Tuesday, September 16, 2014

A cyberspace with sunny spells

“To maintain public confidence in both government and technology, we need legislative reform that ensures surveillance powers are transparent, reasonably scoped by law, and subject to independent oversight.” Google's legal director, Richard Salgado, took advantage of the presentation of the company’s tenth Transparency Report to demand more transparent laws that clearly define the conditions and protocols to be followed by both governments and businesses when law enforcement request users’ personal data.

The report released yesterday points that the number of requests for personal information made by governments around the world in the first six months of 2014 rose up to roughly 32,000 petitions, 15% increase when compared withthe second half of last year.

Of course not all government agencies bother to knock on Google’s door. Some use other darker techniques such as the use of computer intrusion systems, software vulnerabilities or remote monitoring systems to obtain the data they need. FinFisher is a German company specialized in supplying such services. Yesterday Wikileaks hit this firm by publishing unedited copies of some complete pieces of its surveillance malware called FinFisher Relay, FinSpy Proxy and FinSpy Master, as well as its FinFisher FinSpy PC spyware. Both of them have been used by intelligence agencies against journalists, political dissidents, activists...

Cybercriminals also try to access their targets through the back door to avoid being seen by their victims. IBM Trusteer has detected that Citadel malware, originally designed to capture keystrokes of their victims and make captures of their screen, has been modified to attack petrochemical plants in the Middle East. Thanks to its new features, hackers could gain control of the victim’s computer, access his corporate network, and in the worst case, modify the manufacturing process or cause a chemical explosion.

Taking this new version of Citadel into consideration, the malware being distributed through the forums of Twitch community and video platform for gamers looks like a trifle. According to F-Secure security firm, this malware captures screenshots, add new friends, accept pending friend requests, initiate trading with new friends and, if the user has some money in his account, accepts pending transactions. So the platform’s advice is not click on unknown links, even if they seem harmless.

Apart from this malware campaign, Twitch users are probably chatting about the legendary (and old) video game DOOM as well since this first-person shooter released in 1993 has been used for hacking a Canon Pixma printer. Hackers tested the printer’s web interface and managed to bypass its firmware’s basic XOR encryption. Then they installed DOOM to prove that an attacker could infect the device, for example, with a Trojan and thus steal information from printed documents.

Before ending this article, we want to remind you of one of the stories we told you yesterday: driving a vehicle is not compatible with mobile texting. Well, actually phones are not only a threat for drivers, but also for pedestrians. Therefore, in the Chinese city of Chongqing they have opened a 30 meters lane for people who walk while using their cell phones, although it is not very clear to what extent this is a serious initiative.

As usual, we encourage you to stay informed through our social channels (find the links at the right sidebar) or our blog.


Post a Comment