Tag: Naked | SpinSafe

Tag Archive for: Naked

Google wins court order to force ISPs to filter botnet traffic – Naked Security

April 28, 2023/in Internet Security

A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google.

Google, it seems, decided to use its size, influence and network data to say, “No more!”, based on evidence it had collected about a cybergang known loosely as the CryptBot crew, whom Google claimed were:

Ripping off Google product names, icons and trademarks to shill their rogue software distribution services.
Running “pay-per-install” services for alleged software bundles that deliberately injected malware onto victims’ computers.
Operating a botnet (a robot or zombie network) to steal, collect and collate personal data from hundred of thousands of victims in the US.

You can read a PDF of the court document online.
Thanks to our chums at online pub The Register for posting this.

Plunder at will

Data that these CryptBot criminals are alleged to have plundered includes browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and other PII (personally identifiable information).

As the court order puts it:

The Defendants are responsible for distributing a botnet that has infected approximately 672,220 CryptBot victim devices in the US in the last year. At any moment, the botnet’s extraordinary computing power could be harnessed for other criminal schemes.

Defendants could, for example, enable large ransomware or distributed denial-of-service attacks on legitimate businesses and other targets. Defendants could themselves perpetrate such a harmful attack, or they could sell access to the botnet to a third party for that purpose.

Because the defendants are apparently operating out of Pakistan, and unsurprisingly didn’t show up in court to argue their case, the court decided its outcome without hearing their side of the story.

Nevertheless, the court concluded that Google had shown “a likelihood of success” in respect of charges including violating the Computer Fraud and Abuse Act, trademark rules, and racketeering laws (which deal, loosely speaking, with so-called organised crime – committing crimes as if you were running a business):

[The court favors]…

Dutch suspect locked up for alleged personal data megathefts – Naked Security

January 26, 2023/in Computer Security

The Public Prosecution Service in the Netherlands [Dutch: Openbaar Ministerie] has just released information about an unnamed suspect arrested back in December 2022 for allegedly stealing and selling personal data about tens of millions of people.

The victims are said to live in countries as far apart as Austria, China, Columbia, the Netherlands itself, Thailand and the UK.

Apparently, the courts have taken a strict approach to this case, effectively keeping the arrest secret from late 2022 until now, and not allowing the suspect out on bail.

According to the Ministry’s report, a court order about custody was made in early December 2022, when the authorities were given permission to keep the suspect locked up for a further 90 days, meaning that they can hold him until at least March 2023 as work on his case continues.

The suspect is being investigated for multiple offences: possessing or publishing “non-public” data, possessing phishing software and hacking tools, computer hacking, and money laundering.

The prosecutors claim that he laundered close to half-a-million Euros’ worth of cryptocurrency during 2022, so we’re assuming that the court considered him a flight risk, decided that if released he might be able to destroy evidence and, presumably, thought that he might try to warn others in the cybercrime forums where he’d been active to start covering their tracks, too.

Governmental breach?

Intriguingly, the investigation was triggered by the appearance on a cybercrime forum of a multi-million record stash of personal data relating to Austrian residents.

Those data records, it seems, turned out to have a common source: the company responsible for collecting radio and TV licence fees in Austria.

Austrian cops apparently went undercover to buy up a copy of the stolen data for themselves, and in the process of doing so (their investigative methods, unsurprisingly, weren’t revealed) identified an IP number that was somehow connected to the username they’d dealt with on the dark web.

That IP number led to Amsterdam in the Netherlands, where the Dutch police took the investigation further.

As the Dutch Ministry writes:

The team has strong indications that…

Breaches, patches, leaks and tweaks! [Audio + Text] – Naked Security

January 26, 2023/in Internet Security

Latest epidode – listen now.

DOUG. Breaches, breaches, patches, and typios.

All that, and more, on the Naked Security podcast.

[MUSICAL MODEM]

Welcome to the podcast, everybody.

I am Doug Aamoth; he is Daul Pucklin…

…I’m sorry, Paul!

DUCK. I think I’ve worked it out, Doug.

“Typios” is an audio typo.

DOUG. Exactly!

DUCK. Yes… well done, that man!

DOUG. So, what do typos have to do with cybersecurity?

We’ll get into that…

But first – we like to start with our This Week in Tech History segment.

This week, 23 January 1996, version 1.0 of the Java Development Kit said, “Hello, world.”

Its mantra, “Write once, run anywhere”, and its release right as the web’s popularity was really reaching a fever pitch, made it an excellent platform for web-based apps.

Fast-forward to today, and we’re at version 19, Paul.

DUCK. We are!

Java, eh?

Or “Oak”.

I believe that was its original name, because the person who invented the language had an oak tree growing outside his office.

Let us take this opportunity, Doug, to clear up, for once and for all, the confusion that lots of people have between Java and JavaScript.

DOUG. Ooooooh…

DUCK. A lot of people think that they are related.

They’re not related, Doug.

They’re *exactly the same* – one is just the shortened… NO, I’M COMPLETELY KIDDING YOU!

Java is not JavaScript – tell your friends!

DOUG. I was, like, “Where is this going?” [LAUGHS]

DUCK. JavaScript basically got that name because the word Java was cool…

…and programmers run on coffee, whether they’re programming in Java or JavaScript.

DOUG. Alright, very good.

Thank you for clearing that up.

And on the subject of clearing things up, GoTo, the company behind such products as GoToMyPC, GoToWebinar, LogMeIn, and (cough, cough) others says that they’ve “detected unusual activity within our development environment and third party cloud storage service.”

Paul, what do we know?

GoTo admits: Customer cloud backups stolen together with decryption key

DUCK. That was back on the last day of November 2022.

And the (cough, cough) that you mentioned earlier, of course, is GoTo’s…

One 0-day; Win 7 and 8.1 get last-ever patches – Naked Security

January 10, 2023/in Computer Security

As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page.

(The website itself says 2283, but the CSV export contained 2875 lines, where the first line isn’t actually a data record but a list of the various field names for the rest of the lines in the file.)

Glaringly obvious at the very top of the list are the names in the Product column of the first nine entries, dealing with an elevation-of-privilege (EoP) patch denoted CVE-2013-21773 for Windows 7, Windows 8.1, and Windows RT 8.1.

Windows 7, as many people will remember, was extremely popular in its day (indeed, some still consider it the best Windows ever), finally luring even die-hard fans across from Windows XP when XP support ended.

Windows 8.1, which is remembered more as a sort-of “bug-fix” release for the unlamented and long-dropped Windows 8 than as a real Windows version in its own right, never really caught on.

And Windows RT 8.1 was everything people didn’t like in the regular version of Windows 8.1, but running on proprietary ARM-based hardware that was locked down strictly, like an iPhone or an iPad – not something that Windows users were used to, nor, to judge by the market reaction, something that many people were willing to accept.

Indeed, you’ll sometimes read that the comparative unpopularity of Windows 8 is why the next major release after 8.1 was numbered Windows 10, thus deliberately creating a sense of separation between the old version and the new one.

Other explanations include that Windows 10 was supposed to be the full name of the product, so that the 10 formed part of the brand new product name, rather than being just a number added to the name to denote a version. The subsequent appearance of Windows 11 put something of a dent in that theory – but there never was a Windows 9.

The end of two eras

Well, this month sees the very last security updates for the old-school Windows 7 and Windows 8.1 versions.

Windows 7 has now reached the end of its three-year pay-extra-to-get-ESU period (ESU is short for extended security updates), and…

Archives