This week`s dotCom News The new plague: Computer viruses that extort you The FBI cut off communication between the Cryptolockerransomware network and victims computers. But the virus lives on. Ransomware, a particularly annoying breed of computer virus, is spreading like the plague. This malware locks you out of your computer files until you pay up and it is proving incredibly difficult to exterminate. A major ransomware operation called Cryptolocker was supposedly halted by the FBI in May. Not so fast, security experts say. Its only a setback. Cryptolocker used a massive network of hijacked computers called a botnet to spread the virus. The FBI, foreign law enforcement and private security companies teamed up to cut off communication between that botnet and victims devices. They seized Cryptolockers servers and replaced them with their own. But as antivirus maker Bitdefender points out, all that accomplished was to stop Cryptolockers virus delivery system. Cryptolocker lives on, and its criminal masters just need to find a new botnet to start delivering viruses to new computers once again. If the criminals tweak the virus code and find a different set of servers, law enforcement is back at square one. All the attackers need to do is update the malware, said BogdanBotezatu, Bitdefenders senior threat analyst. In just nine months, Cryptolocker had kidnapped the files of 400,000 people -- most of them Americans. Victims were told to pay $300 within three days in order to receive the key to their files. Only a tiny fraction of them paid up, but the criminals still collected more than $4 million. This is a cyber stickup, said Julie Preiss, an executive at Damballa, a cybersecurity firm that assisted the FBI operation. Even after Cryptolocker was disrupted, victims can still pay the ransom. But without the ability to communicate with Cryptolockers network, the victims wont be able to get the keys to unlock their files. Those are gone forever. And now copycats are popping up just about everywhere. Who gets caught in the NSAs net? Cryptowall is the most widespread. Researchers at Dell SecureWorks took a tiny snapshot of the entire network and spotted 9,798 infected devices -- about half in the United States. Among the damage: computer files at a small towns police department in New Hampshire. SecureWorks researcher Keith Jarvis estimates Cryptowall is raking in about $150,000 a week. BitCrypt and CryptorBit found a sneaky way to avoid law enforcement by hiding the locations of the botnets servers. Researchers at ESET discovered a malware called Simplocker that hijacks files on Android devices. CryptoDefense is another raking in money. Stopping them wont be easy, said Stephen Cobb, a senior security researcher at ESET. The bad guys recognize that Ukraine or Thailand -- countries without effective governments at this point -- are great places for doing this stuff, he said. Dealing with the problem becomes a geopolitical thing. Google Glass wearers can steal your password Remember the kid who tried to cheat off you by looking over your shoulder to copy your test answers? Hes baaaack. But this time hes wearing Google Glass -- and hes after your iPad PIN. Cyber forensics experts at the University of Massachusetts in Lowell have developed a way to steal passwords entered on a smartphone or tablet using video from Googles face-mounted gadget and other video-capturing devices. The thief can be nearly ten feet away and doesnt even need to be able to read the screen -- meaning glare is not an antidote. The security researchers created software that maps the shadows from fingertips typing on a tablet or smartphone. Their algorithm then converts those touch points into the actual keys they were touching, enabling the researchers to crack the passcode. They tested the algorithm on passwords entered on an Apple (AAPL, Tech30) iPad,Googles (GOOGL, Tech30) Nexus 7 tablet, and an iPhone 5. Why should you be worried? Hacker makes encrypted message app The software can be applied to video taken on a variety of devices: Fu and his team experimented with Google Glass, cell phone video, a webcam and a camcorder. The software worked on camcorder video taken at a distance of over 140 feet. Of course, pointing a camcorder in a strangers face might yield some suspicion. The rise of wearable technology is what makes this approach actually viable. For example, a smartwatch could stealthily record a target typing on his phone at a coffee shop without drawing much attention. Fu says Google Glass is a game-changer for this kind of vulnerability. The major thing here is the angle. To make this attack successful the attacker must be able to adjust the angle to take a better video ... they see your finger, the password is stolen, Fu said. Google says that it designed Glass with privacy in mind, and it gives clear signals when it is being used to capture video. Unfortunately, stealing passwords by watching people as they type them into ATMs and laptops is nothing new, said a Google spokesman in an emailed statement. The fact that Glass is worn above the eyes and the screen lights up whenever its activated clearly signals its in use and makes it a fairly lousy surveillance device. CNNMoney put the researchers software to the test. We set up shop in our corporate cafeteria with the Google Glass-adorned security researcher 8.5 feet away from our iPad. Fu and his colleagues said they could identify the password with 100% certainty if they recorded the login process three times. They also tested it with the Google Glasses on a robot, just in case the head movement of the researcher proved to be an issue. In less than ten minutes they were able to accurately identify our password, 5-1-2-0. (It typically takes less time but CNNMoney Tech Correspondent Laurie Segall has short fingernails, which created less of a shadow for their software to analyze. They still got it right.) The major vulnerability Fus team identified is that keys are always in the same place on the keyboard. There are tools that can randomize the location of the keys on the keyboard so that a 9 might appear where a 1 is usually situated, but they are not common. The goal of work like this is to make such protections mainstream. The research will be presented next month at the Black Hat cybersecurity conference. Now this exists: A 3-D-printed drone Want to be the proud owner of a brand-new drone? Pretty soon, all youll need is a 3-D printer. Researchers in the United Kingdom successfully printed a working drone earlier this year. It took them less than 24 hours to make it. The vehicle, unveiled in March, is a remote-controlled glider about five feet wide that weighs just over four pounds and is composed of nine separate pieces that snap together. Why do we need 3-D printed drones? The team at Sheffield University says that in the future, the project could have applications from package deliveries to intelligence-gathering to search-and-rescue, with users able to tailor the vehicles to their own particular needs. The low production cost of the plastic drone might lead to the printing of 3-D unmanned aircraft that could be disposable and sent on one-way flights, the researchers said. Related: Meet QuiQui, the drug-delivering drone Soon, the researchers say theyd like to 3-D print a drone that uses a pair of electric fans for propulsion. Future iterations might even have the possibility of autonomous flight, using GPS technology. Selling luxury homes using drones The Sheffield experiment is just one example of how scientists are blending these new technologies to create quick access to hard-to-reach places. In May, the Aerial Robotics Lab at Imperial College London demonstrated a propeller-powered drone that carries its own 3-D printer. Engineers envision future versions of the vehicle flying into dangerous areas, then printing tools to, for example, seal off chemical spills, remove nuclear waste or repair damaged buildings. For now, those use cases are still in the hypothetical stage -- the Federal Aviation Administration still doesnt allow the use of drones for commercial purposes. The agency is working to stay abreast of the new technology, however. In December, it announced plans for a series of test sites with the goal of conducting the research necessary to safely integrate [unmanned aircraft systems] into the national airspace over the next several years. We have successfully brought new technology into the nations aviation system for more than 50 years, FAA administration Michael Huerta said at the time. I have no doubt we will do the same with unmanned aircraft. Isis mobile wallet rebrands to avoid confusion with Isis terrorist group Isis, the mobile wallet service founded by AT&T, Verizon and T-Mobile, has a branding problem. Isis CEO Michael Abbott said Monday that the firm is changing its name to avoid association with the Islamic State of Iraq and Syria, the terror group frequently referred to by the acronym ISIS. However coincidental, we have no interest in sharing a name with a group whose name has become synonymous with violence and our hearts go out to those who are suffering, Abbott said in a statement. The new name has yet to be announced. ISIS the militant group is responsible for the conflict thats spilled over from the civil war in Syria to plunge Iraq into unrest. ISIS fighters took control of Mosul, Iraqs second largest city, in early June following a quick campaign that saw Iraqi security forces quickly fold under their assault. As for Isis the mobile wallet, a forced rebranding might not be such a bad thing. AT&T (T, Tech30), Verizon (VZ, Tech30) and T-Mobile (TMUS) founded it in 2010 with the goal of developing a smartphone-based service to store payment cards, loyalty programs and merchant offers. Despite gaining powerful backers like American Express (AXP) and JPMorgan (JPM), the service has failed to catch on, and it faces competition from the likes of Google Wallet,PayPal, Square, Venmo and many others. Its not the only Isis that isnt enjoying the name confusion. One of the worlds leading centers for physics and life sciences research is located in the U.K. and also called Isis. It hasnt announced a rebranding yet, but it has made the British press. Facebook still wont say sorry for mind games experiment Facebook cant seem to bring itself to apologize for performing psychological experiments on its users. In her first public statement on the matter, Facebook Chief Operating Officer Sheryl Sandberg said that the outrage over the companys controversial study was all a big misunderstanding. This was part of ongoing research companies do to test different products, and that was what it was. It was poorly communicated, said Sandberg at an Indian Chambers of Commerce event in New Delhi on Wednesday. And for that communication we apologize. We never meant to upset you. Internet users were angry earlier this week when Facebook (FB, Tech30) revealed that itintentionally made a subset of its users less happy during a week in 2012. As part of the study, Facebook changed the mix in the News Feeds of almost 690,000 users. Some people were shown more positive posts, while others were shown more negative posts. Facebooks controversial mood experiment In an interview with Indias NDTV Wednesday, Sandberg reiterated that the company was sorry for the lack of transparency -- but not for the study itself. We clearly communicated really badly about this, and that we really regret, Sandberg said. When pressed if Facebook plans on apologizing, Sandberg came closer to offering a mea-culpa, but still didnt quite get there. Facebook has apologized, and certainly never wants to do anything that upsets users -- and particularly for communicating really badly. But has Facebook really apologized for conducting the mood manipulation study itself? Not quite. The Facebook researcher who designed the experiment, Adam D. I. Kramer, said in a postSunday that he was sorry for the way the study was presented and for the uproar it caused. I can tell you that our goal was never to upset anyone, Kramer wrote. I can understand why some people have concerns about it, and my coauthors and I are very sorry for the way the paper described the research and any anxiety it caused. In hindsight, the research benefits of the paper may not have justified all of this anxiety. Facebooks official statement didnt come close to apologizing. In fact, the company defended the study as a way to improve our services and to make the content people see on Facebook as relevant and engaging as possible. We carefully consider what research we do and have a strong internal review process, a Facebook spokesman said in a statement. There is no unnecessary collection of peoples data in connection with these research initiatives and all data is stored securely. Facebook did not respond to a request for a comment on whether the company plans on apologizing for the study itself. Get to know your unconscious: Dream-reading technology that actually works? STORY HIGHLIGHTS • Shadow app seeks to connect users with their dreams • It wakes the user and allows them to record their memories • The data gathered worldwide is already providing insights • Other innovations in this area allow people to control their dreams A dizzying number of trackers are available for health and lifestyle. Enthusiasts can now chart every calorie burned or consumed, have their genetics broken down and backdated for centuries, or follow their stress levels through a family holiday. But while our waking moments become ever more transparent, the one-third of our life spent asleep has remained off limits. Throughout history, dreams have proved resistant to interrogation. It is not known why we sleep at all beyond a general need to recharge and avoid the negative consequences of not sleeping, while an explanation for the substance of dreams has proved even more elusive, still dominated by the theories of wish fulfillment espoused by Freud and Jung. But now, digital innovations are picking up the challenge. The Shadow app seeks to connect users with their dreams, and to make them sociable. Its first function is as an alarm clock that wakes the user gradually over up to 30 minutes, easing them into consciousness so as to preserve more of the dream state, rather than shattering it abruptly. Dream researchers estimate that 95% of dreams vanish upon awakening. Once the user touches their phone it begins recording and invites them to share the still-fresh memories of the night, prompting them with questions. The input is scanned for keywords and patterns so that the user can build a picture of their experiences over time. More ambitiously, their personal data is anonymized and sent with gender and geographic data to cloud servers in the hope of building a global dream database. In this social network people can compare and discuss their experiences, while trends can be identified and analyzed. We want to know what the most popular dream is in Japan, or Cambodia, at a given time, Shadow founder and CEO Hunter Lee Soik said. You can see the dreams from each city organized by keywords and numbers. Last week the most dreams were recorded in New York City and the most common subject was relationships. Currently on a very limited launch of around 1,000 users, the data gathered is already offering insights. Last week the most dreams were recorded in New York City and the most common subject was relationships. It makes sense that as we are social creatures, we are social in our dreams too. Soik wants his creation to be a whole other psychological layer of quantified technology that people can use in conjunction with their daytime devices for a more complete picture. The science of dreams Scientific rigor is being applied to the project through specialists in psychology, neurology, sleep and behaviorism from leading academic institutions such as Harvard and Berkeley, who will analyze the data and contribute their findings. One study will assess environmental impact on dreams, whether through temperature or war. A similar project is being undertaken by Professor Richard Wiseman of the University of Hertfordshire, a sleep specialist and the UKs only Professor of the Public Understanding of Psychology. But in his case the goal is to actively shape dreams. Wisemans Dream: ON app monitors sleeping movement in order to identify the REM stage, the state of deep sleep which is most fertile for dreams and signaled by the cessation of neurotransmitters that control activity such as seratonin, and paralysis of movement but for the eyes. It targets the last and longest of these stages with a range of sound input from peaceful garden to zombie attack. The Professor employed double blind tests and received over a million submissions from users, and noted a significant impact. Your Abandoned Smartphone May Betray You That phone you so callously turned over to another may be harboring some of your secrets -- and it may be all too willing to spill its guts. An examination of 20 used phones purchased on eBay turned up more than 1,500 family photos of kids, 750 photos of women in various stages of undress, and more than 250 selfies of mens nether regions, according to Avast. Doing a factory reset to wipe the data off smartphones does not work, and the data can be recovered, warned Avast. The company recovered tons of data, including more than 40,000 stored photographs, from 20 used Android phones purchased from eBay. Device owners need to overwrite their files to make them irretrievable, Avast said, touting one of the applications it offers. I am not at all surprised because RAM-based memory still uses the same file system as hard drives, and ... PC files do not really get deleted either, Stu Sjouwerman, CEO at KnowBe4, told TechNewsWorld. What About iPhones? Avast did not analyze iPhones, but in general, on iOS, recovery is much more complicated, Tomas Zeman, its mobile product manager, told TechNewsWorld. It depends on the version of iOS, the version of the device, and whether files on the device are encrypted, he continued. Both Android and iOS are based on Unix-like operating systems, and both use NAND flash storage, so its highly likely that data on both can be retrieved after it has been deleted, Dave Jevans, founder and CTO of Marble Security, told TechNewsWorld. Tablets are just as vulnerable to data retrieval. Avasts Rich, Sometimes X-Rated, Harvest More than 1,500 family photos of kids, 750 photos of women in various stages of undress, and more than 250 selfies of mens nether regions were among the photos Avast recovered. The identities of four previous owners of the devices, one completed loan application, more than 250 contact names and email addresses, more than 750 emails and text messages, and more than 1,000 Google searches also were recovered. One phone had another vendors security software installed -- but that device gave up the largest amount of personal information gleaned, Avast said. How the Data Was Obtained Avast used the program FTK Imager to mount the image of a partition containing user data. Devices whose users did not store data on removable micro SD cards or internal storage could be connected by a USB cable to a computer, which mounted the storage as removable storage. Devices that dont support mass storage had to be rooted and a mass storage application such as Media Transfer Protocol was used to transmit media files. In some cases, the cellphones were backed up using Android Debug Bridge and the data was converted to a .tar archive using an Android Backup Extractor. The Numbers Tell the Story More than 80,000 people list their smartphones on eBay daily, Avast said. The market for used smartphones is growing, with Apple, big box stores such as Walmart and Best Buy, and carriers all running phone buyback or trade-in programs. Also, carriers have leasing programs that let users get a new device at regular intervals. Companies like Gazelle, which buy used smartphones, erase and resell them. In May, Gazelle accepted its 2 millionth device and hit its 1 millionth customer mark. That makes things more dangerous for smartphone owners. Smartphone Recovery Pro and Recovery-android, are among the companies offering Android smartphone data recovery software. Easus, which offers free and paid versions of its MobiSaver Android data recovery software, also offers something similar for iOS. Solutions to the Problem Smartphones, whether owned by an enterprise and provided to staff or owned by consumers, must be wiped before they are reissued, discarded or sold, KnowBe4s Sjouwerman said. Use encryption in corporate applications for BYOD phones, Marbles Jevans suggested. Enterprises may not wipe the hard drives of smartphones they own before reissuing them to other staff. NAND flash only has a limited lifetime for reads and writes before it wears out, Jevans said. Erasing the contents of files is not only slow, but would reduce the life of the memory considerably, he continued. Thats why its generally not done.
Posted on: Thu, 17 Jul 2014 14:54:15 +0000
Trending Topics
Recently Viewed Topics
© 2015