Nota Bene

Of late you’ve been getting nothing but tropical-equatorial-Ecuadorian–Galapagosian dispatches from me. Which is hopefully just what you need if it still feels like winter where you are. However, this post, as the title gives away, is a typically wintery post, just for a bit of variation…

So, without further ado, here we have…: snow. Lots of:

But why am I lying down like that in the snow? Simple: if I tried to stand up, I’d sink into that snow up to my waist!

But… why is the ice in the below pic green? Actually, it’s not the ice itself that’s green, but I’ll get to that in a bit. But green is our corporate color, so it suited us just fine.

Read on…

Hi folks!

You’ll no doubt already know – but just in case, here’s me telling you – that each year we put on a mega international cybersecurity conference – SAS (Security Analyst Summit) – every late-winter/early-spring. Well, it’s spring already (though there was snow again last night in Moscow!) once again, so let me tell you about this year’s event… – woah – which is only three weeks away!…

This event is unique in a full three ways:

First, it’s at SAS where both KL’s top experts plus our world-renowned expert-guests report on their latest investigations, newest findings, and most curious other cyber-news.

Second, SAS always avoids the typical / typically boring hotels or conference centers in world capitals, instead always opting for totally non-boring exotic resort venues with lots of sun, sea, sand, surf, sangria… Singapore Slings, etc.

Third, there’s always one thing that can be counted on every year at SAS – the event is overflowing with fun, despite the seriousness of the cybersecurity theme!

SAS-2018 (Cancun)

It’s fair to say that SAS is best-known for the hot – often sensational – investigative reports shared at the event. Sometimes some folks don’t like this: they think we select findings based on geography or on possible attribution, or they’d prefer if we didn’t publicize such scandalous and potentially embarrassing findings (indicating probable government financing, cyber-espionage, cyber-sabotage, etc.) and should just sweep them under the rug instead. Er, nope. That’s not going to happen. Just in case you missed the memo: we share details of any cybercrime we find. Where it may originate from or what language it may speak: it doesn’t matter. Publicizing details of large cyber-incidents and targeted attacks is the only way to make the cyberworld – and that means the world itself – safer. It’s for this reason that SAS was the platform used to divulge findings on ‘Stuxnet’s cousin’ Duqu (which secretly collected information on European industrial systems), Red October (a cyber-spy carrying out espionage on diplomatic missions in Europe, the U.S., and former Soviet republics), and OlympicDestroyer (a sophisticated APT that attempted to sabotage the Olympic Games in South Korea in 2018). And I know that this year’s SAS won’t be any different: cyber-buzz causing a huge stir – coming right up!…

SAS-2016 (Tenerife)

SAS has been put on in Croatia, Cyprus, Malaga, Cancun, Tenerife, Puerto Rico, the Dominican Republic and Saint Martin (i.e., including some repeats at our fave venues).

This year, seeing that SAS is all grown-up (this will be the 11^th event), we thought a few organizational adjustments might be appropriate, and here they are:

First, this year SAS will be put on… in a metropolis! But it’s not your dull city in any way: it’s still beside the seaside and it happens to be a ‘garden city’, no less . Yep, this year it’ll be in Singapore folks. Yeh! I’m very happy about that. I have a more than just a soft-spot for Singapore ).

Second, we’ve decided to open up SAS to a wider audience than usual. Normally it’s an invite-only, exclusive world-cyber-expert get-together. This time though – in line with our transparency drive – we’re making part of the conference open to anybody who may wish to participate. And we call it SAS Unplugged. Like MTV Unplugged – only SAS ).

Presentations, training sessions, workshops from leading experts – all included. So students, cybersecurity rookies, in fact – cybersecurity old-hands too – anyone who has a great interest in fighting cyberbaddies – get registering! And be quick about it – already some of the training sessions are fully booked up.

PS: I’ve been permitted to give you a teaser about one of the confirmed presentations. It’s by one of our own experts, Sergey Lozhkin, and it’s for sure going to be a corker. Curiously, it’s about one of the oldest forms of cybercrime, but old doesn’t mean irrelevant. Just the opposite. For the crooks engaging in it today are earning billions of dollars a year from it! What is it? Financial fraud, plain and simple – actually, not so simple, as Sergey will tell us. He’ll also tell us how it has evolved over the years, what digital identity theft is, how much a digital identity costs on the Darknet, what a ‘carder’ is, and more…

PPS: I can’t wait. I enjoyed last year’s SAS ever so much. So here’s looking forward to an even better SAS this year!

Welcome to SAS-2019!…

I think this day was the most Ecuad-awesome of all during our boat-based excursion of the Galápagos Islands. Two islands in one day: one with brightly-colored iguanas; the other – with similarly wonderful wild animals and sensational sunsets. The latter wonderful wild animals – I’d been expecting them sooner or later as I’d heard about them before, but here they finally were, in the flesh – Galápagos penguins! Yes, you read that right: penguins! Who’d have thought it – on the equator of all places?!

Read on…

Hola boys and girls!

Herewith, a continuation of my reportage from the Galápagos Island of Santa Cruz, on which we’d already seen: cacti that defy, surfaces with tortoises, and banana iguanas. Next up… – my favorite: volcanism! In particular: lava tubes. (‘A lava tube is a natural conduit formed by flowing lava which moves beneath the hardened surface of a lava flow. Tubes can drain lava from a volcano during an eruption, or can be extinct, meaning the lava flow has ceased, and the rock has cooled and left a long cave.’ – Wikipedia.

I’d been in such constructions before, in Kamchatka, Sicily, on the slopes of Mount Etna, and in Hawaii. I think that probably most relatively fresh volcanoes in the world feature such lava tubes – and that includes on the Galápagos Islands:

A new day on the Galápagos Islands and a new Galápagosh for us…

Still on the island of Santa Cruz (on which we saw yesterday’s giant tortoises), this morning we were checking out a different spot thereon – Cerra Dragon (Dragon Hill in English, here) (in the afternoon we were headed over to the tiny Bartolomé Island).

What made this day special was the way we didn’t see just one Ecuad-awesomeness, but a full three! Oh my Galápa-goodness! Let me go through them one by one. In this post – #1…

The ‘Galapagos land iguana’.

Oh my guana! Check these resplendent reptiles out!

Read more…

Another day – another gosh!…

The tortoise. Hmmm. Not the sharpest tool in the shed – even among reptiles, which aren’t known for their intellectual prowess. Probably the world’s slowest animal too. And when it comes to sweetness and honey and good manners and good looks – the tortoise is also toward the back of the line. Poor things. BUT!…

But… there’s still something about these creatures that charms, enchants, enraptures and enthralls. Maybe it’s something in our genes that says that despite their outward appearance the tortoise is wholly… tasty… But more on that later. For now: giant tortoise pics!…

Read on…

Hi folks!

Another day, another Galápagos island. Next up – Santa Cruz Island – here. We were driven literally from its top to bottom (on a road some 40km long). No swimming with the turtles on this day, but of course that didn’t mean there’d be no Ecuad-awesomeness – the main one of which was the fact that… cactuses can resemble trees!

Now, remember the last pic in yesterday’s post? The one with a tree trunk that looked to be of a pine or fir tree? Well it’s actually a cactus known as an opuntia, aka prickly bear! No, not one of those small cactuses with the silly ears that you know to be a cactus. Here cactuses are verrrrry big, verrrrry strangely shaped, verrrrry unusual – and with trunks!

Read more…

Hola folks!

Adios Española Island, and, after a short night flight, hola Punta Cormorant on Floreana Island – here.

At Punta Cormorant you’d think there might be at least one or two Cormorants to be seen, but you’d be wrong (I wonder… did they become extinct on the island?). However, instead, there are one or two tons of Cheloniid sea turtles – which provided today’s main Ecuad-awesomeness!

Read more…

While on Española Island, the young albatross leaping off a cliff face for the first time in his life hoping he’ll be able to fly – that kinda stole the show. However, there were other wild animals worthy of mention observed too – including species we’d seen for the first time or had never seen in such vast quantities. And we saw them at Punta Suarez – the westernmost point of the island.

Even before we’d made it ashore in the dinghy we came across a seal ‘kindergarten’. While mommy is out at sea getting the ‘groceries’ in, the little ones are frolicking on the beach!

I wondered briefly – how does mom know which toddler-seals are hers? Logically, I asked our guides; they answered: by smell. They added also how life can be rather cruel for the seals around here: if mommy get gobbled up by a shark while out to sea getting dinner in, her offspring will inevitably die. Other moms won’t feed them – poor things. But, at the same time – if one of those child seals happens upon a mom-penguin – young penguins wind up with no mommy too. And if penguins happen upon… and so on and so forth. I could carry on the ‘chain’ at length. But let’s look at some pics instead…

Read on…

Privyet boys and girls!

Herewith, the next in my periodic/occasional cyber-news cyber-shocker-bulletins: a few stories of the cyber-interesting, the cyber-this-news-just-in, and the cyber-absurd…

State-sanctioned hacking!

The Japanese government is believed to be planning to hack 200 million IoT devices of its citizens. And that’s not science fiction folks; it looks like it’s for real. Indeed, it’s how the Japanese are preparing for the Olympics to be held in Tokyo in 2020 – and it’s all legal of course, since it’s the government who’s behind it. So their citizens’ gadgets will be hacked using the cybercriminals favorite method: using default passwords and password dictionaries. If a device is found to have a weak password, bureaucrats will enter the device into a list of unsecure gadgets, which list will then be handed over to internet service providers, which will be expected to inform subscribers and have them make their devices secure by changing the password. It’s all being done as a resilience test in the run-up to the Olympics, to work out if IoT devices in the country are sufficiently protected, and to try and prevent their use in attacks on the Olympics’ infrastructure. The methods to be used for this ‘test’ can easily be disputed, but the fact that the authorities are doing something concrete so well in advance is certainly a good thing. For let’s not forget that the Olympics have been targeted before – and not all that far away from Japan.

iOops!

An 18-year-old hacker, Linus Henze, has published a video highlighting a startling weakness in MacOS – specifically its Keychain program, which stores and secures a user’s many passwords. The teenager used a zero-day to develop his own app that can scan the full contents of the keychain.

Curiously, intriguingly, Mr. Henze isn’t planning on sharing his research and his app with the tech giant, since Apple still doesn’t run a bug-bounty program. So that leaves the company with two options: negotiate with the expert (which would be an unprecedented move for Apple), or consider trying to remedy the issue themselves – which they may or may not be able to do, of course.

Meanwhile, you, dear readers, need not fear for the safety of your passwords! Since there do exist (who’d know?!) fully secure, cross-platform password managers out there. And researchers – there do exist software companies that run bug-bounty programs ).

Even two-factor authentication can be hacked now.

Bank accounts being emptied by cyber-thiefs is on the up. One example recently involved accounts held at the UK’s Metro Bank. And the method used for the robberies involved intercepting text messages sent to account-holders’ phones for two-factor authentication. Now, 2FA is a good thing: it’s an extra layer of security and all that, so why not? It’s just that SMSs are by far not the most secure way to transfer data. For example, vulnerabilities can be exploited in the SS7 protocol, which is used by telecoms operators the world over to coordinate how they route texts and calls. If cyber-baddies manage to access the mobile network of an operator, they’re able to re-route messages and calls without the user being any the wiser. First they’d need to know your login and password for online banking, but that isn’t beyond the abilities of modern-day cyber-villains with their crafty keyboard spies, phishing tactics, or banking Trojans.

Once inside the online bank, the criminals send a request for a money transfer and intercept the message with the one-time code from the bank. The code is entered, and the bank transfers the funds, since both the password and the code were correctly entered. And the criminals are laughing all the way to the bank, as it were ).

So what can you do to stop such a scenario happening to you? Here are a couple of tips:

• Never tell anyone your login or passwords – even to a bank employee, but you’ll probably know that one: banks helpfully remind us whenever they can.
• Protect your devices from malware with a reliable antivirus app. There is one I happen to know of… but no – you choose the one you want ).

Cyber-spying on foreign diplomats in Iran – but whodunit?

Our researchers just recently discovered multiple attempts at infection of foreign diplomatic missions in Iran with some rather primitive cyber-espionage malware. The backdoor is presumed to be associated with the hacking group know as Chafer, which happens to ‘speak’ Farsi, and which is thought to have been responsible for cyber-surveillance on individuals in the Middle East in the past. This time, they cybercriminals used an improved version of the Remexi backdoor, designed to remotely control (as administrator) a victim’s computer.

Remexi software was first detected in 2015 when it was used for illegal surveillance of individuals and organizations across the whole region. The Windows-targeting surveillance-ware can exfiltrate keystrokes, screenshots, and browser-related data like cookies and history.

Much ‘home made’ malware is used in the region – often in combination with public domain utilities. But who’s behind these particular attacks? Finding out is made all the more difficult by the very fact that the malware is homespun; it literally could be anybody: Iranians, or non-Iranians pulling a false-flag operation. Alas, false flags are on the up and up and look set to remain so.

“Well, actually… a seal ate my USB stick, sir.”

In New Zealand, one day out walking a vet observed a clearly unwell leopard seal on a beach. As any concerned vet would, he proceeded to… scoop up a lump of the poorly seal’s poop and took it off for analysis. He was expecting to find therein some ghastly little parasites or viruses or what have you, but instead found… a USB stick. After much disinfection (I hope), the vet stuck the thumb drive into his computer (don’t try any of this at home kids, but this was a special case). And guess what? Thereon were stored lots of photos of the beautiful New Zealand scenery! Now the vet and Co. are seeking the owners of the USB – using this here video. Recognize it, anybody?