The Great .ORG Heist: Internet Registry is Snatched Up By Private Equity Firm Ethos Capital for $1.1bn, Provoking Uproar

The Great .ORG Heist: Internet Registry is Snatched Up By Private Equity Firm Ethos Capital for $1.1bn, Provoking Uproar

see also the previous article:

The old dream of an internet run in the public interest has long dissipated under pressure from huge corporations seeking to profit from what has become a worldwide information utility.

But one corner of the web seemed to maintain its character as a preserve for public service — the .org domain, which since its creation has been reserved for nonprofit organizations and has become something of a badge of honor of noncommercial activity.

The world’s first web page, in 1992. Things have changed since then.
(Fabrice Coffrini / AFP/Getty Images)

That’s why many in the nonprofit world were startled by the announcement on Nov. 13 that the .org registry had been sold to a private equity firm, Ethos Capital. The seller was the Internet Society, a nonprofit that plays an important role in creating and maintaining internet engineering standards, but has been mostly the guardian of the .org domain. The price, as was revealed more than two weeks later, was a stunning $1.135 billion.

A private equity firm has an incentive to sell censorship as a service.

Mitch Stoltz, Electronic Frontier Foundation

In the original announcement, Internet Society Chief Executive Andrew Sullivan called the sale “an important and exciting development” and described Ethos as “a strong strategic partner that understands the intricacies of the domain industry.”

Others are not so sure. Ethos didn’t even exist until earlier this year, and currently appears to have only two employees, including Erik Brooks, its founder.

Brooks listed his investment principles for me as “intellectual honesty, humility and respect and believing that prosperity can be built together.” But a week after the sale announcement, it emerged that the financial backers of Ethos included several firms with more conventional investment approaches, including funds associated with the families of H. Ross Perot, Mitt Romney and the Johnsons, owners of Fidelity Investments.

Brooks says Ethos is committed to running the .org registry in accordance with principles followed by the Internet Society, but hasn’t made that commitment in writing.

At stake are internet addresses ending in “.org” used by some 10 million organizations. The .org designation, or domain, is one of the oldest on the internet, along with .com (for commercial businesses), .edu (educational institutions), .gov (government agencies) and a handful of others.

It’s traditionally reserved for nonprofit organizations devoted to the public interest, such as the Red Cross, the Girl Scouts, and the United Way.

Not every dot-org meets the public service standard, since applicants aren’t screened. Websites for political fronts, such as the Koch network’s Americans for Prosperity, carry the .org label. So do sites for neo-Nazi hate groups.

But for the most part, organizations genuinely aimed at doing good tend to choose .org addresses. And, for that matter, so do Democratic and Republican party websites.

The domain holds a special place in the hearts of internet users; environmentalist and internet activist Jacob Malthouse calls .org a “digital Yosemite,” evoking the reverence naturalists such as John Muir felt for the real thing.

During a recent online discussion on the sale, Jon Nevett, chief executive of the Public Interest Registry, or PIR, the Internet Society unit that manages .org and is the entity being sold to Ethos, called it “the crown jewel of the domain name system, full stop.”

The sale, which is expected to close in the first quarter of next year, could be derailed only by two entities. One is the Internet Corp. for Assigned Names and Numbers, or ICANN, the web’s Playa Vista-based governing body, which could rule on the transfer any day now. The other is Pennsylvania Orphans Court, which has jurisdiction because PIR is a nonprofit incorporated in that state.

In the meantime, the deal has drawn brickbats from several internet luminaries.

They include Tim Berners-Lee, the inventor of the World Wide Web, who tweeted that “it would be a travesty” if the .org domain were no longer operated in the public interest. Also weighing in was Esther Dyson, the founding chairwoman of ICANN, who tweeted that she was “appalled” at what she called “the great .ORG heist.”

The parties involved in the sale have tried to tamp down the controversy, without notable success. On Nov. 29, Sullivan and Gonzalo Camarillo, the Internet Society chairman, held a conference call with users to defend the deal.

That was followed by a web discussion on Dec. 5 hosted by NTEN, an advocacy group for nonprofits, at which Sullivan was joined by Brooks and Nevett.

Brooks said he was committed to operating PIR in the dot-org community’s interest but was vague about the “mechanism” that would be established to do so. He said Ethos would not be making its financial data public, unlike the Internet Society, which issues an annual financial disclosure.

The dot-org community has two main concerns about the sale. One is that Ethos will jack up the registration fee for .org websites, which is currently about $10 per year and has been subject to a traditional limit on increases of 10% a year.

More important may be Ethos’ ability to facilitate more censorship of .org websites by allowing third parties more latitude to object to content on those sites and prompt their shutdown.

“The .org registry is a point of control on the internet,” says Mitch Stoltz, an attorney at the Electronic Frontier Foundation, which has launched a campaign protesting the deal. “A private equity firm has an incentive to sell censorship as a service.”

Already, registrars of other domains have cut agreements with corporate players, such as the Motion Picture Assn. of America, giving them the authority to order shutdowns of sites they claim are infringing on copyrights without affording site owners the opportunity to appeal.

Academic publishers such as Elsevier have won court rulings aimed at shutting down Sci-Hub, a web service that offers free access to copyrighted scientific research — but it’s up to registries to decide whether to comply with the court orders. And repressive governments such as Turkey and Saudi Arabia have worked through internet intermediaries to censor information on the web.

As the owner of the .org domain, Stoltz observes, Ethos could “enforce any limitations on nonprofits’ speech.” Since many nonprofit organizations “are engaged in speech that seeks to hold governments and industry to account, those powerful interests have every incentive to buy the cooperation of a well-placed intermediary, including an Ethos-owned PIR.”

Brooks said during the NTEN forum that Ethos would take steps to ensure that “.org is a domain that’s open and free and not curated or censored in any way, shape or form.” But he stopped short of agreeing to a legally binding undertaking.

Adding to misgivings about the sale is its chronology. Talks between Ethos and the Internet Society began only weeks after June 30, when ICANN removed price restrictions on the .org domain and made it easier for PIR to take down sites that were the subject of third-party complaints about content.

Brooks says the end of the price caps had nothing to do with the sale, which he would have pursued anyway. But the deal’s critics point out that nonprofits with .org addresses are a “captive audience” for the domain’s owner. Once an organization has begun operating as a dot-org, changing to a different domain would be horrifically costly. Followers would have to be notified of the internet name change, email addresses reconfigured, and so on.

That would give Ethos considerable latitude to raise prices, notwithstanding Brooks’ promise to limit increases to 10% a year.

Sullivan and Camarillo said in their conference call that they had not been planning to put PIR up for sale, but Ethos’ bid was so large “we couldn’t just say no without considering” it.

Since the announcement, Ethos and the Internet Society have been stingy with details of the deal and its goals. Only on Nov. 20 — a week after the sale was announced — did Sullivan reveal, in an email to insiders, that the financial backers of Ethos included Perot Holdings, which is the investment arm of the late Ross Perot’s family; FMR LLC, which owns Fidelity Investments and is privately controlled by the Johnson family of Boston; and Solamere Capital, which was co-founded by Tagg Romney, son of Mitt Romney (who was himself a Solamere partner until he joined the U.S. Senate this year).

One open question is what Ethos expects to gain from its purchase. Domain registries such as PIR are responsible chiefly for maintaining a database of registrations and collecting annual fees. That makes the job “pretty much a license to print money,” Stoltz says.

Will Ethos and its private financial backers be satisfied with running a demure internet registry in the public interest, as opposed to squeezing their $1.135-billion investment for every penny?

Brooks told me by email that he expects PIR to invest in “growth initiatives” to “provide Ethos with a good return on its investment.” Yet there doesn’t seem to be much scope for turbocharging demand for the .org domain, which largely sells itself. That means the opportunity for generating more revenue could hinge on raising the annual fee, unless the firm has other new ideas.

As for the Internet Society, its interest seemed to be stabilizing its finances by replacing the revenue from .org fees — which reached $44.4 million last year, about 85% of its total revenue — with income from a professionally managed $1.135-billion endowment. “Responsibly invested and managed,” Sullivan told listeners on the Nov. 29 conference call, the society could replicate its annual take from .org fees “in perpetuity.”

Sullivan’s words point to what may really be roiling the dot-org community about the deal. That’s the transformation of what was one of the last vestiges of the web’s image as a public utility managed informally in the public interest, immune from commercial or government control, into just another asset to be monetized.

During the conference call and in other forums, Sullivan and Camarillo talked about the need to “diversify” the Internet Society’s revenue stream rather than relying for revenue on “one company in one industry,” which made them sound a bit like the CEO of a washing machine company pondering whether to branch out into refrigerators and cooktops.

Commerce has infiltrated virtually every corner of the web except, up to now, the nonprofit corner represented by dot-orgs. The implication of the .org sale is that no piece of the internet is, in fact, immune from the world of getting and spending — everything is for sale, the public interest be damned.





What is a brain-computer interface? Everything you need to know about BCIs, neural interfaces and the future of mind-reading computers

What is a brain-computer interface? Everything you need to know about BCIs, neural interfaces and the future of mind-reading computers

Systems that allow humans to control or communicate with technology using only the electrical signals in the brains or muscles are fast becoming mainstream. Here’s what you need to know.

What is a brain-computer interface? It can’t be what it sounds like, surely?
Yep, brain-computer interfaces (BCIs) are precisely what they sound like — systems that connect up the human brain to external technology.

It all sounds a bit sci-fi. Brain-computer interfaces aren’t really something that people are using now, are they?
People are indeed using BCIs today — all around you. At their most simple, a brain-computer interface can be used as a neuroprosthesis — that is, a piece of hardware that can replace or augment nerves that aren’t working properly. The most commonly used neuroprostheses are cochlear implants, which help people with parts of their ear’s internal anatomy to hear. Neuroprostheses to help replace damaged optic nerve function are less common, but a number of companies are developing them, and we’re likely to see widespread uptake of such devices in the coming years.

So why are brain-computer interfaces described as mind-reading technology?
That’s where this technology is heading. There are systems, currently being piloted, that can translate your brain activity — the electrical impulses — into signals that software can understand. That means your brain activity can be measured; real-life mind-reading. Or you can use your brain activity to control a remote device.

When we think, thoughts are transmitted within our brain and down into our body as a series of electrical impulses. Picking up such signals is nothing new: doctors already monitor the electrical activity in the brain using EEG (electroencephalography) and in the muscles using EMG (electromyography) as a way of detecting nerve problems. In medicine, EEG and EMG are used to find diseases and other nerve problems by looking for too much, too little or unexpected electrical activity in a patient’s nerves.

Now, however, researchers and companies are looking at whether those electrical impulses could be decoded to give an insight into a person’s thoughts.

Can BCIs read minds? Would they be able to tell what I’m thinking right now?
At present, no. BCIs can’t read your thoughts precisely enough to know what your thoughts are at any given moment. Currently, they’re more about picking up emotional states or which movements you intend to make. A BCI could pick up when someone is thinking ‘yes’ or ‘no’, but detecting more specific thoughts, like knowing you fancy a cheese sandwich right now or that your boss has been really annoying you, are beyond the scope of most brain-computer interfaces.

OK, so give me an example of how BCIs are used.
A lot of interest in BCIs is from medicine. BCIs could potentially offer a way for people with nerve damage to recover lost function. For example, in some spinal injuries, the electrical connection between the brain and the muscles in the limbs has been broken, leaving people unable to move their arms or legs. BCIs could potentially help in such injuries by either passing the electrical signals onto the muscles, bypassing the broken connection and allowing people to move again, or help patients use their thoughts to control robotics or prosthetic limbs that could make movements for them.

They could also help people with conditions such as locked-in syndrome, who can’t speak or move but don’t have any cognitive problems, to make their wants and needs known.

What about the military and BCIs?
Like many new technologies, BCIs have attracted interest from the military, and US military emerging technology agency DARPA is investing tens of millions of dollars in developing a brain-computer interface for use by soldiers.

More broadly, it’s easy to see the appeal of BCIs for the military: soldiers in the field could patch in teams back at HQ for extra intelligence, for example, and communicate with each other without making a sound. Equally, there are darker uses that the army could put BCIs too — like interrogation and espionage.

What about Facebook and BCIs?  
Facebook has been championing the use of BCIs and recently purchased a BCI company, CTRL-labs, for a reported $1bnFacebook is looking at BCIs from two different perspectives. It’s working with researchers to translate thoughts to speech, and its CTRL-labs acquisition could help interpret what movements someone wants to make from their brain signals alone. The common thread between the two is developing the next hardware interface.

Facebook is already preparing for the way we interface with our devices to change. In the same way we’ve moved from keyboard to mouse to touchscreen and most recently to voice as a way of controlling technology around us, Facebook is betting that the next big interface will be our thoughts. Rather than type your next status update, you could think it; rather than touch a screen to toggle between windows, you could simply move your hands in the air.

I’m not sure I’m willing to have a chip put in my brain just to type a status update.
You may not need to: not all BCI systems require a direct interface to read your brain activity.

There are currently two approaches to BCIs: invasive and non-invasive. Invasive systems have hardware that’s in contact with the brain; non-invasive systems typically pick up the brain’s signals from the scalp, using head-worn sensors.

The two approaches have their own different benefits and disadvantages. With invasive BCI systems, because electrode arrays are touching the brain, they can gather much more fine-grained and accurate signals. However, as you can imagine, they involve brain surgery and the brain isn’t always too happy about having electrode arrays attached to it — the brain reacts with a process called glial scarring, which in turn can make it harder for the array to pick up signals. Due to the risks involved, invasive systems are usually reserved for medical applications.

Non-invasive systems, however, are more consumer friendly, as there’s no surgery required — such systems record electrical impulses coming from the skin either through sensor-equipped caps worn on the head or similar hardware worn on the wrist like bracelets. It’s likely to be that in-your-face (or on-your-head) nature of the hardware that holds back adoption: early adopters may be happy to sport large and obvious caps, but most consumers won’t be keen to wear an electrode-studded hat that reads their brain waves.

There are, however, efforts to build less intrusive non-invasive systems: DARPA, for example, is funding research into non-surgical BCIs and one day the necessary hardware could be small enough to be inhaled or injected.

Why are BCIs becoming a thing now?
Researchers have been interested in the potential of BCIs for decades, but the technology has come on at a far faster pace than many have predicted, thanks largely to better artificial intelligence and machine-learning software. As such systems have become more sophisticated, they’ve been able to better interpret the signals coming from the brain, separate the signals from the noise, and correlate the brain’s electrical impulses with actual thoughts.

Should I worry about people reading my thoughts without my permission? What about mind control?
On a practical level, most BCIs are only unidirectional — that is, they can read thoughts, but can’t put any ideas into users’ minds. That said, experimental work is already being undertaken around how people can communicate through BCIs: one recent project from the University of Washington allowed three people to collaborate on a Tetris-like game using BCIs.

The pace of technology development being what it is, bidirectional interfaces will be more common before too long. Especially if Elon Musk’s BCI outfit Neuralink has anything to do with it.

What is Neuralink? 
Elon Musk galvanised interest in BCIs when he launched Neuralink. As you’d expect from anything run by Musk, there’s an eye-watering level of both ambition and secrecy. The company’s website and Twitter feed revealed very little about what it was planning, although Musk occasionally shared hints, suggesting it was working on brain implants in the form of ‘neural lace’, a mesh of electrodes that would sit on the surface of the brain. The first serious information on Neuralink’s technology came with a presentation earlier this year, showing off a new array that can be implanted into the brain’s cortex by surgical robots.

Like a lot of BCIs, Neuralink’s was framed initially as a way to help people with neurological disorders, but Musk is looking further out, claiming that Neuralink could be used to allow humans a direct interface with artificial intelligence, so that humans are not eventually outpaced by AI. It might be that the only way to stop ourselves becoming outclassed by machines is to link up with them — if we can’t beat them, Musk’s thinking goes, we may have to join them.



see also:



One Of The Largest Data Centers In The US – CyrusOne, Texas – Hit by Ransomware Attack

One Of The Largest Data Centers In The US – CyrusOne, Texas – Hit by Ransomware Attack

Texas-based data center provider CyrusOne has reportedly fallen victim to an attack from REvil (Sodinokibi) ransomware, business tech-focused publication ZDNet reported on Dec. 5.

One of the largest data centers in the United States, CyrusOne has reportedly been exposed to an attack by a variant of the REvil (Sodinokibi) ransomware, which previously hit a number of service providers, local governments and businesses in the country.

The scope of the attack

In an email to Cointelegraph, CyrusOne confirmed:

“Six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network.” 

The firm went on to assure viewers that law enforcement was working on the matter and that their “data center colocation services, including IX and IP Network Services, are not involved in this incident.” 

Just business

Per the ransom note obtained by ZDNet, the attackers targeted CyrusOne’s network, with the sole objective of receiving a ransom. Those behind the attack claimed in the note that they consider the attack nothing more than a business transaction, aimed exclusively at profiting.

In the event the company does not cooperate with the attackers, it will purportedly lose the affected data as the cybercriminals claim to have the private key.

To pay or not to pay?

This spring, Riviera Beach, Florida, was hit by a hacker attack, in which the hackers allegedly encrypted government records, blocking access to critical information and leaving the city without an ability to accept utility payments other than in person or by regular mail. The city council eventually agreed to pay nearly $600,000 worth of Bitcoin (BTC) to regain access to data encrypted in the attack.

In late October, hackers compromised the website of the city of Johannesburg, South Africa, and demanded ransom in Bitcoin. The breach affected several customer-facing systems — hardware or software customers interact with directly, such as user interfaces and help desks. The city authorities refused to pay the ransom.

Meanwhile, a number of Finnish cities and organizations are rehearsing how to respond when a group of hackers demands the participants pay ransomware during a series of simulated cyberattacks.





Hilarious Phishing & Malware Attempts

Hilarious Phishing & Malware Attempts

Like everyone else (well, maybe more than everyone else)  I regularly get these phishing messages (“we try to make you click on the attachment, which of course is riddled with mal/ransomware”).

Hilarious to me, when it is sent to an automated, harvested e-mail address, which is 32 years old now (still works, obviously), and a “honeytrap” address these days.

Usually I just click on the “Junk” button, so the sender’s email address is fed into the global anti-spam and anti-phishing databases (the kind of ‘Spamhaus‘, SORBS, SPEWS, and such, which I helped survive against massive dDoS attacks originating from Russian spammers between 2002 and 2005) and thus “burned” … but in some cases, like this one, I am curious where they actually come from.

In this case, no effort is made to hide the origin in the SMTP headers:

Looking up that IP in geo-location services, three different services put it in St Petersburg, Russia (formerly known as ‘Leningrad’, now the second largest city in the Russian Federation):

That does not necessarily mean it is Russians behind it, but for such a lame phishing attempt, it seems hardly useful to run a proxy-server in St Petersburg to make it look like it comes from there.

So, to my friends over there behind the digital iron curtain: nice try! :wink:

Lesson for the esteemed reader: do not ever click on attachments you have the slightest doubt about; if the common-sense-check on a message fails, delete it.

If you are sure it is spam: “junk” it instead of “delete” – as outlined above, it burns the sender e-mail address in a very short time.

And if you actually think such a message could have any validity at all, go directly to your provider’s website (manually!)  and check on it there — let me repeat: do not ever click on any attachments.

Especially if you are of the faithful kind and run Microsoft Windows of any version …







Data on 1.2 Billion Users Found in Exposed AWS Elasticsearch Server

Data on 1.2 Billion Users Found in Exposed AWS Elasticsearch Server

An exposed Elasticsearch server was found to contain data on more than 1.2 billion people, Data Viper security researchers report.

The server was accessible without authentication and it contained 4 billion user accounts, spanning more than 4 terabytes of data, security researchers Bob Diachenko and Vinny Troia discovered last month.

Analysis of the data revealed that it pertained to over 1.2 billion unique individuals and that it included names, email addresses, phone numbers, and LinkedIn and Facebook profile information.

Further investigation led the researchers to the conclusion that the data came from two different data enrichment companies. Thus, the leak in fact represents data aggregated from various sources and kept up to date.

Most of the data was stored in 4 separate data indexes, labeled “PDL” and “OXY”, and the researchers discovered that the labels refer to two data aggregator and enrichment companies, namely People Data Labs and OxyData.

Analysis of the nearly 3 billion PDL user records found on the server revealed the presence of data on roughly 1.2 billion unique people, as well as 650 million unique email addresses.

Not only do these numbers fall in line with the statistics the company posted on their website, but the researchers were able to verify that the data on the server was nearly identical to the information returned by the People Data Labs API.

“The only difference being the data returned by the PDL also contained education histories. There was no education information in any of the data downloaded from the server. Everything else was exactly the same, including accounts with multiple email addresses and multiple phone numbers,” the researchers explain.

Vinny Troia also found in the leak information related to a landline phone number he was given roughly 10 years back as part of an AT&T TV bundle. Although the landline was never used, the information was present on the researcher’s profile, and was included in the data set had on him.

The company told the researchers that the exposed server, which resided on Google Cloud, did not belong to it. The data, however, was clearly coming from People Data Labs.

Some of the information on the exposed Elasticsearch, the researchers revealed, came from OxyData, although this company too denied being the owner of that server. After receiving a copy of his own user record with the company, Troia confirmed that the leaked information came from there.

The researchers couldn’t establish who was responsible for leaving the server wide open to the Internet, but suggest that this is a customer of both People Data Labs and OxyData and that the data might have been misused rather than stolen.

“Due to the sheer amount of personal information included, combined with the complexities of identifying the data owner, this has the potential to raise questions on the effectiveness of our current privacy and breach notification laws,” the researchers conclude.

“From the perspective of the people whose information was part of this dump, this doesn’t qualify as a cut-and-dry data breach. The information ‘exposed,’ is already available on LinkedIn, Facebook, GitHub, etc. begging a larger discussion about how we feel about data aggregators who compile this information and sell it, because it’s a standard practice,” Dave Farrow, senior director of information security at Barracuda Networks, told SecurityWeek in an emailed comment.

Jason Kent, hacker at Cequence Security, also commented via email, saying, “Here we see a new and potentially dangerous correlation of data like never before. […] if an attacker has a rich set of data, they can formulate very targeted attacks. The sorts of attacks that can result in knowing password recovery information, financial data, communication patterns, social structures, this is how people in power can be targeted and eventually the attack can work.”





Can hundreds of unrelated satellites create a GPS backup?

Can hundreds of unrelated satellites create a GPS backup?

The Space Development Agency’s head says that position and timing data from low-Earth orbit satellites can be used to verify or replace GPS in denied or degraded environments. (DARPA)

The head of the Space Development Agency wants to use proliferated low-Earth orbit satellites for navigation when GPS is unavailable.

As adversaries develop tools that can jam or spoof Global Positioning System signals, the military has prioritized the development of alternative sources of positioning, navigation and timing data for the war fighter. Solutions range from using real-time drone imagery to chip-scale atomic clocks, but at the Association of the United States Army conference Oct. 16, Acting Director Derek Tournear threw out another idea: using the positioning and timing data of the hundreds of satellites his agency plans to put in orbit for navigation.

The SDA was established earlier this year to rapidly develop a number of capabilities in low-Earth orbit, and the agency’s current plan calls for hundreds of satellites operating in LEO serving a variety of missions, from hypersonic missile detection and tracking to finding and identifying objects in cislunar space. An important component of that architecture is a data transport layer providing a crosslink between satellites in orbit and then bringing that data down to the ground. According to Tournear, that transport layer could be used to transfer positioning and timing data to ground users from satellites without having another dedicated PNT satellite system in orbit.

“If you have this crosslink between satellites, you can do timing transfer. So, you have very good timing information at the satellite level. If you have open communication down to any system and you can see multiple satellites, that gives you another means to use your existing comms system to get navigation independent of any other user equipment,” explained Tournear.

Using the precise timing and positional information of those satellites in LEO, users could triangulate their position in GPS-denied or -degraded environments. It’s essentially the same way smartphones can use cell towers for navigation if they can’t get a GPS signal.

“If you turn off your GPS receiver on your phone, you will still get a navigation signal on your phone based on cellphone towers, because the cellphone towers know their position and they know exact timing, so they can triangulate your position,” said Tournear. “That is not a replacement for how GPS is used for worldwide PNT coverage, but it is another way to get assured PNT and another way to validate a GPS signal.





Persistent broadband connection: Intellian’s 1.5 meter antenna can switch between LEO and GEO

Persistent broadband connection: Intellian’s 1.5 meter antenna can switch between LEO and GEO

The US Navy recently live tested a new antenna that can switch between satellites in low earth orbit and geostationary orbit, fulfilling a key need for the military moving forward.

Using Intellian’s 1.5 meter antenna, the Navy was able to maintain a broadband connection while switching between Telesat’s satellites in low earth orbit and geostationary orbit. The demonstration shows how in a scenario where a satellite in geostationary orbit is attacked or denied, the antenna is able to switch to a LEO satellite to maintain a persistent broadband connection.

“Live testing over Telesat Ka-band satellites with Intellian’s 1.5m Ka convertible VSAT confirms that the antenna is an important innovation accessing space-based ‘layers’ of satellites in next-gen space architecture,” said Kurt Fiscko, technical director of PMW/A 170 at PEO C4I in a statement.

“One of the key elements that the government is looking for, particularly the military, is a path to more resilient, more flexible networking in space,” said Telestat’s Don Brown in an interview. “What Telesat is doing in this demonstration with Intellian is addressing one of the key proof points of future resiliency and flexibility … the ability to go between GEO satellite constellation and LEO constellations.”

According to Telesat’s Rich Pang, the antenna is perfectly sized for use on the Navy’s small ship variants.

Telesat is also a contractor working on DARPA’s Project Blackjack, an effort to demonstrate the military utility of a constellation of small LEO satellites. The Space Development Agency is building off of that effort to build the U.S. military’s next generation space architecture in LEO. Comprised of hundreds of small satellites in LEO, that architecture is meant to create resiliency through numbers and provide a backup to many capabilities that are currently provided through a few exquisite satellites in GEO.

“The real impetus for this demonstration is that the government has come out and said, ‘we don’t want to be locked into not only one particular provider, but we want to be able to operate in multiple regimes so we can be disaggregated and resilient,” said Pang. “So if someone attacks the GEO belt and takes out those assets I can switch to LEO, or vise versa.





Cyborg warriors could be here by 2050, DoD study group says

Cyborg warriors could be here by 2050, DoD study group says

A mockup of U.S. SOCOM’s TALOS suit — a bold project,
but one that ultimately brought less tech than initially hoped. (DoD)

Ear, eye, brain and muscular enhancement is “technically feasible by 2050 or earlier,” according to a study released this month by the U.S. Army’s Combat Capabilities Development Command.

The demand for cyborg-style capabilities will be driven in part by the civilian healthcare market, which will acclimate people to an industry fraught with ethical, legal and social challenges, according to Defense Department researchers.

Implementing the technology across the military, however, will likely run up against the dystopian narratives found in science fiction, among other issues, the researchers added.

The report — entitled Cyborg Soldier 2050: Human/Machine Fusion and the Implications for the Future of the DOD — is the result of a year-long assessment.

It was written by a study group from the DoD Biotechnologies for Health and Human Performance Council, which is tasked to look at the ripple effects of military biotechnology.

The team identified four capabilities as technically feasible by 2050:

  • ocular enhancements to imaging, sight and situational awareness;
  • restoration and programmed muscular control through an optogenetic bodysuit sensor web;
  • auditory enhancement for communication and protection; and
  • direct neural enhancement of the human brain for two-way data transfer.

The study group suggested that direct neural enhancements in particular could revolutionize combat.

“This technology is predicted to facilitate read/write capability between humans and machines and between humans through brain-to-brain interactions,” an executive summary reads. “These interactions would allow warfighters direct communication with unmanned and autonomous systems, as well as with other humans, to optimize command and control systems and operations.”

Cyborg technologies are likely to be used among civil society as well over the next 30 years, the researchers noted.

Development of these capabilities will probably “be driven by civilian demand” and “a robust bio-economy that is at its earliest stages of development in today’s global market,” the group wrote.

But it’s after the year 2050 that the implications of cyborg capabilities become concerning.

Introduction of augmented human beings into the general population, DoD active-duty personnel, and near-peer competitors will accelerate in the years following 2050 and will lead to imbalances, inequalities, and inequities in established legal, security, and ethical frameworks,” the summary reads.

The study group proposed seven recommendations, listed in no particular order, for Pentagon leaders to consider:

  • The military should take a second look at the global and societal perception of human-machine augmentation. Americans typically imagine China or Russia developing runaway technologies because of a lack of ethical concerns, but “the attitudes of our adversaries toward these technologies have never been verified,” researchers wrote.
  • U.S. political leaders should use forums like NATO to discuss how cyborg advancements could impact interoperability between allied forces during operations.
  • The Pentagon should start investing in legal, security and ethical frameworks to anticipate emerging technologies and better prepare for their impact. Leaders should support policies that “protect individual privacy, sustain security, and manage personal and organizational risk, while maximizing defined benefits to the United States and its allies and assets,” the study group wrote.
  • Military leaders should also work to reverse the “negative cultural narratives of enhancement technologies.” It’s no secret that science fiction’s depiction of cyborg technologies revolves around dystopian futures. Transparency in how the military adopts this technology will help to alleviate concerns, while capitalizing on benefits, according to the study group.
  • The Pentagon should use wargames to gauge the impact of asymmetric biotechnologies on tactics, techniques and procedures. DoD personnel can support this through targeted intelligence assessments of the emerging field.
  • A whole-of-nation, not whole-of-government, approach to cyborg technologies is preferred. As it stands, “federal and commercial investments in these areas are uncoordinated and are being outpaced by Chinese research and development,” the study group wrote. If Chinese firms dominate the commercial sector, the U.S. defense sector will also be at a disadvantage.
  • Finally, the long-term safety concerns and the impact of these technologies on people should be monitored closely.

“The benefits afforded by human/machine fusions will be significant and will have positive quality-of-life impacts on humankind through the restoration of any functionality lost due to illness or injury,” the study group wrote.

But as these technologies evolve, “it is vital that the scientific and engineering communities move cautiously to maximize their potential and focus on the safety of our society,” the study group added.





Insecure Microsoft Azure Database Exposes Millions of Private SMS Messages

Insecure Microsoft Azure Database Exposes Millions of Private SMS Messages

Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

Tens of millions of SMS messages have been found on an unprotected database, putting the private data of hundreds of millions of people in the United States at risk for theft or exposure and leaving a communications company open for potential intrusion, security researchers discovered.

Noam Rotem and Ran Locar from the research team of vpnMentor found the database, which they said belongs to TrueDialog, a U.S.-based communications company, according to a blog post. Based in Austin, Texas, TrueDialog provides bulk SMS services for small businesses, colleges and universities, which means that the majority of the messages were business-related, researchers said.

Moreover, the insecure database was linked to “many aspects” of TrueDialog’s business, potentially increasing unauthorized access to the data of millions of people as well as exposing an unusually diverse data set, they said.

“Hundreds of millions of people were potentially exposed in a number of ways,” according to the post. “It’s rare for one database to contain such a huge volume of information that’s also incredibly varied.”

Despite companies knowing the risks of leaving data unprotected online in this era of cloud-based storage, insecure databases are a persistent problem and remain one of the leading ways data breaches occur. These breaches not only leave customers and users of the companies who exposed the data at risk, but also leave the owners of the databases more susceptible to security threats as well.

Researchers discovered the exposed TrueDialog database on Nov. 26 and contacted TrueDialog two days later, on the 28th. At last look, the database—hosted by Microsoft Azure and on the Oracle Marketing Cloud–included 604 gigabytes of data, including nearly a billion entries that included “sensitive data,” according to researchers.

Types of data found unprotected included:

  • full names of message recipients,
  • TrueDialog account holders and TrueDialog users;
  • message content;
  • email addresses;
  • phone numbers of both recipients and account users;
  • dates and times that messages were sent;
  • and message status indicators.

The account details of TrueDialog account holders also were exposed in the messages, researchers said.

The scope of the leaky data has broad implications for TrueDialog, their users and the recipients of the messages, researchers said.

For users and message-recipients whose data was exposed, their personal details could be sold to marketers and spammers and used for purposes that range from annoying to criminal.

TrueDialog may get the brunt of the impact, however, researchers said. Not only does the unprotected data harm the company’s reputation and allow competitors to capitalize on this, but it also can give competitors an edge over them by providing insight into TrueDialog’s business model and practices, according to the post.

Bad actors also have an opportunity to find and exploit vulnerabilities within TrueDialog’s system by accessing the logs of internal system errors included in the exposed data, researchers added.





France to Test Its Central Bank Digital Euro Currency in Q1/2020

France to Test Its Central Bank Digital Euro Currency in Q1/2020

The central bank of France plans to pilot a central bank digital currency (CBDC) for financial institutions in 2020. François Villeroy de Galhau, the governor of the Bank of France, announced that the bank will start testing the digital euro project by the end of the first quarter 2020, French financial publication Les Echos reports Dec. 4.

The Bank of France confirmed the news on Twitter, noting that the announcement was made at a conference co-hosted by two major French financial regulators, the French Prudential Supervision and Resolution Authority and the Autorité des marchés financiers.

Digital euro pilot won’t involve retail customers

According to the report, the digital euro pilot will only target private financial sector players and won’t involve retail payments made by individuals. Villeroy reportedly noted that a digital currency for retail customers would “be subject to special vigilance.”

As reported by Les Echos, the initiative intends to strengthen the efficiency of the French financial system, while ensuring trust in the currency.

Preventing Libra’s impact

Moreover, the project aims to assert France’s sovereignty over private digital currency initiatives like Facebook’s stablecoin Libra, Villeroy reportedly said.

Villeroy’s stance falls in line with previous statements by French finance minister Bruno Le Maire, who argued that regulators cannot allow the launch of Libra on European soil due to monetary sovereignty concerns.

According to some reports, France led the anti-Libra effort alongside Germany, Italy, Spain and the Netherlands.

Villeroy calls on France to become the first country in the world to issue a CBDC

According to a tweet by the Bank of France, its governor emphasized that France should become the first country in the world to issue a CBDC and provide an exemplary model to other jurisdictions. He stated:

“I see the interest in rapidly advancing the issuance of at least one central bank digital currency in order to be the leading issuer globally and get the benefits associated with providing an exemplary central bank digital currency.”

France has emerged as a major adopter of blockchain tech and Bitcoin

Meanwhile, France has appeared to be at the forefront of adopting crypto and blockchain technology as its government has initiated and encouraged a number of industry-related projects.

In late November 2019, the first deputy governor of the Bank of France called for a blockchain-based settlements and payments systems in Europe. As reported by Cointelegraph on Nov. 20, the French Armies and Gendarmerie’s Information and Public Relations Center was validating judicial expenses incurred during investigations on the Tezos (XTZ) blockchain at the time.

Alongside developments in blockchain, France has also emerged as a major adopter of biggest cryptocurrency, Bitcoin (BTC). In mid-October, French crypto startup Keplerk relaunched its service to accept Bitcoin payments in over 5,200 tobacco shops in France. Previously, Cointelegraph reported that at least 30 French retailers plan to launch Bitcoin payments support at over 25,000 sales points by early 2020.





$100M Funding: can industry help US Air Force Research Lab develop new Cyber and SIGINT tech?

$100M Funding: can industry help US Air Force Research Lab develop new Cyber and SIGINT tech?

A notice is asking for industry’s help in developing new and innovative cyber and signals intelligence technologies. (Greg Davis/U.S. Air Force/Getty Images)

The Air Force is asking for industry’s help developing advanced cyber and signals intelligence technologies. Specifically, the Air Force Research Lab wants technologies that can improve extraction, identification, analysis and reporting of tactical information to support intelligence, surveillance and reconnaissance; protect forces with digital systems; and support battlespace awareness.

In a notice posted online Dec. 4, the service is asking for white papers in an ongoing basis from now until 2021; from these, it will invite certain companies to issue formal proposals.

The total funding for the effort is $99.9 million, which will be broken up in fiscal years 2019 to 2021.

The notice states that technology needs range from quick reaction to critical near-term shortfalls to proof-of-concept.

The request is broken into two parts. The first portion covers ISR information for signals intelligence in order to discover new and innovative methods and processing techniques to provide decision-makers with near real-time ISR.

The second portion includes research to develop methods for the detection, identification, characterization and geolocation of emerging communications; advance digital signal processing software to provide new and existing systems and waveforms; as well as provide new and innovative software and hardware architectures for standoff collection systems and software-defined radios from either airborne or ground-based platforms operating in dense signal environments, to name a few.









DHS wants to expand airport face recognition scans to include US citizens

DHS wants to expand airport face recognition scans to include US citizens

Homeland Security wants to expand facial recognition checks for travelers arriving to and departing from the U.S. to also include citizens, which had previously been exempt from the mandatory checks.

In a filing, the department has proposed that all travelers, and not just foreign nationals or visitors, will have to complete a facial recognition check before they are allowed to enter the U.S., but also to leave the country.

Facial recognition for departing flights has increased in recent years as part of Homeland Security’s efforts to catch visitors and travelers who overstay their visas. The department, whose responsibility is to protect the border and control immigration, has a deadline of 2021 to roll out facial recognition scanners to the largest 20 airports in the United States, despite facing a rash of technical challenges.

But although there may not always be a clear way to opt-out of facial recognition at the airport, U.S. citizens and lawful permanent residents — also known as green card holders — have been exempt from these checks, the existing rules say.

Now, the proposed rule change to include citizens has drawn ire from one of the largest civil liberties groups in the country.

“Time and again, the government told the public and members of Congress that U.S. citizens would not be required to submit to this intrusive surveillance technology as a condition of traveling,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union .

“This new notice suggests that the government is reneging on what was already an insufficient promise,” he said.

Travelers, including U.S. citizens, should not have to submit to invasive biometric scans simply as a condition of exercising their constitutional right to travel. The government’s insistence on hurtling forward with a large-scale deployment of this powerful surveillance technology raises profound privacy concerns,” he said.

Citing a data breach of close to 100,000 license plate and traveler images in June, as well as concerns about a lack of sufficient safeguards to protect the data, Stanley said the government “cannot be trusted” with this technology and that lawmakers should intervene.

A spokesperson for Customs & Border Protection said the agency was “currently in the rulemaking process and will ensure that the public has the opportunity to comment prior to the implementation of any regulation,” and that it was “committed to its privacy obligations.”





Ongoing Research Project Examines Application of AI to Cybersecurity

Ongoing Research Project Examines Application of AI to Cybersecurity

Project Blackfin: Multi-Year Research Project Aims to Unlock the Potential of Machine Intelligence in Cybersecurity

Project Blackfin is ongoing artificial intelligence (AI) research challenging the current automatic assumption that deep-learning neural network principles are the best way to teach a system to detect anomalous behavior or malicious activity on a network. Run by security firm F-Secure, the project is examining the alternative applicability of distributed swarm intelligence in decision making.

“People’s expectations that ‘advanced’ machine intelligence simply mimics human intelligence is limiting our understanding of what AI can and should do,” explains Matti Aksela, F-Secure’s VP of artificial intelligence. “Instead of building AI to function as though it were human, we can and should be exploring ways to unlock the unique potential of machine intelligence, and how that can augment what people do.” 

Project Blackfin is being run by F-Secure with collaboration between in-house engineers, researchers, data scientists and academic partners. “We created Project Blackfin,” continued Aksela, “to help us reach that next level of understanding about what AI can achieve.” Although it is a long-term project, some early principles are already being incorporated into F-Secure’s own products.

The primary problem with many current anomaly detection AI systems is well-known: too many false positives or too many false negatives. This is difficult to solve simply by the nature of how the systems work. Streams of data from endpoints and network traffic are centralized and analyzed on arrival, and then stored for later audit or forensic analysis. Because the data arrives from multiple sources it is difficult to correlate events across multiple sources. Since attackers often build delays into their attacks, new events may also need to be related to historical events to be able to contextualize possibly malicious activity.

The result is that finding the best sensitivity settings for detection of behaviors is critical. Set high to ensure nothing is missed results in huge numbers of false positives that need to be manually triaged by the security team. Set too low to reduce the false negatives increases the potential for false positives.

Blackfin is exploring the use of distributing the AI as agents within each endpoint and server of a network in a collaborative manner. That intelligence becomes expert in the acceptable use of its own host. The model is inspired by the patterns of collective behavior found in nature, such as the swarm intelligence found in ant colonies or schools of fish. “The project aims to develop these intelligent agents to run on individual hosts,” says F-Secure.

“Instead of receiving instructions from a single, centralized AI model, these agents would be intelligent and powerful enough to communicate and work together to achieve common goals.”

Consider the machine learning predictive text input capabilities of individual phones. They learn the text habits of their owners very quickly, being able to rapidly offer probable word completions based on their owners’ habits. This is the type of distributed intelligence being explored by Blackfin, with the intelligence located in the device — but with the added ability for each intelligence to collaborate with the intelligence of adjacent intelligences. What may be just suspicious activity in the context of one endpoint can be confirmed as malicious or benign in the context of its action on adjacent endpoints — each of which has its own endpoint-specific intelligence.

This improves the correlation and contextualization of suspicious activity since the event is immediately, in situ, seen in the context of both the source and destination hosts. In our phone example, it might be equivalent for the text input intelligence on one phone being able collaborate with the destination intelligence and say, ‘Stop. You should not use that language with your grandmother.’

“Essentially,” said Aksela, “you’ll have a colony of fast local AIs adapting to their own environment while working together, instead of one big AI making decisions for everyone.”

F-Secure has published the first of what it expects to be regular papers on the progress of Blackfin (PDF). For now, it is exploring different anomaly detection models to detect specific phenomena. “By combining the outputs of multiple different models associated with each of the [different categories],” says the paper, “a contextual understanding of what is happening on a system can be derived, enabling downstream logic to more accurately predict whether a specific event or item is anomalous, and if it is, if it is worth alerting on. This approach enables generic methodologies for detecting attacker actions (or sequences of actions), without baking specific logic into the detection system itself.”

Research is ongoing and will continue for several years. Nevertheless, says F-Secure, through Blackfin, it has “identified a rich set of interactions between models running on endpoints, servers, and the network that have the potential to vastly improve breach detection mechanisms, forensic analysis capabilities, and response capabilities in future cyber security solutions… we expect to regularly report new results and findings as they present themselves.”




Can open source intelligence combat Russian disinformation in the Baltics?

Can open source intelligence combat Russian disinformation in the Baltics?

NATO will need to utilize social media and other publicly available information to combat Russian disinformation says a new report from the Atlantic Council.

Utilizing open source intelligence will be essential to combating Russian disinformation in the Baltics, according to a new report published Nov. 14 by the Atlantic Council.

The report focuses on how NATO joint intelligence, surveillance and reconnaissance operations can help Estonia, Latvia and Lithuania — three ex-Soviet states that face the most direct threat from Russia of any NATO member. While there are limits to what military assistance the alliance can provide to the region without prompting a Russian response, the report notes that using the alliance’s networked system of sensors, collectors and analysts to provide situational awareness and early warning remains a low risk way to help out the embattled states.

“One of the things that our alliance can do with far less controversy than any of its other activities is gain intelligence — understand the situation as it exists at any one moment,” said retired Air Marshal Sir Christopher Harper, who co-chaired the task force that authored the report.

The alliance collects that intelligence through a number of means, from drones that can detect troop movements to radars and more. According to the report, NATO possesses impressive collection capabilities in all domains and is able to utilize the United States space-based systems, which are unmatched.

But the situation in the Baltics is complex for intelligence gathering. These three states are under a constant barrage of propaganda, subversion and disinformation originating from Russia, according to the report. In order to develop a common operating picture, NATO needs to know more than just troop locations and military capabilities — it needs to know how Russia is using disinformation tactics and what effect it has on the population.

“Understanding what is happening on the ground is no longer a case of tracking the movement of military units, of tracking military intent. This is all about understanding how information is being used to influence populations, influence behavior. And with states that are so close, that have that common border with the Russian Federation, that sort of intelligence and information gathering is all the more important,” said Harper.

The report goes even further, noting that open source intelligence can be used to see through Russian deception in the region.

“Classical indicators like troop movements or railway and airfield activity may be reduced or absent altogether. Instead, JISR may take the form of intensive monitoring and analysis of propaganda and social media, open sources, atypical commercial ship and airline movements, stepped-up diplomatic activity, unusual financial transactions, increased volumes of cyber intrusion and denial-of-service attacks, and unrest in ethnic Russian areas and populations,” reads the report.

The next stage of NATO JISR operations in the Baltics will need to be able to utilize open source intelligence — publicly available information from sources like social media that can provide intelligence on the population.

One step towards such a solution could be the establishment of a Baltic region JISR operations center that could train local people to rapidly process and fuse military intelligence and open source intelligence and disseminate it to the alliance, said Harper. An alliance-wide ISR academy would also be of benefit, he added.

And in the future, artificial intelligence and machine learning could provide the solution to focusing and fusing data from traditional sensors and collection methods and open source intelligence at scale before quickly disseminating it to the alliance. The report calls for NATO to prioritize bringing those sorts of technologies online in the near term.

“The ability to understand the world around us in a very very complex information environment is going to be key to the future,” said Harper.





China’s Achilles’ heel when it comes to cyberspace

China’s Achilles’ heel when it comes to cyberspace

Despite being considered extremely vulnerable in cyberspace, the United States does pose some asymmetric advantages in the domain as compared to authoritarian regimes. (Andy Wong/AP)

If “mutually assured cyber destruction” were to occur, one Marine Corps leader said, authoritarian nations such as China might have more to lose than the United States.

Top national security experts have warned that despite the United States’ cyber prowess, the country is vulnerable to cyberattacks because of how interconnected society is with essential services and the internet. But in the case of a cyber catastrophe, “we’ll still be America. We’ll be a little beaten up, a little dirty, but China won’t be China anymore because they will not maintain control,” said Lt. Gen. Eric Smith, head of the Marine Corps Combat Development Command and the deputy commandant for combat development and integration. Smith spoke at an AFCEA Northern Virginia chapter lunch Nov. 15.

Smith said if much of the country goes offline, places like Plano, Texas, will essentially be the same. While certain elements of daily life could get ugly, residents could still rely on local-, county-, state- and national-level law enforcement entities.

China, however, as an authoritarian state, must maintain central control, Smith said. This, in turn, become an Achilles’ heel.

“If I take all the cameras offline and all the mechanisms of control cease, Shanghai is not Shanghai anymore six months after that event,” he said. “Everything within China, which has one time zone, by the way … should have nine, but they have one … because they have to maintain central control.”

Smith added that the weakness within authoritarian regimes should be exploited more through offensive cyber means.






Intel says Qualcomm’s business practices drove it out of the modem chip market

Intel says Qualcomm’s business practices drove it out of the modem chip market

It’s not like this wasn’t among the reasons everywhere suspected when Apple suddenly announced it was buying Intel’s modem business, but now the chipmaker has filed a brief in support of the FTC in an ongoing appeal by Qualcomm of a decision made in May. That decision found in favor of the FTC’s allegations that Qualcomm’s licensing arrangements for its IP around CDMA and LTE technologies have choked out other potential competitors.

Intel, in the filing and a new blog post accompanying and explaining the filing from Intel EVP and General Counsel Steven R. Rodgers, says that “Intel suffered the brunt of Qualcomm’s anticompetitive behaviour, was denied opportunities in the modem market, was prevented from making sales to customers and was forced to sell at prices artificially skewed by Qualcomm.” It also specifically notes that it counts itself among the list of “competitors [Qualcomm] forced out of the modem chip market.”

Earlier this year, Apple and Qualcomm agreed to drop ongoing lawsuits the two sometime-partners had filed agains one another, settling a feud in the courts that had started back in 2017 when Apple accused Qualcomm of overcharging it for use of Qualcomm’s patents. The settlement included Apple paying Qualcomm a one-time sum, and the establishment of a six-year licensing agreement, as well as a supply agreement for Qualcomm chipsets to be used in Apple products.

At the same time, Intel announced it was exiting the modem business – an announcement that seemed timely, given that Apple has sought to use Intel modems in recent iPhones to bypass Qualcomm, which is an industry leader when it comes to the supply of wireless communication chips used in smartphones. Then in July, Apple announced that it was acquiring the majority of Intel’s smartphone business, which led many to speculate that eventually Apple will seek to develop its own wireless communication chips in-house in a longer-term play to reduce its reliance on Qualcomm.

Intel clearly isn’t content to just let the situation lie, and since its blog post notes that it has invested “billions” in the modem business it built and then sold to Apple, you get a clear idea of why – definitely sounds like it didn’t recoup all of its sunk costs in the Apple deal, which was worth around $1 billion all told.





5G hackers: These eight groups will try to break into the networks of tomorrow

5G hackers: These eight groups will try to break into the networks of tomorrow

Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. But there are a few surprises on the list, too.

European computer security agency Enisa has listed the groups it thinks are most likely to attempt to hack into 5G networks, warning that security threats to telecoms infrastructure and beyond will expand with the arrival of next-generation mobile connectivity.

5G will introduce new risks because it will play a role in connecting up everything from smart cities, connected cars, automated factories and the internet of things.

“This will attract the attention of existing and new threat agent groups with a large variety of motives,” Enisa said in a report into the security threats facing the next generation of mobile networks. It warned that 5G will introduce a set of new vulnerabilities that will expand the ways networks and connected devices could be attacked.

“These facts may cause an unprecedented shift of capabilities and objectives of existing threat agent groups in ways that have not been seen in the past,” Enisa said.

The list of potential 5G threats includes:

Cyber criminals – Given the advanced capabilities of organised cybercrime, 5G is a likely target for them, either through attempts to steal data or via frauds. “Though not yet representing a significant monetizing vector, such attacks (or preparations hereto), will be part of their activities,” Enisa predicted.

Insiders – These could be a key threat, mainly because they are in constant proximity with the core of 5G technology. The increased complexity of 5G might increase the amount of unintentional damage caused by clumsy insiders anyway, and dishonest insiders “may misuse their access to vital network function to cause high impact/large scale availability issues in the network itself,” Enisa said. Disgruntled and dissatisfied insiders are also a target for other malicious groups, and could be recruited to abuse their insider knowledge for money.

Nation states – This is an important group due to their ability to compromise 5G networks and their potential motivation to do so, Enisa said: “Given the importance of 5G to the sovereignty of nation states, they will most probably be a target of state-sponsored attack.” It is also “indisputable” that vendors of 5G components are in a better position to cause devastating attacks to the operation of self-developed components, Enisa said, especially when governments influence them, a possible nod to the ongoing debate about which companies from which nations should be allowed to build 5G infrastructure.

Military – 5G infrastructure will be one of the most vital components to protect in the technology landscape, Enisa said, and is also likely to be a technology of use to the military. “Such a development will amplify the protection requirements and the attractiveness of 5G as a target of cyberwar,” Enisa said. “5G mobile networks are going to comprise a significant target for military operations, but also as a platform used for military purposes.”

Enisa also put hacktivists on its list, but admitted that it’s unclear how this group is going to be engaged in malicious activities surrounding 5G: “While the most probable is to see this group engaging in regional campaigns, it cannot be excluded that it could achieve high impact activities in national and even global 5G infrastructures”. Enisa also warned that corporations may themselves be a threat to 5G networks as they will be interested in tracking the development of patents and intellectual property related to 5G infrastructure.

“Through the integration of multiple verticals, 5G will provide a single attack surface that once targeted, may result in damages in the physical space (e.g. hybrid threats),” Enisa said. And while acknowledging that there is little evidence for significant activity of cyber terrorists, Enisa noted that: “5G stakeholders will need to take the protection of this infrastructure very seriously to avoid high impact events that would cause severe harm to society”.

Script kiddies – Individual junior hackers might still pose a threat to 5G because it has so many components, such as IoT devices, phones, and cloud storage spaces that are within the control of individuals, for example. “In the past, we have seen high impact attacks (e.g. DDoS) spreading from home devices and gadgets,” Enisa said, adding that: “With the availability of high-speed 5G networks and interconnected devices, activities of this threat agent group may cause significant impact though cascaded events affecting upstream components of 5G operators.”





Ransomware: Big paydays and little chance of getting caught means boom time for crooks

Ransomware: Big paydays and little chance of getting caught means boom time for crooks

File-encrypting malware is proving to be extremely lucrative for cyber attackers, who can continue large-scale ransomware campaigns – making hundreds of thousands of dollars – almost risk-free.

Ransomware will continue to plague organisations in 2020 because there’s little risk of the cyber criminals behind the network-encrypting malware attacks getting caught; so for them there’s only a small amount of risk, but a potentially large reward.

During the last year, there’s been many examples of ransomware attacks where victims have given into the extortion demands of the attackers, often paying hundreds of thousands of dollars in bitcoin in exchange for the safe return of their networks.

In many cases, the victims will pay the ransom because it’s seen as the quickest – and cheapest – means of restoring the network.

“From a criminal perspective, if I want to make $100,000, how many users do I have to infect individually and how many of those will pay me, compared to going for a hospital or a global organisation and demanding a big amount? I have a higher guarantee of getting a high payment, and that drives development in ransomware,” said Jens Monrad, head of intelligence for EMEA at FireEye.

But what makes ransomware really appealing for cyber criminals is that not only are the attacks relatively simple to carry out, and have the potential to be extremely rewarding, but there’s very little chance of them being held account for their actions.

“It’s still an area where there’s little risk of being caught or arrested – and it’s still a lucrative business,” said Monrad.

There have been a handful of cases where cyber criminals launching ransomware campaigns have been brought to justice but it’s the exception, rather than the norm.

In the majority of cases, those pushing ransomware don’t need to worry about being put in prison for their actions – especially if they’re launching attacks against organisations on the other side of the world.

For example, it’s common for ransomware launched from Russia and Eastern Europe to terminate itself if it finds itself on a system configured to the Russian language. That’s because the authorities there will often turn a blind eye to attacks being launched against individuals or companies far away.

“Certain types of malware won’t execute in Eastern Europe – you don’t want to create a disturbance in your backyard to alert local agencies,” said Monrad.

It’s not the only example of the difficulties of policing the ransomware at an international level. Two Iranian men that the US Department of Justice has accused of creating and distributing SamSam ransomware are highly unlikely to be sent to the US by Tehran. The US has also issued an indictment for a North Korean man who they say is responsible for the global WannaCry ransomware outbreak and other attacks – but Pyongyang has said the man doesn’t exist.

So as ransomware continues to be a lucrative and relatively risk-free form of cybercrime, the epidemic is only going to continue as we move into 2020.

“The risk and repercussions still aren’t there,” Monrad said.





RIPLACE: New Technique Allows Windows Ransomware to Operate Undetected

RIPLACE: New Technique Allows Windows Ransomware to Operate Undetected

A recently discovered technique allows ransomware to encrypt files on Windows-based systems without being detected by existing anti-ransomware products, Nyotron security researchers warn.

Dubbed RIPlace, the technique allows malware to bypass defenses using the legacy file system “rename” operation, and the security researchers say it is effective even against systems that are timely patched and run modern antivirus solutions.

RIPlace, the researchers say, can be used to alter files on any computers running Windows XP or newer versions of Microsoft’s operating system. 

In a detailed report covering the findings (PDF), the researchers note that most ransomware operates by opening and reading the original file, encrypting content in memory, and then destroying the original file by writing encrypted content to it/saving the encrypted file and then erasing the original/or by saving the encrypted file and then leveraging Rename to replace it.

When a Rename request is called (IRP_MJ_SET_INFORMATION with FileInformationClass set to FileRenameInformation), the filter driver gets a callback.

What the researchers discovered was that, if DefineDosDevice (a legacy function that creates a symlink), is called before Rename, one could pass an arbitrary name as the device name, along with the original file path as the target to point on.

The issue, they explain, is that the callback function filter driver “fails to parse the destination path when using the common routine FltGetDestinationFileNameInformation.” Although an error is returned when passing a DosDevice path, the Rename call succeeds.

“Using this technique, it is possible to maliciously encrypt files and bypass antivirus/anti-ransomware products that do not properly handle IRP_MJ_SET_INFORMATION callback. We believe that malicious actors may abuse this technique in order to bypass security products that rely on FltGetDestinationFileNameInformation routine as well as avoid any recording of such activity by EDR products,” the researchers explain.

The researchers discovered the technique in spring 2019 and have been in contact with Microsoft, security vendors, and law enforcement and regulatory authorities. Unfortunately, they say only a handful of security vendors have acknowledged a fix, despite dozens being impacted.

Nyotron published two videos demonstrating how RIPlace can bypass Symantec Endpoint Protection (SEP) and Microsoft Defender Antivirus (Defender AV) and also released a free tool that allows anyone to test their system and security products against RIPlace evasion technique.





Attack Simulation Firm Cymulate Raises $15 Million

Attack Simulation Firm Cymulate Raises $15 Million

Israel-based cybersecurity startup Cymulate announced on Tuesday that it has raised $15 million in a Series B funding round led by Vertex Growth Fund.

Founded by Eyal Wachsman and Avihai Bar Yosef, the company offers a cloud-based Breach and Attack Simulation (BAS) platform that helps organizations test their security controls by running thousands of attack simulations, shows points of exposure, and provides remediation guidance. The platform can assess the security of various systems, such as email, Windows Domain Network configurations, web servers, web traffic, and more.

“Simulations of the latest threats in the wild test an organization’s security defenses and controls, across the entire kill chain of attack vectors and APT attack configurations. Simulations can be run on-demand or scheduled to run at regular intervals,” the company explains.

“We’ve enjoyed an exceptionally strong growth period during the past few months and we therefore decided to pre-empt with another round of funding shortly after our Series A in order to leverage on the strong market adoption with additional resources to accelerate our expansion,” said Wachsman, who serves as Cymulate’s CEO.

Vertex Ventures Israel, Dell Technologies Capital and Susquehanna Growth Equity (SGE) also participated in the Series B round.

Cymulate has raised a total of $26 million in funding to date, including seed investment from Eyal Gruner, and $3 million through a Series A round led by investment firm Susquehanna Growth Equity in 2017.

The company says the additional funding will be used to support continued expansion in the US, and expand sales, marketing and operational support. In the future, the company plans to offer an end-to-end security testing platform that supports on-prem, cloud , IoT environments.





By continuing to use this site, you agree to the use of cookies. Please consult the Privacy Policy page for details on data use. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.