Category: News

The Big Business Hackers

When you imagine a team of highly skilled hackers attempting to make money, most people will probably think of some criminal exercise of exploitation, cyber crime or extortion.   You certainly wouldn’t think of the stock market or investment firms profiting directly from this sort of enterprise – yet it seems this is exactly what is happening.

Hacking is going mainstream and it looks likely that there will be a lot more profit going legitimate than through the standard ransom or blackmailing routes.   Others will perhaps argue that these new methods are pretty much the same as the criminals use.

The story arises from the tactics of a company called MedSec a cyber security firm which has recently started up.  They investigated a range of hospitals and medical hardware for potential security issues and identified one medical devices company to be at particular risk – St Jude Medical Incorporated, more specifically the pacemakers and defibrillators they make.

At this point MedSec faced a classic, traditional ‘hackers dilemma’ – you find a serious vulnerability – what do you do?   For the ethical hacker it often represented a difficult choice particularly if a little digital trespassing was involved.  Many individuals have found themselves behind bars after attempting to inform a company or organisation about a vulnerability in their software or network, while some have been praised and rewarded.   The MedSec guys though have a plan to inform and profit at the same time, although the ethics seem fairly dubious to many.

They approached an investment firm run by Carson Block called Muddy Waters Capital LLC with their money making initiative.   The idea was unusual, MedSec team would prepare all the evidence demonstrating the problems with the medical devices, however before making this public the investment company would take out a short position on the parent company of St Jude Medical.    Basically they would both make money if the share price fell in response to the negative news.

Sounds like insider dealing? Perhaps, although it is assumed legal advice was taken before this unusual tactic  – here’s a MedSec representative justifying their tactics.

Convinced? Nope me neither, I suspect they may be in trouble for using this tactic. Where will it end ? The false concern about patients using these medical devices to try and justify their money making scheme was particularly hard to believe. Currently the tactic seems to have paid off though with the share price falling significantly and presumably making the ‘short’ position profitable.

Activism or Sensationalism – Erdogan Emails

It’s a pretty turbulent in Turkey at the moment, with many people genuinely worrying about it’s future as a democratic republic.  The failed military coup has ignited all sectors of the country and President Erdogan has seized the opportunity to round up his enemies and imprison them.

So it’s obviously a pretty dramatic time for WikiLeaks to release what’s it’s calling the Erdogan Emails which it says is leaked from the AKP, the ruling party in Turkey.  There are approximately 300,000 which are being released in stages, you can find them on the WikiLeaks website in a searchable database.

turkey-953415_640

The response has been predictable, the WikiLeaks site has been blocked in Turkey and the activists around the world have shouted and tweeted about the censorship of the Turkish Government. Although people in Turkey are well versed in the use of Open DNS, VPNs and proxies so this has very little effect.

They are of course right, but it doesn’t take much for the Turkish authorities to start banning stuff, in fact it doesn’t mean anything in itself.  Which in this case seems to be the problem, this leak doesn’t seem to actually contain much more than personal information of ordinary Turkish women.   I have had a decent look and found nothing but apparently others have been combing through this stuff for days without finding anything vaguely relevant to power (and/or the abuse of it).

There is however a lot of personal private information of ordinary Turkish voters such as the home addresses, phone numbers or women in most of the Turkish voters list.    Also identifying information such as the Turkish Citizen ID whether they’re in the AKP and similar – in truth it’s the sort of information of much more use to Identity thieves and stalkers than freedom fighters.

There is no doubt that this information could be used to cause significant damage to innocent individuals, so was WikiLeaks right to publish this?

It’s easy to argue the case that WikiLeaks isn’t responsible for deciding what is or isn’t released. Plus the resources needed to individually check and verify the data fully is probably beyond the organisation. However surely there should be some cursory checks before releasing the personal details of so many innocent Turkish women. It really is difficult to get passed the mundane and personal feel to these emails, much of it just simple correspondence from Turkish citizens.

The reality is that the information was probably already available before WikiLeaks released it, including all the people likely to try and exploit this information. The opposite argument suggests that once information is already released then it’s best for as many people possible to be aware, the victims are better forewarned than ignorant.

Overall though I think an organisation like WikiLeaks should be careful that the information released is in the public interest, perhaps we might find something in the coming months in these emails too.

Security Concerns of Pokémon GO

There’s a certain virtual reality type game that’s causing quite a stir at the moment, it’s called Pokémon GO and in common with anyone over 40 years old – I think it’s utterly pointless. However I seem to be in a minority and there does seem to be some upside – my son actually voluntarily walked the dog yesterday, I feel the need to add exclamation marks to this statement but instead here’s a picture which perhaps illustrates better ….

pokemon-dog

Yes of course he didn’t actually want to walk the dog he went searching for these virtual, cartoon type things with his phone.   Look carefully as you go about your business and you’ll notice these Pokemon hunters blindly walking into street signs, busy roads all the time transfixed by their phones.    Reading up in the papers and online there are stories of people walking off cliffs, being mugged and even finding corpses whilst engaged in Pokémon GO.

So here’s some brief security tips on playing safely:

  1. Download from a trusted source: There are bound to be dodgy or malware filled copies of the game floating around all over the internet, don’t be dumb download it from a reputable source. Go to Google Play or Apple App store, search for the application and select the one with millions and millions of downloads. Seriously it might be slow but you should be ultra careful installing anything which has access to your GPS.
  2.  Remember GPS: Your location will be tagged and marked, if you want to remain incognito or simply want to keep your location discrete don’t play.
  3.  Keep your Privacy: Don’t log into the app with your main account. Don’t log in with your main gmail, google or Facebook account you will be releasing your personal information to the app owner who can of course tie it into your physical location using the GPS data, too creepy – use a throwaway account or login directly.
  4. Play Safe: Don’t wander around dangerous places you are unfamiliar with, staring at your phone like an idiot waiting to be mugged. Be sensible and keep to safe and public places, don’t trespass or climb into private property – imagine how sad you’re going to look when the police are called.
  5. Everyone Can See Pokestops: Be especially careful when using Pokestops, try to go with a friend or group. Don’t visit them late at night in remote places, people have been mugged or robbed at these locations.

There will inevitably be some stories of bad stuff happening to Pokémon GO players. However in reality bad stuff happens to people all the time, although stupidity does increase your chances. I suspect it will eventually get taken off the market when a series of law suits arrives from Pokémon GO related incidents. At the moment though it’s at least trebled my teenage son’s activity level, my dog walking duties have been reduced and well all these kids seem to have a smile on their face for a change – so enjoy.

Finding a US Netflix VPN

There is something of a battle going on across the internet and it looks like it’s going to continue for a long time.  On the one side are the media giants of the internet, companies like Netflix, Amazon, BBC and Hulu who supply streaming media services to millions across the planet, on the other are the users of these services who use the better VPN services when they access the internet.   The growth of the VPN (virtual private network) has been pretty incredible, once they were primarily used for very high security connections such as people dialing back into corporate networks to access confidential servers.  Nowadays millions of people use them for everyday browsing and accessing secure sites online, they also use them to bypass the various blocks and filters which have been established by the media companies – but what is really the a good US Netflix VPN.

This is a big problem for the media companies, many of whom have very specific licensing agreements which allow them to broadcast in specific countries.  This however has led to huge disparities in the service offered across different countries – the Netflix service in some countries offers a very small proportion of the movies and shows available in US Netflix for example.   Not surprisingly people use VPNs to allow them to switch to the better services, in fact it is estimated that there were nearly half a million Australian Netflix subscribers before it was even available in that country! The practice was pretty much ignored until recently, most of the media companies blocked the easier to detect proxies but didn’t do anything about the many VPN users, until recently.

There’s obviously something happening behind the scenes, likely the content providers themselves are forcing the media companies to enforce the licensing agreements.  It’s  a crazy situation where online media is still licensed in this way, instead of globally which is after all how the internet was meant to work.   The reality is that millions of VPN users are now finding their service blocked or restricted in the wake of this clampdown.  Netflix have been particularly aggressive in blocking access to people using a VPN, it used to be simple but now you’re liable to get the following message –

US Netflix VPN

Quite a friendly, happy message but it’s meant millions have been either blocked completely from accessing Netflix or restricted to using the one offered in their own country.    Some VPNs still work, however before I give some clues to how to choose a US Netflix VPN I’d first like to clarify a couple of points that I see in comments on this site and across the internet.

  • First, a VPN is not illegal, criminal or anything like that.  It is perfectly legitimate to use a VPN all the time when you connect to the internet and many millions do to protect their security and privacy.
  • You are also not committing a criminal act by using an American VPN to access US Netflix from somewhere like Canada, UK or Europe.   At the very worst you are breaking the Netflix Terms and Conditions and could get your subscription cancelled – though it’s not happened to anyone yet as far as I’m aware.
  • VPNs are now useless because they can be detected by media websites, this is incorrect.  A VPN service still provides you with encryption and privacy whilst you’re online and they are still very smart thing to use particularly if you’re travelling and using unknown Wifi hot spots and networks.  The media companies block these VPN connections by building up lists of IP addresses which they suspect to be VPNs.

This is the reality of the situation, although it’s virtually impossible to detect the use of a VPN – companies like Netflix can build up lists of IP addresses used by VPN services and put them into a black list denied access.    This is quite easy to do, they simply target high profile online services who advertise a lot and they also monitor which IP addresses are used for multiple, simultaneous connections.

When choosing the best VPN for Netflix and other services, there’s a few simple rules to follow.  Firstly look for a low key web site which doesn’t openly advertise the facility to watch these services.  One of my favorite pre-purge options for watching US Netflix was a successful company called Overplay and their Smart DNS service, their servers were among the first to be blocked and stopped working for me several months ago for Netflix.  They have also aggressively targeted the online TV watching facilities, both directly on their websites and through advertising.

Choose a VPN service which doesn’t mention the media companies, they still work the same way but are less likely to get blocked.

Be cautious, particularly if your primary requirement is a VPN to watch a specific region of Netflix.  What is currently happening, is a cat and mouse game – Netflix will block a range of IP addresses and access will be blocked, the VPN service will switch out these ranges and replace with others enabling them to work with Netflix again.  This has been continuing over the last few months and there’s no way of knowing how long this will last.   It is time consuming and expensive for both sides in the war, and the result probably depends on whether Netflix continues their efforts to block all VPN servers.

Update – July 7th 2016, Netflix have now blocked almost all VPN services from accessing their site by restricting access to only residential IP addresses. However . have issued an update and expanded their network to include residential addresses. I’ve been testing for a couple of weeks and it now works perfectly for US Netflix – you can try their . here. It’s now not only the Best VPN for Netflix but one of the only ones that now works, currently you can only access the US version of Netflix but that’s expected to expand although this is the version that most VPN users want access to.

Hollywood Hospital Pays Hacker Ransom

For many years, those of us working in IT security have heard phrases like ‘why should hackers target us?’.  They think they’ve nothing to hide, there’s no gain to be made attacking them so security is neglected on this basis.  Unfortunately virtually any individual, company or organisation is a potential target as the Hollywood Presbyterian Medical Centre recently discovered.

Hollywood Presbyterian Centre

The incident occurred on february 5th when hackers managed to infiltrate the hospital’s servers and infected them with malware effectively blocking all communication within the hospital.  The software was actually a specific type of malware known as ransomware – specifically designed to hold the victim to ransom – pay up or lose your data.  There are two main types of ransomware (although probably more will be developed) –

  • Lockscreen – Locks you out of your computer either by blocking boot-up or a screen saver preventing access.  There will be usually be a message on how you can regain access.
  • File Encryption – Normally will leave the majority of your computer alone but will encrypt all data files making them inaccessible.  Again you’ll usually get a message on how to obtain the decryption key.

The lock-screen types can usually be bypassed with some technical assistance, in fact it’s usually very simple  to fix.  The file encryption ransomware is much more difficult to get rid of if implemented correctly, the only solution is normally to get the decryption key.

Unfortunately for the Hollywood Presbyterian Medical Centre, they were subjected to the file encryption attack which encrypted many of the core data files on the hospital’s computer systems.  This paralysed the hospital who were forced to use pen and paper for ongoing record keeping.  The hospital realised that the quickest solution was to pay the $17000 ransom to obtain the decryption key despite the obvious risks.

The CEO Allen Stefanek made this call and fortunately with some technical assistance and the decryption key they were able to restore all it’s computer systems.  Stefanek stated that patient care was never compromised, nor were hospital records.

However this is a difficult statement to believe although patient care might have been protected, it’s impossible to know whether the hospital records and patient data were compromised.  If you have allowed malware onto your computer systems then there’s no way you can be 100% sure what else that software has done, it could have easily stolen data records as well as encrypting them.

The case has been now passed to the FBI, so there is a very strong chance the culprits will be caught.  The most difficult part of these attacks is hiding your tracks and is rarely accomplished completely.  The attackers did demand payment in bitcoins which is much harder to trace but there network and computer forensics will often leave clues as the origin on the infection or from the ransom demand communication.