Monday, May 28, 2012
New computer virus hits Iran, West Bank in unprecedented cyberattack
Internet security firm Kaspersky calls 'Flame' bug the 'most sophisticated cyber-weapon yet unleashed,' hints it may have been created by makers of Stuxnet worm.
Internet security company Kaspersky Lab announced on Monday that it had uncovered a 'cyber-espionage worm' designed to collect and delete sensitive information, primarily in Middle Eastern countries.
Kaspersky called the malware, named "Flame," the "most sophisticated cyber-weapon yet unleashed." It said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
The company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.
On its blog, Kaspersky called Flame a "sophisticated attack toolkit," adding that it was much more complex than Duqu, the vehicle used to deliver Stuxnet.
The Stuxnet bug, discovered in June 2010, targeted primarily Iranian computers. Iran admitted that the worm damaged centrifuges operating at an uranium enrichment facility at Nantaz.
Kaspersky's chief malware expert Vitaly Kamluk told the BBC that more than 600 specific targets had been hit by Flame, including computers owned by individuals, businesses, academic institutions and government systems.
Kamluk said he believed the malware had been operating at least since August 2010, and probably earlier, adding that there was "no doubt" that it was developed by a state actor.
Symantec, another Internet security firm, said on its blog that the bug's code was on par with that of Stuxnet and Duqu, which it described as "arguably the two most complex pieces of malware we have analyzed to date."
It also said that certain file names in Flame were identical to those described in a hacking incident in April involving the Iranian oil ministry.
According to the firm, the worm had been operating discreetly for at least two years and was likely written by "an organized, well-funded group of people working to a clear set of directives."
Symantec said the virus had also been found in computers in Hungary, Austria, Russia, Hong Kong and the United Arab Emirates.
Venus 'Transit of Sun' is next amazing sky sight
The "ring of fire" solar eclipse may be history, but skywatchers have another stunning event to look forward to — June's historic Venus transit of the sun.
On Sunday, May 20, the moon covered most of the sun's disk but left a ring of light blazing around its circumference. The resulting annular solar eclipse wowed skywatchers in parts of Asia, the Pacific region and western North America.
As impressive as that sight was, it may just be a warm-up for the Venus transit of June 5 (June 6 in much of the Eastern Hemisphere). Venus will cross the sun's face from Earth's perspective, appearing in silhouette as a tiny, slow-moving black dot.
The dramatic celestial event will be visible from all seven continents, and it's a must-see for skywatchers; Venus won't trek across the solar disk again for 105 years.
"I think this is the last one I'll see," Dean Pesnell, of NASA's Goddard Space Flight Center in Greenbelt, Md., told SPACE.com. Pesnell is project scientist for NASA's sun-watching Solar Dynamics Observatory (SDO) spacecraft, which will have an unparalleled view of the transit.
A historic event
Venus transits occur in pairs that are eight years apart, but these dual events take place less than once per century. The last transit occurred in 2004, but the next won't come until 2117.
In addition to being rare and spectacular skywatching events, transits of Venus have played a large role in astronomical history. For example, scientists and explorers mounted huge expeditions to view the 18th century's two transits, which occurred in 1761 and 1769.
The goal was to answer one of astronomy's most important questions — the distance from Earth to the sun. By precisely timing the transit's length from many different points around the globe, the reasoning went, scientists could calculate the Earth-sun distance using the principles of parallax. With this information in hand, the scale of the entire solar system would follow.
Famed British explorer Captain James Cook took part in the 1769 expedition, sailing to Tahiti and watching the transit from a place now known as Point Venus.
The 18th-century efforts came up short, but astronomers eventually got the data they needed from photographs taken during the next pair of Venus transits, which occurred in 1874 and 1882.
Watching the transit
While most of the globe will able to watch at least part of the Venus transit on June 5-6, you may have to travel if you want to see Venus both enter and exit the solar disk.
Weather permitting, the entire seven-hour transit will be widely visible from eastern Asia, eastern Australia, New Zealand and the western Pacific, as well as Alaska, northern Canada and almost all of Greenland.
Not content to live vicariously through their spacecraft, Pesnell and some other SDO scientists will watch the transit from Fairbanks, Alaska. They're going to bring 10 to 20 educational displays with them, using the event to teach the public about the sun and SDO, Pesnell said.
If you plan to watch the transit, be safe. WARNING: Never look at the sun directly with your naked eye or through cameras, binoculars or small telescopes without proper filters. Doing so can result in serious and permanent eye damage, including blindness.
To safely observe the Venus transit, you can buy special solar filters to fit over your equipment, or No. 14 welder's glass to wear over your eyes.
The safest and simplest technique, however, is to observe the transit indirectly using the solar projection method. Use your telescope or one side of your binoculars to project a magnified image of the sun’s disk onto a shaded white piece of cardboard.
The projected image on the cardboard will be safe to look at and photograph. But be sure to cover the telescope’s finder scope or the unused half of the binoculars, and don’t let anyone look through them.
Google Privacy Inquiries Get Little Cooperation
Secrets spilled across the computer screen.
Reinhold Harwart, deputy mayor of Molfsee, Germany, organized a town protest against Google’s Street View methods.
After months of negotiation, Johannes Caspar, a German data protection official, forced Google to show him exactly what its Street View cars had been collecting from potentially millions of his fellow citizens. Snippets of e-mails, photographs, passwords, chat messages, postings on Web sites and social networks — all sorts of private Internet communications — were casually scooped up as the specially equipped cars photographed the world’s streets.
“It was one of the biggest violations of data protection laws that we had ever seen,” Mr. Caspar recently recalled about that long-sought viewing in late 2010. “We were very angry.”
Google might be one of the coolest and smartest companies of this or any era, but it also upsets a lot of people — competitors who argue it wields its tremendous weight unfairly, officials like Mr. Caspar who says it ignores local laws, privacy advocates who think it takes too much from its users. Just this week, European antitrust regulators gave the company an ultimatum to change its search business or face legal consequences. American regulators may not be far behind.
The high-stakes antitrust assault, which will play out this summer behind closed doors in Brussels, might be the beginning of a tough time for Google. A similar United States case in the 1990s heralded the comeuppance of Microsoft, the most fearsome tech company of its day.
But never count Google out. It is superb at getting out of trouble. Just ask Mr. Caspar or any of his counterparts around the world who tried to hold Google accountable for what one of them, the Australian communication minister Stephen Conroy, called “probably the single greatest breach in the history of privacy.” The secret Street View data collection led to inquiries in at least a dozen countries, including four in the United States alone. But Google has yet to give a complete explanation of why the data was collected and who at the company knew about it. No regulator in the United States has ever seen the information that Google’s cars gathered from American citizens.
The tale of how Google escaped a full accounting for Street View illustrates not only how technology companies have outstripped the regulators, but also their complicated relationship with their adoring customers.
Companies like Google, Amazon, Facebook and Apple supply new ways of communication, learning and entertainment, high-tech wizardry for the masses. They have custody of the raw material of hundreds of millions of lives — the intimate e-mails, the revealing photographs, searches for help or love or escape.
People willingly, at times eagerly, surrender this information. But there is a price: the loss of control, or even knowledge, of where that personal information is going and how it is being reshaped into an online identity that may resemble the real you or may not. Privacy laws and wiretapping statutes are of little guidance, because they have not kept pace with the lightning speed of technological progress.
Michael Copps, who last year ended a 10-year term as a commissioner of the Federal Communications Commission, said regulators were overwhelmed. “The industry has gotten more powerful, the technology has gotten more pervasive and it’s getting to the point where we can’t do too much about it,” he said.
Although Google thrives on information, it is closemouthed about itself, as the Street View episode shows. When German regulators forced the company to admit that the cars were sweeping up unencrypted Internet data from wireless networks, the company blamed a programming mistake where an engineer’s experimental software was accidentally included in Street View. It stressed that the data was never intended for any Google products.
The F.C.C. did not see it Google’s way, saying last month the engineer “intended to collect, store and review” the data “for possible use in other Google products.” It also said the engineer shared his software code and a “design document” with other members of the Street View team. The data collection may have been misguided, the agency said, but was not accidental.
Although the agency said it could find no violation of American law, it also said the inquiry was inconclusive, because the engineer cited his Fifth Amendment against self-incrimination. It tagged Google with a $25,000 fine for obstructing the investigation.
Google, which has repeatedly said it wants to put the episode behind it, declined to answer questions for this article.
“We don’t have much choice but to trust Google,” said Christian Sandvig, a researcher in communications technology and public policy at the University of Illinois. “We rely on them for everything.”
That reliance has built an impressive company — and a self-assurance that can be indistinguishable from arrogance. “Google doesn’t seem to think it ever will be held accountable,” Mr. Sandvig said. “And to date it hasn’t been.”
When Street View was introduced in 2007, it elicited immediate objections in Europe, where privacy laws are tough. The Nazis used government data to systematically pursue Jews and other unwanted groups. The East German secret police, the Stasi, similarly controlled data to monitor perceived enemies.
Commander X Claims Anonymous Infiltrated by the FBI
RT’s Abby Martin interviews X, an Anonymous hacktivist vigilante about FBI infiltration within Anonymous and the possibility of the U.S. government staging cyber-terrorism in the future:
Busted: Microsoft Harbors BitTorrent Pirates
n recent weeks the anti-piracy antics of Microsoft have made the news on a few occasions. From censoring The Pirate Bay to funding BitTorrent poisoning startups, the software giant is determined to attack piracy head-on. But perhaps the company should make a start by educating its own employees first. In Microsoft’s offices around the world many company employees are using BitTorrent to download and share pirated movies.
YouHaveDownloaded is a treasure trove of incriminating data on alleged BitTorrent pirates all across the world.
The site, launched late last year, exposes what people behind an IP-address have downloaded using BitTorrent. This data was gathered from public BitTorrent trackers, and the founders released it to show how much information can be found on BitTorrent users who don’t hide their IP-address.
The site’s founders inform TorrentFreak that since this mission has now been accomplished, they have stopped adding new info to the site. However, existing data is still online and that allows us to “out” a group of corporate BitTorrent pirates once more.
In recent weeks Microsoft has taken a strong position against copyright infringers. They censored Pirate Bay links in Windows Live Messenger, funded a startup that aims to kill BitTorrent traffic, and a few days ago it was revealed that they are the most active sender of DMCA takedown notices to Google.
Clearly, Microsoft is anti piracy. But would they also prevent their employees from using Microsoft office connections to download pirated films through BitTorrent? Let’s find out.
The methodology is easy. Look up a range of IP-addresses assigned to Microsoft and enter those into the search form on YouHaveDownloaded one by one. While we expected that it might take a while to find one, we already had a handful of offenders after two dozen tries.
Below are a few of our findings, all downloads that are linked to Microsoft’s office in Sammamish, Washington (or Seattle). Interestingly, most of the hits we ran into are movies such as “The Debt”, “Bordertown” and lesser known “Blind”.
Subscribe to:
Posts (Atom)