Search the Community
Showing results for tags 'putin'.
Karlston posted a topic in Security & Privacy NewsBill mandates Internet filtering and creates a Russian version of DNS. Enlarge / Russian President Vladimir Putin speaks on April 27, 2019, in Beijing. Mikhail Svetlov/Getty Images Russian President Vladimir Putin has signed a controversial "Internet sovereignty" bill that strengthens the government's control over the Russian Internet. Back in March, we reported on Putin signing two other bills that gave the Russian government the power to punish people for the online publication of fake news and insults to public officials. The latest bill focuses lower on the technology stack. The New America Foundation published a detailed analysis of the bill back in February: The law pulls "traffic exchange points" under the jurisdiction of the law. This year's proposed amendments define traffic exchange points as the "communications facilities" that "connect... and pass traffic between communication networks of telecommunications operators"—essentially what we refer to as Internet Exchange Points, or IXPs. The amendments set out that traffic exchange points must comply with orders from and share information with the Federal Service for the Supervision of Communications, Information Technology, and Mass Media—better known as Roskomnadzor, or Roskom. Traffic-exchange-point operators must also comply with requests from Roskomnadzor that they adjust their routing and develop the capacity to resolve domain names using the—as of yet incomplete—Russian national domain name system (DNS). The second function of the law is to provide Roskomnadzor with authorities to centralize management over the Russian internet in cases where the "integrity, stability, and security" of the Russian Internet is threatened. The law sets out that Roskomnadzor will establish the "procedure, terms, and technical conditions for the instillation of technical means" for "countering threats," as well as the requirements for the use of this technology. Roskomnadzor can then carry out the "centralized management" of the Internet by managing these "technical means" of "countering threats" or by sending "binding instructions to telecom operators, network operators, and other persons having an autonomous system number." In addition, Roskomnadzor will be given authorities to block illegal information resources using this same technology, even when not acting as the centralized manager of the Internet. Currently, Roskomnadzor issues orders to telecoms to block undesirable information. The new authority and accompanying technology could allow Roskomnadzor to institute a national firewall similar to the Golden Shield in China. New requirements are scheduled to go into effect on November 1, according to the Financial Times. Officially, the bill is designed to protect the Russian Internet against foreign threats, including the risk that Russia could be cut off from the rest of the Internet. The Russian government is aiming to get the vast majority of Russian Internet traffic routed domestically in the next few years. That would make it harder for foreign governments, including the United States, to spy on or interfere with Russians' use of the Internet. Supporters of the bill have portrayed it as a response to America's allegedly aggressive cybersecurity efforts targeted at Russia. But of course, centralizing control over Internet routing in Russia also gives the Russian government stronger powers to monitor, control, and censor its own population's Internet use. In an extreme case, it could allow the government to cut Russian Internet users from external sources. The changes to routing and DNS would make it easier for a domestic Russian Internet to continue functioning while it's cut off from the rest of the world. Fears of such abuses inspired strong opposition to the legislation from civil libertarians, Russian opposition parties, and ordinary Russian citizens. But their opposition wasn't enough to stop the legislation from being approved by the Russian Duma (which is dominated by Putin's United Russia party) or from the Federation Council (the upper house of Russia's parliament). Russia has been working on online "sovereignty" policies for several years. Back in 2014, we covered a new "data sovereignty" law that requires Russian citizens' data to be held on servers physically based in Russia. That effort was inspired in part by Edward Snowden's 2013 revelations that the National Security Agency had compelled US technology giants to cooperate with US surveillance efforts. Source: Putin signs “Internet sovereignty” bill that expands censorship (Ars Technica)
steven36 posted a topic in Security & Privacy NewsCybercriminals are leveraging political names and figures for social engineering as the elections loom. With the U.S. presidential elections looming, bad actors are tapping into the political craze with several malware distribution campaigns, using high-profile political names to tap into victims’ emotions and convince them to click on malicious links. Researchers have uncovered hundreds of politically-charged malware campaigns – distributing ransomware, remote access trojans (RATs) and more – using the names of prominent political figures like U.S. President Donald Trump, Russia President Vladimir Putin, North Korea ruler Kim Jong-un and more. “As this investigation has exposed, adversaries will go to any lengths and use anything they deem advantageous, from pop culture to political references — everything is fair game,” Nick Biasini and Edmund Brumaghin, researchers with Cisco Talos, said in a Tuesday analysis, shared with Threatpost ahead of publication. “This is applicable not only to the adversaries delivering malware, but also the miscreants writing tools for adversaries to leverage including crypters, injectors and loaders.” After investigating a malspam campaign that peddled an executable called “trump.exe,” Biasini and Brumaghin began looking for other types of campaigns leveraging political figures. They found a broad range of applications – some designed to lure victims into paying ransom demands, and others used to gain backdoor access to systems and provide attackers the ability to operate within organizational networks. The political themes uncovered are not aimed at disinformation – which is another matter altogether that companies like Facebook and Twitter have been grappling with – but rather used as lures aimed to fool victims into clicking or downloading various types of malware, researchers stressed. RATs Researchers uncovered a variety of politically themed remote access trojans (RATs) that utilized political themes to trick victims into downloading malware. For instance, researchers said they came across a RAT that was being delivered via a Word document titled “12 things Trump should know about North Korea.doc,”spread via phishing. (Researchers did not say who specifically was targeted). At first, when opened on an analysis system the document did not appear to function properly, taking several minutes to load – but after further investigation, it was determined that during that slow opening, Dynamic Link Libraries (DLLs) that were being reconstructed from data present within the document itself, which finally executed malware called Konni RAT. Konni RAT, discovered in 2014, has been used in attacks against government agencies and public organizations linked to North Korea. Researchers also found political themes in various malicious Excel spreadsheets, including one spreadsheet titled “Trump_administration_economic_indicators_on_China_investments.xls” containing malicious macros that are responsible for infecting systems with the PoisonIvy RAT, which is known for cyberespionage and has been used in attacks with ties to Chine. Among other politically-motivated themes used to distribute RATs “were [file infecting malware] Neshta, which utilized a theme around North Korean leader Kim Jong-un. Additionally, we found an NjRAT campaign [njRAT is a RAT that may run in the background and silently collect information about the system, connected users, and network activity] that delivered an unusual decoy image. This same image was used as the icon for the executable, aptly named ‘Papa-Putin.exe,'” researchers said. Iconography Researchers said that malware such as ransomware, packers (software that unpacks itself in memory when the “packed file” is executed) and crypters (commonly used to attempt to evade antivirus detection by encrypting or obfuscating malicious code associated with malware binaries) were also found using iconography that was associated with Trump. For instance, researchers found an array of fake ransomware campaigns that featured iconography related to political figures including Donald Trump. Interestingly, the samples didn’t always encrypt the victims’ data properly, or at all, but researchers said they did lead users to believe their data was lost. One variant, for instance, appeared to start encrypting files once downloaded and told the victim “This is the Donald Trump ransomware” with an image of Trump. Another is a ransomware themed around Putin, with the title “Putin Lockware 2.0.” As with most screenlockers, the malware simply removes the icons, taskbar, and task manager on the victim machine and displays the application window displayed above in full-screen mode, researchers said. “These steps are performed in an attempt to make exiting the application difficult for victims and maximizes the likelihood of a successful ransom payment,” researchers said. “It then directs the user to communicate with the adversary through some means, in this example email, at which point they will demand money to provide the code to ‘unlock’ the screen.” As the U.S. Presidential Elections draw closer, researchers warned end users to be on the lookout for political name-dropping and iconography used in various malware distribution campaigns – especially via suspicious websites and emails. “One of the unexpected aspects of the investigation was the presence of lures that dropped malware associated with multiple nation-state attacks in the past, showing how even advanced, sophisticated adversaries will use any means to achieve their nefarious goals,” researchers said. “We were also struck by the wide array of different malware from ransomware and screenlockers, to adware and remote access trojans, and everything in between.” Source