FOSS Week in Review
Sixteen-year-old wrote the code for Target breach
The press calls him a “nearly seventeen-year-old” and he’s reported to be one of the people behind the malware used to compromise credit card data at Target and other locations. By our way of counting, “nearly seventeen” means he is sixteen or, like the show tune says, “sixteen going on seventeen.” He lives in Russia and is said to be the author of the BlackPOS malware that was used against Target and might have been used against Neiman Marcus.
This info comes from Los Angeles based cyber-intelligence firm IntelCrawler, which says it’s also traced six additional breaches to BlackPOS. As noted on MarketWatch, despite authoring the malware, the kid is just a small fry in this affair.
“‘He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,’ said Dan Clements, the company’s president, on its website.
“IntelCrawler said BlackPOS first infected retailers’ systems in Australia, Canada and the U.S. It said the malware … has been sold to cybercriminals in Eastern Europe and other countries, including owners of underground credit-card shops.”
On Monday, IntelCrawler identified a second individual who is evidently working with the Russian teen.
Meanwhile, at the Mexican border in Texas, two Mexican citizens were arrested after purchasing something north of $10,000 in merchandise using credit card numbers stolen in the Target breach. At least, that’s what Police Chief Victor Rodriguez of McAllen, Texas is saying. However, according to HuffPo, the feds say it isn’t so.
Late Monday, a federal official with knowledge of the case said there currently was no connection between the McAllen case and any ongoing investigation into the Target breach, but would not elaborate. The official spoke on condition of anonymity because the official was prohibited from providing details about the investigation.
Target, so far, has basically had no comment.
Credit card theft is a global problem. On Tuesday, Reuters reported on a major breach in Korea which seems to not be related to the Target case.
“The data security breach affected around 15 million cardholders, according to official estimates, by far the largest in a series of such scams against financial firms in South Korea going back to 2011. Some previous attacks involved hackers believed to originate from North Korea, but this one seems to have been an inside job.…
“The stolen information included names, home addresses, and phone numbers, bank account numbers, credit card details, identification numbers, income, marriage and passport numbers.”
As you might imagine, the Korean people are in a snit over this.
Back in the States, Thrusday Reuters reported that the FBI is warning retailers to expect more such cyber attacks. This comes after the feds tied about 20 additional hacking cases to the same malware used against Target.
“‘We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,’ said the FBI report, seen by Reuters.
“‘The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors,’ the FBI said.
It appears that we’re getting really close to living in the “cashless” world we always were told was coming someday. How do you like it so far?
HP offers Win 7 ‘by popular demand’
To paraphrase Yogi Berra, it’s deja vu all over again.
Remember back in the day when Gates and Ballmer were trying as hard as they could to get some traction with Vista? Remember how the OEMs finally got tired of losing sales because nobody wanted Vista and started offering machines with the older but more popular XP installed? Well…it’s deja vu time all over again.
We leaned on Monday from CNET that HP is now offering desktops and laptops running Window 7. That’s not all, they’re playing up the move in their advertising, with graphics proudly proclaiming, “Back by popular demand.”
It occurs to us that ME, Vista and Window 8 might be a grand part of Microsoft’s marketing strategy, as their mistakes make the likes of XP and 7 look good by comparison.
Is your Chrome browser spying on you?
It’s convoluted and unlikely, perhaps, but there’s a way that websites can trick the Chrome browser into leaving the mic open, allowing who knows whom to eavesdrop.
In Chrome, whenever a website wants to access a visitor’s microphone the browser prompts the user for permission which, if granted, is for that session only. Move to another site or close that tab and the mic is disabled. However, PCWorld reported on Wednesday, there is a way for a site to keep the mic turned on.
“But as Web developer Tal Ater discovered, malicious sites can use pop-under windows to keep listening even after the user has gone to another site or closed the main browser window. Unlike a regular browser tab, pop-under windows don’t show the recording status icon, and can continue to listen in for as long as the pop-under window stays open. The exploit can also stay dormant until the user utters certain key phrases.”
Techworld reported Thursday that although Google had a patch readied to fix this vulnerability on September 24, they decided not to use it.
“‘We’ve reinvestigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it,’ it [Google] said.”
This kind of makes the case for just using a plug-in mic instead of having one built-in, doesn’t it?
Is the balkanization of the Internet at hand?
It’s no longer news that quite a few countries are concerned enough about the NSA’s actions that they’re taking steps to protect themselves from our spying. This is leading some to suspect this might eventually result in a system of national Internets, as noted by IEEE Spectrum on Thursday.
To a degree, this is already happening. Germany is taking steps to assure that data packets originating in-country to be delivered in-country are never routed outside of Germany. In South America, Brazil’s president Dilma Rousseff is seeking legislation that will force companies, including Facebook and Google, to store all data on servers located within Brazil.
In addition, the NSA’s actions have resulted in a revival of the Open Root Server Network (ORSN), a system of root nameservers operating independently from ICANN. Taken offline in 2008, the system was put back in service in June as a result of Edward Snowden’s whistle-blowing.
“But Jacob Appelbaum, a developer of the Tor Project, warns that even secure systems like virtual private networks can be rendered useless through misuse of so-called backdoors. … The European Telecommunications Standards Institute, for instance, works closely with operators, government, and law enforcement agencies to integrate surveillance capabilities into communications networks. But many operators are concerned about how access to the backdoor ‘keys’ is regulated, and, in the case of some equipment vendors—notably China’s Huawei Technologies Co.—about whether secret backdoors are built into network systems without operators’ knowledge.”
All this has led the CEO of Deutsche Telekom, René Obermann, to make a statement that U.S. tech businesses should find worrisome:
“We need strong and secure networks in Europe,” he says. “Maybe that means we need to make the technology ourselves, or that the technology we buy doesn’t provide backdoors.”
That does it for another cold week. Until our next Week in Review, may the FOSS be with you…