February 12, 2018
Cryptomining script poisons government websites – What to do
By Paul Ducklin
Reports surfaced over the weekend claiming that a whole raft of government websites were “infected with malware”.
The full story seems to be more nuanced than that, which is just as well, because the list of infected sites stretches across the Anglophone world, with web pages affected in at least the US, the UK, and Australia.
The malware involved – you’d probably have guessed what it was going to be even if we hadn’t mentioned it in the headline – was a cryptomining script.
Cryptomining malware is when crooks covertly infect your computer with software to do the calculations needed to generate cryptocurrency, such as Bitcoin, Monero or Ethereum. The crooks use your electricity and processing power, but keep any cryptocoin proceeds for themselves.
The infection source in this case seems to have been a service run by a company called Texthelp Limited.
The site serves up JavaScript that can convert pages on your website to speech, in order to help out visitors who aren’t fluent in English, or who aren’t good at reading.
As you can imagine, government websites are meant to serve everyone, even those who aren’t literate, and numerous regulations exist that cover how accessible the public sector needs to make its web pages.
Indeed, Texthelp lists some of these regulations on its website, including: EU – Convention on Human Rights, UK – Accessible Information Standard, IRE – Disability Act 2005, US – Americans with Disabilities Act (ADA), CA – Canadian Charter on Rights and Freedom, AUS – Disability Discrimination Act, and more.
Read more at https://nakedsecurity.sophos.com/2018/02/12/cryptomining-script-poisons-government-websites-what-to-do/
Winter Olympics network outages blamed on unexplained cyberhack
By Paul Ducklin
The Mail Online has a URL that explicitly states, Russian-cyber-crooks-hacked-Winter-Olympics.html.
The article it links to isn’t quite so explicit, instead demanding to know, “Did Russian cybercriminals hack the Winter Olympics opening ceremony?”
The headline then answers its own question by adding, “[O]fficials don’t know who was behind it.”
Rival UK tabloid The Sun isn’t sure either, but that didn’t stop it shouting, “Cyber crooks HACKED the Winter Olympics opening ceremony”, before wondering, “[B]ut who is responsible?”
In comparison, Mashable is conciliatory, leading with, “Olympic organizers hit with hack during opening ceremony.”
(Even though a hack during the opening ceremony is not at all the same as a hack of the opening ceremony, Mashable couldn’t resist putting the slug Olympic-opening-ceremony-hack in its URL.)
Read more at https://nakedsecurity.sophos.com/2018/02/11/winter-olympics-network-outages-blamed-on-unexplained-cyberhack/
Chinese police get facial recognition glasses
By Lisa Vaas
In time for the massive upcoming human migration that is China’s annual Lunar New Year, Chinese police have added a new surveillance tool to their already considerable arsenal: glasses outfitted with fast facial recognition technology that’s connected to a database of 10,000 suspects wanted in connection with major crimes.
During the celebration, which begins next week, hundreds of millions of people will flood train stations and airports.
China’s official state media outlet, the People’s Daily, on Monday touted the surveillance specs as a way to help out authorities during massive events such as the annual Lunar New Year. Chinese news outlets featured a policewoman wearing a sunglasses version while patrolling a train station in Zhengzhou, the capital of central China’s Henan province.
The People’s Daily reported that the eyeglass-mounted camera is equipped with facial-recognition technology capable of “highly effective screening” of crowds for fugitives traveling under false pretenses.
According to the Wall Street Journal, the devices are skirting the slow mess that is blurry CCTV cameras and hooking directly into a database of known suspects. LLVision, the company behind the devices, says that they’ve been able to identify individuals by zipping through a database of 10,000 suspects in as little as 100 milliseconds: faster than some fixed-camera systems.
As of Wednesday, the glasses had already helped railway police at Zhengzhou’s East Railway Station nab seven suspects and 26 people who were allegedly traveling using other people’s identities.
Borrowing others’ identities is a way for people to evade China’s monitoring of air and train travel, to get around travel restrictions, and to slip past whatever punishment authorities think should be meted out for their “infractions,” the WSJ reports.
Read more at https://nakedsecurity.sophos.com/2018/02/09/chinese-police-get-facial-recognition-glasses/
Robot’s revenge – the CAPTCHA that stops humans
By Lisa Vaas
What do bots talk about on their bots-only internet?
Do they debate
whether Mark Zuckerberg is in fact a robot or A CARBON-BASED LIFEFORM INGESTING
CORROSIVE ISOPODS OF TRILOBITE NOURISHMENT and apologize for PROMINENT
FULL-CAPITAL YELLING CAUSING DISCOMFORT TO YOUR AUDITORY
RECEIVERS EARS, PROVIDING amusement.value=256 in a MOST AMUSING
SUBROUTINE JOKE?
(If you like robot humor like that, please do visit r/totallynotrobots and observe a fellow human having a human experience.)
Anyway, beats me, what robots talk about on robot internet. I’m a human. And I have verified my humanness thanks to an “online performance” called Humans Not Invited, brought to us courtesy of online programmer artist Damjanski. His real name, according to Motherboard, is Danjan Pita.
Read more at https://nakedsecurity.sophos.com/2018/02/09/robots-revenge-the-captcha-that-stops-humans/