Category Archives: Law & Disorder

A new ransomware outbreak similar to WCry is shutting down computers worldwide

Enlarge / This is the note that's left on computers infected by PetyaWrap. (credit: Eset)

A new ransomware attack similar to last month's self-replicating WCry outbreak is sweeping the world with at least 80 large companies infected, reportedly including drug maker Merck, international shipping company Maersk, law firm DLA Piper, UK advertising firm WPP, and snack food maker Mondelez International. It has attacked at least 2,000 computers, according to one security company.

PetyaWrap, as some researchers are calling the ransomware, uses the same potent National Security Agency exploit that allowed WCry to paralyze hospitals, shipping companies, and train stations in a matter of hours on May 12. EternalBlue, as the exploit was code-named by its NSA developers, was published in April by a still-unknown group calling itself the Shadow Brokers. The leak gave people with only moderate technical skills a powerful vehicle for delivering virtually any kind of digital warhead. Microsoft patched the underlying vulnerability in Windows 7 and 8.1 in March, and in a rare move the company issued fixes for unsupported Windows versions 24 hours after the WCry outbreak. That meant infections were only possible on machines that were running outdated versions of the OS.

While some researchers said PetyaWrap was a new version of the long-established Petya ransomware, researchers from antivirus provider Kaspersky Lab said that preliminary findings showed it was, in fact, a new piece of malware that had never been seen before. Kaspersky said that it at least 2,000 computers that use its AV products had already been attacked by it.

Read 6 remaining paragraphs | Comments

Google must stop demoting competitors in search results, EU rules

Enlarge (credit: John Thys/AFP/Getty Images)

Google has been gut-punched by the European Commission for abusing its search monopoly to squeeze out other players on the Web. Europe's competition commissioner, Margrethe Vestager, had been expected to hit Google with a fine of around €1 billion, but the actual number is far larger: €2.42 billion, the largest anti-monopoly fine ever issued.

In addition to the fine, Google will be required to change its search algorithm so that every competing service is fairly crawled, indexed, ranked, and displayed. If Google fails to remedy its anti-competitive conduct within 90 days it will face daily penalty payments of up to 5 percent of the daily worldwide turnover of Google's parent company Alphabet. The commission's full statement on the decision makes for quite damning reading.

Google, as reported by the AFP news agency, "respectfully disagrees" with the EU's fine and is considering an appeal. We have asked Google for comment and will update this story when it responds.

Read 5 remaining paragraphs | Comments

Ringless voicemail spam won’t be exempt from anti-robocall rules

Enlarge / The FCC was asked to decide whether this ringless voicemail technology should be subject to anti-robocall rules. (credit: Stratics Networks)

A petition to exempt ringless voicemails from anti-robocall rules has been withdrawn after heavy opposition.

In March, a marketing company called All About the Message petitioned the Federal Communications Commission for a ruling that would prevent anti-robocall rules from applying to ringless voicemails. But the company withdrew its petition without explanation in a letter to the FCC last week, even though the commission hadn't yet ruled on the matter.

As the name suggests, a ringless voicemail is the delivery of a voice message to a voicemail box without ringing the recipient's phone. The now-withdrawn petition asked the FCC to declare that this type of message does not count as a "call" under the Telephone Consumer Protection Act (TCPA), which prohibits non-emergency calls made with auto-dialers, artificial voices, or prerecorded voices without the "prior express consent of the called party."

Read 5 remaining paragraphs | Comments

Obama reportedly ordered implants to be deployed in key Russian networks

Enlarge (credit: Wikimedia Commons/Maria Joner)

In his final days as the 44th president of the United States, Barack Obama authorized a covert hacking operation to implant attack code in sensitive Russian networks. The revelation came in an 8,000-word article The Washington Post published Friday that recounted a secret struggle to punish the Kremlin for tampering with the 2016 election.

According to Friday's article, the move came some four months after a top-secret Central Intelligence Agency report detailed Russian President Vladimir Putin's direct involvement in a hacking campaign aimed at disrupting or discrediting the presidential race. Friday's report also said that intelligence captured Putin's specific objective that the operation defeat or at least damage Democratic candidate Hillary Clinton and help her Republican rival Donald Trump. The Washington Post said its reports were based on accounts provided by more than three dozen current and former US officials in senior positions in government, most of whom spoke on the condition of anonymity.

In the months that followed the August CIA report, 17 intelligence agencies confirmed with high confidence the Russian interference. After months of discussions with various advisors, Obama enacted a series of responses, including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and expelling 35 Russian diplomats from the US. All of those measures have been known for months. The Post, citing unnamed US officials, said Obama also authorized a covert hacking program that involved the National Security Agency, the CIA, and the US Cyber Command. According to Friday's report:

Read 1 remaining paragraphs | Comments

Espionage suspect totally thought messages to Chinese intel were deleted

On June 22, Kevin Patrick Mallory was brought before a US federal judge for his first hearing on charges that he sold highly classified documents to a Chinese intelligence agent. These documents, which are considered "National Defense Information," included at least one Top Secret document and three classified as Secret, were found on a phone Mallory had been provided by his Chinese contacts. Mallory, a 60-year-old former Central Intelligence Agency employee living in Leesburg, Va., had thought the documents were in messages that had been deleted automatically from the device. Mallory faces life in prison if convicted.

Mallory, an independent consultant, had previously been an employee of "various government agencies" as well as several defense contractors. An Army veteran, Mallory worked at the State Department from 1987 to 1990. And according to the Washington Post, Mallory was also confirmed to have worked at the CIA, among other places. According to the FBI, Mallory was also an Army reservist during this time, and served on active duty for several deployments. For much of his career, he held a Top Secret clearance, which was rescinded when he left government service in 2012.

According to the indictment, at some point during his service at the unnamed agency or at a defense contractor, Mallory—who is fluent in Mandarin—secreted out a collection of documents. Mallory told the FBI that while in China doing consulting work for a state-funded think tank in March and April of this year, he was approached by individuals he then believed to be with China's intelligence service and was given a phone to communicate with them secretly. During an interview with the FBI on May 24, FBI agent Stephen Green recounted in affidavit requesting an arrest warrant:

Read 6 remaining paragraphs | Comments

How the CIA infects air-gapped networks

Enlarge / A configuration screen found in the Drifting Deadline exploit. (credit: WikiLeaks)

Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected.

More than 150 pages of materials published by WikiLeaks describe a platform code-named Brutal Kangaroo that includes a sprawling collection of components to target computers and networks that aren't connected to the Internet. Drifting Deadline was a tool that was installed on computers of interest. It, in turn, would infect any USB drive that was connected. When the drive was later plugged into air-gapped machines, the drive would infect them with one or more pieces of malware suited to the mission at hand. A Microsoft representative said none of the exploits described work on supported versions of Windows.

The infected USB drives were at least sometimes able to infect computers even when users didn't open any files. The so-called EZCheese exploit, which was neutralized by a patch Microsoft appears to have released in 2015, worked anytime a malicious file icon was displayed by the Windows explorer. A later exploit known as Lachesis used the Windows autorun feature to infect computers running Windows 7. Lachesis didn't require Explorer to display any icons, but the drive of the drive letter the thrumbdrive was mounted on had to be included in a malicious link. The RiverJack exploit, meanwhile, used the Windows library-ms function to infect computers running Windows 7, 8, and 8.1. Riverjack worked only when a library junction was viewed in Explorer.

Read 4 remaining paragraphs | Comments

Scammer who made 96 million robocalls should pay $120M fine, FCC says

Enlarge (credit: Getty Images | Besjunior)

The Federal Communications Commission today said that a scammer named Adrian Abramovich "apparently made 96 million spoofed robocalls during a three-month period" in order to trick people into buying vacation packages. The FCC proposed a fine of $120 million, but it will give the alleged perpetrator a chance to respond to the allegations before issuing a final decision.

The robocalls appeared to come from local numbers, and they told recipients to "press 1" to hear about exclusive vacation deals from well-known hotel chains and travel businesses such as Marriott, Expedia, Hilton, and TripAdvisor, the FCC said.

"Consumers who did press the button were then transferred to foreign call centers where live operators attempted to sell vacation packages often involving timeshares," the FCC said. "The call centers were not affiliated with the well-known travel and hospitality companies mentioned in the recorded message."

Read 10 remaining paragraphs | Comments

Lawsuit: Comcast sabotaged small ISP’s network, then took its customers

Enlarge (credit: Getty Images | BackyardProduction)

A tiny Internet service provider has sued Comcast, alleging that the cable giant and its hired contractors cut the smaller company's wires in order to take over its customer base.

Telecom Cable LLC had "229 satisfied customers" in Weston Lakes and Corrigan, Texas when Comcast and its contractors sabotaged its network, the lawsuit filed last week in Harris County District Court said.

Comcast had tried to buy Telecom Cable's Weston Lakes operations in 2013 "but refused to pay what they were worth," the complaint says. Starting in June 2015, Comcast and two contractors it hired "systematically destroyed Telecom’s business by cutting its lines and running off its customers," the lawsuit says. Comcast destroyed or damaged the lines serving all Telecom Cable customers in Weston Lakes and never repaired them, the lawsuit claims.

Read 13 remaining paragraphs | Comments

Charter promised more broadband but didn’t deliver, now must pay fine

Enlarge / A Charter Spectrum vehicle. (credit: Charter)

Charter has agreed to pay $13 million to New York State after failing to complete broadband construction that was required as part of its purchase of Time Warner Cable. Charter can get $12 million of that back if it completes the buildout under a revised schedule.

Charter was required to extend its network to 36,250 homes and businesses in the state within one year of the TWC merger being approved, but only completed the buildout to 15,164 of them by the May 18 deadline, state officials said in an announcement Tuesday. The NY Public Service Commission is taking public comments on the settlement before giving it final approval.

The $13 million payment includes $1 million in grants for computer equipment and Internet access for low-income residents. The other $12 million is "a security to meet its network expansion commitment going forward," which Charter can recover upon completing the merger conditions.

Read 8 remaining paragraphs | Comments

Air Force clears F-35 to fly again—with caveats—after hypoxia scares

Enlarge / An F-35 Lightning II performs a maneuver Sept. 12, 2016 at Luke Air Force Base, Arizona. After a temporary grounding, the F-35 has returned to the skies at the base, but with some restrictions on how pilots fly the aircraft. (credit: US Air Force)

The F-35A has been cleared to operate once again from Luke Air Force Base, the primary pilot-training facility for the Air Force's newest fighter aircraft. The F-35 had been grounded at Luke since June 9, after five incidents over a month in which pilots experienced the symptoms of hypoxia (oxygen deprivation). However, that return to flight, which began June 21, comes with some caveats: pilots have been instructed to "avoid the altitudes in which the hypoxia-like incidents occurred," according to press releases by the Air Force and the F-35 Joint Program Office (JPO).

The F-35 JPO convened a "formal action team" to investigate the incidents after the aircraft grounding to work with the Air Force to investigate the hypoxia incidents. So far, the team has only managed to rule out a number of "specific concerns," including aircraft maintenance issues and procedures surrounding pilots' flight equipment. So while the aircraft are being returned to service, some restrictions have been placed on F-35 operations out of Luke. In addition to avoiding certain altitudes, the Air Force said that "ground procedures will be modified to mitigate physiological risks to pilots." The specifics of those changes were not mentioned in the press release.

The Air Force will also increase the minimum acceptable amount of backup oxygen aboard F-35As. And pilots will be "offered the option" of wearing sensors that will collect "human performance data" during flight to monitor for signs of hypoxia. The Air Force will also expand its physiological training for pilots to help them recognize and respond early to hypoxia symptoms.

Read 3 remaining paragraphs | Comments