For its two and a half years online, thousands of drug dealers sold every kind of narcotic imaginable on the anonymous online marketplace known as the Silk Road. But put one of the site’s heroin dealers in a courtroom and ask him questions under oath, and the scale and consequences of that drug empire suddenly […]
The post A Heroin Dealer Tells the Silk Road Jury What It Was Like to Sell Drugs Online appeared first on WIRED.
NEW YORK—IRS Special Agent Gary Alford showed a jury personal e-mails from Ross Ulbricht’s Gmail account that prosecutors say line up with chats and other records from the Silk Road drug-trafficking site.
In 2013, Alford searched through the Gmail account belonging to Ulbricht, the 30-year-old Texan who stands accused of being the mastermind behind the Silk Road drug-trafficking website. Alford’s testimony today compared information found on Ulbricht’s computer, including Silk Road expense sheets and chats with administrators, with Ulbricht’s personal Gmail account. Alford also looked through Ulbricht’s Facebook posts.
Prosecutors weren’t able to show any direct mentions of Silk Road on Ulbricht’s Gmail or on Facebook. Instead, they associated e-mails from Ulbricht’s personal life and receipts for travel and electronics with the data found on his laptop, which was open to a Silk Road management page when he was arrested in San Francisco.
Read 13 remaining paragraphs | Comments
The recent attack on Sony has publicly paraded one of the predominant problems in incident response. While the immediate issue in incident response is of course the remediation of compromised systems and bringing these systems and IT services back online, it is entirely human to look for somewhere to cast blame. Let’s begin by fleshing out the “why” of attribution before engaging with the “how”.
Why Attribution?
For an affected entity, and for the security professionals working within it, attribution of the attacker(s) is only an ancillary concern. Certainly steps taken (or not taken) during the direct remediation of the breach are important and even essential to the later attribution effort, but priority of work must be on restoration of service. After service is restored, and the breach points corrected, the attribution process begins. Here are some reasons to perform attribution:
1. Attacker Centered Defense– If the attacker can be identified or at least have their tactics, techniques and procedures characterized, it may be possible to take steps to make their next intrusion more difficult and time consuming.
2. Legal/Governmental Retribution– Bringing criminal charges or taking other action against the attacker may deter future attackers, or may have deterrence against the current attackers if they are in a jurisdiction where criminal charges cannot be brought, but are vulnerable to intergovernmental or other pressures.
3. “Hacking Back”– This is an operation pregnant with a host of legal and ethical concerns. It may appear advantageous in the midst of an attack to attack back, but the technical reasons for doing so need to be looked at carefully. There are two scenarios where hacking back could reduce the impact of an ongoing hacking attack. One of these is a DDOS attack, where hacking back into the command and control systems of the attributed botnet may be a viable method to stem the attack. In the second scenario, stolen data belonging to the attacked entity has been definitively located (through attribution efforts) on a server, and then the entity performs a hacking operation to delete that data before it can be copied or moved. Both of these operations are patently illegal in the U.S. due to the Computer Fraud and Abuse Act. Both also carry a low probability of success or advantage for the attacked entity. If a DDOS operation is disrupted, other botnets can be easily employed by the attacker at short notice, or they may regain control of the compromised botnet. The command and control servers may also be innocent bystanders who are unknowingly playing host to malware. Taking down the servers of a hospital or local government or foreign military could have extremely serious human and geopolitical downsides. In the second scenario, the attacked entity would have to be extremely proactive to get the toothpaste back into the tube. In fact, it is so difficult it may as well be regarded as functionally impossible, and there is little chance of getting all the data before it is further disseminated.
Looking at the limited reasons for attribution and given especially the weakness of the third reason, it may be entirely reasonable for an attacked entity to decide not to pursue attribution. In the end, even having your attacker arrested will not undo the damage caused in the attack. The process of attribution is also not cost free. Additionally, any major actions taken on the basis of the attribution performed may only result in more reputation damage for the entity as the original breach and security failure is further publicized.
Why Attribute the Sony Hack?
Obviously an attack as devastating as Sony’s–which will probably involve hundreds of millions of dollars in damage to Sony Pictures Entertainment, in addition to a substantial erosion of their reputation and personal damage to many of their prominent employees–should be answered. To decide to not attribute the attackers would make their actions seem tacitly permitted, and probably contribute to further devastating attacks against other entities. This Public Order justification is the purview of the FBI, who has taken a lead role in the investigation of the attack. Sony, of course, probably wishes nothing more than for this incident to go away and may be leaning more towards active disinterest in attribution. It isn’t as if any future lawsuit will recover their lost capital, and their threats of legal action against those who published the more tabloid-friendly portions of their internal emails are at serious risk of the Streisand Effect.
Of course, SPE is not the only actor involved. There are cyber security companies and the U.S. Government at work here as well. Attribution is in the interests of cyber security companies for reputation and prestige reasons, as a proof of their aptitude and ability. On the government side attribution can be a marker of aptitude as well, however, retribution is also a significant influence. In the global and domestic political arenas strong attribution can aid in the pursuit of other interests. Attribution has been used by the U.S. Government previously to pressure the Chinese Government in regards to their cyber espionage campaigns, and charges have been filed in the U.S. against a number of their operators. So it comes to this. The primary reasons for attribution are political, as support for past and future actions and as an instrument of geopolitical pressure. The actions supported by attribution may include legislative efforts, international sanctions, and even electronic and physical attacks.
In Part Two of this work, having established the interests of the actors involved in attribution, we will look at the “How” of the SPE hack attribution as far as it is known publicly.
Ross Ulbricht was back in a Manhattan federal courtroom today facing drug trafficking and money laundering charges for allegedly running the Silk Road online drug marketplace. We’ll have a story on today’s court action posted shortly.
A few hours ago, computer security researcher Nicholas Weaver published some analysis about bitcoins he says came from Ross Ulbricht’s accounts. If the government has done a similar analysis—and there’s no reason to think they couldn’t—it will be one more obstacle for Ulbricht’s defense team.
Last week, the outlines of Ulbricht’s defense became clear. Ulbricht’s lawyer Joshua Dratel admitted that his client founded Silk Road, but said Ulbricht walked away from the site only to be “lured back.” During opening statements, the defense attorney acknowledged that Ulbricht, who had 144,000 bitcoins on his computer seized by the feds, made money from Bitcoin. Dratel said this was, at least in part, from being a successful trader in the digital crypto-currency.
Read 12 remaining paragraphs | Comments
Just as quickly as the Silk Road’s defense created an alternate theory that the massive drug market was run by Mt. Gox CEO Mark Karpeles, the prosecution and judge in the case have now shoved key elements of the story back into the closet.
The post Silk Road Judge ‘Eviscerates’ Defense’s Evidence That Mt. Gox CEO Was a Suspect appeared first on WIRED.
Official releases for the League of Legends and Path of Exile online games were found laced with a nasty trojan after attackers compromised an Internet platform provider that distributed them to users in Asia.
The compromise of consumer Internet platform Garena allowed the attackers to attach malicious software components to the official installation files for the two games, according to a blog post published Monday by antivirus provider Trend Micro. In addition to the legitimate game launcher, the compromised executable file also included a dropper that installed a remote access tool known as PlugX and a cleaner file that overwrote the infected file after it ran.
According to Trend Micro, the attackers took care to conceal their malware campaign, an effort that may have made it hard for victims to know they were infected. The cleaner file most likely was included to remove evidence that would tip users off to a compromise or the origin of the attack. The cryptographic hash that was included with the tampered game files was valid, so even people who took care to verify the authenticity of the game installer would have no reason to think it was malicious, Trend Micro researchers said. The researchers linked to this December 31 post from Garena. Translated into English, one passage stated: “computers and patch servers were infected with trojans. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected.”
Read 2 remaining paragraphs | Comments
Hacking group Lizard Squad has been hit by an embarrassing attack that exposed the entire database of people who signed up to use its services.
The Information Commissioner’s Office warns online shoe retailer Office to take better care of customer data, following a breach.
A leaked database from a hacked denial-of-service site has provided some insight into what sorts of targets individuals will pay to knock offline for a few dollars or bitcoin. And it’s safe to say that a significant percentage of them are not the brightest stars in the sky. To get an idea of who would use such a service and for what purposes, Ars analyzed the data from a recently hacked DDoS for hire site: LizardSquad’s LizardStresser.
“Booter” or “stresser” sites offer users the ability to pay for distributed denial of service attacks against a target, and these sites promise to try to disguise the nature of the attack with the fig leaf of being legitimate load testing sites. That wasn’t so much the case with LizardStresser, the botnet-for-hire set up by the distributed denial of service crew known as LizardSquad. The group used its Christmas week DDoS attacks on Microsoft’s Xbox Live network and Sony’s Playstation Network as a form of advertising for the new service.
Since then, attacks on gamers have made up a significant percentage of the LizardStresser’s workload. While more than half of the attacks launched by customers of the service have been against Web servers, a significant portion have targeted individuals or small community gaming servers—including Minecraft servers.
Read 12 remaining paragraphs | Comments
US Central Command’s Twitter and YouTube accounts are suspended after being hacked by a group claiming to be supporters of Islamic State.
A new version of Silk Road has appeared on the darkweb, but it doesn’t rely on Tor or Bitcoin. Silk Road Reloaded uses the little-known I2P anonymity network and accepts a range of cryptocurrencies including the meme-inspired Dogecoin.
The site, which has no relation to the two previous versions of Silk Road, is one of a series of copycat marketplaces trying to tap into the lucrative online trade in drugs and other illegal items. Silk Road Reloaded has been in development for a year and can only be accessed using the I2P anonymity software.
I2P, which has been around since 2003, works in a similar way to the more widely used Tor network and hides what people are looking at online. Unlike conventional websites, all I2P sites ends in .i2p. A “clearnet” version of Silk Road Reloaded can also be accessed from normal browsers.
Read 4 remaining paragraphs | Comments
The man accused of running the Silk Road, the Internet’s biggest drug market, is about to get his day in court. Prosecutors and defense lawyers are already poring over juror questionnaires, and a panel of New York citizens will be selected on Tuesday.
There still isn’t much that’s been made public about how the trial will proceed. Whatever happens, the trial, expected to last at least four weeks, is sure to reveal more about the dark corners of the so-called “Darknet” and the authorities’ efforts to master it.
Ross Ulbricht, the 30-year-old Texan who prosecutors say was the mastermind of the drug trafficking website, has remained steadfast in his innocence since his arrest more than a year ago. Barring a last-minute deal, his fate will soon be in the hands of a jury. If convicted, he faces decades in prison.
Read 28 remaining paragraphs | Comments
Major Bitcoin exchange Bitstamp reopened its virtual doors late Friday, four days after it suspended services because of an online theft of 19,000 bitcoins valued at more than $5 million.
Bitstamp, the second largest Bitcoin exchange for US dollars, moved its system to Amazon’s cloud services and added additional security features to make compromises more difficult, Bitstamp’s CEO Nejc Kodrič said in a statement on the company’s website.
“By redeploying our system from a secure backup onto entirely new hardware, we were able to preserve the evidence for a full forensic investigation of the crime,” he said. “While this decision means we have not been able to provide you with services for a number of days, we feel this extra measure of precaution was in the best interest of our customers.”
Read 6 remaining paragraphs | Comments
Microsoft and Chinese online commerce giant Alibaba have signed a memorandum of understanding that will see the Chinese firm take measures to help protect Microsoft’s intellectual property in its online stores.
Microsoft has long struggled with software piracy in China, with then-CEO Steve Ballmer saying in 2011 that the company was missing something like 95 percent of potential revenue due to lax protection of intellectual property rights.
With the new agreement in place, Alibaba will remove counterfeit and unlicensed software from its eBay-like Taobao marketplace and its Tmall B2C site. The two companies will also work together to tell consumers that counterfeit software poses risks to their security and privacy, with Alibaba also helping the unwitting buyers of unlicensed software seek compensation from sellers. A Microsoft-sponsored study claimed that some 85 percent of PCs sold with pirated software in China were infected with malware.
Read 1 remaining paragraphs | Comments
The miscreants taking credit for knocking image board site 8chan offline, and earlier for taking down Sony’s and Microsoft’s gaming networks, operates an attack platform powered mostly by thousands of hacked home Internet routers, according to a published report.
The revelation, in an article posted Friday by KrebsOnSecurity, is the latest evidence documenting a big uptick in the hacking of Internet routers. Over the past 18 months, researchers have uncovered several other large-scale attacks on routing devices, including those made by Asus, Linksys, and many other manufacturers. Routers are often ripe targets because users fail to change default passwords, and the devices often contain security vulnerabilities that can easily be exploited by attackers halfway around the globe.
Those compromising routers for financial gain appear to be members of the Lizard Squad, a group that operates an online attack service that promises to take down any site a paying customer has requested. KrebsOnSecurity namesake Brian Krebs cited security researchers assisting law enforcement officials investigating the group. The researchers asked to remain anonymous. According to Krebs, the for-hire denial-of-service service is powered by a network of compromised devices that mostly include home routers from around the world that are protected by little more than default usernames and passwords. Krebs wrote:
Read 1 remaining paragraphs | Comments
The firm says it was a “canary in the coalmine” after being hacked and was reacting to the situation as it unfolded.
If the FBI’s revelations on Wednesday about the sloppiness of North Korea’s hackers was meant to silence critics who doubt the government’s attribution for what happened to Sony, it failed. Despite assertions from FBI Director James Comey that he has very high confidence in the attribution to North Korea and a statement by Director of […]
The post Critics Say New Evidence Linking North Korea to the Sony Hack Is Still Flimsy appeared first on WIRED.
Ukraine points the finger at Russia for German hack attack but do they have any evidence for the claims?
The attack marks only the second confirmed incident in which a wholly digital hack created physical destruction of equipment.
The post A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever appeared first on WIRED.
In a speech at the International Conference on Cyber Security (ICCS) today in New York, FBI Director James Comey reiterated the bureau’s confidence that North Korea was involved in the cyber attack on Sony Pictures Entertainment. “There’s not much I have high confidence about,” Comey said, as reported by the FBI New York field office’s official Twitter feed. “I have very high confidence… on North Korea.” And he downplayed suggestions by outsiders that others might be responsible, saying that critics “don’t have the facts that I have, they don’t see what I see.”
In a separate speech today at the ICCS, Director of National Intelligence James Clapper said that the attack on Sony demonstrated a new type of threat posed by North Korea. During a meeting last year with a North Korean general to negotiate the release of two American prisoners in North Korea, Clapper said that the general told him the regime is “deadly serious” about perceived insults by the US to its “supreme leader” and that North Koreans feel that the US has put their country under siege.
While the Sony attackers had largely concealed their identity by using proxy servers, Comey said that on several occasions they “got sloppy” and connected directly, revealing their own IP address. It was those slip-ups, he said, that provided evidence linking North Korea to the attack on Sony’s network. Comey also said that analysts at the FBI found the patterns of writing and other identifying data from the attack matched previous attacks attributed to North Korea. Additionally, there was other evidence, Comey said, that he could not share publicly.
Read 3 remaining paragraphs | Comments