Home Tags Newspaper

Tag: newspaper

Legislation allowing warrantless student phone searches dies for now

Proponent: California law aimed to bolster student safety, help investigate cyberbullying.

Blizzard hints Nintendo Switch may not be powerful enough for Overwatch

But producer says he's still "open-minded" about a port.

Apple sold $4.2 billion of product in New Zealand, paid $0...

"Their tax department is even more innovative than their product designers."

Report: Congressional analysts worry SpaceX engines are prone to cracks

Investigators have found a "pattern of problems" within the engine's turbopumps.

Kaspersky Lab Incident Investigations Head Arrested In Russia For 'Treason'

Security firm says the case doesn't affect its computer incidents investigation operations. Kaspersky Lab confirmed today that one of its top cybersecurity investigators was arrested in December in Russia, reportedly amid charges of treason. News of the arrest of Ruslan Stoyanov, head of Kaspersky Lab's computer incidents investigations unit, as well as Sergei Mikhailov, deputy head of the information security department at the FSB, first came via Kommersant, a Russian economic newspaper, and word later spread to US news media outlets. Stoyanov, who had been with Kaspersky Lab since 2012, led the firm's cybercrime investigation that ultimately led to the 2016 arrests of 50 members of the so-called Lurk cybercrime gang that stole more than $45 million from Russian financial institutions.

The case was said to be Russia's largest-ever crackdown on financial cybercrime. Stoyanov's arrest sent a chill throughout the security research community, with speculation by some that his cybercrime investigative efforts may have somehow gotten a little too close to Russian nation-state hacking efforts. Russian hacking has been in the spotlight since the US intelligence community published an unclassified report that concludes Russia - under the direction of Vladmir Putin - attempted to influence the US presidential election via hacks and leaks of data from the Democratic National Committee and Clinton campaign manager John Podesta. According to Kaspersky Lab, the nature of Stoyanov's arrest predates his employment with the security firm. "The case against this employee does not involve Kaspersky Lab.

The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab," the company said in a statement. Stoyanov, a former head of network security for Russian ISP OJSC RTComm.RU, also was with Ministry Of Interior's Moscow-based Cyber Crime Unit in the early 2000s. Security experts say his arrest underscores the sometimes-blurred lines between Russian cybercrime gangs and cyber espionage activity. "I think he flew too close to the sun as his recent investigations more than likely unearthed elements of the Pawn Storm campaign," says Tom Kellermann, CEO fo Strategic Cyber Ventures. "This is a red flag to all security vendors who expose the nexus between the cybercriminal conspiracies and the Russian cyberespionage campaigns." Pawn Storm, aka Fancy Bear and APT 28, was one of the Russian state hacking groups implicated in election-related hacks against the US. Researcher Business As Usual While Kaspersky Lab said it had no information of the "details of the investigation" of Stoyanov and that no official information had been released by the Russian government on the case, the company also maintained that the arrest would not affect its current or future research into Russian cyber activities. The company said that "as an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose." For now, Stoyanov is officially suspended from his post at Kaspersky Lab, according to the company. "The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments." Stoyanov in 2015 authored a detailed report for Kaspersky Lab on how Russian financial cybercrime works.

The report notes how the risk of prosecution is low for Russian-speaking cybercriminals: "The lack of established mechanisms for international cooperation also plays into the hands of criminals: for example, Kaspersky Lab experts know that the members of some criminal groups permanently reside and work in Russia’s neighbors, while the citizens of the neighboring states involved in criminal activity often live and operate in the territory of the Russian Federation," he wrote. "Kaspersky Lab is doing everything possible to terminate the activity of cybercriminal groups and encourages other companies and law enforcement agencies in all countries to cooperate," he wrote. Aleks Gostev, chief security expert for Kaspersky Lab's Global Research and Analysis Team, in a tweet today said that Stoyanov "never worked with any APT stuff," dismissing some online speculation that the arrest was somehow related to cyber espionage research. He tweeted that the case wouldn't stop the security firm from its work. Kaspersky Lab is "an international team of experts.
It's impossible to prevent us from releasing data." Related Content:   Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

Kaspersky Lab’s top investigator reportedly arrested in treason probe

reader comments 28 Share this story In a move that stunned some security researchers, a top investigator at Russia's largest antivirus provider, Kaspersky Lab, has been arrested in an investigation into treason, a crime that upon conviction can carry severe sentences. Ruslan Stoyanov Kaspersky Lab Ruslan Stoyanov, the head of Kaspersky Lab's investigations unit, was arrested in December, Russian newspaper Kommersant reported Wednesday.

The paper said that Sergei Mikhailov, a division head of the Russian intelligence service FSB, was also arrested in the same probe.
Stoyanov joined the Moscow-based AV company in 2012 and was chiefly involved in investigating and responding to hacking-related crimes carried out in Russia. His LinkedIn profile shows he served as a major in the cybercrime unit of Russia's Ministry of Interior from 2000 to 2006. "The case against this employee does not involve Kaspersky Lab," company officials wrote in a statement issued following the report. "The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.

The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments." In the past 15 months, Stoyanov wrote three posts for Kaspersky Lab's Securelist blog.

All three involved financially motivated crime conducted inside of Russia.
It's not clear what the maximum penalty is for treason in Russia.

The country has reportedly suspended executions, and the last one was in 1996. Word of the arrest almost immediately ignited a flurry of speculation and concerns of a possibly chilling effect the action might have among security researchers.

The charges were filed under Article 275 of Russia's criminal code, an extraordinarily broad statute that opens individuals to treason charges for providing financial, technical, advisory, or other assistance to a foreign state or international organization that's considered hostile to the Russian government.

As coverage from Forbes reported, such assistance could potentially be as simple as furnishing the FBI with information on a botnet. A much more chilling scenario, offered in this post from Lawfare Blog, is that Stoyanov was a source for US intelligence officers who ultimately concluded Russian-sponsored hacking attempted to interfere with the 2016 US presidential election.

That speculation is likely off base because it doesn't fit with Kaspersky's assertion Stoyanov is being investigated for activities that predated his employment or with this claim from a fellow Kaspersky Lab researcher that Stoyanov's research never involved advanced persistent threats, the term for hacking techniques used by government-sponsored spies. People advancing the theory seem to be basing it on the timing of the arrest, which roughly coincided with the classified release of specific details said to support the US intelligence community's claims the hacking was ordered by President Vladimir Putin. Whatever the specifics are behind the investigation into Stoyanov, security researchers said the arrest will likely cause colleagues in Russia and elsewhere to self-censor potentially sensitive findings. "For those living and working under oppressive regimes, keep up the good fight," Jake Williams, founder of security firm Rendition Software who previously worked for the Department of Defense, wrote in a blog post. "But also remember that no incident response report or conference talk is worth jail time (or worse)." In a message to Ars, he added: "I think that these charges will cause security researchers, particularly those in states with oppressive governments, to carefully consider the weight of reporting details of security incidents." Listing image by Kaspersky Lab

China announces mass shutdown of VPNs that bypass Great Firewall

Ryan McLaughlinreader comments 53 Share this story China’s Ministry of Industry and Information Technology yesterday announced a major crackdown on VPN (virtual private network) services that encrypt Internet traffic and let residents access websites blocked by the country's so-called Great Firewall. The ministry "said that all special cable and VPN services on the mainland needed to obtain prior government approval—a move making most VPN service providers in the country of 730 million Internet users illegal," reported the South China Morning Post, a major newspaper in Hong Kong. China's announcement said the country's Internet service market "has signs of disordered development that requires urgent regulation and governance" and that the crackdown is needed to “strengthen cyberspace information security management," according to the Post. The government said its crackdown would begin immediately and run until March 31, 2018. Numerous Internet users in China rely on VPNs to access sites blocked or censored by the government's Great Firewall, such as Google, YouTube, Facebook, Twitter, Tumblr, Dropbox, The Pirate Bay, The New York Times, The Wall Street Journal, and many others. Apple recently pulled New York Times apps from its Chinese App Store to comply with Chinese regulations. China's tightening of its already strict Internet censorship may be preparation for this autumn's 19th National Congress of the Communist Party of China, at which new party leadership will be elected. Besides the VPN crackdown, China on Saturday shut down "two websites run by a liberal Chinese think tank" and 15 other websites, the Post reported.

Rap for crap WhatsApp trap flap: Yack yack app claptrap slapped

Security gurus condemn sensational reporting of encryption backdoor-that-wasn't Computer security experts and cryptographers have accused The Guardian of overblowing what was reported to be a backdoor in WhatsApp's encryption. Zeynep Tufekci, an assistant professor at the University of North Carolina and associate at the Harvard University's Berkman Center for Internet and Society, wrote an open letter this week criticizing the newspaper for portraying the "vulnerability" – which can be exploited by snoopers in certain circumstances to decrypt messages – as a "huge threat" to users. The Graun's "exclusive" focused on the handling of public encryption keys by WhatsApp and a corner case in which a third party triggers the generation of new keys. This could, under specific conditions, theoretically allow an attacker to intercept and decrypt WhatsApp messages. As El Reg noted, exploitation is non-trivial. Noted security researchers are re-affirming that opinion, and taking journalists to task for portraying the condition as a serious flaw. "The WhatsApp behavior described is not a backdoor, but a defensible user-interface trade-off," Tufekci noted. "A debate on this trade-off is fine, but calling this a 'loophole' or a 'backdoor' is not productive or accurate." The letter has already received endorsements from some of the biggest names in the infosec space, including Assistant Prof Matthew Green, Bruce Schneier, and Tor Project developer Isis Lovecruft. In addition to objecting to the portrayal of the security condition as a "vulnerability," Tufekci's letter slaps down The Guardian for portraying the condition as being easy to exploit and recommending that users abandon WhatsApp for other messaging tools that, in many cases, would be easier for an attacker to compromise. "Telling people to switch away from WhatsApp is very concretely endangering people. Signal is not an option for many people," the letter reads. "These concerns are concrete, and my alarm is from observing what's actually been happening since the publication of this story and years of experience in these areas." Tufekci is asking the paper to retract and apologize for the story and ask reporters to consult security professionals for input on future information security articles. "Considering the stakes, security reporting must be measured and well-researched," the letter concludes. "My unfortunate prediction is that the harm from your story will be real, widespread, and corrections and rebuttals likely minimally reported on." ® Sponsored: Flash enters the mainstream. Visit The Register's storage hub

Virginia “Broadband Deployment Act” would kill municipal broadband deployment

Enlarge / Virginia State Capitol in Richmond.Getty Images | Joe Daniel Price reader comments 96 Share this story Virginia lawmakers are considering a bill called the "Virginia Broadband Deployment Act," but instead of resulting in more broadband deployment, the legislation would make it more difficult for municipalities to offer Internet service. The Virginia House of Delegates legislation proposed this week by Republican lawmaker Kathy Byron (full text) would prohibit municipal broadband deployments except in very limited circumstances.

Among other things, a locality wouldn't be allowed to offer Internet service if an existing network already provides 10Mbps download and 1Mbps upload speeds to 90 percent of potential customers.

That speed threshold is low enough that it can be met by old DSL lines in areas that haven't received more modern cable and fiber networks. Even if that condition is met, a city or town would have to jump through a few hoops before offering service.

The municipality would have to pay for a "comprehensive broadband assessment," and then issue a request for proposals giving for-profit ISPs six months to submit a plan for broadband deployment.

After receiving proposals from private ISPs, the local government would have to determine whether providing grants or subsidies to a private ISP would be more cost-effective than building a municipal broadband network. The bill, which is being pushed by the Virginia Cable Telecommunications Association lobby group, would also make it hard for localities to offer lower rates than private ISPs.

A locality would not be allowed to price its services at a sum less than the "actual direct costs" and "actual indirect costs" of providing the service, and it would have to boost the prices it charges customers by "includ[ing] within its rates an amount equal to all taxes, fees, and other assessments that would be applicable to a similarly situated private provider of the same communications services, including federal, state, and local taxes; franchise fees; permit fees; pole attachment fees; and any similar fees." Moreover, the legislation would give private ISPs grounds to challenge municipal broadband projects in court. Local governments seeking to offer broadband would have to file various documents with the state Broadband Advisory Council at least 120 days before construction and "an annual certification by July 1 of each year that any expansion to or changes in its projects or system since the preceding July 1 still qualify as broadband expansion services." "Any person who believes that any part of such filings is incomplete, incorrect, or false and who is in the business of providing Internet services within the locality shall have standing to bring an action in the circuit court for the locality to seek to require the locality to either comply with the substantive and procedural content of the filings required by this section, or cease to provide services, and no bond shall be required for injunctive relief against the locality," the legislation says. Existing projects would be grandfathered, but only within the geographic area where they already provide service.

That would prevent future expansions. Local official worries about fate of new network Virginia already has one law limiting the ability to create municipal broadband projects, but the Byron proposal would make things more difficult for projects allowed under the previous law. One entity that could be affected is the Roanoke Valley Broadband Authority, which "in April 2016 announced the lighting of a 47-mile broadband network running through Roanoke, Salem and parts of Botetourt and Roanoke counties," The Roanoke Times noted in an article yesterday. Roanoke County supervisors have set aside $9.6 million for construction and the first six years of operating costs, but with the way the new legislation is written, Roanoke City Manager Chris Morrill told the paper he "can't imagine how" the project would survive. "And we would have lost this important investment that we’ve made.” About 98 percent of households within Roanoke already have access to 10Mbps download speeds. Morrill said the legislation would help incumbent ISPs by reducing competition, "but it does not serve citizens, it does not create jobs." The Roanoke Times wrote that Byron has received $36,100 in campaign donations from Verizon since 1998. "Other donation totals include $15,000 from the Virginia Cable Telecommunications Association, $9,250 from AT&T, $3,500 from CenturyLink and $3,000 from Comcast," the newspaper said.

Those numbers come from the Virginia Public Access Project. Byron told the newspaper that she is "tweaking" the bill but does not expect major changes. Republicans have the majority in both chambers of the Virginia legislature. “I just think government needs to be very cautious about investing taxpayer dollars in these networks that they not only have to be able to manage, but they also have to maintain them,” Byron told The Roanoke Times. "Maintaining this type of stuff is much better done by private business.” The Federal Communications Commission in 2015 voted to preempt similar laws in North Carolina and Tennessee that restricted growth of municipal broadband.

But the states sued and a federal appeals court overturned the FCC decision, letting states continue to impose restrictions on municipal Internet projects.

Peace-sign selfie fools menaced by fingerprint-harvesting tech

Cute photo? Your biometrics just got raided, boffins warn Researchers from Japan's National Institute of Informatics say people's fingerprints could be extracted from photographs using yet-to-be built technology. The eggheads warn that fingerprints can be copied from photographs snapped up to three metres from targets. Prints would need to be captured clearly in strong lighting, researcher Isao Echizen told the Sankei Shimbun newspaper and broadcaster Yomiuri TV. The technology required to replicate fingerprints is not considered advanced but is some two years from development, apparently. “Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” Echizen says. “Fingerprint data can be recreated if fingerprints are in focus with strong lighting in a picture." The three-metre range to nab fingerprints is likely to capture scores of selfie-takers, he says.

The research team has created a transparent titanium oxide film which will mask prints within photographs, yet permit validation with biometric scanners now woven into many mobile devices. The findings appear of particular interest to their country given the two-fingered peace or victory sign is seen as an iconic gesture within east-asian popular cultures. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Flash the Peace Sign, Get Your Phone Hacked?

Stop flashing the peace sign, giving a thumbs up, or waving at the camera. Flashing the peace sign may put smartphone users at risk, according to Japan's National Institute of Informatics (NII). Biometric details are readable in images taken from as ...

Like stealing data from a kid: LA school pays web scum...

No chance of data retrieval, experts say A Los Angeles school has made a whopping US$28,000 ransomware payment after hackers raided its network. Attackers had encrypted enough to ruin computer services, email, and messaging at the Los Angeles Community College District. The school paid the bitcoin ransom after learning it had no other alternatives by way of backups or free decryption methods. Attackers of unknown origin encrypted hundreds of thousands of files on New Years Eve affecting much of the campus' 1,800 staff and 20,000 students. The campus newspaper The Valley Star said a note was left on a school server stating that admins had "7 days to send us the BitCoin (sic) after 7 days we will remove your private keys and it’s (sic) impossible to recover your files”. "It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost," the school wrote in a report [PDF] on the incident. It is unaware of any other compromise of student data beyond the attack, but says the investigation is complex and evolving. It is one of the highest publicly-known ransomware demands to be paid, but is not exceptional among private quiet attacks, sources tell Vulture South. Ransomware designers who spread their wares risk having their work reverse-engineered by white hat security researchers who exploit encryption implementation flaws to offer the public means to decrypt files for free. Such work is now formalised under the lauded No More Ransom Alliance, which unifies a formerly scattered and silo-ed, but furious effort by malware researchers to lay ruin to scores of ransomware variants. MongoDB administrators are the latest victims of meddling ransom web scum with tens of thousands of exposed databases being wiped by attackers demanding around $200 for the return of the stolen information. Bootnote: This writer has argued that paying ransoms is a legitimate if unfortunate last response to ransomware; cries from law enforcement that payments mean shoring up criminal business models is not the primary concern of administrators. ® Sponsored: Next gen cybersecurity. Visit The Register's security hub