Tag: Malware and spyware

One Tech Tip: All you need to know about the iPhone’s Lockdown Mode

[ad_1]

A little known security feature on iPhones is in the spotlight after it stymied efforts by U.S. federal authorities to search devices seized from a reporter.

Apple’s Lockdown Mode recently prevented FBI agents from getting into Washington Post reporter Hannah Natanson ‘s iPhone.

Agents seized the phone, as well as two MacBooks and other electronic devices, when they searched Natanson’s home last month as part of an investigation into a Pentagon contractor accused of illegally handling classified information. But the FBI reported that its Computer Analysis Response Team “could not extract” data from the iPhone because it was in Lockdown Mode, according to a court filing.

So what is Lockdown Mode? Here’s a rundown of how it works and how to use it:

Apple says Lockdown Mode is an “optional, extreme” protection tool designed to guard against “extremely rare and highly sophisticated cyberattacks.” It’s not for everyone, but instead for “very few individuals” who could be targeted by digital threats because of who they are or what they do.

“Most people will never be targeted by attacks of this nature,” Apple’s support page says.

It’s available in Apple’s newer operating systems, including iOS 16 and macOS Ventura. It works by putting strict security limits on some apps and features, or even making some unavailable, to reduce the areas that advanced spyware can attack. It also restricts the kinds of browser technologies that websites can use and limits photo sharing.

Apple has previously rejected U.S. government requests to build so-called backdoor access for its devices.

In 2016, Apple refused a request by authorities to help bypass lockscreen security for an encrypted iPhone belonging to a shooter who carried out a terrorist attack in San Bernardino, Calif. The company also declined to add an ability to input passcodes electronically, which would make it possible to carry out “brute force” attempts to guess the combination using computers.

“It would be wrong to intentionally weaken our products with a government-ordered backdoor,” Apple said in explaining its decision.

Make sure your iPhone, iPad or MacBook has been updated. You’ll have to turn the feature on separately for each of your Apple devices.

On your iPhone, go to Settings, then to the Privacy and Security section, scroll down to the bottom and tap on Lockdown Mode. Enter your passcode — not a facial or fingerprint scan — to activate it. The device will restart and then you’ll again have to use your passcode to unlock it. On MacBooks, follow a similar procedure from the System Settings menu.

Apple recommends that you switch it on for all of the company’s devices that you own.

You might assume that requiring facial or fingerprint recognition to unlock your phone is good enough to protect it from snooping. But experts say passcodes are better than biometrics at protecting your devices from law enforcement, because they could compel you to unlock your device by holding your phone up to your face or forcing you to put your finger on the scanner.

FBI agents told Natanson that they “could not compel her to provide her passcodes,” but the warrant they used to execute the search did give them the authority “to use Natanson’s biometrics, such as facial recognition or fingerprints, to open her devices.” According to a court filing, Natanson said she didn’t use biometrics to lock her devices but agents were ultimately able to unlock her MacBook with her finger.

Apple says some apps and features will work differently when Lockdown Mode is on.

Some websites might load slowly or not work properly, and some images and web fonts could be missing because they block “certain complex web technologies.”

In Messages, most types of attachments are blocked, and links and link previews won’t be available. Incoming FaceTime calls are blocked unless it’s from a number you’ve called in the past month.

In Photos, location information is stripped from shared photos and shared albums are removed from the app. Focus mode won’t work normally.

There are also tighter restrictions on connecting your phone or computer to unsecure Wi-Fi networks or to other computers and accessories.

When I tried it out on my own iPhone, some apps warned me that certain functions might not work. I noticed that one of my news apps started using a different font and photos on some websites didn’t appear, replaced by a question mark.

The biggest disruption happened when I went to the gym, which involved using a web-based check-in system to scan a QR code. But my phone camera wouldn’t work so I had to turn off Lockdown Mode in order to get in. To be sure, my iPhone’s standalone Code Scanner app still worked, so the problem seemed to center on using a website to activate the camera.

Follow the same procedure outlined above that you used to turn on Lockdown Mode. You’ll need to enter your passcode and the phone will perform a restart.

___

Is there a tech topic that you think needs explaining? Write to us at onetechtip@ap.org with your suggestions for future editions of One Tech Tip.

[ad_2]

Source link

February 12, 2026
France probes ‘foreign interference’ after remote control malware found on passenger ferry

[ad_1]

PARIS — France’s counterespionage agency is investigating a suspected cyberattack plot targeting an international passenger ferry, authorities said Wednesday.

A Latvian crew member is in custody facing charges of having acted for an unidentified foreign power, French officials said. But Interior Minister Laurent Nunez appeared to hint that Russia is suspected, saying: “At the moment, foreign interference very often comes from same country.”

France and other European allies of Ukraine allege that Russia is waging “hybrid warfare” against them, using sabotage, assassinations, cyberattacks, disinformation and other hostile acts that are often hard to quickly trace back to Moscow.

Intelligence shared by Italian authorities tipped off the General Directorate of Internal Security — France’s special counterespionage and counterterror intelligence service — that software sometimes used by cybercriminals may have infected computer systems aboard a ferry docked in the French Mediterranean port of Sète, the Paris prosecutor’s office said.

The so-called RAT software — which allows users to control computer systems remotely — could have been used to take control of the ferry’s computers, the prosecutor’s office said. Its statement did not name ferry.

Nunez told public broadcaster France Info that “individuals tried to gain access to a ship’s data-processing system.” He described it as “a very serious affair.” Asked if the suspected intention was to hijack the vessel, he said: “We don’t know.”

He added: “The investigators appear to be following a trail of interference … foreign interference.”

Police on Friday arrested two of the ferry’s crew members — one Latvian, the other Bulgarian — who Italian authorities had identified as suspects, the prosecutor’s office said. The Bulgarian was subsequently released without charge after questioning.

The Latvian national is being held on a preliminary criminal conspiracy charge and two preliminary charges of hacking-related offenses with the goal of serving the interests of an unnamed foreign power, the prosecutor’s office said.

It said search raids were also carried out in Latvia. Latvian state police said they had no comment.

The ferry is now back in operation after being held in port for security checks to its computer system, the prosecutor’s office said.

___

AP European Security Correspondent Emma Burrows in London contributed.

[ad_2]

Source link

December 17, 2025
New sanctions target Russian web hosting service over suspected ransomware operations

[ad_1]

WASHINGTON — The United States, Britain and Australia announced sanctions Wednesday against a Russia-based web hosting service for allegedly running ransomware operations that are meant to help criminals evade detection by law enforcement.

Media Land, which officials said is among the companies that sell access to servers and other computer infrastructure and enable such criminal activity, was penalized along with three members of its leadership team and three affiliated business in an operation coordinated with the FBI, according to the Treasury Department.

Also cited was Hypercore Ltd., which the Treasury described as a front company of Aeza Group, an internet service provider designated by the United States earlier this year.

The sanctions are meant to deny designated businesses and individuals access to any property or financial assets held in the U.S., Britain and Australia. Also, the penalties are intended to prevent companies and citizens from those countries from doing business with the sanctioned entities and people.

Banks and financial institutions that violate that restriction expose themselves to sanctions or enforcement actions.

Earlier this year, the U.S., Britain and Australia imposed sanctions on Russian web-hosting services provider Zservers and two Russian men accused of administering the service in support of Russian ransomware syndicate LockBit.

Ransomware, the costliest and most disruptive form of cybercrime, can severely disrupt local governments, court systems, hospitals and schools as well as businesses. Most gangs are based in former Soviet states and are out of the reach of Western courts.

[ad_2]

Source link

November 19, 2025
Poland’s PM says authorities in the previous government widely and illegally used Pegasus spyware

[ad_1]

WARSAW, Poland — Poland’s new prime minister said Tuesday he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.

Donald Tusk made the announcement during a news briefing alongside President Andrzej Duda, a political opponent aligned with the previous ruling party. The use of Pegasus was alleged to have occurred under the government led by the right-wing Law and Justice party.

Pegasus gives operators complete access to a mobile device, allowing them to extract passwords, photos, messages, contacts and browsing histories, and to activate the microphone and camera for real-time eavesdropping.

Tusk said he was sharing information with Duda that showed wide use of the spyware in Poland.

“This is only a sample of the documents that are at your disposal, Mr. President,” he said at the start of a meeting of the Cabinet Council, a consultation format between the president and the government. Duda called the meeting to discuss other matters.

The prime minister said he asked the justice minister and prosecutor general to provide Duda with documents which “confirm 100% the purchase and use of Pegasus in a legal and illegal manner.”

The president has not publicly responded.

Tusk took power in December following an October election which he won as the head of a broad centrist alliance. It marked the end of eight years of rule by Law and Justice, a populist party that the European Union accused of eroding democratic norms.

The new parliament has set up a special commission to investigate who used Pegasus and against whom during Law and Justice’s years in government.

“The list of victims of these practices is unfortunately very long,” Tusk said. That list has not been publicly released.

Several Polish opponents of the previous government were targeted with Pegasus, a spyware program made by Israel’s NSO Group, according to findings by the University of Toronto’s nonprofit Citizen Lab that were exclusively reported by The Associated Press.

“This vindicates the victims and the technical and forensic methods we used to confirm infections,” said John Scott-Railton, a senior researcher with Citizen Lab who discovered the first cases of Pegasus use in Poland.

“Commercial spyware like Pegasus is dangerous to democracy and carries a baked-in abuse potential,” Scott-Railton said in a statement to the AP.

The NSO Group has said that it only sells its spyware to legitimate government law enforcement and intelligence agencies vetted by Israel’s Defense Ministry for use against terrorists and criminals. But evidence has emerged of human rights activists and politicians being targeted by governments worldwide.

Some of those who were hacked received notifications on their iPhones from phone maker Apple, then turned to Citizen Lab for confirmation.

Scott-Railton said Tusk’s confirmation “affirms the key role Apple’s threat notifications play in driving accountability for commercial spyware abuses. In Poland, these notifications were the first sign for researchers and reporters that a spyware scandal was lurking.”

[ad_2]

Source link

February 13, 2024
US to roll out visa restrictions on people who misuse spyware to target journalists, activists

[ad_1]

WASHINGTON — The Biden administration announced Monday it is rolling out a new policy that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware.

The administration’s policy will apply to people who’ve been involved in the misuse of commercial spyware to target individuals including journalists, activists, perceived dissidents, members of marginalized communities, or the family members of those who are targeted. The visa restrictions could also apply to people who facilitate or get financial benefit from the misuse of commercial spyware, officials said.

“The United States remains concerned with the growing misuse of commercial spyware around the world to facilitate repression, restrict the free flow of information, and enable human rights abuses,” Secretary of State Antony Blinken said in a statement announcing the new policy. “The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association. Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases.”

Biden issued another executive order nearly a year ago restricting the U.S. government’s use of commercial spyware “that poses risks to national security.”

That order required the head of any U.S. agency using commercial programs to certify that they don’t pose a significant counterintelligence or other security risk, a senior administration official said. It was issued as the White House acknowledged a surge in hacks of U.S. government employees, across 10 countries, that had been compromised or targeted by commercial spyware.

A senior administration official who briefed reporters ahead of Monday’s announcement would not say if any particular individuals were in line to immediately be impacted by the visa restrictions. The official spoke on the condition of anonymity under ground rules set by the White House.

Officials said the visa restriction policy can apply to citizens of any country found to have misused or facilitated the malign use of spyware, even if they are from countries whose citizens are allowed entry into the U.S. without first applying for a visa.

Perhaps the best known example of spyware, the Pegasus software from Israel’s NSO Group, was used to target more than 1,000 people across 50 countries, according to security researchers and a July 2021 global media investigation, citing a list of more than 50,000 cellphone numbers.

The U.S. has already placed export limits on NSO Group, restricting the company’s access to U.S. components and technology.

Pegasus spyware was used in Jordan to hack the cellphones of at least 30 people, including journalists, lawyers, human rights and political activists, according to the digital rights group Access Now.

The hacking with spyware made by Israel’s NSO Group occurred from 2019 until last September, according to Access Now. It did not accuse Jordan’s government of the hacking.

Amnesty International also reported that its forensic researchers had determined that Pegasus spyware was installed on the phone of Washington Post journalist Jamal Khashoggi’s fiancee, Hatice Cengiz, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The company had previously been implicated in other spying on Khashoggi.

___

Associated Press Frank Bajak in Boston contributed reporting.

[ad_2]

Source link

February 5, 2024
Journalists, lawyers and activists hacked with Pegasus spyware in Jordan, forensic probe finds

[ad_1]

Israeli-made Pegasus spyware was used in Jordan to hack the cellphones of at least 30 people, including journalists, lawyers, human rights and political activists, the digital rights group Access Now said Thursday.

The hacking with spyware made by Israel’s NSO Group occurred from 2019 until last September, Access Now said in its report. It did not accuse Jordan’s government of the hacking.

One of the targets was Human Rights Watch’s deputy director for the region, Adam Coogle, who said in an interview that it was difficult to imagine who other than Jordan’s government would be interested in hacking those who were targeted.

The Jordanian government had no immediate comment on Thursday’s report.

In a 2022 report detailing a much smaller group of Pegasus victims in Jordan, digital sleuths at the University of Toronto’s Citizen Lab identified two operators of the spyware it said may have been agents of the Jordanian government. A year earlier, Axios reported on negotiations between Jordan’s government and NSO Group.

“We believe this is just the tip of the iceberg when it comes to the use of Pegasus spyware in Jordan, and that the true number of victims is likely much higher,” Access Now said. Its Middle East and North Africa director, Marwa Fatafta, said at least 30 of 35 known targeted individuals were successfully hacked.

Citizen Lab confirmed all but five of the infections, with 21 victims asking to remain anonymous, citing the risk of reprisal. The rest were identified by Human Rights Watch, Amnesty International’s Security Lab, and the Organized Crime and Corruption Reporting Project.

NSO Group says it only sells to vetted intelligence and law enforcement agencies — and only for use against terrorists and serious criminals. But cybersecurity researchers who have tracked the spyware’s use in 45 countries have documented dozens of cases of politically motivated abuse of the spyware — from Mexico and Thailand to Poland and Saudi Arabia.

An NSO Group spokesperson said the company would not confirm or deny its clients’ identities. NSO Group says it vets customers and investigates any report its spyware has been abused.

The U.S. government was unpersuaded and blacklisted the NSO Group in November 2021, when iPhone maker Apple Inc. sued it, calling its employees “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.”

Those targeted in Jordan include Human Rights Watch’s senior researcher for Jordan and Syria, Hiba Zayadin. Both she and Coogle had received threat notifications from Apple on Aug. 29 that state-sponsored attackers had attempted to compromise their iPhones.

Coogle’s local, personal iPhone was successfully hacked in October 2022, he said, just two weeks after the human rights group published a report documenting the persecution and harassment of citizens organizing peaceful political dissent.

After that, Coogle activated “Lockdown Mode,” on the iPhone, which Apple recommends for users at high risk.

Human Rights Watch said in a statement Thursday that it had contacted NSO Group about the attacks and specifically asked it to investigate the hack of Coogle’s device “but has received no substantive response to these inquiries.”

Jordanian human rights lawyer Hala Ahed — known for defending women’s and workers rights and prisoners of conscience — was also targeted at least twice by Pegasus, successfully in March 2021 then unsuccessfully in February 2023, Access Now said.

About half of those found to have been targeted by Pegasus in Jordan — 16 in all — were journalists or media workers, the report said.

One veteran Palestinian-American journalist and columnist, Dauod Kuttab, was hacked with Pegasus three times between February 2022 and September 2023.

Along the way, he said, he’s learned important lessons about not clicking on links in messages purporting to be from legitimate contacts, which is how one of the Pegasus hacks snared him.

Kuttab refused to speculate about who might have targeted him.

“I always assume that somebody is listening to my conversations,” he said, as getting surveilled “comes with the territory” when you are journalist in the Middle East.

But Kuttab does worry about his sources being compromised by hacks — and the violation of his privacy.

“Regardless of who did it, it’s not right to intervene into my personal, family privacy and my professional privacy.”

___

This story has been corrected to say that Access Now says the hacking occurred from 2019 until last September, not from early 2020 until last November.

[ad_2]

Source link

February 1, 2024
Leading Egyptian opposition politician targeted with spyware, researchers find

[ad_1]

BOSTON — A leading Egyptian opposition politician was targeted with spyware multiple times after announcing a presidential bid — including with malware that automatically infects smartphones, security researchers have found. They say Egyptian authorities were likely behind the attempted hacks.

Discovery of the malware last week by researchers at Citizen Lab and Google’s Threat Analysis Group prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the associated vulnerabilities.

Citizen Lab said in a blog post that attempts beginning in August to hack former Egpytian lawmaker Ahmed Altantawy involved configuring his phone’s connection to the Vodaphone Egypt mobile network to automatically infect it with Predator spyware if he visited certain websites not using the secure HTTPS protocol.

Citizen Lab said the effort likely failed because Altantawy had his phone in “lockdown mode,” which Apple recommends for iPhone users at high risk, including rights activists, journalists and political dissidents in countries like Egypt.

Prior to that, Citizen Lab said, attempts were made beginning in May to hack Altantawy’s phone with Predator via links in SMS and WhatsApp messages that he would have had to click on to become infected.

Once infected, the Predator spyware turns a smartphone into a remote eavesdropping device and lets the attacker siphon off data.

Given that Egypt is a known customer of Predator’s maker, Cytrox, and the spyware was delivered via network injection from Egyptian soil, Citizen Lab said it had “high confidence” Egypt’s government was behind the attack.

Bill Marczak of the University of Toronto-based internet watchdog obtained the exploit chain with Google researcher Maddie Stone.

“It’s scary the fact that the government can essentially select anyone on Vodafone Egypt’s network and perhaps other networks for infections and they just flip a switch” and select them for targeting, he said. Marczak said “the most likely scenario here is that, yes, there is this cooperation from from Vodafone.”

In a separate incident in 2021, Citizen Lab determined that Altantawy — who announced his candidacy in March — was successfully hacked with Predator.

Egyptian officials did not respond Saturday to requests for comment.

Altantawy, a former journalist, announced in March his bid to challenge incumbent President Abdel Fatah el-Sissi in 2024, who has overseen a sharp crackdown on political opposition. Rights groups accuse el-Sissi’s administration of targeting dissent with brutal tactics — forced disappearances, torture and long-term detentions without trial.

Altantawy, family members and supporters have complained of being harrassed, which led him to ask Citizen Lab researchers to analyze his phone for potential spyware infection.

Altantawy said Saturday in written responses to questions relayed by a trusted intermediary, who requested anonymity for personal security, that he contacted Citizen Lab after receiving a series of suspicious and anonymous messages embedded with links he suspected were malicious.

He said he believed the hacking attempts were “inextricably linked to my political candidacy and my opposition role in the country against the Sisi regime” and sought “not only to surveil, but perhaps also to find compromising material that could be used to discredit or defame me.”

Altantawy also said the incident raises questions about whether telecommunications companies operating in Egypt might be complicit.

Previously, Citizen Lab documented Predator infections affecting two exiled Egyptians, and in a joint probe with Facebook determined that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.

In July, the U.S. added Predator’s maker, Cytrox, to its blacklist for developing surveillance tools deemed to have threatened U.S. national security as well as individuals and organizations worldwide. That makes it illegal for U.S. companies to do business with them. Israel NSO Group, maker of the Pegasus spyware, was similarly sanctions in November 2021. The reported use of Predator in Greece helped precipitate the resignation last year of two top government officials, including the national intelligence director.

The latest discovery brings to five the number of zero-day vulnerabilities to Apple software for which patches have been released this month.

——-

AP reporter Maggie Hyde in Cairo contributed.

[ad_2]

Source link

September 23, 2023
Update your iPhone: Apple just pushed out a significant security update

[ad_1]

Apple released a significant security update for iPhones and iPads Thursday to patch newly discovered security vulnerabilities in the devices’ system software

ByThe Associated Press

September 7, 2023, 10:07 PM

FILE – Apple iPhone 14 phones sit on display at an Apple Store at The Grove in Los Angeles, Sept. 16, 2022. Apple released a significant security update for iPhones and iPads Thursday, Sept. 7, 2023, to patch newly discovered security vulnerabilities in the devices’ system software. (AP Photo/Jae C. Hong, File)

The Associated Press

Apple released a significant security update for iPhones and iPads Thursday to patch newly discovered security vulnerabilities in the devices’ system software.

The issue was discovered by researchers at the University of Toronto’s Citizen Lab, who said the software flaw was being “actively exploited” to deliver commercial spyware called Pegasus developed and sold by the Israeli company NSO Group.

Pegasus is an expensive tool typically used to target dissidents, journalists and political opponents, so ordinary users likely have little to fear. Still, Citizen Lab recommends that all users should “immediately” update their devices.

To install the update, open Settings on your iPhone, then select “General” followed by “Software Update.” You should see the iOS 16.6.1 software update there; tap to begin the installation.

If you don’t see the update, go back to the General page, then tap “About” to check your iOS version number. If it’s 16.6.1, you already have the update installed. If your phone is still using 16.6 or an earlier version, repeat the above steps. If you still don’t see an update, try restarting your phone. If that doesn’t make the update appear, double-check your internet connection and then wait a bit before trying again.

[ad_2]

Source link

September 8, 2023
FBI and European partners seize major malware network in blow to global cybercrime

[ad_1]

LOS ANGELES — U.S. officials said Tuesday that the FBI and its European partners infiltrated and seized control of a major global malware network used for more than 15 years to commit a gamut of online crimes including crippling ransomware attacks.

They then remotely removed the malicious software agent — known as Qakbot — from thousands of infected computers.

Cybersecurity experts said they were impressed by the deft dismantling of the network but cautioned that any setback to cybercrime would likely be temporary.

“Nearly ever sector of the economy has been victimized by Qakbot,” Martin Estrada, the U.S. attorney in Los Angeles, said Tuesday in announcing the takedown. He said the criminal network had facilitated about 40 ransomware attacks alone over 18 months that investigators said netted Qakbot administrators about $58 million.

Qakbot’s ransomware victims included an Illinois-based engineering firm, financial services organizations in Alabama and Kansas, along with a Maryland defense manufacturer and a Southern California food distribution company, Estrada said.

Officials said $8.6 million in cybercurrency was seized or frozen but no arrests were announced.

Estrada said the investigation is ongoing. He would not say where administrators of the malware, which marshaled infected machines into a botnet of zombie computers, were located. Cybersecurity researchers say they are believed to be in Russia and/or other former Soviet states.

Officials estimated the so-called malware loader, a digital Swiss knife for cybercrooks also known as Pinkslipbot and Qbot, was leveraged to cause hundreds of millions of dollars in damage since first appearing in 2008 as an information-stealing bank trojan. They said millions of people in nearly every country in the world have been affected.

Typically delivered via phishing email infections, Qakbot gave criminal hackers initial access to violated computers. They could then deploy additional payloads including ransomware, steal sensitive information or gather intelligence on victims to facilitate financial fraud and crimes such as tech support and romance scams.

The Qakbot network was “literally feeding the global cybercrime supply chain,” said Donald Alway, assistant director in charge of the FBI’s Los Angeles office, calling it “one of the most devastating cybercriminal tools in history.” The most commonly detected malware in the first half of 2023, Qakbot impacted one in 10 corporate networks and accounted for about 30% of attacks globally, a pair of cybersecurity firms found. Such “initial access” tools allow extortionist ransomware gangs to skip the initial step of penetrating computer networks, making them major facilitators for the far-flung, mostly Russian-speaking criminals who have wreaked havoc by stealing data and disrupting schools, hospitals, local governments and businesses worldwide.

Beginning Friday in an operation officials dubbed “Duck Hunt,” the FBI along with Europol and law enforcement and justice partners in France, the United Kingdom, Germany, the Netherlands, Romania and Latvia seized more than 50 Qakbot servers and identified more than 700,000 infected computers, more than 200,000 of them in the U.S. — effectively cutting off criminals from their quarry.

The FBI then used the seized Qakbot infrastructure to remotely dispatch updates that deleted the malware from thousands of infected computers. A senior FBI official, briefing reporters on condition he not be further identified, called that number “fluid” and cautioned that other malware may have remained on machines liberated from Qakbot.

It was the FBI’s biggest success against cybercrooks since it “hacked the hackers” with the January takedown of the prolific Hive ransomware gang.

“It is an impressive takedown. Qakbot was the largest botnet” in number of victims, said Alex Holden, founder of Milwaukee-based Hold Security. But he said it may have been a casualty of its own success in its staggering growth over the past few years. “Large botnets today tend to implode as too many threat actors are mining this data for various types of abuse.”

Cybersecurity expert Chester Wisniewski at Sophos agreed that while there could be a temporary drop in ransomware attacks, the criminals can be expected to either revive infrastructure elsewhere or move to other botnets.

“This will cause a lot of disruption to some gangs in the short term, but it will do nothing from it being rebooted,” he said. “Albeit it takes a long time to recruit 700,000 PCs.”

___

Bajak reported from Boston.

[ad_2]

Source link

August 29, 2023
Greece to ban spyware as wiretap scandal grows

[ad_1]

ATHENS, Greece — Lawmakers in Greece are set to approve plans to outlaw commercial spyware following weeks of allegations that senior government officials may have been targeted.

The revelations have hurt public support for the country’s center-right government as it faces elections in 2023.

Under the draft legislation to be voted on later Thursday, the use, sale or distribution of spyware in Greece will carry a penalty of a two-year minimum prison sentence. Additional safeguards were also planned for legal wiretaps as well as for hiring the director and deputy directors of the National Intelligence Service, or NIS.

Speaking in parliament, Prime Minister Kyriakos Mitsotakis described the reforms as “a bold institutional response to a challenge that — and I want to emphasize this — does not only concern our country.”

Reports in the news media that multiple members of the cabinet as well as other senior officials and journalists may have been targeted with the spyware that can snoop on cell phone calls, stored contacts and data, and access devices’ microphones and cameras have prompted a judicial investigation.

In August, a top government aide and the country’s security chief resigned following revelations that a Socialist politician who was later elected leader of Greece’s third largest party had been the subject of NIS telephone surveillance that the government insists had been legally sanctioned.

The resignations were followed by weeks of newspaper reports that senior officials were being tracked using Predator spyware, which is similar to the more widely known Pegasus surveillance software.

The government insists its agencies have never used the spyware.

The use and alleged use of surveillance software in European Union member states is also the subject of an ongoing inquiry by a European Parliament committee, whose members visited Athens last month.

Facing elections before next summer, the government of Prime Minister Mitsotakis’ center-right New Democracy party, has seen its strong lead in opinions polls in recent weeks suffer as a result of the wiretapping allegations and the ongoing cost of living crisis.

[ad_2]

Source link

December 8, 2022