Monday, November 09, 2015

Back in October, the FBI recommended paying the ransom. Flag for my Computer Security students.
ProtonMail pays Bitcoin ransom to stop DDoS attack then is attacked further
Distributed denial of service (DDoS) attacks with extortion demands for payments in Bitcoin to stop them are becoming more and more popular in 2015, but what happens if you give in and pay the ransom?
Switzerland-based email service provider ProntonMail (Proton Technologies AG) has found out the hard way that paying the ransom doesn’t work after the company experienced the multiple DDoS attacks and paid the ransom.
… “The coordinated assault on our ISP exceeded 100Gbps and attacked not only the data center, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the data center and the ISP, which impacted hundreds of other companies, not just ProtonMail.”
Given the impact of the attack on other companies, the company explained why the paid the money demanded, writing “At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do

(Related) Encryption when they gain access to your site, DDOS when they can not.
Extortionists are busier than ever. This past week saw more reports on ransomware that corrupts files even if you pay the ransom, and DDoS attacks so powerful that usual defenses may be inadequate.
Brian Krebs reports:
One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user’s documents and files with very strong encryption. A ransom, to be paid in Bitcon, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site’s files, pages and images for ransom.
Read more on, where Brian also includes some info on backing up your system. One of the things he reports – and I’ve seen this elsewhere as well – is that there’s something about the new ransomware that even when you are eventually able to decrypt your files (assuming you pay the ransom), some of the files seem to be corrupted by the ransomware’s decryption. TheHackerNews also has more on the Linux ransomware Brian discusses.
Besides the ransomware threat this week, I am also seeing more about companies paying extortion demands to avoid massive DDoS attacks that are taking down web sites. A few days after ProtonMail announced that it had paid the extortion demands at the urging of its web host and other companies affected by the massive attack, a tweet from @CocaineSecurity suggested that Swedbank had paid an extortion demand to stop a DDoS attack. In a tweet on November 7, @CocaineSecurity wrote:
Thanks for the bitcoins! @Swedbank Nobody will now touch your website.CocaineSecurity (@CocaineSecurity) November 7, 2015
As of the time of this posting, there’s been no statement from Swedbank either confirming or denying the claim that they paid the extortion demand.
Update: Swedbank just responded to my tweeted inquiry about this by replying that they have not paid any ransom demand and have reported the individual to the police:
@PogoWasRight We haven’t paid anyone. We have reported the person behind this to the police. — Swedbank Sverige (@Swedbank) November 9, 2015
@CocaineSecurity quickly responded with its own tweet:
@PogoWasRight @Swedbank Wanna go down again? We do bite — CocaineSecurity (@CocaineSecurity) November 9, 2015

Because our customers are too dumb to realize what we're doing...” I would be interested to see the raw numbers. I bet only a small percentage of customers go over 300GB in a month. Are they really looking at peak usage or are they projecting a future where everyone runs 24 hour TV and downloads movies and surfs the Internet and listens to music and... and... and...?
Comcast leak shows that data caps aren't about congestion
Many internet providers with data caps (especially in mobile) will tell you that those limits exist to prevent network congestion – that's not necessarily true, but it's the official line. However, Comcast isn't even trying to make that claim. Leaked support documents show that the cable giant's customer service reps will deny that the expanding internet caps are about congestion in any form. Instead, the ceilings are about "fairness" and offering a "more flexible policy" to subscribers. Also, Comcast is telling agents to avoid describing cap-free areas as having unlimited usage. Instead, staffers are supposed to tell you that unfettered areas are still subject to Comcast's longstanding 250GB soft cap – the company just isn't "currently enforcing" the limit. In other words... it's unlimited.

An interesting tool to compete with other search engines. Pin your own image then search? God help me when my wife, the “power shopper” discovers this.
Pinterest Sharpens Its Visual-Search Skills
Photo-sharing site Pinterest Inc. is considered a social network, akin to Facebook Inc. It would rather be more like Google.
The San Francisco startup plans to introduce Monday technology to let users search its site without using text. The new tool would allow a user who, for example, admires a light fixture pictured hanging above a dining-room table to highlight it, and then see pictures of other light fixtures in similar styles or colors.
Pinterest says the technology is a step toward a new type of visual search engine that it calls “a discovery engine.” The company’s executives say it will help users find things they didn’t know they liked.

Snapchat triples video traffic as it closes the gap with Facebook
Snapchat is closing the gap with Facebook in the social networks’ battle for scale in video. The number of videos viewed on messaging app Snapchat every day has tripled since May to 6bn, according to people close to the company.
That compares with the 8bn daily video views announced by Facebook last week, which has doubled from 4bn in April. Facebook’s figure includes both desktop and mobile views, while Snapchat’s audience — though smaller in size overall — is entirely made up of smartphone users.
… Video is fast becoming one of the most popular activities on social networking apps, and the race for eyeballs comes as analysts predict huge growth in digital video advertising. Clips are an important source of new revenue, as advertising rates tend to be higher for video compared with static images or text.

No comments: