Tag Archive for: Vast

Vast botnet hijacks smart TVs for prime-time cybercrime • The Register

/in


Updated Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.

At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and other streaming hardware via pirated apps and firmware updates.

A common infection scenario would see a user visit a dodgy streaming site while browsing on their smartphone, only to then be pushed into downloading the associated malicious app to their Android-based smart TV.

A user would then have their device backdoored and its resources made available for use in various cybercrimes, including DDoS attacks and hijacking other streams, replacing other channels’ content with an attacker’s.

Such a case happened in the United Arab Emirates back in December 2023, for example, where regular broadcasts were hijacked with imagery from inside the conflict between Israel and Palestine.

“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” said researchers at Chinese security biz Qianxin.

The researchers didn’t detail the history of the botnet’s DDoS activity or blame it for any high-profile attacks, but to get a feel for what it’s capable of, its DDoS commands are inherited from the infamous Mirai.

Qianxin’s investigation revealed the malware, called pandoraspear, added 11 different Mirai-related DDoS attack vectors to its list of commands after the first few versions had comparably weaker tools in this area.

As we all know, Mirai was responsible for some of the most high-profile DDoS attacks from yesteryear, including those on Dyn, GitHub, Reddit, and Airbnb – all falling on that one October 2016 day that broke the internet (not in the viral sensation kind). It’s also a malware that just keeps cropping up and is under active development to this day.

In trying to trace the identity of those behind pandoraspear, Qianxin’s researchers eventually narrowed their search down to a single company but…

Source…

“Instagram Connects Vast Pedophile Network”

/in


Reporting underscores need for a national data privacy standard

A new investigative report is out by the Wall Street Journal and the evidence is clear: Instagram connects and promotes accounts that are openly dedicated to the purchasing and selling of child sexual abuse materials. Instagram is allowing this content to spread in violation of both federal law and Meta’s own platform rules.

The Journal’s reporting underscores the need to pass a national data privacy standard. It’s the best way to protect Americans online, especially kids, and hold Big Tech companies accountable for its dangerous algorithms.

Top takeaways from the report:

1. Instagram’s algorithms actively promote illicit content.

As reported by the WSJ: “Pedophiles have long used the internet, but unlike the forums and file-transfer services that cater to people who have interest in illicit content, Instagram doesn’t merely host these activities Instagram connects pedophiles and guides them to content sellers via recommendation systems.”

“Even glancing contact with an account in Instagram’s pedophile community can trigger the platform to begin recommending that users join it.”

2. Instagram allows explicit hashtags which connect users to accounts that advertise child-sex material for sale.

“The researchers found that Instagram enabled people to search explicit hashtags such as #pedowhore and #preteensex and connected them to accounts that used the terms to advertise child-sex material for sale.”

3. Instagram has allowed users to search for terms that its own algorithms know may be harmful or illegal content.

MicrosoftTeams-image (9).png

WSJ: A screenshot taken by the Stanford Internet Observatory shows the warning and clickthrough option when searching for a pedophilia-related hashtag on Instagram.

PHOTO: STANFORD INTERNET OBSERVATORY

“In response to questions from the Journal, Instagram removed the option for users to view search results for terms likely to produce illegal images. The company declined to say why it had offered the option.”

4. Instagram’s parent company, Meta, admitted they are not enforcing their policies and have failed to combat inappropriate content.

“Earlier this year, an anti-pedophile activist…

Source…

Myanmar’s Internet Shutdown Is an Act of ‘Vast Self-Harm’

/in


From June 2019 until this February, 1.4 million people in Myanmar’s Rakhine state dealt with the longest government-mandated internet shutdown in history, targeted at the Rohingya ethnic minority that makes up most of Rakhine’s population. The connectivity blackout finally ended at the beginning of February, days after Myanmar’s military deposed democratically elected officials and seized control of the country. But the reprieve was short-lived. 

Over the past two months the military junta has continued to use the mechanisms for digital control put in place by Myanmar’s previous regimes, escalating platform-blocking and digital censorship across Myanmar and initiating different combinations of mobile data and wireless broadband outages, including various overnight connectivity blackouts for 46 consecutive days. On the 47th night, this Friday at 1 am local time, the government mandated that all telecoms cut wireless and mobile internet access across the entire country. More than 24 hours later, it has not returned.

“What authorities are doing in the online environment is a reflection of their crackdown in the offline environment,” says Oliver Spencer, adviser to Free Expression Myanmar, a domestic human rights group. “They’re destroying businesses, conducting raids, arbitrarily rounding people up, and shooting people. Their objective is to spread so much fear that the unrest, the opposition, just dies, because people’s fear overtakes their anger. Shutting down the internet is meant to be just one demonstration of their absolute power. But it’s a vast self-harm.”

Authorities have left hardwired internet access available so banks, large corporations, and the junta’s own operations can retain some connectivity. But the overwhelming majority of Myanmar’s 54 million citizens, as well as its small and medium-sized businesses and gig economy, rely on mobile data and wireless broadband access for their internet. Physical phone, coaxial cable, or fiber optic hookups are rare in the country. 

In addition to stifling speech, communication, and digital rights, the indiscriminate internet blackouts are destroying Myanmar’s economy, halting pandemic-related remote schooling, and disrupting…

Source…

Cyberattack on U.S. government is just part of a vast and ignored Russian threat

/in


ANALYSIS/OPINION:

Russia’s recent mass-scale cyber intelligence operation, targeting multiple government agencies, corporations and think tanks, was a catastrophic event.

The Russians compromised vital U.S. infrastructure, defense and technology industries, and critical government agencies, such as the Departments of Homeland Security, Defense, State, Energy and Treasury. The attackers exhibited highly sophisticated tradecraft, exceptional operational stealth, and extreme patience and determination. 

What very few Americans realize is that this is but a single page out of Russian President Vladimir Putin’s war plan for defeating America. The success of this operation resulted from a failure to recognize the systemic Russian threat to the United States and treat it with the seriousness it requires. While the American leadership class is focused on the long-range threat from China and fantasies about Mr. Putin deputizing President Trump as a secret agent, the present and ongoing danger from the Kremlin is frighteningly minimized.

A close reading of unclassified, often highly technical, Russian-language sources has convinced me that Russia expects eventual war with the United States and is preparing for it. 

Source…