This has been around since 2008 (maybe 2006) and definitely smells
like it was designed by intelligence pros.
Regin,
a new piece of spyware, said to infect telecom, energy, airline
industries
The
cyber security firm Symantec on Sunday revealed that a malicious new
piece of software is collecting information on individuals,
companies, and government entities without their knowledge.
The
malware, called Regin, is considered to be a mass surveillance and
data collection tool (sometimes referred to as “spyware”). Its
purpose and origin is still unclear, Symantec said, but researchers
believe that the program is the work of a nation-state.
…
Symantec said Regin (pronounced “re-gen,” as in “regenerate”)
monitors its targets with a rarely-seen level of sophistication.
Internet service providers and telecommunications companies make up
the bulk of the those that are initially infected, researchers said.
Regin then targets individuals of interest—in the hospitality,
energy, research, and airline industries, among others—that are
served by those ISPs. Regin’s operators continue to use infected
companies as a springboard to gain access to more individuals. Once
they gain access, they can remotely control a person’s keyboard,
monitor Internet activity, and recover deleted files.
More than half of observed attacks have targeted Russia and Saudi
Arabia, Symantec said. The rest are scattered across Europe, Central
America, Africa, and Asia.
(Related)
Regin:
Top-tier espionage tool enables stealthy surveillance
Symantec
Security Response: ” An advanced spying tool, Regin displays a
degree of technical competence rarely seen and has been used in
spying operations against governments, infrastructure operators,
businesses, researchers, and private individuals. An advanced piece
of malware, known as Regin, has been used in systematic spying
campaigns against a range of international targets since at least
2008. A back door-type Trojan, Regin is a complex piece of malware
whose structure displays a degree of technical competence rarely
seen. Customizable with an extensive range of capabilities depending
on the target, it provides its controllers with a powerful framework
for mass surveillance and has been used in spying operations against
government organizations, infrastructure operators, businesses,
researchers, and private individuals. It is likely that its
development took months, if not years, to complete and its authors
have gone to great lengths to cover its tracks. Its capabilities and
the level of resources behind Regin indicate that it is one of the
main cyberespionage tools used by a nation state. As
outlined in a new technical whitepaper from Symantec, Backdoor.
Regin is a multi-staged threat and each stage is hidden and
encrypted, with the exception of the first stage. Executing the
first stage starts a domino chain of decryption and loading of each
subsequent stage for a total of five stages. Each individual stage
provides little information on the complete package. Only by
acquiring all five stages is it possible to analyze and understand
the threat.”
How
to find out if the million credit card details I sold you will work
at Walmart? There's an App for that!
Fraud
Service Uses Charity Websites to Validate Stolen Credit Card Data
Cybercriminals
who specialize in payment card fraud can verify the validity of
stolen data by using an automated tool which conducts transactions on
the websites of non-profit organizations, researchers at PhishLabs
reported on Friday.
The
card data verification service relies on a bot developed in the Perl
programming language and an IRC channel. Fraudsters can use the IRC
channel to communicate with each other, while the verification
process takes place via private messages.
Once
they log in to the IRC channel, cybercrooks must simply send a
private message containing credit card numbers, cardholder names, and
expiration dates to a moderator by using a special input syntax. The
bot monitors messages and when the specific syntax is identified, and
then conducts a transaction on the website of a charity or a
non-profit organization. The fraudsters are then provided with
transaction details from which they can learn if the stolen card data
is valid, researchers said.
The
military (and perhaps DHS) do not use “cost” as a basis for
evaluating the success of weapons or other technology. Should the
police ignore cost? What is one arrest “worth?” The initial
outlay isn't too great, but how much does it cost to review the false
positives? Does the data get deleted from the DHS servers after six
months, like the city ordinance requires?
Three license plate readers that Menlo Park police began using this
summer captured images of more than 250,000 plates between July 1 and
Oct. 1, according to a police staff report.
Out
of all those images, however, only one could be tracked to a crime.
Police recovered a stolen car and arrested the thief.
The readers, which cost a total of $57,914, are mounted on the roofs
of two marked patrol cars and one unmarked vehicle used by
detectives.
…
The collected data is then uploaded to a server managed by the
Northern California Regional Intelligence Center, part of the
Department of Homeland Security.
… According to the staff report, 263,430 license plates were
photographed in the first three months that the readers were used. Of
those, 141 plate numbers registered as a "hit," matching
those of vehicles on an active wanted list that were stolen or
associated with missing people.
"The
vast majority of the hits were subsequently deemed to be a 'false
read' after further review by the [Automated License Plate Reader]
operator," the report states.
Police
spokeswoman Nicole Acker said a "false read" occurs when
the photo of a license plate differs from the computer-generated
image of the plate.
"A simplified example of a type of false read would be when an 8
is read as a B and vice versa," she wrote in an email.
I'm
thinking of creating an App that tracks everything “for academic
purposes.” Great (green) quote!
Ride-sharing
giant Uber’s ability to monitor users’ movement without their
knowledge is exposing what some critics call a gaping hole in the
nation’s privacy laws.
Unlike
some other types of data, regulators cannot limit what companies are
able to do with information about customers' location, which could
show where people live, sleep and travel.
…
“Right now we protect health data, we protect financial data, we
protect kids’ data, but
location isn’t protected,” said Alvaro Bedoya, the
executive director of Georgetown University’s Center on Privacy and
Technology.
“As
long as a company is not deceiving you about how they’re using the
data, they can pretty much do whatever they want with it,”
he added.
The
future of research generating Big Data?
CERN
Open Data Portal
“The
CERN
Open Data portal is the access point to a growing range of data
produced through the research performed at CERN. It disseminates the
preserved output from various research activities, including
accompanying software and documentation which is needed to understand
and analyze the data being shared. The portal adheres to established
global standards in data preservation and Open Science: the products
are shared under open licenses; they are issued with a digital object
identifier (DOI) to make them citable objects in the scientific
discourse (see details below on how to do this).
Data
and re-use – LHC Data:
Data
produced by the LHC experiments are usually categorized in four
different levels (DPHEP
Study Group (2009)). The Open Data portal focuses on the release
of data from levels 2 and 3.
- Level 1 data comprises data that is directly related to publications which provide documentation for the published results
- Level 2 data includes simplified data formats for analysis in outreach and training exercises
- Level 3 data comprises reconstucted data and simulations as well as the analysis level software to allow a full scientific analysis
- Level 4 covers basic raw level data (if not yet covered as level 3 data) and their associated software and allows access to the full potential of the experimental data.”
This
infographic should provide some incentive to students who are not
sure if they should learn to code. Note: This is revenue per day!
You
Won’t Believe How Much Money These iOS Games Make
You
know that gaming on the iPhone is big business. Free-to-play games
like Candy
Crush Saga, Clash of Clans, and others are making insane amounts
of money from games that are technically free. It’s all about the
in-app
purchases, and love them or hate them, they are here to stay.
Just
how much money are the people and companies behind these popular iOS
games actually making? You might want to take a seat, because the
numbers will shock you.
Via
TopApps
(Related)
Cross checking those revenue numbers...
Top
grossing iOS mobile gaming apps as of October 2014, ranked by daily
revenue (in U.S. dollars)
No comments:
Post a Comment