This week, there was some important internet news I wanted to share. Some of this is old, but important regardless.
Table of Contents
Internet
In Internet News …
An Exploit Was Found via Google Docs.
In late April, a phishing scheme to used Google’s OAuth authentication system was discovered. As Reddit user JakeSteam showed, the scheme was hatched via Gmail.
Here’s how the scheme worked:
Unsuspecting users were sent links to share Google Docs.
If the users followed the links, they would be brought to a page asking to click a button to give Google Docs authentication privileges.
If that button was clicked, the person would then give the hacker(s) account access.
Google was made aware of the problem and quickly responded. Yet, as Mark Coppock stressed, there is still more work for Google to do to fully solve the problem and address the vulnerability.
In the meantime, for those who use Google Docs: Be careful when you receive emails. Only click on links from people you trust and be weary of pages asking for you to grant access to your accounts. Also review the apps connected to your account and remove some that look suspicious.
A Ransomware Attack Hit 150 Countries over the Weekend.
On Friday, May 12, at least 74 countries were hit by a ransomware. By then, over 57,000 computers were affected across the globe. By Sunday, May 14, 2017, the “WannaCry” ransomware had affected at least 200,000 computers in over 150 countries.
The ransomware was believed to be stolen from the United States’ National Security Agency. It released to the public by a group called “Shadow Brokers” in April. The “cyber gang” has been linked to Russia.
The malware might have been spread when people clicked on emails with fake invoices and job advertisements. However, the cause is still unclear.
At 8:26 pm London time, Cyberint, in collaboration with the Romanian Intelligence Service, said it was able to intercept an attack believed to be from APT28, which is also known as Fancy Bear.
Despite this information, no one has been positively identified as the progenitor of the attack.
What the Malware Does
The malware has been called “Wanna-Cry,” “WanaCypt0r,” or “Wanna Decryptor,” by cyber-security experts. The malware works by exploiting a shared vulnerability in Windows operating systems. It can move from computer to computer undetected and without a person clicking on a link.
When a computer is infected, users are blocked from accessing their files. They then receive a message to pay a ransom to Bitcoin* worth $300 in order to unencrypt their files within 3 days. If the ransom is not paid within 3 days, affected users will have four more days to pay a doubled ransom lest their lose access to their files forever.
Here is a screenshot of the message shown on affected computers:
Some people had begun to pay the ransom. But Crowdstrike’s Adam Meyers warned against it. He said payments only serve to embolden criminals using ransomware.
There is now guarantee the hackers will honor that ransom. With a similar ransomware that has been the bane of users and U.S. intelligence, including the FBI and CIA, users were given access to their files if they paid the fee of $300 within three days. This is a new strain, partly a copycat of the older scheme.
Regardless, a tweet from @actual_ransom said there were 3 accounts connected to the account that received 92 Bitcoin payments for a total of $26,407.85.
Jamie Bartlett from The Telegraph said ransomware can be purchased via the dark net for as little as $39. Scammers are able to make millions of dollars via the practice.
* One Bitcoin is worth £1,381 and $300 is roughly £233.
The Actual Damage
The countries hit include England, Russia, Spain, Portugal, and Taiwan.
The attack was first reported from the United Kingdom around 4:24 pm London Time. In particular, England’s hospital system was hit. They had to turn away patients and inform them to only make calls in case of emergency.
At some hospitals, doctors and nurses had to resort to filling out forms by hand. Pharmacists had to write the names of the medications and dosage by hand.
Amber Rudd, Britain’s Interior Minister, chaired the U.K. government’s response team. She said 48 of 248 health service organizations (including 20 British hospitals) were affected but 97% of the medical service institutions and doctors were back and work as usual. Only six organizations were still limited.
Peter Warren, with the Cyber Security Research Institute said the U.K.’s National Health Service neglected cyber security for years. The U.K.’s National Cyber Security Center* warned about ransomware scams weeks ago, called them one of the cyber-attack threats out there.
Russia appears to be one of the hardest hit. The Interior Ministry, Investigative Committee, telecommunications company Megafon, and police computers were targeted in the attack.
- The cyber-attack hit businesses, including”
- FedEx
- Germany’s Deutsche Bahn railways.
- Telefonica, Spain’s leading telecommunications company.
- Nissan
* The National Cyber Security Centre is a branch of the GCHQ electronic spy agency in London. The NCSC said it was working with the NCA (Britain’s answer to the FBI) to help the NHS.
Containing the Threat
On Saturday, an Internet user known as MalwareTech $10.69 to buy a previously unregistered domain; that domain was consistently pinged in connection to the attack. His effort may have saved 100,000 computers in 104 countries. (This was confirmed by the NCSC.)
In a blog post, MalwareTech explains how he and others were able to contain the threat of the WannaCrypt0r2.0 threat in layman’s terms. In short, buying up the domain the ransomware pinged to helped to stop the spread. MalwareTech’s domain purchase gave him access to the metadata of the affected computers.
I will not post the link in case the domain for this website changes hands or is abandoned. But here are some links to show the scope of the damage and the technical side of things:
- http://blog.talosintelligence.com/2017/05/wannacry.html
- https://intel.malwaretech.com/WannaCrypt.html
However, many more computers were still in danger, especially in business networks that used proxies. Didier Stevens, a Belgian security researcher and handler at the Internet Storm Center. He said proxy servers might still be affected by the cyber-attack. He also said there are newer versions of the ransomware that might be unaffected by the domain fix. People using proxies might need to check their antivirus and make sure it is up-to-date.
Protecting Your Files
The first thing people can do is take advantage of software updates for their operating systems. Microsoft released a security patch for its software on Mar. 14. It has also released a patch for computers using Windows XP and other operating systems it had since stopped updating. However, many computers have not been updated since that patch was released.
Also, Since ransomware affects computer files, including documents and photos, the best thing people can do is regularly back up their files on a separate hard drive that is not connected to any network. People might not be able to recover everything, but most of their files will be kept intact if they save the latest backup. Companies often use external servers for their backups.
Additionally, be careful with emails, websites, and apps. Ransomware is usually downloaded via email phishing scams, malicious ads on websites, and apps and programs. Don’t use an app unless it’s been verified from a trusted store and don’t use programs without reading reviews.
The Telegraph’s full guide: http://www.telegraph.co.uk/technology/0/protect-ransomware/
Here’s Some Facebook News.
These items are a bit old, but they highlight ongoing problems on the social media network.
Facebook Video Murder Suspect Shot Himself in Philadelphia.
On Tuesday, April 18, Steve Stephens, the man who killed a Cleveland man on Easter Sunday, reportedly shot himself in Pennsylvania after being confronted by police.
Stephens shot Robert Godwin Sr., 74 a retired foundry worker who was spending Easter Sunday with his family, on a Cleveland sidewalk before getting a way in a car. Shortly after shooting Godwin, Stephens uploaded the video to Facebook. The video was up for two hours before it was reported.
(In a short time after 4Chan users saw the image of Stevens, they were able to find his information and determine his last location. Some users gave this information to the authorities, yet the police could not immediately find Stephens.)
The incident raises more questions about Facebook’s moderating policies on videos and the potential for abuse on that platform. As you may remember, a teenager with developmental problems was kidnapped and tortured by four kids who showed their acts on Facebook Live.
Numerous Groups Are Hit by Facebook Censorship.
On Monday, May 8, two Facebook groups, Ex-Muslims of North America and Atheist Republic, were shut down in a violation of Facebook’s community guidelines. The groups have 24,000 and 1.6 million followers, respectively.
According to Muhammad Syed, the president of Ex-Muslims of North America, his group and Atheist Republic were shut down due to false flags. After he took to Twitter and the takedown was appealed, the groups were restored a day later.
Ex-Muslims of North America and Atheist Republic’s stated purposes include the promotion of secularism. The former also has the mission of assisting apostates, or those who left the religion of Islam and face persecution where they live.
In an open letter, Syed talked about the recent shutdowns and added some suggestions. He talked about how Atheist Republic was shut down at least 4 times in the last two years and included a list of other FB groups shut down due to a concerted effort by those who despised the groups. Syed asked that these be whitelisted in the future in order to curb the false flags.
Other atheist groups shut down by Facebook in the course of a month (via Heat Street):
- A Science Enthusiast (750,000 members)
- Arab Atheist Network (23,500 members)
- Arab Atheist Forum and Network (9,200 members)
- Radical Atheists without Borders (23,500 members)
- Arab Atheist Syndicate (11,000 members)
- Arab Atheist Syndicate, backup (5,000 members)
- Humanitarian Non-Religious (32,000 members)
- Human Atheists (11,000 members)
- Arab Atheists Forum and Network (6,400 members)
- Mind and Discussion (6,500 members)
Facebook has been accused of censorship, particularly based on political reasons. Just last year, there was a controversy over the proposed plan to remove Donald Trump’s comments about banning Muslims. And before that, former employees alleged that links with conservative opinions were removed from the trending section.
Heres Is a DaddyOFive Update.
In early May, Mike and Heather Martin lost custody of Cody and Emma. Rose Hall, the mother of those two children who lives in North Carolina, was granted emergency custody.
Hall made an announcement in a video, where she sat with her lawyer, Tim Conlon:
“Emma and Cody are with me, I have emergency custody – they’re doing good. They’re getting back to their playful selves.”
Here’s a link to the video: https://www.youtube.com/watch?v=8Qp6u8G8Vf8
Would You Like to Contribute?
Would you like to share a short opinion about news items? Here are the parameters:
We will treat this like a commentary section in a newspaper. You can add your thoughts to any relevant news topic. I would prefer you do your best to keep your word count to 300-500, but exceptions can be made if you need a little more space. Also let me know if you would only like me to include a snippet of a much larger post.
If your comment is approved, I might only edit it for spelling and grammar. I might also add subheadings for SEO purposes. Once that’s done, I will put your comment near the end of the News Roundup post and credit it to you.
If you are interested, please go to my new Contact Me page and leave a message. I will get back to you via email and we can discuss the details.
By the Way …
I can be found on Facebook and Twitter if you want to follow me there.
- Twitter Handle: @TheOtherShmaltz
- Facebook: https://www.facebook.com/ShmaltzandMenudo/
(Likes for my Facebook page are very much appreciated. If you have a Facebook page, please let me know.)
Shmaltz and Menudo 