Archive for 2011/10/11
The infosec industry needs to move beyond “faith-based security” to an evidence-based approach that takes ideas from battlefield combat if corporations are ever to get ahead of hackers and keep security spending down to manageable levelsPosted: 2011/10/11 in Education / Awareness, New Business Models
VeriSign, which manages the database of all .com internet addresses, wants powers to shut down “non-legitimate” domain names when asked to by law enforcementPosted: 2011/10/11 in Blocking, Education / Awareness, Enforcement, Filtering, New Business Models
A2B Internet to sue Spamhaus for extortion. Spamhaus accused of threatening A2B and its customers with “Denial of Service” attacks if A2B would refrain from taking action against “Pirate Bay and WikiLeaks hoster” Cyberbunker / CB3ROBPosted: 2011/10/11 in Education / Awareness, Litigation, Stats / reports
According to the Webwereld.nl article this is what happened:
- A2B Internet is hosting Cyberbunker/CB3ROB via a customer: colocated host Datahouse;
- Cyberbunker/CB3ROB is believed to be hosting ThePirateBay.org and WikiLeaks.org using servers of Datahouse (which in turn is using the services of A2B Internet);
- According to A2B Internet, one IP address within Cyberbunker/CB3ROB’s IP range may have been used for SPAM distribution;
- In relation to that spam activity, Spamhaus asked A2B Internet to block all traffic related to Cyberbunker/CB3ROB;
- A2B Internet refused as it believed that request to be disproportionate;
- Spamhaus then blacklisted all IP ranges belonging to A2B Internet (rather than Cyberbunker/CB3ROB);
- This disrupted the services of all of the customers of A2B Internet;
- A2B Internet gave in to the pressure and has stopped “advertising” the IP range of Cyberbunker/CB3ROB;
- A2B Internet will now go and sue Spamhaus
Spamhaus Managing Director Steve Linford states that the rules and procedures of Spamhaus have been the same for the past 10 years. Whenever upstream providers are aware of spamming activities or are actively supporting the work of spammers they will be blacklisted too. “Arguing that appearing on an SBL list is the same as extortion is pretty much the same as arguing that you’re being extorted by a restaurant because they are not allowing you in because they feel you’re not dressed appropriately.”
Dutch language news article:
Pictures And Video From Within The Spanish Hideout Of Cyberbunker Operator Sven Olaf Kamphuis
Cyberbunker Operator And DDOS Suspect Sven Olaf Kamphuis Operated From Bunker In Spain As Well As His Mobile “Hacker Van”
Cyberbunker Operator And Alleged Spamhaus DOS Attacker Sven Olaf Kamphuis Arrested In Spain
“It was all Photoshop,” says Guido Blaauw (aka Rik van Esser?), of Bunkerinfra Datacenters (aka Cyberbunker), and Kamphuis fled to Spain
It seems clear that the CB3ROB network hijacked one (or more) of the IP addresses of Spamhaus, and installed a DNS server there which incorrectly returns positive results to every query (Cyberbunker)
“Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’” Cyberbunker’s Sven Kamphuis wrote on his Facebook wall March 23
Current owner of “NATO bunker” – Bunkerinfra Datacenters – states that “Cyberbunker” and Sven Olaf Kamphuis have left the building
Let’s start with some truth. The “Cyberbunker attack” did reach upwards of 300 Gb/sec and is the largest recorded DDoS to date
The Cyberbunker Revisited: The American Dream, Swindlers, Aliases, Big Money, Fraud, Dope, Governments And…Terrorists?
In Spamhaus’s view, cb3rob is the worst spam ISP in the world (Cyberbunker)
How Spamhaus’ attackers turned DNS into a weapon of mass destruction (Cyberbunker)
Cloudflare reveals details of ‘world’s biggest’ cyber attack (Cyberbunker)
Blast From The Past: “I guess all I can say is I’ll take what I can get” (Cyberbunker, Sven Olaf Kamphuis, CB3ROB, XTC, Porn, Pirate Bay, WikiLeaks, Fake WHOIS, Leaked Prefix, IP Tunnel)
The sheer scale of the attack by Cyberbunker is having an impact on services like Netflix and could eventually affect banking, email and other systems
Cyberbunker’s Sven Olaf Kamphuis To SpiegelOnline: “I brought in a few of my customers (…) and then it all started”
Five national cyber-police-forces are investigating the unprecedented Denial of Service attacks by Cyberbunker
Cyberbunker’s Sven Olaf Kamphuis: “They (SpamHaus) Think That They Are In Charge On The Internet, But WE Are In Charge”
Has Cyberbunker Launched The Largest Publicly Announced DDoS Attack In The History Of The Internet?
A2B Internet to sue Spamhaus for extortion. Spamhaus accused of threatening A2B and its customers with “Denial of Service” attacks if A2B would refrain from taking action against “Pirate Bay and WikiLeaks hoster” Cyberbunker / CB3ROB
Gartner Says Worldwide Social Media Revenue Is on Pace to Total $10.3 Billion in 2011 and Grow to $14.9 Billion in 2012Posted: 2011/10/11 in Education / Awareness, Stats / reports
Some European Union politicians have already begun raising questions about the use of DigiTask’s software in various EU member states.
English language news article:
Dutch language news article:
Bavarian Minister of Interior Joachim Herrmann Admits That His Government Used Spying Trojan Developed By DigiTask And Exposed by Chaos Computer Club
Dutch Political Party Democrats 66: Collecting society BUMA/STEMRA needs to be regulated by a new ‘Super Authority’Posted: 2011/10/11 in Education / Awareness, New Business Models, Public Policy
Existing provisions for checks and balances are insufficient. New ‘Super Authority’ will combine the Dutch Telecom Regulator OPTA, The Dutch Consumer Authority and The Netherlands Authority for Consumers and Markets. It will be better suited to check the practices of the collecting society BUMA/STEMRA.
Dutch language news articles:
It’s a disappointing time for the NYSE hackers. They wanted to protest Wall Street by obliterating the NYSE website, but they failedPosted: 2011/10/11 in Cybercrime, Education / Awareness
Bavarian Minister of Interior Joachim Herrmann Admits That His Government Used Spying Trojan Developed By DigiTask And Exposed by Chaos Computer ClubPosted: 2011/10/11 in Cybercrime, Education / Awareness, Enforcement, Network Security, Privacy / Data Protection, Public Policy
The malware called ’0zapftis’ or ‘R2D2′ is capable of:
- eavesdropping on Skype conversations
- stealing passwords
- circumventing encryption tools such as TrueCrypt (probably by using a keylogger which keeps track of keystrokes)
- taking screenshots
- recording audio
According to the Bavarian police the tool has been used in accordance with the law and that certain functionalities had been disabled, all of which is contradicting the findings of the Chaos Computer Club.
Dutch language news article:
German language news article:
German government accused of spying on citizens with state-sponsored Trojan
Everybody in Mexico knows Rieu thanks to the illegal sales of his CDs at numerous markets in Mexico.
This has resulted in skyrocketing sales of tickets to his concerts:
50,000 tickets sold for Mexico City, 13,500 tickets sold for Guadelajara and another 5,000 for Monterrey.
Rieu says that Mexico does have laws against piracy but that people see it as a sport to try and circumvent them, to a certain extent. “I’m not afraid for piracy, my audience will rather go and buy the real thing anyway.”
Currently Rieu is at the top of the Mexican charts in relation to his DVD “Fiesta Mexicana.” He is also ranked as first, fifth and ninth in the top ten list of most popular CDs ever sold.
Dutch language news article:
New anti-piracy strategy: James told TorrentFreak that after the first couple of levels, gamers found themselves dumped out and directed to a website containing a questionnairePosted: 2011/10/11 in Education / Awareness, Illegal File Sharing, New Business Models, Stats / reports
It asked why people illegally download, which torrent and DDL sites they use, how much data they download per month, what content people download (with a focus on PC games) and what, if any, anonymity services they use.
A whole section of the questionnaire was dedicated to DRM systems such as SecuROM, Steam, and solutions from EA and Ubisoft. Vigilant also asked respondents if they were planning on buying the game when it came out officially and how much they would pay for it – the average (including nearly 24% of respondents who indicated they had already pre-ordered at the full price) was $28.00.
The whole point of the experiment, James says, was to get pirates to download a free trial of a game and then go on to buy the full product through a yet-to-be-created distribution system. He apologized for having to do that by tricking pirates into a ‘fake’ download and went out of his way to say that he wishes to embrace file-sharers, not treat them as enemies.
Extraordinary claims require extraordinary evidence. Esteemed scientist and science communicator Carl Sagan reminded us of that throughout his career, but the message didn’t sink in at some newdesksPosted: 2011/10/11 in Education / Awareness
All you have to do is track the news of the “kraken” to see that recycling press releases often counts for “science news” right now. Jeanna Bryner of LiveScience swallowed the big squid story whole and had her version regurgitated at FOX and CBS News. Dean Praetorius of the Huffington Post, Houston Chronicle’s “Sci Guy” Eric Berger, and TG Daily’s Kate Taylor also took the bait. Who could resist a sensational, super-sized squid? Only Cyriaque Lamar of io9 sounded a minor note of skepticism — “But the possibility of finding that which is essentially a gargantuan mollusk’s macaroni illustration?”, Lamar wrote, “That’s the kind of glorious crazy you hope is reality.” Leave it to science bloggers like PZ Myers to point out how ridiculous this media feeding frenzy is.
But what really kills me about this story is the fact that no reporter went to get a second opinion. Each and every story appears to be based directly off the press release and uses quotes directly from that document. No outside expert was contacted for another opinion in any of the stories — standard practice in science journalism — and, frankly, all the stories reek of churnalism.