Monday, November 24, 2014

This has been around since 2008 (maybe 2006) and definitely smells like it was designed by intelligence pros.
Regin, a new piece of spyware, said to infect telecom, energy, airline industries
The cyber security firm Symantec on Sunday revealed that a malicious new piece of software is collecting information on individuals, companies, and government entities without their knowledge.
The malware, called Regin, is considered to be a mass surveillance and data collection tool (sometimes referred to as “spyware”). Its purpose and origin is still unclear, Symantec said, but researchers believe that the program is the work of a nation-state.
… Symantec said Regin (pronounced “re-gen,” as in “regenerate”) monitors its targets with a rarely-seen level of sophistication. Internet service providers and telecommunications companies make up the bulk of the those that are initially infected, researchers said. Regin then targets individuals of interest—in the hospitality, energy, research, and airline industries, among others—that are served by those ISPs. Regin’s operators continue to use infected companies as a springboard to gain access to more individuals. Once they gain access, they can remotely control a person’s keyboard, monitor Internet activity, and recover deleted files.
More than half of observed attacks have targeted Russia and Saudi Arabia, Symantec said. The rest are scattered across Europe, Central America, Africa, and Asia.

Regin: Top-tier espionage tool enables stealthy surveillance
Symantec Security Response: ” An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals. An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals. It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state. As outlined in a new technical whitepaper from Symantec, Backdoor. Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”

How to find out if the million credit card details I sold you will work at Walmart? There's an App for that!
Fraud Service Uses Charity Websites to Validate Stolen Credit Card Data
Cybercriminals who specialize in payment card fraud can verify the validity of stolen data by using an automated tool which conducts transactions on the websites of non-profit organizations, researchers at PhishLabs reported on Friday.
The card data verification service relies on a bot developed in the Perl programming language and an IRC channel. Fraudsters can use the IRC channel to communicate with each other, while the verification process takes place via private messages.
Once they log in to the IRC channel, cybercrooks must simply send a private message containing credit card numbers, cardholder names, and expiration dates to a moderator by using a special input syntax. The bot monitors messages and when the specific syntax is identified, and then conducts a transaction on the website of a charity or a non-profit organization. The fraudsters are then provided with transaction details from which they can learn if the stolen card data is valid, researchers said.

The military (and perhaps DHS) do not use “cost” as a basis for evaluating the success of weapons or other technology. Should the police ignore cost? What is one arrest “worth?” The initial outlay isn't too great, but how much does it cost to review the false positives? Does the data get deleted from the DHS servers after six months, like the city ordinance requires?
Cameras that read 263,430 license plates in Menlo Park net a single arrest
Three license plate readers that Menlo Park police began using this summer captured images of more than 250,000 plates between July 1 and Oct. 1, according to a police staff report.
Out of all those images, however, only one could be tracked to a crime. Police recovered a stolen car and arrested the thief.
The readers, which cost a total of $57,914, are mounted on the roofs of two marked patrol cars and one unmarked vehicle used by detectives.
… The collected data is then uploaded to a server managed by the Northern California Regional Intelligence Center, part of the Department of Homeland Security.
… According to the staff report, 263,430 license plates were photographed in the first three months that the readers were used. Of those, 141 plate numbers registered as a "hit," matching those of vehicles on an active wanted list that were stolen or associated with missing people.
"The vast majority of the hits were subsequently deemed to be a 'false read' after further review by the [Automated License Plate Reader] operator," the report states.
Police spokeswoman Nicole Acker said a "false read" occurs when the photo of a license plate differs from the computer-generated image of the plate.
"A simplified example of a type of false read would be when an 8 is read as a B and vice versa," she wrote in an email.

I'm thinking of creating an App that tracks everything “for academic purposes.” Great (green) quote!
Uber ignites new privacy fight
Ride-sharing giant Uber’s ability to monitor users’ movement without their knowledge is exposing what some critics call a gaping hole in the nation’s privacy laws.
Unlike some other types of data, regulators cannot limit what companies are able to do with information about customers' location, which could show where people live, sleep and travel.
… “Right now we protect health data, we protect financial data, we protect kids’ data, but location isn’t protected,” said Alvaro Bedoya, the executive director of Georgetown University’s Center on Privacy and Technology.
As long as a company is not deceiving you about how they’re using the data, they can pretty much do whatever they want with it,” he added.

The future of research generating Big Data?
CERN Open Data Portal
“The CERN Open Data portal is the access point to a growing range of data produced through the research performed at CERN. It disseminates the preserved output from various research activities, including accompanying software and documentation which is needed to understand and analyze the data being shared. The portal adheres to established global standards in data preservation and Open Science: the products are shared under open licenses; they are issued with a digital object identifier (DOI) to make them citable objects in the scientific discourse (see details below on how to do this).
Data and re-use – LHC Data:
Data produced by the LHC experiments are usually categorized in four different levels (DPHEP Study Group (2009)). The Open Data portal focuses on the release of data from levels 2 and 3.
  • Level 1 data comprises data that is directly related to publications which provide documentation for the published results
  • Level 2 data includes simplified data formats for analysis in outreach and training exercises
  • Level 3 data comprises reconstucted data and simulations as well as the analysis level software to allow a full scientific analysis
  • Level 4 covers basic raw level data (if not yet covered as level 3 data) and their associated software and allows access to the full potential of the experimental data.”

This infographic should provide some incentive to students who are not sure if they should learn to code. Note: This is revenue per day!
You Won’t Believe How Much Money These iOS Games Make
You know that gaming on the iPhone is big business. Free-to-play games like Candy Crush Saga, Clash of Clans, and others are making insane amounts of money from games that are technically free. It’s all about the in-app purchases, and love them or hate them, they are here to stay.
Just how much money are the people and companies behind these popular iOS games actually making? You might want to take a seat, because the numbers will shock you.
Via TopApps

(Related) Cross checking those revenue numbers...
Top grossing iOS mobile gaming apps as of October 2014, ranked by daily revenue (in U.S. dollars)

No comments: