The FBI has denied allegations that it paid Carnegie Mellon University security researchers $1 million to crack a network designed to protect the anonymity of its users.
Source: http://www.technewsworld.com/story/82771.html
The attack on Tor occurred from January to July 2014. The attackers discovered a way to strip the anonymity of Tor users by tracking their traffic on the network.
Tor attributed the attack to Carnegie Mellon after a pair of researchers from that university, Alexander Volynkin and Michael McCord, abruptly canceled a presentation they were scheduled to make at the Black Hat security conference in Las Vegas in August 2014.
In their presentation's description, the pair wrote:
"In our analysis, we've discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands of Tor clients and thousands of hidden services within a couple of months."
Inaccurate Accusation
"Apparently these researchers were paid by the FBI to attack hidden services users in a broad sweep, and then sift through their data to find people whom they could accuse of crimes," Tor Project Director Roger Dingledine said.
"We have been told that the payment to CMU was at least $1 million," he added.
"The claims as reported are inaccurate," the FBI said in a statement provided TechNewsWorld by spokesperson Jillian B. Stickles.
"The allegation that we paid Carnegie Mellon a million dollars to hack Tor is inaccurate," the statement notes. "We have a partnership with them on various things, but this story is completely inaccurate that we ever paid them a million dollars to hack into Tor."
Carnegie Mellon, too, has called reports about its role in the Tor attack inaccurate.
"In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed. The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance," it said Wednesday in a statement provided to TechNewsWorld by Ken Walters of Carnegie Mellon University's media relations department.
The university declined to provide further details for this story.
Linux Ransomware
Dr.Web earlier this month discovered the first known ransomware written for Linux servers. Fortunately, it was written by an inept extortionist.
Aimed at administrators of Linux servers, the ransomware, Linux.Encoder.1, was planted on a number of computers by exploiting existing vulnerabilities in Linux.
After infecting a server, the ransomware encrypts important files on the system. It then demands that the system operator pay a ransom -- one or two bitcoins -- to decrypt the files.
The problem with the scheme was that the blackmailer used a weak form of encryption to scramble the files with the ransonware.
Reprise Likely
Ransomware writers typically will use the AES algorithm to encrypt files on a target machine. AES uses the same key to encrypt and decrypt files.
That's an inherent weakness in AES. To compensate for that weakness, criminal coders create a key using a stronger algorithm -- RSA -- to encode the AES keys.
Not only does the RSA key make the AES keys stored on the target computer more difficult to crack, but since the RSA key is stored somewhere on the Internet, it's more difficult for malware fighters to find.
"In this case, they didn't use the RSA key to encrypt the AES key," said Liviu Arsene, senior threat analyst for Bitdefender.
"That made the AES files really easy to decrypt because the AES encryption key is based on the time stamp of the file at the time of encryption. Once you know that time stamp, you can break the encryption pretty easily," he told TechNewsWorld.
"This was a pretty poor attempt at doing ransomware, but in the future, they could use an RSA key stored on a command and control server to make this a potent encryption system," Arsene said.
"From what we've seen in the evolution of Windows ransomware, we can expect to see some advanced stuff following this," he added.
New POS Malware
The Target data breach during the 2013 holiday season showed how vulnerable retailers are. A recent discovery by Proofpoint will add to that feeling of vulnerability.
The company last week identified a new point-of-sale malware program that it's calling "AbaddonPOS."
Once planted on a system, the malware searches for credit card information in the memory of all processes, except its own.
Unlike typical POS malware, which exfiltrates data using the commonly used HTTPS protocol, AbaddonPOS uses its own protocol to exfiltrate its stolen information. That could be a measure to foil security programs that analyze network traffic for potential bad behavior.
Consumer Threat
The delivery method of the POS malware also is disturbing. It's being incorporated into the repertoire of a banking Trojan called Vawtrak. What that means is that Net bandits are folding POS attacks into their all-purpose toolkits.
The practice of threat actors increasing their target surfaces by leveraging a single campaign to deliver multiple payloads is by now a well-established practice, Proofpoint explained.
While using this technique to deliver point-of-sale malware is less common, if continued, the approach of the U.S. holiday shopping season gives cybercriminals ample reason to maximize the return on their campaigns by distributing POS malware that can capture the credit and debit card transactions of shoppers.
"Clearly any software capable of stealing credit card data poses a risk to card-using shoppers and card issuers," added Kevin Epstein, vice president of advanced security and governance at Proofpoint.
"The appearance of a new variant of such software just before the holiday shopping season is alarming and suggests criminals are very aware of the potential for major financial gain," he told TechNewsWorld.
