An anonymous reader writes from a report via Softpedia: Since the summer of 2015, users that surfed 113 major, legitimate websites were subjected to one of the most advanced malvertising campaigns ever discovered, with signs that this might have actually been happening since 2013. Infecting a whopping 22 advertising platforms, the criminal gang behind this campaign used complicated traffic filtering systems to select users ripe for infection, usually with banking trojans. The campaign constantly pulled between 1 and 5 million users per day, infecting thousands, and netting the crooks millions each month. The malicious ads, according to this list, were shown on sites like The New York Times, Le Figaro, The Verge, PCMag, IBTimes, Ars Technica, Daily Mail, Telegraaf, La Gazetta dello Sport, CBS Sports, Top Gear, Urban Dictionary, Playboy, Answers.com, Sky.com, and more.
An anonymous reader quotes a report from PCWorld: Former U.S. National Security Agency contractor, Edward Snowden, has censured WikiLeaks' release of information without proper curation. On Thursday, Snowden, who has embarrassed the U.S. government with revelations of widespread NSA surveillance, said that WikiLeaks was mistaken in not at least modestly curating the information it releases. "Democratizing information has never been more vital, and @Wikileaks has helped. But their hostility to even modest curation is a mistake," Snowden said in a tweet. WikiLeaks shot back at Snowden that "opportunism won't earn you a pardon from Clinton [and] curation is not censorship of ruling party cash flows." The whistleblowing site appeared to defend itself earlier on Thursday while referring to its "accuracy policy." In a Twitter message it said that it does "not tamper with the evidentiary value of important historical archives." WikiLeaks released nearly 20,000 previously unseen DNC emails last week, which suggest that committee officials had favored Clinton over her rival Senator Bernie Sanders. The most recent leak consists of 29 voicemails from DNC officials.
itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
An anonymous reader writes: After many users reported receiving predictions meant for other users, such as email addresses and phone numbers, SwiftKey has suspended part of its service. The service responsible for the bug was SwiftKey's cloud sync service. The Verge reports that one user, an English speaker, was getting someone else's German suggestions, while someone received NSFW porn search suggestions. The Telegraph also reports, "One SwiftKey user, who works in the legal profession and ask to remain anonymous, found out their details had been compromised when a stranger emailed them to say that a brand new phone had suggested their email address when logging into an account online. 'A few days ago, I received an email from a complete stranger asking if I had recently purchased and returned a particular model of mobile phone, adding that not one but two of my email addresses (one personal and one work address) were saved on the phone she had just bought as brand-new,' said the user." SwiftKey released an official statement today about the issue but said that it "did not pose a security issue."
An anonymous reader quotes a report from CNBC: The U.S. military is using an unmanned robotic vehicle to patrol around its camps in the Horn of Africa. The remote controlled vehicle is the result of a 30-year plan after military chiefs approved the concept of a robotic security system in 1985. Now the Mobile Detection Assessment and Response System, known as MDARS, are carrying out patrols in the east African country of Djibouti, under the control of the Combined Joint Task Force-Horn of Africa. The area is known as home to a number of hostile militant groups including the al-Qaeda-affiliated al-Shabaab. An operator sits in a remote location away from the vehicle watching the terrain via a camera link which is fixed to the chassis. U.S. military software engineer Joshua Kordanai said in a video presentation that the vehicle drives itself, freeing the remote operator to monitor video. "The vehicle has an intruder detection payload, consisting of radar, a night vision camera, a PTZ [pan-tilt-zoom] camera and two-way audio, so the system will be able to detect motion," he added. One report prices the cost of an earlier version of the military 'drone buggy' at $600,000 each.
Trailrunner7 quotes a report from On the Wire: A federal judge has ruled that robocalls made on behalf of political candidates are protected by the First Amendment and cannot be outlawed. The decision came in a case in Arkansas, where political robocalls had been illegal for more than 30 years. On Wednesday, U.S. District Court Judge Leon Holmes ruled that banning political robocalls amounts to an infringement of free speech protections and also constitutes prior restraint of speech. Political campaigns have been using robocalls for decades, and some states have sought to ban them, arguing that they are intrusive and violate recipients' privacy. In the Arkansas case, the state attorney general put forward both of these arguments, and also argued that the calls can tie up phone lines, making them unusable in an emergency. Holmes said in his decision that there was no evidence that political robocalls prevent emergency communications, and also said that the Arkansas statute should have banned all robocalls, not just commercial and political ones. "The statute at issue here imposes a content-based restriction on speech; it is not one of the rare cases that survives strict scrutiny. The state has failed to prove that the statute at issue advances a compelling state interest and is narrowly tailored to serve that interest," Holmes wrote.
Facebook-owned messaging app WhatsApp retains and stores chat logs even after those messages have been deleted, according to iOS researcher Jonathan Zdziarski. The Verge reports: Examining disk images taken from the most recent version of the app, Zdziarski found that the software retains and stores a forensic trace of the chat logs even after the chats have been deleted, creating a potential treasure trove of information for anyone with physical access to the device. The same data could also be recoverable through any remote backup systems in place. In most cases, the data is marked as deleted by the app itself -- but because it has not been overwritten, it is still recoverable through forensic tools. Zdziarski attributed the problem to the SQLite library used in coding the app, which does not overwrite by default. WhatsApp was applauded by many privacy advocates for switching to default end-to-end encryption through the Signal protocol, a process that completed this April. But that system only protects data in transit, preventing carriers and other intermediaries from spying on conversations as they travel across the network.
The British spy agency GCHQ used a custom URL shortener and Twitter sockpuppets to influence and infiltrate activists during the Iran revolution of 2009 and the Arab Spring of 2011, reports Motherboard, citing leaked documents by Edward Snowden. From the article: The GCHQ's special unit, known as the Joint Threat Research Intelligence Group or JTRIG, was first revealed in 2014, when leaked top secret documents showed it tried to infiltrate and manipulate -- using "dirty trick" tactics such as honeypots -- online communities including those of Anonymous hacktivists, among others. The group's tactics against hacktivists have been previously reported, but its influence campaign in the Middle East has never been reported before. I was able to uncover it because I was myself targeted in the past, and was aware of a key detail, a URL shortening service, that was actually redacted in Snowden documents published in 2014. A now-defunct free URL shortening service -- lurl.me -- was set up by GCHQ that enabled social media signals intelligence. Lurl.me was used on Twitter and other social media platforms for the dissemination of pro-revolution messages in the Middle East.
Parents who found themselves with hefty bills after their kids made in-app purchases -- mainly via the now-defunct Facebook Credits -- can now request a refund from Facebook. PCMag reports: The news comes as part of a settlement for a class-action lawsuit brought against the social network in February 2012, and covers those who made any kind of purchase through their Facebook accounts between February 2008 and March 2015. Facebook maintained that it did nothing wrong, as those purchasing digital currency received what they paid for. But California's Family Code stipulates that minors can void contracts they make at any point when they're under 18 years of age. In other words, the legislation is designed to prevent other entities from preying on minors who don't otherwise understand the ramifications of their actions -- like tapping repeatedly on an in-app item to acquire it.
Following the shut down of KickassTorrents website -- after its alleged owner was arrested, Hollywood studios are playing the game of cat and mouse with pirates to put an absolute end to KickassTorrents. An anonymous reader writes: One of the most popular KAT mirrors has had its domain name taken down following pressure from the major Hollywood studios. The Armenian .AM registry was quick to disable the KAT.am domain, after it received a stark warning from the Motion Picture Association, representing Hollywood's major studios. This notice requires you to immediately (within 24 hours) take effective measures to end and prevent further copyright infringement. All opportunities provided by the website to download, stream or otherwise obtain access to the entertainment content should be disabled permanently," MPA's email reads.As TorrentFreak reports, the takedown of kat.am domain isn't the end of the website. The publication spoke to the operator of the website, and learned that they were "making continuous" attempts to bring the website back -- utilizing the channels available. Kat.am is down already, but kickass.cd and kickass.mx mirros have since cropped up. Slashdot understands that Kickass torrent community is now back in action again, on a whole new domain.
From a Reuters report: The FBI is investigating a cyber attack against another U.S. Democratic Party group, which may be related to an earlier hack against the Democratic National Committee , four people familiar with the matter told Reuters. The previously unreported incident at the Democratic Congressional Campaign Committee, or DCCC, and its potential ties to Russian hackers are likely to heighten accusations, so far unproven, that Moscow is trying to meddle in the U.S. presidential election campaign to help Republican nominee Donald Trump. The Kremlin denied involvement in the DCCC cyber-attack. Hacking of the party's emails caused discord among Democrats at the party's convention in Philadelphia to nominate Hillary Clinton as its presidential candidate. The newly disclosed breach at the DCCC may have been intended to gather information about donors, rather than to steal money, the sources said on Thursday.
mi writes from a report via The Times: A senior judge has called for the establishment of an online court (Warning: source may be paywalled) that does not have lawyers and can deal with claims of up to 25,000 British Pound (around $32,850). The proposal is the centerpiece of a package of reforms to the civil justice system, drawn up by Lord Justice Briggs, a Court of Appeal judge. Just how exactly will this court ensure no one is, in fact, a trained professional on the internet, where no one knows who you really are, is not explained. We discussed the idea last year. Apparently, it is still alive. The judge's report says this computer court would provide "effective access to justice without having to incur the disproportionate cost of using lawyers." The Law Gazette reported earlier in June that Briggs has mused about a three-stage process -- triage, conciliation and final judgement -- in which there might be some lawyer involvement.
An anonymous reader writes from a report via Softpedia: South Korea says that North Korea is behind a data breach that occurred last May, where hackers stole details about 10 million user accounts from Interpark.com, one of the country's biggest shopping portals. The hackers later tried to extort Interpark management by requesting for 3 billion won ($2.66 million / 2.39 million euros), otherwise they were going to release the data on the internet. [The hackers wanted the money transferred to their accounts as Bitcoin.] Authorities say they tracked the source of the hack to an IP in North Korea, previously used in other attacks on South Korean infrastructure. "Besides the evidence related to the IP addresses and the techniques used in the attacks, investigators also said that the emails Interpark management received, written in the Korean language, contained words and vocabulary expressions that are only used in the North," reports Softpedia.
An anonymous reader writes from a report via Business Insider: Microsoft is planning to lay off 2,850 more employees in the next 12 months or so, according to Microsoft's full 10-K report it filed with the Securities and Exchange Commission. Part of the document reads: "In addition to the elimination of 1,850 positions that were announced in May 2016, approximately 2,850 roles globally will be reduced during the year as an extension of the earlier plan, and these actions are expected to be completed by the end of fiscal year 2017." Business Insider reports: "The first 1,850 layoffs mentioned here were mainly from Microsoft's struggling smartphone business, including 1,350 employees in Finland working at what was once Nokia world headquarters. These layoffs also included people in Microsoft's salesforce, which was recently reorganized and saw the departure of COO Kevin Turner. In total, Microsoft laid off 7,400 employees in its last fiscal year, which ended on June 30th, 2016. The new layoffs are a continuation of the same plan, and include the sales group as well as others. About 900 people affected by the new layoffs were already informed during the sales reorganization, according to a person familiar with Microsoft's plans."
An anonymous reader writes from a report via Vocativ: [Vocativ reports:] "The U.S.'s most popular third-party presidential candidate says he would 'consider' pardoning the highest profile convicts of computer-related crimes in the country, including Chelsea Manning, Ross Ulbricht, and Jeremy Hammond. Libertarian candidate Gary Johnson, a former governor of New Mexico, also reiterated his possible willingness to pardon Edward Snowden, the former National Security Agency analyst who gave a cache of agency documents to journalists in 2013." "Having actually served as a governor and administered the power to grant pardons and clemency, Gary Johnson is very conscious and respectful of the need for processes for using that authority," Joe Hunter, Johnson's communications director, told Vocativ in a statement. "However, he has made it clear on numerous occasions that he would 'look seriously at' pardoning Edward Snowden, based on public information that Snowden's actions did not cause actual harm to any U.S. intelligence personnel. Likewise, he has said he would look favorably on pardoning Ross Ulbricht, consistent with his broader and long-standing commitment to pardon nonviolent drug offenders, whistleblowers, and others imprisoned under unjust and ill-advised laws," Hunter said. When Vocativ asked specifically about Chelsea Manning, Jeremy Hammond, Barrett Brown, and Matthew Keys, Hunter responded: "The same goes for the other individuals you have mentioned -- and hundreds, if not thousands, like them. Gov. Johnson finds it to be an outrage that the U.S. has the highest incarceration rate in the developed world, and announced in 2012 that, as President, he would promptly commence the process of pardoning nonviolent offenders who have done no real harm to others." The Green Party candidate Jill Stein has also shared her thoughts on pardoning Edward Snowden and Chelsea Manning. Not only would she pardon Snowden, but she said she would appoint him to her cabinet.