Categories
Communication CyberSecurity Media News Safety Security

The ICRC issues “Rules of engagement” to hacktivists after chaos

The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts.

The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion.

The eight rules include bans on attacks on hospitals, hacking tools that spread uncontrollably and threats that engender terror among civilians.

But some cyber-gangs have told BBC News they plan to ignore them.

Spreading globally

The ICRC, responsible for overseeing and monitoring the rules of war, is sending the new rules to hacking groups particularly involved in the Ukraine war. It is also warning hackers their actions can endanger lives, including their own if deemed to make them a legitimate military target.

Patriotic hacking has risen over the past decade. The ICRC statement highlights pro-Syrian cyber-attacks on Western news media in 2013.

But the worrying trend, accelerated by the Russia-Ukraine conflict, is now spreading globally, ICRC legal adviser Dr Tilman Rodenhäuser says.

“Some experts consider civilian hacking activity as ‘cyber-vigilantism’ and argue that their operations are technically not sophisticated and unlikely to cause significant effects,” he says.

“However, some of the groups we’re seeing on both sides are large and these ‘armies’ have disrupted… banks, companies, pharmacies, hospitals, railway networks and civilian government services.”

Based on international humanitarian law, the rules are:

  1. Do not direct cyber-attacks against civilian objects.
  2. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.
  3. When planning a cyber-attack against a military objective, do everything feasible to avoid or minimise the effects your operation may have on civilians.
  4. Do not conduct any cyber-operation against medical and humanitarian facilities.
  5. Do not conduct any cyber-attack against objects indispensable to the survival of the population or that can release dangerous forces.
  6. Do not make threats of violence to spread terror among the civilian population.
  7. Do not incite violations of international humanitarian law.
  8. Comply with these rules even if the enemy does not.

The ICRC is also imploring governments to restrain hacking and enforce existing laws.

The Ukraine conflict has blurred the boundaries between civilian and military hacking, with civilian groups such as the IT Army of Ukraine being set up and encouraged by the government to attack Russian targets.

The IT Army of Ukraine, which has 160,000 members on its Telegram channel, also targets public services such as railway systems and banks.

Its spokesman told BBC News it had not decided whether to implement the ICRC rules. The group has already banned attacks on healthcare targets – but said the wider civilian impact was unavoidable.

“Adhering to the rules can place one party at a disadvantage,” the spokesman added.

Large groups in Russia have similarly attacked Ukraine and allied countries – including disruptive but temporary attacks, such as knocking websites offline, on hospitals.

BBC Contact

Killnet’s leader, “Killmilk”, plans to ignore the rules.

“Why should I listen to the Red Cross?” a representative of Killnet, which has 90,000 supporters on its Telegram channel, asked BBC News.

Pro-Russian groups are accused of working directly for, or in conjunction, with the Kremlin. But Killnet strongly denies this.

Meanwhile, a representative of Anonymous Sudan, which in recent months has begun attacking technology companies and government services it says are critical of Sudan or Islam, told BBC News the new rules were “not viable and that breaking them for the group’s cause is unavoidable”.

And a high-profile member of the Anonymous collective told BBC News it had “always operated based on several principles, including rules cited by the ICRC” but had now lost faith in the organisation and would not be following its new rules.

Source: BBC News.

Recommended reading: ICRC on CyberWarfare and International Humanitarian Law (IHL).

Categories
Communication Information Security Technology

5 effective technical cybersecurity measures

The most common attacks are carried out with malicious software targeting employees’ computers and by guessing simple passwords. Most of these attacks can be technically stopped, even if employees were to click on malicious software.

Here are five effective technical measures system owners should use to protect their systems against internet-related data attacks:

  1. Install security updates as soon as possible, possibly as an automatic (but monitored) process.
  2. Do not grant administrator or power-user privileges to end-users.
  3. Do not permit the use of weak passwords, and enforce the use of multifactor or passwordless authentication methods where possible.
  4. Remove technical debt; phase out older ICT products.
  5. Only permit the use and installation of software approved by the organization or device vendor.
Categories
Communication Information Security

Improbus help businesses conduct secure voting, polls, and surveys

In connection with state COVID-19 restrictions, many general meetings and board meetings must be held digitally to reduce the risk of infection.

For many businesses, this poses challenges, particularly related to the correct conduct of surveys, polls, and voting.

Improbus has, on behalf of clients, built a system for efficient, secure, and anonymous conduct of surveys, polls and, voting, with credible results.

Categories
Health News Safety Security

Additional measures implemented due to the COVID-19 pandemic

Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has suspended all travel activity until further notice.

The travel- and meeting-restrictions were originally scheduled to apply from 2020-03-13 to 2020-03-26, but the Norwegian government has now extended this ban to apply until 2020-04-16.

None of Improbus’s employees are infected by the Coronavirus (SARS-CoV-2).

Nevertheless, we continue to comply with advice from both the WHO and the Norwegian authorities.

All scheduled meetings will be held as planned – but electronically – via instant messaging Telegram (chat) or encrypted VoIP.

For urgent questions or emergencies, Improbus technicians will remain available via SMS and phone at +47-94102030.

Non-urgent and non-sensitive matters should be communicated using email.

Electronic communication using Telegram is preferred.

For more information about the Coronavirus (SARS-CoV-2) and the Coronavirus Disease 2019 (COVID-19), please see WHO‘s webpages (English), Helsenorge (Norwegian), or the Norwegian Government’s homepage (“Regjeringen”) in Norwegian or English.

Categories
News Security

Successful recovery of stolen domain names

Improbus facilitated today the safe return and recovery of stolen domain names.

Two competing companies were domain name holders of domain names associated with each other’s businesses.

In connection with maintenance on the domain name services on behalf of Company A, it was discovered that one of the domain names had been illegally transferred from ISP A to ISP B, then deleted by the registry and re-registered by the registrar within milliseconds.

This action led to the unauthorized and illegal transfer of domain name ownership from Company A to Company B. The domain name hijacking and subsequent domain name theft were made possible by means of ID theft.

Information on the method used was obtained and extensively documented by Improbus, and the persons and companies involved were confronted.

Instead of a judicial process, an amicable agreement was entered into between the parties – after mediation by Improbus:

Assuming that Company B transfer domain names that were affiliated and associated with Company A – Company A would in return refrain from reporting criminal offenses (i.e., theft of domain names) to the police, as well as permit the legal transfer one of its domain names to Company B.

In this way, the normal situation was restored in an efficient, peaceful and amicable manner – without involving the prosecution authorities or the justice system.

Improbus’ handling of the incident led to a happy outcome for both parties.

Categories
Media Security Syndicated

Zyxel Flaw Powers New Mirai IoT Botnet Strain

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.

Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant — dubbed Mukashi — on Mar. 12. The new Mirai strain targets CVE-2020-9054, a critical flaw that exists in many VPN firewalls and network attached storage (NAS) devices made by Taiwanese vendor Zyxel Communication Corp., which boasts some 100 million devices deployed worldwide.

Like other Mirai variants, Mukashi constantly scans the Internet for vulnerable IoT devices like security cameras and digital video recorders (DVRs), looking for a range of machines protected only by factory-default credentials or commonly-picked passwords.

Palo Alto said IoT systems infected by Mukashi then report back to a control server, which can be used to disseminate new instructions — such as downloading additional software or launching distributed denial of service (DDoS) attacks.

Zyxel issued a patch for the flaw on Feb. 24, but the update did not fix the problem on many older Zyxel devices which are no longer being supported by the company. For those devices, Zyxel’s advice was not to leave them connected to the Internet.

A joint advisory on CVE-2020-9054 from the U.S. Department of Homeland Security and the CERT Coordination Center rates this vulnerability at a “10” — the most severe kind of flaw. The DHS/CERT advisory also includes sample code to test if a Zyxel product is vulnerable to the flaw.

My advice? If you can’t patch it, pitch it, as Mukashi is not the only thing interested in this Zyxel bug: Recent activity suggests attackers known for deploying ransomware have been actively working to test it for use against targets.

Source: KrebsOnSecurity.

Categories
Health News Safety Security

Measures implemented due to the COVID-19 pandemic

Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has suspended all travel activity until further notice.

None of Improbus’s employees are infected by the Coronavirus (SARS-CoV-2).

Nevertheless, we comply with advice from both the WHO and the Norwegian authorities, which recommend reduced travel- and face-to-face meeting-activities.

However; all scheduled meetings will be held as planned – but electronically – via instant messaging Telegram (chat) or encrypted VoIP.

For urgent questions or emergencies, Improbus technicians will remain available via SMS and phone at +47-94102030.

Non-urgent and non-sensitive matters should be communicated using email.

Electronic communication using Telegram is preferred.

For more information about the Coronavirus (SARS-CoV-2) and the Coronavirus Disease 2019 (COVID-19), please see WHO‘s webpages (English) or Helsenorge (Norwegian).

Categories
Media News Security

Man convicted of “extensive data breach”

Man convicted of “extensive data breach” in Bergen District Court

Article from Digi / BT / NTB

A 30-year-old man in Bergen District Court has been sentenced to 14 days suspended prison for data breach by the Norwegian Public Roads Administration. The man says he wanted to develop an app.

In addition to the conditional prison sentence, the foreign man living in Bergen is sentenced to give up two hard drives and one SSD disk, writes Bergens Tidende.

The defendant wanted to develop an app that would allow contact with the owner of a motor vehicle without exchanging personal information, according to the judgment.

The man extracted information about Norwegian car owners from the Roads Administration’s website, but this went beyond what the Norwegian Public Roads Administration intended to offer of information through the service. Therefore, he is convicted of violation of section 207 of the Penal Code for burglary in computer systems.

The defendant understood that this was not how the service should be used, the court believes.

But the court also states that the information he obtained was legally obtained through a request for access.

The man’s defender, attorney Alexander Gonzalo Sele, says he and the client will go through the verdict and consider whether to appeal.

– We believe the judgment raises fundamental questions about what can be characterized as a data breach. He has retrieved information that was publicly available and that one could also find using a regular telephone directory, Sele says, pointing out that the client did not get any sensitive information.

© NTB

Source: digi.no (Article in Norwegian)

Improbus’ comments

The verdict (case number TBERG-2019-141281) is available online, in Norwegian (check Google Translate for an OK English translation).

According to the accusation (and verdict), the accused accessed publicly available web resources served by the Norwegian Public Roads Administration.

The accused then opened several browser tabs, and changed the individual URLs slightly, to see if the different http requests yielded individual, but still relevant results.

The accused allegedly then proceeded to collect the output of the respective web outputs provided by the site; storing them in a local database; one record for each http request.

Bergen District Court has ruled that even though the information gained and stored was already publicly available, nor did any damage or presented the server with a significant load of any kind – the action is still to be perceived as illegal.

Since the information from the Norwegian Public Roads Administration’s web site already was publicly available, it is obvious to think that this system behavior was intentional.

It is obvious to Improbus that what has been explained as misuse of a minor design flaw, has not been misused for evil purposes at all, but rather as a means for retrieving public data in an efficient, easy and convenient way.

If the data had been private or sensitive, the situation would have been quite different – maybe not technically or juridically, but at least ethically and morally.

It is sad to see that neither the courts nor the police able to keep up with current knowledge about the common usage of information systems.

If this really is a criminal act, it is nonetheless a victimless one.

Categories
Media Security

How PhotoDNA for Video is being used to fight online child exploitation

In the past, when someone tipped off the Internet Watch Foundation’s (IWF) criminal content reporting hotline to an online video they thought included child sexual abuse material, an analyst at the U.K. nonprofit often had to watch or fast forward through the entire video to investigate it.

Because people sharing videos of child sexual abuse often embed this illegal content in an otherwise innocuous superhero flick, cartoon or home movie, it could take 30 minutes or several hours to find the content in question and determine whether the video should be taken down and reported to law enforcement.

Last year, IWF, a global watchdog organization, started leveraging PhotoDNA — a tool originally developed by Microsoft in 2009 for still images — to identify videos that have been flagged as child sexual abuse material. Now it often takes only a minute or two for an analyst to find illegal content.

Microsoft Cybercrime Center. Photo: Benjamin Benschneider.

Microsoft is now making PhotoDNA for Video available for free, and any organization worldwide interested in using the technology can visit the Microsoft PhotoDNA website to find out more, or to contact the team.

“It’s made a huge difference for us. Until we had PhotoDNA for Video, we would have to sit there and load a video into a media player and really just watch it until we found something, which is extremely time-consuming,” says Fred Langford, deputy chief executive of IWF, which collaborates with sexual abuse reporting hotlines in 45 countries around the world.

“This means we can identify and disrupt online sexual abuse and help victims much faster,” says Langford.

“We don’t want this illegal content shared on our products and services. And we want to put the PhotoDNA tool in as many hands as possible to help stop re-victimization.”

Courtney Gregoire, Microsoft Digital Crimes Unit

PhotoDNA for Video builds on the same technology employed by PhotoDNA, a tool Microsoft developed with Dartmouth College that is now used by over 200 organizations around the world to curb sexual exploitation of children. Microsoft leverages PhotoDNA to protect its customers from inadvertently being exposed to child exploitation content, helping to provide a safe experience for them online.

PhotoDNA has also enabled content providers to remove millions of illegal photographs from the internet; helped convict child sexual predators; and, in some cases, helped law enforcement rescue potential victims before they were physically harmed.

In the meantime, though, the volume of child sexual exploitation material being shared in videos instead of still images has ballooned. The number of suspected videos reported to the CyberTipline managed by the National Center for Missing and Exploited Children (NCMEC) in the United States increased tenfold from 312,000 in 2015 to 3.5 million in 2017. As required by federal law, Microsoft reports all instances of known child sexual abuse material to NCMEC.

Microsoft has long been committed to protecting its customers from illegal content on its products and services, and applying technology the company already created to combating this growth in illegal videos was a logical next step.

“Child exploitation video content is a crime scene. After exploring the development of new technology and testing other tools, we determined that the existing, widely used PhotoDNA technology could also be used to effectively address video,” says Courtney Gregoire, Assistant General Counsel with Microsoft’s Digital Crimes Unit. “We don’t want this illegal content shared on our products and services. And we want to put the PhotoDNA tool in as many hands as possible to help stop the re-victimization of children that occurs every time a video appears again online.”

A recent survey of survivors of child sexual abuse from the Canadian Centre for Child Protection found that the online sharing of images and videos documenting crimes committed against them intensified feelings of shame, humiliation, vulnerability and powerlessness. As one survivor was quoted in the report: “The abuse stops and at some point also the fear for abuse; the fear for the material never ends.”

The original PhotoDNA helps put a stop to this online recirculation by creating a “hash” or digital signature of an image: converting it into a black-and-white format, dividing it into squares and quantifying that shading. It does not employ facial recognition technology, nor can it identify a person or object in the image. It compares an image’s hash against a database of images that watchdog organizations and companies have already identified as illegal. IWF, which has been compiling a reference database of PhotoDNA signatures, now has 300,000 hashes of known child sexual exploitation materials.

PhotoDNA for Video breaks down a video into key frames and essentially creates hashes for those screenshots. In the same way that PhotoDNA can match an image that has been altered to avoid detection, PhotoDNA for Video can find child sexual exploitation content that’s been edited or spliced into a video that might otherwise appear harmless.

“When people embed illegal videos in other videos or try to hide them in other ways, PhotoDNA for Video can still find it. It only takes a hash from a single frame to create a match,” says Katrina Lyon-Smith, senior technical program manager who has implemented the use of PhotoDNA for Video on Microsoft’s own services.

PhotoDNA for Video is one of many technologies used by Microsoft to protect customers online. Photo: Benjamin Benschneider.

Organizations that are already using an on-premise version of PhotoDNA to remove illegal images will be able to seamlessly add the capability to identify videos. Microsoft is also looking for partners to test the video technique on its PhotoDNA Cloud Service.

Automated tools like PhotoDNA have made a huge difference in the fight against online child exploitation, particularly for smaller companies that otherwise wouldn’t have the capacity or know how to find illegal content on their apps and websites, says Cecelia Gregson, a senior King County prosecutor and attorney for the Washington Internet Crimes Against Children Task Force.

Gregson estimates that 90 percent of the cases she investigates now come from CyberTipline reports submitted by companies using PhotoDNA to keep their platforms clean. Under federal law, all internet and email service providers are required to report knowledge of child pornography to NCMEC.

“It’s made a huge difference…We can identify and disrupt online sexual abuse and help victims much faster.”

Fred Langford, Internet Watch Foundation

“This is not about looking at someone’s online shopping patterns or uploaded family photos. We are seeking files depicting the sexual abuse of children,” says Gregson. “We are concerned with protecting child victims, and about making sure the places you go online and your children go online are not riddled with images of child abuse and exploitation. The technology can also help us identify child sexual predators whose collections of images can cause further psychological, emotional and mental trauma to their victims.”

Since PhotoDNA and other tools became widely available, the number of reports to NCMEC’s CyberTipline has grown from 1 million in 2014 to 10 million in 2017, says John Shehan, vice president for NCMEC’s exploited children division.

“These technologies allow companies, especially the hosting providers, to identify and remove child sexual content more quickly,” says Shehan. “That’s a huge public benefit.”

Learn how to detect, remove and report child sexual abuse materials with PhotoDNA for video, or contact photodnarequests@microsoft.com. Follow @MSFTissues on Twitter.

Source: Microsoft.

Categories
Media Security

PhotoDNA scans images for child abuse

Internet service providers may have better success at scanning their networks to actively seek out illicit images of child abuse, thanks to technology donated by Microsoft and Dartmouth College.

On Wednesday, the software giant and the well-known college announced that they had developed a software program to match modified images to the original by using a form of robust hashing that can ignore certain types of changes, such as resizing, cropping and the inclusion of text. The team donated the program, dubbed PhotoDNA, to the National Center for Missing and Exploited Children.

The NCMEC will make the program available to ISPs to detect the “worst of the worst” in child pornography — those images that show pre-pubescent children being sexually abused, said Ernie Allen, CEO and president of the NCMEC.

The intent is to “use the technology very narrowly and very specifically,” Allen said.

The agreement follows a number of other successful initiative in fighting child abuse online. In June 2008, three ISPs signed an agreement with the New York State Attorney General’s office to police their networks for child pornography and donate money to the state and the NCMEC to fund investigations. In 2007, MySpace agreed with the attorneys general of more than 40 states to turn over information regarding sex offenders on its network.

While law enforcement has successfully prosecuted hundreds of cases of possession and distribution of illicit images, a small number of cases have underscored overzealous prosecutions. In one case, a Massachusetts government agency fired and reported one of its workers for having child pornography on his laptop, but a later investigation showed that the lack of functioning antivirus software resulted in his laptop being compromised and subsequently filled with illicit images.

Microsoft has already tested the software on its networks and plans to roll out the tool to scan public sources for images for child pornography, said Brad Smith, senior vice president and general counsel at the software giant.

“It is not enough to catch the perpetrators, we have to stop the images to prevent the subjects from being a victim again,” Smith said.

While Microsoft will scan public sources for matches to a small database of the worst abuse images, the software giant will not scan private data nor communications, Smith said. ISPs, the government and privacy advocates should discuss the legal and policy issues of such scanning, he said.

Child pornography is a major priority of law enforcement and the detection of images of abuse has grown significantly, according to the NCMEC. Since 2003, the organization has viewed and analyzed 30 million images classified as child pornography, the group claims. Allen predict that the group will deal with another 9 million in 2010.

Much of the increase in child pornography is due to the Internet’s ability to allow communities to form among traders of child pornography, he said.

“They (the criminals) no longer view themselves as aberrant,” Allen said. “We made enormous progress on the commercial side … but it has migrated to the noncommercial side.”

In the latest announcement, a large scale test of the PhotoDNA tool found that less than one false positive occurred in every billion images scanned, said Hany Farid, a professor of computer science at Dartmouth and co-developer of PhotoDNA. In addition, the software recognizes about 98 percent of images derived from those in its database.

“We tested it over billions and billions of images,” he said. “We tried very hard to make it very efficient … and to minimize the false alarm rate.”

Source: SecurityFocus.