Post News

Monday 24 October 2016

City banks plan to hoard bitcoins to help them pay cyber ransoms

Several of London’s largest banks are looking to stockpile bitcoins in order to pay off cyber criminals who threaten to bring down their critical IT systems.

The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms, according to a leading IT expert.

On Friday, hackers attacked the websites of a number of leading online companies including Twitter, Spotify and Reddit. They used a special code to harness the power of hundreds of thousands of internet-connected home devices, such as CCTV cameras and printers, to launch “distributed denial of service” (DDoS) attacks through a US company called Dyn, which provides directory services to online companies. DDoS attacks involve inundating computer servers with so much data traffic that they cannot cope.

There is no evidence that Dyn was the subject of extortion demands but it has become apparent that hackers have been using the code to threaten other businesses into paying them with bitcoins or risk becoming the target of similar attacks.

Dr Simon Moores, a former technology ambassador for the UK government and chair of the annual international e-Crime Congress, the global body that brings together IT professionals, said the scale and ferocity of the attacks meant some banks were coming round to the view that it was cheaper to pay off the criminals than risk an attack.

“The police will concede that they don’t have the resources available to deal with this because of the significant growth in the number of attacks,” Moores said. “From a purely pragmatic perspective, financial institutions are now exploring the need to maintain stocks of bitcoin in the unfortunate event that they themselves become the target of a high-intensity attack, when law enforcement perhaps might not be able to assist them at the speed with which they need to put themselves back in business.”

Moores declined to identify the banks buying up bitcoins but it is understood senior police officers have been made aware of the practice. The cost to businesses of an attack can far outweigh paying off the blackmailers: telecoms provider TalkTalk lost 101,000 customers and suffered costs of £60m as a result of a cyber attack last year.

“Big companies are now starting to worry that an attack is no longer an information security issue, it’s a board and shareholder and customer confidence issue,” Moores said. “What we are seeing is the weaponisation of these [hacking] tools. It becomes a much broader issue than businesses ever anticipated.”

In recent months, DDoS attacks have led to around 600 gigabits of data a second being directed at targets – more than enough, according to experts, to bring most websites down.

Moores predicted that the situation was becoming critical. “Once it goes above a terabit, that wipes out any protection. No current protection systems can deal with that sort of flood.”

In September the website KrebsOnSecurity.com was the target of what it describes as “an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline”. Initial reports put it at approximately 665 gigabits of traffic a second, far more than is typically needed to knock most sites offline.

Some experts believe the attacks were launched in response to articles that Krebshad published about the DDoS-for-hire service vDOS, which coincided with the arrests of two young men identified as its founders.

The attack on Krebs was launched by a large botnet, a collection of enslaved computers – in this case, hundreds of thousands of hacked devices that constitute the internet of things (IoT), notably routers, IP cameras and digital video recorders. These devices are the internet’s achilles heel. Unlike personal computers or smartphones, they are often not password protected, relying on factory settings. Because of this they make soft targets for botnets scanning the internet for IoT systems that can be easily compromised.

The Krebs attack might have gone largely unnoticed outside of internet security circles if someone using the name Anna-senpai had not then chosen to release the source code that powered the botnet on to a hackers’ forum.

“When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai said on the Hack Forums site. “I made my money, there’s lots of eyes looking at IoT now, so it’s time to GTFO.”

Within hours of Anna-senpai’s decision to release the botnet into the wild, it was creating havoc as others started to employ the code to enslave more devices. Soon an army of zombified devices was mobilising against Dyn.

By targeting Dyn, it appears that hackers were able temporarily to disrupt a raft of sites. Others that reported problems included Mashable, CNN, the New York Times, the Wall Street Journal and Yelp.

Amazon’s web services division reported issues in western Europe. In the UK, Twitter and several news sites could not be accessed by some users.

Anna-senpai’s identity and motivation for releasing the code remains a mystery. Some believe state agents were involved. China, Russia and North Korea have all been mentioned in IT circles.

“While this particular attack [on Dyn] may not have been motivated by extortion, a new model of ransom-based attacks could be on the horizon, motivated to pay off threats for fear of infrastructure-wide customer outages,” said Thomas Pore, director of IT at Plixer, a malware incident response company. “An infrastructure outage, such as DNS [denial of service], against a service provider impacting both the provider and customers may prompt a quick ransom payoff to avoid unwanted customer attrition or larger financial impact.”

The problem facing businesses battling the hackers is becoming one of scale. The devices the hackers can recruit to launch their attacks is growing exponentially.

It is estimated that there are anywhere between 7bn and 19bn devices connected to the IoT at the moment. Conservative predictions suggest that this figure will balloon to between 30bn and 50bn within five years.

At some point, Moores believes that the dam will burst as the rollout of connected smart devices will allow for the harnessing of devastating computer power that can no longer be repelled by existing IT security systems.

He draws an analogy with financial crises, predicting that a “Lehman Brothers moment” is on the cards.

“We’ve got to come to grips with this,” Moores said. “Everybody’s overexposed.”

RISE OF THE HACKER

The evolution of DDoS attacks

February 2000

“Mafiaboy”, a 15-year-old Canadian called Michael Calce, launches the first big distributed denial-of-service attack (DDoS), crippling popular websites. His Project Rivolta takes down Yahoo, the number one search engine at the time, and many leading tech companies.

January 2008

Hacking collective Anonymous targets the Church of Scientology in an operation called Project Chanology that briefly knocks Scientology.org offline.

April 2012

A cyber-attack by anti-Israel groups on the eve of Holocaust Remembrance Day fails in its attempt to erase all mentions of Israel from the internet.

March 2013

Spamhaus, a filtering service to weed out spam emails, is subjected to a DDoS attack after adding a web hosting company called Cyberbunker to its blacklisted sites. Cyberbunker and other hosting companies hire hackers to shut down Spamhaus using botnets. At its peak the attack was being conducted at a rate of 330 gigabits a second, around five times the average DDoS attack.

January 2016

A group called New World Hacking attacks the BBC’s website at a rate of 602 gigabits a second, almost twice the size of the previous record of 334 gigabits a second.

Source:https://www.theguardian.com

City banks plan to hoard bitcoins to help them pay cyber ransoms

Several of London’s largest banks are looking to stockpile bitcoins in order to pay off cyber criminals who threaten to bring down their critical IT systems.

The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms, according to a leading IT expert.

In recent months, DDoS attacks have led to around 600 gigabits of data a second being directed at targets – more than enough, according to experts, to bring most websites down.

Moores predicted that the situation was becoming critical. “Once it goes above a terabit, that wipes out any protection. No current protection systems can deal with that sort of flood.”

Amazon’s web services division reported issues in western Europe. In the UK, Twitter and several news sites could not be accessed by some users.

Anna-senpai’s identity and motivation for releasing the code remains a mystery. Some believe state agents were involved. China, Russia and North Korea have all been mentioned in IT circles.

The problem facing businesses battling the hackers is becoming one of scale. The devices the hackers can recruit to launch their attacks is growing exponentially.

He draws an analogy with financial crises, predicting that a “Lehman Brothers moment” is on the cards.

“We’ve got to come to grips with this,” Moores said. “Everybody’s overexposed.”

RISE OF THE HACKER

The evolution of DDoS attacks

February 2000

January 2008

Hacking collective Anonymous targets the Church of Scientology in an operation called Project Chanology that briefly knocks Scientology.org offline.

April 2012

A cyber-attack by anti-Israel groups on the eve of Holocaust Remembrance Day fails in its attempt to erase all mentions of Israel from the internet.

March 2013

January 2016

A group called New World Hacking attacks the BBC’s website at a rate of 602 gigabits a second, almost twice the size of the previous record of 334 gigabits a second.

Source:https://www.theguardian.com

America’s Biggest Private Prison Company Let Inmates Kill Each Other, Lawsuit Claims

Private-prison guards maced Kyle Tiffee as he bled to death after being repeatedly stabbed in a gang battle last year.

According to a lawsuit filed by Tiffee’s family, every element of the chaotic fight—right down to the light fixtures made into shanks—can be blamed onCorrections Corporation of America.

CCA is a multi-billion-dollar company and the largest operator of privately run prisons in the United States, running nearly 70 facilities including Cimarron Correctional Facility in Cushing, Oklahoma, where Tiffee and three other men died on Sept. 12, 2015. The fight, which lasted all of two minutes, claimed four lives and was the deadliest incident in the history of the Oklahoma Department of Corrections.

The deadly fight was “highly predictable,” according to the lawsuit, and could have been prevented if not for minimal “staff behavior and corruption,” that left gangs to run the place.

CCA did not respond to a request for comment.

Tiffee was a member of the Irish Mob, whose members gathered on upper- and lower-level runs of the Charlie North housing unit, as did members of the United Aryan Brotherhood. The flocking was a sure sign that a fight was imminent, yet a guard stood by as “nothing more than a spectator,” to the fight.

The lawsuit names Terrance Lockett as the guard who stood idly by, but Lockette disagrees with the description.

“I really didn’t see anything. It all happened so fast, ” Lockett told The Daily Beast in a brief interview before deciding otherwise about the conversation. “They’ve named me in that lawsuit so I’m not going to say anything that hurts me.”

Lockett, when he did decide to warn his superiors that the gangs were gathering in a menacing manner, was told to “call back when (the fight) happens.”

Eventually Lockett and a nurse entered the fray to attend to a badly wounded inmate. Not long after that, the riot squad arrived and maced Tiffee—stabbed likely by the rival Aryans—while trying to break up the brief and bloody battle.

Tiffee and another member of the Irish Mob lay dead or dying; two members of the United Aryan Brotherhood were also suffering from mortal wounds.

The murders may have been captured on security footage inside Charlie North, but that footage remains in the hands of CCA.

“The Department of Corrections claims the video is exempt from the Oklahoma Open Records Act, as a ‘law enforcement record,’” attorney Spencer Bryan told The Daily Beast. But there’s just one problem: CCA is not registered with the Oklahoma Council on Law Enforcement Education and Training, and therefore is not technically a law enforcement agency.

Oklahoma’s attorney general and Corrections Department did not respond to a request for comment.

The two gangs were armed with weapons fashioned from light fixtures inside the prison. CCA knew inmates were using the fixtures to make weapons, according to the lawsuit, but didn’t remove the fixtures “for financial reasons.” Even after the deadly battle, CCA left the fixtures in place.

Cimarron has been a problem for CCA for at least the past two years. Lockett and another guard have been indicted for smuggling phones and drugs into the facility, according to Payne County court records. In the lawsuit, Bryan claims the pair’s actions represent a culture of lawlessness that provides an atmosphere ripe for violent conflict.

“As more staff are corrupted, more contraband is introduced, and more inmates are monetized into the trafficking operation,” the lawsuit states. “As this cycle perpetuates, so too does the risk of violence in the (prison) drug trade.

Bryan alleges that efforts to curtail staff smuggling into the facility were non-existent prior to the deadly brawl. Indeed, in the months following the incident, Lockett and another guard, Megan Hood, were charged for attempting to smuggle contraband into the facility.

In November 2015, Hood was pulled aside after she repeatedly triggered a metal detector at Cimarron. In a report written by a Cushing police officer, Hood’s fellow guards said she was constantly tripping metal detectors at the prison, and was finally taken in for questioning that day. She eventually admitted to having two cell phones wrapped in electrical tape inside a body orifice.

She told police an inmate had promised her $2,000 in exchange for the phones, which she planned to use to “get away from her abusive husband,” according to the police report.

Three months later, in February, Lockett was pulled aside after a guard performing pat-downs of employees entering Cimarron found two bulges in Lockett’s crotch. After denying he had anything concealed in his pants, a Cushing police officer convinced Lockett to give up the goods. Lockett pulled out two bags of marijuana wrapped in electrical tape, according to police, then told an interesting story.

The night before Lockett had been on his way home from Cimarron when a car in front of him abruptly stopped. Four men got out and approached Lockett, handing over the bags of marijuana and threatening to kill him if he didn’t drop them off in Charlie North. But Lockett had no such excuse for the half pound of meth police found in his car that day after he gave them consent to search.

Both Hood and Lockett have been charged with possession of a controlled substance and intent to bring contraband into a penal institution, and their cases remain open.

Also still open are several federal lawsuits going back to 2014 levied on CCA because of alleged mistreatment of prisoners at Cimarron. They include one in which a prisoner had to have a testicle removed after staff at the prison allegedly ignored his complaints of pain for months. Another inmate said he came to the prison with swollen hands only to be ignored by medical staff. Eventually doctors found two broken fingers that had to be rebroken to heal the inmate.

One prisoner was eventually diagnosed with fractures in his neck when he slipped in a shower that was supposed to be closed at Cimarron, but weeks went by before he was finally taken to the hospital. Another man alleged he was denied chemotherapy after having a cancerous growth removed from his throat.

But proper medical care need not exist for a company like CCA to thrive, which is part of the reason that the Justice Department announced in August it would phase out the use of private companies to run federal prisons. That does nothing for the inmates at Cimarron though, because it is a state prison.

In fact, CCA’s stock just went up thanks to the renewal of a contract with Immigrations and Customs Enforcement. The company will continue to run an ICE detention facility in Texas, it announced this week. (The Justice Department’s decree does not affect facilities run by ICE because it is not a part of the Bureau of Prisons.)

The lawsuit filed on behalf of Tiffee’s family notes CCA’s voluminous income, which the company says provides Oklahomans with the “highest standards of quality.” Taxpayers in the state paid the company nearly $2.3 million a month in 2015 to CCA to run prisons there, and they have what Bryan says is the deadliest incident in the state’s prison history to show for it.

Tiffee’s father, Steve, a retired member of law enforcement, remembered his son not as a brutally murdered gang member, but a boy who “would look out for the smaller kids and kids with disabilities to protect them.”

Source:http://www.thedailybeast.com