Chinese Hackers Go After Dissidents

The “Comment Crew,” a group of China-based hackers whose outing earlier this year in major media outlets caused a conflict with the U.S., have resumed their attacks against dissidents.

FireEye, a security vendor that specializes in trying to stop sophisticated attacks, has noticed attackers using a fresh set of tools and evasion techniques against some of its newer clients, which it can’t name. But Rob Rachwald, director of market research for FireEye, said in an interview Monday that those clients include an organization in Taiwan and others involved in dissident activity.

The Comment Crew was known for many years by security analysts, but its attacks on The New York Times, described in an extensive report in February from vendor Mandiant, thrust them into an uncomfortable spotlight, causing tense relations between the U.S. and China.

Rachwald said it is difficult to determine if the organizations being targeted now were targeted by the Comment Crew previously, but FireEye said last month that the group didn’t appear to be hitting organizations they had compromised before.

Organizations opposing Chinese government policies have frequently been targeted by hackers in what are believed to be politically motivated surveillance operations.

The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven’t gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn’t stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.

“If you look at it from a chronological perspective, this malware hasn’t been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”

FireEye researchers Ned Moran and Nart Villeneuve described the new techniques on Monday on FireEye’s blog.

Two malware samples, called Aumlib and Ixeshe, had been used by the Comment Crew but not updated since 2011. Both malware programs have now been altered to change the appearance of their network traffic, Rachwald said.

Many vendors use intrusion detection systems to spot how malware sends data back to an attacker, which helps determine if a network has been compromised. Altering the method and format for how the data is sent can trick those systems into thinking everything is fine.

In another improvement, encryption is now employed to mask certain components of the programs’ networking communication, Rachwald said. The malware programs themselves, which are designed to steal data and log keystrokes, are basically the same.

Mandiant’s report traced the hacking activity to a specific Chinese military unit called “61398.” The company alleged that it waged a seven-year hacking spree that compromised 141 organizations.

Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.

Source

NOAA Super Computer Goes Live

The National Oceanic and Atmospheric Administration has rolled out two new supercomputers that are expected to improve weather forecasts and perhaps help better prepare us for hurricanes.

The two IBM systems, which are identical clones, will be used by NOAA’s National Weather Service to produce forecast data that’s used in the U.S. and around the world.

One of the supercomputers is in Reston, Va.; the other is in Orlando. The NWS can switch between the two in about six minutes.

Each is a 213-teraflop system running a Linux operating system on Intel processors. The federal government is paying about $20 million a year to operate the leased systems.

“These are the systems that are the origin of all the weather forecasts you see,” said Ben Kyger, director of central operations at the National Centers for Environmental Prediction.

NOAA had previously used identical four-year-old 74-teraflop IBM supercomputers that ran on IBM’s AIX operating system and Power 6 chips.

Before it could activate the new systems, the NWS had to ensure that they produced scientifically accurate results. It had been running the old and new systems in parallel for months, comparing their output.

The NWS has a new hurricane model, which is 15% more accurate in day five of a forecast for a storm’s track and intensity. That model is now operational and running on the new systems. That’s important, because the U.S. is expecting a busy hurricane season.

Source

Can Blackberry Be Sold?

Struggling smartphone maker BlackBerry is reviewing several options that could include joint ventures, partnerships or an outright sale, as the company’s leading shareholder steps down from its board in a possible prelude to taking a different role.

BlackBerry, which pioneered on-your-hip email with its first smartphones and email pagers, said on Monday it had set up a committee to review its options, sparking debate over whether Canada’s one-time crown jewel is more valuable as a whole or snapped up piece by piece by competitors or private investors.

The company said Prem Watsa, whose Fairfax Financial Holdings Ltd is BlackBerry’s biggest shareholder, was leaving the board to avoid a possible conflict of interest as BlackBerry determines its next steps.

The resignation of Watsa, often described as Canada’s version of Warren Buffett, suggests Fairfax may be part of a solution.

BlackBerry, once a stock market darling, has bled market share to the likes of Apple Inc and phones using Google Inc’s Android operating system, and its new BlackBerry 10 smartphones have failed to gain traction with consumers.

Blackberry shares rose 7.5 percent to $10.80 in New York and C$10.84 in Toronto in afternoon trading. But the shares remain well below the levels seen in June, before the company reported dismal results that included poor sales of the BlackBerry 10 phones it viewed as key to a successful turnaround.

The share price peaked at about C$150 in June 2008.

A clean balance sheet makes the smartphone seller an enticing takeover candidate. Like Dell Inc, it is a tech icon in need of a turnaround. But BlackBerry’s cash flow is worse, meaning leverage would be extra risky.

The company’s assets include a well-regarded services business that powers BlackBerry’s security-focused messaging system, worth $3 billion to $4.5 billion; a collection of patents that could be worth $2 billion to $3 billion; and $3.1 billion in cash and investments, according to analysts.

But the smartphones that bear its name have little or no value, and it may cost $2 billion to shutter that unit, the analysts said.

Analysts expressed skepticism about the new committee, noting that BlackBerry announced similar steps more than a year ago when it hired JPMorgan and RBC as financial advisers. A source said both are still involved in the strategic review.

Source

IBM Still Talking Up SyNAPSE

IBM has unveiled the latest stage in its plans to generate a computer system that copies the human brain, calculating tasks that are relatively easy for humans but difficult for computers.

As part of the firm’s Systems of Neuromorphic Adaptive Plastic Scalable Electronics (SyNAPSE) project, IBM researchers have been working with Cornell University and Inilabs to create the programming language with $53m in funding from the Defense Advanced Research Projects Agency (DARPA).

First unveiled two years ago this month, the technology – which mimics both the size and power of humanity’s most complex organ – looks to solve the problems created by traditional computing models when handling vast amounts of high speed data.

IBM explained the new programming language, perhaps not in layman’s terms, by saying it “breaks the mould of sequential operation underlying today’s von Neumann architectures and computers” and instead “is tailored for a new class of distributed, highly interconnected, asynchronous, parallel, large-scale cognitive computing architectures”.

That, in English, basically means that it could be used to create next generation intelligent sensor networks that are capable of perception, action and cognition, the sorts of mental processes that humans take for granted and perform with ease.

Dr Dharmendra Modha, who heads the programme at IBM Research, expanded on what this might mean for the future, sayng that the time has come to move forward into the next stage of information technology.

“Today, we’re at another turning point in the history of information technology. The era that Backus and his contemporaries helped create, the programmable computing era, is being superseded by the era of cognitive computing.

“Increasingly, computers will gather huge quantities of data, reason over the data, and learn from their interactions with information and people. These new capabilities will help us penetrate complexity and make better decisions about everything from how to manage cities to how to solve confounding business problems.”

The hardware for IBM’s cognitive computers mimic the brain, as they are built around small “neurosynaptic cores”. The cores are modeled on the brain, and feature 256 “neurons” (processors), 256 “axons” (memory) and 64,000 “synapses” (communications between neurons and axons).

IBM suggested that potential uses for this technology could include a pair of glasses which assist the visually impaired when navigating through potentially hazardous environments. Taking in vast amounts of visual and sound data, the augmented reality glasses would highlight obstacles such as kerbs and cars, and steer the user clear of danger.

Other uses could include intelligent microphones that keep track of who is speaking to create an accurate transcript of any conversation.

In the long term, IBM hopes to build a cognitive computer scaled to 100 trillion synapses. This would fit inside a space with a volume of no more than two litres while consuming less than one kilowatt of power.

Source

Are Russian Hackers Exploiting Android?

Russian mobile malware factories are working with thousands of affiliates to exploit Android users, a security company has claimed.

According to Lookout Mobile Security the system is so efficient that almost a third of all mobile malware is made by just 10 organisations operating out of Russia. These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers the report said.

Thousands of affiliate marketers are also profiting from the scheme and helping spread the malware by setting up websites designed to trick users into downloading seemingly legitimate apps. Affiliates can make up to $12,000 a month and are heavy users of Twitter.

The report’s release at the DEF CON 21 conference in Las Vegas indicated that Lookout Mobile Security are working with the spooks to bring the crooks down. The malware HQs had gone to great lengths to obfuscate and encrypt their code to make detection tricky, but their advertising was pretty brazen.

Source

PayPal Extend Bug Bounty

PayPal is expanding its bug bounty program to individuals aged 14 and older, a move intended to reward younger researchers who are technically ineligible to hold full-fledged PayPal accounts.

PayPal’s program, which is a year old this month, only applied to those 18 years and older. Under the old rule, participants in the program were required to hold valid accounts, which excluded minors, said Gus Anagnos, PayPal’s director of information security.

In May, 17-year-old Robert Kugler, a student in Germany, said he’d been denied a reward for finding a vulnerability. PayPal said the bug had already been found by two other researchers, which would have made Kugler ineligible for bounty.

In an apparent miscommunication, Kugler said he was initially told he was too young rather than the bug had already been discovered. Nonetheless, PayPal said it would look to bring younger people into its program, which pays upwards of $10,000 for remote code execution bugs on its websites.

Those who are under 18 years old can receive a bug bounty payment through a PayPal student account, an arrangement where a minor can receive payments via their parent’s account, Anagnos said.

Anagnos said other terms and conditions have been modified to make its program more transparent, such as clarifying which PayPal subsidiaries and partner sites qualify for the program.

PayPal pays much less for vulnerabilities on partner websites, which have a URL form of “www.paypal-__.com.” A remote execution bug found on that kind of site garners only $1,500 rather than up to $10,000 on the company’s main sites.

Like other bug bounty programs run by companies such as Microsoft and Google, PayPal will publicly recognize researchers on its website with a “Wall of Fame” for the top 10 researchers in a quarter. Another “honorable mention” page lists anyone who submitted a valid bug for the quarter.

Eusebiu Blindu, a testing consultant from Romania, was one of the researchers listed on the Wall of Fame for the first quarter of this year.

“I think Paypal is the best bug bounty program, and I am glad I participated in it from the first days of its launching,” he wrote on his blog.

Source

The DoD May Share Airwaves

The U.S. Defense Department is proposing to share some of its radio airwaves with private industry, a nod to growing pressure from the wireless industry and the Obama administration that federal agencies ease their control of valuable spectrum.

In a letter released by the Federal Communications Commission on Tuesday, the Department of Defense offers to share the airwaves it now dominates in the slice of frequencies from 1755 megahertz (MHz) to 1780 MHz with spectrum-hungry wireless and Internet companies.

The military would rearrange its systems within that slice of spectrum as well as the 2025-2110 MHz band and compress programs into the 1780-1850 MHz band that it would retain.

The Defense Department uses the airwaves for programs such as pilot training and drone systems and has faced criticism from some in the industry and in Congress for resisting efforts to open those airwaves for commercial use to satisfy growing demands posed by data-hungry gadgets and services.

The Pentagon had pointed to its own need for airwaves as its use of drones and other reliance on wireless technology grows. It also had estimated the process of moving its programs to new frequencies would cost more than $12 billion.

Under the new plan, the Defense Department drops the cost estimate to $3.5 billion by compromising on sharing slices of airwaves without completely clearing any of the spectrum bands.

In the letter, originally sent on July 17 to the National Telecommunications and Information Administration, which oversees federal airwaves, DOD Chief Information Officer Teresa Takai called the proposal “a workable balance to provide access to the 1755-1780 MHz band most desired by the commercial wireless industry while ensuring no loss of critical DoD capabilities.”

The NTIA, in its own letter to the FCC, said it had not had enough time to review the proposal and could not yet endorse it.

The FCC, with NTIA’s help, is preparing for several auctions of airwaves to take place in coming years, including one that would sell off chunks of federally controlled spectrum. They will be the first reshuffling of airwave ownership since 2008.

Congress has required the FCC to auction off the 2155-2180 MHz band by February 2015 and the industry has sought to pair up that slice of spectrum with the valuable 1755-1780 MHz band, arguing it would collect more money. Lawmakers in the House of Representatives have introduced a bill to ensure such pairing.

The FCC has been drafting a notice of proposed rulemaking that would seek public comments on how the FCC should auction those federally owned or already cleared airwaves to the wireless companies and an FCC official said the agency’s notice will address the Pentagon’s new proposal.

President Barack Obama last month directed federal agencies to look for ways eventually to give up or share more of their airwaves with the private sector. This followed his June 2010 call to open up 500 MHz of federal spectrum for commercial use.

Source

SanDisk Debuts Wireless Flash Drive

SanDisk on Monday announced a line of wireless flash drives that can hold up to 64GB of data.

The new drives include the Connect Wireless Flash Drive — a thumb drive — and the Connect Wireless Media Drive, a larger, but still pocket-sized storage device. The Connect Wireless Flash Drive comes in 16GB and 32GB capacities; the Connect Wireless Media Drive comes in 32GB and 64GB capacities.

The Connect Wireless Flash drive is 3.07-in. x 1.04-in. x 0.54-in. The Connect Wireless Media Drive is 2.6-in. x 2.6-in. x 0.52-in.

The Connect Wireless drive family allows users to not only store but share and stream files across multiple mobile devices. They offer up to eight simultaneous device connections and three media streams, and support separate streams of 720p video content at 2MB/sec to three or five devices concurrently (for the Flash Drive and Media Drive, respectively).

According to a SanDisk spokesman, video streaming performance isn’t affected by multiple streams because device limits are set at a point that supports the streams without degradation. Devices can connect to the drives up to 150 feet away.

The Connect Wireless drives work with all iOS and Android devices, and Kindle Fire tablets, as well as PC and Mac computers. The drives are compatible with Windows 8, Windows 7, Windows Vista, Windows XP and Mac OS 10.6 or higher

Movies, music, photos and documents can be loaded onto the wireless drives by simply dragging and dropping the files, which can then be accessed via the SanDisk Connect apps. Those apps are available for download from the App Store, Google Play Store and the Amazon Appstore for Android.

The drives contain an internal router, so no external router or Internet connection is needed to stream media. In order to use the drives, mobile device users simply download SanDisk’s Connect App.

The drives run on lithium-ion batteries. A single charge provides up to four hours of wireless streaming, with streaming data protected by Wi-Fi Password Protection (WPA2).

“With the new SanDisk Connect product line, we’re raising the bar on what consumers can expect from personal storage,” said Dinesh Bahal, vice president for product marketing for SanDisk.

The SanDisk Connect Wireless Flash Drive is available in 16GB or 32GB capacities for $49.99 and $59.99, respectively. In the U.S., it is available for preorder on Amazon.com, Newegg.com and Micro Center, with availability at Best Buy starting in August. It will also be available for preorder on Amazon.com in Germany and UK.

The SanDisk Connect Wireless Media Drive has a retail price of $79.99 for 32GB or $99.99 for 64GB storage capacity. It is available for preorder in the U.S. on Amazon.com, with availability in Germany and UK in the fourth quarter of 2013.

Source

Will Lenovo Release A Phablet?

Windows Phone may not be taking the world by storm, but it is a very interesting alternative for anyone who’s not in love with iOS or Android.

Now it seems Redmond’s fledgling platform is about to get its first phablet, courtesy of Lenovo. The device reportedly features a quad-core application processor and a 1080p screen. The screen size is estimated at 4.7 to 5 inches.

This would make it the biggest Windows Phone device to date, although it doesn’t sound very big or “phabletish” by Android standards. The biggest currently available WP8 phone is Samsung’s Ativ Si8750, with 4.8-inch 720p screen.

Nokia is Microsoft’s top hardware partner and it has been rumored to be working on a Windows phablet of its own. However, the persistent rumors have not panned out, at least not yet.

Source

Will The FBI Ditch Blackberry?

Samsung Electronics Co Ltd is close to signing a deal to sell its popular line of Galaxy devices to the U.S. Federal Bureau of Investigation, sources familiar with the situation said late last  Friday.

The deal would be a boost for Samsung, which is increasingly seeking to cater to the needs of government agencies, a niche long dominated by Canadian smartphone maker BlackBerry Ltd.

The FBI, with more than 35,000 employees, at present uses mainly BlackBerry devices. It is unclear whether the agency plans to replace all BlackBerry equipment with Galaxy models or whether it will use hardware from both companies.

A spokeswoman for the FBI declined to comment on the matter, saying that the selection of its new smartphones is part of an active acquisition process and any current discussions are proprietary to the government.

The imminent deal was initially reported by the Wall Street Journal late on Thursday. The WSJ also said Samsung is close to signing a smaller order for its devices with the U.S. Navy, citing people familiar with the matter.

Representatives of BlackBerry and Samsung declined to comment. BlackBerry emphasized, however, that it regards its operating system as the best in the market in terms of security features.

“The security of mobile devices is more important now than it has ever been before,” BlackBerry’s chief legal officer, Steve Zipperstein, said in an interview. “It is fair to ask why in this context anyone would consider moving from the gold standard in security, which is the BlackBerry platform.”

In May, the U.S. Pentagon cleared Samsung’s Android mobile devices and a new line of BlackBerry devices powered by the BB10 operating system for use on Defense Department networks.

Samsung has been pushing hard to convince government agencies and corporate clients that its Galaxy devices, powered by Google Inc’s Android operating system, can meet their stringent security needs.

The South Korean company hopes that the Pentagon clearance and the imminent deal with the FBI will help boost sales to security-conscious clients including banks and law firms.

Some analysts remain skeptical about whether Android can meet all security requirements of such clients, and note that the FBI itself has highlighted some vulnerabilities of the platform.

“The Android operating system hasn’t been secured properly,” said Rob Enderle, principal analyst with Enderle Group, noting that Samsung has layered technology on top of the operating system in an attempt to make its Galaxy devices safer.

Source

« Previous Page — Next Page »