Home Tags Social networks

Tag: social networks

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies.

Why online etiquette matters — and why IT leaders should care

It seems that not a week goes by without social media hitting a new high — or, as United Airlines might attest, a new low. Whatever your perspective, there’s no denying that social networks and online connections can shape how we work, think and interact to a dramatic degree.High-tech analyst and consultant Scott Steinberg offers guidance on how to get along in this digital world with his new book, Netiquette Essentials: New Rules for Minding Your Manners in a Digital World, which was released in February.

This is Steinberg’s seventh book about business or technology. Here he discusses why manners matter on social media, and why CIOs should care.
To read this article in full or to leave a comment, please click here

The strange new world of hiring and employee tracking

Your employer wants to hire top salespeople and is counting on HR to deliver the best.

There's the old-fashioned way: collect resumes, sort for keywords, check on social networks, get referrals and interview.But what about geotagging?[ Download the ...

Bloke is paid to scour hashtags for threats, spots civil rights...

State investigator, Oregon DoJ attorney lash out in lawsuits A chap whose job was to investigate threats on social networks is suing the Oregon Department of Justice – for allegedly retaliating against him after his online sleuthing led him to the agency's own director of civil rights.…

Facebook, Microsoft target faster services with new AI server designs

Facebook on Wednesday rolled out some staggering statistics related to its social networks.

Each day, users watch 100 million hours of video, 400 million people use Messenger, and more than 95 million photos and videos are posted on Instagram.That puts a heavy load on Facebook’s servers in data centers, which help orchestrate all these services to ensure timely responses.
In addition, Facebook’s servers use machine learning technologies to improve services, with one visible example being image recognition.[ Roundup: TensorFlow, Spark MLlib, Scikit-learn, MXNet, Microsoft Cognitive Toolkit, and Caffe machine learning and deep learning frameworks. | Get a digest of the day's top tech stories in the InfoWorld Daily newsletter. ]The story is similar for Microsoft, which is continually looking to balance the load on its servers.

For example, Microsoft’s data centers apply machine learning for natural language services like Cortana.To read this article in full or to leave a comment, please click here

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor.

The attack compromised their devices and exfiltrated data to the attackers’ C&C.
In addition, the compromised devices were pushed Trojan updates.

The operation remains active at the time of writing this post.

Google Maps makes your favorite places social with launch of shareable...

In an effort to make Maps more of a social tool than a directional tool.

How to succeed in online investigations and digital forensics

Maltego, the tool best known for deep data mining and link analysis, has helped law enforcement, intelligence agencies and others in security-related work since it was released in 2008.

To benefit from using Maltego, come to SAS 2017 for intensive Digital Intelligence Gathering training from the experts who created the tool from scratch: there won’t be any questions that they can’t answer.

Fitbit may be cutting up to 10 percent of its workforce...

The company is turning to software and may be developing its own app store.

Ransomware app hosted in Google Play infects unsuspecting Android user

Aurich Lawsonreader comments 33 Share this story Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday. The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security firm Check Point Software. Once installed, Charger stole SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights.
If users clicked OK, the malicious app locked the device and displayed the following message: You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data.

All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family. The app sought 0.2 Bitcoin, currently worth about $180.
In an e-mail, Check Point researchers said the app was available in Google Play for four days and had only a "handful" of downloads. "We believe the attackers only wanted to test the waters and not spread it yet," the researchers told Ars.

The infection was detected by Check Point's mobile malware software, which the company sells to businesses.

Google officials have since removed the app and have thanked Check Point for raising awareness of the issue. Hiding in plain sight An analysis showed that Charger checked the local settings of an infected device and wouldn't execute the app's malicious payload if the device was located in Ukraine, Russia, or Belarus.

The behavior was likely an attempt to prevent the developers from facing legal actions in those countries.
In the blog post, Check Point researchers added: Most malware found on Google Play contains only a dropper that later downloads the real malicious components to the device.

Charger, however, uses a heavy packing approach which [makes] it harder for the malware to stay hidden, so it must compensate with other means.

The developers of Charger gave it everything they had to boost its evasion capabilities and so it could stay hidden on Google Play for as long as possible. The malware uses several advanced techniques to hide its real intentions and makes it harder to detect. It encodes strings into binary arrays, making it hard to inspect them. It loads code from encrypted resources dynamically, which most detection engines cannot penetrate and inspect.

The dynamically-loaded code is also flooded with meaningless commands that mask the actual commands passing through. It checks whether it is being run in an emulator before it starts its malicious activity. PC malware first introduced this technique which is becoming a trend in mobile malware having been adopted by several malware families including Dendroid. In 2012, Google unveiled a cloud-based scanner dubbed bouncer that was billed as a way for the company to detect malicious apps before they were made available in Play.

Five years later, discovery of malicious apps like Charger are a regular occurrence.

Google makes little reference to the tool these days. The incident is the latest to underscore the risks posed by apps hosted on Google servers. On Monday, Check Point documented the return of the virulent family of Android malware known as HummingBad, which managed to get from 2 million to 12 million downloads from the marketplace before the 20 affected apps were detected and removed.

Do web injections exist for Android?

Web injection attacks There’s an entire class of attacks that targets browsers – so-called Man-in-the-Browser (MITB) attacks. These attacks can be implemented using various means, including malicious DLLs, rogue extensions, or more complicated malicious code injected into pages in the browser by spoofing proxy servers or other ways. The purpose of an MITB attack may vary from relatively innocuous ad spoofing on social networks or popular websites to stealing money from user accounts – the latter is what happened in the Lurk case. A malicious app masquerades as a Kaspersky Lab product in an MITB attack Web injection is used in most cases when an MITB-class attack targets online banking. This type of web injection attack involves malicious code being injected into an online banking service webpage to intercept the one-time SMS message, harvest information about the user, spoof banking details, etc. For example, our Brazilian colleagues have long reported about barcode spoofing attacks performed when users print out Boletos – popular banking documents issued by banks and all kind of businesses in Brazil. Meanwhile, the prevalence of MITB attacks in Russia is decreasing – cybercriminals are opting for other methods and attack vectors to target banking clients. For the average cybercriminal, it is much easier to use readily available tools than develop and implement web injection tools. Despite this, we’re often asked if there are any web injection attacks for Android devices. This is our attempt to investigate and give as full an answer as possible. Web injection on Android Despite the term ‘inject’ being used in connection with mobile banking Trojans (and sometimes used by cybercriminals to refer to their data-stealing technologies), Android malware is a whole different world. In order to achieve the same goals pursued by web injection tools on computers, the creators of mobile Trojans use two completely different technologies: overlaying other apps with a phishing window, and redirecting the user from a banking web page to a specially crafted phishing page. Overlaying apps with phishing windows This is the most popular technology with cybercriminals and is used in practically all banking Trojans. 2013 was when we first encountered a piece of malware overlaying other apps with its phishing window – that was Trojan-Banker.AndroidOS.Svpeng. Today’s mobile banking Trojans most often overlay the Google Play Store app with their phishing window – this is done in order to steal the user’s bank card details. The Marcher malware Besides this, Trojans often overlay various social media and instant messaging apps and steal the passwords to them. The Acecard malware However, mobile banking Trojans typically target financial applications, mostly banking apps. Three methods of MITB attacks for mobile OS can be singled out: 1. A special Trojan window, crafted beforehand by cybercriminals, is used to overlay another app’s window. This method was used, for example, by the Acecard family of mobile banking Trojans. Acecard phishing windows 2. Apps are overlaid with a phishing web page located on a malicious server. This way, the cybercriminals can modify its contents any time they need to. This method is used by the Marcher family of banking Trojans. Marcher phishing page 3. A template page is downloaded from a malicious server, to which the icon and the name of the attacked application is added. This is how one of the Trojan-Banker.AndroidOS.Faketoken modifications manages to attack over 2,000 financial apps. FakeToken phishing page It should be noted that starting from Android 6, for the above attack method to work, the FakeToken Trojan has to request the privilege of displaying its window on top of other app windows. It’s not alone though: as new versions of Android are gaining popularity, a growing number of mobile banking Trojans are beginning to request such privileges. Redirecting the user from the bank’s page to a phishing page We were only able to identify the use of this technology in the Trojan-Banker.AndroidOS.Marcher family. The earliest versions of the Trojan that redirected the user to a phishing page are dated late April 2016, and the latest are from the first half of November 2016. Redirecting the user from a bank’s webpage to a phishing page works as follows. The Trojan subscribes to modify browser bookmarks, which includes changes in the current open page. This way the Trojan knows which webpage is currently open, and if it happens to be one of the targeted pages, the Trojan opens the corresponding phishing page in the same browser and redirects the user there. We were able to find over a hundred web pages belonging to financial organizations that were targeted by the Marcher family of Trojans. However, two points need to be raised: All new modifications of the Marcher Trojan that we were able to detect no longer use this technology. Those modifications that used this technology also used a method of overlaying other apps with their phishing window. Why then was the method of redirecting the user to a phishing page used by only one family of mobile banking Trojans, and why is this technology no longer used in newer modifications of the family? There are several reasons: In Android 6 and later versions, this technology no longer works, meaning the number of potential victims is decreasing every day. For example, around 30% of those using Kaspersky Lab’s mobile security solutions now use Android 6 or a later version; The technology only worked on a limited number of mobile browsers; The user can easily spot that they are being redirected to a phishing site and they may also notice that the URL of the webpage has changed. Attacks launched using root privileges With superuser privileges, Trojans can perform any attack, including real malicious injections into browsers. Although we were unable to find a single case of this happening, the following should be noted: Some modules of Backdoor.AndroidOS.Triada can substitute websites in certain browsers, using superuser privileges. All the attacks we found were launched with the purpose of making some money from advertising only, and did not result in the theft of banking information. The banking Trojan Trojan-Banker.AndroidOS.Tordow, using superuser privileges, can steal passwords saved in browsers, which may include passwords to financial websites. Conclusions We can state that, despite all the available technical capabilities, cybercriminals that target banks do not make use of malicious web injections in mobile browsers or injections in mobile apps. Sometimes they use these technologies to spoof adverts, but even then that requires highly sophisticated malicious software. So why do cybercriminals ignore the available opportunities? Most probably it is because of the diversity of mobile browsers and apps. Malware writers would have to adapt their creations to a long list of programs, which is rather costly, while simpler and more versatile attacks involving phishing windows do not require so much effort to target a larger number of users. Nonetheless, the Triada and Tordow examples suggest that similar attacks may well take place in the future as malware creators gain more expertise.

Families of ISIS victims sue Twitter for being 'weapon for terrorism'

The families of three Americans killed in ISIS terror attacks are suing Twitter for allegedly knowingly providing support for the terrorist group and acting as a “powerful weapon for terrorism.” The suit was filed over the weekend in a federal court in New York City on behalf of the relatives of three U.S. nationals who were killed by ISIS in the March 22, 2016, terrorist attacks in Brussels and the Nov. 13, 2015, terrorist attacks in Paris.

At least 32 people died in the Brussels attack and about 130 in the attack in Paris. The suit alleges that Twitter has violated, and continues to violate, the U.S.

Anti-Terrorism Act.

The plaintiffs are asking for a jury trial and monetary damages to be determined at trial. Twitter did not reply to a request for comment. “Twitter’s social media platform and services provide tremendous utility and value to ISIS as a tool to connect its members and to facilitate the terrorist group’s ability to communicate, recruit members, plan and carry out attacks, and strike fear in its enemies,” the suit alleges. “ISIS has used Twitter to cultivate and maintain an image of brutality, to instill greater fear and intimidation, and to appear unstoppable ...” The lawsuit also contends that specifically for the Brussels and Paris attacks, ISIS used Twitter to issue threats, as well as to announce and celebrate the attacks. The lawsuit was filed by the family of siblings Alexander Pinczowski and Sascha Pinczowski, who were killed in Brussels, and the family of Nohemi Gonzalez, who was killed in Paris. Last year, another lawsuit was filed by Gonzalez’s father against Twitter, Facebook and YouTube for allegedly knowingly allowing ISIS to “use their social networks as a tool for spreading extremist propaganda, raising funds and attracting new recruits.” In December, the families of three victims of the June shooting at the Pulse nightclub in Orlando, Florida, sued Facebook, Twitter and Google, the owner of YouTube, for allegedly ”providing support to the Islamic State.” Forty-nine people were killed in the attack. The question, if either case goes to trial, is whether a social network can be held responsible for the actions of any of its users. “While I certainly can sympathize with the families, it’s hard for me to see how Twitter can be held responsible for the rise of ISIS and their terror activities,” said Dan Olds, an analyst with OrionX. “Let’s imagine the world a few decades ago, before the internet. Would someone try to hold AT&T responsible for criminal activities that were planned over the telephone? Or is the printing press manufacturer responsible for magazines that encourage terrorism that were printed using presses they built and sold? “ In response to the attacks, Twitter took steps to prevent terrorists from using its network. In August, the company reported that in the previous six months, it had suspended 235,000 accounts for violating its policies related to the promotion of terrorism. That was in addition to 125,000 accounts that been suspended since mid-2015, bringing the total number of terrorist-related suspended accounts to 360,000. “We strongly condemn these acts and remain committed to eliminating the promotion of violence or terrorism on our platform,” the company said in a blog post at the time. Judith Hurwitz, an analyst with Hurwitz & Associates, said it would be a significant challenge for Twitter to keep terrorists completely off its site. “Perhaps Twitter could do a better job identifying users who are terrorists,” she said, saying the company would likely need advanced machine learning tools to weed out the bad players. “Of course, it would have to be advanced… Remember that terrorists are very good at adapting.
If they are thrown off of the system, they can come back with a different persona and try to game the system.” Brad Shimmin, an analyst with Current Analysis, said social networks like Twitter, Facebook and Google can’t be held responsible for their users’ actions. “There is no way of effectively policing those sites based upon affiliation or behavior,” Shimmin said. “Twitter itself has gone to some extreme measures to single out and remove accounts engaged in this sort of thing.

That will help, and I think such efforts are a moral responsibility for Twitter and other social networking vendors, but those actions can’t rule out future misuse.” Olds said it would be impossible for Twitter to keep terrorists from using its site 100% of the time, but the company could do a better job of curtailing it. “Terrorist messages should be able to be rooted out with some solid language processing software,” Olds said. “I’d like to see them do more along these lines.

The technology is there, they just need to adapt it to anti-terrorist tasks.” If Twitter loses the lawsuit and is ordered to pay significant damages, the impact on other social networks would be chilling, he said. “Social networks would be forced to keep a much closer eye on user activities and crack down on anything that could be interpreted as ‘bad,’ “ Olds said. “The end result would be self-imposed censorship on the part of the nets, which would greatly upset many users.

But I just don’t see this happening—at least not with this case.” This story, "Families of ISIS victims sue Twitter for being 'weapon for terrorism' " was originally published by Computerworld.