Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

High Level Coding Language Used To Create New POS Malware ( 81

An anonymous reader writes: A new malware framework called ModPOS is reported to pose a threat to U.S. retailers, and has some of the highest-quality coding work ever put into a ill-intentioned software of this nature. Security researchers iSight say of the ModPOS platform that it is 'much more complex than average malware'. The researchers believe that the binary output they have been studying for three years was written in a high-level language such as C, and that the software took 'a significant amount of time and resources to create and debug'.

Patreon Users Threatened By Ashley Madison Scammers ( 70

itwbennett writes: "Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users," writes CSO's Steve Ragan. A message sent from the same account used in previous campaigns by the scammers demands a payment of 1 BTC or else the Patreon user will have their personal information exposed. "The [Bitcoin] wallet being used by the group has barely collected anything," says Ragan, "suggesting that after their massive push towards Ashley Madison users, people have stopped falling for their scams."
The Military

Fake Bomb Detector, Blamed For Hundreds of Deaths, Is Still In Use 140 writes: Murtaza Hussain writes at The Intercept that although it remains in use at sensitive security areas throughout the world, the ADE 651 is a complete fraud and the ADE-651's manufacturer sold it with the full knowledge that it was useless at detecting explosives. There are no batteries in the unit and it consists of a swivelling aerial mounted to a hinge on a hand-grip. The device contains nothing but the type of anti-theft tag used to prevent stealing in high street stores and critics have likened it to a glorified dowsing rod.

The story of how the ADE 651 came into use involves the 2003 U.S. invasion of Iraq. At the height of the conflict, as the new Iraqi government battled a wave of deadly car bombings, it purchased more than 7,000 ADE 651 units worth tens of millions of dollars in a desperate effort to stop the attacks. Not only did the units not help, the device actually heightened the bloodshed by creating "a false sense of security" that contributed to the deaths of hundreds of Iraqi civilians. A BBC investigation led to a subsequent export ban on the devices.

The device is once again back in the news as it was reportedly used for security screening at hotels in the Egyptian resort city of Sharm el-Sheikh where a Russian airliner that took off from that city's airport was recently destroyed in a likely bombing attack by the militant Islamic State group. Speaking to The Independent about the hotel screening, the U.K. Foreign Office stated it would "continue to raise concerns" over the use of the ADE 651. James McCormick, the man responsible for the manufacture and sale of the ADE 651, received a 10-year prison sentence for his part in manufacture of the devices, sold to Iraq for $40,000 each. An employee of McCormick who later became a whistleblower said that after becoming concerned and questioning McCormick about the device, McCormick told him the ADE 651 "does exactly what it's designed to. It makes money."

Australian State Bans Possession of Blueprints For 3D Printing Firearms ( 302

angry tapir writes: Possessing files that can be used to 3D print firearms will soon be illegal in the Australian state of New South Wales after new legislation, passed last week by state parliament, comes into effect. Possessing files for 3D printing guns will be punishable by up to 14 years in prison. The provisions "are targeted at criminals who think they can steal or modify firearms or manufacture firearms from 3D blueprints," NSW's justice minister, Troy Grant, said when introducing the bill in the state's lower house on 27 October. "Those who think they can skirt the law will find themselves facing some of the toughest penalties for firearms offences in this country," Grant said.

How Anonymous' War With Isis Is Actually Harming Counter-Terrorism ( 385

retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Astley's "Never Gonna Give You Up" music video. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987. Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Astley drowns out intelligence as well as recruitment.

FTC Amends Telemarketing Rule To Ban Payment Methods Used By Scammers 48

An anonymous reader writes: The Federal Trade Commission has approved final amendments to its Telemarketing Sales Rule (TSR), including a change that will help protect consumers from fraud by prohibiting four discrete types of payment methods favored by scammers. The TSR changes will stop telemarketers from dipping directly into consumer bank accounts by using certain kinds of checks and "payment orders" that have been "remotely created" by the telemarketer or seller. In addition, the amendments will bar telemarketers from receiving payments through traditional "cash-to-cash" money transfers – provided by companies like MoneyGram, Western Union, and RIA.

Ex-CIA Director Says Snowden Should Be 'Hanged' For Paris Attacks ( 484

SonicSpike writes with this excerpt from The HIll: A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris. "It's still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he's dead, rather than merely electrocuted," James Woolsey told CNN's Brooke Baldwin on Thursday. Woolsey said Snowden, who divulged classified information in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured. "I think the blood of a lot of these French young people is on his hands," he said.

Chicago Sends More Than 100,000 "Bogus" Camera-Based Speeding Tickets 200

Ars Technica, based on an in-depth report (paywalled) at the Chicago Tribune, says that the city of Chicago has been misusing traffic cameras to trigger automated speeding tickets. In particular, these cameras are placed in places where there are enhanced penalties for speeding, putatively intended to increase child safety. The automated observation system, though, has been used to send well over 100,000 tickets that the Tribune analysis deems "questionable," because they lack the evidence which is supposed to be required -- for instance, many of these tickets are unbacked by evidence of the presence of children, or were issued when the speeding rules didn't apply (next to a park when that park was closed).

The War On Campus Sexual Assault Goes Digital 399 writes: According to a recent study of 27 schools, about one-quarter of female undergraduates said they had experienced nonconsensual sex or touching since entering college, but most of the students said they did not report it to school officials or support services. Now Natasha Singer reports at the NYT that in an effort to give students additional options — and to provide schools with more concrete data — a nonprofit software start-up in San Francisco called Sexual Health Innovations has developed an online reporting system for campus sexual violence. One of the most interesting features of Callisto is a matching system — in which a student can ask the site to store information about an assault in escrow and forward it to the school only if someone else reports another attack identifying the same assailant. The point is not just to discover possible repeat offenders. In college communities, where many survivors of sexual assault know their assailants, the idea of the information escrow is to reduce students' fears that the first person to make an accusation could face undue repercussions.

"It's this last option that makes Callisto unique," writes Olga Khazan. "Most rapes are committed by repeat offenders, yet most victims know their attackers. Some victims are reluctant to report assaults because they aren't sure whether a crime occurred, or they write it off as a one-time incident. Knowing about other victims might be the final straw that puts an end to their hesitation—or their benefit of the doubt. Callisto's creators claim that if they could stop perpetrators after their second victim, 60 percent of campus rapes could be prevented." This kind of system is based partly on a Michigan Law Review article about "information escrows," or systems that allow for the transmitting of sensitive information in ways that reduce "first-mover disadvantage" also known to economists as the "hungry penguin problem". As game theorist Michael Chwe points out, the fact that each person creates her report independently makes it less likely they'll later be accused of submitting copycat reports, if there are similarities between the incidents.

DoJ Going After Makers of Dietary Supplement ( 161

schwit1 writes: Several federal agencies, including the U.S. Department of Justice, have announced criminal and civil actions related to unlawful advertising and sale of dietary supplements. "Six executives with USPlabs LLC and a related company, S.K. Laboratories, face criminal charges related to the sale of unlawful dietary supplements. Four were arrested on Tuesday and two are expected to surrender, the Justice department said. The indictment says that USPlabs used a synthetic stimulant manufactured in China to make Jack3d and OxyElite Pro but told retailers that the supplements were made from plant extracts." The FTC is working on this as well, and their press release has more details. The DoJ's case involves "more than 100 makers and marketers" of these supplements. It's about time.

NYT Quietly Pulls Article Blaming Encryption In Paris Attacks 259 writes: Inside Sources reports that the NY Times has quietly pulled a story from its website alleging the attackers used encrypted technology. The original piece, which has since been removed, can be found on the Internet Archive. It stated, "The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption."

A link to the NY Times article now redirects readers to a separate, general article on the attacks, which does not contain the word "encrypt." The Times later posted a second article citing an anonymous "European counterterrorism official" who was quoted saying authorities' "working assumption is that these guys were very security aware," but clarified officials "offered no evidence."
The Internet

After Paris, ISIS Moves Propaganda Machine To Darknet ( 184

itwbennett writes: Over the weekend, researcher Scot Terban came across the new website of Al-Hayat Media Center, the media division of Daesh (aka ISIS/ISIL), in a post on Shamikh forum (a known jihadi bulletin board), 'someone had posted the new address and instructions for reaching it,' writes CSO's Steve Ragan. The website hosts the usual anti-Western iconography, as well as songs (Nasheeds) and poems for mujahids in various locations. Terban has mirrored the website and its files; he says he plans to publish more details in the coming days. 'Over the years, there have been several claims made that Daesh had propaganda and recruitment hubs on the Darknet, but no one has ever published proof of those claims or explored how the propaganda machine operates in public,' says Ragan.
The Military

Anonymous Vows Revenge For ISIS Paris Attacks 488

An anonymous reader writes: As usual, Anonymous members are quicker to respond to threats than investigators and have announced #OpParis as revenge for the Paris attacks. Their action is similar to #OpISIS from this spring, launched after the Charlie Hebdo attacks. Previously Anonymous ousted thousands of ISIS Twitter accounts in #OpISIS. In a more conventional response, the government of France has been bombarding ISIS positions in Syria with airstrikes, and hunting for suspect Salah Abdeslam in connection with Friday's killings.

Police Body Cameras Come With Pre-Installed Malware 100

An anonymous reader writes: The old Conficker worm was found on new police body cameras that were taken out of the box by security researchers from iPower Technologies. The worm is detected by almost all security vendors, but it seems that it is still being used because modern day IoT devices can't yet run security products. This allows the worm to spread, and propagate to computers when connected to an unprotected workstation. One police computer is enough to allow attackers to steal government data. The source of the infection is yet unknown. It is highly unlikely that the manufacturer would do this. Middleman involved in the shipping are probably the cause.

Belgian Home Affairs Minister: Terrorists Communicate Via PlayStation 4 ( 202

bricko writes with story at Quartz reporting the words of Belgium's home affairs minister Jan Jambon, who says that ISIL operators communicate using their PlayStation 4s; "which allows terrorists to communicate with each other and is difficult for the authorities to monitor. 'PlayStation 4 is even more difficult to keep track of than WhatsApp,' he said. The gaming console also was implicated in ISIL's plans back in June, when an Austrian teen was arrested for downloading bomb plans to his PS4." This seems a strange place to concentrate investigators' energies; terrrorists could be communicating in the chat session on the side of many social media games, too, or by any number of other means; Jambon would do well to read through some of the movie plotlines that Bruce Schneier has gathered.

Islamic State Claims Responsibility for Paris Attacks; Death Toll At 127 728

The L.A. Times reports that Islamic State, the group variously known as ISIL, ISIS, and Daesh, has claimed responsibility for the multi-pronged terror attack yesterday in Paris which left at least 128 people dead, most of them from among the audience of a rock concert at the Bataclan theater, in the heart of the city. Details of how Friday’s assaults were carried out remained hazy. It was still unclear, for example, whether the restaurants and concert theater were attacked by two separate teams of militants or one group that went from one place to another. ... Attackers opened fire on the crowd with automatic weapons, shouting “God is great!” or blaming France for airstrikes on Islamic State in Syria, according to some reports. Dozens of concert-goers were killed before French forces stormed the theater. Many Parisians posted appeals and photos on social media asking for news of friends or loved ones whom they had not heard from since the attacks. One man said on Twitter that a government hotline set up to inquire about missing persons was so overloaded that calls could not get through. In the wake of the attacks and with an overloaded public infrastructure, Facebook activated its post-disaster check-in tool for Parisians to notify loved ones that they are safe. According to Reuters, French President Francois Hollande has vowed to undertake a "mercliess" response to the attacks.

Explosions and Multiple Shootings In Paris, Possible Hostages ( 965

An anonymous reader writes: Multiple sources are reporting that at least 18 people are dead across three shootings in central Paris. The Associated Press reports as many as 26, as of this writing. Some victims were at a restaurant, while others were at a nearby theater. Early reports indicate there may be a hostage situation with more people at that theater. Police have also confirmed an explosion at a bar near Stade de France stadium, where a football match was underway between France and Germany. There are reports of other explosions heard at the stadium as well, but no details yet. "The attack comes as France has heightened security measures ahead of a major global climate conference that starts in two weeks, out of fear of violent protests and potential terrorist attacks." The attacks occurred not far from where the Charlie Hebdo shooting happened in January. "French news media reported that Kalashnikov rifles had been involved in the shootings — a favored weapon of militants who have attacked targets in France — and that many rounds had been fired."

Laser Strikes On Aircraft Increasing In Frequency ( 161

puddingebola writes: The FAA is reporting a record number of laser strikes on aircraft for 2015. From the article: "The Federal Aviation Administration recorded 5,352 laser strikes through Oct. 16, up from 2,837 for all of 2010. ... Some airports have reported more than 100 laser strikes this year: Los Angeles had 197; Phoenix had 183; Houston had 151; Las Vegas had 132, and Dallas-Fort Worth had 115. On July 15, during a 90-minute period, 11 airliners and one military aircraft reported laser strikes near New York City-area airports. Those incidents remain under investigation by the FAA, FBI and New Jersey state police."

New Ransomware Business Cashing In On CryptoLocker's Name ( 62

itwbennett writes: A new service launched this week on a standalone Darknet website offering ransomware called CryptoLocker Service to anyone willing to pay a small fee and 10% of the collected ransom. The new venture is being run by a person using the handle Fakben, who was a former user of the Evolution (Evo) marketplace, writes CSO Online's Steve Ragan. Customers pay $50 to get the basic Ransomware payload. Once the victim pays the demanded ransom, the payment address will forward the funds – less a ten percent fee – to the Bitcoin wallet designated by the CryptoLocker Service customer. The ransom fee itself can be determined by the customer, but the recommended fee is $200. 'I prefer to be less expensive, more downloads and more infections,' Fakben said during a brief chat with Ragan.

Prison Hack Shows Attorney-Client Privilege Violation ( 190

Advocatus Diaboli writes with this excerpt from The Intercept: An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation's prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014."

"Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recorded conversations between inmates and attorneys, a strong indication that at least some of the recordings are likely confidential and privileged legal communications — calls that never should have been recorded in the first place. The recording of legally protected attorney-client communications — and the storage of those recordings — potentially offends constitutional protections, including the right to effective assistance of counsel and of access to the courts.