Category

Malware and DOS attacks

UK Government publishes Internet Safety green paper

By | Content Issues, Malware and DOS attacks, News

The UK Government has announced proposals for a voluntary levy on Internet companies “to raise awareness and counter internet harms”. The government has said that the levy would target issues such as cyberbullying, online abuse and children being exposed to pornography on the Internet.

The levy is one of a series of measures proposed in the Internet Safety Green Paper, which is the result of a consultation launched in February. The other measures include:

·       A new social media code of practice to require more intervention by social media companies against allegedly bullying, intimidating or humiliating content

·       An annual Internet safety transparency report, to help government track how fast social media companies remove material that has been the subject of a complaint

·       Demands for tech and digital startups to “think safety first” – prioritising features to facilitate complaints content removal as functionality that must be into apps and products from the very start

All the measures will be voluntary although the government has not ruled out legislating if companies refuse to take part. In remarks that will be of concern to Internet companies, the Culture Secretary Karen Bradley hinted that the government could change the legal status of social media companies, to deem them publishers rather than platforms, which could mean even greater regulation of their users’ content.

“Legally they are mere conduits but we are looking at their role and their responsibilities and we are looking at what their status should be. They are not legally publishers at this stage but we are looking at these issues,” she said.

The consultation will close on 7 December, and the government expects to respond in early 2018.

Leaked documents according to the Daily Mail and Wikileaks reveal that CIA has hacked Wi-Fi routers

By | International, Malware and DOS attacks, News

Leaked documents from activist group Wikileaks and as reported by the Daily Mail has shown that the Central Intelligence Agency (CIA) has hacked a number of routers and has converted them into devices used to snoop in on people’s conversations. The Daily Mail reports that the hacks have targeted 25 router models from manufacturers such as Linksys, DLink and Belkin. Furthermore, the Daily Mail cites the Wikileaks document as stating that the firmware could be expanded to affect a hundred or more devices if they are given only slight modifications.

The 175-page document was reportedly nicknamed “CherryBlossom” (CB for short) by the intelligence agency. The document described CherryBlossom as stating that: “The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest”.

The firmware apparently works by converting the router into a “FlyTrap” that sends messages also known as “beacons” to CIA-controlled server nicknamed “CherryTree”. The FlyTrap sends information such as the router’s device and security information, which CherryTree logs into a database.

Devices that were protected with a weak or default password were highly susceptible to the firmware, the document from Wikileaks show.

The findings, if true, show the various problems associated with friendly governments taking the view that it is acceptable for intelligence agencies to compromise either security or privacy. The end result can only be the use of such mechanisms by actors with less than noble intentions – ranging from hostile governments to organised criminals to terrorists all the way down to script kiddies. This serves as a useful forewarning on the dangers of requiring ‘backdoors’ on encryption technology, together with the policy ramifications from the Investigatory Powers Act Technical Capability Notices.