PlayStation Network credit cards protected by encryption

All credit card information stored on Sony's PlayStation Network was encrypted, the company said one day after warning users their user names, passwords, birth dates and home addresses were stolen in a security breach.

The entire credit card table was encrypted and we have no evidence that credit card data was taken, Sony representatives wrote in the update, which was posted late on Wednesday. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

The update clarifies statements Sony made on Tuesday that the stolen information may have included payment-card data, purchase history, billing addresses, and security answers used to change passwords. It didn't provide details about the encryption used to protect card data, but assuming it followed standard industry practices, it was likely enough to prevent the information from being used by the hackers behind the break in.

Wednesday's update follows multiple news reports that recounted PlayStation Network users who reported credit card fraud that seemed to coincide with the breach.

Noticeably absent from Sony's update was the status of passwords used to log in to the PlayStation Network. Industry practices dictate they should never be stored in clear text, but rather should be run through a one-way cryptographic hash algorithm, which converts each string in plaintext to a unique set of characters that can never be reversed.

As we've learned from last year's mammoth website hack at Gawker and numerous other security breaches, users frequently employ the same credentials for numerous accounts, making all of them vulnerable when a single one is compromised. Sony's update strongly urged PlayStation Network users who use the same account name and password for unrelated services to change them.

The update said that Sony has sent the majority of its 77 million users an email informing them of the breach and the steps they should take to protect themselves in its aftermath. The company also said it is working to track down the perpetrators.

We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located, Sony representatives wrote.

They said they expect some online PlayStation services to resume this Tuesday.

FBI details difficulties defanging Coreflood botnet

IP lists en route to foreign authorities.

The US Justice Department has requested the FBI have a further month, until May 25, to continue defanging the Coreflood botnet under Operation Adeona.

Details in the request highlighted the difficult position the FBI faces after swapping out Coreflood's command and control servers with its own earlier this month.

Despite having the technical capability to remotely uninstall Coreflood malware from infected computers, it appears unable to do this for the bulk of victims in part because it cannot directly go to them to seek consent to do so.

In a supporting declaration [pdf] obtained by Wired, FBI special agent Briana Neumiller said that she was certain "the Coreflood software could be used to uninstall itself, if appropriate instructions were issued from a command and control server."

She claimed that FBI testing showed it could restore a Windows operating system to its pre-infected state without affecting any user files on it.

If the FBI requests authority to do this, it would be the first time any US agency has removed malware remotely from the computers of an infected home users, Wired noted in its report.

For now the FBI is limited to do this with organisations or "identifiable victims" with publicly available IP addresses.

The FBI had already issued "request and authorisation to delete" forms to dozens of government agencies, three airports, two defence contractors, five banks, and hundreds of businesses.

The more complicated task of removing Coreflood from home user machines relies on ISPs notifying infected users, antivirus vendors updating signatures and consumers removing the malware.

The FBI had already asked some ISPs to forward a "Notice of Infected Computer" to hundreds of thousands of customers in the US. Notifications were based on a list of IP addresses associated with infection, which was further complicated by the common practice of ISPs allocating dynamic addresses.

It had also requested its International Operations Division to forward a list of IP addresses, separated by country, to relevant foreign authorities .

Despite the legal and technical obstacles to removing the malware, the FBI recorded a dramatic fall in the number of "beacons" or pings from infected machines to its command and control servers in the days after seizing them.

By sending commands to infected machines in the US to stop running Coreflood, the number of beacons fell from 800,000 on 13 April to fewer than 100,000 on 22 April.

Nuemiller speculated this was the result of Coreflood being unable to update itself of infected computers, buying time for antivirus vendors to release signatures for the latest version of it. It could also have been the result of customers disconnecting their computers or removing the malware after ISPs notified them.

Copyright © iTnews.com.au . All rights reserved.

TomTom apologies for giving customer driving data to cops

Navigation device maker TomTom has apologized for supplying driving data collected from customers to police to use in catching speeding motorists.

The data, including historical speed, has been sold to local and regional governments in the Netherlands to help police set speed traps, Dutch newspaper AD reported here, with a Google translation here. As more smartphones offer GPS navigation service, TomTom has been forced to compensate for declining profit by increasing sales in other areas, including the selling of traffic data.

On Wednesday, Europe's biggest satnav device maker apologized, saying it sold the data believing it would improve traffic safety and reduce bottlenecks, The Associated Press reported.

We never foresaw this kind of use and many of our clients are not happy about it, Chief Executive Harold Goddijn wrote in an email sent to customers. He went on to say that licensing agreements in the future would prevent this type of use in the future.

With the revelation, TomTom becomes the latest company to raise privacy concerns about location data it holds on its customers. Over the past week, questions have been raised about Apple, Google, and Microsoft and the location data stored or tracked by the iPhone, and Android and Windows Phone 7 devices, respectively.

TomTom has said that any information it shares has been anonymized, but customers shouldn't take such assurances at face value. Past claims about the anonymity of data sometimes turn out to be horribly wrong witness the debacles involving AOL's sharing of 20 million searches and the release of Netflix users' viewing habits. It's not hard to fathom a scenario in which data supplied by TomTom could be used to figure out sensitive information about its users, such as where they live and work. What could possibly go wrong there?

PlayStation Network Hack: Who Did It?

It’s one of the biggest data breaches in history. Now that Sony has come clean — sort of — on a computer intrusion this monththat exposed personal information on 77 million PlayStation Network users, one obvious question remains: Who pulled off the hack?

In the old days, the answer would be simple: some kid did it. But today’s underground is more complicated — a slew of competing players with different agendas andtechniques. Here’s a quick rundown on thelikelysuspects.

Anonymous

While noncriminal pranks are their stock in trade, the griefers of Anonymous have been on a hacktivism spree of late, staging distributed denial-of-service attacks against the corporate enemies of WikiLeaks, then famously cracking the computer security firm HBGary Federal and exposing the shady plotting of its CEO. Coincidentally, Anonymous declared Sony as its latest protest target right around the time of the intrusion. They were unhappy with Sony’s lawsuit against PlayStation 3 rooter George Hotz, and unsatisfied by the settlement deal reached between Hotz and the company this month.

But spokespeople for Anonymous have denied any role in the PlayStation Network hack, and the whole flavor of the hack just isn’t Anonymous’ style:they’ve pulled intrusions in the past, but computer crime isn’t their mainstay, and a stealth run through the network of a corporate giant is decidedly short on lulz. Verdict: Probably innocent.

China

Chinese hackers have been responsible for some of the most sophisticated known intrusions in recent years — low-and-slow attacks against defense contractors, human rights groups and Silicon Valley bigwigs like Google. The attackers typically get in by hitting a single employee with an exploit, and then carefully expand through the network until they’ve found what they’re looking for — generally trade secrets, source code, or intelligence.

A list of 77 million names, dates of birth and passwords could be useful as the raw material for future attacks, but aside from that, Sony’s gaming infrastructure is not a logical target for this bunch. You also wouldn’t expect a professional Chinese intrusion to be detected so quickly. Verdict: Innocent.

Random Recreational Hacker

This breed still exists, though now in much smaller numbers than the professionals. The PlayStation Network would be an alluring target for a bored teenager or twenty-something who spends a lot of time grinding through multiplayer shooters — to paraphrase Silence of the Lambs, you covet what you see every day. A recreational hacker might go after the user database as a trophy. Verdict: Maybe guilty.

For-Profit Cyberthief

These guys, largely concentrated in Ukraine and Russia, know databases like the backs of their hands — they dream in SQL — and similar, if smaller, stolen databases are bought and sold routinely over carder forums and in private transactions.

In this scenario, the credit card numbers potentially stolen in the hack aren’t as important as they seem. According to Sony, the CVV2 — the security code on the back of card — wasn’t stored in the compromised database, which greatly reduces the cards’ usability to fraudsters. Credit cards without the magstripe data or CVV2 are among the leastvaluablecommodities.

But combined with the other data, the database isvaluableindeed. The passwords (which Sony evidently didn’t bother to hash) could be a gold mine, because people have a tendency to use the same password everywhere; you can bet a big chunk of those 77 million PlayStation Network passwords will unlock everything from Facebook accounts to online banking. The e-mail addresses could be used in phishing attacks, with the fraudster using stolen details — like the target’s date-of-birth — to increase the chances of a response. Hell, even if it were just sold as a spam list, the Sony database could draw a pretty penny. Verdict: Probably guilty.

Feds move to uninstall bot that hit banks, airports, cops

The notorious Coreflood botnet has penetrated a veritable who's who of sensitive organizations, including banks, state and local governments, airports, defense contractors, and a police department, an FBI agent said in sworn testimony.

An executive of one compromised hospital healthcare network found that 2,000 of its 14,000 computers were infected with malware, which sniffs out banking passwords and other sensitive data and sends them to servers controlled by thieves. The agent said some 35 colleges and universities and hundreds of businesses have been hit by the decade-old Coreflood, which government investigators estimate infects more than 413,000 computers.

The written testimony from Special Agent Briana Neumiller was submitted in the FBI's unprecedented legal effort to dismantle Coreflood by taking over the servers and hundreds of domain names it uses to send commands to infected PCs under its control. Neumiller's declaration came in the government's request for a preliminary injunction extending the government's authority to issue stop commands to the zombie machines that disable the Coreflood malware until the next reboot.

US District Judge Vanessa Bryant of Connecticut granted the motion on Monday.

The stop commands are intended to be an interim step designed to prevent Coreflood from regrouping until a permanent fix can be put in place. It involves taking down the botnet's command-and-control system that doles out instructions and malware updates when infected machines report to it. In its place, the government has installed two substitute servers that respond with the stop commands.

It is the first time government authorities have ever issued commands to infected PCs in an attempt to take down a botnet. They are intended to prevent the Coreflood operators from regaining control of the infected machines by sending their own set of commands that instruct them to report to a new set of command-and-control servers.

So far, the maneuver appears to be working, Neumiller said. Within 72 hours of the Coreflood seizure, beacons sent from infected computers fell from almost 800,000 per day to some 150,000, and by Friday, that number sank below 100,000 for the first time since the operation began.

With the issuance of the preliminary injunction allowing the operation to continue, the government can now move to its second step, which is intended to permanently remove the Coreflood malware from the hundreds of thousands of computers it has infected. The disinfection involves tracking down the individual owners and getting their permission to issue an uninstall command from the substitute servers.

Removing Coreflood in this manner could be used to delete Coreflood from infected computers and to 'undo' certain changes made by Coreflood to the Windows operating system when Coreflood was first installed, Neumiller wrote. The process does not affect any user files on an infected computer, nor does it require physical access to the infected computer or access to any data on the infected computer.

FBI researchers have successfully used the procedure on test computers, but a waiver that infected machine owners are asked to sign releases the feds from any legal liability should things go wrong.

The government is now in the process of sifting through what is likely millions of IP addresses and correlating them to public and ISP records to identify and contact the US-based owners of the infected machines. It is also collecting the IP addresses of owners believed to be located outside US borders and referring them to authorities in foreign countries.

At no point do federal authorities have any control over infected computers or access to personal data residing on them, and owners who want to opt out of the disinfection routine may do so.

ICE Uses Seized Domains for Best Anti-Piracy Video Ever

The U.S. Immigration and Customs Enforcement bureau is hoping to lay a little guilt onmoviedownloaders bydramatizingthe stark human toll BitTorrent inflicts on Hollywood boom mike operators … or something.

ICE releasedthe above 76-second public service announcement to YouTube late Tuesday, and beganpromoting it on 65 of the 120 domains the agency seized in its anti-piracy program “Operation in Our Sites.” Visitors to dvdcollects.com, for example, are greeted with an ICE message that the domain has been seized, and a link to the video.

“The public service announcement,” ICE Director John Morton said in a statement, “will help raise awareness that American businesses, and American jobs, are threatened by those who pirate copyrighted material and produce counterfeit trademarked goods.”

The public service address shows a peddler on a New York street giving away free movies he said were downloaded from the internet. Beside him stands a soon-to-be unemployed worker.”What’s more important,” he asks, “the movie or this human being?”

See Also:

• U.S. Shutters 82 Sites in Crackdown on Downloads, Counterfeit Goods
• Feds Seize 18 More Domains in Piracy Crackdown
• Feds Tackle Sports-Streaming Pirate Sites
• Feds, RIAA Ask $22500 in Damages Per Song
• ‘Chaos’ at WikiLeaks Follows Assange Arrest
• U.S. Customs Begins Pre-Super Bowl Online Mole-Whack

Free and subdomain hosting lets phishing sites live longer

A growing numbers of phishers are using free domains and subdomain to register net fraud sites, a move that seem to have allowed phishing sites to stay online longer.

Official figures from the Anti-Phishing Working Group (APWG) records that around 11 percent of all phishing attacks took advantage of either the free .TK domain registration service or the CO.CC subdomain service during 2H 2010.

The Group found that 11,768 phishing websites were hosted on subdomain services, up 42 per cent from the first half of 2010. The increased use of the sub-domain tactic seems to be designed to make it harder to get offending sub-domains taken down. As a result of this, in part, the time offended domains get to live has increased to a three year high.

Median uptimes exceeded 15 hours 19 min in 2H2010 compared to 13 hours 42 in the first half of 2010 and 11 hours 44 in the second half of 2009. Other stories have shown that the time phishing sites can stay online is closely linked to their short-term profitability.

Chinese e-commerce sites and banks are increasingly targeted in phishing attacks, a diversification from the usual target of PayPal and Western banks.

In total 67,677 phishing attacks were launched in 2H 2011, far more than the 48,244 recorded in the first half of last year but far less than the 126,697 recorded in 2H 2009 at the height of phishing on the Avalanche botnet. The increase between the first and second half of 2010 largest comes from new data about Chinese emails scam.

Phishing attacks are far from spread out uniformly over the web. Sixty percent of the attacks occurred against four TLDs: .COM, .NET, .TK, and .CC. Meanwhile 78 per cent of the worlds malicious domain registrations were made in just three TLDs: .COM, .TK, and .NE

Among the total of 42,624 phishing domains found in the study, APWG reckons 11,769 (28 per cent) were registered maliciously by the phishers. Of those, 6,382 were registered as part of attacks intended to trick Chinese users into handing over their net access credentials. The other 30,855 suspicious domains domains were made up of either hacked or compromised but otherwise legitimate websites. Malicious registrations took place on 56 TLDs, the APWG further reports.

Internet Identity CTO Rod Rasmussen is due to unveil the finding of the report (pdf) at the APWG Counter eCrime Operations Summit in Kuala Lumpur, Malaysia later on Wednesday.

Sony hack revives Oz disclosure debate

The Sony PlayStation network breach has revived Australias dormant security disclosure debate.

Rob Forsyth, A/NZ managing director of Sophos, says the government must legislate for mandatory disclosure, noting that it has been proposed in a large number of privacy recommendations. If personally identifiable information is lost, he said, companies must notify both the general public and the individuals whose information has been stolen.

He told ABC radio programme The World Today that the theft of address and birth date details and possibly credit card numbers, although Sony currently maintains that there is no evidence that these were compromised in the breach highlights Australias lack of a disclosure regime.

Sony was not quick to notify people that there had been a breach of security, RMIT lecturer and computer networking specialist Dr Mark Gregory told the same programme, even though the speed with which the network was shut down demonstrated that Sony was aware of the problem before it went public.

He backed Forsythes call for a disclosure regime: Government needs to legislate a proper regime for this, he said.

Dr Gregory also called on the government, via the Australian Communications and Media Authority (ACMA), to establish best practice security guidelines that companies can follow.

Kidnapped Kaspersky freed without ransom

Released unharmed.

Ivan Kaspersky, the son of Russian antivirus king, Eugene Kaspersky, was freed on Sunday from kidnappers who had demanded US$4.3 million for his release.  

The Russian Federal Security Service (FSB) teamed up with Kaspersky’s security personnel and Moscow Police to secure his release, Kaspersky Labs said in a statement on Sunday. 

“Ivan is alive and well and is currently at a safe location. No ransom was paid during the operation to free him.”

Five people have been arrested on suspicion of kidnapping the 20 year-old, who went missing while on his way to work in Moscow last Tuesday.

Eugene Kaspersky was in London at the time attending the InfoSec conference. 

The kidnappers hoped to pay off a bank loan with the ransom money, according to local reports. 

Investigators reportedly determined Ivan Kaspersky’s holding place after tracing a mobile call made by one of his captors to Eugene.  

Ivan is the son of Eugene and his ex-wife, Natalya Kaspersky, the former CEO of Kaspersky Labs and current chairperson of its board of directors.  

Copyright © iTnews.com.au . All rights reserved.

Windows phones send user location to Microsoft

Add Microsoft Windows Phone 7 to the list of mobile operating systems that silently transmit the precise physical location of the device back to a central database.

CNET reported the location tracking on Monday, almost a week after reports of similar tracking in Apple's iPhone and Google's Android mobile OS raised concerns that smartphones could be used by police, civil litigants, or abusive spouses to track an owner's movements over extended periods of time.

Microsoft has said here that when location services for Windows phones are switched on, the devices transmit a unique ID along with nearby wireless networks, their signal strength, and GPS-extracted location to the company's servers.

Windows phones don't store any of the locations on the device itself. By contrast, iPhone 4 stores locations in an easy-to-read file that can store months, and potentially years, worth of data that police have been tapping for years. Android indexes locations of cellphone towers and Wi-Fi networks the handset has connected to, but limits entries to 200 and 50 respectively.

Both Apple and Google have said their phones report their location, but only when the devices' location services are turned on, in keeping with previous disclosures. Neither Apple nor Google has disclosed that location information is also stored on the handset.

A Microsoft spokeswoman declined to make anyone from the company available to speak about the practice.

Feds finger China in wire fraud

The FBI has issued an alert warning that money obtained by phishing is being transferred to trade companies in China.

The bureau says money obtained from compromised business computers is being wired to Chinese companies located near the Russian border. The transfers are initiated after criminals compromise computers (typically with phishing attacks), gaining access to businesses banking credentials.

While various attacks are used, the notice identifies ZueS, Backdoor.bot and Spybot as the fraudsters favorite malware.

Intermediary accounts in New York are typically used as staging points for the final transfer.

A large number of companies are apparently registered for the purpose of the fraudulent transfers, rather than having an easier-to-identify single recipient. The FBI says the names of various port cities in the Heilongjiang province occur in the names of companies to which the transfers are made including Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning. The names also include variations on economic and trade, trade, and LTD.

The actors, as the FBI calls them, generally try to transfer large amounts between US$900,000 and US$1 million but are more successful in receiving the funds when the unauthorized wire transfers were under US$500,000.

Feds Drop Probe of NSA Wiretapping Whistle Blower

The government has dropped its criminal investigation of the whistle blower who exposed the Bush administration’s warrantless wiretapping program to the New York Times in 2004, and will evidently not be filing criminal charges for the historic leak.

Thomas Tamm, a former Justice Department attorney, learned last year that government was no longer pursuing a case against him, according to Politico. Tamm had held a Top Secret/SCI clearance at the Justice Departments Office of Intelligence Policy and Review when he discovered the illegal NSA program and tipped off the Times. The paper held the story for a year, before breaking the news in a December 2005 article that set off a political and civil liberties firestorm that dogged George W. Bush through the end of his term, and earned the paper a Pulitzer.

The Times kept Tamm anonymous, and learned operational details of the spying from other sources. But in 2007, Tamm came home to find 18 FBI agents in his house. “They were all wearing body armor, they were all well armed,” he recalled in 2009. “They asked my kids if we had any secret rooms in the house or whether I had any weapons. They were in my house for over seven hours.”

Tamm has maintained that his leak was not illegal. And when Obama was elected in 2008, the future of any prosecution seemed uncertain. While campaigning, Obama had picked up on the warrantless wiretapping as a civil liberties talking point, but he’d also voted in the Senate to legalize the program and to grant retroactive legal immunity to the telecom companies that cooperated in the surveillance. Since his swearing in, Obama’ Justice Department has prosecuted more leakers than any other in history.

Which reminds us: Tamm is not to be confused with Thomas Drake, a different whistle blower who allegedly spilled the beans on costly, failed NSA programs to the Baltimore Sun in 2006 and 2007. Drake was charged in Maryland under the Espionage Act a year ago, and is headed toward trial.

(Image: NSA.gov)

See Also:

• NSA Whistleblower Meets Anthrax Person of Interest
• Should NSA Whistleblower Be Prosecuted?
• Did Blog Comments Lead Feds to Raid Ex-Justice Lawyer in NSA Spy Leak Investigation?
• New York Times NSA Whistleblower Reveals Himself

User data stolen in Sony PlayStation Network hack attack

Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts.

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony's related Qriocity network.

Sony's stunning admission came six days after the PlayStation Network was taken down following what the company described as an external intrusion.

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months.

Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony's advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unencrypted on its servers. Sony didn't say if its website complied with data-security standards established by the Payment Card Industry.

Sony reminded users located in the US that they're entitled to receive one credit report per year from each of the three major credit bureaus. The company didn't offer to pay for any sort of credit monitoring service to help ensure the information it lost isn't used in identity-theft ruses against its users.

When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password, advises a letter that Sony is sending to its users.

Of course, that suggestion assumes users continue to trust Sony to safeguard their information and stand behind assurances that the PlayStation Network is secure, and at the moment there's little evidence to support that assumption.

WikiLeaks Donations Topped $1.9 Million in 2010

A German nonprofit that processes most of the donations submitted to the secret-spilling site WikiLeaks has finally made good on nearly a year-old promise to release a report detailing how those donations are spent — though the report remains silent on how much money was paid to WikiLeaks founder Julian Assange.

The Berlin-based Wau Holland Foundation, whichaccepteddonations for WikiLeaks via PayPal and bank account transfers, quietly released the reporton its website (.pdf) April 16.

According to the report, the foundation received about $1.9 million on behalf of WikiLeaks in 2010. More than half of that amount, or $700,000, came in November and December, after WikiLeaks and several newspapers began publishing a trove of U.S. diplomatic cables allegedly received from Army intelligence analyst Bradley Manning.

A $15,100contribution WikiLeaks made to Manning’s defense in January of this year is not reflected in the report, which only covers expenses and contributions through December of 2010.

Of the total money received, the Wau Holland Foundation distributed about $585,000 to WikiLeaks to cover expenses. A little more than $200,000 of this went to WikiLeaks for the cost of processing submissions, such as “reviewing and editing incoming material, video authoring, analyzing and arranging a large number of documents … anonymisation and much more.” The sum also includes the “involvement of external experts like journalists.”

In 2010, WikiLeaks sent two Swedish journalists to Iraq to locate and interview two children who were injured in an Army Apache attack, a battle that featured in the now-famous Iraq “CollateralMurder” video that WikiLeaks published in April of last year.

According to the Wau Holland report, an additional $152,000 was paid to “a few heads of project and activists,” for services invoiced. This appears to reference salaries paid to staffers, though the report doesn’t specify how that expense differs from the expenses attributed to processing submissions.

The report also doesn’t say how much Assange personally received from the funds, though the Wall Street Journal reported last year that he received about $88,000 in back pay for work performed in 2010.

Wau Holland paid about $87,000 to cover WikiLeaks’ infrastructure expenses, such as servers and other hardware; another $91,000 went for travel costs to conferences, meetings, and lectures. This money covered airfare, usually economy class tickets, but generally not hotel stays “because activists often are lodged in private,” according to the report. It’s commonly known that WikiLeaks founder Assange relies on the kindness of supporters for free hospitality in countries where he travels.

Additionally, Wau Holland paid out $48,000 in legal fees. This was defined as costs for project campaigns, “not for individual-related legal advice or legal representation in court proceedings.” The latter likely refers to the personal legal expenses that have been racked up over the last year by Assange, who is facing sex-crimes allegations in Sweden and has been fighting an extradition battle in London.

About $930,000 of the 2010 donations Wau Holland received came through a PayPal account, while the remainder came through bank transfers. PayPal closed the account in December, though donations to WikiLeaks via bank account transfers have continued.

Of all the money raised, the largest amount, 35 percent, came from the U.S., while 14 percent came from Germany and 12 percent from Britain. About six percent came from Australia and Canada, followed by smaller amounts from other countries.

Wau Holland began accepting donations on WikiLeaks’ behalf in October 2009 and had received only about $6,000 in donations before WikiLeaks’ website went down late December that year. Donations began pouring in once people saw in January that the site needed help, foundation vice president Hendrik Fulda told Threat Level previously. WikiLeaks plea for donations indicated the site needed to raise at least $200,000 to cover a years worth of operating expenses, increased to at least $600,000 if its volunteers were to be paid.

The foundation began facing pressure last year from the public and from German authorities to provide an accounting of how donations were being spent. The foundation missed its own deadlines for publishing the report repeatedly over the last eight months.

See also:

• WikiLeaks Contributes $15,000 to Bradley Manning’s Defense
• WikiLeaks Spending Rises Dramatically to $500,000
• PayPal Freezes WikiLeaks Account
• WikiLeaks Cash Pledge Hasn’t Reached Bradley Manning Support Fund
• Salaries of WikiLeaks Staffers To Be Revealed in New Report
• WikiLeaks Cash Flows In, Drips Out

TinyBB "viewthread.php" SQL Injection Vulnerability

TinyBB is a bulletin board application implemented in PHP. The software is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "post" parameter of the "inc/viewthread.php"script.TinyBB 1.4 is affected.

Ref: http://www.securityfocus.com/bid/47346/info

11.17.22 - CVE: Not Available
Platform: Web Application - SQL Injection

Cops raid man whose Wi-Fi was used to download child porn

A man recently found a swarm of armed federal agents descending on his Buffalo, New York, home after a neighbor accessed his open Wi-Fi network and used it to download child pornography.

The account, included in a recently published article from the Associated Press, is one of several demonstrating the unintended consequences that come when computer users don't take measures to restrict use of their wireless networks.

A separate man from Sarasota, Florida, the AP said, was similarly raided after someone on a boat docked near his building used a long-range antenna to tap into his internet connection and download an astounding 1 million images of child porn." And a man from North Syracuse, New York, fell under suspicion of trafficking in illegal videos that were really transmitted by a neighbor.

Even when people try to lock down their networks using WEP, or wired equivalent privacy, their Wi-Fi signals are still under attack. According to the Seattle Post-Intelligencer, authorities in that city have moved to seize a man's car after it was used in a wardriving spree that accessed wireless networks and stole harvested user information.

The 1988 Mercedes sedan contained a long-range antenna and a laptop equipped with software for exploiting weaknesses in WEP that were diagnosed years earlier. The unidentified owner is suspected of belonging to a loose-knit group that has burgled more than $750,000 and often uses information lifted from victims' wireless networks to get a foothold.

Once a suspect has gained unauthorized access to a wireless network, computers in the vehicle can be used to run programs such as port scanning software and password recovery software designed to breach security on machines within the networks, police told a court of law.

About 32 percent of people in the US admitted trying to access Wi-Fi networks that didn't belong to them, the AP said, citing a recent poll taken by the Wi-Fi Alliance. About 201 million American households use wireless networks to connect to the internet.

Many pundits have pointed to the AP report as a cautionary tale exposing the dangers of running unsecured wireless access points. But this misses the point. Many people like the idea of leaving their networks open so others traveling nearby have a way to pull down email or check directions. It seems just as easy to draw the conclusion that mere use of an IP address shouldn't be grounds for armed police to raid a person's home.

Home and business networks that transmit or store sensitive financial information are another matter entirely, of course. And for those WEP should be avoided in favor of WPA or WPA2.

FBI v. Coreflood Botnet: Round One Goes to the Feds

The FBI’sunprecedented effort to behead the Coreflood botnet — comprised of millions of hacked Windows machines — appears to be working, at least for now.The bureau has tracked a dramatic decline in the number of pings from the botnet since the takedown operation began earlier this month, according to court documents filed by the Justice Department on Monday.

The number of pings from infected U.S. systems plummeted from nearly 800,000 to less than 100,000 in about a week after authorities began sending out stop commands to those machines — a drop of nearly 90 percent. Pings from infected computers outside the U.S. have also dropped about 75 percent, likely as a result of a parallel outreach effort to foreign ISPs.

The government’s efforts have temporarily stopped Coreflood from running on infected computers in the United States,” writes the government in its filing, “and have stopped Coreflood from updating itself, thereby enabling anti-virus software vendors to release new virus
signatures that can recognize the latest versions of Coreflood.”

The Justice Department asked the court to extend authorization (.pdf) for “Operation Adeona” for an additional thirty days, through May 25, so the feds can continue to temporarily disable the malware as it reports in from infected hosts.

Interestingly, the new filing also hints that the government may soon formally seek court permission to take the next step, and actually instruct infected computers to permanently uninstall the malware. It would be the first time a government agency automatically removed code from Americans’ computers.

The process has been successfully tested by the FBI on computers infected with Coreflood for testing purposes, writes FBI Special Agent Briana Neumiller in a declaration to the court (.pdf).

The takedown operation began two weeks ago, when the Justice Department obtained an unprecedented court order allowing the FBI and U.S. Marshals Service to swap out command-and-control servers that were communicating with machines infected with Coreflood malicious software used by criminals to loot a victims banking accounts — and replace them with servers controlled by the FBI.

The controversial order also allowed the government to collect the IP addresses of any infected machines that subsequently contacted the FBI-controlled servers and to push out a remote exit, or stop, command to them to temporarily disable the Coreflood malware running on the machines.

The temporary order, which expired Monday, allowed the government to seize five computers and 15 internet domain names that were controlling the Coreflood botnet. Companies operating the relevant DNS name servers were ordered by the court to redirect traffic headed for those domains to two domains controlled by U.S. authorities – NS1.Cyberwatchfloor.com and NS2.Cyberwatchfloor.com. Additionally, authorities in Estonia seized other servers believed to have been previously used to control the Coreflood botnet.

When infected computers pinged, or “beaconed,” one of the FBI servers to initiate communication, the server returned a command designed to stop the Coreflood malware from operating on the machine.

The command, however, is only a temporary measure, since the Coreflood software restarts whenever an infected machine is rebooted and then sends another beacon to control servers. Thus, the FBI’s intervention software has to resend the stop command each time the malware sends a beacon, until the victim removes Coreflood from his system. The government has assured the court that this causes no harm to computers.

When authorities executed the server swap the evening of April 12, the response was immediate. According to the documents, on April 13, nearly 800,000 beacons came into the decoy servers from infected machines in the U.S. But the next day, the number of beacons had dropped to about 680,000, and steadily declined over the week.

The most drastic decline, however, occurred on April 16, a Saturday, when the number of beacons numbered fewer than 150,000. Although the number jumped to about 210,000 on Monday — likely because some users shut down their computers for the weekend then turned them on again on Monday, relaunching the Coreflood malware — the numbers have continued to decline since that day. On April 22, the last date for which data is available, the number of beacons hovered at around 90,000.

The numbers suggest three scenarios: some people with infected computers have left their systems running and have not rebooted since they received the FBI stop command, thus reducing the number of beacons coming in; other users may have disconnected infected machines from the internet until they can remove the infection; at least some users have successfully deleted the malware from their system.

The latter was made easy by an update that Microsoft made to its free Malicious Software Removal Tool, which removes Coreflood from infected computers. Anti-virus firms have also added signatures to their products to detect the Coreflood malware and help thwart the spread of additional infections.

It should be noted that the number of beacons coming into FBI servers doesnt directly correlate to the total number of machines infected with Coreflood, since multiple beacons can come from a single infected computer that gets rebooted.

In addition to sending a stop command to infected computers, the FBI collected the IP addresses of every machine that contacted its servers, dividing them into U.S. based addresses and foreign ones. From the U.S.-based addresses, they were able to track infected computers to two defense contractors, three airports, five financial institutions, 17 state and local government agencies, 20 hospital and health care entities, about 30 colleges and universities and hundreds of other businesses.

In one case, after the FBI notified a hospital that it was infected, the staff there found Coreflood on 2,000 of its 14,000 computers, according to court documents.

The FBI has passed infected IP addresses outside the U.S. to relevant foreign law enforcement agencies to contact users, and has been working with ISPs in the U.S. to notify infected users here and to explain the nature of the “stop” command the agency sent to infected computers.

At no point will the FBI or ISC exercise control over any infected computers, or obtain any data from any infected computers, reads a memo given to users.

Should users want Coreflood to continue running on their machines for some reason, they can opt out from receiving the FBI stop command. The instructions for opting out, however, are buried in a 2010 Microsoft document titled Microsoft TCP/IP Host Name Resolution Order that most users are likely to find beyond comprehension.

Users are also given a separate form to authorize authorities to delete Coreflood from their computers if they choose. As FBI Agent Neumiller suggests in her declaration to the court, this could be accomplished with a remote command similar to the stop command.

Removing Coreflood in this manner could be used to delete Coreflood from infected computers and to undo certain change made by Coreflood to the Windows operating system when Coreflood was first installed, she writes. The process does not affect any user files on an infected computer, nor does it require physical access to the infected computer or access to any data on the infected computer.

While the uninstall command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the uninstall command may produce unanticipated consequences, including damage to the infected computers.

At the beginning of 2010, Coreflood encompassed more than 2 million infected machines worldwide, the majority of them in the U.S. Coreflood is malicious software used by its controllers to steal online banking credentials from a victims computer to loot their financial accounts. In one case, the criminals managed to initiate more than $900,000 in fraudulent wire transfers from the bank account of a defense contractor in Tennessee before they were discovered. An investment company in North Carolina lost more than $150,000 in fraudulent wire transfers.

See also:

• With Court Order, FBI Hijacks Coreflood Botnet, Sends Kill Signal

Godzillas Lawyers Claim Apple App Fingerzilla is Infringing

Toho, the owner of all things Godzilla, claims a menacing-looking human index finger with monster-like scales pictured over a skyline is treading on the Japanese company’s intellectual-property rights.

With that belief, the Japanese monster-maker is demanding the producer of an Apple iOS app to quit using that finger on its website and icon for the Fingerzilla app.

“Our client has not authorized Inert Soap to use images of its Godzilla character,” Toho’s lawyers wrote Inert Soap, the app maker based in San Mateo, California, according to an April 19 takedown notice obtained by Wired.com. The lawyers added that “unauthorized use of images of the Godzilla character (.pdf) constitutes copyright infringement,” and might make the public “mistakenly believe that your business and game are associated with, authorized by, created by, endorsed by, or sponsored by Toho.”

Godzilla’s latest intellectual-property attack, however, should come as no surprise.

Toho has launched hundreds of lawsuits and takedown notices targeting Hollywood studios, automakers, toy manufacturers, rock bands, book publishers, national food chains, record labels, bloggers, wineries and just about anybody seen as capitalizing on the monster’s unique features, name or theme music.

Now the backers of the radioactive monster, who was awakened by an atomic blast nearly six decades ago, has set its fire-breathing chops on the Apple app store. Toho wants Inert Soap to change its “advertising” tactics because, among other reasons, the game’s icon and website contain a picture of a human finger that breathes fire and has spiny scales — all of which Toho claims confusingly looks like Godzilla.

The $2 Fingerzilla app, which has been sold about 100,000 times, bills itself as a “fast-paced, explosive game of utter destruction.” Users of the game employ their finger to “rain fiery chaos down upon buildings, cars, and people.”

Michael Scandizzo, a partner in the two-man Inert Soap operation, said he was flummoxed when he received the takedown notice.

“It’s a picture of my hand, one finger extended and a little cityscape,” he said in a telephone interview. “We thought it was kind of funny. Suddenly, your finger’s like a monster.”

He said he did not believe that his website and icon were infringing.

“It’s supposed to be humorous, silly, essentially a parody of Godzilla. It’s not actually a real monster,” Scandizzo quipped. “It’s a photograph of my hand where I attach a mouth and some ridges and the back of my finger to make it look kind of monstrous. That’s me being silly.”

In response to Toho’s lawyers, Scandizzo has lightened up the color of the website image of his index finger, so it looks more like a human finger. The app’s icon has always looked like a human finger.

What’s more, Toho said in its letter to Scandizzo that it “has no objection to Inert Soap’s use of ‘Fingerzilla’ alone, provided it is not used with imagery attributable to the Godzilla character and films or used in a manner intended to trade on the goodwill associated with Godzilla.”

Toho’s lawyers, of Seyfarth Shaw in Los Angeles, declined comment on whether they’ll accept Scandizzo’s alteration or give him the finger.

See Also:

• Yahoo Issues Takedown Notice for Spying Price List
• Boarding Pass Reseacher’s Lawyer Analyzes Takedown Notice
• Judge: Copyright Owners Must Consider ‘Fair Use’
• Porn Site Says Revealing Takedown Notices Infringe Copyright
• Air Force Cyber Command’s New Weapon: DMCA Notices
• Universal Says DMCA Takedown Notices Can Ignore ‘Fair Use
• Copyright Treaty Is Policy Laundering at Its Finest
• Stifled by Copyright, McCain Asks YouTube to Consider Fair Use
• Microsoft Takes Down Whistleblower Site, Read the Secret Doc Here
• Google Pulls Pirate Bay From Search Results
• 10 Years Later, Misunderstood DMCA is the Law That Saved the Web

MS now issuing security advisories about third-party Windows bugs

Microsoft has expanded its vulnerability disclosure program to include security bulletins about third-party Windows software as well as its own applications.

The first bulletins, released last weekend, cover two flaws in Google Chrome and one in Opera ll, both of which were patched by December 2010. Microsoft has promised to contact third-party vendors before releasing advisories, but it has reserved the right to issue notification before a patch has been released in cases where a flaw is under active attack.

The software giant is following the same policy for the handling of bugs in third-party software as it does for flaws in its own applications, which it describes as a Coordinated Vulnerability Disclosure policy.

Microsoft has privately supplied security assessment about bugs to third-party suppliers since August 2008. By releasing these advisories in public, it hopes to bolster the security of the Windows ecosystem.

The process might conceivably lead to the release of third-party software updates during the regular Patch Tuesday update cycle but we're not there yet and it's unlikely that Google and Adobe would want to hand over too much control over this process to Redmond.

Boffins devise way to hide secret data on hard drives

Computer scientists have developed software that hides sensitive data on hard drive, without the use of encryption, by controlling the precise disk locations containing the file's data fragments.

The application, which the academic researchers said they would release as open-source software, makes use of steganography, or the ancient art of hiding secret information in plain sight. The technique has long been employed to keep sensitive data out of the hands of adversaries. The use of encryption, by contrast, is easy to detect, tipping off adversaries that a hard drive or other piece of media contains information considered secret.

The software ensures that individual disk clusters that store the sensitive data fragments are positioned in a way predetermined by their code. A person who later wants to read the secret information uses the same application to reassemble the file. The inventors said their method makes it possible to stealthily store a 20-megabyte message on a 160-gigabyte portable hard drive.

We have presented a novel data security mechanism, a filesystem-based covert channel which allows a user to evade disk forensics by securely hiding data in a removable or permanent mass storage device, the researchers wrote in their paper, titled Designing a cluster-based covert channel to evade disk investigation and forensics. Information is hidden in a manner such that an investigator is unable to positively prove the existence of hidden data.

The researchers, from the University of Southern California in Los Angeles and the National University of Science and Technology in Islamabad, Pakistan, said the technique may cause only small performance degradations. In some cases, the approach requires the data to be hidden through the use of a secret shared between the sender and recipient.

Iran says it was attacked by second computer worm

A senior Iranian commander said his country has been targeted by a second malware attack in addition to the Stuxnet worm that was designed to disrupt nuclear operations.

Iranian security personnel are still in the process of investigating the Stars computer worm, Brigadier General Gholam-Reza Jalali, told Iran's Mehr News Agency. The Associated Press quoted him as calling the malware an espionage virus that targeted undisclosed computer systems in his country.

Certain characteristics about the Stars worm have ben identified, including that it is compatible with the (targeted) system and that the damage is very slight in the initial state, and it is likely to be mistaken for executable files of the government, said Jalali, who heads Iran's Passive Defense Organization, a military unit in charge of combatting sabotage.

Jalali's claim follows the discovery in July of a worm that targeted SCADA, or supervisory control and data acquisition, computer systems throughout the world. Many researchers who have studied the so-called Stuxnet worm claim it was designed to sabotage Iran's nuclear facilities by causing centrifuges used in uranium enrichment to operate at unsafe speeds. The New York Times has said the highly sophisticated malware was jointly engineered by the US and Israel.

Last week, Jalali repeated claims that the US and Israel were behind the attack and went on to say those countries got help from German engineering firm Siemens, which built the industrial control system that was sabotaged by Stuxnet.

Jalali and other Iranian officials have said that Stuxnet managed to affect a limited number of Iran's centrifuges but that damage was contained after the discovery.

It must be taken into consideration that (the fact that we dealt with) Stuxnet does not mean that the threat has been completely eliminated since worms have specific life cycles and can continue their activities in other forms, Mehr quoted him as saying. Therefore the country should prepare itself to tackle future worms since future worms, which may infect our systems, could be more dangerous than the first ones.

There's no evidence researchers outside of Iran have examined the new worm.

We can't tie this case to any particular sample we might already have, F-Secure researcher Mikko Hypponen wrote in a blog post published Monday. We don't know if this is another cyber attack launched by (the) US government. We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack.

Sony unsure if PlayStation Network user data was stolen

Sony has yet to determine if customers' personal information and credit card details have been stolen as part of an external intrusion into its system that has left its PlayStation network inaccessible for five days.

Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure, Sony spokesman Patrick Seybold blogged on Saturday. Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.

The day before, Seybold said Sony systems suffered am external intrusion that required the PlayStation Network and the related Qriocity services to be taken offline on Wednesday evening.

On Monday, Seybold said Sony had no update or estimate when service might be restored.

What's more, according to PCWorld, members of Sony's public relations team said the company has not yet determined if personal information or payment card data of PlayStation Network users was exposed in the security breach. They vowed to warn users promptly if the company determines such information was stolen in the attack.

The intrusion follows months of pointed criticism by some PlayStation fans over Sony's legal dragnet of hackers who jailbroke the popular game console so it would run apps and games not officially sanctioned by Sony. Critics have argued that Sony's aggressive litigation has targeted hackers for publicly speaking about jailbreaks to hardware they have legally purchased.

Earlier this month, Sony dismissed its suit against George Hotz after the hacker promised to drop all future attempts to unlock the game console and refrain from technical discussions on the topic. Hotz, who goes by the hacker handle GeoHot, remained highly critical of Sony and has called for a global boycott of the company.

It's still unclear who is behind the PlayStation Network attack, which is affecting about 70 million registered users.

Apple sued over iPhone location tracking

A lawsuit has been filed against Apple in the ongoing dust-up over its alleged tracking of the whereabouts of users of iPhones and iPads.

"Irreparable injury has resulted and continues to result from Apple's unauthorized tracking of millions of Americans," alleges the lawsuit, filed on Monday in the US District Court for the Middle District of Florida.

"It is unconscionable to allow Apple to continue unlawfully and without proper consent tracking Plaintiffs and proposed Class members," plaintiffs Vikram Ajjampur and William Devito contend after requesting that the lawsuit be raised to class-action status.

After describing the now well-known allegations of Apple's iOS 4 capturing and storing details of users locations consolidated.db file ("or something similar"), the lawsuit alleges that Apple collects location information "covertly, surreptitiously and in violations of law".

To the plaintiffs, Apple's location-tracking information is both intrusive and dangerous. "Indeed, in many instances it may be information to which employers and spouses are not privy," the suit reads. "The accessibility of the unencrypted information collected by Apple places users at serious risk of privacy invasions, including stalking."

Ajjampur and Devito allege that any such tracking is, in their opinion, outside the law, saying that iOS 4device users "were personally tracked just as if by a tracking device for which a court-ordered warrant would ordinarily be required." They seek an injunction preventing Apple from collecting the information.

The suit also seeks damages plus attorney fees and costs, and requests a jury trial. Apple did not immediately respond to our request for comment.

FBI Raids Apartment of Alleged Kings Speech Uploader

The FBI has raided the Los Angeles apartment of a Screen Actors Guild member the bureau believes was first to upload the Oscar-winning movieThe King’s Speech as well as Black Swan, and other in-theater-only films to the Pirate Bay in January, according to interviews and sealed court records obtained by Wired.com.

The Tuesday raid of actor and clothing-shop owner Wes DeSoto’s apartment came months after the guild and the Academy of Motion Picture Arts and Sciences both lauded The King’s Speech with top-acting and top-picture awards.

The authorities are also investigating whether there is a link between DeSoto and the notorious Pirate Bay pre-release movie-uploading group TiMPE, according to a sealed FBI affidavit obtained by Wired.com. In the warrant request to search DeSoto’s apartment, FBI special agent Thomas Brenneis wrote Magistrate Suzanne H. Segal of Los Angeles that the bureau was seeking “records, documents, programs, applications or materials relating to ‘TiMPE’ and ‘thepiratebay.org.’”

DeSoto, who recently played a small role in CSI: Crime Scene Investigation, said in a telephone interview he has no affiliation with TiMPE, and declined further comment.

“I’m nobody in the online file sharing world. This investigation is excessive and a waste of tax dollars,” he said.

Federal prosecutors in Los Angeles declined comment. The FBI in Los Angeles was not immediately prepared to comment.

The bureau’s involvement in the case, according to the affidavit, commenced in February when Larry Hahn, the Motion Picture Association of America director of content protection, “advised” the FBI that five “feature motion pictures” were uploaded to the Pirate Bay days before.

“Each of these movies was high-quality, and believed to have been movie-screener versions provided to members of the Screen Actors Guild,” the FBI’s Brenneis wrote. “Each of the movies had been released for theatrical viewing in the previous three months, before having been uploaded to thepiratebay.org, but none of the movies had been sold or distributed publicly in the DVD or video-streaming formats.”

The MPAA declined comment.

Threat Level obtained the affidavit on condition that it not publish the 34-page document in its entirety.

DeSoto is suspected of using the Pirate Bay handle mf34inc to upload the films in late January. No charges have been filed.

The affidavit references the Family Entertainment and Copyright Act of 2005, which makes it a crime, punishable by up to three years in prison, for releasing a work online that is “being prepared for commercial distribution.”

The authorities pinpointed DeSoto as the alleged culprit, because the screeners he viewed contained unique watermarks. What’s more, the guild had snail-mailed traceable iTunes codes to its members, who could use the code to access the screener movies.

Because pre-release uploading is perceived as an artform on the Pirate Bay, some commenters on Pirate Bay began questioning the authenticity of Black Swan, saying it was a “fake,” the affidavit said.

But mf34inc commented back that “SAG now sends out iTunes download codes for screens,” and “I’m a SAG member and thought I’d share these,” according to the affidavit.

According to the affidavit, Paramount Pictures had inserted “specific identifying marks” for the screener The Fighter and discovered it linked to mf34inc on Pirate Bay, according to the affidavit. Other movies linked to that handle on Jan. 27 included 127 Hours, The King’s Speech, and Black Swan.

Deluxe Webwatch, a Paramount Pictures contractor, continued monitoring the Pirate Bay for additional uploads from mf34inc, according to the affidavit. The next day, Rabbit Hole was being uploaded, and Deluxe Webwatch captured the IP address of the seeder, according to the affidavit.

With a subpoena, the authorities demanded Time Warner Cable–Road Runner tell them who was the account-holder of the detected IP address, and the authorities obtained a warrant to search the premises. The agents seized a desktop computer from DeSoto’s apartment.

See Also:

• Watermarking Could Lead to ‘X-Men’ Uploader
• Pirate Bay Trial: The Hottest Ticket in Stockholm
• Pirate Bay Says It Can’t Be Sunk, Servers Scattered Worldwide
• Content Industry Applauds Pirate Bay Guilty Verdicts
• The Pirate Bay Guilty; Jail for File-Sharing Foursome
• On Witness Stand, Co-Founder Defiantly Defends Pirate Bay
• Prosecutor, Hollywood Demand Prison for Pirate Bay Crew

Son of AV tycoon rescued following 'stupid' kidnapping

The kidnapped son of Kaspersky Lab's CEO was freed over the weekend following blunders by his captors that led to the arrest of five people accused of abducting him and charging 3 million in ransom.

Russian authorities freed 20-year-old Ivan Kaspersky after storming the Moscow home where he was being held, The Moscow Times reported on Monday. Police learned his whereabouts by tracking the signal of a cellphone that called Kaspersky Lab boss and cofounder Eugene Kaspersky to make the ransom demand.

Police lured four of the suspects from the home by asking them to collect a down payment and then stopped them on the pretext of a routine document check, the paper said. The suspects were detained at the same time the police freed the younger Kaspersky, who was being held in the home's banya a traditional Russian bath.

Police officers working on the case were astonished with how stupid and audacious the kidnapping was, an official told Interfax.

The suspected ringleader was identified as Nikolai Savelyev, 61, who reportedly has a criminal record on unspecified charges. He was allegedly aided by his wife, Lyudmila Savelyeva, 64, a son who is also named Nikolai, and two of the son's friends.

Savelyev hatched the scheme in an attempt to pay off debts. Eugene Kaspersky's riches have been estimated by Fortune magazine at $800 million.

Kaspersky Lab confirms that an operation to free Ivan Kaspersky was carried out successfully by the Federal Security Service (FSB), the Criminal Investigation Department of the Moscow Police and Kaspersky Lab's own security personnel, the company said in a statement. Ivan is alive and well and is currently located at a safe location. No ransom was paid during the rescue operation.

Police deliberately spread false information about the kidnapping to journalists, explaining why there was conflicting information in many of the reports about whether the elder Kaspersky was working with police or had agreed to pay the demanded ransom.

Ivan Kaspersky was abducted on Tuesday in the northwest part of Moscow on his way to work.

Every year, an estimated 200 to 300 children of rich parents are kidnapped in Russia, ABC News reported.

WikiLeaks Releases Guantnamo Bay Prisoner Reports

Detainees walk around the exercise yard in Camp 4, the medium security facility within Camp Delta at Naval Station Guantnamo Bay, Cuba. Photo: Department of Defense

WikiLeaks on Sunday began publishing from a collection of 779 classified reports on current and former prisoners of America’s military prison in GuantnamoBay, Cuba.

WikiLeaks' graphic for its latest release of leaked military documents

The documents date from 2002 to 2008, and take the form of Secret-level memoranda sent from JTF-GTMO, the Joint Task Force at Guantnamo, to the U.S. Southern Command in Florida.

The Obama administration protested the partial publication of the documents by several news organizations Sunday. “These documents contain classified information about current and former GTMO detainees, and we strongly condemn the leaking of this sensitive information,” read an official statement published in the New York Times, one of the newspapers that reported from an advance copy of the documents.

TheWashington Post reports that the leaked files contains new details on the location and organization of al-Qaida’s leadership before and after the September 11 attacks.

“According to the documents, [Osama] bin Laden and his deputy escaped from Tora Bora in mid-December 2001,” the Post notes. “At the time, the al-Qaeda leader was apparently so strapped for cash that he borrowed $7,000 from one of his protectors a sum he paid back within a year.”

TheNew York Times reports that the “documents are largely silent about the use of the harsh interrogation tactics at Guantnamo including sleep deprivation, shackling in stress positions and prolonged exposure to cold temperatures that drew global condemnation.”

TheTimes — which has been out of favor with WikiLeaks since running aprofile of founder Julian Assange last October — reportedly acquired the secret-spilling website’s newest release indirectly through another source, and then passed it to the UK’s Guardian and NPR.

Bradley Manning (Facebook.com)

As with most of WikiLeaks’ high-profile U.S. leaks, the Guantnamorelease wasforeshadowedin online conversations held by suspected WikiLeaks source Pfc. Bradley Manning almost a year ago, first reported by Wired.com.

In his May, 2010 chats with ex-hacker Adrian Lamo, whoultimatelyturned him in, Manning said his leaks to WikiLeaks included something he called the Gitmo Papers and the JTF GTMO papers references to Guantnamo. He didnt specify the nature of the documents or the timing of the leak.

The charges against Manning in his pending court martial case include a theft allegation that Manning took an unspecified “United States Southern Command database containing more than 700 records belonging to the United States government.” That’s followed by an allegation that he leaked “more than three classified records from a United States Southern Command database” to a third party in violation of the Espionage Act.

Manning allegedly downloaded that database on March 8, 2010, which would place the leak sometime after 500,000 documents in the Afghan and Iraq war logs leak, and before the 250,000 diplomatic cables, according to the dates in the charging documents.

With its Guantnamo release, WikiLeaks may be reaching the bottom of the suspected Manning leaks. The only known, undistributed leak remaining is material on the notorious May 2009 U.S. air strike nearGarani village in Afghanistan: specifically a video of the attack — which WikiLeaks was provided, but may not have been able to decrypt — and internal U.S. reports on the incident.

Hacker cops to payment card fraud worth more than $36m

An American citizen has admitted to stealing data for more than 676,000 payment cards from databases he hacked into and netting more than $100,000 by selling them in underground bazaars online.

Rogelio Hackett, 26, of Lithonia, George, pleaded guilty to one count of access device fraud and one count of aggravated identity theft. He admitted a computer-hacking spree that started in the late 1990s and turned criminal in 2002, when he began carrying out SQL injection attacks on vulnerable websites that accepted credit cards to transact purchases. In 2007, he exploited the server of an unnamed online ticket seller and made off with data for some 360,000 cards, prosecutors said.

He sold the stolen data on websites and IRC channels frequented by fellow credit card fraudsters, charging $20 to $25 per account. According to court documents, he used his riches to buy luxury items, including a 2001 BMW X5 and a pair of Louis Vuitton shoes.

Hackett's undoing started in June 2009 when he sold 40 counterfeit cards for $1,180 to an undercover US Secret Service agent. A raid on his home uncovered the huge cache of stolen data, as well as equipment for making counterfeit cards. The stolen data was used to make more than $36 million worth of fraudulent transactions, prosecutors said.

Hackett faces a maximum of 10 years in prison and fines of at least $500,000. He also faces an additional mandatory two years in prison on the identity theft charge.

Google opens peephole on mystery data center practices

Google has released a video showing at least some of the security and data protection techniques used in its worldwide network of data centers.

The video plays like a souped-up advertisement for the search giant and its Google Apps suite of online business applications there are more than a few visual allusions to the Tom Cruise vehicle, Mission Impossible and Google has previously discussed its security practices in a Google Apps white paper (PDF). But the video does provide a small glimpse into the operation of the nearly 40 server facilities Google has erected over the past several years. It focuses on a Google data center in Moncks Corner, South Carolina, but also gives a nod to a new facility in Hamina, Finland.

In additional to protecting the grounds with around-the-clock security personnel, cameras, and fences, Google controls access to facilities, the video says, using badges encoded with a lenticular printing mechanism designed to prevent forgeries. Some facilities also use iris scanners and other biometric devices. Once employees are inside the facility, there's a second line of badge readers and in some cases biometric devices restricting access to the actual data center floor.

Only certain Google employees are allowed inside the data center, and as Google is fond of pointing out, all data is sharded and spread across myriad machines and facilities, so if an unauthorized person did gain access to a hard drive, the data could not be read by the human eye.

Nonetheless, when a hard drive fails or no longer exhibits prime performance and must be disposed of, Google uses multiple techniques to ensure that the data can't be read at all. It overwrites the data, and then it uses a complete disk read to verify that all data has been removed. When disk reaches the end of its life, Google will then destroy it. This involves pushing a steel piston through the center of the drive and then shredding it into relatively small pieces. The remains of the drives are then sent to recycling centers.

The Crusher: Google gives hard drives the piston treatment

The video also alludes to Google's ability to shift data access to a new data center in the event of fire or other major failure. The company says that this process is "seamless" and "automatic", but no details are provided. This is apparently a reference to a Google-designed platform known as Spanner, which was described in a public presentation by Google fellow Jeff Dean in 2009.

Google still won't confirm the use of Spanner, but a company spokeswoman did tell us that data access shifts across "almost all" of its data centers.

According to a PowerPoint file that accompanied Dean's presentation, Spanner handles automated allocation of resources across Googles "entire fleet of machines, moving and replicating loads between its megadata centers based on "constraints and usage patterns. This includes constraints related to bandwidth, packet loss, power, resources, and failure modes.

Earlier that year, Google senior manager of engineering and architecture Vijay Gill appeared to describe Spanner when discussing a Google data center that had been built without chillers. "Sometimes theres a temperature excursion," Gill said, "and you might want to do a quick load-shedding a quick load-shedding to prevent a temperature excursion because, hey, you have a data center with no chillers. You want to move some load off. You want to cut some CPUs and some of the processes in RAM.

He indicated Google could do this automatically and near-instantly, meaning without human intervention. How do you manage the system and optimize it on a global level? That is the interesting part, he said. What weve got here [with Google] is massive like hundreds of thousands of variable linear programming problems that need to run in quasireal-time. When the temperature starts to excurse in a data center, you dont have the luxury to sitting around for a half an hour You have on the order of seconds.

Apparently, this chillerless data center is the one Google's operates in Saint-Ghislain, Belgium.

Dean describes Spanner as a single global namespace, and names are completely independent of the location of the data. The design is similar to BigTable, Googles distributed database platform, but it organizes data in hierarchical directories rather than rows. Dean also indicates that Google splits its distributed infrastructure into various subsections that provide redundancy by operating independently of each other. The aim, he said, is to provide access to data in less than 50 milliseconds, 99 per cent of the time.

In the video released today, Google goes on to say that its facilities are closely monitored not only with traditional video cameras, but also with video-analytics software designed to automatically detect anomalies in the video feeds. Some facilities are also equipped with thermal imaging cameras that work to detect intruders.

For years, Google provided no information about the operation of data centers. But in the spring of 2009, it released a video that showed the inside of its first "containerized" data center, and just before this, it held a small event where it detailed at least some of its custom server and data-center designs. On Friday, when we asked Google about Spanner and the Linux distro used in its data center, it declined to provide specifics.