SumLinks - Cyberattacks, censorship, espionage, and more

Bahraini human rights activist Nabeel Rajab was sentenced to an additional five years in prison for tweets.

An Inside Look At The Accounts Twitter Has Censored In Countries Around The World

Cyberattacks increasing against civil society in Azerbaijan ahead of election

Worst Innovation Mercantilism Policies of 2017

Internet Governance Forum 2017 was one of the first times that "various organizations and professionals came together to address the links and gaps between the internet governance and media development communities. Synopsis from the Global Forum for Media Development.

The size of your app matters. Just ask Ethiopians.

Pakistanis are speaking out against internet shutdowns.

Zimbabwe: Omnibus Cyber Bill muddies Fundamental rights

Read more at: http://www.africafex.org/access-to-information/zimbabwe-omnibus-cyber-bill-muddies-fundamental-rights

Zimbabwe: Omnibus Cyber Bill muddies Fundamental rights

Read more at: http://www.africafex.org/access-to-information/zimbabwe-omnibus-cyber-bill-muddies-fundamental-rights

 Cyber bill threatens fundamental rights in Zimbabwe

Laughing in the face of internet shutdowns in Bangladesh

Zimbabwe: Omnibus Cyber Bill muddies Fundamental rights

Read more at: http://www.africafex.org/access-to-information/zimbabwe-omnibus-cyber-bill-muddies-fundamental-rights

New bill threatens internet freedom in Honduras.

EFF and Lookout Uncover New Malware Espionage Campaign in Chat Apps Infecting Thousands Around the World

Research

Dependent Yet Disenfranchised: The Policy Void That Threatens the Rights of Mobile Users in Arab States
Amazon Go’s ambient processing of special category data (eg ethnicity) to create “checkout free shopping” might cause problems if moved to Europe under the GDPR given the inability to freely consent.

Mapping Digital Freedom in Palestine

The Importance of Privacy by Design and Data Protection Impact Assessments in Strengthening Protection of Children's Personal Data Under the GDPR

The State of Privacy in Lebanon

Every picture tells a story

On 27 January 1888, the National Geographic Society was founded. While the society is one of the largest non- profit scientific and educational institutions in the world, the public face of the organization is its iconic magazine, which was the first to use photographs to tell stories.

In the age of Instagram, it might be difficult to by grasp just how revolutionizing it was for a magazine to use photos as stories, especially a scientific journal like National Geographic. The magazine brought the world to people before the existence of commercial air travel, color photography, and radio. People then had seen the invention of electricity, cars, and telephones; we tend to exaggerate the technological advancement of the present day. Their technology must have seemed like witchcraft to them! What is Instagram but a glorified photo album that uses electricity and radio waves to work?

Now, we use images to tell our personal stories to the entirety of the world in an instant. One thing the people at the turn of the last century didn't have to worry about is malware. But you do. It could be hiding in the images you see on the internet. Through what is known as steganography, crooks have used JavaScript code hidden in pixels in images. Thus far, security researchers have discovered the technique used in banner advertising. Can other images be far behind?

Mere speculation, of course, but you can take steps to protect yourself now. Don't click suspicious links. Back up your data on a separate device that you keep unplugged and stored away. Use SumRando VPN when you are on public Wi-Fi to protect online access points. Never click a pop-up window that claims you have malware - always use a keyboard command or taskbar to close those types of windows.

By the way, Natgeo, as it's known these days, is the #1 brand on social media in the United States year after year. And why not? They've been storytelling through photography for 130 years. Happy birthday, @natgeo!

Cyber-exposed Thailand Prepares New Security Measures

It's no secret that Thailand lacks sufficient cyber infrastructure.  Rated third among the 10 worst countries for internet safety by UK security firm Sophos, Thailand experiences significant exposure to malware attacks.  Around 20.8% of PCs experience malware attacks in a span of three months.  To put that figure in perspective, the safest countries (Norway, Sweden, and Japan) range from 2.6 to 1.8%, and the most dangerous country (Indonesia) is only a little higher than Thailand at 23.5%.  Research has shown the country is additionally susceptible to ATM-related and government cyber attacks. (Needless to say, Thailand is somewhere you would want to use a VPN.)

Surangkana Wayuparb, Director of Thailand's
Electronic Transactions Development Agency

Thailand made headlines this week when Surangkana Wayuparb, the country's Director of Electronic Transactions Development Agency, addressed the Regional Asia Information Security Exchange Forum in Bangkok.  Bangkok Post reports that Surangkana told those in attendance, "All these world records reflect that Thailand urgently needs to set up a national computer emergency response team (Cert) as a command centre to manage and collaborate on national cybersecurity threats and cyberwarfare... Cyberattacks pose a serious challenge to people at all levels, from end-users to enterprises and government agencies."

According the Bangkok Post:

“Surangkana said information security threats were no longer only technical dangers. They can have a major effect on the country's economy and national physical security. "Cyberattacks pose a serious challenge to people at all levels, from end-users to enterprises and government agencies,” Surangkana said… The ETDA [will] propose a national Cert to the junta. If approved, the ETDA expects a centre will be created by year-end. The creation of a national Cert is expected to upgrade the ETDA's existing computer emergency response team to a full national command centre, she said.”

Read more about Thailand's cybersecurity plans at Bangkok Post.

Proxy service infects users

Here’s a fun fact: Not all cybersecurity services are equal.  Some might offer great monthly rates, but terrible bandwidth. Others might seem fast, but cost an arm and a leg. Still others might infect you with malware and turn your computer into a digital zombie.

That’s exactly what happened to hundreds of thousands of users subscribed to the Russian proxy service ProxyBox.

For the uninitiated, proxy services, like VPNs, allow users to connect to the internet through servers that assign a new IP address and location to the user. Unlike VPNs, proxy servers hardly encrypt anything and operate on speeds comparable to the United States Postal Service.

Anyhow, this particular site charged users $40/month for access to an extensive list of proxy servers all over the world. Not a bad deal for access to thousands of servers. The catch, though, is your computer is immediately enlisted in a botnet army using a Trojan called Backdoor.Proxybox.

As security company Symantec investigated the malware, researchers discovered it was also tied to three other websites, but all linked to one user.

The advertisements by this user provide a link between four dubious websites, all authored by the same individual: an entrepreneurial Russian hacker. These websites all revolve around proxies and malware distribution. One website provides proxy access (proxybox.name), another provides VPN services (vpnlab.ru), one provides private antivirus scanning (avcheck.ru), and one provides proxy testing services (whoer.net). These four sites are also connected by static cross-linking advertisements. The author of these websites provides the same ICQ support number to the users of the Web services. Several of these websites offer services for money and the payment gateways used are always the same: WebMoney, Liberty Reserve, and RoboKassa. 

We started to look into the payment accounts associated with these websites, and found out that they were tied to an individual with a Ukrainian name living in Russia. The additional details associated with this WebMoney account are undisclosed as we work with law enforcement in countries associated with the command-and-control servers.

Hack a Mac for $60

That's right folks, the malware scene is getting hostile for Mac users. French anti-virus firm Integro reported the existence of a $60 piece of malware that targets Macs. To put that in perspective, another popular piece of Mac Malware called OSX/Crisis sells for about $200,000.

Many experts are pointing to the shockingly low price of the malware, called OSX/NetWeirdRC, as evidence that OS X specific threats are growing. On the other hand NetWeirdRC has also been found to have a programming bug that renders the software basically useless without modification.

"It would seem that you get what you pay for, even in the malware world."

But regardless of how dangerous or popular the malware is, the fact remains that cheap, commercially available malware is spreading and with it will come a rise in Mac-targeted attacks.

You can check out the full scoop on Integro's website.

Security Experts bring down 3rd Largest Botnet

There you are, in Naboo’s capital city, hopelessly outnumbered and surrounded by battle droids. All hope seems lost. But then, abruptly, the droids stop moving. Resistance forces have destroyed the control ship guiding the droid army’s movements – rendering the battle droids disabled. The planet is finally at peace.

Yeah, that pretty much happened yesterday.

Security experts at FireEye brought down the massive Grum botnet yesterday. Responsible for about 18 billion spam messages per day, world spam levels are expected to drop by about 18% in the wake of the shutdown.

Grum operated primarily out of servers in Panama and the Netherlands. But when those main servers were shut down on Tuesday, the “bot herders” immediately set up new servers in Russia and the Ukraine. FireEye immediately began working with Russian and Ukrainian ISPs and successfully brought down the new servers as well.

Experts at FireEye say that restarting the botnet won’t be as simple as building new servers.

"It's not about creating a new server. They'd have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again," Atif Mushtaq, a computer security specialist at FireEye, told the Times. "They'd have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server." [NY Times]

Malware runs on OS X, Linux and Windows

Researchers at F-Secure discovered a backdoor-exploit program that can run on OS X, Windows, and Linux.

Always check certificates!

According to the F-Secure blog, the malware was found on a compromised Colombian transport company’s website. Visitors to the site would be prompted with a Java applet using a self-signed certificate. Fortunately, a warning appears on all platforms notifying users that the certificate is not from an official agency. Unfortunately, since most people have no idea what a certificate is, it matters very little.

After the user runs the applet, the program sniffs out the operating system and then downloads the appropriate content. For Mac users, the malware is written for PowerPC based Macs and won’t run on anything using an Intel processor, so unless you’re rocking a retro-mac or Rosetta, you’re probably safe.

This malware figures out which OS you're running,
then executes the proper code.

Overall, this malware is a pretty low threat, but does serve as a great reminder to always check certificates and never assume that just because you’re running Linux or OS X that you’re safe.

Update (7/13): Reports are out describing a new variant of this virus that can run on OS X Snow Leopard and Lion, even if Rosetta is not used -- so watch out!

The Coolest Malware of All Time

For the last couple of weeks, businesses around the world have reported their printers have been spewing out countless sheets of paper with only garbage characters printed on them. Turns out, a little virus called Trojan Milicenso was to blame.

According to Symantec, the virus was designed primarily as a delivery method for other malware--typically adware, but, because of a coding fluke, has caused some infected computers to go bonkers on the printer. Admittedly, it's a kind of cool little quirk. 

And this got me thinking. What are the coolest pieces of malware of all time? I know, I know, when you're the one with the infected computer, it's never "cool" to have malware. But, from an outside perspective, you've got to admire the ingenuity behind some of this software, as damaging as it can be. So without further ado, here is The Coolest Malware of all Time:

The Creeper

The granddaddy of all malware, Creeper was the worm that started it all. Written and deployed in 1971 by an engineer named Bob Thomas, Creeper was released on Arpanet – the precursor to the internet. In total fairness, Creeper is not technically malware since it was never designed to actually do any kind of harm – it was merely an experiment in mobile programs. That said, it is the program all other viruses, worms, and Trojans are based off of, so it’s definitely worth noting.

The Creeper was named after a
Scooby Doo villain

The worm infected DEC PDP-10 minicomputers and caused them to display the message, “I’m the creeper, catch me if you can!” Appropriately, a program called “Reaper” was written and deployed to wipe out Creeper.

NIMDA

NIMDA (admin read backwards) was the fastest spreading computer malware ever. And when we say fast, we mean fast. Within 22 minutes of hitting the internet, NIMDA hit the top of the list of reported attacks, becoming the world’s most widespread worm.

The brilliance behind NIMDA was the ways it propagated. Where most malware spread through only one avenue, NIMDA took a multi-pronged approach, spreading through email, shared files, Microsoft IIS security holes, and file transfers. Furthermore, NIMDA would infect thousands of files on each system and even re-infect files already carrying the worm several times over, making it very difficult to get rid of.

NIMDA’s ultimate goal was to create a backdoor for the malware’s author to access the infected computer. However, the real damage was felt in networks being brought to a standstill and entire servers crashing from the heavy traffic load. NIMDA essentially became a mobile Distributed Denial of Service attack.

Commwarrior-A

Commwarrior-A was the first actually relevant virus for mobile devices. Where previous pieces of malware could only spread via Bluetooth (you had to be near another phone to infect it), Commwarrior-A was capable of spreading among Samsung Symbian Series 60 phones through the Mobile Messaging System (MMS). In this way, Commwarrior-A acted a lot like traditional computer viruses that were frequently transmitted in emails. In the end, Commwarrior-A only infected about 50 cell phones and because it didn’t carry a payload, it’s largely believed it was a proof-of-concept, setting the stage for future mobile malware.

ILOVEYOU

Often referred to as “Love Letter”. ILOVEYOU originated on May 5, 2000 in the Philippines and would ultimately spread to tens of millions of computers worldwide through a blank email with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt."

I never knew you felt this way!

Once the probably lonely message receiver opened the attachment, ILOVEYOU would install and begin writing over image files on the infected computer with copies of itself. The worm would then propagate by sending the original email message to the first 50 contacts in Microsoft Outlook’s Address Book.

Entire governments had to shutdown their email systems and billions were spent in response to the damage ILOVEYOU caused. (Most of the money was spent trying to recover overwritten files.)

Stuxnet

If you haven’t heard about this, you’ve been living under a rock. Stuxnet was the U.S.-Israel project codenamed “Olympic Games” designed to take out Iran’s uranium enrichment facilities.

Iran’s uranium enrichment facilities – specifically the Natanz facility – consist of large underground centrifuges operated by control systems. If a control system could be compromised, a virus could damage the centrifuge. This is exactly what Stuxnet did.

Centrifuges at the Natanz Uranium Enrichment Facility

The malware was injected originally by a combination of spies and “unwitting accomplices” through a thumb-drive and would subsequently spread through windows networks and into Siemens industrial software. Once installed, Stuxnet would quietly record what normal enrichment activity looked like, send centrifuges spinning out of control and send back false reports of normal operation. Consequences? The damage caused by Stuxnet forced the head of Iran's Atomic Energy Organization, Gholam Reza Aghazadeh, to resign and it’s estimated that the program successfully destroyed about 1,000 of the 6,000 centrifuges.