Posts tagged ‘research’

Krebs on Security: Complex Solutions to a Simple Problem

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

My inbox has been flooded of late with pitches for new technologies aimed at making credit cards safer and more secure. Many of these solutions are exceedingly complex and overwrought — if well-intentioned — responses to a problem that we already know how to solve. Here’s a look at a few of the more elaborate approaches.

A promotion for the Siren Swipe technology.

A promotion for the Siren Swipe technology.

Some of these ideas may have benefited from additional research into where financial institutions actually experience most of their fraud losses. Hint: Lost-and-stolen fraud is minuscule compared to losses from other types of fraud, such as counterfeit cards and online fraud. Case in point: A new product called Safe Swipe. From their pitch:

“The basic premise of our solution, Safe Swipe…is a technology which ‘marries’ your smart mobile device, phone, tablet and or computer to your credit/debit card(s). We’ve developed a Geo-Locator software program which triangulates your location with the POS device and your mobile phone so that if your phone and credit card are not within a certain predetermined range of one another the purchase would be challenged. In addition, we incorporated an ON/OFF type switch where you can ‘Lock Down’ your credit/debit card from your mobile device making it useless should it ever be stolen.”

The truth is that you can “lock down” your credit card if it’s lost or stolen by calling your credit card company and reporting it as such.  Along these lines, I received multiple pitches from the folks who dreamed up a product/service called “Siren Swipe.” Check it out:

“The SIREN SWIPE system immediately notifies local police (via the local 911 center) of a thief’s location (ie merchant address) once heswipes a card that has already been reported stolen,” the folks at this company said in an email pitch to KrebsOnSecurity. “SIREN SWIPE has the potential to drastically impact the credit card fraud landscape because although card credentials being stolen is a forgone conclusion, which cards thieves decide to actually use is not.  For a thief browsing a site like Rescator, the knowledge that using certain banks’ cards could result in an immediate police response can make thieves avoid using these banks’ stolen cards over and over again.  And in the best case scenario, a carder site admin could just decide not to sell subscribing banks’ cards in the interest of customer service.”

The sad truth is that, for the most part, cops generally have more important things to do than chase around the street urchins who end up using stolen credit and debit cards, and they’re not going to turn on the dome lights and siren over something like this. Also, the signals for fraud are all backwards here: The fraudsters know to use criminal card-checking services before buying and/or using stolen cards, so they don’t generally end up using a pile of cards that have already been cancelled.

A diagram explaining Quantum Secure Authentication.

A diagram explaining Quantum Secure Authentication.

My favorite overwrought solution to making credit cards more secure comes from researchers in the Netherlands, who recently put out a paper announcing a card security idea they’re calling Quantum-Secure Authentication. According to its creators, this approach relies on “the unique quantum properties of light to create a secure question-and-answer exchange that cannot be spoofed or copied. From their literature:

“Traditional magnetic-stripe-only cards are relatively simple to use but simple to copy. Recently, banks have begun issuing so-called ‘smart cards’ that include a microprocessor chip to authenticate, identify & enhance security. But regardless of how complex the code or how many layers of security, the problem remains that an attacker who obtains the information stored inside the card can copy or emulate it. The new approach…avoids this risk entirely by using the peculiar quantum properties of photons that allow them to be in multiple locations at the same time to convey the authentication questions & answers. Though difficult to reconcile with our everyday experiences, this strange property of light can create a fraud-proof Q&A exchange, like those used to authorize credit card transactions.”

The main reason so many of these newfangled technologies are even being proposed is that the United States lags 20 years behind Europe and the rest of the world in adopting chip/smartcard technology in credit and debit cards. This is starting to change on both the card-issuing side (the banks) and the merchant side. Most of the biggest banks are already issuing chip cards, with smaller institutions following suit next year. In October 2015, merchants that haven’t yet installed card swipe terminals that accept chip cards will be liable for all of the fraud costs on any fraudulent transaction involving a chip card.

It’s unclear how much appetite there is for new technology to help banks fight card fraud, when so many financial institutions have yet to roll out chip cards. A payments fraud survey released this week by the Federal Reserve Bank of Minneapolis found that “high percentages of surveyed financial institutions report that fraud prevention costs exceed actual losses for many types of payments, especially wire, cash, and ACH payments. This trend is even more striking for non-financial respondents. In every payment category, a higher percentage of such firms responded that prevention costs exceed fraud losses.”

The Fed survey (PDF), which quizzed both banks and corporations, found that about half of the financial institutions that experienced payment fraud losses reported increases in those losses, while three quarters of the non-financial firms responded that loss rates had remained about the same over the prior year.

“In keeping with previous surveys, signature debit transactions are the payment type cited by the largest number of financial institutions as accounting for high levels of payments fraud losses (92% of financial service companies), while checks are cited by 75% of non-financial companies,” the Fed concluded. “While this finding could suggest that companies are overcompensating in prevention vis-à-vis likely losses, it is also possible that risk mitigation strategies and fraud prevention investments have indeed been effective.”

SANS Internet Storm Center, InfoCON: green: Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor, (Wed, Dec 17th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Researchers at Palo Alto found that many ROM images used for Android smart phones manufactured by Coolpad contain a backdoor, giving an attacker full control of the device. Palo Alto named the backdoor Coolreaper.

With Android, it is very common for manufacturers to install additional applications. But these applications are installed on top of the Android operating system. In this case, Coolpad integrated additional functionality into the firmware of the device. This backdoor was then used by Coolpad to push advertisements to its users and to install additional Android applications.But its functionality goes way beyond simple advertisements.

The backdoor provides full access to the device. It allows the installation of additional software, accessing any information about the device, and even notifying the user of fake over the air updates.

How important is this threat?

Coolpad devices are mostly used in China, with a market share of 11.5% according to the report. They are not found much outside of China. The phones are typically sold under brands like Coolpad, Dazen and Magview.

The following domains and IPs are used for the CC channel:

113.142.37.149, dmp.coolyn.com, dmp.51coolpad.com, icudata.coolyun.com, icudata.51coolpad.com, 113.142.37.246, icucfg.coolyun.com and others. Blocking and logging outbound traffic for these IPs will help you identify affected devices.

For details, see the Palo Alto Networks report athttps://www.paloaltonetworks.com/threat-research.html


Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: Banks: Park-n-Fly Online Card Breach

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide.

park-n-flyIn response to questions from KrebsOnSecurity, Park-n-Fly said it recently engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.

“We have been unable to find any specific issues related to the cards or transactions reported to us and by the financial institutions,” wrote Michael Robinson, the company’s senior director of information technology, said in an emailed statement. “While this kind of incident is rare for us based on our thousands of daily transactions, we do take every instance very seriously. Like any reputable company involved in e-commerce today we recognize that we must be constantly vigilant and research every claim to root out any vulnerabilities or potential gaps.”

Park-n-Fly’s statement continues:

“While we believe that our systems are very secure, including SLL encryption, we have recently engaged multiple outside security firms to identify and resolve any possible gaps in our systems and as always will take any action indicated. We have made all necessary precautionary upgrades and we just upgraded on 12/9 to the latest EV SSL certificate from Entrust, one of the leading certificate issuers in the industry.”

Nevertheless, two different banks shared information with KrebsOnSecurity that suggests Park-n-Fly — or some component of its online card processing system — has indeed experienced a breach. Both banks saw fraud on a significant number of customer cards that previously  — and quite recently — had been used online to make reservations at a number of more than 50 Park-n-Fly locations nationwide.

Unlike card data stolen from main street retailers, which can be encoded onto new plastic and used to buy stolen goods in physical retail stores — cards stolen from online transactions can only be used by thieves for fraudulent online purchases. However, most online carding shops that sell stolen card data in underground stores market both types of cards, known in thief-speak as “dumps” and “CVVs,” respectively.

The CVVs stolen that bank sources traced back to Park-and-Fly are among thousands currently for sale in four large batches of card data (dubbed “Decurion”) being peddled at Rescator[dot]cm, the same crime shop that first moved cards stolen in the retail breaches at Home Depot and Target. The card data ranges in price from $6 to $9 per card, and include the card number, expiration date, 3-digit card verification code, as well as the cardholder’s name, address and phone number.

Cards that banks traced back to Park-n-Fly were all for sale at Rescator's shop.

Cards that banks traced back to Park-n-Fly were all for sale at Rescator’s shop.

Last month, SP Plus — a Chicago-based parking facility provider — said payment systems at 17 parking garages in Chicago, Philadelphia and Seattle that were hacked to capture credit card data after thieves installed malware to access credit card data from a remote location. Card data stolen from those SP+ locations ended up for sale on a competing cybercrime store called Goodshop.

In Missouri, the St. Louis Parking Company recently disclosed that it learned of breach involving card data stolen from its Union Station Parking facility between Oct. 6, 2014 and Oct. 31, 2014.

Raspberry Pi: Controlling Telescopes with Raspberry Pi and Mathematica

This post was syndicated from: Raspberry Pi and was written by: Eben Upton. Original post: at Raspberry Pi

Eben: Here’s a guest post from Tom Sherlock, describing how he’s been able to control a telescope using a Raspberry Pi, Mathematica and the Wolfram Language.

As an amateur astronomer, I’m always interested in ways to use Mathematica in my hobby. In earlier blog posts, I’ve written about how Mathematica can be used to process and improve images taken of planets and nebulae. However, I’d like to be able to control my astronomical hardware directly with the Wolfram Language.

In particular, I’ve been curious about using the Wolfram Language as a way to drive my telescope mount, for the purpose of automating an observing session. There is precedent for this because some amateurs use their computerized telescopes to hunt down transient phenomena like supernovas. Software already exists for performing many of the tasks that astronomers engage in—locating objects, managing data, and performing image processing. However, it would be quite cool to automate all the different tasks associated with an observing session from one notebook.

Mathematica is highly useful because it can perform many of these operations in a unified manner. For example, Mathematica incorporates a vast amount of useful astronomical data, including the celestial coordinates of hundreds of thousands of stars, nebula, galaxies, asteroids, and planets. In addition to this, Mathematica‘s image processing and data handling functionality are extremely useful when processing astronomical data.

Previously I’ve done some work interfacing with telescope mounts using an existing library of functions called ASCOM. Although ASCOM is powerful and can drive many devices associated with astronomy, like domes and filter wheels, it is limited because it only works on PCs and needs to be pre-installed on your computer. I wanted to be able to drive my telescope directly from Mathematica running on any platform, and without any special set up.

Telescope Serial Communication Protocols

I did some research and determined that many telescope mounts obey one of two serial protocols for their control: the Meade LX200 protocol and the Celestron NexStar protocol.

The LX200 protocol is used by Meade telescopes like the LX200 series as well as the ETX series. The LX200 protocol is also used by many non-Meade telescope mounts, like those produced by Losmandy and Astro-Physics.

The NexStar protocol is used by Celestron telescopes and mounts as well as those manufactured by its parent company, Synta, including the Orion Atlas/Sirius family of computerized mounts.

The full details of these protocols can be found in the Meade Telescope Serial Command Protocol PDF and the NexStar Communication Protocol PDF.

A notable exception is the Paramount series of telescope mounts from Software Bisque, which use the RTS2 (Remote Telescope System) protocol for remote control of robotic observatories. The RTS2 standard describes communication across a TCP/IP link and isn’t serial-port based. Support for RTS2 will have to be a future project.

Since Mathematica 10 has added direct serial-port support, it’s possible to implement these protocols directly in top-level Wolfram Language code and have the same code drive different mounts from Mathematica running on different platforms, including Linux, Mac, Windows, and Raspberry Pi.

Example: Slewing the Scope

Here’s an example of opening a connection to a telescope mount obeying the LX200 protocol, setting the target and then slewing to that target.

Open the serial port (“/dev/ttyUSB0″) connected to the telescope:

theScope = DeviceOpen["Serial", 
{"/dev/ttyUSB0", "BaudRate" -> 9600, 
"DataBits" -> 8, "Parity" -> None, 
"StopBits" -> 1}];

First we need a simple utility for issuing a command, waiting for a given amount of time (usually a few seconds), and then reading off the single-character response.

ScopeIssueCommand1[theScope_, cmd_String]:=
Module[{},
   DeviceWrite[theScope, cmd]; 
   Pause[theScopeTimeout];
   FromCharacterCode[DeviceRead[theScope]]
];

These are functions for setting the target right ascension and declination in the LX200 protocol. Here, the right ascension (RA) is specified by a string in the form of HH:MM:SS, and the declination (Dec) by a string in the form of DD:MM:SS.

ScopeSetTargetRightAscension[theScope_,str_String] := ScopeIssueCommand1[theScope,":Sr"<>str<>"#"];

ScopeSetTargetDeclination[theScope_,str_String] := ScopeIssueCommand1[theScope,":Sd"<>str<>"#"];

Now that we have the basics out of the way, in order to slew to a target at coordinates specified by RA and Dec strings, setting the target and then issuing the slew command are combined.

ScopeSlewToRADecPrecise[
   theScope_, ra_String, dec_String]:=
Module[{},
   ScopeSetTargetRightAscension[theScope,ra];
   ScopeSetTargetDeclination[theScope, dec];
   ScopeSlewTargetRADec[theScope]
];

We can also pass in real values as the coordinates, and then convert them to correctly formatted strings for the above function.

ScopeSlewToRADecPrecise[
   theScope_, ra_Real, dec_Real]:=
Module[{rah,ram,ras,rastr,dd,dm,ds,decstr},
   rah=ToString[IntegerPart[ra]];
   ram=ToString[IntegerPart[Abs[FractionalPart[ra]]*60]];
   ras=ToString[IntegerPart[FractionalPart[Abs[
      FractionalPart[ra]]*60]*60]];
   rastr=rah<>":"<>ram<>":"<>ras;
   dd=ToString[IntegerPart[dec]];	
   dm=ToString[IntegerPart[Abs[FractionalPart[dec]]*60]];
   ds=ToString[IntegerPart[FractionalPart[Abs[
      FractionalPart[dec]]*60]*60]];
   decstr=dd<>":"<>dm<>":"<>ds;
   ScopeSlewToRADecPrecise[theScope, rastr, decstr]
];

Now we can point the scope to the great globular cluster in Hercules:

ScopeSlewToRADecPrecise[theScope,
AstronomicalData["M13","RightAscension"],
AstronomicalData["M13","Declination"]];

Slew the scope to the Ring Nebula:

ScopeSlewToRADecPrecise[theScope,
NebulaData["M57","RightAscension"],
NebulaData["M57","Declination"]];

And slew the scope to Saturn:

ScopeSlewToRADec[PlanetData["Saturn","RightAscension"],
PlanetData["Saturn","Declination"]];

When the observing session is complete, we can close down the serial connection to the scope.

DeviceClose[theScope];

Please be aware that before trying this on your own scope, you should have limits set up with the mount so that the scope doesn’t accidentally crash into things when slewing around. And of course, no astronomical telescope should be operated during the daytime without a proper solar filter in place.

The previous example works with Mathematica 10 on all supported platforms. The only thing that needs to change is the name of the serial port. For example, on a Windows machine, the port may be called “COM8″ or such.

Telescope Control with Raspberry Pi

One interesting platform for telescope control is the Raspberry Pi. This is an inexpensive ($25–$35), low-power-consumption, credit-card-sized computer that runs Linux and is tailor-made for all manner of hackery. Best of all, it comes with a free copy of Mathematica included with the operating system.

wolfram1

Since the Pi is just a Linux box, the Wolfram Language code for serial-port telescope control works on that too. In fact, since the Pi can easily be wirelessly networked, it is possible to connect to it from inside my house, thus solving the number one problem faced by amateur astronomers, namely, how to keep warm when it’s cold outside.

The Pi doesn’t have any direct RS-232 ports in hardware, but an inexpensive USB- to-serial adapter provides a plug-n-play port at /dev/ttyUSB0. In this picture, you can see the small wireless network adapter in the USB socket next to the much larger, blue, usb-to-serial adapter.

wolfram2

Astrophotography with the Pi

Once I had the Pi controlling the telescope, I wondered if I could use it to take pictures through the scope as well. The Raspberry Pi has an inexpensive camera available for $25, which can take reasonably high-resolution images with a wide variety of exposures.

wolfram3

This isn’t as good as a dedicated astronomical camera, because it lacks the active cooling needed to take low-noise images of deep sky objects, but it would be appropriate for capturing images of bright objects like planets, the Moon, or (with proper filtering) the Sun.

It was fairly easy to find the mechanical dimensions of the camera board on the internet, design a telescope adapter…

wolfram4

…and then build the adapter using my lathe and a few pennies worth of acetal resin (Dupont Delrin®) I had in my scrap box. The normal lens on the Pi camera was unscrewed and removed to expose the CCD chip directly because the telescope itself forms the image.

wolfram5

Note that this is a pretty fancy adaptor, and one nearly as good could have been made out of 1 1/4 plumbing parts or an old film canister; this is a place where many people have exercised considerable ingenuity. I bolted the adaptor to the side of the Pi case using some 2-56 screws and insulating stand-offs cut from old spray bottle tubing.

wolfram6

This is how the PiCam looks plugged into the eyepiece port on the back of my telescope, and also plugged into the serial port of my telescope’s mount. In this picture, the PiCam is the transparent plastic box at the center. The other camera with the gray cable at the top is the guiding camera I use when taking long exposure astrophotographs.

wolfram7

Remotely Connecting to the PiCam

The Pi is a Linux box, and it can run vncserver to export its desktop. You can then run a vnc client package, like the free TightVNC, on any other computer that is networked to the Pi. This is a screen shot taken from my Windows PC of the TightVNC application displaying the PiCam’s desktop. Here, the PiCam is running Mathematica and has imported a shot of the Moon’s limb from the camera module attached to the telescope via the adapter described above.

wolfram8

It’s hard to read in the above screen shot, but here is the line I used to import the image from the Pi’s camera module directly into Mathematica:

moonImage=Import[
"!raspistill -ss 1000 -t 10 -w 1024 -h 1024 -o -",
"JPG"]

This command invokes the Pi’s raspistill camera utility and captures a 1024×1024 image exposed at 1,000 microseconds after a 10-second delay, and then brings the resulting JPEG file into Mathematica.

One problem that I haven’t solved is how to easily focus the telescope remotely, because the PiCam’s preview image doesn’t work over the vnc connection. One interesting possibility would be to have Mathematica take a series of exposures while changing the focus via a servo attached to the focus knob of the telescope.

Conclusion

Mathematica and the Wolfram Language provide powerful tools for a wide variety of device control applications. In this case, I’ve used it on several different platforms to control a variety of astronomical hardware.

Schneier on Security: Over 700 Million People Taking Steps to Avoid NSA Surveillance

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

There’s a new international survey on Internet security and trust, of “23,376 Internet users in 24 countries,” including “Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States.” Amongst the findings, 60% of Internet users have heard of Edward Snowden, and 39% of those “have taken steps to protect their online privacy and security as a result of his revelations.”

The press is mostly spinning this as evidence that Snowden has not had an effect: “merely 39%,” “only 39%,” and so on. (Note that these articles are completely misunderstanding the data. It’s not 39% of people who are taking steps to protect their privacy post-Snowden, it’s 39% of the 60% of Internet users — which is not everybody — who have heard of him. So it’s much less than 39%.)

Even so, I disagree with the “Edward Snowden Revelations Not Having Much Impact on Internet Users” headline. He’s having an enormous impact. I ran the actual numbers country by country, combining data on Internet penetration with data from this survey. Multiplying everything out, I calculate that 706 million people have changed their behavior on the Internet because of what the NSA and GCHQ are doing. (For example, 17% of Indonesians use the Internet, 64% of them have heard of Snowden and 62% of them have taken steps to protect their privacy, which equals 17 million people out of its total 250-million population.)

Note that the countries in this survey only cover 4.7 billion out of a total 7 billion world population. Taking the conservative estimates that 20% of the remaining population uses the Internet, 40% of them have heard of Snowden, and 25% of those have done something about it, that’s an additional 46 million people around the world.

It’s probably true that most of those people took steps that didn’t make any appreciable difference against an NSA level of surveillance, and probably not even against the even more pervasive corporate variety of surveillance. It’s probably even true that some of those people didn’t take steps at all, and just wish they did or wish they knew what to do. But it is absolutely extraordinary that 750 million people are disturbed enough about their online privacy that they will represent to a survey taker that they did something about it.

Name another news story that has caused over ten percent of the world’s population to change their behavior in the past year? Cory Doctorow is right: we have reached “peak indifference to surveillance.” From now on, this issue is going to matter more and more, and policymakers around the world need to start paying attention.

Related: a recent Pew Research Internet Project survey on Americans’ perceptions of privacy, commented on by Ben Wittes.

SANS Internet Storm Center, InfoCON: green: Worm Backdoors and Secures QNAP Network Storage Devices, (Sun, Dec 14th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Shellshock is far from over, with many devices still not patched andout there ready for exploitation. One set of thedevices receiving a lot of attention recently are QNAP disk storage systems. QNAP released a patch in early October, but applying the patch is not automatic and far from trivial for many users[1]. Our reader Erichsubmitted a link to an interesting Pastebin post with code commonly used in these scans [2]

The attack targets a QNAP CGI script, /cgi-bin/authLogin.cgi, a well known vector for Shellshock on QNAP devices [3]. This script is called during login, and reachable without authentication. The exploit is then used to launch a simple shell script that will download and execute a number of additional pieces of malware:

emme [sha1611bd8bea11d6edb68ed96583969f85469f87e0f]:

This appears to implement a click fraud script against advertisement network JuiceADV. The userid that is being used is4287 and as referrer,http://www.123linux.it is used. The user agent is altered based on a remote feed.

cl [sha1b61fa82063975ba0dcbbdae2d4d9e8d648ca1605]

A one liner shell script uploading part of /var/etc/CCcam.cfg to ppoolloo.altervista.com . My test QNAP system does not have this file, so I am not sure what they are after.

The script also created a hidden directory, /share/MD0_DATA/optware/.xpl, which is then used to stash some of the downloaded scripts and files.

Couple other changes made by the script:

  • Sets the DNS server to 8.8.8.8
  • creates an SSH server on port 26
  • adds an admin user called request
  • downloads and copies ascriptto cgi-bin: armgH.cgi and exo.cgi
  • modify autorun.sh to run the backdoors on reboot

Finally, the script will also download and install the Shellshock patch from QNAP and reboot the device.

Infected devices have been observed scanning for other vulnerable devices. I was not able to recover all of the scripts the code on pastebin downloads. The scanner may be contained in one of the additional scripts.

[1] http://www.qnap.com/i/en/news/con_show.php?op=showonecid=342
[2]http://pastebin.com/AQJgM5ij
[3] https://www.fireeye.com/blog/threat-research/2014/10/the-shellshock-aftershock-for-nas-administrators.html


Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: SpamHaus, CloudFlare Attacker Pleads Guilty

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare, KrebsOnSecurity has learned.

narko-stophausIn late March 2013, a massive distributed denial-of-service (DDoS) attack hit the web site of SpamHaus, an organization that distributes a blacklist of spammers to email and network providers. When SpamHaus moved its servers behind CloudFlare, which specializes in blocking such attacks — the attackers pelted CloudFlare’s network. The New York Times called the combined assault the largest known DDoS attack ever on the Internet at the time; for its part, CloudFlare dubbed it “the attack that almost broke the Internet.”

In April 2013, an unnamed then-16-year-old male from London identified only by his hacker alias “Narko,” was arrested and charged with computer misuse and money laundering in connection with the attack.

Sources close to the investigation now tell KrebsOnSecurity that Narko has pleaded guilty to those charges, and that Narko’s real name is Sean Nolan McDonough. A spokesman for the U.K. National Crime Agency confirmed that a 17-year-old male from London had pleaded guilty to those charges on Dec. 10, but noted that “court reporting restrictions are in place in respect to a juvenile offender, [and] as a consequence the NCA will not be releasing further detail.”

During the assault on SpamHaus, Narko was listed as one of several moderators of the forum Stophaus[dot]com, a motley crew of hacktivists, spammers and bulletproof hosting providers who took credit for organizing the attack on SpamHaus and CloudFlare.

WHO RUNS STOPHAUS?

It is likely that McDonough/Narko was hired by someone else to conduct the attack. So, this seems as good a time as any to look deeper into who’s likely the founder and driving force behind the Stophaus movement itself. All signs point to an angry, failed spammer living in Florida who runs an organization that calls itself the Church of Common Good.

cocg-fbNot long after McDonough’s arrest, a new Facebook page went online called “Freenarko,” which listed itself as “a solidarity support group to help in the legal defense and media stability for ‘Narko,’ a 16-yr old brother in London who faces charges concerning the Spamhaus DDoS attack in March.”

Multiple posts on that page link to Stophaus propaganda, to the Facebook page for the Church of the Common Good, and to a now-defunct Web site called “WeAreHomogeneous.org” (an eye-opening and archived copy of the site as it existed in early 2013 is available at archive.org; for better or worse, the group’s Facebook page lives on).

The Church of Common Good lists as its leader a Gulfport, Fla. man named Andrew J. Stephens, whose LinkedIn page says he is a “media mercenary” at the same organization. Stephens’ CV lists a stint in 2012 as owner of an email marketing firm variously called Digital Dollars and IBT Inc, moneymaking schemes which Stephens describes as a “beginner to intermediate level guide to successful list marketing in today’s email environment. It incorporates the use of both white hat and some sketchy techniques you would find on black hat forums, but has avoided anything illegal or unethical…which you would also find on black hat forums.”

More recent entries in Andrew’s LinkedIn profile show that he now sees his current job as a “social engineer.” From his page:

“I am a what you may call a “Social Engineer” and have done work for several information security teams. My most recent operation was with a research team doing propaganda analysis for a media firm. I have a unique ability to access data that is typically inaccessible through social engineering and use this ability to gather data for research purposes. I have a knack for data mining and analysis, but was not formally trained so am able to think outside the box and accomplish goals traditional infosec students could not. I am proficient at strategic planning and vulnerability analysis and am often busy dissecting malware and tracking the criminals behind such software. There’s no real title for what I do, but I do it well I am told.”

Turns out, Andrew J. Stephens used to have his own Web site — andrewstephens.org. Here, the indispensable archive.org helps out again with a cache of his site from back when it launched in 2011 (oddly enough, the same year that Stophaus claims to have been born). On his page, Mr. Stephens lists himself as an “internet entrepreneur” and his business as “IBT.” Under his “Featured Work” heading, he lists “The Stophaus Project,” “Blackhat Learning Center,” and a link to an spamming software tool called “Quick Send v.1.0.”

Stephens did not return requests for comment sent to his various contact addresses, although a combative individual who uses the Twitter handle @Stophaus and has been promoting the group’s campaign refused to answer direct questions about whether he was in fact Andrew J. Stephens.

Helpfully, the cached version of Andrewstephens.org lists a contact email address at the top of the page: stephensboy@gmail.com (“Stephensboy” is the short/informal name of the Andrew J. Stephens LinkedIn profile). A historic domain registration record lookup purchased from Domaintools.com shows that same email address was used to register more than two dozen domains, including stophaus.org and stopthehaus.org. Other domains and businesses registered by that email include (hyperlinked domains below link to archive.org versions of the site):

-“blackhatwebhost.com“;
-“bphostingservers.com” (“BP” is a common abbreviation for “bulletproof hosting” services sold to -spammers and malware purveyors);
-“conveyemail.com”;
-“datapacketz.com” (another spam software product produced and marketed by Stephens);
-“emailbulksend.com”;
-“emailbulk.info”;
-“escrubber.info” (tools to scrub spam email lists of dummy or decoy addresses used by anti-spam companies);
-“esender.biz”;
-“ensender.us”;
-“quicksendemail.com“;
-“transmitemail.com”.

The physical address on many of the original registration records for the site names listed above show an address for one Michelle Kellison. The incorporation records for the Church of Common Good filed with the Florida Secretary of State list a Michelle Kellison as the registered agent for that organization.

Putting spammers and other bottom feeders in jail for DDoS attacks may be cathartic, but it certainly doesn’t solve the underlying problem: That the raw materials needed to launch attacks the size of the ones that hit SpamHaus and CloudFlare last year are plentiful and freely available online. As I noted in the penultimate chapter of my new book — Spam Nation (now a New York Times bestseller, thank you dear readers!), the bad news is that little has changed since these ultra-powerful attacks first surfaced more than a decade ago.

Rodney Joffe, senior vice president and senior technologist at Neustar –a security company that also helps clients weather huge online attacks — estimates that there are approximately 25 million misconfigured or antiquated home and business routers that can be abused in these digital sieges. From the book:

Most of these are home routers supplied by ISPs or misconfigured business routers, but a great many of the devices are at ISPs in developing countries or at Internet providers that see no economic upside to spending money for the greater good of the Internet.

“In almost all cases, it’s an option that’s configurable by the ISP, but you have to get the ISP to do it,” Joffe said. “Many of these ISPs are on very thin margins and have no interest in going through the process of protecting their end users— or the rest of the Internet’s users, for that matter.”

And therein lies the problem. Not long ago, if a spammer or hacker wanted to launch a massive Internet attack, he had to assemble a huge botnet that included legions of hacked PCs. These days, such an attacker need not build such a huge bot army. Armed with just a few hundred bot- infected PCs, Joffe said, attackers today can take down nearly any target on the Internet, thanks to the millions of misconfigured Internet routers that are ready to be conscripted into the attack at a moment’s notice.

“If the bad guys launch an attack, they might start off by abusing 20,000 of these misconfigured servers, and if the target is still up and online, they’ll increase it to 50,000,” Joffe said. “In most cases, they only need to go to 100,000 to take the bigger sites offline, but there are 25 million of these available.”

If you run a network of any appreciable size, have a look for your Internet addresses in the Open Resolver Project, which includes a searchable index of some 32 million poorly configured or outdated device addresses that can be abused to launch these very damaging large-scale attacks.

TorrentFreak: Leak Exposes Hollywood’s Global Anti-Piracy Strategy

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

mpaa-logoThe Sony Pictures leak has caused major damage to the Hollywood movie studio, but the fallout doesn’t end there.

Contained in one of the leaked data batches is a complete overview of the MPAA’s global anti-piracy strategy for the years to come.

In an email sent to top executives at the major Hollywood studios earlier this year, one of the MPAA’s top executives shared a complete overview of Hollywood’s anti-piracy priorities.

The email reveals key areas of focus for the coming years, divided into high, medium and low priority categories, as shown below.

piracy-strategy-page

The plan put forward by the MPAA is the ideal strategy. Which elements are to be carried out will mostly depend on the funds made available by the studios.

High priority

For cyberlockers and video streaming sites the MPAA plans to reach out to hosting providers, payment processing companies and advertising networks. These companies are urged not to work with so-called rogue sites.

Part of the plan is to create “legal precedent to shape and expand the law on cyberlockers and their hosting providers,” with planned lawsuits in the UK, Germany and Canada.

Cyberlocker strategy
mpaa-cyberlocker

Other top priorities are:

Apps: Making sure that pirate apps are taken down from various App stores. Google’s removal of various Pirate Bay apps may be part of this. In addition, the MPAA wants to make apps “unstable” by removing the pirated files they link to.

Payment processors: The MPAA wants to use government influence to put pressure on payment processors, urging them to ban pirate sites. In addition they will approach major players with “specific asks and proposed best practices” to deter piracy.

Site blocking: Expand site blocking efforts in the UK and other countries where it’s supported by law. In other countries, including the U.S., the MPAA will investigate whether blockades are an option through existing principles of law.

Domain seizures: The MPAA is slowly moving toward domain seizures of pirate sites. This strategy is being carefully tested against sites selling counterfeit products using trademark arguments.

Site scoring services: Developing a trustworthy site scoring system for pirate sites. This can be used by advertisers to ban rogue sites. In the future this can be expanded to payment processors, domain name registrars, hosting providers and search engines, possibly with help from the government.

Copyright Notices: The MPAA intends to proceed with the development of the UK Copyright Alert System, and double the number of notices for the U.S. version. In addition, the MPAA wants to evaluate whether the U.S. Copyright Alert System can expand to mobile carriers.

Mid and low priority

BitTorrent is categorized as a medium priority. The MPAA wants to emphasize the role of BitTorrent in piracy related apps, such as Popcorn Time. In addition, illegal torrent sites will be subject to site blocking and advertising bans.

BitTorrent strategy
mpaa-bittorrent-strategy

Other medium and low priorities are:

Search: Keep putting pressure on search engines and continue periodic research into its role in facilitating piracy. In addition, the MPAA will support third-party lawsuits against search engines.

Hosting: The MPAA sees Cloudflare as a problem and is developing a strategy of how to deal with the popular hosting provider. Lawsuits against hosting providers are also in the agenda.

Link sites: Apart from potential civil lawsuits in Latin America, linking sites will only be targeted if they become “particularly problematic.”

In the email the MPAA’s top executive does not consider the above strategies to be “final” or “set in stone”. How much the MPAA will be able to carry out with its partners depends on funds being availble, which appears to be a subtle reminder that the studios should keep their payments coming.

“…the attached represents priorities and activities presuming online CP is adequately resourced. Your teams understand that, depending upon how the budget process plays out, we may need to lower priorities and activities for many sources of piracy and/or antipiracy initiatives,” the email reads.

The leaked strategy offers a unique insight into Hollywood’s strategy against various forms of online infringement.

It exposes several key priorities that were previously unknown. The MPAA’s strong focus on domain name seizures for example, or the plans to target cyberlockers with lawsuits in the UK, Germany and Canada.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: MPAA Prepares to Bring Pirate Site Blocking to the U.S.

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

mpaa-logoSite blocking has become one of the go-to anti-piracy techniques for the music and movie industries. Mechanisms to force ISPs to shut down subscriber access to “infringing” sites are becoming widespread in Europe but have not yet gained traction in the United States.

If the Stop Online Piracy Act had been introduced, U.S. blocking regimes might already be in place but the legislation was stamped down in 2012 following a furious public and technology sector revolt. Behind closed doors, however, blocking proponents were simply waiting for the storm to die down.

TorrentFreak has learned that during 2013 the MPAA and its major studio partners began to seriously consider their options for re-introducing the site blocking agenda to the United States. Throughout 2014 momentum has been building but with no real option to introduce new legislation, the MPAA has been looking at leveraging existing law to further its aims.

Today we can reveal that the MPAA has been examining four key areas.

DMCA

According to TF sources familiar with the plan, the MPAA began by exploring the possibility of obtaining a DMCA 512(j) blocking injunction without first having to establish that an ISP is also liable for copyright infringement.

To get a clearer idea the MPAA commissioned an expert report from a national lawfirm with offices in Chicago, Dallas, New York and Washington, DC. Returned in July, the opinion concluded that a U.S. court would “likely” require a copyright holder to establish an ISP as secondarily liable before granting any site-blocking injunction.

This option might be “difficult” and financially costly, the law firm noted.

Rule 19 of the Federal Rules of Civil Procedure

Rule 19 – ‘Required Joinder of Parties’ – is also under consideration by the MPAA as a way to obtain a blocking injunction against an ISP. In common with the DMCA option detailed above, the MPAA hopes that a blocking order might be obtained without having to find an ISP liable for any wrongdoing.

The MPAA is considering a situation in which they obtain a judgment finding a foreign “rogue” site guilty of infringement but one whose terms the target rogue site has failed to abide by. Rule 19 could then be used to join an ISP in the lawsuit against the rogue site without having to a) accuse the ISP of wrongdoing or b) issue any claims against it.

The same lawfirm again provided an expert opinion, concluding that the theory was “promising, but largely untested.”

Using the ITC to force ISPs to block ‘pirate’ sites

Among other things the United States International Trade Commission determines the impact of imports on U.S. industry. It also directs action on unfair trade practices including those involving patents, trademarks and copyright infringement.

The MPAA has been examining two scenarios. The first involves site-blocking orders against “transit” ISPs, i.e those that carry data (infringing content) across U.S. borders. The second envisions site-blocking orders against regular ISPs to stop them providing access to “rogue” sites.

Again, the same lawfirm was asked for its expert opinion. In summary its lawyers found that scenario one presented significant technical hurdles. Scenario two might be feasible, but first ISPs would have to be found in violation of Section 337.

“Section 337 declares the infringement of certain statutory intellectual property rights and other forms of unfair competition in import trade to be unlawful practices,” the section reads (pdf).

The lawfirm’s August report highlights several potential issues. One noted that an injunction against a domestic ISP would effectively stop outbound requests to “rogue” sites when it is in fact “rogue” sites’ inbound traffic that is infringing. Also at issue is sites that don’t “import” content themselves but merely offer links to such content (torrent sites, for example).

Nevertheless, the general conclusion is that if a clear relationship between the linking sites and the infringing content can be established, the ITC may take the view that the end result still amounts to “unfair competition” and “unfair acts” during importation of articles.

The Communications Act

Details on this final MPAA option involves the Communications Act and how it is perceived by the Federal Communications Commission and the Supreme Court.

The scenario balances on the MPAA’s stance that ISPs have taken the “public position” that they are not “telecommunications services”. When the position of the ISPs and opinions of the FCC and Supreme Court are combined, the MPAA wonders whether the ISPs could become vulnerable.

The scenario under discussion is one in which ISPs are not eligible for safe harbor as DMCA 512(a) “conduits” since the DMCA definition of a conduit is the same as the Communications Act’s definition of “telecommunications service” provider.

Major meeting two months ago

TorrentFreak sources reveal that a large meeting consisting of more than two dozen studio executives took place in October to discuss all aspects of site-blocking. A senior engineer from U.S. ISP Comcast was also invited.

On the agenda was a wide range of topics including bringing on board “respected” people in the technology sector to agree on technical facts and establish policy support for site blocking.

Other suggestions included encouraging academics to publish research papers with a narrative that site blocking elsewhere in the world has been effective, is not a threat to DNSSEC, and has not “broken the Internet”.

Conclusion

In June, MPAA chief and former U.S. Senator Chris Dodd praised pirate site blockades as one of the most important anti-piracy measures, and in August a leaked draft revealed MPAA research on the topic.

The big question now is whether the studios’ achievements in Europe will be mirrored in the United States – without a SOPA-like controversy alongside. While the scale is unlikely to be the same, opposition is likely to be vigorous.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

SANS Internet Storm Center, InfoCON: green: GMail quirk used to subvert website spam tracking, (Wed, Dec 10th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Yesterday while reviewing our logs here at the SANS Internet Storm Center I stumbled upon these:

login failed for s.ervic.d.157.6@gmail.com
login failed for se.rv.icd.15.76@gmail.com
login failed for r.a.mo.s.odalys.33.3@gmail.com
login failed for sho.ppin.g48service@gmail.com

The reason this caught my eye is because I recall reading that GMail ignores periods in email addresses. For example, if I register alexs12345@gmail.com but then begin sending email to a.l.e.x.s.1.2.3.4.5@gmail.com, it will arrive in my new inbox despite the additional periods.

Many blog and forum platforms have functionality for banning by email address. Spammers can use the periods in GMail addresses to subvert such banning controls by registering again without having to produce a truly new email address. Do your systems and/or websites allow for registering multiple accounts this way?

Where this becomes more interesting is that these logs indicate visitors that tried to log in using these email addresses without having even attempted to register them first. None of the above logs come from a single IP address, though the first two do come from a single IP range. Is this due to a poorly programmed bot, or is it indicative of something else?

Let us know what you think in the comments!


Alex Stanford – GIAC GWEB GSEC,
Research Operations Manager,
SANS Internet Storm Center
/in/alexstanford

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SANS Internet Storm Center, InfoCON: green: Microsoft Patch Tuesday – December 2014, (Tue, Dec 9th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Overview of the December 2014 Microsoft patches and their status.

# Affected Contra Indications – KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege
(Replaces MS13-105)
Microsoft Exchange

CVE-2014-6319
CVE-2014-6325
CVE-2014-6326
CVE-2014-6336

KB 3009712 . Severity:Important
Exploitability:
N/A Important
MS14-080 Cumulative Security Update for Internet Explorer
(Replaces MS14-065)
Microsoft Windows, Internet Explorer
CVE-2014-6327, CVE-2014-6328, CVE-2014-6329, CVE-2014-6330, CVE-2014-6363, CVE-2014-6365, CVE-2014-6366, CVE-2014-6368, CVE-2014-6369, CVE-2014-6373, CVE-2014-6374, CVE-2014-6375, CVE-2014-6376, CVE-2014-8966
KB 3008923 . Severity:Critical
Exploitability:
Critical Critical
MS14-081 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution
(Replaces MS14-017 MS14-061 MS14-069)
Microsoft Office

CVE-2014-6356
CVE-2014-6357

KB 3017301 . Severity:Critical
Exploitability:
Critical Important
MS14-082 Vulnerability in Microsoft Office Could Allow Remote Code Execution
(Replaces MS09-060)
Microsoft Office

CVE-2014-6364

KB 3017349 . Severity:Important
Exploitability:
Critical Important
MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(Replaces MS13-085)
Microsoft Office

CVE-2014-6360
CVE-2014-6361

KB 3017347 . Severity:Important
Exploitability:
Critical Important
MS14-084 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
(Replaces MS14-011)
Microsoft Windows

CVE-2014-6363

KB 3016711 . Severity:Critical
Exploitability:
Critical Critical
MS14-085 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure
Microsoft Windows

CVE-2014-6355

KB 3013126 vuln. public. Severity:Important
Exploitability:
Important Important
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating

  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become interesting”>Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.


Alex Stanford – GIAC GWEB GSEC
Research Operations Manager,
SANS Internet Storm Center

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Schneier on Security: NSA Hacking of Cell Phone Networks

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

The Intercept has published an article — based on the Snowden documents — about AURORAGOLD, an NSA surveillance operation against cell phone network operators and standards bodies worldwide. This is not a typical NSA surveillance operation where agents identify the bad guys and spy on them. This is an operation where the NSA spies on people designing and building a general communications infrastructure, looking for weaknesses and vulnerabilities that will allow it to spy on the bad guys at some later date.

In that way, AURORAGOLD is similar to the NSA’s program to hack sysadmins around the world, just in case that access will be useful at some later date; and to the GCHQ’s hacking of the Belgian phone company Belgacom. In both cases, the NSA/GCHQ is finding general vulnerabilities in systems that are protecting many innocent people, and exploiting them instead of fixing them.

It is unclear from the documents exactly what cell phone vulnerabilities the NSA is exploiting. Remember that cell phone calls go through the regular phone network, and are as vulnerable there as non-cell calls. (GSM encryption only protects calls from the handset to the tower, not within the phone operators’ networks.) For the NSA to target cell phone networks particularly rather than phone networks in general means that it is interested in information specific to the cell phone network: location is the most obvious. We already know that the NSA can eavesdrop on most of the world’s cell phone networks, and that it tracks location data.

I’m not sure what to make of the NSA’s cryptanalysis efforts against GSM encryption. The GSM cellular network uses three different encryption schemes: A5/1, which has been badly broken in the academic world for over a decade (a previous Snowden document said the NSA could process A5/1 in real time — and so can everyone else); A5/2, which was designed deliberately weak and is even more easily broken; and A5/3 (aka KASUMI), which is generally believed to be secure. There are additional attacks against all A5 ciphers as they are used in the GSM system known in the academic world. Almost certainly the NSA has operationalized all of these attacks, and probably others as well. Two documents published by the Intercept mention attacks against A5/3 — OPULENT PUP and WOLFRAMITE — although there is no detail, and thus no way to know how much of these attacks consist of cryptanalysis of A5/3, attacks against the GSM protocols, or attacks based on exfiltrating keys. For example, GSM carriers know their users’ A5 keys and store them in databases. It would be much easier for the NSA’s TAO group to steal those keys and use them for real-time decryption than it would be to apply mathematics and computing resources against the encrypted traffic.

The Intercept points to these documents as an example of the NSA deliberately introducing flaws into global communications standards, but I don’t really see the evidence here. Yes, the NSA is spying on industry organizations like the GSM Association in an effort to learn about new GSM standards as early as possible, but I don’t see evidence of it influencing those standards. The one relevant sentence is in a presentation about the “SIGINT Planning Cycle”: “How do we introduce vulnerabilities where they do not yet exist?” That’s pretty damning in general, but it feels more aspirational than a statement of practical intent. Already there are lots of pressures on the GSM Association to allow for “lawful surveillance” on users from countries around the world. That surveillance is generally with the assistance of the cell phone companies, which is why hacking them is such a priority. My guess is that the NSA just sits back and lets other countries weaken cell phone standards, then exploits those weaknesses.

Other countries do as well. There are many vulnerabilities in the cell phone system, and it’s folly to believe that only the NSA and GCHQ exploits them. And countries that can’t afford their own research and development organization can buy the capability from cyberweapons arms manufacturers. And remember that technology flows downhill: today’s top-secret NSA programs become tomorrow’s PhD theses and the next day’s hacker tools.

For example, the US company Verint sells cell phone tracking systems to both corporations and governments worldwide. The company’s website says that it’s “a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance,” with clients in “more than 10,000 organizations in over 180 countries.” The UK company Cobham sells a system that allows someone to send a “blind” call to a phone — one that doesn’t ring, and isn’t detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter. The company boasts government customers in Algeria, Brunei, Ghana, Pakistan, Saudi Arabia, Singapore, and the United States. Defentek, a company mysteriously registered in Panama, sells a system that can “locate and track any phone number in the world…undetected and unknown by the network, carrier, or the target.” It’s not an idle boast; telecommunications researcher Tobias Engel demonstrated the same capability at a hacker conference in 2008. Criminals can purchase illicit products to let them do the same today.

As I keep saying, we no longer live in a world where technology allows us to separate communications we want to protect from communications we want to exploit. Assume that anything we learn about what the NSA does today is a preview of what cybercriminals are going to do in six months to two years. That the NSA chooses to exploit the vulnerabilities it finds, rather than fix them, puts us all at risk.

This essay has previously appeared on the Lawfare blog.

TorrentFreak: Aussie Pirates Face Site Blocking, But No Disconnections

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

For many years Australia has been struggling with a reputation for being a nation of file-sharing pirates and throughout the summer the most serious debate thus far consumed the nation.

Leading the charge were rightsholders who tabled demands for ISPs to take greater responsibility for their subscribers, under weight of legislation if necessary.

Once this liability had been clearly established, rightsholders argued that ISPs should be forced to send notices to their subscribers. These would warn customers that their connections were being used for piracy and that consequences, including the slowing down or disconnection of Internet services, would follow.

Finally, copyright holders sought a formal ‘pirate’ site blocking mechanism. This would allow individual domains to be targeted by legal action in order to have them rendered inaccessible to Australians.

After intense debate it appears that a watered-down version of the rightsholders wish-list will today be presented to the Australian Cabinet. According to Fairfax, Attorney-General George Brandis and Communications Minister Malcolm Turnbull will present the reforms to colleagues during the final meeting of the year.

According to the report, new punishments for Internet downloaders are not part of the proposals, meaning that calls for connection throttling and account suspensions are off the table. Downloaders won’t get a completely free ride though.

The ministers’ proposals envision ISPs and rightsholders working together on a voluntary code aimed at educating consumers who persist in sharing files without permission.

Administered by telecoms regulator the Australian Communications and Media Authority, the code would see entertainment companies monitoring and gathering information on Internet users who share copyrighted material using BitTorrent. That information would be sent to ISPs who would then be required to forward written notices to subscribers informing them they are breaching copyright.

Of course, entertainment companies and ISPs have been here several times before, with negotiations on this very topic breaking down time and again on various issues, including who will pay to implement the scheme. This time, however, the government is threatening to legislate if agreement can’t be reached and if that happens ISPs might find themselves less well off.

While they are likely to negotiate hard, it may be in ISPs interests to reach some kind of agreement. The proposals for “extended authorization liability” – holding ISPs responsible for users’ piracy – appear to be off the table, at least for now, and the last thing they need is for that to rear its head again.

But whatever happens on those fronts, ISPs will still find themselves in the spotlight on another matter – the controversial issue of site blocking.

Today, Brandis and Turnbull will ask the Cabinet to approve the development of a new legal mechanism which will allow rightsholders to obtain site blocking injunctions against ISPs. If approved, movie companies like Village Roadshow will be able to head off to court and have sites like The Pirate Bay blocked by all the major ISPs without too much difficulty.

The news of these proposals to Cabinet comes a day after consumer group Choice published the results of a survey which found that 67% of Australians have never pirated movies or TV shows online.

Of the 33% that do, half said their motivation was high prices, while 41% complained that content takes too long to arrive in Australia. The research found that 55% of consumers try to obtain content legally before turning to pirate sources.

In common with other similar studies, Choice also found that regular pirates are also avid consumers of legitimate content. Of those who pirate at least once a month, 56% will pay to go to the movies, a figure that drops to 36% for the non-pirating group.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

LWN.net: Kocialkowski: A hacker’s journey: freeing a phone from the ground up, first part

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Paul Kocialkowski shares
his experience
with porting Replicant to the LG Optimus Black.
Every once in a while, an unexpected combination of circumstances
ends up enabling us to do something pretty awesome. This is the story of
one of those times. About a year ago, a member of the Replicant community
started evaluating a few targets from CyanogenMod and noticed some
interesting ones. After some early research, he picked a device: the LG
Optimus Black (P970), bought one and started porting Replicant to it. After
a few encouraging results, he was left facing issues he couldn’t overcome
and decided to give up with the port. As the device could still be an
interesting target for Replicant, we decided to buy the phone from him so
that I could pick up the work where he stalled.
” (Thanks to Paul Wise)

TorrentFreak: UK Users Need 27 Services to Get Most Popular Films, Report Finds

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

filmDuring September a new media availability report hit the United States, shouting loudly about how most popular content is legally accessible online.

Released by research company KPMG and commissioned by NBC Universal, the report was praised by the MPAA and other similarly interested parties. Supporters said that the study provided yet more proof that studios are fulfilling their part of the consumer bargain by making content widely available.

Less than three months on and KPMG has just published the results of a second study into availability of content online. In common with the US-focused September report, ‘UK Availability of Film and TV Titles in the Digital Age’ was also commissioned by NBC Universal.

The study examined UK availability of the most popular film and TV titles across legal digital streaming and download services and according to KPMG, things looked good.

“This report found that the vast majority of the most popular and critically acclaimed film and television content is available from legal digital platforms,” the report begins.

The study found that as of December 2013, almost nine out of 10 of the 756 films reviewed were indeed available from online video services, which does sound like a great start.

When 2012′s box office hits were examined 100% were available online, dropping slightly to 98% for those released in 2011. All-time box office hits also had good exposure, with 96% available online. Even 2013′s top 100 hits fared well, with 77% available digitally.

These stats are admittedly a fairly impressive read, but the details take off some the shine. Accessing content online should be a relatively painless affair, but UK film fans are going to need quite a lot of patience if they want the broadest possible choice.

In fact, in order to access content at the levels detailed above, users will need to use to more than two dozen services, 27 to be precise.

“As at December 2013, 86% of the 756 unique films reviewed were
available via online video on demand distribution on at least one of the 27 service offerings studied,” the report reads.

When the researchers required that titles must be found on 5 out of 27 services, overall availability drops to 73%, meaning that more than a quarter of popular content is missing, even for consumers with five separate online movie accounts.

In the US version of the KPMG report, notable was the poor availability of content on services such as Netflix. The findings showed that just 16% of the films studied were available through on-demand subscription services (SVOD). The UK does quite a bit better.

“A relatively lower proportion of the most popular and critically acclaimed films were offered under the SVOD model (39%),” KPMG found.

uk-kpmg

The UK online subscription market has grown quickly over the past couple of years fueled largely by Netflix. Ofcom’s Communications Market Report 2014 revealed that revenue for online subscriptions for audio-visual content reached £111.7m in 2013, up from £63.5m in the previous 12 months.

Moving forward, Netflix’s growth faces similar challenges to that of its US-based service. According to KPMG, six out of 10 times consumers will not find the popular content they are looking for, meaning that additional payments to other services will be required.

The other issues relate to reducing piracy. While having content around 60% of the time is better than nothing, most pirated titles are recent releases that simply aren’t available on Netflix, iTunes, Amazon or other similar services.

And as far as Joe Public signing up to as many as 27 services in order to access most popular content, that isn’t going to happen in a hurry. An almost fully-comprehensive Spotify for movies might be a while off, but bringing one to market would simplify matters no end.

The report can be downloaded here.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

SANS Internet Storm Center, InfoCON: green: Google App Engine Java Security Sandbox bypasses, (Sat, Dec 6th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Adam Gowdiakfrom Polish vulnerability research company Security Explorations has issued an announcement concerningvulnerabilites in the Google App Engine. Details are still somewhat thin, but it appears that multiple vulnerabilities have been discovered and thatsome of these vulnerabilities will allowa Java VM sandbox escape.

Further information is available at Full Disclosure archive at seclists.org.

– Rick Wanner – rwanner at isc dot sans dot org – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: Sony Movies Leak Online After Hack Attack

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

sonyThe company is certainly no stranger to security issues but this week has been particularly miserable even by Sony’s ‘high’ standards.

Hacked on Monday by a group calling themselves the Guardians of Peace, Sony Pictures’ systems remain down today, a sign of the situation’s gravity.

While the attack appears to be aimed at punishing Sony for its actions in the past, reports suggest that the attackers also made off with an estimated 11,000 gigabytes of files. Seriously upping the ante, the hackers warned Sony that “sensitive” data would be released into the wild if their demands were not met.

sony-gop

A thread on Reddit has been piecing together details of what information could have been obtained and it’s not pretty. Documents containing passport and visa information for cast and crew working on Sony movies, Outlook inboxes, documents detailing the company’s IT systems plus accounting and research information appear to be just the tip of what could be a gigantic data iceberg.

Since this is Sony Pictures it will come as no surprise that video files are also reported as being part of the hackers’ booty. Interestingly the first reports detailed pirated TV shows which may have been downloaded by Sony staff.

Adventure Time-2x04a-Power Animal.avi
Adventure Time Her Parents.avi
Adventure Time The Silent King.avi
Adventure Time-2x09b-Susan Strong.avi
Adventure Time-2x11a-Belly of the Beast.avi
Human.Planet.S01E05.720p.BluRay.x264-SHORTBREHD.mkv
Human.Planet.S01E02.720p.BluRay.x264-SHORTBREHD.mkv
Human.Planet.S01E06.720p.BluRay.x264-SHORTBREHD.mkv
Human.Planet.S01E03.720p.BluRay.x264-SHORTBREHD.mkv
Human.Planet.S01E04.720p.BluRay.x264-SHORTBREHD.mkv
Human.Planet.S01E01.720p.BluRay.x264-SHORTBREHD.mkv
Human.Planet.S01E07.720p.BluRay.x264-SHORTBREHD.mkv

But while Sony desperately tried to get its systems back online and figure out what had been taken, mid-week and within minutes of each other, DVD screener copies of four Sony movies began appearing online. Making matters worse, just one has been officially released in the United States. They are:

Still Alice‘ starring Julianne Moore, Alec Baldwin (US date: Jan 16, 2015)

Mr Turner‘ starring Timothy Spall. (US date: Dec 19, 2014)

Annie‘ starring Jamie Foxx and Cameron Diaz. (US date: Dec 19, 2014)

Fury‘ starring Brad Pitt (US date: Oct 17, 2014)

In the absence of any useful comment from Sony there’s little to officially link the leaks with Monday’s hack attack. However, a page on popular torrent site 1337x reveals that a user uploaded these and another upcoming Sony movie (‘To Write Love on Her Arms’ – US release date March 2015) on Wednesday or Thursday with a naming convention highlighting Sony.

god-movie

While all of the leaked titles are proving popular, the Sony-watermarked ‘Fury’ is way out in front and currently the second most downloaded movie among Pirate Bay users.

sony-water

Finally, among the thousands of files taken from Sony there are other items of interest to piracy watchers. The files detailed below appear to relate to the automatic content recognition systems operated by anti-piracy company Audible Magic.

audible_magic_sftp_private_key.ppk
audible_magic_sftp_private_key.ppk
set_ssh-private-key-file.htm
audible_magic_sftp_private_key.ppk
private_and_private_key.txt

Whether more Sony movies will appear online in the days to come remains to be seen, but the fallout from this week’s hack will send shockwaves through the company for months to come.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Raspberry Pi: Art Showcase: A Knight’s Peril

This post was syndicated from: Raspberry Pi and was written by: Rachel Rayns. Original post: at Raspberry Pi

Rachel here! I love castles. I really love castles. When I was in primary school I would do projects about castles in my spare time – just for fun. I would make wooden swords and reenact battles with my best friend too – Anyway – This week we came across a fantastic application of Raspberry Pi to make a National Trust medieval castle come alive undead. I’ll hand you over to the National Trust and Splash and Ripple, the creative agency behind the work, who explain more about what they’re doing.

Medieval castle haunted using technology with a twist

With its world-first adventure experience “A Knight’s Peril’, Bodiam Castle in East Sussex is quietly revolutionising what people expect from a day out at a National Trust property.

When a company that describes itself as ‘Architects of Extraordinary Adventures’ claims to have revolutionised history interpretation through haunting a 14th century castle, you would expect some kind of technical wizardry to be centre stage. It would be easy to assume they’ve come up with another smartphone app or gamified tablet experience.

england-bodiam-castle_102885-1920x1200

Intriguingly however, they have chosen an opposite track. Splash & Ripple have taken Arthur C Clarke’s declaration that “any sufficiently advanced technology is indistinguishable from magic” as a guiding principal in creating their latest adventure.

The result is digital heritage interpretation turned on its head. They’ve taken the magical abilities of pioneering technology and housed them in the theatrical disguise of a beautifully crafted ‘Echo Horn’.

3 Horns8

The extra ‘magic’ of an Echo Horn actually creates a more convincing experience, in a medieval castle, than a distracting tablet app or audio guide ever could. It intuitively fits the feel of the beautiful 14th century Bodiam castle as you cross its moat and gaze at its stony ramparts, listening to the echoes you’ve caught with it. The beautiful sounds create a deeply evocative group experience, which enhances rather than distracts from the experience of being in the castle.

Visitors carry the Echo Horn with them around the castle in an interactive audio investigation. They must use it to listen in on medieval conversations trapped in the castle walls in order to identify and stop a murderer before it’s too late.

A-family-try-out-A-Knight's-Peril,-close-up-copyright-NT,-Andrew-Dyer

It’s effectively a choose-your-own adventure radio play where visitors’ actions, defined by who they follow and who they accuse, affect the ending of their story. This encourages an active exploration of the historical content, which requires visitors to think about what life was like, rather than passively accept an authoritative interpretation.

New historical research on the castle, which informed the creation of the script, was done in partnership with University of West of England History department.

The experience is being specially showcased at Bodiam castle by the creative team on 4th Dec. It has been a year in the making, and is now available to the castle’s 180,000 yearly visitors for at least the next 12 months.

3 Horns7

Players use an ancient map to navigate the castle, searching for seals that have emerged from the castle walls. These seals contain hidden RFID chips. Each echo horn contains a Raspberry Pi, a Mini Rig and RFID reader.

AKP_echo_horn_tech_07

3 Horns4

AKP_echo_horn_tech_03

Rachel again: thanks guys! We love it – I’m looking at organising an office awayday so we can play with the horns ourselves.

 

 

Schneier on Security: “Cooperating with the Future”

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

This is an interesting paper — the full version is behind a paywall — about how we as humans can motivate people to cooperate with future generations.

Abstract: Overexploitation of renewable resources today has a high cost on the welfare of future generations. Unlike in other public goods games, however, future generations cannot reciprocate actions made today. What mechanisms can maintain cooperation with the future? To answer this question, we devise a new experimental paradigm, the ‘Intergenerational Goods Game’. A line-up of successive groups (generations) can each either extract a resource to exhaustion or leave something for the next group. Exhausting the resource maximizes the payoff for the present generation, but leaves all future generations empty-handed. Here we show that the resource is almost always destroyed if extraction decisions are made individually. This failure to cooperate with the future is driven primarily by a minority of individuals who extract far more than what is sustainable. In contrast, when extractions are democratically decided by vote, the resource is consistently sustained. Voting is effective for two reasons. First, it allows a majority of cooperators to restrain defectors. Second, it reassures conditional cooperators that their efforts are not futile. Voting, however, only promotes sustainability if it is binding for all involved. Our results have implications for policy interventions designed to sustain intergenerational public goods.

Here’s a Q&A with and essay by the author. Article on the research.

Errata Security: The Pando Tor conspiracy troll

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

Tor, also known as The Onion Router, bounces your traffic through several random Internet servers, thus hiding the source. It means you can surf a website without them knowing who you are. Your IP address may appear to be coming from Germany when in fact you live in San Francisco. When used correctly, it prevents eavesdropping by law enforcement, the NSA, and so on. It’s used by people wanting to hide their actions from prying eyes, from political dissidents, to CIA operatives, to child pornographers.

Recently, Pando (an Internet infotainment site) released a story accusing Tor of being some sort of government conspiracy.

This is nonsense, of course. Pando’s tell-all exposé of the conspiracy contains nothing that isn’t already widely known. We in the community have long joked about this. We often pretend there is a conspiracy in order to annoy uptight Tor activists like Jacob Appelbaum, but we know there isn’t any truth to it. This really annoys me — how can I troll about Tor’s government connections when Pando claims there’s actually truth to the conspiracy?

The military and government throws research money around with reckless abandon. That no more means they created Tor than it means they created the Internet back in the 1970s. A lot of that research is pure research, intended to help people. Not everything the military funds is designed to kill people.

There is no single “government”. We know, for example, that while some in government paid Jacob Appelbaum’s salary, others investigated him for his Wikileaks connections. Different groups are often working at cross purposes — even within a single department.

A lot of people have ties to the government, including working for the NSA. The NSA isn’t some secret police designed to spy on Americans, so a lot of former NSA employees aren’t people who want to bust privacy. Instead, most NSA employees are sincere in making the world a better place — which includes preventing evil governments from spying on dissidents. As Snowden himself says, the NSA is full of honest people doing good work for good reasons. (That they’ve overstepped their bounds is a problem — but that doesn’t mean they are the devil).

Tor is based on open code and math. It really doesn’t matter what conspiracy lies behind it, because we can see the code. It’s like BitCoin — we know there is a secret conspiracy behind it, with the secretive Satoshi Nakamoto owning a billion dollars worth of the coins. But that still doesn’t shake our faith in the code and the math.

Dissidents use Tor — successfully. We know that because the dissidents are still alive. Even if it’s a secret conspiracy by the U.S. government, it still does what its supporters want, helping dissidents fight oppressive regimes. In any case, Edward Snowden, who had access to NSA secrets, trusts his own life to Tor.

Tor doesn’t work by magic. I mention this because the Pando article lists lots of cases where Tor failed to protect people. The reasons were unlikely to have been flaws in Tor itself, but appear to have been other more natural causes. For example, the Silk Road server configuration proves it was open to the Internet as well as through Tor, a rookie mistake that revealed its location. The perfect concealment system can’t work if you sometimes ignore it. It’s like blaming the Pill for not preventing pregnancy because you took it only on some days but not others. Thus, for those of us who know technically how things work, none of the cases cited by Pando shake our trust in Tor.

I’m reasonably technical. I’ve read the Tor spec (though not the code). I play with things like hostile exit nodes. I fully know Tor’s history and ties to the government. I find nothing in the Pando article that is credible, and much that is laughable. I suppose I’m guilty of getting trolled by this guy, but seriously, Pando pretends not to be a bunch of trolls, so maybe this deserves a response.

TorrentFreak: Fail: MPAA Makes Legal Content Unfindable In Google

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

wheretowatchThe entertainment industries have gone head to head with Google in recent months, demanding tougher anti-piracy measures from the search engine.

According to the MPAA and others, Google makes it too easy for its users to find pirated content. Instead, they would prefer Google to downrank sites such as The Pirate Bay from its search results or remove them entirely.

A few weeks ago Google took additional steps to decrease the visibility of pirated content, but the major movie studios haven’t been sitting still either.

Last week MPAA announced the launch of WhereToWatch.com, a website that lists where movies and TV-shows can be watched legally.

“WheretoWatch.com offers a simple, streamlined, comprehensive search of legitimate platforms – all in one place. It gives you the high-quality, easy viewing experience you deserve while supporting the hard work and creativity that go into making films and shows,” the MPAA’s Chris Dodd commented.

At first glance WhereToWatch offers a rather impressive database of entertainment content. It even features TorrentFreak TV, although this is listed as “not available” since the MPAA’s service doesn’t index The Pirate Bay.

Overall, however, it’s a decent service. WhereToWatch could also be an ideal platform to beat pirate sites in search results, something the MPAA desperate wants to achieve.

Sadly for the MPAA that is only a “could” since Google and other search engines currently have a hard time indexing the site. As it turns out, the MPAA’s legal platform isn’t designed with even the most basic SEO principles in mind.

For example, if Google visits the movie overview page all links to individual pages are hidden by Javascript, and the search engine only sees this. As a result, movie and TV-show pages in the MPAA’s legal platform are invisible to Google.

Google currently indexes only one movie page, which was most likely indexed through an external link. With Bing the problem is just as bad.

wtw-google

It’s worth noting that WhereToWatch doesn’t block search engines from spidering its content through the robots.txt file. It’s just the coding that makes it impossible for search engines to navigate and index the site.

This is a pretty big mistake, considering that the MPAA repeatedly hammered on Google to feature more legal content. With some proper search engine optimization (SEO) advice they can probably fix the problem in the near future.

Previously Google already offered SEO tips to copyright holders, but it’s obvious that the search engine wasn’t consulted in this project.

To help the MPAA on its way we asked isoHunt founder Gary Fung for some input. Last year Fung lost his case to the MPAA, forcing him to shut down the site, but he was glad to offer assistance nonetheless.

“I suggest MPAA optimize for search engine keywords such as ‘download ‘ and ‘torrent ‘. For some reason when people google for movies, that’s what they actually search for,” Fung tells us.

A pretty clever idea indeed, as the MPAA’s own research shows that pirate-related search terms are often used to “breed” new pirates.

Perhaps it’s an idea for the MPAA to hire Fung or other “industry” experts for some more advice. Or better still, just look at how the popular pirate sites have optimized their sites to do well in search engines, and steal their work.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

LWN.net: EFF: Let’s Encrypt

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

The Electronic Frontier Foundation (EFF) is helping to launch a new
non-profit organization that will offer free server certificates
beginning in summer 2015. “Let’s
Encrypt is a new free certificate authority, which will
begin issuing server certificates in 2015. Server
certificates are the anchor for any website that wants to
offer HTTPS and encrypted traffic, proving that the server
you are talking to is the server you intended to talk to.
But these certificates have historically been expensive, as
well as tricky to install and bothersome to update. The
Let’s Encrypt authority will offer server certificates at
zero cost, supported by sophisticated new security
protocols. The certificates will have automatic enrollment
and renewal, and there will be publicly available records
of all certificate issuance and revocation.
” Let’s Encrypt will be
overseen by the Internet Security Research Group (ISRG), a California
public benefit corporation.

TorrentFreak: MPAA Pays University $1,000,000 For Piracy Research

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

mpaa-logoLast week the MPAA submitted its latest tax filing covering 2013. While there are few changes compared to previous years there is one number that sticks out like a sore thumb.

The movie industry group made a rather sizable gift of $912,000 to Carnegie Mellon University, a figure that neither side has made public before.

This brings the MPAA’s total investment in the University over the past two years to more than a million dollars.

The money in question goes to the University’s “Initiative for Digital Entertainment Analytics” (IDEA) that researches various piracy related topics. During 2012 MPAA also contributed to the program, albeit significantly less at $100,000.

TF contacted IDEA co-director Rahul Telang, who told us that much of the money is spent on hiring researchers and, buying data from third parties and covering other research related expenses.

“For any substantial research program to progress it needs funding, and needs access to data and important stakeholders who care about this research. IDEA center has benefited from this funding significantly,” he says, emphasizing that the research applies to academic standards.

“All research is transparent, goes through academic peer review, and published in various outlets,” Telang adds.

While IDEA’s researchers operate independently, without an obligation to produce particular studies, their output thus far is in line with Hollywood’s agenda.

One study showed that the Megaupload shutdown boosted digital sales while another reviewed academic literature to show that piracy mostly hurts revenues. The MPAA later used these results to discredit an independent study which suggested that Megaupload’s closure hurt box office revenues.

Aside from countering opponents in the press, the MPAA also uses the research to convince lawmakers that tougher anti-piracy measures are warranted.

Most recently, an IDEA paper showed that search engines can help to diminish online piracy, an argument the MPAA has been hammering on for years.

The tax filing, picked up first by Variety, confirms a new trend of the MPAA putting more money into research. Earlier this year the industry group launched a new initiative offering researchers a $20,000 grant for projects that address various piracy related topics.

The MPAA sees academic research as an important tool in its efforts to ensure that copyright protections remain in place, or are strengthened if needed.

“We want to enlist the help of academics from around the world to provide new insight on a range of issues facing the content industry in the digital age,” MPAA CEO and former U.S. Senator Chris Dodd said at the time.

The movie industry isn’t alone in funding research for ‘political’ reasons. Google, for example, heavily supports academic research on copyright-related projects in part to further its own agenda, as do many other companies.

With over a million dollars in Hollywood funding in their pocket, it’s now up to IDEA’s researchers to ensure that their work is solid.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Schneier on Security: The NSA’s Efforts to Ban Cryptographic Research in the 1970s

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

New article on the NSA’s efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman.

Schneier on Security: Pew Research Survey on Privacy Perceptions

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Pew Research has released a new survey on American’s perceptions of privacy. The results are pretty much in line with all the other surveys on privacy I’ve read. As Cory Doctorow likes to say, we’ve reached “peak indifference to surveillance.”