OpenStack 04/20/2017 (a.m.)

• Google Caves to Russian Federal Antimonopoly Service, Agrees to Pay Fine - nsnbc international | nsnbc international

  Tags: Google, antitrust, Russia, EU, Android, apps

  • Google ultimately caved to Russia’s Federal Antimonopoly Service, agreeing to pay $7.8 million (438 million rubles) for violating antitrust laws. The corporate Colossus will also pay two other fines totaling an additional $18,000 (1 million rubles) for failing to comply with past orders issued by state regulators. Last year Google caved to similar demands by the European Union.

  • In August 2016 Russia’s Federal Antimonopoly Service responded to a complaint by Russian search engine operator Yandex and fined the U.S.-based Google 438 million rubles for abusing its dominant market position to force manufacturers to make Google applications the default services on devices using Android.

    Regulators set the fine at 9 percent of Google’s reported profits on the Russian market in 2014, plus inflation. Similar to the case against the European Union Google challenged the penalty in several appellate courts before finally agreeing this week to meet the government’s demands.

    The corporation also agreed to stop requiring manufacturers to install Google services as the default applications on Android-powered devices. The agreement is valid for six years and nine months, Russia’s Antimonopoly Service reported.

    Last year Google, after a protracted battle, caved to similar antitrust regulations by the European Union, but the internet giant has also come under fire elsewhere. In 2015 Australian treasurer Joe Hockey implied Google in his list of corporate tax thieves. In January 2016 British lawmakers decided to fry Google over tax evasion. Google and taxes were compared to the Bermuda Triangle.

    One year ago the dispute between the European Union’s competition watchdog and Google, culminated in the European Commission formally charging Google with abusing the dominant position of its Android mobile phone operating system, having launched an investigation in April 2015.

Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 04/18/2017 (a.m.)

• WikiLeaks just dropped the CIA’s secret how-to for infecting Windows | Ars Technica

  Tags: surveillance state, CIA, hacking-tools, Windows, Wikileaks, Vault7

  • WikiLeaks has published what it says is another batch of secret hacking manuals belonging to the US Central Intelligence Agency as part of its Vault7 series of leaks. The site is billing Vault7 as the largest publication of intelligence documents ever.

    Friday's installment includes 27 documents related to "Grasshopper," the codename for a set of software tools used to build customized malware for Windows-based computers. The Grasshopper framework provides building blocks that can be combined in unique ways to suit the requirements of a given surveillance or intelligence operation. The documents are likely to be of interest to potential CIA targets looking for signatures and other signs indicating their Windows systems were hacked. The leak will also prove useful to competing malware developers who want to learn new techniques and best practices.

    "Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating system," one user guide explained. "An operator uses the Grasshopper builder to construct a custom installation executable."

• 'Shadow Brokers' give away more NSA hacking tools

  Tags: surveillance state, NSA, Shadow-Brokers, hacking-tools, leaks

  • The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.

    If anything, the leak might backfire. Edward Snowden notes that while the leak is "nowhere near" representing the NSA's complete tool set, there's enough that the NSA should "instantly identify" where and how the kit leaked. This doesn't mean the Shadow Brokers themselves are about to face capture. However, this may give the agency info it needs to both connect the dots (how much of a role did NSA contractor Harold Thomas Martin III play in the online leak, for instance?) and prevent a repeat incident.

    Does this open a can of worms? It's hard to say -- researchers are still combing over the data. If there are any hacks that can be made useful, though, this could be problematic for server operators worried about cybercrime. If nothing else, it shows that the Shadow Brokers didn't reveal their full hand.

Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 04/12/2017 (a.m.)

• MoA - The Khan Sheikoun Show - A New President Proudly Presented By Trump Productions

  Tags: war & peace, surveillance state, NSA, hacking-tools, Trump, Syria-attack-retaliation

  • Shadowbrokers, who got hands on the NSA's top hacking tool, is a original Trump fan and voter and pissed that Trump is turning to the neocons and away from Steve Bannon:
    Recommended (if only for style)
    https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1

    In protest he is releasing the NSA's arsenal:
    https://github.com/x0rz/EQGRP
    The password for the EQGRP-Auction-Files is CrDj”(;Va.*NdlnzB9M?@K2)#>deB7mN

    Edward Snowden tweeted just now:
    https://twitter.com/Snowden/status/850766326943690752

    "NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it."

• Symantec: CIA Linked To Cyberattacks In 16 Countries

  Tags: cyberwar, CIA, leaked-malware, Wikileaks, Vault7

  • Internet and computer security company Symantec has issued a statement today related to the Vault 7 WikiLeaks documents leaked from the CIA, saying that the methods and protocols described in the documents are consistent with cyberattacks they’d been tracking for years.

    Symantec says they now believe that the CIA hacking tool Fluxwire is a malware that had been known as Corentry, which Symantec had previously attributed to an unknown cyberespionage group called Longhorn, which apparently was the CIA.

    They described Longhorn as having been active since at least 2011, and responsible for attacks in at least 16 countries across the world, targeting governments and NGOs, as well as financial, energy, and natural resource companies, things that would generally be of interest to a nation-state.

  • While the WikiLeaks themselves have been comparatively short on details, as WikiLeaks continues to share specific vulnerabilities with companies so they can fix them before the details are leaked to the general public, the ability of security companies like Symantec to link the CIA to known hacking operations could prove to be even more enlightening as to the scope of CIA cyber-espionage the world over.

Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 04/11/2017 (p.m.)

• Race to Introduce Fascist Internet Regulations in Russia Continues - Now under the Banner of Child Protection - nsnbc international | nsnbc international

  Tags: Russia, internet, censorship, anonymity

  • Russian lawmaker Vitaly Milonov, on Monday, proposed a bill aimed to ban children under the age of 14 from social media. Although the bill is touted under the banner of child protection, it also aims to introduce the mandatory submission of passport data. In January Russia introduced semi-fascist regulations to severely curb the rights of bloggers and independent media.

  • Vitaly Milnov, generally known for being ultra-conservative, introduced the controversial bill on Monday. Touting the bill under the banner of wanting to protect children and limit their access to social media the bill has far deeper implications. Parents could very well self-regulate their children’s access to social media.

    The bill, however, implies that it would become mandatory for social media users to submit their passport data. Moreover, the bill also proposes that the use of pseudonyms will be banned. The proposed legislation also aims to introducing strict rules, requiring two-party consent before the publication of screenshots of online correspondence.

    The bill reads, among others: “Social networks create a special virtual world where a person spends significant part of their life, contacting other people and essentially doing everything that they would do in real world. This world can’t be left unregulated by law. Especially now, when growing number of users are falling victim to different types of fraud.”

    Even though Milonov is generally viewed as ultra-conservative, there are about 62 percent of Russians who according to polls support the ban of social networks for children while 39 percent supported using passport data to create an online account, a poll by the state-funded pollster VTsIOM revealed Monday.

  • Social media has come under intense scrutiny in Russia in recent months. Disturbingly, there are very few Russians who have received independent information about the not so overtly advertised implications of this scrutiny, of the proposed bill, and of plans to create a “Russian internet” to filter “unwanted foreign content. Russia also cracks down on independent bloggers and journalists.

    On January 1, 2016 the Russian Federation implemented amendments to laws that further censor the internet and potentially independent media. These laws are being sold under the guise of empowering internet users and the right to protect personal information. The amendments follow legislation from 2014 that infringed on the rights of bloggers.

Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 04/01/2017 (p.m.)

• WikiLeaks - Vault 7: Projects

  But it was the Russians who hacked the 2016 U.S. election. Really.

  Tags: surveillance-state, cyberwar, CIA, Marble, malware-obfuscator

  • - By Paul Merrell

  • Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

    Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

    Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

    The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

  • The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

    The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.

Posted from Diigo. The rest of Open Web group favorite links are here.