Anyone remember the second defendant?
Marcus Hutchins (aka "WannaCry hero" MalwareTech) is about to face his August 24th court date, and things aren't looking as optimistic as they were this time last week.
For starters, it was reported Monday that the UK's GCHQ knew Hutchins would be 'walking into a trap' and FBI's sting.
"Our US partners aren't impressed that some people who they believe to have cases against [them] for computer-related offences have managed to avoid extradition. Hutchins's arrest freed the British government and intelligence agencies from yet another headache of an extradition battle," an unspecified source told International Business Times.
As you may remember, he pleaded "not guilty" to six counts of felony charges on a grand jury indictment accusing him of creating and maintaining the Kronos banking trojan malware.
He was freed on bail after the hearing and some researchers saw it as a sign of the Feds changing their tune about Hutchins.
Also Monday (yesterday) the court granted a Protective Order clamping down on discovery, binding his legal team to conditions of not being able to share any evidence from discovery, and mandating that his defense team return to the US government or destroy any discovery evidence. In my opinion -- though I've only personally experienced one federal case, and reported on a few -- I believe it means that the court believes the US government has a strong case.
Real imitation news
Last week the NYT published what its staff touted as a political cyber-bombshell, a "Ukrainian hacker who wrote program used to hack DNC turned himself in to Ukrainian police; now working with FBI." The article seemed too good to be true -- and it looks like it was. The piece was quickly shredded by not one, but multiple prominent (and a few respected) members of the infosec community.
Robert M. Lee is among those (of many) who broke it down saying , "Where did they get this assertion that P.A.S. was used in the DNC breach? By tying the GRIZZLYSTEPPE report (which does note that P.A.S. has been used by Russian security service members before) to the DNC breach." saying "i had to stop reading that article after they interviewed carr. i wish there was an authoritative list for media of known fakes/charlatans."
The article has not been updated, noted, or corrected.
Say what you will about Kaspersky, but they're never going to get a break in the press. "Current and former senior U.S. officials familiar with the matter" apparently told CyberScoop this week that the FBI is pressuring the private sector to cut its enterprise software ties with Kaspersky. Which is, of course, easier said than done since defense purchasing is done on budget and schedule, and phasing out something like Kaspersky (the product) is going to be a long and extremely expensive haul for any organization.
CyberScoop adds, "The FBI’s counterintelligence section has been giving briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems."
So 1337 he hacked your mom's email account
One of the men sought for the giant 2014 Yahoo email hack agreed Friday to forgo his extradition hearing and go face the charges in the United States.
Karim Baratov [who has dual Canadian-Kazakh citizenship, goes by at least two other names according to the FBI] was arrested in Hamilton, Ontario, in March under the Extradition Act after U.S. authorities indicted him and three others, including two alleged officers of Russia's Federal Security Service. They are accused of computer hacking, economic espionage and other crimes.
The 22-year-old previously bragged on Instagram about his young, sudden wealth, showing himself fanning out handfuls of $100 bills and described himself as "well off in high school to be able to afford driving a BMW 7 series and pay off a mortgage on my first house." According to CBC, "He claimed in postings on the social media site Ask.fm that he made his "first million" when he was 15, working on "online services.""
Krebs thought it was all about him, too
Last October the internet had its biggest hiccup to date when a whole bunch of major websites were maliciously knocked offline: The attack was done via the Mirai botnet.
Harnessing the weak security of internet-connected devices, like DVRs and cameras; The bot-herders knocked out a range of sites including Amazon, Netflix, The New York Times, Reddit, Twitter, Spotify, Playstation, Airbnb, Heroku, Vox, The Boston Globe, PayPal, and many others. Hilariously, Wikileaks was sure Mirai was a gift from their supporters.
New research presented at Usenix thinks the Mirai gang may have just been trying to go after PlayStation networks. The Verge explained:
The new report comes from a team of researchers at Google, Cloudflare, Merit Networks, Akamai, and a range of university partners, drawing on data from some of the largest infrastructure networks on the web. Looking at the October attack on DNS provider Dyn, researchers noticed something unusual.
All the IP addresses targeted by the attack were nameservers for the PlayStation Network, used by Dyn to connect visitors to the correct IP address. Because of the networked nature of Dyn’s domain registration system, attacking those servers meant attacking the whole system — and when it went down, it brought down access to dozens of other services with it.
As bad a real mining
Attackers have snatched $500K as Enigma was compromised weeks before its ICO: TechCrunch writes that "Enigma, a de-centralized platform that’s preparing to raise money via a crypto token sale, had its website and a number of social accounts compromised with the perpetrators netting nearly $500,000 in digital coin by sending out spam."
But, they add: "Enigma, which was started by a group of MIT graduates, did not lose any money from the attack. Whoever orchestrated it grabbed money from the Enigma community, people who joined the company’s mailing list or Slack group of over 9,000 users to learn more about its ICO in September." There was some social engineering involved, as the thief apparently "posted Slack messages, altered the website and spoofed emails to a community list which were made to look official and urged money to be sent to their crypto wallet."
Totally super sneaky
File this one under "wishful thinking" (or dad stop being embarrassing ). Lieutenant-general Vincent Stewart of the US Defense Intelligence Agency had strong fantasy imaginings in his words at the Department of Defense Intelligence Information System Worldwide Conference. Stewart thinks they're gonna start grabbing malware and ransomworms as they come in and hurl them right back at the bad guys, just like how superdudes in the movies pick up a live grenade and throw them right back at ... whoever threw it.
Once we’ve isolated malware, I want to reengineer it and prep to use it against the same adversary who sought to use against us. We must disrupt to exist.
This is what was being said while the agency did their demo using the Norse pew-pew map, which we all groaned about last week. Yay, our government.
The better for Facebook to phish you with
The $100K "Internet Defense Prize" (from, who else would make such an arrogant name, Facebook) was awarded to researchers at UC Berkeley. They came up with a new, automated way to correctly spot spear phishing on monitored networks. They got an average of 17 out of 19 correct with a system called DAS (Directed Anomaly Scoring) that finds unusual patterns in email:
They trained DAS by having it analyze 370 million emails from one single large enterprise with thousands of employees, sent between March 2013 and January 2017.
Researchers configured DAS to use a series of factors for evaluating newly received emails. These included a sender domain reputation score and sender reputation score, but also analyzed SMTP, NIDS, and LDAP logs, looking at logins from new IPs, total logins per employee, inactivity periods, and others.
By looking at this factors, DAS was able to detect spoofed addresses, spoofed sender names, but also lateral attacks from the compromised accounts of fellow co-workers.
- How Hackers Used a Fish Tank To Steal Casino Data (Casino.org)
- If I was going to SXSW next year, I'd vote for and make sure I attended Ceci N'est Pas un Hacker: Modern Hacking Examined. The gentlemen presenting it are legit.
- In fight for free speech, researchers test anti-censorship tool built into the internet's core (CBC)
- Trump Elevates Cyber Command (Foreign Policy)
- "This is the code in Kronos which is lifted from MalwareTech's GitHub repository." --@gossithedog
- Court rejects LinkedIn claim that unauthorized scraping is hacking (Ars Technica)
- I exposed the fact that it took the death of a white girl for Google, YouTube, Twitter, Sendgrid, Zoho, Cloudflare, PayPal, Apple Pay, Discord, Reddit, Spotify and Facebook to (sorta) deal with (some) Nazis and Daily Stormer.
Thank you for reading; I appreciate the gift of your time and attention. And if you also show your support by being a patron, you are literally making this post and everything it means possible -- you are making a writer be seen. My gratitude is real.