October 31, 2018
Mirai author fined $8.6million, gets 6 months house arrest
By Lisa Vaas
The other shoe has dropped for Paras Jha, a 22-year-old New Jersey man who’s one of a trio of Mirai botnet authors sentenced in September. Besides the probation, community service and fines handed out by an Alaskan court last month, Jha has now been given a far stiffer fine from a New Jersey court for launching an attack on the network of Rutgers University.
He’s looking at paying $8.6m in restitution, and he’s been sentenced to six months of house arrest.
The US Attorney’s Office in New Jersey on Friday said that distributed denial of service (DDoS) attacks on the networks of Rutgers University “effectively shut down Rutgers University’s central authentication server,” which maintained, among other things, the gateway portal through which staff, faculty, and students delivered assignments and assessments.
At times, Jha succeeded in taking the portal offline for multiple consecutive periods, causing damage to Rutgers University, its faculty, and its students.
In September, an Alaskan court had sentenced the three Mirai botnet authors to probation, community service and fines.
It seemed like a light sentence, considering the vast damage done by the botnet.
Read more at https://nakedsecurity.sophos.com/2018/10/31/mirai-author-fined-8-6million-gets-6-months-house-arrest/
Alleged SWATter will plead guilty to dozens of serious new federal charges
By Lisa Vaas
Tyler Rai Barriss – the 25-year-old man from southern California who SWATted an innocent man who was killed in a subsequent police shooting – will plead guilty to 46 new federal charges, according to local news outlets in Kansas, where victim Andrew Finch lived and where Barriss is in prison.
A federal indictment unsealed on Wednesday also names two other men who were allegedly involved in the fatal SWATting incident: Casey Viner, of Ohio, and Shane Gaskill, of Wichita, Kansas. Both have been charged and have pleaded not guilty to multiple charges.
The new charges, filed in California on Wednesday, also list four unindicted co-conspirators: Twitter user “@INTERNETLORD” of Des Plaines, Illinois; “@TRAGIC” of Gulf Breeze, Florida; “@THROW” of Grand Rapids, Michigan; and “@SPARED” of Greenwood, Missouri.
According to prosecutors, Gaskill was the intended victim of the SWAT, which grew out of a Call of Duty game in which two teammates were disputing a $1.50 wager. Apparently, one had accidentally “killed” a teammate in the first-person shooter game.
According to court documents, Gaskill at one point saw that Barriss (@SWAuTistic) was following him on Twitter, so he allegedly gave him what turned out to be a former address – a house that he owned and which Finch was renting – and taunted Barriss to go ahead with the SWAT.
What @SWAuTistic is pleading guilty to
SWATting, which takes its name from elite law enforcement units called SWAT (Special Weapons and Tactics) teams, is the practice of making a false report to emergency services about shootings, bomb threats, hostage taking, or other alleged violent crime in the hopes that law enforcement will respond to a targeted address with deadly force.
Gov worker visits 9k porn sites without protection, spreads infection
By Lisa Vaas
A now very “ex”-government employee managed to compromise the networks of the US Geological Survey (USGS) after viewing some 9,000 malware-infected pages of porn on his work-issued laptop… and then further spread the contagion by saving images onto an unauthorized USB drive and his Android phone.
No surprise here: the unnamed employee no longer works at the agency, OIG External Affairs Director Nancy DiPaolo told NextGov.
The office of the Inspector General at the US Department of the Interior (DOI) published a redacted memorandum about the incident on 17 October.
The Inspector General said that a forensic investigation following the incident found that the employee had an “extensive history” of visiting porn sites. Many of the 9,000 pages he visited were routed through websites that originated in Russia and contained malware. Unsurprisingly, the phone and USB drive he saved his images to were also infected with malware.
The memo noted that malware is often used to damage or disable computers and/or to steal confidential information while spreading itself far and wide – not exactly the kind of thing you want romping around on government systems.
Read more at https://nakedsecurity.sophos.com/2018/10/30/gov-worker-visits-9k-porn-sites-without-protection-spreads-infection/
Snakes in the grass! Malicious code slithers into Python PyPI repository
By Danny Bradbury
Software developers downloading a seemingly innocent software library could find themselves hemorrhaging Bitcoin thanks to a wily attack.
A cybersecurity researcher calling himself ‘Bertus’ on Medium detailed an exploit that uses a common alternative spelling, remote code execution, and a rogue Bitcoin address to try and steal cryptocurrency from developers using the Python programming language.
The malicious code was uploaded to PyPI, an online repository of software packages developed for the Python programming language. Developers can create and upload their packages for others to use in their own programs. There are packages for everything from natural language processing through to screen-scraping libraries.
Developers that want to give something back to the community package their programs by including an installation script called setup.py. Others can download and install it with a single command – pip install. Normally, setup.py just installs legitimate Python software. However, attackers can use it to run malicious code that infects a computer.
In this case, a malicious actor created a PyPI package called colourama. It exploits a common spelling difference between US and British English to impersonate a legitimate PyPI package called colorama, which enables developers to produce colored terminal text in Microsoft Windows.
The name change is subtle, and developers may be fooled into installing the wrong package. As it installs, it creates a malware dropper designed to exploit Windows PCs. The dropper downloads malware written in Microsoft’s VBScript language.
Read more at https://nakedsecurity.sophos.com/2018/10/30/snakes-in-the-grass-malicious-code-slithers-into-python-pypi-repository/
