Paul Roberts

Cryptome Hack – Is It Prank or Payback?

A compromise of the Web site that is a repository for tens of thousands of sensitive documents has led to questions about the purpose of the hack, and whether the identity of those who have leaked information may have been exposed.

Report: FCC May Push ISPs To Crack Down on Botnets

We’ve known for a long time that botnets are the Madwoman in the Attic at most major Internet service providers (ISPs)- an unseemly and occasionally embarrassing presence that is occasionally dealt with, but usually silently tolerated. But now, it seems, there’s pressure mounting on ISPs to do something about the endemic botnet operations that are leveraging their global networks to spew spam, carry out denial of service attacks and push malware.

Adobe Issues Huge Patch for Reader and Acrobat

UPDATE: After announcing that it was accelerating a critical patch of its Reader program last week, Adobe pushed out a large patch on Tuesday, fixing 23 separate vulnerabilities in its Reader and Acrobat applications. 


Kaspersky Lab released its malware statistics report for September. Buried among the data on the top malware detected on users’ machines and being pushed from malicious Web sites is an interesting factoid: Iran no longer ranks as a Stuxnet hotspot, while India continues to struggle with the effects of the sophisticated virus.

We know Stuxnet has caused some major disruptions in nations like Iran and India. But how, exactly, does it work? In this video, Symantec researcher Liam O’Murchu demonstrates how a Stuxnet infected programmable logic controller (PLC) by Siemens can instruct a piece of machinery to run out of control.

VANCOUVER – Working as Facebook’s resident malware researcher is a lonely job, for now. But Nick Bilogorskiy doesn’t expect it to stay that way. In fact, Facebook’s biggest security challenge will be building up its capabilities to identify and tamp down malware infections like the 2009 Koobface worm.

ED: Gaps in international cyber law could hamper Mariposa case DEK: The take down of the Mariposa botnet is a cyber law enforcement success story – but gaps in international cyber law could make it difficult to prosecute those behind the botnet. A researcher involved in the analysis and dismantling of the Mariposa botnet said that gaps in cyber law in the countries from which the botnet was operated may make it difficult to prosecute those accused of operating the scheme. Pedro Bustamante, a senior researcher at Panda Security in Spain said that the 20-something crew behind the Mariposa botnet, which netted more than E20,000 a month at its height, may never see jail time because of lax cyber laws in Spain and Slovenia that, among other things, don’t consider it a crime to operate a botnet. In a presentation at the Virus Bulletin Conference in Vancouver, British Columbia, Bustamanted said the take down of the Mariposa botnet, which controlled up to 12 million computers at one point, was an example of the benefits of close cooperation between IT security and anti malware firms and law enforcement. Panda was a member of the Mariposa Working Group – a law enforcement industry partnership that also included the US FBI, Spain’s Guardia Civil (GC), as well as researchers at Georgia Tech, Intel and Neustar. Bustamante said that the botnet, one of the largest ever detected, was particularly effective at leveraging MSN instant messaging accounts to spread from computer to computer – monitoring active chat threads, then inserting messages with links to a malicious drive by download Web site into those active conversations. The Working Group, set up shortly after the botnet was identified in May, 2009, proved instrumental in shutting down the command and control infrastructure that Mariposa used in December, 2009. Law enforcement officials in Spain arrested three Spanish citizens accused of being part of the DDR crew, which leased and operated Mariposa from its Slovenian creators. They also seized systems used by the crew to operate the botnet, recovering data on millions and millions of stolen account credentials, Bustamante said. However, Spanish laws may make it difficult to hold the botnet operators and could make prosecution of them difficult, Bustamante said. Despite evidence gathered by law enforcement that the group stole “millions and millions” of credentials from Mariposa-infected systems, it isn’t clear whether that evidence will be admissiable in the case, nor whether operating a botnet explicitly counts as a crime in Spain, Bustmanate said.  Similar challenges may face prosecutors in Solvenia in their attempts to win jail time for Matjaz Skorjanc, a.k.a Iserdo and Nusa Coh,the 20 somethings alleged to have created and sold the Mariposa botnet client and command and control technology. Data seized in the Mariposa case could be used to identify the entire botnet supply chain, including affiliated criminal groups renting botnets and distributing Trojan horse programs, third parties selling hacking tools like crypters and packers, and money mules who are cashing out illicit proceeds. HOwever, Bustamante said its unclear how far law enforcmeent will go in chasing down the many leads that the Mariposa case generated. “The communiation with law enforcement is one way and difficult,” he said. While clearly proof of the benefit to be had from cooperation between law enforcement and private sector companies, Mariposa may also be an example of the limits of such cooperation in the absence of universal adoption of the Convention on Cyber Crime, which harmonizes national laws on computer crime. To date, forty three nations have signed that treaty, including the United States. However, many European nations, including Spain, have not ratified the treaty. (http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=1&DF=9/2/2006&CL=ENG)VANCOUVER–The take down of the Mariposa botnet is a cyber law enforcement success story – but gaps in international cyber law could make it difficult to prosecute those behind the botnet.