May 15, 2017 Last Updated 9:53 am

Ransomware threat ebbs in Europe; London police accused of using Indian hackers to spy on journalists

Morning Brief: Google announces two changes to its AdSense program, including the ability to remove ads from individual pages due to rule infractions, rather than website wide

A second wave of ransomware is feared by some in the tech community as workers reach their offices on Monday. Already the Trojan encryptor WannaCry has infected more than 200,000 computers worldwide. The attack target computers running Microsoft Windows, as most do, and is said to have origins at the NSA. While Russia actually received the most attacks, it was the British health service shutdown that received the most attention on Friday. This morning, while things seem to have settled down in Europe, reports are that China is experiencing its share of attacks.

“It’s interesting that the initial request in this sample is for $600 USD, as the first five payments to that wallet is approximately $300 USD,” said Kaspersky Lab. “It suggests that the group is increasing the ransom demands.”

The Mac world generally would be laughing and pointing its fingers at Windows users at this point, but are generally not. It may be that there is recognition that the origins of the attack lie with an agency of the US government, or that there is no reason to encourage hackers to target the macOS or iOS.

In any case, the attack does point out just how much of the Windows world is run on outdated versions of the Microsoft OS, and also how much of it is run on pirated copies of that OS.

BBC:

Cyber-attacks from WannaCry ransomware slow but fears remain

A computer malware that has spread across 150 countries appears to be slowing down, with few reports of fresh attacks in Asia and Europe on Monday. However staff beginning the working week have been told to be careful…

…Many firms employed experts over the weekend to try to prevent new infections. The picture now appears better in Europe.

Senior spokesman for Europol, Jan Op Gen Oorth, told Agence France-Presse: “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.

Microsoft Blog, Brad Smith:

The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack

…this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past. This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support…

…Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Los Angles Times, Paresh Dave:

Global ransomware attack shows why Apple refused to hack terrorist’s iPhone

To cybersecurity experts, Friday’s incident showed exactly why technology companies such as Microsoft, Google and Apple are so defensive about the idea of backdoors into their services and devices.

Law enforcement agencies may want a way into highly secure gadgets and apps to further their investigations — such as when the FBI pressed Apple last year to hack into the iPhone used by a gunman in the San Bernardino terror attack. But the companies have repeatedly pointed out that there’s no safe way to build an entry point just for trusted government organizations.

The Guardian, Alex Hern: How to defend your computer against the ransomware attack
BBC: Microsoft warns ransomware cyber-attack is a wake-up call
AP: FedEx confirms it hit by malware attack



As if the news of the ransomware attack wasn’t enough to worry about, there were more stories to get you looking for an island to escape to.

Politico, Shane Goldmacher:

How Trump gets his fake news

Just days earlier, K.T. McFarland, the deputy national security adviser, had given Trump a printout of two Time magazine covers. One, supposedly from the 1970s, warned of a coming ice age; the other, from 2008, about surviving global warming, according to four White House officials familiar with the matter.

Trump quickly got lathered up about the media’s hypocrisy. But there was a problem. The 1970s cover was fake, part of an Internet hoax that’s circulated for years. Staff chased down the truth and intervened before Trump tweeted or talked publicly about it…

…The consequences can be tremendous, according to a half-dozen White House officials and others with direct interactions with the president. A news story tucked into Trump’s hands at the right moment can torpedo an appointment or redirect the president’s entire agenda. Current and former Trump officials say Trump can react volcanically to negative press clips, especially those with damaging leaks, becoming engrossed in finding out where they originated.

BBC:

Met Police use of Indian hackers probed by watchdog

Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed. The police watchdog started an inquiry into claims against the Metropolitan Police after an anonymous tip-off.

It appealed for the whistleblower – believed to be a serving or retired police officer -to get in touch…

…The letter alleges the hackers accessed the email accounts of hundreds of people, including members of political and environmental pressure groups and journalists. Greenpeace was one of the organisations believed to have been named in the letter.

John Sauven, Greenpeace UK’s executive director, said the charity welcomed the announcement. “If the allegations are true, the public and our campaigners deserve to know who ordered the hacking of our staff, why an overseas company was used to break into their emails, who else was targeted and what was done with the information,” he said.



Google announced today that is making a couple changes to its AdSense program: the first will allow Google to remove ads on the page level, rather than website wide; the second is the establishment of a new Policy Center.

The first policy may lead to some frustration with those who want to see Google stop supporting fake news sites. A malicious publisher would now only have an ad withdrawn from a single story, instead of losing all their AdSense ads. Getting paid by Google is, after all, the prime motivation for most of these websites spewing garbage out over the Internet.

The Keyword (Google blog): Scott Spencer:

More ads transparency for publishers

We’re introducing a new technology for policy violations that allows us to act more quickly and more precisely when we need to remove ads from content that violates our policies. Historically, for most policy violations, we remove all ads from a publisher’s site. As we roll out page-level policy action as the new default for content violations, we’ll be able to stop showing ads on select pages, while leaving ads up on the rest of a site’s good content. We’ll still use site-level actions but only as needed. And when it’s necessary, such as in the case of egregious or persistent violations, we’ll still terminate publishers. Altogether, this means fewer disruptions for publishers.

We’re also announcing a new Policy Center as a one-stop shop for everything a publisher needs to know about policy actions that affect their sites and pages. We have been piloting this Policy Center with thousands of AdSense publishers, who have been very positive about these changes—and provided great feedback and suggestions on how to make the Policy Center more useful.

Comments are closed.