Tag: social networks
There's the old-fashioned way: collect resumes, sort for keywords, check on social networks, get referrals and interview.But what about geotagging?[ Download the ...
Each day, users watch 100 million hours of video, 400 million people use Messenger, and more than 95 million photos and videos are posted on Instagram.That puts a heavy load on Facebook’s servers in data centers, which help orchestrate all these services to ensure timely responses.
In addition, Facebook’s servers use machine learning technologies to improve services, with one visible example being image recognition.[ Roundup: TensorFlow, Spark MLlib, Scikit-learn, MXNet, Microsoft Cognitive Toolkit, and Caffe machine learning and deep learning frameworks. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ]The story is similar for Microsoft, which is continually looking to balance the load on its servers.
For example, Microsoft’s data centers apply machine learning for natural language services like Cortana.To read this article in full or to leave a comment, please click here
The attack compromised their devices and exfiltrated data to the attackers’ C&C.
In addition, the compromised devices were pushed Trojan updates.
The operation remains active at the time of writing this post.
To benefit from using Maltego, come to SAS 2017 for intensive Digital Intelligence Gathering training from the experts who created the tool from scratch: there won’t be any questions that they can’t answer.
If users clicked OK, the malicious app locked the device and displayed the following message: You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data.
All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family. The app sought 0.2 Bitcoin, currently worth about $180.
In an e-mail, Check Point researchers said the app was available in Google Play for four days and had only a "handful" of downloads. "We believe the attackers only wanted to test the waters and not spread it yet," the researchers told Ars.
The infection was detected by Check Point's mobile malware software, which the company sells to businesses.
Google officials have since removed the app and have thanked Check Point for raising awareness of the issue. Hiding in plain sight An analysis showed that Charger checked the local settings of an infected device and wouldn't execute the app's malicious payload if the device was located in Ukraine, Russia, or Belarus.
The behavior was likely an attempt to prevent the developers from facing legal actions in those countries.
In the blog post, Check Point researchers added: Most malware found on Google Play contains only a dropper that later downloads the real malicious components to the device.
Charger, however, uses a heavy packing approach which [makes] it harder for the malware to stay hidden, so it must compensate with other means.
The developers of Charger gave it everything they had to boost its evasion capabilities and so it could stay hidden on Google Play for as long as possible. The malware uses several advanced techniques to hide its real intentions and makes it harder to detect. It encodes strings into binary arrays, making it hard to inspect them. It loads code from encrypted resources dynamically, which most detection engines cannot penetrate and inspect.
The dynamically-loaded code is also flooded with meaningless commands that mask the actual commands passing through. It checks whether it is being run in an emulator before it starts its malicious activity. PC malware first introduced this technique which is becoming a trend in mobile malware having been adopted by several malware families including Dendroid. In 2012, Google unveiled a cloud-based scanner dubbed bouncer that was billed as a way for the company to detect malicious apps before they were made available in Play.
Five years later, discovery of malicious apps like Charger are a regular occurrence.
Google makes little reference to the tool these days. The incident is the latest to underscore the risks posed by apps hosted on Google servers. On Monday, Check Point documented the return of the virulent family of Android malware known as HummingBad, which managed to get from 2 million to 12 million downloads from the marketplace before the 20 affected apps were detected and removed.
At least 32 people died in the Brussels attack and about 130 in the attack in Paris. The suit alleges that Twitter has violated, and continues to violate, the U.S.
The plaintiffs are asking for a jury trial and monetary damages to be determined at trial. Twitter did not reply to a request for comment. “Twitter’s social media platform and services provide tremendous utility and value to ISIS as a tool to connect its members and to facilitate the terrorist group’s ability to communicate, recruit members, plan and carry out attacks, and strike fear in its enemies,” the suit alleges. “ISIS has used Twitter to cultivate and maintain an image of brutality, to instill greater fear and intimidation, and to appear unstoppable ...” The lawsuit also contends that specifically for the Brussels and Paris attacks, ISIS used Twitter to issue threats, as well as to announce and celebrate the attacks. The lawsuit was filed by the family of siblings Alexander Pinczowski and Sascha Pinczowski, who were killed in Brussels, and the family of Nohemi Gonzalez, who was killed in Paris. Last year, another lawsuit was filed by Gonzalez’s father against Twitter, Facebook and YouTube for allegedly knowingly allowing ISIS to “use their social networks as a tool for spreading extremist propaganda, raising funds and attracting new recruits.” In December, the families of three victims of the June shooting at the Pulse nightclub in Orlando, Florida, sued Facebook, Twitter and Google, the owner of YouTube, for allegedly ”providing support to the Islamic State.” Forty-nine people were killed in the attack. The question, if either case goes to trial, is whether a social network can be held responsible for the actions of any of its users. “While I certainly can sympathize with the families, it’s hard for me to see how Twitter can be held responsible for the rise of ISIS and their terror activities,” said Dan Olds, an analyst with OrionX. “Let’s imagine the world a few decades ago, before the internet. Would someone try to hold AT&T responsible for criminal activities that were planned over the telephone? Or is the printing press manufacturer responsible for magazines that encourage terrorism that were printed using presses they built and sold? “ In response to the attacks, Twitter took steps to prevent terrorists from using its network. In August, the company reported that in the previous six months, it had suspended 235,000 accounts for violating its policies related to the promotion of terrorism. That was in addition to 125,000 accounts that been suspended since mid-2015, bringing the total number of terrorist-related suspended accounts to 360,000. “We strongly condemn these acts and remain committed to eliminating the promotion of violence or terrorism on our platform,” the company said in a blog post at the time. Judith Hurwitz, an analyst with Hurwitz & Associates, said it would be a significant challenge for Twitter to keep terrorists completely off its site. “Perhaps Twitter could do a better job identifying users who are terrorists,” she said, saying the company would likely need advanced machine learning tools to weed out the bad players. “Of course, it would have to be advanced… Remember that terrorists are very good at adapting.
If they are thrown off of the system, they can come back with a different persona and try to game the system.” Brad Shimmin, an analyst with Current Analysis, said social networks like Twitter, Facebook and Google can’t be held responsible for their users’ actions. “There is no way of effectively policing those sites based upon affiliation or behavior,” Shimmin said. “Twitter itself has gone to some extreme measures to single out and remove accounts engaged in this sort of thing.
That will help, and I think such efforts are a moral responsibility for Twitter and other social networking vendors, but those actions can’t rule out future misuse.” Olds said it would be impossible for Twitter to keep terrorists from using its site 100% of the time, but the company could do a better job of curtailing it. “Terrorist messages should be able to be rooted out with some solid language processing software,” Olds said. “I’d like to see them do more along these lines.
The technology is there, they just need to adapt it to anti-terrorist tasks.” If Twitter loses the lawsuit and is ordered to pay significant damages, the impact on other social networks would be chilling, he said. “Social networks would be forced to keep a much closer eye on user activities and crack down on anything that could be interpreted as ‘bad,’ “ Olds said. “The end result would be self-imposed censorship on the part of the nets, which would greatly upset many users.
But I just don’t see this happening—at least not with this case.” This story, "Families of ISIS victims sue Twitter for being 'weapon for terrorism' " was originally published by Computerworld.
Tony Evans from Wick Hill (part of the Nuvias Group) highlights the risks of Wi-Fi and provides some advice for delivering a secure hotspot
The fact that Wi-Fi stands for Wireless Fidelity hints at how long Wi-Fi has been around, but it was only in 1999 that the Wi-Fi Alliance formed as a trade association to hold the Wi-Fi trademark, under which most products are sold.
Today, Wi-Fi is on the top of the list of must-haves for businesses of all types and sizes. People will simply vote with their feet if good and, usually free, Wi-Fi is not available.
But this demand for anytime, anyplace connectivity can mean that some of us are prepared to jump onto Wi-Fi hotspots at cafes, hotel, airports or company guest networks, with only a fleeting consideration of security – a fact that has not gone unnoticed by cyber criminals.
There are over 300,000 videos on YouTube alone explaining how to hack Wi-Fi users with tools easily found online.
Risks from unprotected Wi-Fi:
Wi-Fi Password Cracking
Wireless access points that still use older security protocols such as WEP, make for easy targets because these passwords are notoriously easy to crack. Hotspots that invite us to log in by simply using social network credentials are increasingly popular, as they allow businesses to use demographic information such as age, gender and occupation to target personalised content and advertisements.
Without encryption, Wi-Fi users run the risk of having their private communications intercepted, or packet sniffed, by cyber snoops while on an unprotected network.
Cyber criminals can set up a spoof access point near your hotspot with a matching SSID that invites unsuspecting customers to log in leaving them susceptible to unnoticed malicious code injection.
In fact, it is possible to mimic a hotspot using cheap, portable hardware that fits into a backpack or could even be attached to a drone.
There are common hacking toolkits to scan a Wi-Fi network for vulnerabilities, and customers who join an insecure wireless network may unwittingly walk away with unwanted malware.
A common tactic used by hackers is to plant a backdoor on the network, which allows them to return at a later date to steal sensitive information.
Joining an insecure wireless network puts users at risk of losing documents that may contain sensitive information.
In retail environments, for example, attackers focus their efforts on extracting payment details such as credit card numbers, customer identities and mailing addresses.
Inappropriate and Illegal Usage
Businesses offering guest Wi-Fi risk playing host to a wide variety of illegal and potentially harmful communications.
Adult or extremist content can be offensive to neighbouring users, and illegal downloads of protected media leave the businesses susceptible to copyright infringement lawsuits.
As the number of wireless users on the network grows, so does the risk of a pre-infected client entering the network. Mobile attacks, such as Android’s Stagefright, can spread from guest to guest, even if the initial victim is oblivious to the threat.
There are established best practices to help secure your Wi-Fi network, alongside a drive, from companies such as WatchGuard, to extend well-proven physical network safeguards to the area of wireless, providing better network visibility to avoid blind spots.
Implementing the latest WPA2 Enterprise (802.1x) security protocol and encryption is a must, while all traffic should, at a minimum, be inspected for viruses and malware, including zero day threats and advanced persistent threats.
Application ID and control will monitor and optionally block certain risky traffic, while web content filtering will prevent unsuspecting users from accidentally clicking a hyperlink that invites exploitation, malware and backdoors to be loaded into your network.
The use of strong passwords, which are changed frequently, should be encouraged, along with regular scanning for rogue Access Points (APs) and whitelisting MAC addresses, when possible.
WatchGuard’s latest cloud-managed wireless access points also have built-in WIPS (Wireless Intrusion Prevention System) technology to defend against unauthorised devices, rogue APs and malicious attacks, with close to zero false positives.
While WIDs (Wireless Intrusion Detection Systems) are common in many Wi-Fi solutions, WIDs require manual intervention to respond to potential threats.
This may be OK for large organisations with IT teams that can manage this, however WIPs is a fully-automated system, which makes it far more attractive to SMEs and organisations such as schools and colleges.
Using patented, Marker Packet wireless detection technology, WatchGuard WIPS differentiates between nearby external access points and rogue access points.
If a rogue access point is detected, all incoming connections to that access point are instantly blocked. WIPS also keeps a record of all clients connecting to the authorised access points, so if a known device attempts to connect to a malicious access point, the connection is instantly blocked. WIPS will also shut down denial-of-service attacks by continuously looking for abnormally high amounts of de-authentication packets.
Wi-Fi as a marketing tool
While Wi-Fi networks have traditionally been viewed as part of the IT infrastructure and the responsibility of the IT department, the latest Wi-Fi systems deliver more than just connectivity, which makes them an attractive proposition for customer services and marketing departments.
For example, the WatchGuard Wi-Fi Cloud provides visibility into marketing data, including insights into footfall and customer demographics and also makes it possible to have direct communication with individual customers in the form of SMS, MMS or social networks.
And with customised splash pages, businesses can personalise the customer Wi-Fi experiences by offering promotional opportunities or surveys and promoting all-important branding.
It is clear that Wi-Fi is here to stay and is becoming much more than simply a way to get online. While the rapid speed of Wi-Fi adoption has led to a disconnect between physical and wireless security, this is now changing and there is no longer any excuse for providing insecure Wi-Fi.
About Wick Hill
Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions.
The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.
Wick Hill is particularly focused on providing a wide range of value-added support for its channel partners.
This includes strong lead generation and conversion, technical and consultancy support, and comprehensive training. Wick Hill has its headquarters in the UK and offices in Germany and Austria. Wick Hill also offers services to channel partners in fourteen EMEA countries and worldwide, through its association with Zycko, as part of Nuvias Group, the pan-EMEA, high value distribution business, which is redefining international, specialist distribution in IT.
But we have discovered a modification of the mobile banking Trojan Trojan-Banker.AndroidOS.Faketoken that went even further – it can encrypt user data.
In addition to that, this modification is attacking more than 2,000 financial apps around the world. We have managed to detect several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.
According to our information, the number of this banker’s victims exceeds 16,000 users in 27 countries, with most located in Russia, Ukraine, Germany and Thailand. Trojan-Banker.AndroidOS.Faketoken is distributed under the guise of various programs and games, often imitating Adobe Flash Player. Preparing the groundwork The Trojan is capable of interacting with protection mechanisms in the operating system.
For example, it requests rights to overlay other apps or the right to be a default SMS application.
This allows Faketoken to steal user data even in the latest versions of Android. Once the Trojan becomes active, it requests administrator rights.
If the user denies the request, Faketoken repeatedly refreshes the window asking for these rights, which leaves the victim with little choice. The Trojan imitating “Yandex.Navigator” to request administrator rights Once it has received administrator rights, Faketoken starts requesting the necessary permissions: to access the user’s text messages, files and contacts, to send text messages and make calls.
These requests will also be repeatedly displayed until the user agrees to provide access. The Trojan then requests the right to display its windows on top of other applications.
This is necessary to block the device and steal user data by displaying phishing pages. The Trojan requesting the right to display its windows on top of other applications The final request at the preparatory stage is for the right to be the default SMS application – this allows Faketoken to covertly steal text messages on the latest versions of Android.
The Trojan integrates the options necessary for the user to work with SMS. However, on some Android devices and versions when the user attempts to send an SMS via Faketoken it returns an error.
As a result, the user cannot send SMS messages until they manually change the SMS application.
The Trojan doesn’t like that, and will start requesting the right again. Manipulations with application shortcuts can also be added to the preparatory stage.
After launching, Faketoken starts downloading an archive containing file icons of several applications (the version being analyzed here has eight) related to social networks, instant messengers and browsers.
Then it tries to delete the previous shortcuts to these applications and create new ones. On the test devices the Trojan failed to remove the previous shortcuts which eventually led to the appearance of duplicates It is not clear why it does this because the shortcuts created by Faketoken lead to the original applications. Data theft Once the shortcuts are installed, the next stage of the Trojan’s work begins – the theft of user data.
Faketoken downloads a database from the server containing phrases in 77 languages for different device localizations. Screenshot of the database with phrases in different languages Using these or other phrases from the database, depending on the operating system language, the Trojan will show the user various phishing messages. Examples of phishing messages displayed by the Trojan If the user clicks on the message, the Trojan opens a phishing page designed to steal passwords from Gmail accounts.
In addition to that, the Trojan overlays the original Gmail application with this page for the same purpose – to steal the password. Phishing page imitating the login page of the Gmail mail service However, the Trojan doesn’t limit itself to Gmail. Like most modern mobile Trojans, Faketoken overlays the original Google Play app with its phishing window to steal the victim’s bank card details. Phishing page used by the Trojan to steal credit card details The Trojan can also get the list of applications for attack and an HTML template page to generate phishing pages for the attacked applications from the C&C server.
In our case, Faketoken received a list of 2,249 financial applications from around the world. Example of the Trojan’s phishing pages designed for different applications It should be noted that the Trojan integrates functionality enabling it to call some of the methods from the HTML page it received from the C&C server.
As a result, in addition to the phishing functionality, the pages described above can get certain information about the device including the address of the Gmail account and, even worse, reset the device to factory settings. What’s more, Faketoken can perform the following actions upon command from the C&C server: Change masks to intercept incoming text messages; Send text messages to a specified number with a specified text; Send text messages with a specified text to a specified list of recipients; Send a specified text message to all contacts; Upload all text messages from the device to the malicious server; Upload all the contacts from the device to the malicious server; Upload the list of installed applications to the malicious server; Reset the device to factory settings; Make a call to a specified number; Download a file to the device following a specified link; Remove specified applications; Create a notification on the phone to open a specified page or run a specified application; Start overlaying specified applications with a specified phishing window; Open a specified link in its own window; Run an application; Block the device in order to extort money for unblocking it.
This command may include an option indicating the need to encrypt files. Ransomware banker As mentioned above, the ransomware functionality in mobile banking Trojans is now commonplace, after being pioneered by Svpeng in early 2014. However, the new Faketoken version can not only extort money by blocking the screen but also by encrypting user files. Screenshot of the Trojan code that renames and then encrypts files. Once the relevant command is received, the Trojan compiles a list of files located on the device (external memory, memory card) corresponding to the given list of 89 extensions and encrypts them.
The AES symmetric encryption algorithm is used, which leaves the user with a chance of decrypting files without paying a ransom.
The Trojan receives the encryption key and the initialization vector from the C&C server.
The encrypted files include both media files (pictures, music, videos) and documents.
The Trojan changes the extension of the encrypted files to .cat. In conclusion, we would like to note that file encryption is not that popular with the developers of mobile ransomware (at least currently), which may be because most files stored on a mobile device are copied to the cloud.
In other words, demanding a ransom in return for decrypting them is pointless.