Daily Archives: January 16, 2022

Russia Arrests Members of Notorious Ransomware Gang REvil

Posted on by

[…]

The Federal Security Service (FSB), Russia’s domestic intelligence agency, said in a press release Friday that it had recently conducted raids at 25 residences across Moscow, Leningrad, Lipetsk, and St. Petersburg, where 14 members of the cybercriminal gang were arrested. During the raids, authorities seized more than 426 million rubles, $600,000, and €500,000, along with 20 luxury vehicles and hordes of computer equipment.

While the identities of the hackers have not been made public at this time, video provided by the FSB shows officers chasing and handcuffing various individuals, while also rifling through apartments.

[…]

REvil has been high on America’s shit-list ever since it carried out the massive Kaseya ransomware attack last summer. The attack used malicious software updates in the tech firm’s popular IT products to infect upwards of 1,500 different companies worldwide—including many in the U.S.

[…]

But the gang has also allegedly been involved in attacks on hardware manufacturer Acer, celebrity law firm Grubman Shire Meiselas & Sacks (they reportedly leaked 2.4 gigabytes of Lady Gaga’s legal documents), and Quanta, a prominent computer parts supplier that works for Apple, among other big names. It also conducted a disruptive ransomware attack on meat-processing giant JBS Foods last May, temporarily forcing the company to shut down a number of its food production sites. All in all, they’ve caused quite a lot of damage.

[…]

Some commentators have noted the odd timing of the FSB’s operation, however. The U.S. and Russia are currently experiencing severe tensions over the political situation in Ukraine—where some U.S. commentators have alleged that Russia is preparing for a military invasion. As such, the possibility that Russia has arrested REvil as a kind of bargaining tactic with the U.S. seems plausible to some. “I think being concerned about Russia’s ulterior motives is perfectly reasonable,” John Hultquist, vice president of threat intelligence at cyber firm Mandiant, recently told WIRED.

[…]

Source: Russia Arrests Members of Notorious Ransomware Gang REvil

DOJ Say Evidence Against Oath Keepers Came From Signal Chats

Posted on by

While many of the groups that took part in last year’s siege on the U.S. Capitol turned to Facebook and Telegram groups to plan their part in the attack, the Oath Keepers—a far-right org that’s best described as somewhere between a militia and a rag-tag group of wannabe vigilantes—are alleged to be bigger fans of the encrypted chat app Signal, instead.

In court filings that were made public this week following the arrest of 10 Oath Keeper members and the group’s leader Stewart Rhodes for their alleged role in the Capitol riots, authorities claim that they were able to access multiple invite-only chatrooms where group members coordinated their role in the riots. Authorities describe detailed meetings discussing everything from combat and firearms training to the uniforms Oath Keeper members were going to wear the day of. What’s less clear is how these encrypted chats were divulged in the first place.

[…]

While it’s clear that these docs lay out some pretty horrific chats happening over Signal, it’s less clear how authorities were able to access these chats in the first place. Law enforcement has clashed with this particular app for years while trying to glean information on suspects that use it, and Signal often publicly brushed those attempts off.

In 2018, Signal’s developers told Australian authorities that it wouldn’t be able to comply with the country’s new Assistance and Access Law even if it wanted to because each message’s encrypted contents are protected by keys that were “entirely inaccessible” to the people running the app. More recently, authorities in California tried multiple times to get the company to budge on the issue and comply with the state’s subpoena requests, only to be met with the same responses each time.

“Just like last time, we couldn’t provide any of that,” Signal’s team wrote in a blog post at the time. “ It’s impossible to turn over data that we never had access to in the first place.” Heck, even recent FBI training docs that were obtained via Freedom of Information Act requests reveal that the agency can’t access people’s chats on the app!

[…]

It’s possible that one of the Oath Keeper members that was privy to these chatrooms cooperated with authorities and handed the details over.

[…]

Another theory is that authorities gained access to these chats by gaining access to one of the defendants’ locked devices

[…]

Source: DOJ Say Evidence Against Oath Keepers Came From Signal Chats

Or  they infiltrated the group and were invited into the chatroom…

John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

Posted on by

A class action lawsuit filed in Chicago has accused John Deere of running an illegal repair monopoly. The lawsuit alleged that John Deere has used software locks and restricted access to repair documentation and tools, making it very difficult for farmers to fix their own agricultural equipment, a problem that Motherboard has documented for years and that lawmakers, the FTC, and even the Biden administration have acknowledged.

[…]

The situation is so bad that it’s created a boom in the secondary market. Used tractors are selling for hundreds of thousands of dollars, in part, because they’re easier to repair than modern machines.

Forest River Farms, a farming corporation in North Dakota, filed the recent antitrust lawsuit against John Deere, alleging that “Deere’s network of highly-consolidated independent dealerships is not permitted through their agreements with Deere to provide farmers or repair shops with access to the same software and repair tools the Dealerships have.”

[…]

Last year, President Biden signed an executive order aimed at making it easier for everyone to fix their own stuff. He also directed the FTC to formally adopt a pro right-to-repair platform. Legislation has been introduced in congress that would enshrine the right-to-repair and similar laws are working their way through various statehouses across the country. Microsoft’s shareholders have pressed the company to do more for repair and even Apple is backing away from its monopolistic repair practices.

[…]

Source: John Deere Hit With Class Action Lawsuit for Alleged Tractor Repair Monopoly

German IT security watchdog: No evidence of censorship function in Xiaomi phones

Posted on by

Germany’s federal cybersecurity watchdog, the BSI, did not find any evidence of censorship functions in mobile phones manufactured by China’s Xiaomi Corp (1810.HK), a spokesperson said on Thursday.

Lithuania’s state cybersecurity body had said in September that Xiaomi phones had a built-in ability to detect and censor terms such as “Free Tibet”, “Long live Taiwan independence” or “democracy movement”. The BSI started an examination following these accusations, which lasted several months. read more

“As a result, the BSI was unable to identify any anomalies that would require further investigation or other measures,” the BSI spokesperson said.

Source: German IT security watchdog: No evidence of censorship function in Xiaomi phones | Reuters

Google’s and Facebook’s top execs accused of fixing ads

Posted on by

The alleged 2017 deal between Google and Facebook to kill header bidding, a way for multiple ad exchanges to compete fairly in automated ad auctions, was negotiated by Facebook COO Sheryl Sandberg, and endorsed by both Facebook CEO Mark Zuckerberg (now with Meta) and Google CEO Sundar Pichai, according to an updated complaint filed in the Texas-led antitrust lawsuit against Google.

Texas, 14 other US states, and the Commonwealths of Kentucky and Puerto Rico accused Google of unlawfully monopolizing the online ad market and rigging ad auctions in a December, 2020, lawsuit. The plaintiffs subsequently filed an amendment complaint in October, 2021, that includes details previously redacted.

On Friday, Texas et al. filed a third amended complaint [PDF] that fills in more blanks and expands the allegations by 69 more pages.

The fortified filing adds additional information about previous revelations and extends the scope of concern to cover in-app advertising in greater detail.

Presently, there are three other US government-backed unfair competition claims against Google ongoing: a federal antitrust lawsuit from the US Justice Department, a challenge from Colorado and 38 other State Attorneys General (filed around the same time as the Texas-led complaint), as well as a competition claim focused on Android and the Google Play Store filed last July.

The third amendment complaint delves into more detail about how Google allegedly worked “to kill header bidding,”

[]…]

The deal, referred to as “Jedi Blue” internally and eventually as “Open Bidding” when discussed publicly, allegedly allowed Facebook to win ad auctions even when outbid by competitors.

The third amended complaint explains, “Facebook’s Chief Operating Officer [REDACTED] was explicit that ‘[t]his is a big deal strategically’ in an email thread that included Facebook CEO [REDACTED].

[…]

The expanded filing includes new allegations about how Google used Accelerated Mobile Pages to hinder header bidding.

Google first created Accelerated Mobile Pages (“AMP”), a framework for developing mobile webpages, and made AMP compatible with Google’s ad server but substantially hindered compatibility with header bidding. Specifically, Google made AMP unable to execute JavaScript in the header, which frustrated publishers’ use of header bidding.

[…]

What’s more, the revised filing adds support for the claim that a Google ad program called Dynamic Revenue Share or DRS cheated to help Google win more valuable ad impressions.

“DRS manipulated Google’s exchange fee after soliciting bids in the auction and after peeking at rival exchanges’ bids to win impressions it would have otherwise lost,” the revised complaint says.

And the complaint now contends that Google personnel admitted the unfairness of the DRS system: “Google internally acknowledged that DRS made its auction untruthful: ‘One known issue with the current DRS is that it makes the auction untruthful as we determine the AdX revshare after seeing buyers’ bids and use winner’s bid to price itself (first-pricing)….'”

[…]

Source: Google’s and Facebook’s top execs accused of fixing ads • The Register

Apple Lets Developers in the Netherlands Offer Payment Options, escape from the 30% squeeze

Posted on by

Apple will grudgingly allow dating app developers in the Netherlands to use alternative payment methods in the App Store, but it doesn’t like it, and the score hasn’t been settled yet.

In an update on its developers’ blog on Friday, Apple said dating app developers will have two new optional “entitlements” in the App Store, which sounds strangely medieval, but OK. Besides using Apple’s in-app payment system—which nearly all developers worldwide are obligated to use, with some exceptions—they will also be able to include an in-app link directing users to their website to make a purchase or use a third-party payment system in the app.

According to Apple, developers can choose only one of the two entitlements and have to request it from Apple. For those who want to continue using Apple’s in-app payment system, where the company takes between a 15% and 30% cut of every purchase, no action is needed.

[…]

Source: Apple Lets Developers in the Netherlands Offer Payment Options

Yes, a small country can make a big difference!

North Korea made ‘$400m’ in cryptocurrency heists last year

Posted on by

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader’s coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 – although part of the reason might be that they are now so valuable people are taking more care with them.

Source: North Korea made ‘$400m’ in cryptocurrency heists last year • The Register