Iain Thomson

Contact Mail Follow Twitter RSS feed

Russian admits being Ebury botnet herder, now jailed for 46 months

A Russian man has been imprisoned for 46 months after admitting to using the Ebury malware to create a massive botnet for fun and profit. Maxim Senakh, 41, of Veliky Novgorod in Russia, was sentenced in Minnesota after pleading guilty to conspiracy to commit wire fraud and violating the Computer Fraud and Abuse Act. He was …
Iain Thomson, 03 Aug 2017
Marcus Hutchins

WannaCry-slayer Marcus Hutchins 'built Kronos banking trojan' – FBI

Marcus Hutchins, the British malware researcher who killed off the WannaCry ransomware outbreak, was arrested in Las Vegas on Wednesday on suspicion of being a malware writer himself. Hutchins, aka MalwareTechBlog on Twitter, was collared after attending the DEF CON hacking conference in Nevada, US, last week. FBI agents …
Iain Thomson, 03 Aug 2017

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON

Updated Marcus Hutchins, the unassuming Brit who found and activated the kill switch in the WannaCry ransomware, has been arrested by the FBI in America. Hutchins had been invited over to the States for the DEF CON hacking conference, held last week in Las Vegas, Nevada, and stayed on a few extra days to do the usual touristy things …
Iain Thomson, 03 Aug 2017

Canadian ISPs do not Canuck around: Bloke accused of piracy grilled in his home for hours

If you thought American or British copyright fights were petty, consider the case of Canadian Adam Lackman – who had a bailiff, lawyers, and computer experts burst into his home, seize his gear, and grill him for hours. Lackman, a self-described tech entrepreneur, hosts the TVAddons website which links to plugins called addons …
Iain Thomson, 03 Aug 2017

Trump-backed RAISE Act decoded: Points-based immigration, green cards slashed

Having decided to move on from healthcare, the Trump administration has backed proposed legislation that would markedly overhaul America's immigration process. The H-1B visa system – which tech bosses rely on to fly in foreigners to swell office ranks – isn't explicitly mentioned in the Reforming American Immigration for a …
Iain Thomson, 03 Aug 2017

Cardiff did Nazi that coming: Hackers slap Trump, swastikas, Sharia law on e-sign

Shoppers in Cardiff got an eyeful this week when mystery hackers took control of an electronic billboard overlooking the main shopping street and broadcasted a string of images, including Nazi swastikas. The billboard, on Queen Street in the Welsh capital, began displaying pictures of the Nazi symbol, and a sign declaring: " …
Iain Thomson, 02 Aug 2017

Don't make Aug 21 a blind date: Beware crap solar eclipse specs

The American Astronomical Society has warned that knockoff viewing glasses for this month's total solar eclipse will blind people if they wear them while looking up at the spectacle. The total eclipse will plunge parts of America into darkness for a few moments on August 21, and appear as a partial eclipse in UK, Europe, and …
Iain Thomson, 02 Aug 2017
mobile malware

'Invisible Man' malware runs keylogger on your Android banking apps

A new breed of Android malware is picking off mobile banking customers, particularly those in the UK and Germany, we're told. The Svpeng software nasty has been around for four years, and its creator was caught and thrown in the clink in 2015. However, the malware keeps on evolving, thanks to other crooks trying their hand …
Iain Thomson, 02 Aug 2017

No vulns. No hardwired passwords. Patchable. Congress dreams of IoT: Impossible Online Tech

After years of warnings about the parlous state of Internet of Sh!t security, the US Senate has finally introduced legislation on the matter. The Internet of Things Cybersecurity Improvement Act would require that IoT devices purchased by the American government must not have any known security vulnerabilities, must have the …
Iain Thomson, 01 Aug 2017

Destination PWND: Safes, ATMs, phones all fall to Vegas hax0rs

Analysis BSides, Black Hat, DEF CON... For the last six days, Las Vegas has been home to the top brains in the computer security industry and the business menagerie that follows them – causing some panic among locals. We've seen the pathetic state of the US electronic voting system exposed, claims of advanced eavesdropping at the …
Iain Thomson, 31 Jul 2017
Stupid computer

AI quickly cooks malware that AV software can't spot

DEF CON Machine-learning tools can create custom malware that defeats antivirus software. In a keynote demonstration at the DEF CON hacking convention Hyrum Anderson, technical director of data science at security shop Endgame, showed off research that his company had done in adapting Elon Musk’s OpenAI framework to the task of …
Iain Thomson, 31 Jul 2017

Azure security boss tells sysadmins to harden up and properly harden Windows Server

DEF CON Windows Server admins keep making mistakes that let criminals into their boxes, according to Microsoft's lead security architect for Azure management Lee Holmes. Redmond therefore wants you to harden up by using PowerShell's Just Enough Administration. “In running Just Enough Administration, the idea is that admins are your …
Iain Thomson, 30 Jul 2017
Pic: Shutterstock

Dark web doesn't exist, says Tor's Dingledine. And folks use network for privacy, not crime

DEF CON A Tor Project grandee sought to correct some misconceptions about the anonymizing network during a presentation at the DEF CON hacking convention in Las Vegas on Friday. Roger Dingledine, one of the three founders of the Tor Project, castigated journos for mischaracterizing the pro-privacy system as a bolthole exclusively used …
Iain Thomson, 29 Jul 2017
Micro:Bit photo

BBC’s Micro:bit turns out to be an excellent drone hijacking tool

DEF CON The BBC’s Micro:bit computer board may be winning over school kids, but hackers have found its wireless capabilities and programmable nature make it an excellent tool for mischief. In a presentation at this year's DEF CON hacking conference in Las Vegas on Friday, Damien Cauquil, senior security researcher at Econocom Digital …
Iain Thomson, 29 Jul 2017
election hacking

It took DEF CON hackers minutes to pwn these US voting machines

DEF CON After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House …
Iain Thomson, 29 Jul 2017

Chess champ Kasparov, for one, welcomes our new robot overlords

DEF CON The world chess champion who was beaten by a computer today told the DEF CON hacking conference that we shouldn’t fear AI systems, but instead need to embrace them. Garry Kasparov was the chess wunderkind of his day but was creamed by IBM’s Deep Blue computer in 1997. That wasn’t even close to being an AI system, he said, …
Iain Thomson, 28 Jul 2017

Systemd wins top gong for 'lamest vendor' in Pwnie security awards

Black Hat The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas. That's not surprising: government officials, US spy agencies, and software makers aren’t usually in the mood to acknowledge their failures. The Pwnies give spray-painted pony statues to those …
Iain Thomson, 28 Jul 2017
Sad Android

Inside the ongoing fight to stamp out govt-grade Android spyware

Black Hat A study into government-grade Android spyware led researchers to a new strain of surveillance malware lurking in the Google Play app store – a strain that has now been unceremoniously booted out of the software marketplace. Last month it was revealed that the Mexican government was infecting smartphones with malware to spy on …
Iain Thomson, 28 Jul 2017

Hackers can turn web-connected car washes into horrible death traps

Black Hat Forget hijacking smart light bulbs. Researchers claim they can hack into internet-connected car wash machines from the other side of the world and potentially turn them into death traps. In a presentation at the Black Hat conference in Las Vegas on Wednesday, Billy Rios, founder of security shop Whitescope, and Jonathan Butts …
Iain Thomson, 27 Jul 2017

The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years

Black Hat Uncle Sam's lawyers have revealed the catalog of operational security mistakes that led to the cuffing of one of the world’s most prolific credit-card crooks. Last year, Roman V Seleznev, 32, was found guilty of multiple counts of fraud and hacking by a jury in Washington, USA. He was later thrown in the cooler for 27 years. …
Iain Thomson, 27 Jul 2017

US spies hacked our phones over the air, claim pipeline protesters

For the past year or so, protesters in North Dakota, America, have been trying to prevent an oil pipeline from being built through Native Americans’ sacred land. As a result, they’ve gone through an astonishing level of electronic surveillance while there, it is claimed. For instance, fake cellphone towers were used to listen …
Iain Thomson, 26 Jul 2017
Image by infografick https://www.shutterstock.com/g/infografick

Crap gift card security helps crims spend your birthday pressie cash

Gift cards' lousy security makes it easy for crooks to spend marks' money, researchers said Tuesday night. During their presentation at the BSides conference in Las Vegas, William Caput and Sam Reinthaler used an $80 card reader and writer, and some tech savvy, to demonstrate just how easy it is for miscreants to get access to …
Iain Thomson, 26 Jul 2017
Laptop user, photo via Shutterstock

Las Vegas locks down ahead of DEF CON hacking conference

DEF CON Businesses in Las Vegas are locking down their systems as hackers fly into the fetid hell of Sin City for a trio of security conferences. This week the BSides conference, Black Hat, and DEF CON are all in town and folks here are worried that their computers are going to be thoroughly subverted by visiting miscreants. Caesars …
Iain Thomson, 25 Jul 2017

Pathetic patching leaves over 70,000 Memcached servers still up for grabs

If you're running the caching service Memcached, and particularly if you're exposing it to the public internet for some reason, please make sure you've patched it. Tens of thousands of vulnerable systems haven't. Back in October, researchers at Cisco’s Talos security team found three major security vulnerabilities that would …
Iain Thomson, 24 Jul 2017

Crims snatch 5.5 million social security numbers from Kansas govt box

Hackers have lifted not only the social security numbers and personal information of half a million jobseekers in Kansas – but also records on more than five million people from nine other US states. The compromised database belonged to the Kansas Department of Commerce. The server was set up by the department's America's Job …
Iain Thomson, 24 Jul 2017

Biting the hand that feeds IT © 1998–2017