Search the Community
Showing results for tags 'computer'.
-
It is a new tool for analysis of Windows executable files, in order to quickly identify if this is or is not a malware. Most analyzes are based on the extraction of strings "ANSI" and "UNICODE" in disk, but also works with "Memory Dumps". Obviously, the latter option might compromise the security of your computer when you run the samples, so it's recommended make this in laboratory systems. Download https://docs.google.com/uc?id=0B74kMAGqImI9R1o4Q2Z1X054cjA
- 3 replies
-
- 1
-
- compromise
- computer
-
(and 3 more)
Tagged with:
-
Got Chrome? Google Just Silently Downloaded This Onto Your Computer | We Are Change Update via @Andrei: "Seems like Google has reversed their decision in the last release Google Chrome 43.0.2357.130 () NaCl Enabled Yes Microphone No Audio Capture Allowed Yes"
-
Her computer was used to spread Trojan, it is claimed The recent cyberattack on the German government began with the compromise of Chancellor Angela Merkel's personal computer, it is alleged. German newspaper Bild claims Merkel's computer was one of the first systems to be infected with malware linked to miscreants in Russia. Hackers reportedly used Merkel's computer to send messages to other targets in order to further spread a Trojan throughout the German government. The newspaper did not mention how Merkel herself may have been infected. The infection eventually spread throughout the German Bundestag, and was traced back to hackers based in Russia. The German administration has refused to point the finger of blame publicly. The attack reportedly compromised roughly 20,000 systems, and put lawmakers' documents at the fingertips of the infiltrators. It has yet to be confirmed whether the hackers were physically located in Russia or using a proxy in the Putin-led nation, and whether the activity took place with the knowledge of Russian authorities. Russia wouldn't be the first foreign government to pwn Merkel's gear. Earlier this year the NSA was found to have tapped the phone of the German chancellor to gather intelligence. Source
-
- chancellor
- computer
-
(and 3 more)
Tagged with:
-
Here’s my Secret: Today I have something that will make you feel like you have a powerful computer: The Great Suspender — A lightweight Chrome extension to let you manage when tabs should be put "to sleep" or suspended — anywhere from 20 seconds to 3 days. So now you can keep your Gmail, Facebook, and several other tabs open in the background without any fear of slowing down your computer system, and access those tabs again at any point you would like to. I’m sure there are other extensions as well, but this one has worked fantastic for me and dramatically improved my Chrome and my overall surfing experience. Automatically Suspend Tabs with The Great Suspender to avoid Browser Slow down or Crash: The Great Suspender extension effectively allows you to automatically suspend specific tabs that aren’t in use after a set number of minutes. But worry not, as you can restore any particular tab by clicking anywhere on the page when required. Thus, if you have a lot of tabs open in your web browser at one time and you want all of them to keep open, you can automatically avoid them eating up your computer's memory and battery life by suspending them, but also keeping them readily available when required. The Great Suspender gives you the option to suspend specific tabs manually as well while keeping them available in your tab bar. Meanwhile, you can also add any site (such as Gmail, Facebook and so on) to a "whitelist," which will prevent certain pages from suspension no matter what. There are some suboptimal alternatives, including the popular OneTab, which sucks all your open tabs into a list displayed in a single tab, but I prefer The Great Suspender as it keeps tabs visible and accessible even when they aren't active. - See more at: I keep 200+ Browser Tabs Open, and My Computer Runs Absolutely Fine. Here’s My Secret.
- 2 replies
-
- automatically
- browser
-
(and 3 more)
Tagged with:
-
Security researchers are warning PC users in Australia to beware of new Breaking Bad-themed ransomware demanding up to $1000 AUD ($796 USD) to decrypt essential computer files. The attacks typically arrive in the form of a malicious zip archive which takes the name of a famous delivery firm as its file name, according to Symantec. The AV giant continued in a blog post: “This zip archive contains a malicious file called ‘PENALTY.VBS’ (VBS.Downloader.Trojan) which when executed, downloads the crypto ransomware onto the victim’s computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file. Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware.” The ransom demand message that flashes up to victims uses the Los Pollos Hermanos brand, as seen in Breaking Bad – demanding they pay $450 within a specified time or else the charge will rise to $1000. The email provided for “support-related enquiries” also references lead character Walter White’s description of himself in season four as “the one who knocks.” The victim’s images, videos, documents and other important files are encrypted using a random AES key which is in turn encrypted with an RSA public key. This requires them to obtain the corresponding private key from the attackers to effectively get their files back. Also included is a handy video tutorial on how to buy bitcoins – in order to help victims pay the ransom. Symantec said its customers were protected from Trojan.Cryptolocker.S and referred worried netizens to its dedicated blog on ransomware. Cyber-criminals are increasingly turning to ransomware as an easy way to make a fast buck – sometimes with tragic results. In January it was reported that a 17-year-old student from Windsor committed suicide after receiving messages that he’d visited illegal sites and that indecent images had been found on his computer. Source
-
IBM has announced it’s surmounted one of the biggest hurdles on the road toward creating the world’s first true usable quantum computer. A number of analysts have predicted that the jump from traditional computing to quantum chips could be on par with the revolution we saw when the world moved from vacuum tubes to integrated circuits back in the early sixties. The reason for this increased power is that quantum computers are capable of processing multitudes more calculations than traditional CPUs at once, because instead of a transistor existing in one of either two states — on, or off — independently of one another, a quantum bit can be both at the same time. How is that possible? Well, while the specifics of the mechanism that makes it work involves a bit more math than I could sit through in college, at its essence the computer is taking advantage of a quantum phenomena known as “superposition,” wherein an atom can act as both a wave and a particle at once. In short, this means that at least in theory, quantum bits (or “qubits”), can process twice as much information twice as fast. This has made the race to create the world’s first true quantum computer a bit of a Holy Grail moment for big chip makers, who have found themselves inching closer to maxing out Moore’s Law as 22 nano-meter transistors shrink to to 14nm, and 14nm tries to make the jump to 10. Related: Leaked table of Intel’s sixth-generation processors packs few surprises So far we’ve seen just one company pull out in front of the herd with its own entry, D-Wave, which first debuted all the way back in 2013. Unfortunately for futurists, the D-Wave is more a proof of concept that quantum computing is at least possible, but still not necessarily all that much quicker than what we have to work with today. Now though, according to a statement released by IBM Research, it seems Big Blue may have found a way around one of the biggest qualms in quantum computing by sorting out the problem of something known as “quantum decoherence.” Decoherence is a stumbling block that quantum computers run into when there’s too much “noise” surrounding a chip, either from heat, radiation, or internal defects. The systems that support quantum chips are incredibly sensitive pieces of machinery, and even the slightest bit of interference can make it impossible to know whether or not the computer was able to successfully figure out that two plus two equals four. IBM was able to solve this by upping the number of available qubits laid out on a lattice grid to four instead of two, so the computer can compensate for these errors by running queries against itself and automatically compensating for any difference in the results. In laymen’s, this means that researchers can accurately track the quantum state of a qubit, without altering the result through the act of observing alone. “Quantum computing could be potentially transformative, enabling us to solve problems that are impossible or impractical to solve today,” said Arvind Krishna, senior vice president and director of IBM Research, in a statement. Related: Intel may turn to Quantum Wells to enforce Moore’s Law While that may not sound huge, it’s still a big step in the right direction for IBM. The company believes the quantum revolution could be a potential savior for the supercomputing industry, a segment that is projected to be hardest hit by the imminent slowdown of Moore’s trajectory. Other possible applications up for grabs include solving complex physics problems beyond our current understanding, testing drug combinations by the billions at a time, and creating unbreakable encryption through the use of quantum cryptography. Se pare ca aceste tipuri de calculatoare vor conduce la "securitatea suprema". Sursa:Quantum computing may not be as far off as we think, says IBM | Digital Trends
-
Researchers have uncovered new malware that takes extraordinary measures to evade detection and analysis, including deleting all hard drive data and rendering a computer inoperable. Rombertik, as the malware has been dubbed by researchers from Cisco Systems' Talos Group, is a complex piece of software that indiscriminately collects everything a user does on the Web, presumably to obtain login credentials and other sensitive data. It gets installed when people click on attachments included in malicious e-mails. Talos researchers reverse engineered the software and found that behind the scenes Rombertik takes a variety of steps to evade analysis. It contains multiple levels of obfuscation and anti-analysis functions that make it hard for outsiders to peer into its inner workings. And in cases that main yfoye.exe component detects the malware is under the microscope of a security researcher or rival malware writer, Rombertik will self-destruct, taking along with it the contents of a victim's hard drive. In a blog post published Monday, Talos researchers Ben Baker and Alex Chiu wrote: "If an analysis tool attempted to log all of the 960 million write instructions, the log would grow to over 100 gigabytes," the Talos researchers explained. "Even if the analysis environment was capable of handling a log that large, it would take over 25 minutes just to write that much data to a typical hard drive. This complicates analysis.'>Source
-
Twin brothers in Virginia were indicted Thursday on computer hacking and other charges. Muneeb and Sohaib Akhter and co-conspirators allegedly hacked into the website of a cosmetics company and stole customer credit card data and personal information, according to a Thursday release. The 23-year-old brothers used the information obtained in the scheme to purchase goods and services such as flights and hotel reservations, and even to register to attend professional conferences, the release indicated. The duo and co-conspirators are also charged with hacking government systems. “In addition, the brothers and co-conspirators devised a scheme to hack into computer systems at the U.S. Department of State to access network traffic and to obtain passport information,” the release stated. The two men are charged with aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, access of a protected computer without authorization, conspiracy to access a government computer without authorization, false statements, and obstruction of justice. If convicted on all counts, Muneeb Akhter faces a maximum 59 years in prison and Sohaib Akhter faces a maximum 39 years in prison. Source
-
USBkill — A new program that once activated, will instantly disable the laptop or computer if there is any activity on USB port. Hey Wait, don’t compare USBkill with the USB Killer stick that destroy sensitive components of a computer when plugged-in. "USBKill" is a new weapon that could be a boon for whistleblowers, journalists, activists, and even cyber criminals who want to keep their information away from police and cyber thieves. It is like, if you are caught, kill yourself. In the same fashion as terrorists do. Here I am not talking about to kill yourself, but to kill the data from your laptop if the law enforcement has caught your laptop. USBkill does exactly this by turning a thumb drive into a kill switch that if unplugged, forces systems to shut down. Hephaestos (@h3phaestos), the author of USBkill, reports that the tool will help prevent users from becoming the next Ross Ulbricht, founder of the infamous underground drug marketplace Silk Road, who was arrested in a 2013 FBI raid in which his laptop was seized by law enforcement agencies. "USBKill waits for a change on your USB ports, then immediately kills your computer," a Github document states. Completely Wipe up any pieces of evidence before Feds caught you: Generally, the kind of activities on USB port include the police installing a mouse jiggler – a tool that prevents computer systems from going to sleep, and any USB drive being removed from the computer. "If this happens you would like your computer to shut down immediately," Hephaestos says. Simply, tie a flash USB key to your ankle, and instantly start USBkill when the police or any other law enforcement official caught you with a laptop. In case, they steal or take your laptop or computer with them, they would definitely remove the USB drive that will immediately shut down your laptop. The author of USBkill states that the program could be very effective when running on a virtual machine, which would vanish when you reboot. The author says that USBKill will be added to additional commands and functions. However, it does work correctly and efficiently in its current state as well. Source: USBKill — Code That Kills Computers Before They Examine USBs for Secrets
-
Can Hackers turn a remote computer into a bomb and explode it to kill someone, just like they do in hacker movies? Wait, wait! Before answering that, Let me tell you an interesting story about Killer USB drive: A man walking in the subway stole a USB flash drive from the outer pocket of someone else's bag. The pendrive had "128" written on it. After coming home, he inserted the pendrive into his laptop and instead discovering any useful data, he burnt half of his laptop down. The man then took out the USB pendrive, replaced the text "128" with "129" and put it in the outer pocket of his bag… Amen! I’m sure, you would really not imagine yourself being the 130th victim of this Killer perdrive, neither I. This above story was told to a Russian researcher, nicknamed Dark Purple, who found the concept very interesting and developed his own computer-frying USB Killer pendrive. He is working with electronic manufacturing company from where he ordered some circuit boards from China for creating his own USB killer stick. "When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V," the researcher explained. "When the voltage is reached, the DC/DC is switched off. At the same time, the field transistor opens." At last, he successfully developed a well functioning USB killer pendrive which is able to effectively destroy sensitive components of a computer when plugged-in. "It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down. Those familiar with the electronics have already guessed why we use negative voltage here." It is not possible for hardware to prevent all damage to physical systems in some scenarios. It may be possible for an attacker to exploit SCADA vulnerabilities and remove safety controls used by power plants or put it into an unstable state. Stuxnet worm is one of the real example of such cyber attacks, which was designed to destroy centrifuges at the Nuclear facility and all this started from a USB drive. Also in 2014, a security firm demonstrated an attack on Apple’s Mac computer by overriding temperature controls, which can actually set the machine on fire. So if we say that a computer could be converted into a bomb, then of course it’s true, a hacker can probably make your computer explode as well. Therefore, next time when you find an unknown USB flash drive, just beware before inserting it into your laptop. Because this time it will not fire up your important files or data stored on your laptop like what malwares do, instead it will fire up your Laptop. Source : This 'Killer USB' can make your Computer explode Original Source Rusian : USB killer
-
Imagine — reaching into your pocket — and pulling out a computer! Google has made it possible to put your whole computer into your pocket by introducing a whole new kind of Chrome device — a tiny stick that plugs into HDMI port of any display. Dubbed ChromeBit, a fully featured computer-on-a-stick from Asus that Google promises to retail for less than $100 when it comes out this summer. You just need to plug a Chromebit right into your TV or any monitor in order to turn it into a full-fledged Chrome OS-based computer. Google Chromebit is portable with an impressive look and will be available in three attractive colors — silver, blue and orange. It has a smarter clinch on the business end so that a user can easily plug it into practically any HDMI port without the need of any extension cable. SPECIFICATIONS This tiny little Google ChromeBit stick packaged with: Rockchip RK3288 (with quad-core Mali 760 graphics) 2GB of RAM 16GB of solid state storage memory a single full-size USB 2.0 port Bluetooth 4.0 Smart Ready controller WiFi 802.11 ac support ARM Mali 760 quad-core GPU Although Google Chromebit will not be the most powerful computer you could plug into your TV, it should not be too bad for the browser-based operating systems. Google believes that Chromebit will be of great use in schools and small businesses due to its price and easy manageability. $149 CHROMEBOOK In addition to Chromebit, Google also announced several cheap Chrome devices, including Haier Chromebook 11 (available online at Amazon) and Hisense Chromebook (available at Walmart). Both are 11.6-inch Chromebooks will be available at $149, making them cheaper and affordable than most smartphones. The basic specifications for the Haier and Hisense Chromebooks are essentially the same with 2GB of RAM, feature two USB ports, 16GB solid flash storage, SD Card reader and HDMI output, as well as 720p webcam and WiFi and Bluetooth antennas. $249 CHROMEBOOK FLIP The technology giant also announced that ASUS plans to launch a new "Chromebook Flip" convertible with the same internals later this spring for $249. Chromebook Flip will come with a 10.1-inch touchscreen display that flips all the way around so the device can be used in tablet mode. Source
-
- chromebit
- chromebook
-
(and 3 more)
Tagged with:
-
Romanian citizen Mircea-Ilie Ispasoiu made his first appearance in a New Jersey federal court after being extradited to the U.S. for allegedly orchestrating an international hacking scheme. The cyber attack targeted medical offices, retailers, security companies and United States residences, according to a Department of Justice release. Between 2011 and 2014, Ispasoiu worked as a computer systems administrator at a large Romanian financial institution. There he allegedly hacked into multiple private and business networks, including a company that ran background checks. He was able to access thousands of credit and debit card numbers and personal identifiers. Ispasoiu is facing multiple charges of aggravated identity theft, unauthorized computer access to obtain information, unauthorized computer access that caused damage, and wire fraud. If convicted, he could face more than 30 years in prison and millions of dollars in fines. Source
-
AIR-GAPPED SYSTEMS, WHICH are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult. Air-gapped systems are used in classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure. Even journalists use them to prevent intruders from remotely accessing sensitive data. To siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer. But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique. In a video demonstration produced by the researchers, they show how they were able to send a command from one computer to an adjacent air-gapped machine to re-position a missile-launch toy the air-gapped system controlled. The proof-of-concept attack requires both systems to first be compromised with malware. And currently, the attack allows for just eight bits of data to be reliably transmitted over an hour—a rate that is sufficient for an attacker to transmit brief commands or siphon a password or secret key but not large amounts of data. It also works only if the air-gapped system is within 40 centimeters (about 15 inches) from the other computer the attackers control. But the researchers, at Ben Gurion’s Cyber Security Labs, note that this latter scenario is not uncommon, because air-gapped systems often sit on desktops alongside Internet-connected ones so that workers can easily access both. The method was developed by Mordechai Guri, Gabi Kedma and Assaf Kachlon and overseen by their adviser Yuval Elovici. The research represents just a first step says Dudu Mimran, chief technology officer at the lab, who says they plan to present their findings at a security conference in Tel Aviv next week and release a paper describing their work later on. “We expect this pioneering work to serve as the foundation of subsequent research, which will focus on various aspects of the thermal channel and improve its capabilities,” the researchers note in their paper. With additional research, they say they may be able to increase the distance between the two communicating computers and the speed of data transfer between them. In their video demonstration, they used one computer tower to initiate a command to an adjacent computer tower representing an air-gapped system. But future research might involve using the so-called internet of things as an attack vector—an internet-connected heating and air conditioning system or a fax machine that’s remotely accessible and can be compromised to emit controlled fluctuations in temperature. How It Works Computers produce varying levels of heat depending on how much processing they’re doing. In addition to the CPU, the graphics-processing unit and other motherboard components produce significant heat as well. A system that is simultaneously streaming video, downloading files and surfing the internet will consume a lot of power and generate heat. To monitor the temperature, computers have a number of built-in thermal sensors to detect heat fluctuations and trigger an internal fan to cool the system off when necessary or even shut it down to avoid damage. The attack, which the researchers dubbed BitWhisper, uses these sensors to send commands to an air-gapped system or siphon data from it. The technique works a bit like Morse code, with the transmitting system using controlled increases of heat to communicate with the receiving system, which uses its built-in thermal sensors to then detect the temperature changes and translate them into a binary “1” or “0.” To communicate a binary “1” in their demonstration for example, the researchers increased the heat emissions of the transmitting computer by just 1 degree over a predefined timeframe. Then to transmit a “0” they restored the system to its base temperature for another predefined timeframe. The receiving computer, representing the air-gapped system, then translated this binary code into a command that caused it to reposition the toy missile launcher. The researchers designed their malware to take into consideration normal temperature fluctuations of a computer and distinguish these from fluctuations that signal a system is trying to communicate. And although their malware increased the temperature by just one degree to signal communication, an attacker could increase the temperature by any amount as long as it’s within reason, to avoid creating the suspicion that can accompany an overactive computer fan if the computer overheats. Communication can also be bi-directional with both computers capable of transmitting or receiving commands and data. The same method, for example, could have been used to cause their air-gapped system to communicate a password to the other system. The malware on each system can be designed to search for nearby PCs by instructing an infected system to periodically emit a thermal ping—to determine, for example, when a government employee has placed his infected laptop next to a classified desktop system. The two systems would then engage in a handshake, involving a sequence of “thermal pings” of +1C degrees each, to establish a connection. But in situations where the internet-connected computer and the air-gapped one are in close proximity for an ongoing period, the malware could simply be designed to initiate a data transmission automatically at a specified time—perhaps at midnight when no one’s working to avoid detection—without needing to conduct a handshake each time. The time it take to transmit data from one computer to another depends on several factors, including the distance between the two computers and their position and layout. The researchers experimented with a number of scenarios—with computer towers side-by-side, back-to-back and stacked on top of each other. The time it took them to increase the heat and transmit a “1” varied between three and 20 minutes depending. The time to restore the system to normal temperature and transmit a “0” usually took longer. Other Air-Gap Hacking Techniques This isn’t the only way to communicate with air-gapped systems without using physical media. Past research by other teams has focused on using acoustic inaudible channels, optical channels and electromagnetic emissions. All of these, however, are unidirectional channels, meaning they can be used to siphon data but not send commands to an air-gapped system. The same Ben Gurion researchers previously showed how they could siphon data from an air-gapped machine using radio frequency signals and a nearby mobile phone. That proof-of-concept hack involved radio signals generated and transmitted by an infected machine’s video card, which could be used to send passwords and other data over the air to the FM radio receiver in a mobile phone. The NSA reportedly has been using a more sophisticated version of this technique to not only siphon data from air-gapped machines in Iran and elsewhere but also to inject them with malware, according to documents leaked by Edward Snowden. Using an NSA hardware implant called the Cottonmouth-I, which comes with a tiny embedded transceiver, the agency can extract data from targeted systems using RF signals and transmit it to a briefcase-sized relay station up to 8 miles away. There’s no evidence yet that the spy agency is using heat emissions and thermal sensors to steal data and control air-gapped machines— their RF technique is much more efficient than thermal hacking. But if university researchers in Israel have explored the idea of thermal hacking as an attack vector, the NSA has likely considered it too. Source
- 3 replies
-
- air-gapped
- computer
-
(and 3 more)
Tagged with:
-
OFF: Nu este marea cu sarea , dar totusi merge.. ON: PeerBlock lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries! They can't get in to your computer, and your computer won't try to send them anything either. And best of all, it's free! Source: PeerBlock â Peerblock Site Download: http://peerblock.googlecode.com/files/PeerBlock-Setup_v1.2_r693.exe
-
- activities
- computer
-
(and 3 more)
Tagged with:
-
Have you been wondering how to speed up your computer? Cacheman (short for Cache-manager), the award-winning Windows optimizer, offers you a multitude of ways to speed up your computer. Cacheman has been developed with novice, intermediate, and expert users in mind. Immediately after installation, Cacheman examines your computer and automatically tweaks a vast number of cache settings, Registry values, system service options, and PC memory parameters. But this is only the start. Cacheman then continues to work quietly in the background, in order to speed up your computer even more by managing computer memory (RAM), program processes and system services. Cacheman makes sure that the active application gets the maximum possible processing power and available system memory. Cacheman also includes a special optimization for computer games, to prevent slow downs, lag, and stuttering caused by system tools like anti-virus programs. This giveaway has no free updates or free tech support and is for home/personal use only. Get Cacheman with free lifetime upgrades to get free updates, free tech support, and business or home use. Sale ends in 1 day 19 hrs 58 mins Link: Free Cacheman (100% discount)
-
A south suburban police department paid a $500 ransom to an unidentified hacker to regain access to data from a police computer the hacker managed to disable, records show. Midlothian in January was hit with a form of computer virus called Cryptoware, said Calvin Harden Jr., an IT vendor who works with the village. The hacker demanded payment through bitcoin, a digital currency often used by individuals engaging in sophisticated or sometimes illegal activities on the Internet. "It didn't encrypt everything in the police department. It was just that computer and specific files," not the entire system, Harden said. The hacker didn't access the information on the computer but merely shut it down and made it inaccessible, Harden said. The Federal Trade Commission and the FBI issued a public warning last year to consumers and businesses about the virus, saying it's "essentially extortion." Midlothian's police force isn't the first government agency to fall victim to the cybercrime. The city of Detroit and a Tennessee sheriff's office both encountered Cryptoware hackers who sought ransoms in the past year, according to published reports. Fred Hayes, Elwood's top cop and president of the Illinois Association of Chiefs of Police, said this type of virus is becoming more common and that federal officials have been in touch about it. His advice to departments is to back up their data. "This is something that quite a few people recently, and when I say recently (I mean) over the last year or two, have been experiencing," Hayes said. At the Midlothian Police Department, someone opened an email that contained the virus, allowing the virus to lock down the computer, Harden said. A message popped up on the machine demanding money in exchange for a virtual code that would return access, Harden said. Midlothian Police Chief Harold Kaufman confirmed that the department had been hacked but otherwise declined to comment. Neither Kaufman, Midlothian's mayor, nor the village clerk returned further messages asking whether the village would pursue the hacker, but Harden said he believed officials would do so. An FBI spokeswoman wouldn't confirm whether the village made the FBI aware of the incident. Village officials released a copy of the town's invoice in response to an open records request by the Tribune. The invoice, "for MPD virus," shows the village sent a $606 money order to a bitcoin cafe in New York to transmit the money to the hacker. The payment included bank fees and surcharges. Officials tried to wire the money through Bank of America, Harden said, but couldn't. The village had to make a difficult decision whether to comply with the demand, Harden said, and chose to because a pursuit of the hacker might have been more trouble than it's worth. "Because the backups were also infected, the option was to pay the hacker and get the files unencrypted," Harden said, "which is what we decided to do." Harden said he believes the hacker's actions are criminal, which is why the hacker requested "pretty much untraceable" bitcoin as payment. The sheriff's office in Tennessee paid $572 to a hacker known as Nimrod Gruber to regain access to its files, according to reports. Detroit's mayor said in November that the database that was frozen there wasn't essential to government operations, and the city refused to pay a ransom of several hundred thousand dollars a hacker sought. Mike Alsup, co-chair of the Communications and Technology Committee for the Illinois Association of Chiefs of Police, said the issue of cyber security "weighs heavily" on police chiefs. "Chiefs across the entire nation are concerned with the growing trend of computer crime," Alsup said. "Hardly a day goes by that we don't see in both the print and audio media, we hear of instances of computer crime, computer hacking, large organized criminal groups internationally that are stealing through the use of computers." Harden, Midlothian's IT vendor, said he does work for a law firm that experienced a similar virus last year, and added that it's "happening to people every day." "When you tell someone this, it's sort of they're like, 'What?' It's sort of a crazy scenario," Harden said. "But it's happening." Midlothian cops pay bitcoin ransom to retrieve data from hacker - Chicago Tribune
-
Zemana AntiMalware 2 is a second opinion cloud-based multi-engine malware and virus scanner designed to rescue your computer from all types of viruses and malware that have infected your computer despite all the other security measures you have in place. Zemana AntiMalware 2 helps remove unwanted apps, annoying toolbars or browser add-ons and rapidly neutralizes viruses, trojans, rootkits, worms, spyware, and adware. Because of how it works, you can use Zemana AntiMalware 2 side-by-side along with most regular anti-virus programs without conflict. Best of all, Zemana AntiMalware 2 comes in both installer and portable versions, so you can pick whichever one that suits your needs best. Link: Free Zemana AntiMalware 2 (100% discount)
-
- antimalware
- computer
-
(and 3 more)
Tagged with:
-
What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann’s Blackhat, a crime thriller that I had the good fortune to work on as a “hacker adviser” (my actual screen credit). Today, all I’m thinking is, please, God, don’t let anybody in Congress see the film. I’ll explain my anxiety in a minute. First, the movie: Mann, the legendary director of hardboiled crime films like Heat, Collateral, and Miami Vice, always has been a stickler for authenticity, and he brought me into Blackhat as an adviser early on, before it had a title or a lead actor. If you’re wondering how one gets involved in a Michael Mann film, here’s how it works: Mann calls you on the phone. You think, “Why is Michael Mann calling me?” After a phone conversation and an interview in Los Angeles, you’re officially invited on board as a consultant. It turned out Blackhat’s screenwriter had read my cybercrime book Kingpin, and he’d suggested me to Mann. When I showed up for my first consulting meeting, I expected to find a roomful of people crowded around a long conference table. Instead, it was just me and Mann, sitting in his office for five hours at a time. He had questions about malware, hacking, how modern computer intrusions play out. For subsequent meetings, I was given the current iteration of the screenplay (watermarked with my name, lest I leak it to the Pirate Bay), and we went over it line by line, looking at dialogue, discussing tweaks to the hacking and forensics scenes, and working on some of the procedural elements in the plot. Later, Mann brought in a second computer consultant, OkCupid hacker Chris McKinley, to write code for the movie and train leading man Chris Hemsworth in Linux basics, making Hemsworth officially the best-looking human to ever use a command line. The result is in theaters today. I think Blackhat is an awesome movie: stylish, breathtakingly beautiful at times, and close to the metal in depicting a no-longer-scifi world where cybercrime is serious, profitable, and well-funded. I’m biased, of course, because of my involvement, and because I’ve been a fan of Mann’s work since the ’80s. (In one meeting with him I embarrassed myself by recalling the name of the villain in the Miami Vice pilot, which he himself had forgotten.) Overall, the movie seems to be drawing radically polarized reviews, but I’m gratified that security geeks who’ve seen it have given it good grades on authenticity. It wasn’t until this week—Tuesday evening, to be exact—that my anxiety over the timing of the movie set in. That’s when the White House released its legislative proposal to “reform” US computer crime policy in reaction to the Sony breach. President Obama plans to formally announce it at the State of the Union next Tuesday, but the details are public now. And many are troubling. The general thrust of the proposal is to broaden the reach of the Computer Fraud and Abuse Act, and boost penalties for violations. The White House proposal will quadruple the maximum possible sentence for some crimes from five years to 20. And where under current law some hacks are misdemeanors—specifically a first-time offense that doesn’t involve credit cards or more than $5,000 in information—those crimes will now be felonies. Additionally, CFAA violations would qualify for prosecution under the mob-busting RICO statute, meaning, for example, if a member of Anonymous is busted in a petty denial-of-service attack, she might now be held legally accountable for every cybercrime Anonymous has committed. More disturbingly, the proposal includes sweeping language that directly impairs legitimate security work. It makes it newly illegal to “traffic” in any “means of access” into a computer if you have reason to know that someone will use it illegally. Releasing or using hacking code is a staple of cyber security work. Researchers publish it to demonstrate and describe the vulnerabilities they find, and professional white hats use it to audit their customers’ networks. Like many security tools, bad guys can use the software too, and they do. But a sober computer crime proposal doesn’t ban tools that benefit thousands of people because one of them is a criminal. Security expert Robert Graham notes that even circulating a link could be considered a felony under the proposal. Obama has struggled and failed to get similar CFAA changes through Congress in the past, but this time he has the Sony hack behind him—and now Blackhat. If it’s farfetched to think lawmakers will be swayed by a work of Hollywood fiction, consider that it’s happened before. Congress passed the original CFAA in 1984 in direct response to the seminal hacker flick Wargames. Politicians who saw the film felt an urgent need to punish hackers, lest one of them blunder into NORAD and trigger World War III. The result was a law that—after several revisions—led to cases like the Lori Drew and Andrew Auernheimer misfires: People charged for lying in their social networking profiles or conspiring to access an unpublished URL. In one recent case I wrote about, two gamblers were charged under the CFAA for exploiting a bug in video poker machines to beat the house. Following the suicide of hacker activist Aaron Swartz two years ago, a proposal to put limits on the CFAA floated through the halls of Congress and out a window, never to be seen again. Now Obama is looking to go the other way and make the CFAA more powerful. Don’t mistake Obama’s proposal for meaningful action, though. Computer crime sentences have already smashed through the ceiling of efficacy. At this very moment there are hackers, and even low-level credit card fraudsters, serving 20 year terms, and that didn’t deter the Sony intruders. As for the “trafficking” prohibition, when hacking tools are outlawed … well, you know the rest. Nevertheless, I can say with absolute confidence that a lawmaker will soon be standing on the floor of Congress talking about Blackhat in the same breath as the Sony intrusion, railing about the grave threat to American lives that computer hacking poses if the president’s proposal isn’t enacted. I mean, this is a film in which malware makes a Chinese nuclear plant explode in the opening scene. So let me say now to any politicians reading this, as one of the people who helped make Blackhat feel authentic, nuclear plants are not exploding. And if you think they might, then you should direct your efforts to locking down critical systems. Pour money into research, offer incentives for organizations to invest in security, pass disclosure laws that require public reporting of breaches, so consumers can hold negligent companies accountable. Blindly boosting sentences for the few hackers who get caught will do nothing to help. And outlawing security tools just because they can be abused will only aid the real blackhats. Disclosure: As a hacker 20 years ago, the author pleaded guilty under an uncontroversial application of the CFAA. Source
-
The Obama administration, currently engaged in a war of words with North Korea over the recent hacking of Sony Pictures Entertainment, is calling on Congress to increase prison sentences for hackers and to expand the definition of hacking. During next week's State of the Union address, the president is set to publicly urge increased prison time and other changes to the Computer Fraud and Abuse Act—the statute that was used to prosecute Internet activist Aaron Swartz before he committed suicide in 2013. At issue is the Computer Fraud and Abuse Act (CFAA), passed in 1984 to bolster the government's ability to nab hackers who destroy or disrupt computer functionality or who steal information. In general, the CFAA makes it illegal to "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period." Obama said Tuesday, "We want cybercriminals to feel the full force of American justice, because they are doing as much damage—if not more, these days—as folks who are involved in more conventional crime." Among other things, penalties under Obama's plan would increase from a maximum five-year penalty to 10 years for pure hacking acts, like circumventing a technological barrier. What's more, the law would expand the definition of what "exceeds authorized access" means. A hacker would exceed authorization when accessing information "for a purpose that the accesser knows is not authorized by the computer owner." That raised the eyebrows of researchers and scholars alike. That language is "awkward," according to Orin Kerr, a professor and CFAA expert who has defended Lori Drew and Andrew "weev" Auernheimer in CFAA criminal prosecutions. "For example, if your employer has a policy that 'company computers can be accessed only for work-related purposes,' and you access the computer for personal reasons, then you presumably would be accessing the computer for a purpose that you know the employer has not allowed," Kerr said Wednesday. Kerr continued: Kerr said his "biggest concern" surrounds accepted social computing practices, or as he calls it—"norms-based" liability. He said: More broadly, Kerr added, "The expansion of 'exceeding authorized access' would seem to allow lots of prosecutions under a 'you knew the computer owner wouldn't like that' theory. And that strikes me as a dangerous idea, as it focuses on the subjective wishes of the computer owner instead of the individual’s actual conduct." Security expert Robert Graham said Wednesday that the proposal would affect "cybersecurity professionals that protect the Internet. If you cared about things such as 'national security' and 'cyberterrorism,' then this should be your biggest fear. Because of our knowledge, we do innocent things that look to outsiders like 'hacking.' Protecting computers often means attacking them. The more you crack down on hackers, the more of a chilling effect you create in our profession. This creates an open door for nation-state hackers and the real cybercriminals." Source
-
- authorized
- computer
-
(and 3 more)
Tagged with: