USENIX Enigma 2019, Jonathan Lusthaus' 'The Offline Dimension Of Online Crime' →
outstanding conference videos on their YouTube Channel
Put A Couple Of Zeroes On It...
Quite likely the defining opinion piece, well-crafted by the inimitable Kara Swisher, writing at The New York Times, targeting the the entity known as Facebook, Inc. (NASDAQ: FB) (of which, in our opinion, is a classically structured and well organized criminal enterprise). Today's Must Read.
"With $23 billion in cash on hand, Facebook will see a $5 billion fine as simply the cost of doing business. Needless to say, this is not how fines are supposed to work." - via Kara Swisher's superb opinion piece at The New York Times
Sam Cattle on Ransomware →
Just 'Kuzz →
via Phys.org, comes a brief news item targeting the trojan exploit dubbed 'Adylkuzz', and it's mining feature. Additionally, read the highly detailed Proofpoint post, of which, contains the true gist of this trojan, as it were..
'Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to "mine" in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus.' - via Phys.org
Evil Ops, MethBot →
The story of the malvertising delivered MethBot - (PDF), and, at $3,000,000.00 per day (est.) it's truly making America pay...
PREDATOR →
PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration, described in the released paper, details the newly developed capability to predict bad-behavior (in this case criminally bad behavior), with the use of analytics at the time of domain registration. Created by Nick Feamster, Shuang Ho, Alex Kantchelian, Brad Miller and Vern Paxson. Outstanding.
"Princeton professor Nick Feamster and University of California Santa Barbara PhD student Shuang Ho worked with Alex Kantchelian (UC Berkley), Google's Brad Miller and Vern Paxson of the International Computer Science Institute to create PREDATOR – Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration...." "The important numbers are: the researchers say PREDATOR identified 70 per cent of domain registrations that were later abused; and they claim a false positive rate of just 0.35 per cent." - via El Reg's Richard Chirgwin
In Search Of... →
National Cybersecurity Center of Excellence Issues Call for Comments
Earlier this month (in April 2015 if you are reading this post in the far distant future...) the National Institute of Standards and Technology (NIST) released NIST Draft NISTIR 8050; in which, an interesting summary appears of a technical workshop held at Stanford University in conjuction with the Presidents' Cybersecurity Summit.
Pursuant to completeing the draft cycle of the document, the National Cybersecurity Center of Excellence NNCoE (a Center of Excellence and a component of NIST) has issued a Call for Comments, focusing on the content of that document. In this instance, related to your agency, company, buereau, department, country or other organizations' information and/or cybersecurity issues. I've included a link to NISTIR 8050 to assist in fulfilling the Call for Comments. Enjoy.
Over One Billion Served →
Suprised by the largest heist in history? Concerned about Carbanak APT? Clearly, proof-positive that advanced persistent threats are deeply evil - and highly efficient when coupled with other complimentary and stealth-like methodologies (aka Hiding in Plain Sight). Read on...
Criminalization of Cryptography →
If you read anything today about cryptography today, read the work of Stanford University's Center for Internet and Society's Jeffrey Vagle, JD [Mr. Vagle is also a Lecturer in Law and the Executive Director of the Center for Technology, Innovation and Competition [CTIC] at the University of Pennsylvania Law School]; in which, Mr. Vagle examines the criminalization of cryptography [snippet of his work appears below].
'We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.' - via Jeffrey Vagle writing at the Center for Internet and Society, at Stanford University
Spamhaus Statistics of Cybercrime
Spamhaus has released research targeting cyber-crime within the 2014 calendar year. Evidence of increased pernicious botnet behavior attributed to these master/slave systems is the research report's message. Interestingly, Spamhaus has said "Because these IP addresses host no legitimate services or activities, they can be blocked (blackholed) on an ISP's or company's network without the fear of affecting legitimate traffic."
Gentry
Outstanding screed, penned by Nicholas White, writing at The Kernel, details the apparent Gentrification of Cybercrime. Who'd A Thought... An electronic Thomas Crown, eh wot?
{with apologies to the Blandings...}
Apologies to the good ship Peter Iredale...
Dread Pirate Roberts, Leaking Data...
Today's MustRead - via the inimitable Brian Krebs at Krebs on Security - targets the nefarious Dread Pirate Roberts. Allegedly the Master of the Silk Road, and the ramifications to the configuration of the sites' conceptually flawed CAPTCHA configuration (utilizing data from the open interweb, rather than the apparently less-than-dark web). Enjoy!
Le Affront du Journée: Target Claims No Liability
via the Office of Inadequate Security, comes news [reported by Tom Webb of the Pioneer Press in Minneapolis, MN] of Target Corporation's [NYSE: TGT] attempt to transfer risk to it's clientele [and others, with potentially deeper pockets]; mon dieu! après le fait, as it were...
Horror Vacui Intra Facinus →
Brian Krebs illustrates a proliferation of legal businesses with nefarious polar-opposites as the lead-in to the main topic of that day's posting: An online service that will thoroughly deplete a targeted competitor's advertising budgets. While interesting in-and-of-itself, the topical post contains a sub-plot of existential interest. Curious? Read On.
The fascinating content of Mr. Krebs well-researched and concise post is not the miscreant service he describes in superb detail, but the notion of business/anti-business constructs [a la Matter/Antimatter, if you will...].
With the application of scrutiny (whether cursory or in-depth), researchers can locate exact, crime-laden copies of nearly every legit business or activity existing in the under-belly of our beloved Interweb. This behavior exactly matches the physical world, as the nature of the two opposing antagonists will expand to fill any empty space, vis-à-vis the concept of horror vacui.