TIME espionage

U.S. Shadow Group ‘Has Embedded Spyware in Foreign Computer Networks’

Iran, Russia, Afghanistan and Pakistan are among the nations allegedly infected with the malicious "implants"

The U.S. has succeeded in embedding virtually untouchable “implants” that are capable of spying on and even damaging foreign computer networks, according to a new report from a Russian cybersecurity company.

Kaspersky Lab says the malicious spyware is the work of a shadow entity called the Equation Group, which has allegedly infiltrated networks in Iran, Russia, Pakistan and Afghanistan. The report says India, China and Syria are some of the other nations with a “high infection rate.”

According to Kaspersky, the implants are different from other cyberattacks in that they directly infect a computer’s firmware — the software that links directly to the hard drive.

This means that it is beyond the reach of most antivirus and security products, and is immune to efforts to wipe clean or even replace hard drives since it can be recalled at will. It also has the ability to unravel a system’s encryption and permanently store data in a hidden area, says Kaspersky.

“It means that we are practically blind and cannot detect hard drives that have been infected by this malware,” said Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team.

“Your computer won’t boot up and you can’t use it,” Andrew Regenscheid of the National Institute of Standards and Technology told the New York Times in an interview, explaining the effect of a firmware infection. “You have to replace the computer to recover from that attack.”

TIME movies

Review: Chris Hemsworth in Blackhat: Thor Takes Up Typing

Film Title: Blackhat
Frank Connor—Legendary Pictures Tang Wei and Chris Hemsworth star in Blackhat

The Marvel-movie stud plays that rarest of heroes — a hunky hacker! — in Michael Mann's dreamlike crime drama

Nicholas Hathaway has the name of a plutocrat with a stable of polo ponies, and the body of a movie superhero. The body part makes sense, since he’s played by Chris Hemsworth, who is the outlandishly sculpted Thor in Marvel movies and was recently chosen as PEOPLEs Sexiest Man Alive. Think of the young Brad Pitt, but pumped up, stripped down and hanging in a slaughterhouse. Sirloin beefcake.

The WASP moniker is to alert you that Nicholas, currently doing time in a federal penitentiary for cyberhacking, is a Hamilton Fish out of water. He keeps to himself, exercises in his cell and — to judge from his sheaf of books — is prepping for a Harvard correspondence course in 20th-century French philosophy. Living in what might be called voluntary solitary confinement, he is a Michael Mann kind of guy.

From his 1979 TV movie The Jericho Mile, about a Folsom lifer who runs at Olympic speeds around the prison yard, through the big-screen dramas Thief, Manhunter, Heat and Public Enemies and the innovative TV shows Police Story, Crime Story and Miami Vice, Mann has compiled a résumé that reads like a rap sheet. So often his protagonists are superior loners, bringing the dedication of high priests to jobs that happens to be illegal. Nicholas, in the new Blackhat, is one of these underworld aristocrats. Hemsworth may have the least likely physique for a genius hacktivist who spends much of his time typing — but, as any Mann production constantly reminds you, plausibility is for simps.

You might expect a cyberterror movie c. 2015 to trade in conspiracy theories about certain powerful or deranged Asian nations bolloxing U.S. Defense Department computers, but that’s not Mann’s way. Shooting a script by first-timer Morgan Davis Foehl, the director springs Nicholas from jail to send him and the Chinese-American brother-sister act Dawai and Lien Chen (Wang Leehom and Tang Wei) jetting from L.A. to Hong Kong, Indonesia and Malaysia in search of one rogue hacker with a nefarious scheme to… corner the world markets in soy and tin.

Blithely deflecting any audience anticipation of headline relevance or, really, human connection, Blackhat also abandons its own plot for long, closeup studies of bodies in rest or motion. The movie makes space for a romance between Nicholas and Lien, which it anatomizes in a series of languorous attitudes, like a Calvin Klein commercial without the briefs. (Tang Wei, who sizzled as the heroine of Ang Lee’s sexy drama Lust, Caution, is virtually invisible here.) The love scenes can’t match the erotic heat Mann applies to shots of the hackers’ traveling computer code. Those montages make malware a fashion statement: “our spring collection of malwear.”

Viola Davis — looking as if she were not cast in the role of Nicholas’s federal minder but sentenced to it — is replaced halfway through the film by the chief villain’s thugs: bad-guy character actors whose hard, gnarled faces hint at biographies more fascinating than those of the leads. The synching of words and lips is almost random, as if lines of dialogue had been rewritten in postproduction and dubbed in. The final chase scene involves deadly fights during a ceremony involving hundreds of people who pay no attention to the mayhem around them.

By this point, viewers will either give up or go with the slow flow, as if swimming through the most picturesque sludge. Surrender to the images and to the score (some of it by Atticus Ross, Trent Reznor’s collaborator on the most recent David Fincher films), which lends the murky proceedings a thrumming undertone that soothes as it menaces, like Gitmo Muzak. Blackhat is not so much a movie as a hallucination — which should please the Mann coterie and leave Hemsworth fans scratching their heads and biding their time for Avengers: Age of Ultron this May.

TIME Security

The FBI Is Warning Other Companies After Sony Hack

How Hacker Sleuths Found Zhang Changhe in Trail From Myrtle Beach to China
Bloomberg—Bloomberg via Getty Images Joe Stewart, director of malware research at Dell SecureWorks, a unit of Dell Inc., speaks to a colleague in front of a pair of large wall mounted monitors in his office in Myrtle Beach, South Carolina, U.S., Friday, Jan. 18, 2013. S

The malware overrides data and prevents computers from booting up

A devastating malware attack used against Sony Pictures Entertainment last week could be a threat to other businesses as well.

In a five-age confidential warning first reported by Reuters, the FBI describes malicious software used in an attack that appeared similar to that used against Sony, though it didn’t mention the company by name. The FBI report provided technical advice to other businesses on how to respond to the malware.

The attack against Sony shut down the company’s email and other key systems for a week shortly before the holiday season, when the company will release several big-name movies. Several of Sony’s titles leaked online shortly after the hack before most of them even made it to theaters.

The FBI document warned of malware that overrides data on computer hard drives and prevents computers from being booted up. The agency said it was investigating the attack, while Sony said it hired FireEye’s Mandiant response team to help clean up the company’s systems.

Some reports have tied the attack to North Korea, which has promised retaliation for an upcoming Sony comedy about a plot to kill North Korean leader Kim Jong-un.


TIME Security

Apple Isn’t Aware of Any iOS ‘Masque Attack’ Incidents Yet

Fackbook Acquires WhatsApp For $16 Billion
Justin Sullivan—Getty Images The Facebook and WhatsApp app icons are displayed on an iPhone on February 19, 2014 in San Francisco City.

Spokesperson downplays the threat posed by malware that can mimic an app

Apple has no knowledge yet of an iOS user suffering from a “Masque Attack,” a company spokesperson said Thursday, responding to recent reports that a malware infected app could open a pathway to user accounts.

Cyber security experts at the firm FireEye disclosed the method of attack on Monday, in which a hacker can email or text message a link to a popular app, such as a “New Flappy Bird” game. The link uploads malicious software that replaces an existing app with an identical looking facade and opens a pathway to login credentials and sensitive data.

“We’re not aware of any customers that have actually been affected by this attack,” Apple said in a statement to the San Jose Mercury News, adding that customers should never download apps from unknown sources outside of the App Store.

The U.S. Computer Emergency Readiness Team, which operates under the Department of Homeland Security, issued a warning Thursday about the attack.

[San Jose Mercury News]

MONEY identity theft

Data Breach Tracker: All the Major Companies That Have Been Hacked

You're not just imagining it: Lately, a new data breach has been reported almost every week. Here's how to find out if your information has been exposed.

At this point, there have been so many data breaches, it’s more likely than not that some of your personal information has been compromised. “There are two kinds of consumers — those who know they’ve been breached, and those who don’t,” says Identity Theft Resource Center president and CEO Eva Velasquez.

Many Americans are in the first camp. According to a Gallup poll, 27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.

It’s hard to say whether there has really been an increase in the number of data breaches, or we’ve just gotten better at detecting and reporting incidents, Velasquez says. Either way, the outdated magnetic stripe technology in the United States probably makes it too easy for hackers to run off with your credit card number.

“Thieves are going to go where it’s easiest to steal,” Velasquez says. “We’ve got the most antiquated technology protecting the actual cards, and we’re the biggest issuer of those cards – we’re a treasure trove.”

At MONEY, we’re tracking the major data breaches that may have exposed your personal information in recent months. Read on to see if you’ve been affected. If so, we’ll walk you through what you need to know about protecting yourself from identity theft.


TIME Security

Facebook and Twitter Users: Don’t Fall for MH17 ‘Actual Footage’ Scams

Be very careful which MH17 news stories you click on, especially on Facebook and Twitter, where scammers are exploiting the tragedy to spam you.

If you run across Facebook pages touting pictures of Malaysia Airlines MH17 crash victims, or tweets linking to reports on the disaster, warning: they may be fakes, harbor malware or redirect you to pornographic websites.

The BBC reports that fraudsters are exploiting the tragic destruction of Malaysia Airlines Flight 17, ostensibly shot down by a ground to air missile on July 17, by bait-and-switching users with promises of shocking video footage or tribute pages to victims that instead link viewers to spam or other offensive content.

In one instance, a Facebook page was created the day the plane crashed that purported to have video footage of the crash itself, says the Daily Mail. Clicking the link promising the video redirected viewers to a spam site, which of course contained no such video. The Facebook page has since been removed, but security expert TrendMicro, which blogged about some of this cybercriminal activity on July 18, expects MH17 exploitation to continue.

In other instances, as noted by TrendMicro, people may be using the tragedy to boost web traffic, posting suspicious tweets with links to malicious sites harboring malware, but also seemingly legitimate ones in hopes of “gaining hits/page views on their sites or ads.”

So beware and think before you click, especially if you see claims like “Video Camera Caught the moment plane MH17 Crash over Ukraine” (as noted by the BBC). There is no such video, and the chances are all but certain you’re being gamed based on someone’s perverse attempt to mine an unspeakable calamity. What you can do, on the other hand, is report such suspicious activity to Twitter or Facebook.

TIME Security

FBI Arrests Over 90 ‘Creepware’ Hackers

US Prosecutor Announces Major Crackdown On Cybercriminal Malware
Andrew Burton—Getty Images Preet Bharara, U.S. Attorney for the Southern District of New York, announces a massive law enforcement action targeting the creators of the Blackshades software - a malicious computer software that was openly sold on a website- on May 19, 2014 in New York City.

The snooping software allowed hackers to gain control of others' computers, and was famously used to take nude pictures of a former Miss Teen USA through her webcam

Law enforcement agents have arrested more than 90 hackers accused of infecting more than half-a-million computers worldwide with malicious snooping software, of the type used to surreptitiously snap nude photos of a teenage beauty queen last year.

Miss Teen USA Cassidy Wolf was one of the more prominent victims of the malware. One California hacker, Jared James Abrahams, admitted using it last year to gain control of Wolf’s computer webcam and take naked photos of her. He later tried to extort more nude photos from Wolf by threatening to expose them online.

The suspects were charged Monday with developing, selling and marketing a remote access tool, or “RAT,” that allowed users to infiltrate computers, view files and steal personal data from unwitting victims. The original creator of the software, who founded an organization called “Blackshades,” was arrested in June 2012, but investigators said an international ring of hackers continued to sell and disseminate the software after his arrest, reaching thousands of people in more than 100 countries.

19 countries participated in the arrests, and more than 300 searches had been conducted in what law enforcers described as one of the largest cybersecurity operations in history.

“As today’s case makes clear,” said Preet Bharara, U.S. Attorney for the Southern District of New York, “we now live in a world where, for just $40, a cybercriminal halfway across the globe can – with just a click of a mouse – unleash a RAT that can spread a computer plague not only on someone’s property, but also on their privacy and most personal spaces.”


TIME justice

Global Raids Underway Against “Blackshades” Hackers

After months of investigation, law enforcement officials in the U.S., Europe and Asia are cracking down on a hacking network employing a computer program known as “Blackshades,” which can be used as malware to control the computers of unwitting people

The FBI and law enforcement officials in countries around the world launched a massive, coordinated series of raids late this week against users of a computer program known as “Blackshades,” officials familiar with the busts tell TIME.

The raids took place in more than a dozen countries, and involved the arrest of dozens of suspects, according to the officials. Several U.S.-based suspects charged in the investigation were still being sought, the sources said.

The “Blackshades” program is sold legally around the world but can be used as malware to control the computers of unwitting people, collecting their personal information and hijacking their computers for illegal attacks.

In at least some of cases, the hackers allegedly took private online account information from users, one official familiar with the investigation said.

The investigation was months in the making and involved law enforcement agencies in Europe, Asia, Australia and North America. The U.S. charges are still sealed.

The raids were first reported on websites frequented by hackers and subsequently by the Wall Street Journal.


TIME Security

Android Gets a Malware Scanner for Google Play Store Apps


A new Android security tool from Google will periodically check for threats, but not the ones you've been hearing about lately.

Google is adding another layer of security to Android by periodically checking users’ Google Play Store apps for malware.

The new malware scanner in Android is an extension of Google’s “Verify Apps” tool, which in the past has only scanned apps from outside of Google Play, and only upon installation. The updated version will perform routine checks even after an app is installed, regardless of where it came from. If the scanner detects an app that’s potentially harmful, users will see a warning and an option to remove the offending app.

Google already scans apps before letting them into the Google Play Store, using a tool called “Bouncer.” But Bouncer doesn’t exist on users’ devices, and doesn’t scan apps that users have installed already. It’s also not foolproof, for a variety of reasons. With the new malware scanner, Google can keep a closer eye on apps that users are actually running on their phones and tablets.

In an interview, Android security head Adrian Ludwig said not to expect any significant impact on system resources. The scanner will be triggered by behaviors that are potentially harmful, such as premium text messages and root access, but otherwise will check in every couple days or so. “It’s very, very lightweight, and not something we’d ever expect a user to interact with,” Ludwig said.

Ludwig wouldn’t say how many users have been infected by malware through Google Play Store apps in the past, and said that any data from the malware scanner rollout is still too preliminary to share. But he did say that for apps outside of Google Play, users only installed them 0.18 percent of the time after being warned about potentially malicious behavior. Google expects that most users will never come across a warning.

It’s worth noting that many of the questionable Android apps that have made headlines recently would not fall under the malware scanner’s purview, because Google doesn’t view these apps as harmful to users.

For instance, Virus Shield, a $4 app that purported to wipe out security threats but actually did nothing, would not be detected by Google’s Verify Apps tool. Although Virus Shield was a scam, the app itself didn’t cause any further harm once users had purchased it. (Google has removed Virus Shield from the Play Store, and users can request refunds in these kinds of situations.)

Verify Apps also wouldn’t have picked up on Google Play Store apps that are secretly mining Litecoins and Dogecoins on users’ devices. Two such apps were discovered this week by security firm TrendMicro, and they’ve since been removed from the Google Play Store.

The issue in that case appeared to be that the apps weren’t disclosing their behavior, but Ludwig defended cryptocurrency mining in general as a potential business model for developers. “I think cryptocurrency is an extraordinarily good example of innovation happening that could not happen on a platform that blocks first and allows later,” Ludwig said. He added that the industry will have to think about how to disclose and implement cryptocurrency mining, and some of those practices may not be appropriate for Google Play, but he defended Android’s ability to let developers experiment.

Google’s attitude toward what constitutes malware underscores the divide between the company and third-party security firms, who sell their own apps to combat threats on Android. As another example, a popular flashlight app that secretly tracked users’ locations and sold the info to ad networks would probably not be flagged by Verify Apps, but many third-party tools will detect such behavior and send a warning to users.

While security firms do tend to overstate Android security risks — particularly by pointing out obscure apps or apps from outside of Google Play — they also offer a level of protection that Android on its own does not. (Google, for what it’s worth, sees the availability of these tools as a benefit of Android.)

Verify Apps is part of Google Play Services, which means users don’t have to do anything to add it to their devices. It’s enabled by default, but users can disable it by going to Google Settings > Verify Apps or Settings > Security > Verify Apps, depending on the Android version. The new malware scanner is rolling out gradually, and will be available on devices running Android 2.2 or higher.

TIME malware

Beware: Missing Malaysian Flight Malware Is a Thing

The search for a missing Malaysia Airlines passenger jet
Hotli Simanjuntak—EPA Indonesian Search And Rescue (SAR) personnel keep a lookout on a rescue ship that is heading to the Andaman sea conducting a search operation for the missing Malaysian Airlines plane flight MH370, in the Indian Ocean, near the tip of Sumatra Island, Indonesia, March 15 2014.

Facebook and Twitter links promising video of the missing plane are bogus

Don’t believe the web-hype. Fake links promising unsuspecting web surfers “shocking” videos of missing Malaysia Airlines Flight MH370 are scams. Video links are spreading on Twitter and Facebook with titles suggesting that the flight was discovered and that handfuls of passengers have been saved, CNET reports.

How to spot a bad link? Sample hoax links could include headlines such as these:

“Shocking Video: Malaysian Airlines missing flight MH370 found at sea”

“Malaysian Airplane MH370 Already Found. Shocking Video Release Today by CNN”

“Plane has been spotted somewhere near Bermuda triangle. Shocking videos released today. CNN news”

The Facebook links require those who click to complete a survey similar to ones frequently found on the site that request access to profiles. But in this case the information users provide goes to hackers. CBS News reports the company has removed the links; phishing scams and spam violate the sites community standards.


Your browser is out of date. Please update your browser at http://update.microsoft.com