The Petya ransomware looks like a cyber attack

The haze of yesterday’s massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hack’s reach touched some of the country’s most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual.

The ostensible purpose of all that damage was to make money — and yet there’s very little money to be found. Most ransomware flies under the radar, quietly collecting payouts from companies eager to get their data back and decrypting systems as payments come in. But Petya seems to have been incapable of decrypting infected machines, and its payout method was bizarrely complex, hinging on a single email address that was shut down almost as soon as the malware made headlines. As of this morning, the Bitcoin wallet associated with the attack had received just $10,000, a relatively meager payout by ransomware standards.

It leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to Ukraine? It’s not the first time the country has come under cyberattack. (These attacks have typically been attributed to Russia.) But it would be the first time such an attack has come in the guise of ransomware, and has spilled over so heavily onto other countries and corporations.

Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program’s decryption failure in a post today, Comae’s Matthieu Suiche concluded a nation state attack was the only plausible explanation. “Pretending to be a ransomware while being in fact a nation state attack,” Suiche wrote, “ is in our opinion a very subtle way from the attacker to control the narrative of the attack.”

Another prominent infosec figure put it more bluntly: “There’s no ******* way this was criminals.”

There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.

In each case, the infections seem to specifically target Ukraine’s most vital institutions, rather than making a broader attempt to find lucrative ransomware targets. These initial infections are particularly telling because they were directly chosen by whoever set the malware in motion. Computer viruses often spread farther than their creators intended, but once Petya was on the loose, the attackers would have had no control over how far it reached. But the attackers had complete control over where they planted Petya initially, and they chose to plant it by some of the most central institutions in Ukraine.

The broader political context makes Russia a viable suspect. Russia has been engaged in active military interventions in Ukraine since former president Viktor Yanukovych was removed from power in 2014. That has included the annexation of Crimea and the active movement of troops and equipment in the eastern region of the country, but also a number of more subtle activities. Ukraine’s power grid came under cyberattack in December 2015, an attack many interpreted as part of a hybrid attack by Russia against the country’s infrastructure. That hybrid-warfare theory extends to more conventional guerrilla attacks: the same day that Petya ripped through online infrastructure, Ukrainian colonel Maksim Shapoval was killed by a car bomb attack in Kiev.

All that evidence is still circumstantial, and there’s no hard link between yesterday’s attacks and any nation state. It could be Ukraine simply presented a soft target, and the attackers screwed up their payment and decryption systems out of simple carelessness. Functional or not, the software involved still has strong ties to traditional ransomware systems, and even if the attackers didn’t make much money off ransom payments, Petya was still collecting credentials and other data from infected machines, which could be valuable fodder for future attacks. That has led researchers like F-Secure’s Sean Sullivan to hold off on nation-state suspicions. “Maybe there’s multiple ways they’re working the money angle, but I think ultimately it’s about money,” Sullivan told me. “Tigers don’t change their stripes.”

Still, the line between common criminals and state agents can be difficult to parse. A recent indictment in the Yahoo hacking case charged Russian officials alongside freelance hackers, and the division of labor was often unclear. Criminals can be enlisted as privateers, or agents can adopt criminal tactics as a way of disguising themselves. If the suspicions around Petya are correct, that line may be growing even thinner, as globe-spanning attacks get lost in the fog of war. With no clear path to a firm attribution, we may never be able to prove who was responsible for this week’s attacks, or what they hoped to achieve. For anyone digging out a Petya-bricked computer system, that clean getaway is adding insult to injury.

Story reported by Russell Brandom (The Verge)

Advertisements

Snapchat map update raises child safety worries

_96608647_37561a

An update to Snapchat that shows publicly posted images on a searchable map has raised safety concerns among parents.

Snap Map lets people search for places such as schools and see videos and pictures posted by children inside.

It also lets people locate their “friends” on a map that is accurate enough to determine where people live.

Snap, the company behind Snapchat, stressed to the BBC that location sharing was an opt-in feature.

Exact location
Snap Map was launched on Wednesday and was promoted as a “new way to explore the world”.

Video clips and photos that members have posted publicly can be discovered on the map, while members who have chosen to share their location can also be seen on the map by those they have added as “friends”.

However, members can add people they have never met to their friends list too.

A message to parents posted by St Peter’s Academy in Staffordshire warned that the location-sharing feature lets people “locate exactly where you are, which building you are in and exact whereabouts within the building”.

One parent described the update as “dangerous” while another said she could not find the setting to disable it.

People have expressed concern online that the app could be used for stalking or working out exactly where somebody lives.

“If you zoom right in on this new Snapchat map thing it literally tells you where everyone lives? Like exact addresses – bit creepy no?” wrote one user called Leanne.

“This new Snapchat update is awful. An invitation for stalkers, kidnappers, burglars and relationship trust issues,” suggested Jade.

Snap told the BBC that accurate location information was necessary to allow friends to use the service to meet, for example at a restaurant or crowded festival, and said points of interest on the map, such as schools, were provided by third-party mapping service Mapbox.

Concerned parents could find out more information on its Privacy Center website, a spokesman told the BBC.

“With Snap Map, location sharing is off by default for all users and is completely optional. Snapchatters can choose exactly who they want to share their location with, if at all, and can change that setting at any time,” a Snap spokesman said.

“It’s also not possible to share your location with someone who isn’t already your friend on Snapchat, and the majority of interactions on Snapchat take place between close friends.”

How to switch off Snap Map location sharing

When in photo-taking mode, pinch the screen to open Snap Map
Touch the settings cog in the top right corner of the screen
Tap “Ghost Mode” to switch off location sharing
Photos and videos posted to Snapchat’s public ‘Our Story’ will still be discoverable on the map

Sears says some Kmart customer credit card numbers compromised

1496289321918

Sears Holdings said on Wednesday it found a security breach involving “unauthorized” credit card activity following some customer purchases at its Kmart stores.

Certain credit card numbers were “compromised” in the event, the company said in an emailed statement, without providing exact figures.

No personal information such as contact details and social security numbers of customers were obtained by those responsible for the breach, Sears said.

“There is also no evidence that kmart.com or Sears customers were impacted,” it said.

Are Reimbursement Scams the New Thing?

Everyone knows scams have always been an issue, especially since the internet has grown, but now it appears a larger scam has developed.

It starts off with a phone call. An unknown individual will claim to be with a software, computer company, advising that their company is closing down and that software was purchased by you years ago. They’ll inform you that you’ll be receiving a reimbursement of $100 or more, because you didn’t get the total amount of years covered by the warranty. Free money sounds great, but are you really going to get this money? No. In fact, you’ll be paying them. How so?

Once the scammer advises you on the amount you’ll supposedly receive, they’ll ask you for financial information to send you the money. After they claim to have sent the money, they’ll say they accidently sent you too much, or they accidently added an extra zero, making it $1000 instead of $100, and you’ll need to send the difference back. Most of these scammers will ask that you send via wire transfer or by a gift card.

Unfortunately, many are falling victim to this newer scam. If you ever receive a phone call or email, stating you’ll be receiving a refund, be sure to listen to all the details and ensure a reputable company is calling you. Most of the time, companies will not attempt to refund you, even if they’re going out of business.

Government grant scams on the rise


The rise of government grant scams have increased within the last couple of years. Individuals receive phone and email communication, stating individuals are eligible to receive grant funding for particular tasks or awards.

How exactly does one identify a scam of this sort? First, the government will always contact you by US Mail, with detailed paperwork of such grants being offered. The government typically will not offer grants unless you inquire about them.

Secondly, the government will never ask you to send money in order to receive grant money. Many victims of these scams report that the suspects involved will request a certain amount of money, in order to receive the grant funding.

If you receive any calls regarding these scams and offers, contact the Federal Trade Commission at 1-877-FTC-HELP and block the caller. Never send any money to any individual offering grants or claiming to be part of the government.