the simurgh writes: It has been revealed today that In the past few months, two of the Pirate Bay co-founders have been repeatedly questioned by Swedish authorities, acting on behalf of the FBI. The internet now has clear evidence that Prenda is indeed being investigated by the U.S. Government for uploading their own copyrighted content in torrents placed onto The Pirate Bay, for the sole purpose of creating a honeypot trap to sue over pirated downloads.
crazyhorse44 that the Federal Trade Commission announced this week that it is launching two new robocall contests challenging the public to develop a crowd-source honeypot and better analyze data from an existing honeypot. A honeypot is an information system that may be used by government, private and academic partners to lure and analyze robocalls. The challenges are part of the FTC's long-term multi-pronged effort to combat illegal robocallers and contestants of one of the challenges will compete for $25,000 in a top prize. As part of Robocalls: Humanity Strikes Back, the FTC is asking contestants to create a technical solution for consumers that will identify unwanted robocalls received on landlines or mobile phones, and block and forward those calls to a honeypot. A qualifying phase [launched Wednesday] and runs through June 15, 2015 at 10:00 p.m. ET; and a second and final phase concludes at DEF CON 23 on Aug. 9, 2015.
An anonymous reader writes with a ruling that seems obvious in a case about police making a fake Instagram account. A federal judge in New Jersey has signed off on the practice of law enforcement using a fake Instagram account in order to become "friends" with a suspect — thus obtaining photos and other information that a person posts to their account. "No search warrant is required for the consensual sharing of this type of information," United States District Judge William Martini wrote in an opinion published last Tuesday. In other news, an undercover officer still doesn't need to tell you that he or she is a member of law enforcement if you ask.
Nerval's Lobster writes A look at some of the Shellshock-related reports from the past week makes it seem as if attackers are flooding networks with cyberattacks targeting the vulnerability in Bash that was disclosed last week. While the attackers haven't wholesale adopted the flaw, there have been quite a few attacks—but the reality is that attackers are treating the flaw as just one of many methods available in their tool kits. One way to get a front-row seat of what the attacks look like is to set up a honeypot. Luckily, threat intelligence firm ThreatStream released ShockPot, a version of its honeypot software with a specific flag, "is_shellshock," that captures attempts to trigger the Bash vulnerability. Setting up ShockPot on a Linux server from cloud host Linode.com is a snap. Since attackers are systematically scanning all available addresses in the IPv4 space, it's just a matter of time before someone finds a particular ShockPot machine. And that was definitely the case, as a honeypot set up by a Dice (yes, yes, we know) tech writer captured a total of seven Shellshock attack attempts out of 123 total attacks. On one hand, that's a lot for a machine no one knows anything about; on the other, it indicates that attackers haven't wholesale dumped other methods in favor of going after this particular bug. PHP was the most common attack method observed on this honeypot, with various attempts to trigger vulnerabilities in popular PHP applications and to execute malicious PHP scripts.
mask.of.sanity (1228908) writes "Honeypots are the perfect bait for corporate IT shops to detect hackers targeting and already within their networks and now a guide has been published to build a dirt cheap battalion of the devices from Raspberry Pis. "By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor," the author explained."
coondoggie writes: The Federal Trade Commission today announced the rules for its second robocall exterminating challenge, known this time as Zapping Rachel Robocall Contest. 'Rachel From Cardholder Services,' was a large robocall scam the agency took out in 2012. The agency will be hosting a contest at next month's DEF CON security conference to build open-source methods to lure robocallers into honeypots and to predict which calls are robocalls. They'll be awarding cash prizes for the top solutions.
jfruh (300774) writes As social networks proliferated in the early '10s, so did the idea of a corporate social network — a Facebook-like community on an intranet where employees could interact. Unfortunately, corporate users are staying away in droves, perceiving the systems as one more in-box they'd have to take care of and getting their social-networking fix from Facebook and the like. From what I've seen of these internal networks, another good reason is that they're not as good as the full-time social networks are, and offer access only to a small universe of particpants anyhow. They're like a central-casting "rock band" in '80s movies — they come off as conspicuously aping the real thing.
UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."
Nerval's Lobster writes "In a video report posted Feb. 4, NBC News reporter Richard Engel, with the help of a security analyst, two fresh laptops, a new cell phone, and a fake identity, pretended to go online with the technical naiveté of a Neanderthal housepet. (Engel's video blog is here.) Almost as soon as he turned on the phone in the Sochi airport, Engel reported hackers snooping around, testing the security of the machines. Engel's story didn't explain whether 'snooping around' meant someone was port-scanning his device in particular with the intention of cracking its security and prying out its secrets, no matter how much effort it took, or if the 'snooping' was other WiFi devices looking for access points and trying automatically to connect with those that were unprotected. Judging from the rest of his story, it was more likely the latter. Engel also reported hackers snooping around a honeypot set up by his security consultant which, as Gartner analyst Paul Proctor also pointed out in a blog posting, is like leaving the honey open and complaining when it attracts flies. When you try to communicate with anything, it also tries to communicate with you; that's how networked computers work: They communicate with each other. None of the 'hacks' or intrusions Engel created or sought out for himself have anything to do with Russia or Sochi, however; those 'hacks' he experienced could have happened in any Starbucks in the country, and does almost every day, Proctor wrote. That's why there is antivirus software for phones and laptops. It's why every expert, document, video, audio clip or even game that has anything at all to do with cybersecurity makes sure to mention you should never open attachments from spam email, or in email from people you don't know, and you should set up your browser to keep random web sites from downloading and installing anything they want on your computer. But keep up the fear-mongering."
holy_calamity writes "MIT Technology Review reports on a new cryptosystem designed to protect stolen data against attempts to break encryption by brute force guessing of the password or key. Honey Encryption serves up plausible fake data in response to every incorrect guess of the password. If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data. Ari Juels, who invented the technique and was previously chief scientist at RSA, is working on software to protect password managers using the technique."
Freshly Exhumed writes "TorrentFreak has broken the news that after more than a year of downtime the Demonoid tracker is back online. The tracker is linked to nearly 400,000 torrent files and more than a million peers, which makes it one of the largest working BitTorrent trackers on the Internet. There is no word yet on when the site will make a full comeback, but the people behind it say they are working to revive one of the most famous file-sharing communities. As the single largest semi-private BitTorrent tracker that ever existed, Demonoid used to offer a home to millions of file-sharers. Note that this is apparently the original Demonoid and not the d2 site that claims to be using the Demonoid database."
An anonymous reader writes "The Foursquare blog has an interesting post about some of the math they use to evaluate and verify the massive amount of user-generated data that enters their database. They need to figure out the likelihood that any given datapoint accurately represents reality, so they've worked out a complicated formula that will minimize abuse. Quoting: 'By choosing the points based on a user's accuracy, we can intelligently accrue certainty about a proposed update and stop the voting process as soon as the math guarantees the required certainty. ... The parameters are automatically trained and can adapt to changes in the behavior of the userbase. No more long meetings debating how many points to grant to a narrow use case. So far, we've taken a very user-centric view of p-sub-k (this is the accuracy of user k). But we can go well beyond that. For example, p-sub-k could be "the accuracy of user k's vote given that they have been to the venue three times before and work nearby." These clauses can be arbitrarily complicated and estimated from a (logistic) regression of the honeypot performance. The point is that these changes will be based on data and not subjective judgments of how many "points" a user or situation should get."
mrspoonsi writes "Dutch researchers conducted a 10-week sting, using a life-like, computer-generated 10-year-old Filipino girl named 'Sweetie.' During this time, 20,000 men contacted her. 1,000 of these men offered money to remove clothing (254 were from the U.S., 110 from the U.K. and 103 from India). Charity organization Terre des Hommes launched a global campaign to stop 'webcam sex tourism.' It has 'handed over its findings to police and has said it will provide authorities with the technology it has developed."
An anonymous reader writes "The administrator of file-sharing site UploaderTalk shocked and enraged his userbase a few days ago when he revealed that the site was nothing more than a honeypot set up by a company called Nuke Piracy. The main purpose of the site had been to gather data on its users. The administrator said, 'I collected info on file hosts, web hosts, websites. I suckered $#!&loads of you. I built a history, got the trust of some very important people in the warez scene collecting information and data all the time.' Nobody knows what Nuke Piracy is going to do with the data, but it seems reasonable to expect lawsuits and the further investigation of any services the users discussed. His very public betrayal is likely meant to sow discord and distrust among the groups responsible for distributing pirated files."
First time accepted submitter xavier2dc writes "TrueCrypt is a popular software enabling data protection by means of encryption for all categories of users. It is getting even more attention lately following the revelations of the NSA as the authors remain anonymous and no thorough security audit have yet been conducted to prove it is not backdoored in any way. This has led several concerns raised in different places, such as this blog post, this one, this security analysis [PDF], also related on that blog post from which IsTrueCryptAuditedYet? was born. One of the recurring questions is: What if the binaries provided on the website were different than the source code and they included hidden features? To address this issue, I built the software from the official sources in a careful way and was able to match the official binaries. According to my findings, all three recent major versions (v7.1a, v7.0a, v6.3a) exactly match the sources."
Despite being part of public court proceedings, Comcast sent a notice of infringement ordering Torrent Freak to stop hosting a letter linking a subscriber to Prenda Law. From the article: "Comcast has sent TorrentFreak a cease and desist letter, claiming copyright over contents of an article which revealed that Prenda Law was involved in operating a pirate honeypot. Failure to comply will result in a lawsuit in which the Internet provider will seek damages, a Comcast representative informs us. In addition, Comcast also alerted our hosting provider, who is now threatening to shut down our server."
lightbox32 writes "Porn-trolling operation Prenda Law sued thousands for illegally downloading porn files over BitTorrent. Now, a new document from Comcast appears to confirm suspicions that it was actually Prenda mastermind John Steele who uploaded those files. The allegations about uploading porn to The Pirate Bay to create a 'honeypot' to lure downloaders first became public in June, when an expert report filed by Delvan Neville was filed in a Florida case. The allegations gained steam when The Pirate Bay dug through its own backup tapes to find more evidence linking John Steele to an account called sharkmp4." The problem for Prenda being that initiating the torrent would give anyone who grabbed it an implied license.
holy_calamity writes "MIT Technology Review reports that APT1, the China-based hacking group said to steal data from U.S. companies, has been caught taking over a decoy water plant control system. The honeypot mimicked the remote access control panels and physical control system of a U.S. municipal water plant. The decoy was one of 12 set up in 8 countries around the world, which together attracted more than 70 attacks, 10 of which completely compromised the control system. China and Russia were the leading sources of the attacks. The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."
snydeq writes "Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security, writes Roger A. Grimes, introducing his five true tales of (mostly) white hat hacking. 'Three guys sitting in a room, hacking away, watching porn, and getting paid to do it — life was good,' Grimes writes of a gig probing for vulnerabilities in a set-top box for a large cable company hoping to prevent hackers from posting porn to the Disney Channel feed. Spamming porn spammers, Web beacon stings with the FBI, luring a spy to a honeypot — 'I can't say I'm proud of all the things I did, but the stories speak for themselves.'"
msm1267 writes "Conpot, short for Control Honeypot, is one of the first publicly available honeypots for industrial control systems (ICS) and SCADA gear. Built by two researchers from the Honeynet Project, the hope is that others will take what they started, deploy it on their own critical infrastructure networks and share the findings. 'The main goal is to make this kind of technology available for a general audience,' said Lukas Rist, one of the developers. 'Not just for security researchers, but also for people who are sysadmins setting up ICS systems who have no clue what could happen and want to see malware attacks against their systems and not put them in any danger.'" Unlike previous ICS Honeypots, this one simulates the control systems rather than requiring that you happen to own an actual industrial control system.