Category Archives: Online Security

India becomes the top source of Spam emails in Q3 2011

spamAccording to a recent report from Internet security company Kaspersky Labs, India has become the top source of spam emails for the third quarter of 2011.

During this period, about 79.8% of total emails sent were spam and out of this, 14.8% originated in India. The second and third positions are also held by developing nations Indonesia with 10.6% and Brazil with 9.7%. All of the top ten sources are Asian, South American or Eastern European countries.

spam_countries

With limited or no laws at all to tackle the issue of spam, these countries have become the safe haven for criminals looking to exploit the internet community by spamming.

India’s huge internet user base (which is currently the third largest behind China and US) and lack of awareness among the general public about general security practices could have been the reason for India’s rise as the world’s spam capital.

Some of the other important details from the Kaspersky Spam Report are –

· In Q3 of 2011, the share of spam in mail traffic was down 2.7 percentage points compared to the previous quarter, averaging 79.8%.

· The percentage of fraudulent emails in spam traffic increased twenty times, reaching 2%.

· Asia and Latin America remain the most prominent sources of spam.

· The share of partner program spam went up 5.7 times, accounting for 29% of all spam.

· The percentage of emails with malicious attachments grew by 1.17 percentage points and averaged 5.03%.

· The share of phishing emails averaged 0.03%. Three social networks were among the Top 5 organizations targeted by phishers.

You can read the entire report here.

Big Shot Gaming Companies Drop Support for SOPA

Well it seems like the much maligned Stop Online Privacy Act has been steadily losing support as time goes by. The Internet, for all its loose frivolities and nonexistent persistent loyalties has banded together to effectively stop a Big Brother-like monitoring legal tool from ever being born. As the senate keeps debating the bill, many of the copyright-loving companies such as EA, Sony and Nintendo have been pressurized by both their fans online as well as their employees to drop support for this bill.

USSenate

SOPA, along with its sister law PROTECT-IP has been at the receiving end of much criticism from the citizens of the United States. The bills, if enacted, will allow any content-owning person to order a takedown of a site that either hosts their content or even links to their content. Considering that much of the internet is based upon the linking to-and-fro of copyrighted content, this effectively curbs the freedom of the internet as we know it. Moreover, if the content owner so wishes, he or she may order the IP address of the infringing site to be blacklisted, rendering the site inaccessible. The kind of horror this can inflict upon aggregation sites such as Reddit is unfathomable.

We just have to hope that big wigs like Nintendo, Sony and EA keep dropping their support and that this bill is never passed.

The Antisec Team Strikes At Online Security Supplies Store

Continuing their role of being a silly bunch of hackers with vague goals and assaulting easy-to-hack sites and then twisting their victims to somehow fit into their agenda, the #Antisec team of [probably] Anonymous has struck again! Now as you can see, I have a poor opinion about these attacks. This is mostly due to their terrible handling of the previous attack on Stratfor and misappropriating stealing money from credit cards. Now I do not know what wrong Stratfor, or their latest target SpecialForces.com did but merely standing by and doing business is something these Anons cannot stand. As I have said before, we live in sad times.

merikurisimasu

The pretext that Antisec put up to attack SpecialForces.com, a security gear supply store (they stock items like knives, combat apparel and the like), is merely existing:-

[W]e are announcing our next target: the online piggie supply store SpecialForces.com. Their customer base is comprised primarily of military and law enforcement affiliated individuals, who have for too long enjoyed purchasing tactical combat equipment from their slick and professionallooking website.

According to the group which is yet to be properly identified (they just mentioned Merry LulzXmasand #Antisec in their release and since they mentioned Stratfor, I am assuming they are Anonymous), this attack is indirectly related to the pepper spraying cop of UC Davis fame. How very… precise, Anons.

We will have more on this as it develops.

Anonymous Hacks Security Company’s Database, Steals Credit Card Information

Anonymous, being the decentralized hacker group that it is, does newsworthy works of note as well as rather asinine things that despoil its name as well as the term hacktivistfor the rest of the world. Its recent escapade falls under the second category wherein Anonymous hackers hacked into security company Stratfor and mined it for credit card information. Apparently this was done to misappropriate the money and use it for donations to charitable institutions for Christmas.

anon

The Austin, Texas-based security company is already in talks with law enforcement to contain the confidential documents’ leak. With clients ranging from Apple Inc. to the U.S. Air Force, the company had better work quickly to save both its reputation and corporate and military secrets. In addition, it seems that Stratfor has pulled a Sony by not encrypting the credit card information, leading to many unauthorized transactions alleged by the victims, especially for those who were in need of the money to get home for the Holidays and the like. Terrible move there, Anonymous.

It also seems like Anonymous forgot about the chargeback fees for unauthorized transactions that have to be borne by charitable institutions like the Red Cross.

I am not sure if Anonymous wants to play Robin Hood and hide behind the veneer and motto of steal from the rich and give it to the poor, but this is not medieval England and they are not exactly stealing from the rich. Their current communiqués glorify this act of blatant stealing in the name of freedom and lulz’. This is definitely not what we expected from Anonymous. It’s a sad Christmas for hacktivism.

[Photo Anonymous is Friendly? by liryon]

 

Amnesty International website Hacked to Serve Java Exploit

Amnesty_InternationalAmnesty International’s UK website was hacked recently, to incorporate an iframe that served a Trojan.

The iframe loads a CVE-2011-3544 based java exploit code, fetched from a Brazilian automobile site which itself was hacked. Security Analyst, Brian Krebs reports that the retrieved executable file is a trjoan classified as Trojan Spy-XR. This Trojan, which relies on a patched Java vulnerability, tracks and steals the affected user’s keystrokes.

According to Paul Royal of Barracuda Labs, the website was compromised on or before December 16th. So, if you have visited the website anytime between and have out-dated Java software, there’s a good chance that your computer is infected. In that case, run a complete system scan using your updated anti-virus. It is also a good idea to change the passwords of your online accounts.

This exploit will not affect you if you had already installed the latest Java updates or if you don’t have Java installed.

This is not the first time that Amnesty’s website was compromised. Last year, their Hong Kong website was hacked to spread malware of similar kind. The UK website itself has been compromised previously to exploit a Flash Player zero-day vulnerability.

Speculating about motive for the attacks, Paul went on to say in his blog post that,

The working theory for this anomaly relates to Amnesty International as a human rights non-governmental organization. To explain, certain countries use zero day exploits and other techniques to gain electronic information about the activities of human rights activists. Of course, a subset of these activists are too smart to click on links in even well-worded spearphishing emails. But what if you compromised a website frequented by these activists (e.g., Amnesty International)? Then your targets come to you. The context-specific damage potential is significant.

GoDaddy Supports SOPA, Sparks Exodus From Its Registry Service

When the list of supporters for the Stop Online Privacy Act of the United States of America was put up online, many of the companies were large storehouses of copyrighted information and were predictably backing up this Act. However, one prominent company in that list was GoDaddy. GoDaddy is the largest domain name registrar of the world with [and I quote their own post] around 50 million names registered   to their service.

11

This did not sit well with Reddit user selfprodigy. Selfprodigy moved 51 domains of his small business, his personal domain, as well as threatening to move 300 domains of his company, whose IT he manages, away from GoDaddy.

I just finished writing GoDaddy a letter stating why I’m moving my small businesses 51 domains away from them, as well as my personal domains. I also pointed out that i transferred over 300 domains to them as a director of IT for a major American company.

The end result of this post? A massive exodus from GoDaddy to other registrars such as Namecheap and Hostgator. Joining the ranks of these people is Ben Huh, the CEO of the famous (?) Cheezburger group of sites, threatening to move his 1,000 domains away from GoDaddy unless they stop supporting the SOPA:-

Capitalizing on this opportunity are other registrars who are all offering discounts and the like for new registrations and transfers. such as Hostgator, Name.com, EasyDNS and others.

GoDaddy’s statement on this growing concern is one of infinite confidence in itself. To it, these are but a few drops in a boundless ocean of revenue. Yet I am sure that these drops will rain upon them in a torrent of retribution (pun intended). Protect the freedom of the internet, everyone!

RIAA Caught Downloading Illegal Torrents

Well well well if it isn’t a ripe case of somebody set up us the bomb. At least that is what the Recording Industry Association of America claims after being caught red-handed; many people in its offices have been downloading illegal torrents of movies and music, the same kind of people that the RIAA has been on a crusade against for the past years and fining them enormous amounts of money because it infringed on their copyright. Not only are they downloading music torrents (which some may claim may be for research purposes), they are also downloading TV shows and cracked versions of software. All this was done with the aid of a crawler for torrent downloads called YouHaveDownloaded.com, in which the IP addresses logged in public trackers coupled with your current IP address show the torrents downloaded by your IP address. While totally worthless with dynamic IP addresses or with those who use private trackers to download torrents, it is still a very useful site that can be used for a lot of purposes. That is exactly what Torrentfreak did and caught RIAA, amongst others, in the act of doing exactly what they want to crack down upon.

RIAAban

So what was RIAA’s response to this? We totally did not download it, guys. Seriously!. Yes they gave pretty much the exact excuse that those who get the dreaded legal letter from RIAA suing them do. In most cases, the people whom the RIAA sues are actually innocent, because many people do not know the dangers of having an open WiFi connection, and some do not know what a dynamic IP is. However, it seems that the RIAA has built an interesting excuse to get away with this, as a spokesperson for the RIAA claims:-

Those partial IP addresses are similar to block addresses assigned to RIAA. However, those addresses are used by a third party vendor to serve up our public Web site. As I said earlier, they are not used by RIAA staff to access the Internet.

What is actually funny around here is that it is quite obvious that the IP addresses found to be downloading torrents are completely registered to RIAA such as 76.74.24.146. Moreover a company cannot register a block of IP addresses for its own use and then allowa third party vendor to usethese IP addresses.

For a company that is used to suing children, old people without working internet connections or computers, and even dead people, this comes off as a godly smack on the face. I wish this evil organization is taken down, but if wishes were horses…

[Photo To Doby Benjamin Gray]

Google, Microsoft, Yahoo and AOL Team Up to Combat Phishing

In spite of spirited efforts from email providers, browser developers, and security firms, phishing continues to be a major nuisance. There are already repositories like Phishtank that rely on crowdsourcing to identify phishing campaigns. However, crowdsourcing is not nearly nimble enough to tackle phishing scams that often require just a few hours to cause the intended damage.

Now, a new Cisco spinoff called Agari is trying to tackle the problem by combining multiple sophisticated approaches including authentication of the sender, message analysis, and end-to-end email channel visibility. Google, Microsoft, Yahoo, and AOL, who are amongst the biggest email providers, have joined hands to provide metadata about emails passing through their networks to Agari, which uses its cloud infrastructure to analyze more than 1.5 billion messages every day. It doesn’t receive the actual messages, but might receive suspicious links contained in the message along with miscellaneous metadata. Agari, which is launching today, has Facebook and some of the largest financial institutions, social networks, and ecommerce companies as its customers. Besides the aforementioned four email giants, file sharing website YouSendIt, social network LinkedIn, and Cisco are also part of its trust fabric network.

Agari

“Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo,” for instance, Daniel Raskin, vice president of marketing for Agari, explained to CNET. “They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don’t deliver it, reject it.”

Agari, which had been operating in stealth mode for the past couple of years, protects 50 percent of U.S. consumer e-mail traffic and more than one billion individual mailboxes. During its stealth phase, it rejected more than one billion messages across its email partners. Agari believes that by having end-to-end visibility over most messages it can rapidly react and stop phishing campaigns in their tracks.

FBI’s Operation Ghost Click Busts Operators of DNSChanger Malware

FBI has released details of its Operation Ghost Click which led to the arrest of six operators of an internet fraud ring that had created and distributed a malware called DNSChanger. All of the arrested men were of Estonian descent and worked primarily from Estonia and Russia.

DNSChanger changed the DNS settings of the host computer, so that when a user of the affected system tried to open a webpage, he/she would be re-routed to a website or advertisement as decided by the hackers. The victims were also directed to websites with other potential malware. They had infected about 4 million computers in 100 different countries. United States alone had almost 500,000 DNSChanger infected PCs ranging from those owned by individuals to enterprises to even those used by NASA. The hackers are believed to have gotten at least 14 million dollars from the fraud.

As Janice Fedarcyk, Assistant Director in Charge of FBI’s New York office, read out in a statement,

The harm inflicted by the defendants was not merely a matter of reaping illegitimate income. The defendants also inflicted the following:

They victimized legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud.

Unwitting customers of the defendants’ sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.

Users involuntarily routed to Internet ads may well have harboured discontent with those businesses, even though the businesses were blameless.

And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defence that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.

The rogue DNS servers have been replaced by genuine ones so that the affected users do not have to face disruption of internet services. But do note that this process does not remove the actual virus from the affected system. FBI has released a PDF document with details on how to check whether your system is infected. They have also released a range of rogue IP addresses that was used by the gang.

clip_image001

The details on how to find your IP address and help on cleaning up your system is also detailed in the PDF document mentioned above.

Massive DNS Poisoning Affects Major Brazilian ISPs

Brazil is currently under a massive DNS cache poisoning attack, reports Kaspersky Labs. When a user tries to visit popular, local and global sites, such as Google, Yahoo and Facebook, a popup like the one shown below is displayed. It asks the user to download a security suite called Google Defender in order to access the site.

clip_image002

As Kaspersky’s Fabio Assolini explains in his blog post,

In reality, though, this file is a Trojan banker detected by Kaspersky’s heuristic engine. Research into this IP highlighted several malicious files and exploits hosted there:

80.XX.XX.198/Google_setup.exe

80.XX.XX.198/google_setup.exe

80.XX.XX.198/Google_Setup.exe

80.XX.XX.198/ad2.html

80.XX.XX.198/flash.jar

80.XX.XX.198/FaceBook_Complemento.exe

80.XX.XX.198/ad.html

134XX69350/AppletX.class

80.XX.XX.198/YouTube_Setup.exe

80.XX.XX.198/FlashPlayer.class

80.XX.XX.198/google2.exe

80.XX.XX.198/crossdomain.xml

80.XX.XX.198/favicon.ico

In fact the file ad.html is an encrypted script, exploiting CVE-2010-4452 and running arbitrary code in an old installation of JRE. The exploit detected by us as Exploit.Java.CVE-2010-4452.a calls up one of the files in this list. According to statistics in KSN (Kaspersky Security Network) all the infected users are from Brazil; we registered more than 800 attempts to access this site which were thwarted by our web antivirus.

The attack has been going on for some time. It is suspected that employees of ISP companies, who had access to DNS records, were paid to change them in order to redirect the users to malicious sites. Fabio also notes that an arrest has already been made in this case by the Brazilian Federal Police. The accused (who is an employee of an ISP company) allegedly changed the DNS records over a 10 month period.

So, if you are from Brazil and have experienced similar pop-ups, we recommend that you do not click it. Follow the usual procedures such as updating your OS, security software as well as all other install programs and run a complete system scan. Kaspersky also suggests changing your DNS provider to someone other than your ISP, such as  Open DNS or Google DNS.

Microsoft Releases Fix it Solution for Duqu and Advanced Notification for November Bulletin

Microsoft has released  advanced notification for its November bulletin which will be released on 8th of this month.

This month will see the release of four security updates, of which one is rated critical, two are important and one is moderate. As noted in the table  below  , Bulletin 1 and 2 patches vulnerabilities that enable Remote Code Execution, while Bulletin 3 is for an Elevation of Privileges bug and Bulletin 4 is for a Denial of Service bug.

clip_image001

Of the four security updates, only Bulletin 3 applies to Windows XP and Server 2003. Bulletins 1, 2 and 3 apply to Windows Vista and Windows Server 2008. Interestingly, newer Operating Systems, Windows 7 and Windows Server 2008 R2 requires all four updates.

While Microsoft acknowledged zero-day vulnerability in a Windows component the Win32k TrueType font parsing engine – they did not include an update for this in this month’s Security Bulletin. Instead, they have released a Fix It solution which can be used until an update is released.

The vulnerability, which was utilized by the Duqu worm, will allow a hacker to run arbitrary code in kernel mode, thus giving him the ability to install or run software or to view/edit data. The temporary workaround for this vulnerability is to disable access to T2EMBED.DLL. The Fix it solution released by Microsoft just automates this process.

You can download the Fix it solution from here and the related security advisory can be found here.

In order to protect yourself from the zero-day attacks, make sure that you install the above mentioned updates as soon as they are released.

Stay up to date, stay safe.  

Have you been pwned? PwnedList will help you find out

Do you, at times, wonder whether your accounts have been compromised? If the answer is yes, you can now verify your doubt by using a service appropriately called PwnedList (Pwn is a jargon used by hackers to imply that an account has been compromised).

It was developed by two security researchers – Alen Puzic and Jasiel Spelman, of DVLabs. They explain the birth of PwnedList as:

The site started out as small research project with a rather simple premise. To discover how many compromised accounts can be harvested programatically in just a couple of hours. Well, needless to say, the results were astonishing. In just under 2 hours we had close to 30,000 accounts, complete with logins and passwords. The truly scary part, however, was the quality of data we were able to collect in such a short amount of time. The accounts we were able to retrieve consisted of email services, social media sites, merchants and even financial institutions. It was clear that something had to be done.

At that moment PwnedList was born. We wanted to create a simple one-click service to help the public verify if their accounts have been compromised as a part of a corporate data breach, a malicious piece of software sneaking around on their computers, or any other form of security compromise.

All you have to do is head to PwnedList.com and enter your email id or username in the text box and click Check. The data is then compared with SHA-512 hashes of harvested account dumps stored as key value pairs. The site says that the entered data is used only once for the search and is not stored. Still, if you don’t want to enter your username/email, you can use the SHA-512 hash of your email (or username) instead.

pwnedlist_homepage

So, what if your email or username is identified in their database? Immediately change their passwords as well as passwords of your other accounts just to be on the safe side. See my article, The Layman’s Guide to Computer Security  for tips on creating a strong password.

A Look at Facebook’s Security Infrastructure

25 billion actions a day or 65,000 actions a second! That is the volume of actions generated by Facebook’s 800 million users. And Facebook this week, released some information about its massive Security infrastructure called the Facebook Immune System or FIS that scans all of these actions for any kind of suspicious activities.

As New Scientist explains,

It protects against scams by harnessing artificially intelligent software to detect suspicious patterns of behaviour. The system is overseen by a team of 30 people, but it can learn in real time and is able to take action without checking with a human supervisor.

The system was developed over a three year period and the numbers released by Facebook shows that it has been pretty effective. The number of users affected by spam has been reduced to less than 1%. Even though that 1% accounts for about 8 million users, with a little bit of caution from the end user while using Facebook, that number can be reduced even further.

Microsoft Research has put forward a PDF detailing the principles of FIS. According to it, the main components of FIS are

• Classifier services: Classifier services are networked interfaces to an abstract classifier interface. That abstraction is implemented by a number of different machine-learning algorithms, using standard object-oriented methods. Implemented algorithms include random forests, SVMs, logistic regression, and a version of boosting, among other algorithms. Classifier services are always online and are designed never to be restarted.

• Feature Extraction Language (FXL): FXL is the dynamically executed language for expressing features and rules. It is a Turing-complete, statically-typed functional language. Feature expressions are checked then loaded into classifier services and feature tailers1 online, without service restart.

• Dynamic model loading: Models are built on features and those features are either basic or derived via an FXL expression. Like features, models are loaded online into classifier services, without service or tailer restart. As well, many of classifier implementations support online training.

• Policy Engine: Policies organize classification and features to express business logic, policy, and also holdouts for evaluating classifier performance. Policies are Boolean-valued FXL expressions that trigger responses. Policies execute on top of machine-learned classification and feature data providers. Responses are system actions. There are numerous responses.

Some examples are blocking an action, requiring an authentication challenge, and disabling an account.

• Feature Loops (Floops): Classification generates all kinds of information and associations during feature extraction. The floops take this data, aggregate it, and make it available to the classifiers as features. The floops also incorporate user feedback, data from crawlers2, and query data from the data warehouse.

clip_image002

Although FIS has come a long way in tackling spam, it should be noted that FIS is still vulnerable to tactics that are new to it, such as,  socialbots. A socialbot works by sending friend requests to random people. The profile data of people who accept this friend request is used for identity theft, phishing attacks etc.

So, it is always up to the end user to remain cautious of these types of attacks in order to protect their personal information.

You can find some of the common tips to protect your Facebook account here.

An Interview with an OpDarknet Anon

By now a good chunk of you all will know about OpDarknet. This is a new operation by the nebulous collective of Anonymous to purge the DarkNet, also known as the deep web, which is a microcosm of hidden networks that is unreachable by conventional web crawlers.

For this reason, the DarkNet is a treasure trove for those interested in illicit information and materials such as illegal drugs, arms and ammunition and child pornography (CP).

anonops
The fact that innocent children are being exploited to feed the urges of a number of perverse individuals did not sit well with Anonymous and thus #OpDarknet was born:-

On October 6th, 2011 some of us Anon were doing research into encryption and security.   The ‘darknet’ sites of TOR, I2P, and Freenode peaked our interest.   We were aware that, TOR and I2P where originally designed to protect individuals from the oppressive governments of China, Iran and protect Free Speech.

What we discovered was quite the opposite.   An growing and large of community of pedophiles was abusing such systems for personal profit.   To demonstrate this, The Hidden Wiki’s “hidden” section, the ‘Hard Candy’ is stated to be:

* This wiki page discusses resources specifically for people who are attracted to children. This can include everything from discussion groups to ostensibly legal images of children in dresses to full-out child pornography. The term children here refers to children and teenagers.

To explain how popular this community of pedophiles is.   The total page views of the Hidden   Wiki ‘Hard Candy’ section as of October 20th, 2011 is a total 2,055,701.   The total view count of main index (non-pedophilia content) of The Hidden Wiki was 2,677,430 time.

Considering the scope of this mission and its success, we initiated a brief interview on the #OpDarknet channel of the anonops server on IRC with a user named arson’ representing #OpDarknet. This operation is a worldwide phenomenon, as most other Anonymous operations are with Anons in every continent (as stated by arson). Arson forewarned us that much of the operation is still secretive and that they may not be able to answer all the questions put forth by us.

opdarknet

Techie Buzz (TB): Pastebin data reveals that there is a huge amount of CP proliferating the DarkNet and most of the people there are staunch with their refusal to remove it since it is their “last safe haven” so to speak. Will it end in a stalemate?

Arson (A): I don’t believe it will. There are enough of us that operations go on around the clock nonstop, and we are gaining new supporters every day.

TB: And the process of your attacks will mostly be the same, i.e. DDoS (Distributed Denial of Service Attack) and when possible the unveiling of personal information of people involved in this kind of work, yes?

A: That I cannot say. What I can say is we will continue to take down the servers with any method necessary, and our research team will continue to dig up detail on the pedophiles.

TB: I see. This brings up my next question: is this attack only against CP or will it also continue to get rid of the the underground markets such as the silk road, the farmer’s market and the contract killers etc. on the DarkNet?

A: This is only against CP

TB: Is there any connection between this op and the shut down of /r/jailbait? I know this is a rather lame question but the two events occurred quite close to each other so I was wondering. (Also the fact that a news channel got wind of [almost] CP proliferating on the clearnet and thus debasement of a collective of the internet followed.)

A: To my knowledge, there is no connection between #OpDarknet and the shut down.

TB: How do you think the attack will affect the BitCoin (BTC) economy, since a very high amount of transactions are done using BTC in the DarkNet and the fact that you guys have struck a nerve there may put a pause to a majority of the transactions there since it might be deemed unreliable.

A: The majority of transactions have nothing to do with CP, and as for the illicit ones that do, they should feel evasive of buying or selling any sort of CP related material.

TB: This might be nitpicking, but considering that CP-related material proliferates every bit of the DarkNet (from whatever I can see, it’s either that, or drugs or misc. shady deals) which is bought by BTC won’t the BTC market fall?

A: You might say so, but in doing that, you’re saying that BitCoins rely on child pornography. Forgive me for sounding crass, but if that’s the case, then the currency is doomed at heart.

TB: Why the sudden turn of events to policing the DarkNet? Was there any trigger for this operation?

A: We vowed to fight for the defenseless, there is none more defenseless than innocent children being exploited.

TB: Thanks a lot arson. Any final words you’d like to add?

A: We aren’t doing it for the recognition, or the PR. We are doing this because it’s what is right and what should have been done a long time ago.

The Anonymous collective is hell bent on weeding out the smear of child porn from the DarkNet’s servers (specifically from Freedom Hosting) and it seems that they will punch through the staunch defense of the hidden web’s CP aficionados. However, if these people fled the searchable internet to the hidden one to pursue their ghastly pursuits, with enough time they may yet flee to a darker layer of the deep web to proliferate. Moreover, this is just a sprightly small step to be rid of the plague of child pornography and there are many miles to go before #OpDarknet sleeps. We hope the mainstream media picks this up and champions a campaign to get to the root cause of this exploitation. Kudos to #OpDarknet!

Germany is Using Trojan Spyware on its Citizens?

Today, I received a letter from Emsisoft that explained how a well known group of hackers in Germany discovered and tested a trojan program that’s used by the German Federal government to spy on its citizens. These white hat hackers, known as the Computer Chaos Club, determined that the “R2D2″ or “State Trojan” is not only able to spy on an infected target computer, it’s also able to download more software and remotely control the target computer. So far, it’s designed to work only on Windows based PCs.

Spy Man

Back in 2008, Computerworld reported that WikiLeaks documents provided information that Germany had hired a company named “Digitask” to create a trojan spy program for them. A few days ago, ZDnet was confirming that a few of the German State agencies have admitted to using this trojan in their investigations. Naturally, these were “legal” uses of the trojan, and required a judge’s signature.

The Electronic Frontier Foundation was curious to see if the U.S. Government had similar trojans, and in 2008, they submitted  a FOIA request. Unlike many other attempts to get information released, the EFF received documents that revealed how the FBI was investigating ways to intercept Skype conversations. I think we can assume that since then, the U.S. has done more than just “investigate” how to spy on Skype.

What does all of this mean to the average Windows user? It means that you not only have to worry about threats from the usual hackers after your money, you also have to worry about “Big Brother” trojans from your own government. Fortunately, companies like Emsisoft, F-Secure and Sophos have assured us that they intend to search and elimate government trojans as well as the typical spyware we’re used to seeing.

For those of you who are using Macintosh or Linux instead of Windows, feel free to stick out your tongue and say “na na na na na na“. You don’t have to worry about these trojans … for now.