MalwareTech is a website that is all about cyber attacks and how to protect oneself from these annoying events.
Global cyber attack is using US spy hacking tools | Daily Mail Online: Readers have alerted me to this breaking story last night while I was in bed. Yes, bitcoin ransom is being used by criminal hackers to ‘fix’ a mess made by the fact that many computers run on systems I don’t use, that is, the good old Microsoft systems and in this case, the old, no longer supported Microsoft systems. What this event has done is force many businesses and others to upgrade their systems. There is danger in running old systems. And the ‘bitcoin’ part of the story is funny: it proves that the people running this fake money business that it is mainly useful for criminal actions otherwise, there is no point in having it.
From day one, I figured that ‘bitcoins’ were for nefarious actions because otherwise, why bother with the stupid things? They have no more ‘intrinsic value’ than say, antique sports cards which have ‘value’ because collectors want to have these for various reasons.
The fake money thing is similar: the only people who would find any earthly use for these things are criminals who don’t want paper money that can be tracked, for example. Demanding gold is no good because it is physical and real. The online bitcoin operation, on the other hand, can be used by criminals because they control this ‘currency’ themselves.
What can you buy with bitcoins? I asked this question because there seems to be limited use of this ‘money’ as ‘money’. The answer is, ‘yes’ but I probed further.
Global computing giant Microsoftadded bitcoin as a payment option for a variety of digital content across its online platforms in December 2014. According to the company’s payments information page, US-based customers can now use bitcoin to add money to their accounts, which can then be used to purchase content like apps, games and videos from its Windows, Windows Phone and Xbox platforms.
Good enough. So how does this work? CSV_BitcoinHowTo.htm
So, it is not as good as old fashioned money. Note the ‘You can’t use bitcoin to purchase Microsoft products and services directly…’ It has to first be translated into real money. You have to put it into an ‘account’ and then when it is turned into real money by someone else, then it is ‘real’.
There is not direct payment system like with real money issued by governments. Who backs government money? Well, if a country goes bankrupt, one of the first signs is, the currency is destroyed via ‘inflation’. The US has inflation as our government toys with debasing the currency to run things via rising debt.
What was the intrinsic value of gold? Well, it was LIMITED. The bitcoins did the ‘limit the number of coins’ business and sure enough, thanks to traders who want to use it mainly for criminal stuff, it climbed in ‘value’. But it has zero ‘intrinsic value’. Gold, silver, copper, nickel, etc. all have other uses that is, they can be transformed into all sorts of other things we need like tools.
Gold is a funny wealth item. It was beloved because it was shiny and didn’t go bad like say, rusting away. It is the same no matter how many eons pass. So it was valued highly by rulers who wanted eternal life which is why the Egyptians would dig up gold, process it and turn it into art works which were then promptly buried or hidden away in all sorts of places which were then systematically looted.
In the European looting of Egypt, this gold went into new systems called ‘museum’ where it is viewed by people and has great ‘value’ but if there was a collapse of empire and the museums were looted, it would be melted down by barbarians and turn back into a mere metal to be used again in some fashion.
The looting by Spain of great mountains of treasure in the New World civilizations conquered by foreign powers flooded into Europe making Spain very rich only to destroy the home industries and systems which rotted away so within 300 years, Spain was weak and poor after frittering away their treasures which flowed into the Catholic Church and wild spending sprees on wars with England, etc.
The Church spent money wildly during this time which led to it falling apart. The Puritans, for example, were a reaction to gold pouring into the Vatican. People who rejected gold hunting ended up building industries and educational systems and said, ‘Hard work is valuable, not gold’.
Overstock became the first major retailer to accept bitcoin when it made the announcement back in January 2014. The firm offers everything from furniture to jewellery to electronics. Prices are in dollars but there is an option to pay in BTC on the checkout page. Initially a US-only offering, the firm opened up bitcoin purchases to over 100 countries in September.
The list of places where you can ‘buy’ using bitcoins are mostly crummy sites online. And all of them require it first being turned into ‘real money’ before the purchase is finalized.
So, this weird site will accept this fake money created ‘mined’ by computer hacker guys? HAHAHA. Now remember this bit: YOU HAVE TO PAY FOR BITCOINS VIA MONEY. That is, you need to have x number of dollars of government issued money to get this fake money. What a fine transaction!
You could ‘buy’ bitcoins and speculate with it…or put money in various accounts in banks and collect interest. The ‘trading card’ element in bitcoins is what keeps it as a trade item. It is a fad. If things go bad, it will end up worthless unlike gold, silver, etc.
Why bother parking money in bitcoins? There are two reasons: crimes like today’s hacker crimes, or speculation that others will want this fake money and thus, bid up its value. And the basis of this value remains ‘crime’ since criminals are the main people who need this ‘money’ because it can’t be traced…so far.
I am assuming that computer hacker guys will create bitcoins out of thin air outside the official systems and flood it with too many fake coins which are mainly electronic code in the first place. Global cyber attack is using US spy hacking tools | Daily Mail Online
But with the virus spreading at a rate of five million emails per hour, tens of thousands of victims have now been reported in 99 countries including the US, Australia, Belgium, France,Germany, Italy and Mexico.
Russia is thought to have been among the worst hit by the ransomware amid reports that 1,000 computers in the country’s Interior Ministry were affected, but sources say no information was leaked.
Ministry spokeswoman Irina Volk told Russian news agencies it had ‘recorded a virus attack on the ministry’s personal computers controlled by a Windows operating system.’
Hackers are not getting lots of loot via this business. Why pay them a penny? They can do it all over again a day later! The only solution is to dump all the old computers and upgrade. I upgrade and I am a little person. But then, I have been using computers all my life and have been on the internet since its inception.
Microsoft won’t be held responsible for this attack because the people being attacked all use outdated systems that are vulnerable. This is why investing in better systems is so important. Just this year, I got notifications from Apple that my computer systems running on the old format was no longer stable and I had to move to a newer system which I did only during the planned transition, my old computer developed an electronic short and I had to buy a new computer.
Microsoft computers are…cheap! And they are attacked by hackers nonstop because there are so many of these to attack. So these attacks happen…nonstop. This one happened to get through into the news because the hackers wanted money.
All the big people being hit will not pay any money but instead, bring in experts to untangle the mess and there are various ways and this will cost money but then, the laziness in updating programming is what exposed them all to this hacker business.
Some big firms in Spain took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of ‘a massive ransomware attack’.
Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised.
Security teams at large financial services firms and businesses were reviewing plans for defending against cyber attacks, according to executives with private cyber security firms.
Yes, about time. One would imagine they would all be doing this anyways. Preventing hassles like this means spending money to keep systems secure.
A cybersecurity researcher told AFP they appeared to have discovered a ‘kill switch’ that could prevent the spread of the ransomware for now.
The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.
‘Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,’ @MalwareTechBlog told AFP in a private message on Twitter.
So…according to this story, the malware that exploits the multitude of weaknesses in the Microsoft systems is easy to stop? Interesting. Mapping Mirai: A Botnet Case Study | MalwareTech
Mirai propagates by bruteforcing telnet servers with a list of 62 horribly insecure default passwords, starting with the infamous admin:admin. Although Mirai could technically infect any box upon successful login, it uses a busybox specific command which causes the infection to fail if busybox is not present. Once inside a box, the malware will attempt to kill and block anything running on ports 22, 23, and 80, essentially locking out the user from their own device and preventing infection by other malware. Despite Mirai killing most control panels, it is possibly to use Shodan to see which services the box was exposing prior to infection, giving us an idea of the type of boxes infected (we’ll get to that later).
Conventional botnets are made by leveraging methods such as malicious spam, exploits, executable infection, and social engineering to infect desktop computers with specially crafted software which gives the attacker control, but they’re very expensive to run. Although “Antivirus is dead” is the phrase all the cool kids are using these days, it’s a fact that the AV industry has put a significant dent in botnets and general malware propagation over the past decade. Nowadays hackers have to spend large amounts of time and money constantly modify their malware to evade AV detection, and although botnets still exist (spoiler: they always will), the number of notable botnets and their individual size has shrunk.
Yes, the work going into attacking computer systems is hard but young people with lots of time on their hands, can do this instead of playing online video games. Trying to make money this way is difficult and the present attack shows the difficulty in collecting loot. Even with bitcoins, it is difficult. Most people, when systems are infected, go to people who can undo this for help or prevent this.
Despite there still being several botnets significantly larger that Mirai, with active infection numbers in the multi-millions, we’ve never seen DDoS attacks from them for a multitude of reason:
Profitability – At current the maintenance cost of desktop botnets has exceeded the revenue from DDoS attacks for most. Cheap anti-DDoS services make DDoS protection more affordable that paying ransoms to attackers, resulting in DDoS for hire or DDoS ransom based botnets slowly dying out. Although you’ve probably seen a lot of “stresser” services advertised, these are different from normal botnets in the sense they’re mostly run by scriptkiddies purchasing cheap Linux servers and executing DoS scripts on them (the small pool of unique addresses makes the attacks easy to block for most DDoS mitigation services and even your average sysadmin).
As I noted earlier…good to see this confirmed. Eventually, online bitcoin purchases will be trackable because now the governments in Europe and the US are pissed off about this.
Noise – As we saw with Mirai, DDoS attacks are noisy and draw a lot of attention. Mirai, which was mostly ignored due to its unsophisticated telnet bruteforcing attacks, in the course of a week became the subject of worldwide media attention and multiple law enforcement investigation backed by multinational companies; nobody looking to make money wants that kind of attention.
Which is why this latest attempt will end up backfiring.
Overblown Statistics – The few large desktop botnets which do perform DDoS usually end up being sinkholed; however, sinkholes often measure botnets by unique IPs over a few month period (keep in mind lots of infections will have dynamic IPs which change daily), resulting in infection numbers being hugely over-inflated. The largest Mariposa (butterfly) botnet consisted of around 400,000 infections but due to the authorities sinkholing multiple botnets run by different actors and then counted unique IPs over a 10 month period, the resulting estimate was a ridiculous 10 – 15 million.
If we take pretty much any conventional botnet and plot the number of bots online in any 1 hour time frame on a graph, it will form natural waves throughout the week with smaller ones during the weekend: these waves peak during the day and trough during the night for whichever timezone is most dominant. The difference in number of online bots throughout the day is because to normal people (or so I’m told) don’t leave their computers running all day, but do you know what they probably don’t turn off? Their fridge, CCTV or router.
Yes, this made the news this week. A number of stories were written in mainstream media talking about this issue of using routers and CCTV, etc. to hack homes and businesses. Up until today, not one of the news stories I saw mentioned MalwareTech until I read the British Daily Mail story. Thank you, England’s reporters, for having some real news.
I hope readers of my little blog continue reading for I found another interesting story at the Malware Tech site: David Cameron Wants Porn Sites to Require Banking Information | MalwareTech
It’s now been decided that adult sites aren’t doing enough to prevent those under the age of 18 from using their services, with Cameron outlining plans to require that sites properly enforce age verification or face being added to the ever growing list of websites blocked in the UK. The current suggestion is that adult sites should use credit card or bank details for age verification (the same way that most e-commerce sites currently do). Is this a good idea? Short answer: no, long answer: oh my god no.
When it comes to free porn, there is really no way to track visitors across sessions, at least not in the UK. Cookie and local storage data gets cleared after each private browsing session and almost all UK ISPs issue dynamic IP addresses, making IP tracking useless.
If website uses were required to link personal information with their accounts, suddenly not only is everyone traceable across browsing sessions, but their browsing habits are tied to their real name. A lot of people have a problem with large companies gathering basic personal information for advertising purposes, so I’m sure it will be had to find anyone who doesn’t have a problem with their porn history, name, and billing address being collected (probably a recipe for a very embarrassing call with your bank’s fraud resolution department).
Word of warning: the CIA and NSA already do this. That is, spy on everyone via computers and to discover who has sex stuff so they can be either blackmailed or attacked in the media after ‘news’ is leaked via the army of political leakers who are out to attack various politicians like we see all the time in the news.
Now of course, the above issues assumes the website was even legitimate in the first place. What’s to stop the same people running malware infested porn sites from re-purposing them to harvest bank details? Most people browsing porn aren’t exactly thinking with their head (well, at least not that one.), so even those wary of fraud are more likely to find themselves plugging their financial information into a shady site.
That is correct. So of course, governments will want to do exactly that: be able to trace people doing naughty things online. Since many people take delight in attacking our computers all the time, it is no wonder this will end up happening, that is, tighter government control of the internet which was set up by the CIA in the first place.
Botnet Takedowns – fun and good publicity, nothing more | MalwareTech: the writer suggests that taking down mildly annoying bots leads to worse bots being created therefore, it should not be done. Interesting take on systems operational analysis! The writer last month suggested that saving the energy going into securing systems is best done only on major attacks like the latest one.