Menu

Timesdelhi.com

May 26, 2019
Category archive

web browser

Europol, DOJ announce the takedown of the GozNym banking malware

in Banking/Canada/Delhi/Europol/Germany/Hack/India/malware/poland/Politics/Security/United States/web browser by

Europol and the U.S. Justice Department, with help from six other countries, have disrupted and dismantled the GozNym malware, which they say stole more than $100 million from bank accounts since it first emerged.

In a press conference in The Hague, prosecutors said 10 defendants in five countries are accused of using the malware to steal money from more than 41,000 victims, mostly businesses and financial institutions.

Five defendants were arrested in Moldova, Bulgaria, Ukraine and Russia. The leader of the criminal network and his technical assistant are being prosecuted in Georgia.

The remaining five defendants, all Russian nationals, remain on the run and are wanted by the FBI, said prosecutors.

All were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud, and conspiracy to commit money laundering. An eleventh member of the conspiracy, Krasimir Nikolov, was previously charged and extradited to the U.S. in 2016 and pleaded guilty in April in his role in the GozNym malware network.

The names, roles and locations of the indicted suspects. (Image: Justice Department/supplied)

The takedown was described as an “unprecedented international effort” by Scott Brady, U.S. attorney for Western Philadelphia — where a grand jury indicted the defendants — at the press conference announcing the charges.

GozNym is a powerful banking malware that spread across the U.S., Canada, Germany and Poland. The malware was developed from two existing malware families, both of which had their source code leaked years earlier: Nymaim, a two-stage malware dropper that infects computers through exploit kits from malicious links or emails; and Gozi, a web injection module used to hook into the web browser, allowing the attacker to steal login credentials and passwords.

The banking malware hit dozens of banks and credit unions since it first emerged in 2016.

Described as malware “as a service,” the leader of the network allegedly obtained the code for the two malware families and built GozNym, then recruited accomplices and advertised the new malware on Russian speaking forums. The malware used encryption and other obfuscation techniques to avoid detection by antivirus tools. Then, spammers are said to have sent hundreds of thousands of phishing emails to infect staff at businesses and banks. After the malware infected its victim computers, the malware would steal the passwords control of bank accounts, which the criminals would later log in and cash out.

Prosecutors said the malware network was hosted and operated through a bulletproof service, a domain and web hosting known for lax attitudes towards cybercrime and favored by criminals. Europol said the 2016 takedown of Avalanche, an infrastructure platform used by hundreds of criminals to host and run their malware campaigns.

Although the victims were not named, the Justice Department said at least 11 U.S. businesses — including a church, two law firms, and a casino — fell victim to the GozNym criminals.

Read more:
The hacker group behind the Triton malware strikes again
A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks
Researchers find a new malware-friendly hosting site after a spike in attacks
Shellbot malware evolves to spread and shuts down other cryptominers
TrickBot malware attacks are ramping up ahead of Tax Day
New malware pulls its instructions from code hidden in memes posted to Twitter

Mozilla’s free password manager, Firefox Lockbox, launches on Android

in Android/android apps/Apps/Delhi/Firefox/India/Mozilla/password manager/Politics/privacy/Security/web browser/Web browsers by

Mozilla’s free password manager designed for users of the Firefox web browser is today officially arriving on Android. The standalone app, called Firefox Lockbox, offers a simple if a bit basic way for users to access from their mobile device their logins already stored in their Firefox browser.

The app is nowhere near as developed as password managers like 1Password, Dashlane, LastPass and others as it lacks common features like the ability to add, edit or delete passwords; suggest complex passwords; or alert you to potentially compromised passwords resulting from data breaches, among other things.

However, the app is free — and if you’re already using Firefox’s browser, it’s at the very least a more secure alternative to writing down your passwords in an unprotected notepad app, for example. And you can opt to enable Lockbox as an Autofill service on Android.

But the app is really just a companion to Firefox. The passwords in Lockbox securely sync to the app from the Firefox browser — they aren’t entered by hand. For security, the app can be locked with facial recognition or a fingerprint (depending on device support). The passwords are also encrypted in a way that doesn’t allow Mozilla to read your data, it explains in a FAQ.

Firefox Lockbox is now one of several projects Mozilla developed through its now-shuttered Test Flight program. Over a few years’ time, the program had allowed the organization to trial more experimental features — some of which made their way to official products, like the recently launched file-sharing app, Firefox Send.

Others in the program — including Firefox Color⁩⁨Side View⁩⁨Firefox Notes⁩⁨Price Tracker and ⁨Email Tabs⁩ — remain available, but are no longer actively developed beyond occasional maintenance releases. Mozilla’s current focus is on its suite of “privacy-first” solutions, not its other handy utilities.

According to Mozilla, Lockbox was downloaded more than 50,000 times on iOS ahead of today’s Android launch.

The Android version is a free download on Google Play.

Opera Touch brings website cookie blocking to iOS

in Apps/cookies/Delhi/India/iOS apps/mobile/Opera/opera touch/Politics/web browser/Website by

Last fall, Opera introduced Opera Touch for iOS – a solid alternative to Safari on iPhone, optimized for one-handed use. Today, the company is rolling out a notable new feature to this app: cookie blocking. Yes, it can now block those annoying dialogs that ask you to accept the website’s cookies. These are particularly problematic on mobile, where they often entirely interrupt your ability to view the content, as opposed to on many desktop websites where you can (kind of) ignore the pop-up banner that appears at the bottom or the top of the page.

Cookie dialogs have become prevalent across the web as a result of Europe’s GDPR, but many people find them overly intrusive. Today, it takes an extra click to dismiss these prompts, which slows down web browsing – especially for those times you’re on the hunt for a particular piece of information and are visiting several websites in rapid succession.

The cookie blocking feature was first launched in November on Opera’s flagship app for Android, but hadn’t yet made its way to iOS – through any browser app, that is, not just one from Opera. The company says it uses a mix of CSS and JavaScript heuristics in order to block the prompts.

At the time of the launch, Opera noted it had tested the feature with some 15,000 sites.

It’s important to note that the default setting for the cookie blocker on Opera Touch will allow the websites to set cookies.

Here’s how it works. When you enable the feature, it will hide the dialog boxes from appearing, allowing you to read a website without having to first close the prompt. However, when you turn on the Cookie Blocker option, another setting is also switched on: one that says “automatically accept cookie dialogs.”

That means, in practice, when you’re enabling the Cookie Blocker, you’re also enabling cookie acceptance if you don’t take further action.

But Opera says you can disable this checkbox, if you don’t want your browser to give websites your acceptance.

In addition to the new cookie blocking, the browser has a number of other options that make it an interesting alternative to Safari on iOS or Google Chrome.

For example, if offers built-in ad blocking, cryptocurrency mining protection (which prevents malicious sites from using your device’s resources to mine for cryptocurrencies), a way to send web content to your PC through Opera’s “Flow” technology, and – most importantly – a design focused on using the app with just one hand.

Since the app’s launch in April, the company has rolled out 23 new features in total. This include a new dark theme, as well as the addition of a private mode, plus search engine choice which offers 11 options, including Qwant and DuckDuckGo, and other features.

The app is a free download on iOS.

Massive mortgage and loan data leak gets worse as original documents also exposed

in Amazon-S3/cloud storage/computer security/data breach/data security/database/Delhi/email/Finance/Government/India/New York/ocr/Politics/Prevention/privacy/Security/texas/United States/web browser by

Remember that massive data leak of mortgage and loan data we reported on Wednesday?

In case you missed it, millions of documents were found leaking after an exposed Elasticsearch server was found without a password. The data contained highly sensitive financial data on tens of thousands of individuals who took out loans or mortgages over the past decade with U.S. financial institutions. The documents were converted using a technology called OCR from their original paper documents to a computer readable format and stored in the database, but they weren’t easy to read. That said, it was possible to discern names, addresses, birth dates, Social Security numbers and other private financial data by anyone who knew where to find the server.

Independent security researcher Bob Diachenko and TechCrunch traced the source of the leaking database to a Texas-based data and analytics company, Ascension. When reached, the company said that one of its vendors, OpticsML, a New York-based document management startup, had mishandled the data and was to blame for the data leak.

It turns out that data was exposed again — but this time, it was the original documents.

Diachenko found the second trove of data in a separate exposed Amazon S3 storage server, which too was not protected with a password. Anyone who went to an easy-to-guess web address in their web browser could have accessed the storage server and see — and download — the files stored inside.

In a note to TechCrunch, Diachenko said he was “very surprised” to find the server in the first place, let alone open and accessible. Because Amazon storage servers are private by default and aren’t accessible to the web, someone would have made a conscious decision to set its permissions to public.

The bucket contained 21 files containing 23,000 pages of PDF documents stitched together — or about 1.3 gigabytes in size. Diachenko said that portions of the data in the exposed Elasticsearch database on Wednesday matched data found in the Amazon S3 bucket, confirming that some or all of the data is the same as what was previously discovered. Like in Wednesday’s report, the server contained documents from banks and financial institutions across the U.S., including loans and mortgage agreements. We also found documents from U.S. Department of Housing and Urban Development, as well as W-2 tax forms, loan repayment schedules, and other sensitive financial information.

Two of the files — redacted — found on the exposed storage server. (Image: TechCrunch)

Many of the files also contained names, addresses, phone numbers, and Social Security numbers, and more.

When we tried to reach OpticsML on Wednesday, its website had been pulled offline and the listed phone number was disconnected. After scouring through old cached version of the site, we found an email address.

TechCrunch emailed chief executive Sean Lanning, and the bucket was secured within the hour.

Lanning acknowledged our email but did not comment. Instead, OpticsML chief technology officer John Brozena confirmed the breach in a separate email, but declined to answer several questions about the exposed data — including how long the bucket was open and why it was set to public.

“We are working with the appropriate authorities and a forensic team to analyze the full extent of the situation regarding the exposed Elasticsearch server,” said Brozena. “As part of this investigation we learned that 21 documents used for testing were made identifiable by the previously discussed Elasticsearch leak. These documents were taken offline promptly.”

He added that OpticsML is “working to notify all affected parties” when asked about informing customers and state regulators, as per state data breach notification laws.

But Diachenko said there was no telling how many times the bucket might have been accessed before it was discovered.

“I would assume that after such publicity like these guys had, first thing you would do is to check if your cloud storage is down or, at least, password-protected,” he said.

How to browse the web securely and privately

in 2018 Year in Review/ad networks/browser extension/Cybersecurity 101/Delhi/dns/firewall/http/India/Internet/Internet traffic/online advertising/Politics/privacy/Security/vpn/web browser/web traffic by

So you want to browse the web securely and privately? Here’s a hard truth: it’s almost impossible.

It’s not just your internet provider that knows which sites you visit, it’s also the government — and other governments! And when it’s not them, it’s social media sites, ad networks or apps tracking you across the web to serve you specific and targeted ads. Your web browsing history can be highly personal. It can reveal your health concerns, your political beliefs and even your porn habits — you name it. Why should anyone other than you know those things?

Any time you visit a website, you leave a trail of data behind you. You can’t stop it all — that’s just how the internet works. But there are plenty of things that you can do to reduce your footprint.

Here are a few tips to cover most of your bases.

A VPN can help hide your identity, but doesn’t make you anonymous

You might have heard that a VPN — or a virtual private network — might keep your internet traffic safe from snoopers. Well, not really.

A VPN lets you create a dedicated tunnel that all of your internet traffic flows through — usually a VPN server — allowing you to hide your internet traffic from your internet provider. That’s good if you’re in a country where censorship or surveillance is rife or trying to avoid location-based blocking. But otherwise, you’re just sending all of your internet traffic to a VPN provider instead. Essentially, you have to choose who you trust more: your VPN provider or your internet provider. The problem is, most free VPN providers make their money by selling your data or serving you ads — and some are just downright shady. Even if you use a premium VPN provider for privacy, they can connect your payment information to your internet traffic, and many VPN providers don’t even bother to encrypt your data.

Some VPN providers are better than others: tried, tested — and trusted — by security professionals.

Services like WireGuard are highly recommended, and are available on a variety of devices and systems — including iPhones and iPads. We recently profiled the Guardian Mobile Firewall, a smart firewall-type app for your iPhone that securely tunnels your data anonymously so that even its creators don’t know who you are. The app also prevents apps on your phone from tracking you and accessing your data, like your contacts or your geolocation.

As TechCrunch’s Romain Dillet explains, the best VPN providers are the ones that you control yourself. You can create your own Algo VPN server in just a few minutes. Algo is created by Trial of Bits, a highly trusted and respected security company in New York. The source code is available on GitHub, making it far more difficult to covertly insert backdoors into the code.

With your own Algo VPN setup, you control the connection, the server, and your data.

You’ll need a secure DNS

What does it mean that “your internet provider knows what sites you visit,” anyway?

Behind the scenes on the internet, DNS — or Domain Name System — converts web addresses into computer-readable IP addresses. Most devices automatically use the resolver that’s set by the network you’re connected to — usually your internet provider. That means your internet provider knows what websites you’re visiting. And recently, Congress passed a law allowing your internet provider to sell your browsing history to advertisers.

You need a secure and private DNS provider. Many use publicly available services — like OpenDNS or Google’s Public DNS. They’re easy to set up — usually on your computer or device, or on your home router.

One recommended offering is Cloudflare’s secure DNS, which it calls 1.1.1.1. Cloudflare encrypts your traffic, won’t use your data to serve ads, and doesn’t store your IP address for any longer than 24 hours. You can get started here, and you can even download Cloudflare’s 1.1.1.1 app from Apple’s App Store and Google Play.

HTTPS is your friend

One of the best things for personal internet security is HTTPS.

HTTPS secures your connection from your phone or your computer all the way to the site you’re visiting. Most major websites are HTTPS-enabled, and appear as such with a green padlock in the address bar. HTTPS makes it almost impossible for someone to spy on your internet traffic intercept and steal your data in transit.

Every time your browser lights up in green or flashes a padlock, HTTPS encrypts the connection between your computer and the website. Even when you’re on a public Wi-Fi network, an HTTPS-enabled website will protect you from snoopers on the same network.

Every day, the web becomes more secure, but there’s a way to go. Some websites are HTTPS ready but don’t have it enabled by default. That means you’re loading an unencrypted HTTP page when you could be accessing a fully HTTPS page.

That’s where one browser extension, HTTPS Everywhere, comes into play. This extension automatically forces websites to load HTTPS by default. It’s a lightweight, handy tool that you’ll forget is even there.

Reconsider your web plug-ins

Remember Flash? How about Java? You probably haven’t seen much of them recently, because the web has evolved to render them obsolete. Both Flash and Java, two once-popular web plug-ins, let you view interactive content in your web browser. But nowadays, most of that has been replaced by HTML5, a technology native to your web browser.

Flash and Java were long derided for their perpetual state of insecurity. They were full of bugs and vulnerabilities that plagued the internet for years — so much so that web browsers started to pull the plug on Java back in 2015, with Flash set to sunset in 2020. Good riddance!

If you don’t use them — and most people don’t anymore — you should remove them. Just having them installed can put you at risk of attack. It takes just a minute to uninstall Flash on Windows and Mac, and to uninstall Java on Windows and Mac.

Most browsers — like Firefox and Chrome — let you run other add-ons or extensions to improve your web experience. Like apps on your phone, they often require certain access to your browser, your data or even your computer. Although browser extensions are usually vetted and checked to prevent malicious use, sometimes bad extensions slip through the net. Sometimes, extensions that were once fine are automatically updated to contain malicious code or secretly mine cryptocurrency in the background.

There’s no simple rule to what’s a good extension and what isn’t. Use your judgment. Make sure each extension you install doesn’t ask for more access than you think it needs. And make sure you uninstall or remove any extension that you no longer use.

These plug-ins and extensions can protect you

There are some extensions that are worth their weight in gold. You should consider:

  • An ad-blocker: Ad-blockers are great for blocking ads — as the name suggests — but also the privacy invasive code that can track you across sites. uBlock is a popular, open source efficient blocker that doesn’t consume as much memory as AdBlock and others. Many ad-blockers now permit “acceptable ads” that allow publishers to still make money but aren’t memory hogs or intrusive — like the ones that take over your screen. Ad-blockers also make websites load much faster.
  • A cross-site tracker blocker: Privacy Badger is a great tool that blocks tiny “pixel”-sized trackers that are hidden on web pages but track you from site to site, learning more about you to serve you ads. To advertisers and trackers, it’s as if you vanish. Ghostery is another example of an advanced-level anti-tracker that aims to protect the user by default from hidden trackers.

And you could also consider switching to more privacy-minded search engines, like DuckDuckGo, a popular search engine that promises to never store your personal information and doesn’t track you to serve ads.

Use Tor if you want a better shot at anonymity

But if you’re on the quest for anonymity, you’ll want Tor.

Tor, known as the anonymity network is a protocol that bounces your internet traffic through a series of random relay servers dotted across the world that scrambles your data and covers your tracks. You can configure it on most devices and routers. Most people who use Tor will simply use the Tor Browser, a preconfigured and locked-down version of Firefox that’s good to go from the start — whether it’s a regular website, or an .onion site — a special top-level domain used exclusively for websites accessible only over Tor.

Tor makes it near-impossible for anyone to snoop on your web traffic, know which site you’re visiting, or that you are the person accessing the site. Activists and journalists often use Tor to circumvent censorship and surveillance.

But Tor isn’t a silver bullet. Although the browser is the most common way to access Tor, it also — somewhat ironically — exposes users to the greatest risk. Although the Tor protocol is largely secure, most of the bugs and issues will be in the browser. The FBI has been known to use hacking tools to exploit vulnerabilities in the browser in an effort to unmask criminals who use Tor. That puts the many ordinary, privacy-minded people who use Tor at risk, too.

It’s important to keep the Tor browser up to date and to adhere to its warnings. The Tor Project, which maintains the technology, has a list of suggestions — including changing your browsing behavior — to ensure you’re as protected as you can be. That includes not using web plug-ins, not downloading documents and files through Tor, and keeping an eye out for in-app warnings that advise you on the best action.

Just don’t expect Tor to be fast. It’s not good for streaming video or accessing bandwidth-hungry sites. For that, a VPN would probably be better.

More guides:

Go to Top