Home Tags Gibraltar

Tag: Gibraltar

Microdemocracy is the next logical step for the United States

Enlarge / Cover detail from Infomocracy, by Malka Older.Will Staehle reader comments 48 Share this story Whether or not you think American democracy is broken, you can probably come up with some ways to improve it.

The country gets less than 50-percent voter turnout; the Electoral College has disagreed with the popular vote twice in the past five election cycles; there are referenda with explanations that take 10 minutes to read and still don’t make any sense; and don’t forget all the special interests and pork-barrels and legislative gridlock.
Surely we can do better. With all the technology we’ve developed in the centuries since the Founding Fathers set up our system, we have the capacity to make voting much more convenient. Plus, we can manage an almost unlimited number of voter concerns simultaneously. With all this technological capacity, what are the possible next steps for democracy? One idea is microdemocracy.

As the name suggests, this is about getting democracy to a more granular, local scale, although there are different suggestions for how to do so.
In the 1990s, the term arose in academic literature exploring whether democratic practices at the civil society level could support democratic transitions in authoritarian regimes such as Zimbabwe. Today, organizations like The Right Question Institute, which calls itself “a catalyst for microdemocracy,” think microdemocracy could work in countries that are already democratic.

They suggest that if citizens engage critically and demand accountability at the most local of levels—PTA meetings, community clinics—they will then “begin to move along the continuum of democratic action from an individual encounter at the agency to attending public hearings, joining with others through organizing, and exercising their right to vote.” In other words, the solution to low voter turnout and political apathy is to get people to make their voices heard where public policy meets their direct interest and work their way up from there.
Information technology will make this process easier and more accessible, especially when it makes initial information gathering and post-engagement followup far less onerous. Microdemocracy can also be used to describe a system that gives people power to vote, not just on their representatives and a few referenda, but on nearly every element of their government, from how their taxes are apportioned to individual pieces of legislation. More commonly known as direct democracy, this intensive involvement in government decision-making is similar to the ancient Greek model, but very rare today. Although Switzerland uses direct democracy instruments, requiring voters to approve every law passed by the legislature, most other modern democracies are representative: citizens elect representatives, who then make most of the decisions for them.

This is partly because the 18th-century trailblazers of modern democracy were also wary of democracy.

They wanted some elite roadblocks in front of rule by the masses. But representative democracy was also preferable because of logistical issues. When it took weeks to travel to the capital, it was hardly feasible for everyone, or even all free landholding men, to do so every time something needed to be voted on. Now, however, we have the communications technology to enable the rapid spread of information and immediate, verifiable voting from the comfort of your home, or car, or as you’re walking down the street. Political technology of the future In my recent science-fiction novel Infomocracy, I offer yet another definition of microdemocracy.

The book is set some sixty years in the future, when the nation-state is (mostly) dead and the basic political unit is a “centenal” of 100,000 people.

Each centenal can vote for any government it wants, from anywhere in the world.

This both makes politics very local—you only have to convince 50,000 of your closest neighbors to support your choice in order to win–and decouples it from geography—if the form of government you prefer originated in Denmark, you can vote for it without emigrating from your home in Tampa. Centenal-based microdemocracy naturally requires extensive use of technology.
In my book, it’s provided through a massive international bureaucracy known as Information, which offers voters data about the thousands of possible governments and helps those governments manage what may be far-flung territories once they’re elected. Although I included some cool-sounding tech gadgets to make all this more interesting, it’s really not so much of a leap, technologically. We already have countries governing territory that is not geographically contiguous–Alaska, Gibraltar, Ceuta, Oecusse. We already have multiple choices in the ballot box, and most of us have access to all the information we could want about those choices.

As with direct democracy, what makes the scenario improbable is lack of political will or, to put it another way, entrenched power structures. These various definitions of microdemocracy have a few points in common.

They all point toward improving democracy through getting more citizens more involved and tying the complex, big-picture forces of government directly to people’s day-to-day interests.

They all see technology as a means of facilitating democracy, bringing people closer to their government.

And they all believe that this will make governance—or quality of life, or life itself—better, buying into a central assumption of democracy: that it leads to better government. Decentralization and freedom The rationale behind microdemocracy is not so different from that behind a less cutting-edge concept that has been extremely popular over the last few decades: decentralization. Pushing power down to local areas has been one of the common prescriptions for countries transitioning out of authoritarianism since the 1980s: if you disperse power through the regions of a country, it becomes harder for one person—or ethnic group, say, or religion—to dominate the whole. As with The Right Question Institute’s theory of microdemocracy, many proponents of decentralization argue that getting citizens involved at the local level will translate into greater participation, and democracy, throughout the government.
In a 1999 paper on decentralization, political scientists Arun Agrawal and Jesse Ribot write: Most justifications of decentralization are built around the assumption that greater participation in public decision making is a positive good in itself or that it can improve efficiency, equity, development, and resource management. [...] At its most basic, decentralization aims to achieve one of the central aspirations of just political governance-democratization, or the desire that humans should have a say in their own affairs. Despite these lofty and seemingly logical aims, as well as the enthusiasm with which the strategy has been pursued, evidence on the results of decentralization is mixed.

For one thing, what is called decentralization is often not; it’s easy enough to attach a buzzword to a toothless public policy.
Some governments use the concept as a way of pushing fiscal and administrative responsibilities onto lower levels of government without giving local governments more decision-making power. While decentralization does help to disperse power away from the network of a central authoritarian figure, it also holds other risks.
It might consolidate the power of local or regional elites. Kent Eaton and Ed Connerley write: In many developing countries that have completed the national transition to democracy but that contain enclaves of persistent authoritarianism at the subnational level, decentralization has the unfortunate effect of transferring power and authority from units of government that are more democratic to units of government that are less democratic or nondemocratic. But this is not only true of developing countries: consider the Civil Rights struggle in the United States. Microdemocracy, in any of its forms, faces many of the same difficulties as decentralization.

As an attractive term that suggests greater accountability and transparency, it can be strategically deployed to produce the opposite.
In disempowering some elites it offers power to others–those who care more about the issues, for example, or those who are more comfortable with the technology it uses. We certainly have the necessary technology to improve democratic functioning in any number of ways.

But these initiatives are likely to require close attention and considerable calibration to make sure they are working the way we hoped.
Since this means trial and error, the sooner we can get started, the better. Malka Older is a writer and political scientist.
She was named Senior Fellow for Technology and Risk at the Carnegie Council for Ethics in International Affairs for 2015 and has more than a decade of experience in humanitarian aid and development. Her doctoral work on the sociology of organizations at the Institut d’Études Politques de Paris (Sciences Po) explores the dynamics of multi-level governance and disaster response using the cases of Hurricane Katrina and the Japan tsunami of 2011. Her 2015 novel
Infomocracy was named one of the best science fiction novels of the year by the Washington Post.

2016’s craziest “cybersex” political scandal comes from… Nebraska

Enlarge / The Nebraska state capitol building in Lincoln.Education Images / Getty Images reader comments 30 Share this story “Make me pleasure.” That Facebook message was directed at Bill Kintner, a 55-year-old Nebraska state senator, while the politician was in Boston for a conference last July.
In his hotel room, Kintner had started chatting online—using a state-supplied computer—with a woman who went by “Vinciane Diedeort.” Her English was not idiomatic, but she looked good.

And she wanted Kintner to masturbate with her on Skype. “I don't want to sneak behind my wife's back,” he wrote. “It's not about you, it is about me. You are smoking hot.” So Kintner broke it off. “Let's end this, before I get in trouble,” he wrote. His willpower lasted for seven hours.

At midnight, Kintner returned to Facebook and resumed his conversation with Diedeort. He agreed to her plan. He fired up Skype.

And he removed his pants. Enlarge / Nebraska State Senator Bill Kintner. Bill Kintner The scam According to the Lincoln Journal Star, the pleasure ended almost immediately. Within minutes, [Diedeort] threatens to post the video on YouTube and share it with [Kintner's] Facebook friends if he doesn't wire $4,500 to an account in the Ivory Coast, which she claimed was for a deaf child. Kintner reported himself to the [Nebraska] State Patrol that day, telling investigators he'd fallen victim to a scam. Kintner knew his life was about to get complicated. Not only was the incident likely to come out now that he had involved the state patrol, but his wife Lauren was a key policy aide to Nebraska’s governor.

And it didn’t make Kintner himself look any better when, a few days after returning from Boston, Lauren was found to have ovarian cancer. Still, the sordid story stayed under wraps until this summer, when the investigation finally concluded.
In an August 5, 2016 statement, Kintner wrote, “Humbled by the reality that after initially resisting the overtures from a woman who had found me on Facebook, I caved to her temptation to engage in cybersex via her invitation over Skype...
I was most likely the target of a foreign criminal extortion ring.” According to the Journal Star, Kintner claimed that investigators had “traced the scam to a small crime syndicate based in the Ivory Coast and using Russian computers. Recorded video of the exchange was never saved on his computer, Kintner said.

The scammer posted a brief clip, or GIF, of the recording online, but it has since been deleted.” The aftermath Kintner was hauled before the Nebraska Accountability and Disclosure Commission and fined $1,000 for improper use of state-owned equipment. Many legislators—along with the governor—called for him to resign, but Kintner refused, saying he had already apologized to his wife and to God.

The best way for him to continue serving God, he added, was to stay in office. (A fellow state legislator quipped, “Whatever phone number he's using to talk to God, I want it.”) On August 10, State Senator Ernie Chambers of Omaha—a legendary figure in local politics and the only black legislator in Nebraska—decided to up the pressure. "If Sen. Kintner is a member of the body in January [2017]," he wrote, "I plan to use him and his illegal, scandalous, vulgar behavior as source material for rhymes throughout the 90-day Session.

Be prepared for the pun, the double entendre, and other verbal techniques to 'keep the issue alive.'" Chambers then offered up a free sample: Kintner's free to masturbate on his own time, But not free to masturbate on Taxpayers' dime. On August 11, Chambers released a multi-page poem called "The Sordid Saga of Bill Kintner's 'Guttersnipery'" that began: "Who is Bill Kintner?" asked the Town Crier. A masturbating, would-be thief, and a liar— A hypocrite—doing not what he ought, Who never "comes clean" till after he's caught. The Legislature’s executive board considered plans to oust Kintner.

As the Journal Star reported on August 19, however, this would require a special session that could cost more than $75,000 in a state where legislators make just $12,000 a year. Kintner argued that this would be a waste of money, “especially at a time when our state is facing current and projected tax receipt shortfalls.” On September 6, Chambers released another "Kintner-gram" that got weirdly personal about the whole mess.
It began: Stuck at home with WIFEY, he's CLARK KINTNER, flaccid to the touch; On the other hand(s), with SKYPEMATE, who excites him O! so much, He tells her, "I'm Superman! because of how you make me feel!" "If so, take your pants off," coos she, "show me you're a man of steel." (She's his Wonder Woman, with her super powers, hot and stacked; Could it be Clark Kintner sought from her the OOMPH! that Wifey lacked...?) Kintner fired back, telling the local paper that the rhymes were a "new low." "This is beyond two politicians arguing over policy or personal differences," Kintner told the Journal Star on Thursday. "This is a politician going after another politician's wife." "I expect Chambers to be a man and apologize to my wife," he said in the news release. (Chambers did respond in an October 8 op-ed, which concluded: "I shall remain as solid as the Rock of Gibraltar in my quest to remove the 'Kintner blight' from the Legislature by my choice of means.
If others know a better way, come on with it.") One of Kintner's supporters filed an ethics complaint against Chambers over his rhymes (which now total more than 25 separate pieces).

But on October 21, the Nebraska Accountability and Disclosure Commission tossed the complaint against Chambers, saying that his poems had been "part of a broader public discussion about how to handle the matter" and were not unethical. “We’re not the etiquette police,” the Commission's vice chairman told a local paper. Enlarge / One of Ernie Chambers' "Kintner-grams." Webcams: For state business ONLY! As voters nationally go to the polls to pick the future direction of the country, Nebraska's legislature remains consumed with Kintner. He remains in office, and lawmakers are still debating various forms of censure or impeachment. One positive has emerged from the whole mess, though—more awareness of "personal use" rules for state-owned technology. Lawmakers will have new HP computers when they return to work in 2017, and last week, the legislature passed a new set of policies to go with the machines. In a November 5 editorial, the Omaha World-Herald praised the move. "By adopting a policy against misusing state-owned technology for personal or campaign purposes," it wrote, "the board removed any doubt about where the Legislature stands on policing its own." The 2016 election has shown us a world where Donald Trump's tweets, Hillary Clinton's e-mails, and even (alleged) Russian hackers have all played key roles.

But tech is altering politics at every level, and somewhere in the Ivory Coast, using a "Russian computer," lives a woman whose brief connection with a middle-aged man half a world away has roiled Nebraska state politics for months. Truly, we live in the future.

Trump's 'extreme' anti-terrorism vetting may be H-1B nightmare

Donald Trump’s call for "extreme vetting" of visa applications, as well as the temporary suspension of immigration from certain countries, would raise fees and add delays for anyone seeking a visa, including H-1B visas, immigration experts said. In particular, a plan by Trump, the Republican presidential candidate, to stop issuing visas -- at least temporarily -- "from some of the most dangerous and volatile regions of the world" may make it difficult for a significant number of people to get visas. Data assembled by Computerworld through a Freedom of Information Act request shows foreign workers come from all corners of the world, including "dangerous and volatile regions." Trump outlined his immigration enforcement plan in a speech Monday. In 2014, the U.S. approved more than 370,000 H-1B applications.
Some were new entries, and others were for previously approved workers who were either renewing or updating their status. Of that number, 2,234 of the H-1B visa holders were from Pakistan, a country that might appear on a Trump list.

Another 1,102 approved visa holders were from Iran.

There were 658 H-1B visa holders from Egypt, and 256 were from Syria. (Article continues below chart.) Country of Birth for H-1B Visa Holders Country Frequency INDIA 262,730 CHINA 29,936 CANADA 7,653 PHILIPPINES 6,055 KOREA, SOUTH 5,024 UNITED KINGDOM 3,822 MEXICO 3,216 TAIWAN 2,785 FRANCE 2,570 JAPAN 2,268 PAKISTAN 2,234 NEPAL 1,997 GERMANY 1,895 TURKEY 1,850 BRAZIL 1,831 ITALY 1,497 COLOMBIA 1,491 RUSSIA 1,461 VENEZUELA 1,432 SPAIN 1,329 IRAN 1,102 NIGERIA 1,015 ISRAEL 949 IRELAND 932 KOREA 813 UKRAINE 795 ARGENTINA 778 MALAYSIA 771 SINGAPORE 755 VIETNAM 695 EGYPT 658 ROMANIA 648 BANGLADESH 647 INDONESIA 637 SRI LANKA 608 PERU 583 POLAND 576 AUSTRALIA 564 GREECE 556 SOUTH AFRICA 547 HONG KONG 503 BULGARIA 477 THAILAND 476 LEBANON 462 JAMAICA 461 KENYA 437 NETHERLANDS 432 JORDAN 415 CHILE 395 SWEDEN 374 NEW ZEALAND 353 GHANA 341 TRINIDAD AND TOBAGO 333 ECUADOR 302 SYRIA 256 PORTUGAL 253 SWITZERLAND 249 BELGIUM 238 DOMINICAN REPUBLIC 231 SAUDI ARABIA 205 ZIMBABWE 205 HUNGARY 203 Spain 189 AUSTRIA 179 UNKNOWN 179 DENMARK 174 HONDURAS 171 COSTA RICA 165 UNITED ARAB EMIRATES 155 BOLIVIA 150 CZECH REPUBLIC 149 GUATEMALA 149 EL SALVADOR 147 SERBIA AND MONTENEGRO 142 KUWAIT 141 MOROCCO 138 ETHIOPIA 133 CAMEROON 126 FINLAND 125 BAHAMAS 123 MOLDOVA 111 KAZAKHSTAN 108 SLOVAK REPUBLIC 103 CROATIA 102 NORWAY 102 ARMENIA 101 UZBEKISTAN 101 PANAMA 99 URUGUAY 94 ALBANIA 88 UGANDA 88 USSR 87 Serbia 86 LIBYA 84 MONGOLIA 83 TANZANIA 83 BURMA 76 NIGER 74 LITHUANIA 70 GEORGIA 66 GRENADA 58 SENEGAL 58 BARBADOS 57 MACEDONIA 56 LATVIA 54 AZERBAIJAN 52 BOSNIA-HERZEGOVINA 51 CYPRUS 51 ST. LUCIA 51 IRAQ 50 SLOVENIA 50 BELIZE 48 ICELAND 47 ZAMBIA 47 GUYANA 45 NICARAGUA 45 PARAGUAY 45 BAHRAIN 43 TUNISIA 43 ALGERIA 42 MAURITIUS 42 DOMINICA 40 USA 39 ESTONIA 35 KYRGYZSTAN 34 HAITI 30 RWANDA 28 BURKINA FASO 26 MACAU 25 TURKMENISTAN 25 CAMBODIA 24 COTE D'IVOIRE 24 TAJIKISTAN 24 CONGO 22 ST. KITTS-NEVIS 22 SUDAN 22 MALAWI 21 OMAN 21 ST.
VINCENT/GRENADINES 21 MALI 20 ANTIGUA-BARBUDA 19 BOTSWANA 18 IVORY COAST 18 BERMUDA 17 BENIN 16 AFGHANISTAN 15 Kosovo 15 QATAR 15 LUXEMBOURG 13 MADAGASCAR 13 Montenegro 13 YEMEN-SANAA 13 TOGO 12 SIERRA LEONE 11 YUGOSLAVIA 11 GABON 10 GAMBIA 10 NORTHERN IRELAND 10 MALTA 8 NAMIBIA 8 SURINAME 8 SWAZILAND 8 BHUTAN 7 FIJI 7 FRENCH POLYNESIA 7 MOZAMBIQUE 7 BURUNDI 6 CUBA 6 GUINEA 6 LIBERIA 6 BRUNEI 5 NETHERLANDS ANTILLES 5 ARUBA 4 ERITREA 4 KIRIBATI 4 LESOTHO 4 MALDIVES 4 MAURITANIA 4 ANGOLA 3 CAPE VERDE 3 CHAD 3 DEMOCRATIC REPUBLIC OF CONGO 3 SEYCHELLES 3 UNITED STATES 3 ANGUILLA 2 LAOS 2 SOMALIA 2 ARABIAN PENINSULA 1 CAYMAN ISLANDS 1 DJIBOUTI 1 GERMANY, WEST 1 GIBRALTAR 1 GUINEA-BISSAU 1 MARTINIQUE 1 MONACO 1 REUNION 1 Samoa 1 SAO TOME AND PRINCIPE 1 ST.
VINCENT-GRENADINES 1 STATELESS 1 TONGA 1 TURKS AND CAICOS ISLANDS 1 VANUATU 1 Source: USCIS data for approved applications in fiscal year 2014 Trump's plan to admit only people "who share our values and respect our people" didn't indicate how it would be applied.
It also didn't say whether all visa holders -- visitor, H-1B and green card -- would be subject to an ideological litmus test. And what is the correct answer to such a question about American values? "If you ask people born in this country what is an American ideology, I'm not quite sure that we would come out with one answer," said Jessica Lavariega-Monforti, a professor and chair of the political science department at Pace University in New York. "The immigration system, as it currently stands, could not process additional vetting without creating backlogs and increasing wait times for applicants.

At the same time, it is unclear how these policy changes would increase safety against a terrorist attack," said Lavariega-Monforti. John Lawit, an immigration attorney in Irving, Texas, said the U.S. already has a vetting process that begins as soon as someone applies for a tourist visa.

There are different levels of threat, such as being a citizen of Syria, that trigger a much higher level of vetting, he said. "There is a huge financial commitment that must be made in terms of human resources in order to carry on such a vetting program, and a huge, huge increase in fees,” Lawit said. Requiring oaths of some kind is "a lot of posturing with very little substance," he added, and are ineffective in improving security. Lawit said he once assisted H-1B workers who were employed in non-classified jobs at the Sandia and Los Alamos National Laboratories.

The processing time for security checks could run months.

That's an example of extreme vetting, while "extraordinary detailed security investigations are conducted," he said. This story, "Trump's 'extreme' anti-terrorism vetting may be H-1B nightmare" was originally published by Computerworld.

Operation Ghoul: targeted attacks on industrial and engineering organizations

Introduction Kaspersky Lab has observed new waves of attacks that started on the 8th and the 27th of June 2016.

These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions.

The attackers try to lure targets through spear phishing emails that include compressed executables.

The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers. #OpGhoul targeting industrial, manufacturing and engineering organizations in 30+ countries Tweet We found that the group behind this campaign targeted mainly industrial, engineering and manufacturing organizations in more than 30 countries.
In total, over 130 organizations have been identified as victims of this campaign. Using the Kaspersky Security Network (KSN) and artifacts from malware files and attack sites, we were able to trace the attacks back to March 2015. Noteworthy is that since the beginning of their activities, the attackers’ motivations are apparently financial, whether through the victims’ banking accounts or through selling their intellectual property to interested parties, most infiltrated victim organizations are considered SMBs (Small to Medium size businesses, 30-300 employees), the utilization of commercial off-the-shelf malware makes the attribution of the attacks more difficult. In total, over 130 organizations have been identified as victims of Operation Ghoul #OpGhoul Tweet In ancient Folklore, the Ghoul is an evil spirit associated with consuming human flesh and hunting kids, originally a Mesopotamian demon.

Today, the term is sometimes used to describe a greedy or materialistic individual. Main infection vector: malicious emails The following picture represents emails that are being used to deliver malware to the victims, in what looks like a payment document.

The e-mails sent by attackers appear to be coming from a bank in the UAE, the Emirates NBD, and include a 7z file with malware.
In other cases, victims received phishing links.

A quick analysis of the email headers reveals fake sources being utilised to deliver the emails to victims. Malicious attachments In the case of spear phishing emails with an attachment, the 7z does not contain payment instructions but a malware executable (EmiratesNBD_ADVICE.exe). We have observed executables with the following MD5s: Malware MD5 hashes fc8da575077ae3db4f9b5991ae67dab1b8f6e6a0cb1bcf1f100b8d8ee5cccc4c08c18d38809910667bbed747b274620155358155f96b67879938fe1a14a00dd6 Email file MD5 hashes 5f684750129e83b9b47dc53c96770e09460e18f5ae3e3eb38f8cae911d447590 The spear phishing emails are mostly sent to senior members and executives of targeted organizations, most likely because the attackers hope to get access to core intelligence, controlling accounts and other interesting information from people who have the following positions or similar: Chief Executive Officer Chief Operations Officer General Manager General Manager, Sales and Marketing Deputy General Manager Finance and Admin Manager Business Development Manager Manager Export manager Finance Manager Purchase manager Head of Logistics Sales Executive Supervisor Engineer Technical details Malware functionality The malware is based on the Hawkeye commercial spyware, which provides a variety of tools for the attackers, in addition to malware anonymity from attribution.
It initiates by self-deploying and configuring persistence, while using anti-debugging and timeout techniques, then starts collecting interesting data from the victim’s device, including: Keystrokes Clipboard data FileZilla ftp server credentials Account data from local browsers Account data from local messaging clients (Paltalk, Google talk, AIM…) Account data from local email clients (Outlook, Windows Live mail…) License information of some installed applications #OpGhoul malware collects all data such as #passwords, keystrokes and screenshots Tweet Data exfiltration Data is collected by the attackers using primarily: Http GET posts Sent to hxxp://192.169.82.86 Email messages mail.ozlercelikkapi[.]com (37.230.110.53), mail to info@ozlercelikkapi[.]com mail.eminenture[.]com (192.185.140.232), mail to eminfo@eminenture[.]com Both ozlercelikkapi[.]com and eminenture[.]com seem to belong to compromised organisations operating in manufacturing and technology services. Malware command center The malware connects to 192.169.82.86 to deliver collected information from the victim’s PC.

This information includes passwords, clipboard data, screenshots… hxxp://192.169.82.86/~loftyco/skool/login.phphxxp://192.169.82.86/~loftyco/okilo/login.php The IP address 192.169.82.86 seems to belong to a compromised device running multiple malware campaigns. Victim information Victim organizations are distributed in different countries worldwide with attackers focused on certain countries more than others: Number of Victim Organisations by Country Countries marked as “others” have less than three victim organizations each, they are: Switzerland, Gibraltar, USA, Sweden, China, France, Azerbaijan, Iraq, Turkey, Romania, Iran, Iraq and Italy. Victim industry information Victim industry types were also indicators of targeted attacks as attackers were looking to infiltrate organizations that belong to the product life cycle of multiple goods, especially industrial equipment. #Manufacturing #transportation #travel targets of #OpGhoul Tweet Number of Victim Organizations by Industry Type Victim industry description Industrial Petrochemical, naval, military, aerospace, heavy machinery, solar energy, steel, pumps, plastics Engineering Construction, architecture, automation, chemical, transport, water Shipping International freight shipping Pharmaceutical Production/research of pharmaceutical and beauty products Manufacturing Furniture, decor, textiles Trading Industrial, electronics and food trading Education Training centers, universities, academic publishing Tourism Travel agencies Technology/IT Providers of IT technologies and consulting services Unknown Unidentified victims The last attack waves Kaspersky Lab user statistics indicate the new waves of attacks that started in June 2016 are focused on certain countries more than others. #opghoul highly active in #MiddleEast Tweet Hundreds of detections have been reported by Kaspersky Lab users; 70% of the attacked users were found in the United Arab Emirates alone, the other 30% were distributed in Russia, Malaysia, India, Jordan, Lebanon, Turkey, Algeria, Germany, Iran, Egypt, Japan, Switzerland, Bahrain and Tunisia. Other attack information Phishing pages have also been spotted through 192.169.82.86, and although they are taken down quickly, more than 150 user accounts were identified as victims of the phishing links sent by the attackers.
Victims were connecting from the following devices and inserting their credentials, a reminder that phishing attacks do work on all platforms: Windows Mac OS X Ubuntu iPhone Android The malware files are detected using the following heuristic signatures: Trojan.MSIL.ShopBot.wwTrojan.Win32.Fsysna.dfahTrojan.Win32.Generic Conclusion Operation Ghoul is one of the many attacks in the wild targeting industrial, manufacturing and engineering organizations, Kaspersky Lab recommends users to be extra cautious while checking and opening emails and attachments.
In addition, privileged users need to be well trained and ready to deal with cyber threats; failure in this is, in most cases, the cause behind private or corporate data leakage, reputation and financial loss. Indicators of Compromise The following are common among the different malware infections; the presence of these is an indication of a possible infection. Filenames and paths related to malware C:\Users\%UserName%\AppData\Local\Microsoft\Windows\bthserv.exeC:\Users\%UserName%\AppData\Local\Microsoft\Windows\BsBhvScan.exeC:\Users\%UserName%\AppData\Local\Client\WinHttpAutoProxySync.exeC:\Users\%UserName%\AppData\Local\Client\WdiServiceHost.exeC:\Users\%UserName%\AppData\Local\Temp\AF7B1841C6A70C858E3201422E2D0BEA.datC:\Users\%UserName%\AppData\Roaming\Helper\Browser.txtC:\Users\%UserName%\AppData\Roaming\Helper\Mail.txtC:\Users\%UserName%\AppData\Roaming\Helper\Mess.txtC:\Users\%UserName%\AppData\Roaming\Helper\OS.txtC:\ProgramData\Mails.txtC:\ProgramData\Browsers.txt List of malware related MD5 hashes 55358155f96b67879938fe1a14a00dd6f9ef50c53a10db09fc78c123a95e8eecb8f6e6a0cb1bcf1f100b8d8ee5cccc4c07b105f15010b8c99d7d727ff3a9e70fae2a78473d4544ed2acd46af2e09633d21ea64157c84ef6b0451513d0d11d02e08c18d38809910667bbed747b2746201fc8da575077ae3db4f9b5991ae67dab18d46ee2d141176e9543dea9bf1c079c836a9ae8c6d32599f21c9d1725485f1a3cc6926cde42c6e29e96474f740d12a786e959ccb692668e70780ff92757d23353664d7150ac98571e7b5652fd7e44085d87d26309ef01b162882ee5069dc0bde5a97d62dc84ede64846ea4f3ad4d2f935a68f149c193715d13a361732f5adaa1dabc47df7ae7d921f18faf685c367889aaee8ba81bee3deb1c95bd3aaa6b13d7460e18f5ae3e3eb38f8cae911d447590c3cf7b29426b9749ece1465a4ab4259e List of malware related domains Indyproject[.]orgStudiousb[.]comcopylines[.]bizGlazeautocaree[.]comBrokelimiteds[.]inmeedlifespeed[.]com468213579[.]com468213579[.]com357912468[.]comaboranian[.]comapple-recovery[.]ussecurity-block[.]comcom-wn[.]inf444c4f547116bfd052461b0b3ab1bc2b445a[.]comdeluxepharmacy[.]netkatynew[.]pwMercadojs[.]com Observed phishing URLs hxxp://free.meedlifespeed[.]com/ComCast/hxxp://emailreferentie.appleid.apple.nl.468213579[.]com/hxxp://468213579[.]com/emailreferentie.appleid.apple.nl/emailverificatie-40985443/home/login.phphxxp://verificatie.appleid.apple.nl.referentie.357912468[.]com/emailverificatie-40985443/home/lo…hxxp://192.169.82.86/~gurgenle/verify/webmail/hxxp://customer.comcast.com.aboranian[.]com/loginhxxp://apple-recovery[.]us/hxxp://apple.security-block[.]com/Apple%20-%20My%20Apple%20ID.htmlhxxp://cgi.ebay.com-wn[.]in/itm/2000-Jeep-Wrangler-Sport-4×4-/?ViewItem&item=17475607809hxxp://https.portal.apple.com.idmswebauth.login.html.appidkey.05c7e09b5896b0334b3af1139274f266b2hxxp://2b68.f444c4f547116bfd052461b0b3ab1bc2b445a[.]com/login.htmlhxxp://www.deluxepharmacy[.]net Other malware links Malware links observed on 192.169.82.86 dating back to March and April 2016: hxxp://glazeautocaree[.]com/proforma-invoice.exehxxp://brokelimiteds[.]in/cdn/images/bro.exehxxp://brokelimiteds[.]in/cdn/images/onowu.exehxxp://brokelimiteds[.]in/cdn/images/obe.exehxxp://brokelimiteds[.]in/wp-admin/css/upload/order.exehxxp://brokelimiteds[.]in/wp-admin/css/upload/orders.exehxxp://papercuts[.]info/SocialMedia/java.exehxxp://studiousb[.]com/mercadolivrestudio/f.ziphxxp://copylines[.]biz/lasagna/gate.php?request=true For more information on how you can protect your business from similar attacks, please visit this post from Kaspersky Business.