see also the previous article: https://www.bgp4.com/2019/11/26/internet-world-despairs-as-non-profit-org-tld-sold-by-isoc-for-to-private-equity-firm/

The old dream of an internet run in the public interest has long dissipated under pressure from huge corporations seeking to profit from what has become a worldwide information utility.

But one corner of the web seemed to maintain its character as a preserve for public service — the .org domain, which since its creation has been reserved for nonprofit organizations and has become something of a badge of honor of noncommercial activity.

That’s why many in the nonprofit world were startled by the announcement on Nov. 13 that the .org registry had been sold to a private equity firm, Ethos Capital. The seller was the Internet Society, a nonprofit that plays an important role in creating and maintaining internet engineering standards, but has been mostly the guardian of the .org domain. The price, as was revealed more than two weeks later, was a stunning $1.135 billion.

A private equity firm has an incentive to sell censorship as a service.

In the original announcement, Internet Society Chief Executive Andrew Sullivan called the sale “an important and exciting development” and described Ethos as “a strong strategic partner that understands the intricacies of the domain industry.”

Others are not so sure. Ethos didn’t even exist until earlier this year, and currently appears to have only two employees, including Erik Brooks, its founder.

Brooks listed his investment principles for me as “intellectual honesty, humility and respect and believing that prosperity can be built together.” But a week after the sale announcement, it emerged that the financial backers of Ethos included several firms with more conventional investment approaches, including funds associated with the families of H. Ross Perot, Mitt Romney and the Johnsons, owners of Fidelity Investments.

Brooks says Ethos is committed to running the .org registry in accordance with principles followed by the Internet Society, but hasn’t made that commitment in writing.

At stake are internet addresses ending in “.org” used by some 10 million organizations. The .org designation, or domain, is one of the oldest on the internet, along with .com (for commercial businesses), .edu (educational institutions), .gov (government agencies) and a handful of others.

It’s traditionally reserved for nonprofit organizations devoted to the public interest, such as the Red Cross, the Girl Scouts, and the United Way.

Not every dot-org meets the public service standard, since applicants aren’t screened. Websites for political fronts, such as the Koch network’s Americans for Prosperity, carry the .org label. So do sites for neo-Nazi hate groups.

But for the most part, organizations genuinely aimed at doing good tend to choose .org addresses. And, for that matter, so do Democratic and Republican party websites.

The domain holds a special place in the hearts of internet users; environmentalist and internet activist Jacob Malthouse calls .org a “digital Yosemite,” evoking the reverence naturalists such as John Muir felt for the real thing.

During a recent online discussion on the sale, Jon Nevett, chief executive of the Public Interest Registry, or PIR, the Internet Society unit that manages .org and is the entity being sold to Ethos, called it “the crown jewel of the domain name system, full stop.”

The sale, which is expected to close in the first quarter of next year, could be derailed only by two entities. One is the Internet Corp. for Assigned Names and Numbers, or ICANN, the web’s Playa Vista-based governing body, which could rule on the transfer any day now. The other is Pennsylvania Orphans Court, which has jurisdiction because PIR is a nonprofit incorporated in that state.

In the meantime, the deal has drawn brickbats from several internet luminaries.

They include Tim Berners-Lee, the inventor of the World Wide Web, who tweeted that “it would be a travesty” if the .org domain were no longer operated in the public interest. Also weighing in was Esther Dyson, the founding chairwoman of ICANN, who tweeted that she was “appalled” at what she called “the great .ORG heist.”

The parties involved in the sale have tried to tamp down the controversy, without notable success. On Nov. 29, Sullivan and Gonzalo Camarillo, the Internet Society chairman, held a conference call with users to defend the deal.

That was followed by a web discussion on Dec. 5 hosted by NTEN, an advocacy group for nonprofits, at which Sullivan was joined by Brooks and Nevett.

Brooks said he was committed to operating PIR in the dot-org community’s interest but was vague about the “mechanism” that would be established to do so. He said Ethos would not be making its financial data public, unlike the Internet Society, which issues an annual financial disclosure.

The dot-org community has two main concerns about the sale. One is that Ethos will jack up the registration fee for .org websites, which is currently about $10 per year and has been subject to a traditional limit on increases of 10% a year.

More important may be Ethos’ ability to facilitate more censorship of .org websites by allowing third parties more latitude to object to content on those sites and prompt their shutdown.

“The .org registry is a point of control on the internet,” says Mitch Stoltz, an attorney at the Electronic Frontier Foundation, which has launched a campaign protesting the deal. “A private equity firm has an incentive to sell censorship as a service.”

Already, registrars of other domains have cut agreements with corporate players, such as the Motion Picture Assn. of America, giving them the authority to order shutdowns of sites they claim are infringing on copyrights without affording site owners the opportunity to appeal.

Academic publishers such as Elsevier have won court rulings aimed at shutting down Sci-Hub, a web service that offers free access to copyrighted scientific research — but it’s up to registries to decide whether to comply with the court orders. And repressive governments such as Turkey and Saudi Arabia have worked through internet intermediaries to censor information on the web.

As the owner of the .org domain, Stoltz observes, Ethos could “enforce any limitations on nonprofits’ speech.” Since many nonprofit organizations “are engaged in speech that seeks to hold governments and industry to account, those powerful interests have every incentive to buy the cooperation of a well-placed intermediary, including an Ethos-owned PIR.”

Brooks said during the NTEN forum that Ethos would take steps to ensure that “.org is a domain that’s open and free and not curated or censored in any way, shape or form.” But he stopped short of agreeing to a legally binding undertaking.

Adding to misgivings about the sale is its chronology. Talks between Ethos and the Internet Society began only weeks after June 30, when ICANN removed price restrictions on the .org domain and made it easier for PIR to take down sites that were the subject of third-party complaints about content.

Brooks says the end of the price caps had nothing to do with the sale, which he would have pursued anyway. But the deal’s critics point out that nonprofits with .org addresses are a “captive audience” for the domain’s owner. Once an organization has begun operating as a dot-org, changing to a different domain would be horrifically costly. Followers would have to be notified of the internet name change, email addresses reconfigured, and so on.

That would give Ethos considerable latitude to raise prices, notwithstanding Brooks’ promise to limit increases to 10% a year.

Sullivan and Camarillo said in their conference call that they had not been planning to put PIR up for sale, but Ethos’ bid was so large “we couldn’t just say no without considering” it.

Since the announcement, Ethos and the Internet Society have been stingy with details of the deal and its goals. Only on Nov. 20 — a week after the sale was announced — did Sullivan reveal, in an email to insiders, that the financial backers of Ethos included Perot Holdings, which is the investment arm of the late Ross Perot’s family; FMR LLC, which owns Fidelity Investments and is privately controlled by the Johnson family of Boston; and Solamere Capital, which was co-founded by Tagg Romney, son of Mitt Romney (who was himself a Solamere partner until he joined the U.S. Senate this year).

One open question is what Ethos expects to gain from its purchase. Domain registries such as PIR are responsible chiefly for maintaining a database of registrations and collecting annual fees. That makes the job “pretty much a license to print money,” Stoltz says.

Will Ethos and its private financial backers be satisfied with running a demure internet registry in the public interest, as opposed to squeezing their $1.135-billion investment for every penny?

Brooks told me by email that he expects PIR to invest in “growth initiatives” to “provide Ethos with a good return on its investment.” Yet there doesn’t seem to be much scope for turbocharging demand for the .org domain, which largely sells itself. That means the opportunity for generating more revenue could hinge on raising the annual fee, unless the firm has other new ideas.

As for the Internet Society, its interest seemed to be stabilizing its finances by replacing the revenue from .org fees — which reached $44.4 million last year, about 85% of its total revenue — with income from a professionally managed $1.135-billion endowment. “Responsibly invested and managed,” Sullivan told listeners on the Nov. 29 conference call, the society could replicate its annual take from .org fees “in perpetuity.”

Sullivan’s words point to what may really be roiling the dot-org community about the deal. That’s the transformation of what was one of the last vestiges of the web’s image as a public utility managed informally in the public interest, immune from commercial or government control, into just another asset to be monetized.

During the conference call and in other forums, Sullivan and Camarillo talked about the need to “diversify” the Internet Society’s revenue stream rather than relying for revenue on “one company in one industry,” which made them sound a bit like the CEO of a washing machine company pondering whether to branch out into refrigerators and cooktops.

Commerce has infiltrated virtually every corner of the web except, up to now, the nonprofit corner represented by dot-orgs. The implication of the .org sale is that no piece of the internet is, in fact, immune from the world of getting and spending — everything is for sale, the public interest be damned.

 

from: https://www.latimes.com/business/story/2019-12-12/dot-org-sale-outrage-internet-society-ethos-capital

 

 

Systems that allow humans to control or communicate with technology using only the electrical signals in the brains or muscles are fast becoming mainstream. Here’s what you need to know.

What is a brain-computer interface? It can’t be what it sounds like, surely?
Yep, brain-computer interfaces (BCIs) are precisely what they sound like — systems that connect up the human brain to external technology.

It all sounds a bit sci-fi. Brain-computer interfaces aren’t really something that people are using now, are they?
People are indeed using BCIs today — all around you. At their most simple, a brain-computer interface can be used as a neuroprosthesis — that is, a piece of hardware that can replace or augment nerves that aren’t working properly. The most commonly used neuroprostheses are cochlear implants, which help people with parts of their ear’s internal anatomy to hear. Neuroprostheses to help replace damaged optic nerve function are less common, but a number of companies are developing them, and we’re likely to see widespread uptake of such devices in the coming years.

So why are brain-computer interfaces described as mind-reading technology?
That’s where this technology is heading. There are systems, currently being piloted, that can translate your brain activity — the electrical impulses — into signals that software can understand. That means your brain activity can be measured; real-life mind-reading. Or you can use your brain activity to control a remote device.

When we think, thoughts are transmitted within our brain and down into our body as a series of electrical impulses. Picking up such signals is nothing new: doctors already monitor the electrical activity in the brain using EEG (electroencephalography) and in the muscles using EMG (electromyography) as a way of detecting nerve problems. In medicine, EEG and EMG are used to find diseases and other nerve problems by looking for too much, too little or unexpected electrical activity in a patient’s nerves.

Now, however, researchers and companies are looking at whether those electrical impulses could be decoded to give an insight into a person’s thoughts.

• Mind-reading systems: Seven ways brain computer interfaces are already changing the world
• 10 years from now your brain will be connected to your computer

Can BCIs read minds? Would they be able to tell what I’m thinking right now?
At present, no. BCIs can’t read your thoughts precisely enough to know what your thoughts are at any given moment. Currently, they’re more about picking up emotional states or which movements you intend to make. A BCI could pick up when someone is thinking ‘yes’ or ‘no’, but detecting more specific thoughts, like knowing you fancy a cheese sandwich right now or that your boss has been really annoying you, are beyond the scope of most brain-computer interfaces.

OK, so give me an example of how BCIs are used.
A lot of interest in BCIs is from medicine. BCIs could potentially offer a way for people with nerve damage to recover lost function. For example, in some spinal injuries, the electrical connection between the brain and the muscles in the limbs has been broken, leaving people unable to move their arms or legs. BCIs could potentially help in such injuries by either passing the electrical signals onto the muscles, bypassing the broken connection and allowing people to move again, or help patients use their thoughts to control robotics or prosthetic limbs that could make movements for them.

They could also help people with conditions such as locked-in syndrome, who can’t speak or move but don’t have any cognitive problems, to make their wants and needs known.

What about the military and BCIs?
Like many new technologies, BCIs have attracted interest from the military, and US military emerging technology agency DARPA is investing tens of millions of dollars in developing a brain-computer interface for use by soldiers.

More broadly, it’s easy to see the appeal of BCIs for the military: soldiers in the field could patch in teams back at HQ for extra intelligence, for example, and communicate with each other without making a sound. Equally, there are darker uses that the army could put BCIs too — like interrogation and espionage.

What about Facebook and BCIs?  
Facebook has been championing the use of BCIs and recently purchased a BCI company, CTRL-labs, for a reported $1bn. Facebook is looking at BCIs from two different perspectives. It’s working with researchers to translate thoughts to speech, and its CTRL-labs acquisition could help interpret what movements someone wants to make from their brain signals alone. The common thread between the two is developing the next hardware interface.

Facebook is already preparing for the way we interface with our devices to change. In the same way we’ve moved from keyboard to mouse to touchscreen and most recently to voice as a way of controlling technology around us, Facebook is betting that the next big interface will be our thoughts. Rather than type your next status update, you could think it; rather than touch a screen to toggle between windows, you could simply move your hands in the air.

• Facebook’s ‘mind-reading’ tech startup deal could completely change how we control computers
• Type with your mind: We’ve achieved a first in brain-computer research, says Facebook

I’m not sure I’m willing to have a chip put in my brain just to type a status update.
You may not need to: not all BCI systems require a direct interface to read your brain activity.

There are currently two approaches to BCIs: invasive and non-invasive. Invasive systems have hardware that’s in contact with the brain; non-invasive systems typically pick up the brain’s signals from the scalp, using head-worn sensors.

The two approaches have their own different benefits and disadvantages. With invasive BCI systems, because electrode arrays are touching the brain, they can gather much more fine-grained and accurate signals. However, as you can imagine, they involve brain surgery and the brain isn’t always too happy about having electrode arrays attached to it — the brain reacts with a process called glial scarring, which in turn can make it harder for the array to pick up signals. Due to the risks involved, invasive systems are usually reserved for medical applications.

Non-invasive systems, however, are more consumer friendly, as there’s no surgery required — such systems record electrical impulses coming from the skin either through sensor-equipped caps worn on the head or similar hardware worn on the wrist like bracelets. It’s likely to be that in-your-face (or on-your-head) nature of the hardware that holds back adoption: early adopters may be happy to sport large and obvious caps, but most consumers won’t be keen to wear an electrode-studded hat that reads their brain waves.

There are, however, efforts to build less intrusive non-invasive systems: DARPA, for example, is funding research into non-surgical BCIs and one day the necessary hardware could be small enough to be inhaled or injected.

• AI can now read the thoughts of paralysed patients as they imagine they are writing
• Neural implants: Why connecting your brain to a computer will create a huge headache for everyone

Why are BCIs becoming a thing now?
Researchers have been interested in the potential of BCIs for decades, but the technology has come on at a far faster pace than many have predicted, thanks largely to better artificial intelligence and machine-learning software. As such systems have become more sophisticated, they’ve been able to better interpret the signals coming from the brain, separate the signals from the noise, and correlate the brain’s electrical impulses with actual thoughts.

Should I worry about people reading my thoughts without my permission? What about mind control?
On a practical level, most BCIs are only unidirectional — that is, they can read thoughts, but can’t put any ideas into users’ minds. That said, experimental work is already being undertaken around how people can communicate through BCIs: one recent project from the University of Washington allowed three people to collaborate on a Tetris-like game using BCIs.

The pace of technology development being what it is, bidirectional interfaces will be more common before too long. Especially if Elon Musk’s BCI outfit Neuralink has anything to do with it.

• Mind-reading technology is everyone’s next big security nightmare
• Mind-reading technology: The security and privacy threats ahead

What is Neuralink? 
Elon Musk galvanised interest in BCIs when he launched Neuralink. As you’d expect from anything run by Musk, there’s an eye-watering level of both ambition and secrecy. The company’s website and Twitter feed revealed very little about what it was planning, although Musk occasionally shared hints, suggesting it was working on brain implants in the form of ‘neural lace’, a mesh of electrodes that would sit on the surface of the brain. The first serious information on Neuralink’s technology came with a presentation earlier this year, showing off a new array that can be implanted into the brain’s cortex by surgical robots.

Like a lot of BCIs, Neuralink’s was framed initially as a way to help people with neurological disorders, but Musk is looking further out, claiming that Neuralink could be used to allow humans a direct interface with artificial intelligence, so that humans are not eventually outpaced by AI. It might be that the only way to stop ourselves becoming outclassed by machines is to link up with them — if we can’t beat them, Musk’s thinking goes, we may have to join them.

 

from: https://www.zdnet.com/article/what-is-bci-everything-you-need-to-know-about-brain-computer-interfaces-and-the-future-of-mind-reading-computers/

see also: https://www.zdnet.com/article/musks-neuralink-uses-brain-threads-to-try-and-read-your-mind/

 

 

 

from: https://cointelegraph.com/news/texas-based-data-center-cyrusone-hit-by-ransomware-attack

 

 

Like everyone else (well, maybe more than everyone else)  I regularly get these phishing messages (“we try to make you click on the attachment, which of course is riddled with mal/ransomware”).

Hilarious to me, when it is sent to an automated, harvested e-mail address, which is 32 years old now (still works, obviously), and a “honeytrap” address these days.

Usually I just click on the “Junk” button, so the sender’s email address is fed into the global anti-spam and anti-phishing databases (the kind of ‘Spamhaus‘, SORBS, SPEWS, and such, which I helped survive against massive dDoS attacks originating from Russian spammers between 2002 and 2005) and thus “burned” … but in some cases, like this one, I am curious where they actually come from.

In this case, no effort is made to hide the origin in the SMTP headers:

Looking up that IP in geo-location services, three different services put it in St Petersburg, Russia (formerly known as ‘Leningrad’, now the second largest city in the Russian Federation):

That does not necessarily mean it is Russians behind it, but for such a lame phishing attempt, it seems hardly useful to run a proxy-server in St Petersburg to make it look like it comes from there.

So, to my friends over there behind the digital iron curtain: nice try! :wink:

Lesson for the esteemed reader: do not ever click on attachments you have the slightest doubt about; if the common-sense-check on a message fails, delete it.

If you are sure it is spam: “junk” it instead of “delete” – as outlined above, it burns the sender e-mail address in a very short time.

And if you actually think such a message could have any validity at all, go directly to your provider’s website (manually!)  and check on it there — let me repeat: do not ever click on any attachments.

Especially if you are of the faithful kind and run Microsoft Windows of any version …

 

 

 

 

 

 

An exposed Elasticsearch server was found to contain data on more than 1.2 billion people, Data Viper security researchers report.

The server was accessible without authentication and it contained 4 billion user accounts, spanning more than 4 terabytes of data, security researchers Bob Diachenko and Vinny Troia discovered last month.

Analysis of the data revealed that it pertained to over 1.2 billion unique individuals and that it included names, email addresses, phone numbers, and LinkedIn and Facebook profile information.

Further investigation led the researchers to the conclusion that the data came from two different data enrichment companies. Thus, the leak in fact represents data aggregated from various sources and kept up to date.

Most of the data was stored in 4 separate data indexes, labeled “PDL” and “OXY”, and the researchers discovered that the labels refer to two data aggregator and enrichment companies, namely People Data Labs and OxyData.

Analysis of the nearly 3 billion PDL user records found on the server revealed the presence of data on roughly 1.2 billion unique people, as well as 650 million unique email addresses.

Not only do these numbers fall in line with the statistics the company posted on their website, but the researchers were able to verify that the data on the server was nearly identical to the information returned by the People Data Labs API.

“The only difference being the data returned by the PDL also contained education histories. There was no education information in any of the data downloaded from the server. Everything else was exactly the same, including accounts with multiple email addresses and multiple phone numbers,” the researchers explain.

Vinny Troia also found in the leak information related to a landline phone number he was given roughly 10 years back as part of an AT&T TV bundle. Although the landline was never used, the information was present on the researcher’s profile, and was included in the data set PeopleDataLabs.com had on him.

The company told the researchers that the exposed server, which resided on Google Cloud, did not belong to it. The data, however, was clearly coming from People Data Labs.

Some of the information on the exposed Elasticsearch, the researchers revealed, came from OxyData, although this company too denied being the owner of that server. After receiving a copy of his own user record with the company, Troia confirmed that the leaked information came from there.

The researchers couldn’t establish who was responsible for leaving the server wide open to the Internet, but suggest that this is a customer of both People Data Labs and OxyData and that the data might have been misused rather than stolen.

“Due to the sheer amount of personal information included, combined with the complexities of identifying the data owner, this has the potential to raise questions on the effectiveness of our current privacy and breach notification laws,” the researchers conclude.

“From the perspective of the people whose information was part of this dump, this doesn’t qualify as a cut-and-dry data breach. The information ‘exposed,’ is already available on LinkedIn, Facebook, GitHub, etc. begging a larger discussion about how we feel about data aggregators who compile this information and sell it, because it’s a standard practice,” Dave Farrow, senior director of information security at Barracuda Networks, told SecurityWeek in an emailed comment.

Jason Kent, hacker at Cequence Security, also commented via email, saying, “Here we see a new and potentially dangerous correlation of data like never before. […] if an attacker has a rich set of data, they can formulate very targeted attacks. The sorts of attacks that can result in knowing password recovery information, financial data, communication patterns, social structures, this is how people in power can be targeted and eventually the attack can work.”

 

from: https://www.securityweek.com/data-12-billion-users-found-exposed-elasticsearch-server

 

 

The Space Development Agency’s head says that position and timing data from low-Earth orbit satellites can be used to verify or replace GPS in denied or degraded environments. (DARPA)

 

from: https://www.c4isrnet.com/battlefield-tech/c2-comms/2019/11/29/can-hundreds-of-unrelated-satellites-create-a-gps-backup/

 

 

 

from: https://www.c4isrnet.com/special-reports/space-missile-defense/2019/11/29/this-antenna-can-switch-between-leo-and-geo/

 

 

A mockup of U.S. SOCOM’s TALOS suit — a bold project,
but one that ultimately brought less tech than initially hoped. (DoD)

 

from: https://www.armytimes.com/news/your-army/2019/11/27/cyborg-warriors-could-be-here-by-2050-dod-study-group-says/

 

 

Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.

A notice is asking for industry’s help in developing new and innovative cyber and signals intelligence technologies. (Greg Davis/U.S. Air Force/Getty Images)

***

 

 

 

 

 

 

Project Blackfin: Multi-Year Research Project Aims to Unlock the Potential of Machine Intelligence in Cybersecurity

Project Blackfin is ongoing artificial intelligence (AI) research challenging the current automatic assumption that deep-learning neural network principles are the best way to teach a system to detect anomalous behavior or malicious activity on a network. Run by security firm F-Secure, the project is examining the alternative applicability of distributed swarm intelligence in decision making.

“People’s expectations that ‘advanced’ machine intelligence simply mimics human intelligence is limiting our understanding of what AI can and should do,” explains Matti Aksela, F-Secure’s VP of artificial intelligence. “Instead of building AI to function as though it were human, we can and should be exploring ways to unlock the unique potential of machine intelligence, and how that can augment what people do.” 

Project Blackfin is being run by F-Secure with collaboration between in-house engineers, researchers, data scientists and academic partners. “We created Project Blackfin,” continued Aksela, “to help us reach that next level of understanding about what AI can achieve.” Although it is a long-term project, some early principles are already being incorporated into F-Secure’s own products.

The primary problem with many current anomaly detection AI systems is well-known: too many false positives or too many false negatives. This is difficult to solve simply by the nature of how the systems work. Streams of data from endpoints and network traffic are centralized and analyzed on arrival, and then stored for later audit or forensic analysis. Because the data arrives from multiple sources it is difficult to correlate events across multiple sources. Since attackers often build delays into their attacks, new events may also need to be related to historical events to be able to contextualize possibly malicious activity.

The result is that finding the best sensitivity settings for detection of behaviors is critical. Set high to ensure nothing is missed results in huge numbers of false positives that need to be manually triaged by the security team. Set too low to reduce the false negatives increases the potential for false positives.

Blackfin is exploring the use of distributing the AI as agents within each endpoint and server of a network in a collaborative manner. That intelligence becomes expert in the acceptable use of its own host. The model is inspired by the patterns of collective behavior found in nature, such as the swarm intelligence found in ant colonies or schools of fish. “The project aims to develop these intelligent agents to run on individual hosts,” says F-Secure.

“Instead of receiving instructions from a single, centralized AI model, these agents would be intelligent and powerful enough to communicate and work together to achieve common goals.”

Consider the machine learning predictive text input capabilities of individual phones. They learn the text habits of their owners very quickly, being able to rapidly offer probable word completions based on their owners’ habits. This is the type of distributed intelligence being explored by Blackfin, with the intelligence located in the device — but with the added ability for each intelligence to collaborate with the intelligence of adjacent intelligences. What may be just suspicious activity in the context of one endpoint can be confirmed as malicious or benign in the context of its action on adjacent endpoints — each of which has its own endpoint-specific intelligence.

This improves the correlation and contextualization of suspicious activity since the event is immediately, in situ, seen in the context of both the source and destination hosts. In our phone example, it might be equivalent for the text input intelligence on one phone being able collaborate with the destination intelligence and say, ‘Stop. You should not use that language with your grandmother.’

“Essentially,” said Aksela, “you’ll have a colony of fast local AIs adapting to their own environment while working together, instead of one big AI making decisions for everyone.”

F-Secure has published the first of what it expects to be regular papers on the progress of Blackfin (PDF). For now, it is exploring different anomaly detection models to detect specific phenomena. “By combining the outputs of multiple different models associated with each of the [different categories],” says the paper, “a contextual understanding of what is happening on a system can be derived, enabling downstream logic to more accurately predict whether a specific event or item is anomalous, and if it is, if it is worth alerting on. This approach enables generic methodologies for detecting attacker actions (or sequences of actions), without baking specific logic into the detection system itself.”

Research is ongoing and will continue for several years. Nevertheless, says F-Secure, through Blackfin, it has “identified a rich set of interactions between models running on endpoints, servers, and the network that have the potential to vastly improve breach detection mechanisms, forensic analysis capabilities, and response capabilities in future cyber security solutions… we expect to regularly report new results and findings as they present themselves.”

from: https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity

***

https://www.f-secure.com/content/dam/f-secure/en/business/common/collaterals/f-secure-whitepaper-blackfin.pdf

https://www.bgp4.com/wp-content/uploads/2019/12/f-secure-whitepaper-blackfin.pdf

 

NATO will need to utilize social media and other publicly available information to combat Russian disinformation says a new report from the Atlantic Council.

 

from: https://www.c4isrnet.com/intel-geoint/2019/11/16/can-open-source-intelligence-combat-russian-disinformation-in-the-baltics/

 

 

Despite being considered extremely vulnerable in cyberspace, the United States does pose some asymmetric advantages in the domain as compared to authoritarian regimes. (Andy Wong/AP)

 

from: https://www.fifthdomain.com/international/2019/11/18/chinas-achilles-heel-when-it-comes-to-cyberspace/

 

 

 

 

from: https://techcrunch.com/2019/11/29/intel-says-qualcomms-business-practices-drove-it-out-of-the-modem-chip-market/

 

 

Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. But there are a few surprises on the list, too.

European computer security agency Enisa has listed the groups it thinks are most likely to attempt to hack into 5G networks, warning that security threats to telecoms infrastructure and beyond will expand with the arrival of next-generation mobile connectivity.

5G will introduce new risks because it will play a role in connecting up everything from smart cities, connected cars, automated factories and the internet of things.

“This will attract the attention of existing and new threat agent groups with a large variety of motives,” Enisa said in a report into the security threats facing the next generation of mobile networks. It warned that 5G will introduce a set of new vulnerabilities that will expand the ways networks and connected devices could be attacked.

“These facts may cause an unprecedented shift of capabilities and objectives of existing threat agent groups in ways that have not been seen in the past,” Enisa said.

The list of potential 5G threats includes:

Cyber criminals – Given the advanced capabilities of organised cybercrime, 5G is a likely target for them, either through attempts to steal data or via frauds. “Though not yet representing a significant monetizing vector, such attacks (or preparations hereto), will be part of their activities,” Enisa predicted.

Insiders – These could be a key threat, mainly because they are in constant proximity with the core of 5G technology. The increased complexity of 5G might increase the amount of unintentional damage caused by clumsy insiders anyway, and dishonest insiders “may misuse their access to vital network function to cause high impact/large scale availability issues in the network itself,” Enisa said. Disgruntled and dissatisfied insiders are also a target for other malicious groups, and could be recruited to abuse their insider knowledge for money.

Nation states – This is an important group due to their ability to compromise 5G networks and their potential motivation to do so, Enisa said: “Given the importance of 5G to the sovereignty of nation states, they will most probably be a target of state-sponsored attack.” It is also “indisputable” that vendors of 5G components are in a better position to cause devastating attacks to the operation of self-developed components, Enisa said, especially when governments influence them, a possible nod to the ongoing debate about which companies from which nations should be allowed to build 5G infrastructure.

Military – 5G infrastructure will be one of the most vital components to protect in the technology landscape, Enisa said, and is also likely to be a technology of use to the military. “Such a development will amplify the protection requirements and the attractiveness of 5G as a target of cyberwar,” Enisa said. “5G mobile networks are going to comprise a significant target for military operations, but also as a platform used for military purposes.”

Enisa also put ‘hacktivists‘ on its list, but admitted that it’s unclear how this group is going to be engaged in malicious activities surrounding 5G: “While the most probable is to see this group engaging in regional campaigns, it cannot be excluded that it could achieve high impact activities in national and even global 5G infrastructures”. Enisa also warned that corporations may themselves be a threat to 5G networks as they will be interested in tracking the development of patents and intellectual property related to 5G infrastructure.

“Through the integration of multiple verticals, 5G will provide a single attack surface that once targeted, may result in damages in the physical space (e.g. hybrid threats),” Enisa said. And while acknowledging that there is little evidence for significant activity of cyber terrorists, Enisa noted that: “5G stakeholders will need to take the protection of this infrastructure very seriously to avoid high impact events that would cause severe harm to society”.

Script kiddies – Individual junior hackers might still pose a threat to 5G because it has so many components, such as IoT devices, phones, and cloud storage spaces that are within the control of individuals, for example. “In the past, we have seen high impact attacks (e.g. DDoS) spreading from home devices and gadgets,” Enisa said, adding that: “With the availability of high-speed 5G networks and interconnected devices, activities of this threat agent group may cause significant impact though cascaded events affecting upstream components of 5G operators.”

 

from: https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/

 

 

File-encrypting malware is proving to be extremely lucrative for cyber attackers, who can continue large-scale ransomware campaigns – making hundreds of thousands of dollars – almost risk-free.

Ransomware will continue to plague organisations in 2020 because there’s little risk of the cyber criminals behind the network-encrypting malware attacks getting caught; so for them there’s only a small amount of risk, but a potentially large reward.

During the last year, there’s been many examples of ransomware attacks where victims have given into the extortion demands of the attackers, often paying hundreds of thousands of dollars in bitcoin in exchange for the safe return of their networks.

In many cases, the victims will pay the ransom because it’s seen as the quickest – and cheapest – means of restoring the network.

“From a criminal perspective, if I want to make $100,000, how many users do I have to infect individually and how many of those will pay me, compared to going for a hospital or a global organisation and demanding a big amount? I have a higher guarantee of getting a high payment, and that drives development in ransomware,” said Jens Monrad, head of intelligence for EMEA at FireEye.

But what makes ransomware really appealing for cyber criminals is that not only are the attacks relatively simple to carry out, and have the potential to be extremely rewarding, but there’s very little chance of them being held account for their actions.

“It’s still an area where there’s little risk of being caught or arrested – and it’s still a lucrative business,” said Monrad.

There have been a handful of cases where cyber criminals launching ransomware campaigns have been brought to justice but it’s the exception, rather than the norm.

In the majority of cases, those pushing ransomware don’t need to worry about being put in prison for their actions – especially if they’re launching attacks against organisations on the other side of the world.

For example, it’s common for ransomware launched from Russia and Eastern Europe to terminate itself if it finds itself on a system configured to the Russian language. That’s because the authorities there will often turn a blind eye to attacks being launched against individuals or companies far away.

“Certain types of malware won’t execute in Eastern Europe – you don’t want to create a disturbance in your backyard to alert local agencies,” said Monrad.

It’s not the only example of the difficulties of policing the ransomware at an international level. Two Iranian men that the US Department of Justice has accused of creating and distributing SamSam ransomware are highly unlikely to be sent to the US by Tehran. The US has also issued an indictment for a North Korean man who they say is responsible for the global WannaCry ransomware outbreak and other attacks – but Pyongyang has said the man doesn’t exist.

So as ransomware continues to be a lucrative and relatively risk-free form of cybercrime, the epidemic is only going to continue as we move into 2020.

“The risk and repercussions still aren’t there,” Monrad said.

 

from: https://www.zdnet.com/article/ransomware-big-paydays-and-little-chance-of-getting-caught-means-boom-time-for-crooks/

 

 

A recently discovered technique allows ransomware to encrypt files on Windows-based systems without being detected by existing anti-ransomware products, Nyotron security researchers warn.

Dubbed RIPlace, the technique allows malware to bypass defenses using the legacy file system “rename” operation, and the security researchers say it is effective even against systems that are timely patched and run modern antivirus solutions.

RIPlace, the researchers say, can be used to alter files on any computers running Windows XP or newer versions of Microsoft’s operating system. 

In a detailed report covering the findings (PDF), the researchers note that most ransomware operates by opening and reading the original file, encrypting content in memory, and then destroying the original file by writing encrypted content to it/saving the encrypted file and then erasing the original/or by saving the encrypted file and then leveraging Rename to replace it.

When a Rename request is called (IRP_MJ_SET_INFORMATION with FileInformationClass set to FileRenameInformation), the filter driver gets a callback.

What the researchers discovered was that, if DefineDosDevice (a legacy function that creates a symlink), is called before Rename, one could pass an arbitrary name as the device name, along with the original file path as the target to point on.

The issue, they explain, is that the callback function filter driver “fails to parse the destination path when using the common routine FltGetDestinationFileNameInformation.” Although an error is returned when passing a DosDevice path, the Rename call succeeds.

“Using this technique, it is possible to maliciously encrypt files and bypass antivirus/anti-ransomware products that do not properly handle IRP_MJ_SET_INFORMATION callback. We believe that malicious actors may abuse this technique in order to bypass security products that rely on FltGetDestinationFileNameInformation routine as well as avoid any recording of such activity by EDR products,” the researchers explain.

The researchers discovered the technique in spring 2019 and have been in contact with Microsoft, security vendors, and law enforcement and regulatory authorities. Unfortunately, they say only a handful of security vendors have acknowledged a fix, despite dozens being impacted.

Nyotron published two videos demonstrating how RIPlace can bypass Symantec Endpoint Protection (SEP) and Microsoft Defender Antivirus (Defender AV) and also released a free tool that allows anyone to test their system and security products against RIPlace evasion technique.

 

from: https://www.securityweek.com/new-technique-allows-ransomware-operate-undetected

 

 

Israel-based cybersecurity startup Cymulate announced on Tuesday that it has raised $15 million in a Series B funding round led by Vertex Growth Fund.

Founded by Eyal Wachsman and Avihai Bar Yosef, the company offers a cloud-based Breach and Attack Simulation (BAS) platform that helps organizations test their security controls by running thousands of attack simulations, shows points of exposure, and provides remediation guidance. The platform can assess the security of various systems, such as email, Windows Domain Network configurations, web servers, web traffic, and more.

“Simulations of the latest threats in the wild test an organization’s security defenses and controls, across the entire kill chain of attack vectors and APT attack configurations. Simulations can be run on-demand or scheduled to run at regular intervals,” the company explains.

“We’ve enjoyed an exceptionally strong growth period during the past few months and we therefore decided to pre-empt with another round of funding shortly after our Series A in order to leverage on the strong market adoption with additional resources to accelerate our expansion,” said Wachsman, who serves as Cymulate’s CEO.

Vertex Ventures Israel, Dell Technologies Capital and Susquehanna Growth Equity (SGE) also participated in the Series B round.

Cymulate has raised a total of $26 million in funding to date, including seed investment from Eyal Gruner, and $3 million through a Series A round led by investment firm Susquehanna Growth Equity in 2017.

The company says the additional funding will be used to support continued expansion in the US, and expand sales, marketing and operational support. In the future, the company plans to offer an end-to-end security testing platform that supports on-prem, cloud , IoT environments.

 

from: https://www.securityweek.com/attack-simulation-firm-cymulate-raises-15-million