« First...102030...680681682683684...690700710...Last »

Sophisticated new Android malware marks the latest evolution of mobile ransomware – Microsoft

Posted on by

Attackers are persistent and motivated to continuously evolve and no platform is immune. That is why Microsoft has been working to extend its industry-leading endpoint protection capabilities beyond Windows. The addition of mobile threat defense into these capabilities means that Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection) now delivers protection on all major platforms.

Microsofts mobile threat defense capabilities further enrich the visibility that organizations have on threats in their networks, as well as provide more tools to detect and respond to threats across domains and across platforms. Like all of Microsofts security solutions, these new capabilities are likewise backed by a global network of threat researchers and security experts whose deep understanding of the threat landscape guide the continuous innovation of security features and ensure that customers are protected from ever-evolving threats.

For example, we found a piece of a particularly sophisticated Android ransomware with novel techniques and behavior, exemplifying the rapid evolution of mobile threats that we have also observed on other platforms. The mobile ransomware, detected by Microsoft Defender for Endpoint as AndroidOS/MalLocker.B, is the latest variant of a ransomware family thats been in the wild for a while but has been evolving non-stop. This ransomware family is known for being hosted on arbitrary websites and circulated on online forums using various social engineering lures, including masquerading as popular apps, cracked games, or video players. The new variant caught our attention because its an advanced malware with unmistakable malicious characteristic and behavior and yet manages to evade many available protections, registering a low detection rate against security solutions.

As with most Android ransomware, this new threat doesnt actually block access to files by encrypting them. Instead, it blocks access to devices by displaying a screen that appears over every other window, such that the user cant do anything else. The said screen is the ransom note, which contains threats and instructions to pay the ransom.

Figure 1. Sample ransom note used by older ransomware variants

Whats innovative about this ransomware is how it displays its ransom note. In this blog, well detail the innovative ways in which this ransomware surfaces its ransom note using Android features we havent seen leveraged by malware before, as well as incorporating an open-source machine learning module designed for context-aware cropping of its ransom note.

In the past, Android ransomware used a special permission called SYSTEM_ALERT_WINDOW to display their ransom note. Apps that have this permission can draw a window that belongs to the system group and cant be dismissed. No matter what button is pressed, the window stays on top of all other windows. The notification was intended to be used for system alerts or errors, but Android threats misused it to force the attacker-controlled UI to fully occupy the screen, blocking access to the device. Attackers create this scenario to persuade users to pay the ransom so they can gain back access to the device.

To catch these threats, security solutions used heuristics that focused on detecting this behavior. Google later implemented platform-level changes that practically eliminated this attack surface. These changes include:

To adapt, Android malware evolved to misusing other features, but these arent as effective. For example, some strains of ransomware abuse accessibility features, a method that could easily alarm users because accessibility is a special permission that requires users to go through several screens and accept a warning that the app will be able to monitor activity via accessibility services. Other ransomware families use infinite loops of drawing non-system windows, but in between drawing and redrawing, its possible for users to go to settings and uninstall the offending app.

The new Android ransomware variant overcomes these barriers by evolving further than any Android malware weve seen before. To surface its ransom note, it uses a series of techniques that take advantage of the following components on Android:

The malware connects the dots and uses these two components to create a special type of notification that triggers the ransom screen via the callback.

Figure 2. The notification with full intent and set as call category

As the code snippet shows, the malware creates a notification builder and then does the following:

Figure 3. The malware overriding onUserLeaveHint

As the code snippet shows, the malware overrides the onUserLeaveHint() callback function of Activity class. The function onUserLeaveHint() is called whenever the malware screen is pushed to background, causing the in-call Activity to be automatically brought to the foreground. Recall that the malware hooked the RansomActivity intent with the notification that was created as a call type notification. This creates a chain of events that triggers the automatic pop-up of the ransomware screen without doing infinite redraw or posing as system window.

As mentioned, this ransomware is the latest variant of a malware family that has undergone several stages of evolution. The knowledge graph below shows the various techniques this ransomware family has been seen using, including abusing the system alert window, abusing accessibility features, and, more recently, abusing notification services.

Figure 4. Knowledge graph of techniques used by ransomware family

This ransomware familys long history tells us that its evolution is far from over. We expect it to churn out new variants with even more sophisticated techniques. In fact, recent variants contain code forked from an open-source machine learning module used by developers to automatically resize and crop images based on screen size, a valuable function given the variety of Android devices.

The frozen TinyML model is useful for making sure images fit the screen without distortion. In the case of this ransomware, using the model would ensure that its ransom notetypically fake police notice or explicit images supposedly found on the devicewould appear less contrived and more believable, increasing the chances of the user paying for the ransom.

The library that uses tinyML is not yet wired to the malwares functionalities, but its presence in the malware code indicates the intention to do so in future variants. We will continue to monitor this ransomware family to ensure customers are protected and to share our findings and insights to the community for broad protection against these evolving mobile threats.

Mobile threats continue to rapidly evolve, with attackers continuously attempting to sidestep technological barriers and creatively find ways to accomplish their goal, whether financial gain or finding an entry point to broader network compromise.

This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow. It reinforces the need for comprehensive defense powered by broad visibility into attack surfaces as well as domain experts who track the threat landscape and uncover notable threats that might be hiding amidst massive threat data and signals.

Microsoft Defender for Endpoint on Android, now generally available, extends Microsofts industry-leading endpoint protection to Android. It detects this ransomware (AndroidOS/MalLocker.B), as well as other malicious apps and files using cloud-based protection powered by deep learning and heuristics, in addition to content-based detection. It also protects users and organizations from other mobile threats, such as mobile phishing, unsafe network connections, and unauthorized access to sensitive data. Learn more about our mobile threat defense capabilities in Microsoft Defender for Endpoint on Android.

Malware, phishing, and other threats detected by Microsoft Defender for Endpoint are reported to the Microsoft Defender Security Center, allowing SecOps to investigate mobile threats along with endpoint signals from Windows and other platforms using Microsoft Defender for Endpoints rich set of tools for detection, investigation, and response.

Threat data from endpoints are combined with signals from email and data, identities, and apps in Microsoft 365 Defender (previously Microsoft Threat Protection), which orchestrates detection, prevention, investigation, and response across domains, providing coordinated defense. Microsoft Defender for Endpoint on Android further enriches organizations visibility into malicious activity, empowering them to comprehensively prevent, detect, and respond to against attack sprawl and cross-domain incidents.

On top of recreating ransomware behavior in ways we havent seen before, the Android malware variant uses a new obfuscation technique unique to the Android platform. One of the tell-tale signs of an obfuscated malware is the absence of code that defines the classes declared in the manifest file.

Figure 5. Manifest file

The classes.dex has implementation for only two classes:

This means that theres no code corresponding to the services declared in the manifest file: Main Activity, Broadcast Receivers, and Background. How does the malware work without code for these key components? As is characteristic for obfuscated threats, the malware has encrypted binary code stored in the Assets folder:

Figure 6. Encrypted executable code in Assets folder

When the malware runs for the first time, the static block of the main class is run. The code is heavily obfuscated and made unreadable through name mangling and use of meaningless variable names:

Figure 7. Static block

The malware uses an interesting decryption routine: the string values passed to the decryption function do not correspond to the decrypted value, they correspond to junk code to simply hinder analysis.

On Android, an Intent is a software mechanism that allows users to coordinate the functions of different Activities to achieve a task. Its a messaging object that can be used to request an action from another app component.

The Intent object carries a string value as action parameter. The malware creates an Intent inside the decryption function using the string value passed as the name for the Intent. It then decrypts a hardcoded encrypted value and sets the action parameter of the Intent using the setAction API. Once this Intent object is generated with the action value pointing to the decrypted content, the decryption function returns the Intent object to the callee. The callee then invokes the getAction method to get the decrypted content.

Figure 8. Decryption function using the Intent object to pass the decrypted value

Once the static block execution is complete, the Android Lifecycle callback transfers the control to the OnCreate method of the main class.

Figure 9. onCreate method of the main class decrypting the payload

Next, the malware-defined function decryptAssetToDex (a meaningful name we assigned during analysis) receives the string CuffGmrQRT as the first argument, which is the name of the encrypted file stored in the Assets folder.

Figure 10. Decrypting the assets

After being decrypted, the asset turns into the .dex file. This is a notable behavior that is characteristic of this ransomware family.

Figure 11. Asset file before and after decryption

Once the encrypted executable is decrypted and dropped in the storage, the malware has the definitions for all the components it declared in the manifest file. It then starts the final detonator function to load the dropped .dex file into memory and triggers the main payload.

Figure 12. Loading the decrypted .dex file into memory and triggering the main payload

When the main payload is loaded into memory, the initial detonator hands over the control to the main payload by invoking the method XoqF (which we renamed to triggerInfection during analysis) from the gvmthHtyN class (renamed to PayloadEntry).

Figure 13. Handover from initial module to the main payload

As mentioned, the initial handover component called triggerInfection with an instance of appObj and a method that returns the value for the variable config.

Figure 14. Definition of populateConfigMap, which loads the map with values

Correlating the last two steps, one can observe that the malware payload receives the configuration for the following properties:

The malware saves this configuration to the shared preferences of the app data and then it sets up all the Broadcast Receivers. This action registers code components to get notified when certain system events happen. This is done in the function initComponents.

Figure 15. Initializing the BroadcastReceiver against system events

From this point on, the malware execution is driven by callback functions that are triggered on system events like connectivity change, unlocking the phone, elapsed time interval, and others.

Dinesh Venkatesan

Microsoft Defender Research

Read the rest here:

Sophisticated new Android malware marks the latest evolution of mobile ransomware - Microsoft

Every Federal Agency Should Think About Securing the Supply Chain – GovernmentCIO Media

Posted on by

Cybersecurity basics and risk management are key elements of IT supply chain security.

The lines delineating IT supply chain security from cybersecurity and infrastructure protection are blurrier than ever, so federal agencies must consider all three together as part of a whole.

It's almost impossible to look at them as separate disciplines at this point, said Daniel Kroese, associatedirector of the National Risk Management Center at CISA duringGovernmentCIO Media andResearch's virtual event this week. We're really just talking about the existing principles ofcybersecurity and infrastructure security with a third-party trust and assurance lens on it. It's a layer on top of what we have already done.

In a panel on IT supply chain security, Kroese and Dell Federal Cybersecurity Practice Manager Dan Carroll discussed the ways in which the software and hardware supply chains impact a federal agencys cybersecurity and risk management.

Since federal agencies increasingly rely on commercial, off-the-shelf software applications and many of those applications rely on open-source code it opens up a broader attack surface for government agencies.

Software represents a potentially concentrated source of risk if you don't have the vulnerability management and acquisition strategies around it, Kroese said. We're working to deploy a series of tools across government agencies, but also private sector partners in the critical infrastructure community to do this supply chain analysis so that if there are vulnerabilities ... we can track it, understand where it isand patch that swiftly.

Carroll said accountability and collaboration are key for federal agencies and private-sector suppliers looking to secure the software supply chain.

The realization that I have an organization, I have a number of people focused on protecting my software, is dwarfed by the number of people who want to exploit my software, he said at theevent. The big part of a secure supply chain is secure development;a secure development lifecycle that is well defined.

One of the ways federal agencies can vet their software is by adopting a zero trust approach.

As we're continuing to mature, you're looking at these emerging security models like zero trust where you're not just validating software when it's developed, but when it boots up every time and as it transfers layers through the service model, Carroll said.

Zero trust is an innovative cybersecurity approach uniquely positioned to address supply chain risk because it requires federal agencies to constantly validate access points on its network (like software applications). Under a zero trust mindset, even an open source-based software application can be validated under the proper protocols and conditions.

If you're starting from the standard of zero trust, it means recognizing how just one bad click or one malicious line of code can set off a cascading set of events that can have enormous damage to not just your enterprise but other organizations, national security, public health and safety, Kroese said. You need to bake in security on the front end so it's easy to localize.

Federal agencies also need to recognize how tightly intertwined the software and hardware supply chains are. The 5G network, for example, will be defined by how the software influences the hardware, Kroese said.

Before you would have physical switches and lines in the ground, and now a whole host of functionality is now controlled by software when before it was the physical arrangement, he said. You have the software that enables the firmware capabilities. What if those monthly software updates introduce more vulnerability to the system? It's really hard to differentiate the line between where the software ends and the hardware starts.

In a rapidly digitizing federal environment, some federal agencies may face numerous challenges to securing their IT supply chains because there are so many moving parts they cannot control, like shippers, third-party logistics providers (3PLs), and Tier 2 and 3 suppliers.

When international shipper Maersk faced massive cyberattacks a few years ago, Kroese said, some of the biggest victims were downline members of the supply chain, like pharmaceutical manufacturer Merck and FedEx, a 3PL.

"Federal agencies need to model out some of this connectivity so we can see how something over there impacts something over here, he said.

When people think about technology they tend to think about the tech in front of them, not understanding there are layers and layers of software under that like Windows 10, Carroll added, and they come from lots of different sources. The system is not made by one company. Being able to come together and create trust and protect against things like insertion, unintentional or malicious, is key.

Federal suppliers may need to start thinking of themselves as IT companies in order to maintain the right mindset about cybersecurity, supply chain risk managementand infrastructure protection.

Everybody in some capacity in this day and age whether they like it or not is an IT company, he said. You may be a bank and don't want to be an IT company, but you still need to protect all that data. You may ship boxes but you're right, you have tons of customer data and credit card data and you need to protect all that data.

For federal agencies looking to ramp up their security strategies for IT systems and supply chains, Kroese said the first place to start is with the cybersecurity basics: patching, continuous monitoring, validating access andscanning for threats.

Basics still very much matter, he said. Innovation is great, but don't let it be a crutch to not do what you need to do today and now.

Here is the original post:

Every Federal Agency Should Think About Securing the Supply Chain - GovernmentCIO Media

This decentralized VPN provider wants to turn the industry on its head – TechRadar

Posted on by

As VPNs have become increasingly popular among consumers and business users, competing in the VPN market has become incredibly challenging especially when a handful of companies control the entire industry.

To help make it easier for businesses to compete in the highly competitive market, the decentralized Virtual Private Network (dVPN) solutions provider Exidio creates open source applications built on a peer-to-peer bandwidth network and Sentinel dVPN protocol, which it is a core contributor to.

The company's custom, white label applications connect to the Sentinel node network and it is even able to prove a users' web traffic and metadata are end-to-end encrypted to ensure both privacy and security. Exidio itself cannot access the traffic nor is a node host able to view a user's web traffic or metadata.

The Sentinel Ecosystem consists of the Sentinel node network, the dVPN user base, communities of open source code contributors and companies integrating the Sentinel node network into their software and services. Since its inception in 2018, the network has grown from 17 active nodes to 270 in September of this year.

Entrepreneurs and businesses that want to provide secure, private networking access to their employees and customers now have a turnkey solution to do so with Exidio. By leveraging the company's open source code, organizations can now bring dVPN to their customers and employees without the challenges of node management.

At the same time, Exidio can natively integrate dVPN into existing applications through its APIs. This means that businesses can focus on providing products and services for their customers while Exidio will provide the architecture and integration of secure, decentralized virtual private networking.

Exidio's CEO Dan Edlebeck provided further insight on the continued growth of the Sentinel Ecosystem in a press release, saying:

"As the adoption across Sentinel Ecosystem continues to grow, we are being approached by more and more companies who are looking to integrate solutions leveraging the Sentinel node network. I'm thrilled about the future as we change the landscape for secure, open source networking."

See the original post here:

This decentralized VPN provider wants to turn the industry on its head - TechRadar

How ZeroNorth is driving the DevSecOps revolution for the good of software, with new capabilities – Security Boulevard

Posted on by

Where software was once on the sidelines of organizational success today, it is front and centerwith businesses under more pressure than ever before to deliver more software, at greater speed, with better quality. But as the DevOps movement has accelerated to address these challenges head on, and the processes for developing software have become more distributed, responsibility for securing these applications has splintered. As a result, application security has fallen through the cracks and stagnated and the vulnerabilities left in the wake may have and in some cases already have had lethal consequences for businesses and for people when those applications are breached once they are in production.

A recent study by the Ponemon Institute underscores the disconnect between security and DevOps teams, finding that 39% of developers believe the security team is ultimately responsible for application security, whereas 67% of AppSec say their teams are responsible. Moreover, 71% of AppSec respondents say security is undermined by developers who do not care about the need to secure applications early in the SDLC, and 53% of AppSec respondents say developers view security as a hindrance to releasing new applications.

This perspective was also shared in the IDC Vendor Profile, ZeroNorth, Bringing End-to-End Clarity to Application Security, where they state: Security teams struggle to keep pace with development, and historically, DevOps teams have neglected security to their peril. With disparate tools clouding the landscape, organizations have left themselves open to attack because of the lack of integration and scant visibility across hybrid environments.

So, whats the solution? ZeroNorth is working to facilitate a true DevSecOps revolution with its application security automation and orchestration platform, whose raison detre is to unite security, DevOps and the business for the good of software. Underscoring this goal are three fundamental principles: software needs structure; software thrives on speed, and software requires focus. The ZeroNorth platform is supporting these principals by: helping to maintain security standards across the enterprise; while helping to accelerate pipeline velocity; and working to unburden developers.

Accelerate software delivery, without disrupting DevOpsToday we announced new capabilities that are specifically designed to empower the security team to own the enforcement of standards and reporting, while liberating the development team to deliver secure software faster and more easily.

First, the new Application Portfolio Report highlights security policies applied to each application, together with scan results and progress of remediation work, and it enables drill down. It gives CISOs a holistic view of risk, and it gives product security and engineering teams the visibility needed to assess and implement security based on their specific LOB needs.

Second, ZeroNorth is working to make application security programs transparent and friction free for developers so they can meet corporate standards without changing their workflows or be flooded with non-priority tickets. To this end, the ZeroNorth platform has added support for two more application security scanning tools (with more to come) to provide coverage for the different types of applications people use to manage their lives and run their businesses. New tools supported include Scout Suite, an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments and Aqua Trivy, a comprehensive open source vulnerability scanner for container images.

ZeroNorth has also expanded its DevOps toolchain integrations and now integrates with, and can scan the contents of, BitBucket Server and GitLab source code repositories including branches within both GitLab and GitHub repositories.

Third, weve added new features that provide greater flexibility to help security and product teams accelerate application delivery. These include customization of vulnerability data compression parameters, such as name and type of vulnerabilities, libraries included, etc., and customization of alerts to meet the needs of the DevOps process and support data-driven business decisions in real time.

As the IDC Vendor Profile says, The future is bright for companies that truly provide visibility into security vulnerabilities and reduce workflow challenges for DevOps teams required to remediate security risks. And with ZeroNorth, Security thus becomes an enabling part of application development rather than the obstacle.

You can read more details of the release here, and check out the IDC Vendor Profile of ZeroNorth. If youd like to go a bit deeper, contact us for a conversation.

Go here to read the rest:

How ZeroNorth is driving the DevSecOps revolution for the good of software, with new capabilities - Security Boulevard

EFF and ACLU Ask Ninth Circuit to Overturn Government’s Censorship of Twitter’s Transparency Report – EFF

Posted on by

Citing national security concerns, the government is attempting to infringe on Twitter's First Amendment right to inform the public about secret government surveillance orders. For more than six years, Twitter has been fighting in court to share information about law enforcement orders it received in 2014. Now, Twitter has brought that fight to the Ninth Circuit Court of Appeals. EFF, along with the ACLU, filed an amicus brief last week to underscore the First Amendment rights at stake.

In 2014, Twitter submitted a draft transparency report to the FBI to review. The FBI censored the report, banning Twitter from sharing the total number of foreign intelligence surveillance orders the government had served within a six-month period. In response, Twitter filed suit in order to assert its First Amendment right to share that information.

Over half a decade of litigation later, the trial court judge resolved the case in April by dismissing Twitters First Amendment claim. Among the several concerning aspects of the opinion, the judge spent devoted only a single paragraph to analyzing Twitters First Amendment right to inform the public about law enforcement orders for its users information.

That single paragraph was not only perfunctory, but incorrect. The lower court failed to recognize one of the most basic rules underpinning the right to free speech in this country: the government must meet an extraordinarily exacting burden in order to censor speech before that speech occurs, which the Supreme Court has called the most serious and least tolerable infringement on First Amendment rights.

As we explained in our amicus brief, to pass constitutional scrutiny, the government must prove that silencing speech before it occurs is necessary to avoid harm that is not only extremely serious but is also imminent and irreparable. But the lower court judge concluded that censoring Twitters speech was acceptable without finding that any resulting harm to national security would be either imminent or irreparable. Nor did the judge address whether the censorship was actually necessary, and whether less-restrictive alternatives could mitigate the potential for harm.

This cursory analysis was a far cry from the extraordinarily exacting scrutiny that the First Amendment requires. We hope that the hope that the Ninth Circuit will say the same.

See the article here:

EFF and ACLU Ask Ninth Circuit to Overturn Government's Censorship of Twitter's Transparency Report - EFF

Trump intensifies conflict with big tech over Section 230 protections following censorship moves by Facebook and Twitter – WSWS

Posted on by

Facebook and Twitter on Tuesday censored posts by President Donald Trump that the social media platforms said violated their rules against misinformation about the coronavirus pandemic. In his posts, Trump compared COVID-19 to the seasonal flu, downplayed the deadly nature of the pandemic and said, we are learning to live with COVID.

The morning after he returned to the White House from Walter Reed Hospitalstill infectious and heavily medicatedand posed in Hitlerian fashion for a photo op on the Truman Balcony, Trump took to social media to bolster his homicidal herd immunity policy and dangerously demonstrate by example how the great leader is facing down the virus.

Facebook removed his post entirely but not before it was shared approximately 26,000 times, according to data published by the social media metrics company CrowdTangle. A Facebook spokesperson told CNBC, We remove incorrect information about the severity of Covid-19, and have now removed this post.

The action by Facebook is unusual in that the worlds largest social media platform has been reluctant to remove posts by the president in the past. In August, Facebook deleted a video of Donald Trump falsely asserting that children were almost immune from COVID-19 during an interview with Fox News, the first time the platform ever removed one of his social media posts.

In the case of Twitter, the tweet remains up but is covered by a warning that says, This Tweet violated the Twitter Rules about spreading misleading and potentially harmful information related to COVID-19. However, Twitter has determined that it may be in the publics interest for the Tweet to remain accessible, along with a link to learn more about the companys coronavirus information policy. Trumps post cannot be retweeted or shared.

The full Tweet reads, Flu season is coming up! Many people every year, sometimes over 100,000, and despite the Vaccine, die from the Flu. Are we going to close down our Country? No, we have learned to live with it, just like we are learning to live with Covid, in most populations far less lethal!!!

That Trumps comparison of the seasonal flu to the coronavirus is completely false is easily confirmed by information readily accessible on the website of the Centers for Disease Control and Prevention (CDC). The site contains data for every year of the seasonal flu going back to 2010-2011 and shows that the death rate among those who get sick from the flu ranges between 0.1 percent and 0.3 percent. The death rate, through July, of those who have contracted COVID-19 is 2 percent, showing that coronavirus is between 6.7 and 20 times more deadly than the flu.

Additionally, as pointed out by the Washington Post, many people who have been infected with the virus have lingering symptoms for months, including difficulty breathing, inability to exert themselves physically, recurring pain. The virus can cause long-term damage to organs other than the lungs, damage that is not common to the seasonal flu.

In response to the censorship measures by Facebook and Twitter, the President tweeted REPEAL SECTION 230!!! Section 230 contains the provisions within the Communications Decency Act of 1996 that shield online services such as social media platforms from being legally responsible for the content posted by users of their systems.

When Twitter began labeling the presidents tweets in late May, he issued an executive order making the US government the arbiter of political speech online. The order called upon the Federal Communications Commission to revise the scope of Section 230 and also empowered the Federal Trade Commission to evaluate the content moderation polices of the tech giants and determine whether or not their actions violate free speech rights.

With Attorney General William Barr standing next to him, President Trump said on that day, Were here today to defend free speech from one of the greatest dangers, before he signed the order. By empowering the federal regulatory agencies in his executive order, Trump was sending a message to big tech that attempts to censor his social media postsalong with those of his far-right and fascist allies and supporterswould result in the removal of Section 230 protections and open up the online service providers to fines and lawsuits.

Since then, the Department of Justice (DoJ) and AG Barr late last month drafted proposed legislation modifying the language of Section 230 to address concerns about online censorship by requiring greater transparency and accountability when platforms remove lawful speech. In a letter dated September 23, Barr jumbled together claims that big tech is hiding behind the shield of Section 230 to censor lawful speech with the allegation that online service providers are invoking the laws protections to escape liability even when they knew their services were being used for criminal activity.

Simultaneous with the DoJ-drafted legislation, Republican Senators Roger Wicker of Mississippi, Lindsey Graham of South Carolina and Marsha Blackburn of Tennessee introduced a bill in the Senate that calls for nearly identical modifications to Section 230 rules for online services. At the top of their list is the unsubstantiated charge that right-wing political views are being singled out by the tech monopolies for persistent online censorship.

Sunday, October 11, 7pm US EDT

The sickness in the White House

An online meeting with Socialist Equality Party candidates in the 2020 US elections, Joseph Kishore and Norissa Santa Cruz.

In moving the bill, Senator Wicker said, For too long, social media platforms have hidden behind Section 230 protections to censor content that deviates from their beliefs. These practices should not receive special protections in our society where freedom of speech is at the core of our nations values. Our legislation would restore power to consumers by promoting full and fair discourse online.

On October 1, the Senate Commerce Committee, which includes 14 Republicans and 12 Democrats, voted unanimously to subpoena the top executives of Facebook, Twitter and Google to appear at a hearing on Section 230 on October 28. After initial opposition to the subpoenas from Democratic Senator Maria Cantwell, the Republicans agreed to add the topics of privacy and misinformation to be discussed along with censorship issues.

Meanwhile, the House Judiciary Committee released a 449-page report on Tuesday on the results of its antitrust investigation into Apple, Amazon, Google and Facebook which condemns big techs monopoly power and calls for the companies to be broken up and restructured.

The coming together of the White House and Democrats and Republicans in Congress over a raft of regulations and attempt to assert government control over the Silicon Valley tech giants raises to a new level contradictions embedded within the capitalist system, not least of which is that these firms are the most valued properties on Wall Street worth trillions of dollars and a primary source of the massive fortunes being made by the financial oligarchy that controls both parties and the entire US political establishment.

Behind the frenzied efforts to reign in the powerful technologies of these firms is a growing awareness that the utilization of these systems by billions of people amid expanding class struggle internationally presents the ruling elite with a problem of revolutionary proportions.

While the ruling establishment is roiled by intense conflicts in the run-up to the November 3 electionswith Trump asserting that he intends to stay in office regardless of the outcome the Democrats and Republicans are unified in their drive to clamp down on information technologies. Their central aim is to prevent the working class from using these technologies to organize their struggles, including across national boundaries, and above all to stop the program of revolutionary socialism represented by the World Socialist Web Site from reaching the working class and youth.

Read more from the original source:

Trump intensifies conflict with big tech over Section 230 protections following censorship moves by Facebook and Twitter - WSWS

TSPM Online Book Store Self-censors and Avoids Using the Word Christ – International Christian Concern

Posted on by

10/09/2020 China (International Christian Concern) The China Christian Council (CCC) and Three-Self Patriotic Movement, commonly known as the lianghui (two organizations) in China, govern all things for state-sanctioned churches. However, some Christians recently discovered that the word Christ has been removed from all of the publications available for sales on its online bookstore.

According to Ying Fuk-tsang, director of the divinity school at The Chinese University of Hong Kong, he was notified by Chinese Christians that the Christian books on sales at Tianfeng Bookstore on WeChat platform, have their covers altered. The word jidu (Christ) on all the books has been covered with stars or replaced with English letters JD (abbreviated from jidu).

While it is possible that the bookstore owned by lianghui did this in order to avoid censorship from WeChat, since anything religious is becoming increasingly sensitive in cyberspace, this shows that both freedom of speech and religious freedom are deteriorating with each passing day under Xis regime.For interviews, please contact Olivia Miller, Communications Coordinator:press@persecution.org.

See the rest here:

TSPM Online Book Store Self-censors and Avoids Using the Word Christ - International Christian Concern

Book Review: The Tangled Web We Weave, by James Ball – The New York Times

Posted on by

THE TANGLED WEB WE WEAVEInside the Shadow System That Shapes the InternetBy James Ball

It was as if the Interstate System of highways had been built using volunteer road crews, working without a map. No one present at the 1969 creation of the network that later became the internet imagined that this niche Pentagon project built as a research tool for a small group of academic computer scientists would one day become the backbone of the global economy.

Fast-forward five decades, and Big Tech is eating the world. During this year of pandemic and protest, the combined value of the American tech sector has topped that of the entire European stock market, and the products of its five biggest companies Amazon, Apple, Facebook, Google and Microsoft become ever more inescapable features of life and work. Severe market consolidation has prompted increasingly vigorous bipartisan calls to rein in the excesses of the companies built on the internet. Regulation is essential, lawmakers argue, both to restore fairness to the online economy and to protect democracy itself.

Without letting Silicon Valley giants off the hook, James Ball argues that the fix is not so simple. The problem isnt just the business practices of a few companies, he explains in his nimble and persuasive new book, The Tangled Web We Weave. It is the entire system.

Ball, an investigative journalist who was part of the reporting team for The Guardian that broke Edward Snowdens 2013 revelations of N.S.A. surveillance, is on familiar terms with the online worlds darker corners and the role governments and their spy agencies have played in shaping them. Unsurprisingly, he has little patience for techs free-market mythmaking or for the gauzy abstractions cloud, mobile, search, social used to describe its products. Drawing on unusually candid interviews with a series of tech insiders and writing in terms that nontechnical readers can understand, Ball pulls away the software curtain to reveal a more complex institutional and corporate history.

The internets greatest strengths its nonhierarchical architecture, its scalability allowed it to quickly expand after American regulators opened the network up to commercial activity in the early 1990s. Yet the pace of expansion overwhelmed the organizations tasked with its maintenance and oversight, such as ICANN, the registry of domain names, and revealed the difficulties inherent in having a global network born in and governed by America.

Although Ball does not go into great detail about the broader political dynamics, his tale demonstrates how very much this timing and context mattered. Emerging as a commercial platform at a moment when Reaganite conservatism gave way to Clintonian centrism, the internet became a system where deep-pocketed industries prevailed over a public sector withered by four decades of austerity politics and an increasingly laissez-faire approach to corporate regulation.

The result was something that one Silicon Valley investor once termed the largest single legal creation of wealth weve witnessed on the planet. Cable companies grew fatter and richer on all the internet traffic; venture capitalists pushed start-ups to move fast, break things and cash out at the end. Ball is particularly helpful in offering a deep dive into the business of online advertising, whose tools and tactics make the data privacy intrusions of the online world possible, and whose perverse incentives have both undermined the economics of old media and clogged our consoles with clickbait.

As Ball chronicles, the relentless commercial tracking of life online created an opening for more alarming intrusions. The American government spied on its citizens and allowed the internets insecurities to be exploited by hackers. China, busily building up its tech infrastructure as our own system frays, is willing to take surveillance and industrial espionage even further. This is the world that advertising capitalism has built, Ball concludes ruefully, a world in which our expectations of any kind of private life are disappearing, and leaving us feeling disempowered against both our major corporations and our governments.

What should we do? The joy and wonder of the internet is that everything is connected, Ball writes. Clearly, for anyone trying to look at how to fix its problems, the fact that everything is connected makes everything a lot harder, too. Keenly aware of the intrusive track record of the national security state, Ball is reluctant to lean too hard on the government for answers. Instead, he argues, we need to become systems thinkers who recognize that Big Tech is only one piece of a larger whole.

It is indeed high time to move beyond the malevolent-overlord thesis of some recent tech critique. This book is refreshing and necessary in this regard. But we need to change our institutions as well as our thinking. As Balls evidence makes clear, a sharp power imbalance between public and private sectors is at the root of our problems. We are overdue for a systemic correction.

See original here:
Book Review: The Tangled Web We Weave, by James Ball - The New York Times

The Story of the 414s: The Milwaukee Teenagers Who Became Hacking Pioneers – Discover Magazine

Posted on by

This story appeared in the November 2020 issue as "Cracking the 414s."Subscribe to Discovermagazine for more stories like this.

In the 1983 techno-thriller WarGames, David Lightman, played by a fresh-faced Matthew Broderick, sits in his bedroom, plunking away on a boxy computer using an 8-bit Intel processor. As text flashes across the screen, Davids face lights up; he believes hes hacking into a video game company, but the unwitting teenager is actually facing off against a military supercomputer. Shall we play a game? the computer asks ominously. In the film, the subsequent showdown triggers a countdown to World War III.

The same year the film was released, a group of teenagers and young adults from Milwaukee were playing a game of their own. Much like Brodericks character, these suburban tech savants who dubbed themselves the 414s hacked into large, networked computer systems used by high-profile organizations, looking for new games to play. And similarly, what started out as innocuous fun had some very real consequences. The group eventually was caught by the FBI for raiding around a dozen government and industry systems. Among these were Memorial Sloan Kettering Cancer Center and the Los Alamos National Laboratory, a nuclear weapons research site that produced atomic bombs used during World War II.

For much of the American public, the 1983 Matthew Broderick/Ally Sheedy film WarGames and the 414s antics were their first introductions to the idea of hackers. (Credit: AA Film Archive/Alamy)

While the 414s antics didnt spark a nuclear conflict, they did ignite a national conversation on computer security long before cyberwarfare made headlines and modern-day hackers like Edward Snowden became household names. Plus, the media frenzy fueled by the group alerted U.S. legislators that new laws were needed to combat computer crime.

Ultimately, the group would help introduce the nation to the possibilities and problems, like sloppy security protections that come with computer connectivity. After the group was exposed, member Neal Patrick was asked on NBCs Today show if he had any regrets.

In hindsight, I really wish that accessing those systems just wasnt so easy, he replied.

In the early 1980s, computer culture was having a moment. The first IBM personal computer came on the scene in 1981, popularizing the term PC. The next year, the Commodore 64 was introduced; it would later become the best-selling computer model of all time. By 1983, both tech aficionados and more cautious adapters were warming up to the PCs potential. That same year, The New York Times went digital with the organizations first newsroom computer.

By todays standards, however, these simple machines still had a long way to go. One of the most relevant things here is just how early this was in the technology age, says Alan J. Borsuk, who was a reporter at The Milwaukee Journal at the time and covered the 414s. It was before there was a popular concept of the internet or email or anything like that. It was really very rudimentary just the beginnings of things.

But for many, these proto-computers were a portal into previously uncharted territory. Tim Winslow, who would become a member of the 414s, first tapped into their potential as a junior high school student in the mid-1970s. His math teacher had brought in a primitive computer to test out some problems. The device, called a teletype, was essentially a mechanical typewriter that displayed text on a glass screen. Combined with an acoustically coupled modem, which transmitted signals through a telephone network, the system was able to send and receive typed messages.

At the time, personal computers like the Commodore 64 were just becoming popular. (Credit: Arda savasciogullari/Shutterstock)

Winslow didnt have a chance to test the computer during class. But he stayed after school that night to try it out for himself. As soon as his teacher dialed into the network and revved up the math program, Winslow was hooked. I fell in love with just trying to learn and create with this new technology, he says.

Winslow found he wasnt the only one who gravitated to these early computers. In high school, he joined an Explorer Scout program focused on computing and tech, sponsored by IBM, where he met most of his fellow would-be hackers. The members met right after school in downtown Milwaukee to program computer code together.

Over time, many of them became friends, eventually deciding their group needed a name. In the 1980s, gangs in Milwaukee would identify themselves by the names of the streets they ran, like the 2-7s, who were active on 27th Street numbers that were carved on the picnic tables where the hackers sometimes met for dinner. Since their turf was Milwaukee, the group took its name from the local area code and became the 414s.

Tim Winslow was among the 414s interviewed for the documentary The 414s: The Original Teen Hackers, which premiered at the 2015 Sundance Film Festival. (Credit: Winslow Family)

Over at least a year, the 414s used their home computers and telephone modems to connect to major computer installations across the country. By using basic passwords and login information which were written in the instruction manuals for various computer systems and never updated or changed they were able to penetrate these larger networks. For example, says Winslow, the login and password for one of the systems were simply that:systemandsystem.

It was so easy to get logged into them because people didnt read their own manuals, he says.

The gang saw themselves as explorers, harnessing their curiosity to learn more about how the systems worked. Mostly, the 414s were looking to get their hands on computer games. Throughout 1983, though, the groups activities grew bolder. At one point, they hacked into Security Pacific National Bank in Los Angeles, which had billions in assets. That spring, the 414s infiltrated a computer at Los Alamos National Laboratory.

By June, the jig was up. The 414s exploits were revealed when they hacked into Memorial Sloan Kettering and accidentally deleted billing records. This tipped off a Memorial Sloan Kettering administrator, who then contacted the FBI, which tracked the gang back to Milwaukee by tracing incoming telephone calls.

In order to get more proof, they actually went outside of our homes and put data-capture pieces [on] our phone lines, says Winslow. Not long after, several of the 414s, including Winslow, then 20; Gerald Wondra, 21; and 17-year-old Patrick would be greeted by suit-and-tie-clad FBI agents on their doorsteps.

I had gone to bed a little late the night before; my mom came down and woke me up, says Winslow, who came upstairs to find the agents sitting at the kitchen table. They [said], Wed like to talk to you about what youve been doing with your computer for the last few months."

Winslow, Wondra and another member were all charged by the federal government and faced the possibility of jail time. But because Patrick was a minor, he wasnt at risk for prosecution.

(Credit: Michael T. Vollmann)

While his peers made plea deals, Patrick toured the media circuit, appearing on The Phil Donahue Show and the CBS Morning News. His face was splashed across the cover of Newsweek. He even testified on the dangers of computer security before Congress in Washington, D.C., where the clicking of cameras was so loud that it sometimes drowned out the people speaking. At one point, Patrick was asked when he first considered the ethical propriety of what he was doing.

Once the FBI knocked at my door, he answered.

Because there were no laws against hacking at the time, the adult members of the 414s were charged with making harassing telephone calls. The misdemeanor offense came with two years of probation and a $500 fine; the charges were eventually expunged.

Yet, nearly four decades later, the 414s legacy lives on though perhaps not in the most obvious ways. Filmmaker Michael Vollmann, director of the documentary The 414s: The Original Teenage Hackers, says he was originally drawn to the groups story because it has since been overshadowed by films like WarGames. [But] there were a few things that came out of it, he continues. Like the fact that Neal Patrick went and testified before Congress to talk about his experience. As a result of the gangs exploits, and the media circus that followed, six bills were introduced in the House that dealt with different aspects of computer crime.

Morgan Wright, a cybersecurity expert, notes how far the field has come since. Weve come a long way [from] the curiosity of kids that just looked at it and said, Hey, lets just try passwords, he says. That was really the only protection; [there was] no two-factor authentication, no security tokens, no digital certificates. All of that came later, and it came when we could no longer trust people with just a username and password because it was too easy to break in. Ultimately, he says the story of the 414s was a watershed moment that exposed the soft underbelly of computer security.

If it is the case that these were the only people who got into Los Alamos labs when it was very poorly protected, adds cybersecurity expert Joseph Steinberg, [then] they did us a big favor.

The rest is here:
The Story of the 414s: The Milwaukee Teenagers Who Became Hacking Pioneers - Discover Magazine

New cold war: China-US spying steps out of the shadows – Financial Times

Posted on by

You can enable subtitles (captions) in the video player

It's the people of the United States who are the victims of what amounts to Chinese theft on a scale so massive that it represents one of the largest transfers of wealth in human history.

US officials this morning are blaming Chinese hackers for another serious data breach.

Hello, and welcome to a furtive edition of our monthly foreign policy and defence vlog. I say furtive because spying, of course, is meant to be done in secret. And US administrations in the past have been so worried about making things worse they used to refer to Chinese spying in decidedly delicate and obfuscatory terms, blaming APTs, advanced persistent threats, for attacks they often attributed in private to Beijing.

No more. US Secretary of State Mike Pompeo, the former CIA director, has led the charge in blaming Beijing for a new era of espionage that experts believe puts at risk not only America's dearest military secrets, but its lucrative commercial secrets too.

Great powers spy on each other. We recognise that too. We spy on you, you spy on us. But there's rules to this game.

James Lewis, a cyber security expert who served in government posts, has calculated that Chinese espionage has cost the American economy $600bn in past years. He's put together an eye-popping list of things China has allegedly stolen from the US - nuclear test data, plans for the F-35 fighter plane, commercial jet engine details, and bioengineered corn seed.

I remember a PLA colonel said to us: "For us, there is no difference between national security and technological advancement." Right? So this is a Chinese strategy, to build their economy, build their technological base, and displace the US.

The Trump administration has this year shut down the Chinese consulate in Houston, the energy capital of the world, claiming it was a spy hub. And the FBI says it now opens a counter-intelligence case into China every 10 hours.

Of the nearly 5,000 active FBI counter-intelligence cases currently underway across the country, almost half are all related to China. And at this very moment China is working to compromise American healthcare organisations, pharmaceutical companies, and academic institutions conducting essential Covid-19 research.

Mr Pompeo said that Chinese officials were targeting state and local US officials, even Parent Teacher Associations in schools and local city police.

Protecting American interests requires vigilance, a vigilance that starts with you and all state legislators, regardless of party. Know that when you're approached by a Chinese diplomat it is likely not in the spirit of co-operation or friendship.

US authorities say China has spent time and effort trying to recruit spies in the US, whether online through websites such as LinkedIn or in person, often targeting Americans with security clearances or Chinese nationals who are attending US universities or making their careers in the US.

You get invited to drink tea at the local Ministry of State Security headquarters. And in the room while you're drinking tea they suggest that it would be in your interest to co-operate with them. And if you didn't co-operate with them, well, bad things could happen, perhaps to your family that stayed behind in China. So that kind of pressure on individuals is very powerful.

Experts say the most trenchant spying from China in recent years has taken place online, however, bursting through in a series of mass cyber hacks, including the 2015 theft of vast amounts of data from OPM, the Office of Personnel Management.

The Chinese looked at a series of hacks, travel agents, insurance companies, OPM, of course, banks. And you pile all that data together, and you can use it, you can correlate it, you could manipulate it, and identify not just American agents, but Chinese who have been recruited.

China's cyber prowess is one reason the Trump administration is so worried by TikTok, the viral social media sensation that is owned by a Chinese company and which operates in the US. Spying, of course, is a two-way street. And as we all know from the revelations of Edward Snowden, the US has extraordinary tools of its own on the cyber side.

Experts say it's much harder for the US to carry out physical covert operations inside China, however, simply because they characterise it as a surveillance state. Chinese spying remains largely cloaked from view. But while the US complains that China is stealing its industrial secrets, China was once victim of colossal spy heists itself. Over hundreds of years the west stole the secrets of silk, porcelain, and tea.

Economic espionage has been around for centuries, millennia. And in fact, what's quite interesting is that it used to be China that was the target of espionage, economic espionage, from the west. And in fact, there are some stories about products which we probably don't think of as being of great value - you probably have them at home right now, or you might be wearing some of it - that at one point in time were seen as incredibly valuable commodities, so valuable that they were the targets of espionage.

Jim Lewis dismisses any notion of equivalence between US and Chinese industrial spying as feeble-minded. While declassification leaks and co-operation with US spy agencies have all helped Hollywood to tell America's own spy tales, Albion told me the best way to decode Chinese espionage is to turn to the country's own growing literary canon.

China denies many of these claims, and the US is generally mute on its own espionage efforts. While spying falls far short of out-and-out war, one thing seems for sure. With more and more data heading online and US-China tensions rising, spying is here to stay.

Read more:
New cold war: China-US spying steps out of the shadows - Financial Times


« First...102030...680681682683684...690700710...Last »