A Latvian cybercriminal who helped in the creation of malware that infected over one million machines globally and resulted in tens of millions of dollars in losses, has pleaded guilty to conspiring to commit computer intrusion.
Six individuals have been arrested by British law enforcement as part of an operation targeting those who have used the Lizard Squad's LizardStresser distributed denial-of-service (DDoS) tool.
According to the U.K. National Crime Agency (NCA), six males aged between 15 and 18 are suspected of using LizardStresser to launch attacks on a national newspaper, a school, gaming companies, and several online retailers. The teens are said to have used Bitcoin and other alternative payment methods to rent the service without exposing their true identity.
The six suspects targeted in the law enforcement initiative dubbed "Operation Vivarium" are based in Manchester, Stockport, Northampton, Milton Keynes, and Huddersfield. Investigators seized computer equipment from one of the alleged LizardStresser users. The suspects have been released on bail.
The NCA noted that two other suspects from Cardiff and Northolt were arrested earlier this year. The agency says officers are visiting roughly 50 addresses linked to individuals believed to have registered on the LizardStresser website, but without actually carrying out any attacks.
"By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services," said Tony Adams, Head of Investigations at the NCA's National Cyber Crime Unit. "This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses."
"One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers," Adams added.
The notorious Lizard Squad collective started advertising LizardStresser in late 2014, when the service was used to disrupt Microsoft's Xbox Live and Sony's PlayStation Network.
It's not surprising that people who used the service -- and even those who simply registered on the LizardStresser website -- are targeted by police. The service was hacked in January and the details of more than 14,000 users were leaked.
Last month, a 17-year-old Finnish teenager named Julius Kivimäki, suspected of being a member of the Lizard Squad, got a two-year suspended prison sentence. However, Kivimaki was convicted for computer crimes carried out in 2012 and 2013, not activities involving Lizard Squad.
LizardStresser currently appears to be offline, and all tweets except one have been deleted from the Lizard Squad's main Twitter account.
The German weekly Die Zeit disclosed documents that reveal how the German Intelligence did a deal with the NSA to get the access to the surveillance platform XKeyscore.
Internal documents show that Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), received the software program XKeyscore from the NSA in return of data from Germany.
Back in 2o11, the NSA demonstrated the capabilities of the XKeyscore platform of the BfV agency. After two years of negotiation, the BfV signed an agreement to receive the NSA spyware software and install it for analyzing metadata collected on German citizens.
In return, the German Agency promised to share metadata collected.
The NSA tool collects 'nearly everything a user does on the internet', XKeyscore gives 'widest-reaching' collection of online data analyzing the content of emails, social media, and browsing history.
In 2013, documents leaked by Edward Snowden explained that a tool named DNI Presenter allows the NSA to read the content of stored emails and it also enables the intelligence analysts to track the user's activities on Facebook through a system dubbed XKeyscore.
According to Die Zeit, the document "Terms of Reference" stated: "The BfV will: To the maximum extent possible share all data relevant to NSA's mission".
The BfV didn't provide the details of the agreement to Germany's data protection commissioner, nor it informed the Parliamentary Control Panel.
The report highlights that Bundesnachrichtendienst BfV is not allowed to set up a mass surveillance activity, differently from the BND, instead it can spy suspect individuals.
The agreement with the NSA doesn't allow BfV to spy on American suspect individuals.
"The term US persons includes US citizens, an alien lawfully admitted for permanent residence in the US, groups and associations a substantial number of the members of which are US citizens, or corporations incorporated in the US," reads the Terms of Reference.
Die Zeit sustains that the agreement "proves what exactly German intelligence agencies give to the NSA in exchange for technical support. We believe it potentially violates the fundamental rights of German citizens, and that the danger of such violations remains clear and present."
The collaboration between the German Intelligence and the NSA is not new, in April, it was reported that the BND agency had helped the NSA spy on the European Commission and French government with the support of the Deutsche Telekom.
It is important to remark that the access granted to the BfV is a lower level of access compared to the one assigned to the Intelligence agencies belonging to the "Five Eyes" alliance.
Russian lawyers have filed a complaint calling for restricting the sale of Windows 10 in Russia, the action urges because the newborn OS spy on users violating Russian laws.
Starting July 29, and for the next 12 months, the new Windows 10 operating system can be installed for free on computers running previous versions of Windows OS, it has been estimated that more than 14 million users installed it within the first 24 hours of the release.
Moscow lawyers report Windows 10 data privacy risks to the Prosecutor General, the new Windows OS collects user location, credentials, browsing history.
The lawyers affirm that the uploading of the information to Microsoft's cloud, debated by many experts and privacy advocates, violates current Russian privacy legislation.
Of course, there are also groups of experts that defend Microsoft and its technology. The Russian Association for Electronic Communications sustains that it is possible to avoid Windows 10 collecting user data by applying the necessary settings, in other words it doesn't violate any privacy law.
Vadim Solovyov, a Communist Party deputy called for the Prosecutor General's Office to review Microsoft's technology due to the accusations of espionage on its users.
Solovyov sustains that Windows OSs are the primary choice for many Russian government agencies, for this reason it is important to assess the Microsoft technology and information circulating on the Windows 10 OS demonstrates that it could represent a threat to homeland security. The adoption of Windows 10 in government agencies could result in the leakage of classified information.
A spokesman for Microsoft denied the allegations to RIA Novosti.
"The new operating system offers users the choice of how they want it to handle their data and users can change the settings at any point," a Microsoft spokesman said a Microsoft spokesman to the news agency.
The White House rejected a call Tuesday to pardon Edward Snowden, saying the former intelligence contractor should "be judged by a jury of his peers" for leaking US government secrets.
The US administration re-iterated its tough stance against the exiled fugitive, whom supporters regard as a whistleblower, in response to a petition on the White House website signed by more than 167,000 people.
Lisa Monaco, an advisor on homeland security and counterterrorism, said Snowden's "dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it."
She said that Snowden, who has been granted asylum in Russia after he leaked documents on vast US surveillance programs to journalists, is "running away from the consequences of his actions."
"If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions," she wrote.
"He should come home to the United States, and be judged by a jury of his peers -- not hide behind the cover of an authoritarian regime."
The US administration has branded Snowden a hacker and a traitor who endangered lives by revealing the extent of the National Security Agency spying program.
But his revelation that the NSA siphons vast quantities of telephone data from private US citizens struck a cord and Congress has begun to amend once secret laws.
Snowden has been nominated for the Nobel Peace Prize for the second year in a row and has received a string of international awards for free speech and civil liberties.
The petition took up this call.
"Edward Snowden is a national hero and should be immediately issued a a full, free, and absolute pardon for any crimes he has committed or may have committed related to blowing the whistle on secret NSA surveillance programs," it said.
Earlier this year, Congress passed a law which requires the NSA to end bulk data collection. The administration said Monday the NSA will stop a
In spite of self-congratulatory pats on the back from several corners of the security world, this week's decision from the Commerce Department's Bureau of Industry and Security (BIS) to rewrite the proposed U.S. implementation of the Wassenaar Arrangement rules was an expected outcome—albeit an unusual one.
A 60-day comment period ended on July 20 and an outpouring of opposition from more than 300 technology companies and individual researchers against the first round of rules helped sway BIS. The rules, most argued, were too broad, sweeping up legitimate technologies such as penetration testing software, as well as encompassing white-hat research that involves the development of proof of concept exploits for new vulnerabilities.
The intent of the rules is to prevent not only the sale, but also support of, so-called intrusion software developed by companies such as Gamma International (FinFisher) or Hacking Team (Remote Control System). Intrusion software is used by law enforcement agencies and government agencies, including those in sanctioned nations, to monitor the activities of citizens, not only introducing computer security and privacy concerns, but also human rights issues as the personal safety of some individuals could be put at risk through the use of these tools. Some experts said that vague language in the rules' first draft demonstrated a lack of understanding of computer security, in particular of how terms such as zero-day apply in this context.
Collin Anderson, a security researcher in the Washington, D.C., area who has studied Wassenaar and export controls, was among those who expected BIS to come out with a second proposal and another comment period, calling the first round an "information-seeking process." He points out that in the history of BIS and the implementation of Wassenaar rules there generally isn't a proposed rule or a comment process, and that this was a much more engaged process between the affected parties than the norm.
"I think [BIS] understood and was reflective of the process and comments made that they understood at a certain point they didn't have the information they needed," Anderson said. "They understood they had hit a limit in their ability to understand the impact to the security industry."
The new rules proposal could show up anywhere in the next couple of months through the next scheduled Wassenaar Plenary in December. Until then experts urge the security community to continue to work with BIS in refining critical issues and avoiding some of the landmines that plagued the first round.
"So this is a minor win, but only a first step. The real hard work comes now," said Nate Cardozo, staff attorney for the Electronic Frontier Foundation (EFF). Cardozo said EFF has been engaging with the Commerce Department since May 20 when the first draft was published.
"What we're hoping for is a rethink on how export controls on software can work in a way that protects human rights, which this rule would not have accomplished," Cardozo said, in addition to protecting security research, academics and innovators. "We have some thoughts on how this export control regime might look different: We want to define the end uses and end users you want to control sales and support to."
Cardozo applauds the security industry's outreach to BIS in an attempt to educate them and lobby for rules that balance goals on both ends of the spectrum. He too saw a knowledge gap for BIS and that its focus on zero-day development is not in line with how the intrusion software they're trying to control works.
"[BIS] pretty clearly didn't understand the actual market for the type of software they're trying to get at. There's this whole focus in the proposed rule on zero days, but HackingTeam and FinFisher have a couple of zero days but that's not what they rely on," Cardozo said. "The sorts of software they're worried about relies on old exploits and social engineering. This focus on zero day out of BIS was weird and frankly came from NSA which is focused on zero day."
Moving forward, experts in the U.S. figure to be involved in crafting the next draft of the rules.
"I'm hopeful and looking forward to being part of the solution of helping with the noble goal of protecting human rights, while not hindering defense," said Katie Moussouris, chief policy officer at HackerOne. "The rule as it was written would have harmed internet defense far more than offense could have done alone.
"From a big picture standpoint, the technical security community needs to provide constructive feedback to help point out where these regulations and laws have strayed so far from their intent that they do more harm than good. A little empathy will go a long way to keep the communication lines open."