Wednesday, June 13, 2012
#Twitter #Facebook Tracked:Online Privacy - Home Office to write blank cheque for 'snoopers' charter'
Internet and phone companies will be forced to track email, Twitter, Facebook and other online data under new legislation.
Twitter and Facebook interaction is being targeted by new government legislation to give police and security services greater access to data. Photograph: Jonathan Hordle/Rex Features
The government is to offer a blank cheque to internet and phone firms that will be required to track everyone's email, Twitter, Facebook and other internet use under legislation to be published on Thursday.
Ministers did not put a figure on the cost of the new scheme but said it would be far less than the £2bn price tag estimated when Labour put forward a web-tracking scheme based on a central Home Office database in 2006.
The Liberal Democrats are expected to scale back their criticism of the legislation, which is to be published in draft form on Thursday, after Nick Clegg's intervention secured a series of safeguards, including a scrutiny inquiry by MPs and peers that will report by the end of November.
But the measure is expected to continue to attract fierce criticism from libertarian Conservatives, led by the former shadow home secretary David Davis, who this week attacked it again, calling it "expensive, unnecessary and a huge invasion of everyone's privacy".
An online petition run by the campaign group 38 degrees has already attracted more than 163,000 signatures under the slogan: "Our civil liberties have taken a battering in recent years from politicians of all backgrounds. Now it's time to for us to push back."
Brake said there was no objection in principle to extending the capability of the police and security services to access communications data from emails, texts and mobile phones to Twitter, Facebook and other new forms of social media. But the party wanted assurances that it was technically possible to access the "who sent what to whom, when and where" traffic data without accessing content – a point about which there is much debate.
He said he also wanted to know what proportion of the 500,000 requests for communications data already made each year successfully contributed to investigations and whether it was possible to reduce the volume.
The safeguards secured by Clegg include the joint scrutiny committee of MPs and peers, who will hear expert evidence, including that from the Home Office, and examine all aspects to ensure the measure is not "rammed through parliament". It has already been quietly agreed that the committee should report by the end of November, implying a timetable that could see the measure on the statute book within 12 months.
It is also expected that inquiries into the bill will be mounted by parliament's intelligence and security and home affairs committees before it emerges in its final form.
Other safeguards to be detailed in the draft bill are a "case-by-case" oversight by the interception of the communications surveillance commissioner, the publication of a privacy impact statement, and powers for the information commissioner to ensure the stored data is kept secure then destroyed when the 12-month retention period expires.
Individuals who feel they have been subject to unlawful tracking will be able to complain to a panel of senior judges in the investigatory powers tribunal.
It will also remain the case that the police and security services will not be allowed to access the content of emails, texts, mobile calls and other confidential web use, without a warrant signed by the home secretary.
The communications data police and others may seek about an individual includes email addresses and phone numbers of people who have been in contact, when this happened, and where, the details giving the police records of suspects' associates and activities.
Internet and phone companies are already required to give the police and security services access to the communications data they retain for their own billing and business purposes. But the Home Office states that the rapidly changing nature of the net, including the widespread use of social media that is not billed item by item, means that this power is no longer sufficient for tracking the activities of criminals online.
Officials say that 25% of requests for communications data by the police and security agencies can no longer be met.
The legislation to be published today will break new legal ground in requiring internet and phone companies to collect this new communications data and not just pass on data they already retain.
http://www.guardian.co.uk/world/2012/jun/13/online-privacy-legislation-internet-phone-data?CMP=twt_gu
Tuesday, June 12, 2012
SOPA Opponents Release Digital Bill Of Rights.
Two leading opponents of SOPA are taking their fight for Internet freedoms to a whole new level. This time a team of bi-partisan lawmakers are offering a Digital Bill of Rights to help ensure that Americans continue to have an open Internet.
“I believe that individuals possess certain fundamental rights,” Congressman Darrell Issa (R-CA) writes on his website this week. “Government should exist to protect those rights against those who would violate them. That is the revolutionary principle at the heart of the American Declaration of Independence and US Constitution. No one should trample our right to life, liberty and the pursuit of happiness. That's why the Bill of Rights is an American citizen's first line of defense against all forms of tyranny.”
Rep. Issa’s proposal has been drafted along with the help of Senator Ron Wyden (D-OR), who together have taken on the issue of Internet rights on Capitol Hill countless times, particularly in recent months when they championed an effort to abolish the Stop Online Piracy Act , or SOPA. While the two lawmakers are split on some issues, such as the Cyber Intelligence Sharing and Protection Act (CISPA) currently being considered in Washington, they both agree that the Internet rights of Americans needs to be protected during a day and age when lawmakers — especially those that are misinformed — are fighting for online regulations that could essentially eliminate freedom on the Web.
"Government is flying blind, interfering and regulating without understanding even the basics," Rep. Issa explains on his site. “We have a rare opportunity to give government marching orders on how to treat the Internet, those who use it and the innovation it supports."
Along with Wyden, Issua has done exactly that by publishing the just-penned Digital Bill of Rights. And like many historic American documents, the two lawmakers are looking for help in drafting a completed version of their proposal. “I need your help to get this right,” writes Issa, “so I published it here in Madison for everyone to comment, criticize and collaborate. I look forward to hearing from you and continuing to work together to keep the web open.”
Speaking from New York City on Monday, Sen. Wyden said that Congress indeed someday crumble the Web as we know it and called for "changing power in Washington, DC." In an unusual example of a bi-partisan project getting off the ground quickly, their call for chance is already being widely circulated on the Web:
The Digital Bill of Rights:
1) The right to a free and uncensored Internet.
2) The right to an open, unobstructed Internet.
3) The right to equality on the Internet.
4) The right to gather and participate in online activities.
5) The right to create and collaborate on the Internet.
6) The right to freely share their ideas.
7) The right to access the Internet equally, regardless of who they are or where they are
8) The right to freely associate on the Internet
9) The right to privacy on the Internet
10) The right to benefit from what they create
http://rt.com/usa/news/digital-bill-internet-right-667/
“I believe that individuals possess certain fundamental rights,” Congressman Darrell Issa (R-CA) writes on his website this week. “Government should exist to protect those rights against those who would violate them. That is the revolutionary principle at the heart of the American Declaration of Independence and US Constitution. No one should trample our right to life, liberty and the pursuit of happiness. That's why the Bill of Rights is an American citizen's first line of defense against all forms of tyranny.”
Rep. Issa’s proposal has been drafted along with the help of Senator Ron Wyden (D-OR), who together have taken on the issue of Internet rights on Capitol Hill countless times, particularly in recent months when they championed an effort to abolish the Stop Online Piracy Act , or SOPA. While the two lawmakers are split on some issues, such as the Cyber Intelligence Sharing and Protection Act (CISPA) currently being considered in Washington, they both agree that the Internet rights of Americans needs to be protected during a day and age when lawmakers — especially those that are misinformed — are fighting for online regulations that could essentially eliminate freedom on the Web.
"Government is flying blind, interfering and regulating without understanding even the basics," Rep. Issa explains on his site. “We have a rare opportunity to give government marching orders on how to treat the Internet, those who use it and the innovation it supports."
Along with Wyden, Issua has done exactly that by publishing the just-penned Digital Bill of Rights. And like many historic American documents, the two lawmakers are looking for help in drafting a completed version of their proposal. “I need your help to get this right,” writes Issa, “so I published it here in Madison for everyone to comment, criticize and collaborate. I look forward to hearing from you and continuing to work together to keep the web open.”
Speaking from New York City on Monday, Sen. Wyden said that Congress indeed someday crumble the Web as we know it and called for "changing power in Washington, DC." In an unusual example of a bi-partisan project getting off the ground quickly, their call for chance is already being widely circulated on the Web:
The Digital Bill of Rights:
1) The right to a free and uncensored Internet.
2) The right to an open, unobstructed Internet.
3) The right to equality on the Internet.
4) The right to gather and participate in online activities.
5) The right to create and collaborate on the Internet.
6) The right to freely share their ideas.
7) The right to access the Internet equally, regardless of who they are or where they are
8) The right to freely associate on the Internet
9) The right to privacy on the Internet
10) The right to benefit from what they create
http://rt.com/usa/news/digital-bill-internet-right-667/
Wednesday, June 6, 2012
Obama Surveillance:Thousands of secret court orders allow government to spy on Americans
The Electronic Communications Privacy Act of 1986 has created a culture of complete secrecy. According to a recent study, it was revealed that a federal docket which handles thousands of secret cases has allowed mass electronic surveillance. The online activity, cell phone records and information stored on a person's computer is all fair game and now privacy groups are pushing for this law to be updated. Kade Crockford, privacy rights coordinator for ACLU, joins us with more.
Like us and/or follow us:http://twitter.com/RT_America
http://www.facebook.com/RTAmerica
Like us and/or follow us:http://twitter.com/RT_America
http://www.facebook.com/RTAmerica
Monday, June 4, 2012
" Flame " Malware was Signed By Rogue Microsoft Certificate.
Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.
The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificate—an extremely sensitive cryptographic seal. Rogue intermediate certificate authorities that contained the stamp were then able to trick administrators and end users into trusting various Flame components by falsely certifying they were produced by Microsoft.
"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," Microsoft Security Response Center Senior Director Mike Reavey wrote in a blog post published Sunday night. "We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft."
The exploit, which abused a series of intermediate authorities that were ultimately signed by Microsoft's root authority, is the latest coup for Flame, a highly sophisticated piece of espionage malware that came to light last Monday. Flame's 20-megabyte size, it's extensive menu of sophisticated spying capabilities, and its focus on computers in Iran have led researchers from Kaspersky Lab, Symantec, and other security firms to conclude it was sponsored by a wealthy nation-state. Microsoft's disclosure follows Friday's revelation that the George W. Bush and Obama administrations developed and deployed Stuxnet, the highly advanced software used to set back the Iranian nuclear program by sabotaging uranium centrifuges at Iran's Natanz refining facility.
The emergency update released by Microsoft blacklists three intermediate certificate authorities tied to Microsoft's root authority. All versions of Windows that have not applied the new patch can be tricked by the Flame attackers into displaying cryptographically generated assurances that the malicious wares were produced by Microsoft.
Microsoft engineers have also stopped issuing certificates that can be used for code signing with the Terminal Services activation and licensing process. The ability of the licensing mechanism to sign untrusted code that linked Microsoft's root authority is a mistake of breathtaking proportions. None of Microsoft's Sunday night blog posts explained why such design was ever allowed to be put in place. A description of the Terminal Services License Server Activation refers to a "limited-use digital certificate that validates server ownership and identity." Based on Microsoft's description of the attack, it would appear the capabilities of these certificates weren't as limited as company engineers had intended.
"This is a pretty big goof," Marsh Ray, a software developer two-factor authentication company PhoneFactor, told Ars. "I don't think anyone realized that this enabled the sub CA that was present on the licensing server to have the full authority of the trusted root CA itself."
Microsoft's mention of an older cryptography algorithm that could be exploited and used to sign code as if it originated from Microsoft evoked memories of an attack from 2008 to mint a rogue certificate authority that could be trusted by all major browsers. The attack in part relied on weaknesses in the MD5 cryptographic hash function that made it susceptible to "collisions," in which two or more different plaintext messages generated the same cryptographic hash. By unleashing 200 PlayStation 3 game consoles to essentially find a collision, the attackers could become a certificate authority that could spawn SSL (secure sockets layer) credentials trusted by major browsers and operating systems.
Based on the language in Microsoft's blog posts, it's impossible to rule out the possibility that at least one of the certificates revoked in the update was also created using MD5 weaknesses. Indeed, two of the underlying credentials used MD5, while the third used the more advanced SHA-1 algorithm. In a Frequently Asked Questions section of Microsoft Security Advisory (2718704), Microsoft's security team also said: "During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers." The advisory didn't elaborate.
It's also unclear if those with control of one of the rogue Microsoft certificates could sign Windows software updates. Such a feat would allow attackers with control over a victim network to hijack Microsoft's update mechanism by using the credentials to pass off their malicious wares as official patches. Microsoft representatives didn't respond to an e-mail seeking comment on that possibility. This article will be updated if an answer arrives later.
Two of the rogue certificates were chained to a Microsoft Enforced Licensing Intermediate PCA. A third was chained to a Microsoft Enforced Licensing Registration Authority CA, and ultimately to the company's root authority. In addition to potential exploits from the actors behind Flame, unrelated attackers could also use the certificates to apply Microsoft's signature to malicious pieces of software.
A third Microsoft advisory pointed out that Flame so far has been found only on the machines of highly targeted victims, so the "vast majority of customers are not at risk."
"That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks," Jonathan Ness, of Microsoft's Security Response Center, continued. "Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers."
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificate—an extremely sensitive cryptographic seal. Rogue intermediate certificate authorities that contained the stamp were then able to trick administrators and end users into trusting various Flame components by falsely certifying they were produced by Microsoft.
"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," Microsoft Security Response Center Senior Director Mike Reavey wrote in a blog post published Sunday night. "We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft."
The exploit, which abused a series of intermediate authorities that were ultimately signed by Microsoft's root authority, is the latest coup for Flame, a highly sophisticated piece of espionage malware that came to light last Monday. Flame's 20-megabyte size, it's extensive menu of sophisticated spying capabilities, and its focus on computers in Iran have led researchers from Kaspersky Lab, Symantec, and other security firms to conclude it was sponsored by a wealthy nation-state. Microsoft's disclosure follows Friday's revelation that the George W. Bush and Obama administrations developed and deployed Stuxnet, the highly advanced software used to set back the Iranian nuclear program by sabotaging uranium centrifuges at Iran's Natanz refining facility.
The emergency update released by Microsoft blacklists three intermediate certificate authorities tied to Microsoft's root authority. All versions of Windows that have not applied the new patch can be tricked by the Flame attackers into displaying cryptographically generated assurances that the malicious wares were produced by Microsoft.
Microsoft engineers have also stopped issuing certificates that can be used for code signing with the Terminal Services activation and licensing process. The ability of the licensing mechanism to sign untrusted code that linked Microsoft's root authority is a mistake of breathtaking proportions. None of Microsoft's Sunday night blog posts explained why such design was ever allowed to be put in place. A description of the Terminal Services License Server Activation refers to a "limited-use digital certificate that validates server ownership and identity." Based on Microsoft's description of the attack, it would appear the capabilities of these certificates weren't as limited as company engineers had intended.
"This is a pretty big goof," Marsh Ray, a software developer two-factor authentication company PhoneFactor, told Ars. "I don't think anyone realized that this enabled the sub CA that was present on the licensing server to have the full authority of the trusted root CA itself."
Microsoft's mention of an older cryptography algorithm that could be exploited and used to sign code as if it originated from Microsoft evoked memories of an attack from 2008 to mint a rogue certificate authority that could be trusted by all major browsers. The attack in part relied on weaknesses in the MD5 cryptographic hash function that made it susceptible to "collisions," in which two or more different plaintext messages generated the same cryptographic hash. By unleashing 200 PlayStation 3 game consoles to essentially find a collision, the attackers could become a certificate authority that could spawn SSL (secure sockets layer) credentials trusted by major browsers and operating systems.
Based on the language in Microsoft's blog posts, it's impossible to rule out the possibility that at least one of the certificates revoked in the update was also created using MD5 weaknesses. Indeed, two of the underlying credentials used MD5, while the third used the more advanced SHA-1 algorithm. In a Frequently Asked Questions section of Microsoft Security Advisory (2718704), Microsoft's security team also said: "During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers." The advisory didn't elaborate.
It's also unclear if those with control of one of the rogue Microsoft certificates could sign Windows software updates. Such a feat would allow attackers with control over a victim network to hijack Microsoft's update mechanism by using the credentials to pass off their malicious wares as official patches. Microsoft representatives didn't respond to an e-mail seeking comment on that possibility. This article will be updated if an answer arrives later.
Two of the rogue certificates were chained to a Microsoft Enforced Licensing Intermediate PCA. A third was chained to a Microsoft Enforced Licensing Registration Authority CA, and ultimately to the company's root authority. In addition to potential exploits from the actors behind Flame, unrelated attackers could also use the certificates to apply Microsoft's signature to malicious pieces of software.
A third Microsoft advisory pointed out that Flame so far has been found only on the machines of highly targeted victims, so the "vast majority of customers are not at risk."
"That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks," Jonathan Ness, of Microsoft's Security Response Center, continued. "Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers."
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/
Stuxnet Flame And War By Other Means.
I was one of the first to report about the source of the Stuxnet computer virus in The American Conservative magazine back in December 2010. It was created in an Israeli laboratory at its Dimona nuclear facility. The New York Times picked up the story over a year later. We have now learned, from a deliberate leak, that the US National Security Agency and Department of Energy helped the Israelis to develop the virus and that an infected component was placed in the Iranian computer network with the assistance of the CIA (apparently using an agent affiliated with the Mujaheddin e Khalq supplied by the Israelis).
The timing of the leak of the story by the White House is, of course, interesting. It clearly is intended to burnish President Obama’s national security credentials, demonstrating that the White House is wisely covertly waging war against Iran to avoid a shooting war. At least that is the spin. But Obama is nevertheless waging war, which the Iranians have already noted, and which will make any agreement on their nuclear program impossible. So rather than mitigating what Washington and Tel Aviv are describing as the serious problem posed by possible Iranian ambitions, it has only made the issue insoluble without an actual armed conflict. So much for war by proxy.
But the more disturbing aspect of the story is the apparent enthusiasm by the White House to engage in de facto warfare as long as there are no boots on the ground and Americans being killed. The decision to go after Iran by computer virus was apparently made by President Bush but became effective shortly after Obama took office.
Cyberwarfare, which is now a reality rather than just a Pentagon money pit, is in a league with drones. They both make it possible to attack another country without the type of disagreeable consequences that normally, in the past, eventually brought about an end to the fighting. Perpetual warfare by other means is now an aspect of governance for the United States. And both Stuxnet and drones are a contagion.
The virus is not containable and has already been cloned by hackers while drone technology is becoming cheaper and will no doubt be the no-war no-peace option for many countries with unstable borders. Both the virus and the drone technology will, and have already, spilled over into the United States. Drones have increased the government’s ability to surveil the public everywhere all the time and we have just learned of yet a new official lab created virus called Flame, which has also migrated to personal and business computers.
http://www.theamericanconservative.com/stuxnet-flame-and-war-by-other-means/
The timing of the leak of the story by the White House is, of course, interesting. It clearly is intended to burnish President Obama’s national security credentials, demonstrating that the White House is wisely covertly waging war against Iran to avoid a shooting war. At least that is the spin. But Obama is nevertheless waging war, which the Iranians have already noted, and which will make any agreement on their nuclear program impossible. So rather than mitigating what Washington and Tel Aviv are describing as the serious problem posed by possible Iranian ambitions, it has only made the issue insoluble without an actual armed conflict. So much for war by proxy.
But the more disturbing aspect of the story is the apparent enthusiasm by the White House to engage in de facto warfare as long as there are no boots on the ground and Americans being killed. The decision to go after Iran by computer virus was apparently made by President Bush but became effective shortly after Obama took office.
Cyberwarfare, which is now a reality rather than just a Pentagon money pit, is in a league with drones. They both make it possible to attack another country without the type of disagreeable consequences that normally, in the past, eventually brought about an end to the fighting. Perpetual warfare by other means is now an aspect of governance for the United States. And both Stuxnet and drones are a contagion.
The virus is not containable and has already been cloned by hackers while drone technology is becoming cheaper and will no doubt be the no-war no-peace option for many countries with unstable borders. Both the virus and the drone technology will, and have already, spilled over into the United States. Drones have increased the government’s ability to surveil the public everywhere all the time and we have just learned of yet a new official lab created virus called Flame, which has also migrated to personal and business computers.
http://www.theamericanconservative.com/stuxnet-flame-and-war-by-other-means/
Sunday, June 3, 2012
Flame Attack : Details Emerging Slowly.
More details about the Flame malware are emerging as security analysts study the infection.
The latest numbers from Kaspersky Lab researcher suggest around 1,000 Windows PCs have been infected, the vast majority of which are in the Middle East. The security company reported 189 infections in Iran, 98 in Israel/Palestine and 32 in Sudan identified so far. Infections have been discovered in a wide range of sectors, including academia, private companies, and government.
Researchers have confirmed that Flame, Flamer and Skywiper are all the same thing, after some initial confusion as it was given three different names by different research groups.
The malware is best described as a cyber-espionage toolkit, and is written partly in the Lua scripting language with compiled C++ code linked in, with five different encryption methods and a SQLite database to store structured information. The malware is controlled by a network of command and control servers, and data was regularly sent from compromised PCs to C&C servers through a covert SSL channel.
While many initial reports hyped up the complexity of the malware, closer analysis of Flame suggests that the tools it uses are not that complex, but rather the ways the whole package works together is the most sophisticated aspect of its design.
Justin Doo, security practice director for MENA region, Symantec, told ITP.net the day after the malware emerged that Flame gives who ever is controlling the malware a range of different tools.
"It is particularly sophisticated in terms of the capabilities it has. Depending on who is controlling the malware depends on its behaviour. In one instance it may record voice, through the microphone, and in another instance it may be a Trojan so it looks like an application but it is doing something completely different," he said.
Flame is able to steal documents, take screenshots of users' desktops, spread via USB drives, disable security vendor products, turn on PC microphones, turn on Bluetooth and search for nearby Bluetooth devices and intercept network traffic. It has also been discovered that Flame can record Skype conversations.
The malware is also able to identify which anti-virus software, if any, is in use on its host machine, and modifies behaviour to avoid detection.
http://www.itp.net/589284-flame-attack-details-emerging-slowly
More details about the Flame malware are emerging as security analysts study the infection.
The latest numbers from Kaspersky Lab researcher suggest around 1,000 Windows PCs have been infected, the vast majority of which are in the Middle East. The security company reported 189 infections in Iran, 98 in Israel/Palestine and 32 in Sudan identified so far. Infections have been discovered in a wide range of sectors, including academia, private companies, and government.
Researchers have confirmed that Flame, Flamer and Skywiper are all the same thing, after some initial confusion as it was given three different names by different research groups.
The malware is best described as a cyber-espionage toolkit, and is written partly in the Lua scripting language with compiled C++ code linked in, with five different encryption methods and a SQLite database to store structured information. The malware is controlled by a network of command and control servers, and data was regularly sent from compromised PCs to C&C servers through a covert SSL channel.
While many initial reports hyped up the complexity of the malware, closer analysis of Flame suggests that the tools it uses are not that complex, but rather the ways the whole package works together is the most sophisticated aspect of its design.
Justin Doo, security practice director for MENA region, Symantec, told ITP.net the day after the malware emerged that Flame gives who ever is controlling the malware a range of different tools.
"It is particularly sophisticated in terms of the capabilities it has. Depending on who is controlling the malware depends on its behaviour. In one instance it may record voice, through the microphone, and in another instance it may be a Trojan so it looks like an application but it is doing something completely different," he said.
Flame is able to steal documents, take screenshots of users' desktops, spread via USB drives, disable security vendor products, turn on PC microphones, turn on Bluetooth and search for nearby Bluetooth devices and intercept network traffic. It has also been discovered that Flame can record Skype conversations.
The malware is also able to identify which anti-virus software, if any, is in use on its host machine, and modifies behaviour to avoid detection.
http://www.itp.net/589284-flame-attack-details-emerging-slowly
Subscribe to:
Posts (Atom)