of an authoritarian regime than the demise of a commonplace internet function that is ingrained into the human spirit.
Permalink | Comments | Email This Story
Techdirt.
With WordPress.com powering more than 60 million websites worldwide, anything to improve the safety and security of its users is to be welcomed. Paul Ducklin tries out the new WordPress 2FA service on his Naked Security account…
Naked Security – Sophos