Category Archives: News

Tor alternative Vuvuzela removes weak link in private messaging platform

Image: iStock

Beginning in 2013, pundits started hinting that Tor is not anonymous. The now famous “Tor Stinks” NSA presentation released by Edward Snowden dissuaded some, but others read the fine print: “With manual analysis we can de-anonymize a very small fraction of Tor users.”

Image: The Tor project

Another hint surfaced more recently in Tor: the last bastion of online anonymity, but is it still secure after Silk Road?, a commentary written by Steve Murdoch, research fellow at University College London, for The Conversation in February 2015. “The Silk Road trial has concluded, with Ross Ulbricht found guilty of running the anonymous online marketplace for illegal goods,” writes Murdoch. “But questions remain over how the FBI found its way through Tor, the software that allows anonymous, untraceable use of the web, to gather the evidence against him.”

Researchers at MIT are also concerned about Tor (also known as The Onion Router). “Tor operates under the assumption that there’s not a global adversary paying attention to every single link in the world,” Nickolai Zeldovich, an associate professor of computer science and engineering at MIT explains to Larry Hardesty in this December 2015 MIT press release. “Maybe these days this is not a good assumption. Tor also assumes no single bad guy controls a large number of nodes in their system. We’re now thinking, maybe there are people who can compromise half of your servers.”

With the Tor network under suspicion, what’s left for those who want to communicate privately?

Vuvuzela: Statistically untraceable communication

Meet Vuvuzela, and, no, I do not mean the noisemaker made famous by soccer fans at the 2010 World Cup in South Africa. The MIT team of Jelle van den Hooff, David Lazar, Matei Zaharia, and leader Nickolai Zeldovich discuss Vuvuzela, their “statistically guaranteed untraceable” text-messaging system in the paper Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis (PDF).

There are other private messaging services; however, Vuvuzela is the first system offering message privacy and metadata privacy at scale. From the team’s research paper: “Vuvuzela’s key insight is to minimize the number of variables observable by an attacker, and to use differential privacy techniques to add noise to all observable variables in a way that provably hides information about which users are communicating.”

Put simply, Vuvuzela is considered a “dead-drop” system. Hardesty explains. “One user leaves a message for another at a predefined location — in this case, a memory address on an Internet-connected server — and the other user retrieves it. But it adds several layers of obfuscation to cover the users’ trails.”

Besides privacy, the Vuvuzela platform offers:

  • linear scalability;
  • differential privacy for millions of messages per user for one million users;
  • 37-second end-to-end message latency on commercial servers; and
  • 60,000 messages per second throughput.

An example

Using an example, team member David Lazar explains how Vuvuzela prevents attackers from stealing message data and metadata with the help of Alice, Bob, and Charlie.

vuvuzela1.png

vuvuzela1.png

Image courtesy of MIT, Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich

Alice and Bob are messaging, but Charlie is not. This means an attacker would know who of the three are texting. Lazar explains how Vuvuzela combats that. “The system’s first requirement is that all client applications send regular messages to the server,” writes Lazar. “The client app will automatically send bogus messages when the user has nothing to say.”

Next issue: “If Charlie’s message is routed to one address, but both Alice’s and Bob’s messages are routed to another, the adversary knows who’s been talking.”

Individual messages, to prevent user identification, are encrypted by each of the Vuvuzela servers, creating a three-layer deep encryption scheme. Besides encrypting, the message routing through the three servers is randomized to where only one of the three servers knows where any given message is located. According to Lazar, “Even if it’s been infiltrated, and even if adversaries observed the order in which the messages arrived at the first server, they can’t tell whose message ended up where.”

At this point, the only thing attackers do know, Lazar mentions, is that two users (Alice and Bob) — whose messages reach the first server within some window of time — have been communicating. “The attackers can see how many dead drops have two messages and how many have one message,” adds Lazar. “The attackers then use this metadata to figure out who is talking to who.”

Vuvuzela makes it difficult to exploit this metadata by obfuscating it with noise. “When the first server passes on the messages it’s received, it also manufactures a slew of dummy messages, with their encrypted destinations,” explains Hardesty. “The second server does the same. So statistically, it’s almost impossible for the adversary to determine whether any of the messages arriving within the same time window ended up at the same destination.”

Differential privacy

Differential privacy is the main reason why researchers can offer statistical guarantees with the Vuvuzela messaging platform. The authors write, “Vuvuzela’s privacy guarantees are expressed in terms of differential privacy, which can be thought of as plausible deniability.”

Differential privacy is a hot topic right now. Data analysts and privacy pundits are trying to sort out how to ensure that anonymized data is just that — anonymized. Differential privacy provides a way to maximize query accuracy while at the same time minimizing the ability to identify the data. Interesting, however, it is not why Vuvuzela incorporates differential privacy.

“The mechanism that [the MIT researchers] use for hiding communication patterns is a very insightful and interesting application of differential privacy,” Michael Walfish, an associate professor of computer science at New York University, explains to Hardesty. “The observation that you could use differential privacy to solve their problem, and the way they use it, is the coolest thing about the work.”

Not 100% guaranteed — yet

The researchers have a way to go yet. “The result is a system that is not ready for deployment tomorrow, but still, within this category of Tor-inspired academic systems, has the best results so far,” adds Professor Walfish. “It has major limitations, but it’s exciting, and it opens the door to something potentially derived from it in the not-too-distant future.”

Also see

Ransom32 – look at the malicious package

Ransom32 is a new ransomware implemented in a very atypical style. Emisoft provides a good description of its functionality here. In our post, we will focus on some implementation details of the malicious package.

Analyzed sample:  09f21eefaf8f52496d4e8b06920fe6fa

Overview

Ransom32 is delivered as an executable, that is in reality a autoextracting WinRAR archive. By default it is distributed as a file with .scr extension:
ransom32_scr

The WinRAR script is used to drop files in the specified place and autorun the unpacked content.

winrar_ransom

  • Setup=chrome i  – Setup value specifies the executable that is going to be run after file extraction. In this case it is chrome.exe
  • TempMode means files are going to be dropped in the %TEMP% folder
  • Silent=1 means installation will be done without additional pop-ups about the progress

Installation directory created in %TEMP%:

temp_content

The unpacked content consist of following files:
ransom32_content

chrome.exe spoofs Google’s browser, but in reality it is an element responsible for preparing and running the Node JS application (that is the main part of the ransomware).

After the chrome.exe is run from the %TEMP% folder, it installs the above files into %APPDATA% -in folder Chrome Browser:

installed

Files stored in the folder Chrome Browser are just the environment to run the real malware.

Although the package as a whole is eclectic and contains various files belonging to various technologies, the core responsible for malicious actions consists of JavaScript files (NodeJS package). They are unpacked again into %TEMP% – in a new folder (its name follows the pattern: nw[number]_[number]). Let’s take a look…

Scripts

Content of the malicious NodeJS package:

scripts1

The file package.json is a manifest, that defines a startup configuration and dependencies.

{
  "name": "app",
  "version": "1.0.0",
  "description": "",
  "main": "index.html",
  "single-instance": false,
  "scripts": {
    "test": "echo "Error: no test specified" && exit 1"
  },
  "chromium-args": "--disable-accelerated-video",
  "author": "",
  "window": {
        "frame": false,
        "resizable": false,
        "visible-on-all-workspaces": true,
        "show_in_taskbar": true,
    "toolbar": false,
    "width": 800,
    "height": 500,
        "show": false,
        "title": "Ransom32",
        "icon": "icon.png"
  },
  "license": "ISC",
  "dependencies": {
    "minimatch": "^2.0.10",
    "ncp": "^2.0.0",
    "node-rsa": "^0.2.26",
    "socksv5": "^0.0.6"
  }
}

Entry point of the package is defined to be in index.html, that looks as below:
index_html

The heart of the ransomware is inside binary.bin – a JavaScript compiled to a native code and loaded using function evalNWBin. All other components are called from inside of this binary.

It is responsible for encrypting and decrypting files, as well as for displaying ransom note and guiding a victim. Compiling the javascript to a native code has been used as a form of protection. However, strings of binary.bin can tell us a lot about the functionality of this application.

We can find for example:

After encrypting the files, the ransom nag-window is displayed. The gui is generated by javascript, with the layout defined by the included CSS.

ransom32_screen

The internet connection is operated via included Tor client – renamed to rundll32.exe

tor

The tor client spawned by chrome.exe:

ransom_processes

When we click a button “Check payment” a request is sent via Tor client, in order to verify if the payment has been received:

starting_tor

Users who don’t know how to use bitcoins are provided with extensive list of helpful links, available after clicking the button “How to buy Bitcoins”:

buy_bitcoins

Other used elements are in the folder node_modules (written in NodeJS):

node_modules

It uses open source components:

minimatch

socks5

node_rsa

Conclusion

In the past, malware authors cared mostly about small size of their applications – that’s why early viruses were written in assembler. Nowadays, technologies used and goals have changed. The most important consideration is not the size, but the ability to imitate legitimate applications, for the purpose of avoiding detection.

Authors of Ransom32 went really far in this direction. Their package is huge in comparison to typical samples. It consists of various elements, including legitimate applications – i.e the tor client (renamed to rundll32.exe). The technology that they have chosen for the core – Node JS – is a complete change of direction from the malware written in low-level languages.

However, compiled Java Script (although it works about 30 percent slower than not compiled) is not very popular and there is lack of tools to analyze it – which makes it a good point for malware authors, who gain some level of code protection.

Appendix

Other posts about Ransom32:

See also our posts about other examples of ransomware:


Why the digital era and its transparency still allows con artists to survive and thrive

Image: MariaKonnikova.com

When Maria Konnikova’s Mastermind: How to Think Like Sherlock Holmes was released three years ago, it melded the worlds of psychology and literature, tapping into a deeply human need for self-knowledge. The book—now translated into 16 languages—quickly became a bestseller, as readers wanted learn how to apply the teachings of a brilliant (if fictional) detective to their own lives.

Today, Konnikova, who is both a psychologist and a writer for The New Yorker, as well as a frequent contributor to The New York Times, continues her interest in dissecting human behavior with the release of The Confidence Game: Why We Fall for It … Every Time.

The book shows how the confidence game is the oldest game in the book, and how the digital era is only providing new opportunities for its artists to succeed. It’s an important lesson. Since 2008, online scams have more than doubled. Back in 2007, they were one fifth of all fraud cases. In 2011, they were 40%. In 2012, there were almost 300,000 complaints of online fraud with over $525 million lost. And these numbers don’t tell the whole story, because a good con is never discovered. And, those who do get conned are often too embarrassed to fess up.

In The Confidence Game, Konnikova offers suggestions—not solutions—for how to avoid being duped.

TechRepublic spoke with Konnikova about the misconceptions around confidence artists, how the con has changed with the landscape of the internet, and why anyone can fall victim to a scheme.

Why does the confidence game have such a long history?

We have a con in the Bible—there’s the story of Rachel and Leah, where you’re expecting to marry one daughter but get tricked into a marriage you didn’t want. There’s a reason that the Bible is told through stories rather than through logic because that’s the way you engage people and get them to believe things. When you’re in storytelling narrative, you drop your guard and stop questioning.

The con is really the oldest story that there is—it’s a story about belief and about meaning. That’s what con artists do.

How does the con game operate in our digital world?

Technology and technological advances are really the beautiful playground of the confidence game and of con artists. Any advance that we think makes us more sophisticated, more savvy, better protected, is also something that con artists are using and figuring out how to take advantage of. As we put more and more of our lives online, we become better and better targets and become easier and easier to target because we leave so much of our identity out in the open. That’s something that makes cons much more ubiquitous and much easier to pull off than they have been in the past. Google is wonderful for us when we’re researching, but it’s also the con artist’s best friend. They can look up anything very, very quickly.

Why don’t many people admit when they’ve been conned?

People really don’t want to report it because that means admitting that they were victims. We still have, as a society, this image of people who fall for scams. Especially online scams, for some reason. Just like we still kind of look down upon online dating. People will still snicker at you if you say you met your significant other online, which is kind of crazy but it still happens. I think people really, really look down at victims of online fraud. Nobody wants to be seen as a sap.

Who are the most-common victims? The elderly, less-computer savvy type?

Depending on the type of fraud, the victim profiles can change completely. Sometimes it’s people who are younger, sometimes it’s people who are really wealthy. Sometimes it’s men, sometimes it’s women. Basically, the takeaway is, there is no takeaway. Everyone is a potential victim. In fact, when it comes to online fraud, the elderly are actually a pretty small percentage, because if you think about how many elderly people actually use the internet, it’s not a very big number. Among the ones that do, they’re often the more technologically sophisticated people.

How do con artists go after young people online?

Social media is one of the absolute easiest ways to target young people. It can be Twitter, it can be SnapChat, it can be Instagram. Instagram is actually huge for con artists because we put so much information on there. A lot of times people don’t remove geotags. I mean, here’s this photographic treasure trove that shows you, where you are, what you like, and your precise time and location. Which is manna to a con artist.

How are cons affected during times of transition?

Every single time that we get a huge shift in technology, every time we are in areas of transition, we see cons flourishing and changing. It happened with western expansion. That’s when the con really established itself in America where you had the Wild West and the gold rush and all of these things where anything was possible and all of this stuff was happening. No one really knew what to expect.

All of a sudden you have all of these opportunities, and that’s where things like The Big Store, the first really good con established themselves in New York, which was basically a gambling storefront where people made bets—it was all fraudulent, and they couldn’t actually win, but they did this anyway because, “Hey, why not?”

That’s exactly what’s happening with the internet. People don’t really know what to expect. Every new technology, by the way, comes with another weird con artist who wants to install that technology and fix it for you. They have con artists fooling people with television installations, with radio installations, with telephone installations. Everything that we don’t really understand well, everything that’s new, is an opportunity for a con artist to strike.

And we’re in a pretty uncertain time right now, with advances in AI/robotics and potential changes in the workforce.

These times of transition create a lot of upheaval and uncertainty. We don’t really know what the world is going to look like in a few years. What happens if what I do is obsolete? What happens if my job is obsolete? I just bought this awesome new television, but what if it ends up being some awful waste? We don’t really know what’s going to happen and we feed that feeling of uncertainty and of not knowing.

When that happens, we crave something that’s really stable and certain. That’s what con artists are really able to offer us at the end of the day. They can really create an illusion that everything’s okay.

The other thing that happens is we don’t want people to think that we’re just old farts who can’t run with the times. Nobody wants to be accused of being behind the curb, so we become more liable, more open to new information and to new stories than we would be otherwise because we don’t want to come off as people who are old and close-minded.

Can anybody be conned?

No matter who you are, it’s a basic human need to have meaning and to believe in something. You cannot live life otherwise. It’s deeply ingrained in us. We could be the most prominent scientist in the world, the biggest skeptic in the world, even somebody who studies con artists for a living. We could be a con artist ourselves. Yet, that need is so strong and so deep that there’s really no way to circumvent it. It occurs with absolutely everyone.

There’s even a subset of cons designed to con con artists. That, to me, is kind of the perfect proof of concept.

Why are we so bad at detecting lies?

It’s more evolutionarily adaptive to be trusting. You end up being happier, healthier, making more money. It often goes along with intelligence. It’s a very good thing actually most of the time to trust people. We haven’t evolved to spot deception because it’s better for us not to, it actually makes society function much more smoothly.

Think about how much we deceive each other on a daily basis. Not conning people with malicious intentions, but saying things like, “Oh, it’s so nice to see you. How are you?” When really it’s really not nice to see you. If we were able to tell all those small lies as long as they happened, that would really be devastating. We’d be like, “Oh, I look terrible. This person doesn’t care about me. No one cares about me. The world’s a shitty place.” That is a really awful way to live, and so we haven’t developed those mechanisms.

The other part of it is that when we trust each other, we can get stuff done. We can cooperate, we can create new institutions, it’s something that we can’t do at all if we don’t trust each other. It’s better for society to trust. I think the bottom line is that we just haven’t evolved to this ability. It’s not good for us to spot deception most of the time and it’s not worth it to spot it the few times that it is good for us.

What are the biggest cons in the business world? What lessons we could draw?

The two biggest are Ponzi schemes and insider trading. Whenever something seems too good to be true, it is. The red flag for both of those types of schemes is often better returns for longer. It’s not just one good year or a few good years, it’s consistently wonderful. But the markets are unpredictable, they’re the markets, and no one is that good. We still believe they’re true when they’re happening to us because we want those wonderful returns. We look the other way. We don’t question when things are going well, we only question when things aren’t going well.

How can we guard ourselves against becoming duped?

We can really learn to understand ourselves a bit better. Con artists really draw close psychological profiles of their victims. They try to understand what makes them work, what they want, the things that excite them, what they really desire in life. What story am I going to pitch this person? What makes them tick? We don’t really do that about ourselves, but if we did we’d know what our weak points are. Our weak points are our desires. They’re the things that we want to believe.

Whenever things are going really, really well, we should have a really red flag and ask, “Okay. Why is everything going so well? What’s going on here?”

Also see

Nival releases Prime World Defenders 2, carrying the torch for tower defense

So you read “tower defense” and went “meh”. Ok, we get that. But there is a portion of you out there who think TD games are the best mind exercise apps and time wasters among the genres of games in the Google Play Store. And so for those specific people – who might have already tired Nival’s excellent Prime World Defenders TD game – this sequel is for you.

You heard it right, Nival is back with Prime World Defenders 2. And if you enjoyed how polished the initial game was, then you can expect the same excellence from the sequel. The initial game was really fresh because it added the collectible card twist to the game – players got different cards from beating maps and bosses, and they were able to use the cards within the game.

pwd2_1

Prime World Defenders 2 just builds on the game before it, albeit with better graphics and a new, more immersive portrait mode. There are towers, and now runes, to collect to make your defense more powerful. There are a lot of monsters to beat and 29 unique boss characters you have to play through.

pwd2_2

The game is free to download with IAPs, pick it up at the download link below. If you were once interested in the TD genre, we promise you that Prime World Defenders 2 is a good reason to look into it again. Enjoy gaming!

DOWNLOAD: Google Play Store

Tags: , , , ,

Cortana on Windows 10 PC allows sending messages on Android phone

Android has always been complicated when it came to processes between your PC – normally running on Windows – and your smartphone which ran on Android. Unlike in iOS, one thing Android users can actually envy Apple users on is the seamless process of sending messages from OSX on your Macbook and sent through your iPhone. Of course, it may just be the way Android is made – which means you need an app for that. Among the many that allow you to do this on Android, we can now add Microsoft’s Cortana to the list.

cortana_android1

Cortana, Microsoft’s digital voice assistant, has recently been approved for Android as an alternative for Google Now. And while it may still be clunky on the features end, you can’t say that you won’t like the voice behind Cortana. So here’s another new thing to like about it – that is if you have Cortana on your desktop or laptop running Windows 10, and you also have Cortana installed on your Android device. Apparently, you can use the assistant to send a text for you.

cortana_android2

Reddit user “edg3d903” found out when he typed “message” on the Windows search bar and Cortana suggested if he would like to send a message. He tried it and Cortana (on his PC) sent the message through mobile as Cortana (on his smartphone). Usually, you would need third party apps like Mighty Text, Pushbullet, or Air Droid to achieve this.

cortana_android3

If you have a Windows 10 PC and Cortana installed on your smartphone, you might want to explore this functionality. There might be other things you can have Cortana do on your smartphone from the relative confines of your laptop or desktop screen.

SOURCE: Reddit

Tags: , , , , ,