Tag: wilson | SpinSafe

John Wilson – Forbes Advisor

May 28, 2022/in Internet Security

John Wilson is a Senior Fellow responsible for Threat Research at Agari by HelpSystems where he heads up the Agari Cyber Intelligence Division (ACID). John researches business email compromise scams and conducts “active defense” engagements with threat actors. His team has identified and reported more than 6,600 bank accounts used by fraudsters to launder money and has referred several cases to law enforcement for further investigation. He assisted Microsoft and the FS-ISAC with the B54 Citadel botnet takedown in 2012. John holds a B.S. in Computer Science and Engineering from MIT.

Source…

Intrusion Preclusion: BIS Issues Long-Awaited Controls on Cybersecurity Items, Creates New License Exception | Wilson Sonsini Goodrich & Rosati

October 28, 2021/in Computer Security

On October 21, 2021, the Department of Commerce’s Bureau of Industry and Security (BIS) issued an interim final rule (the rule) implementing expanded export controls on cybersecurity items based on the belief that these items “could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.” The new controls on cybersecurity items stem from the 2013 addition by the Wassenaar Arrangement¹ (WA) of cybersecurity items, including intrusion software to Wassenaar’s list of controlled items. Public comments in 2015 indicating significant concerns over BIS’s implementation and scope of the proposed controls resulted in renegotiation of these controls at the WA’s 2017 meeting. Last week’s rule implements the WA 2017 controls. The rule is intended to prevent malicious “intrusion software” from being exported to certain countries of concern without a BIS license and not to hinder responses to cybersecurity flaws and incidents.

New Cybersecurity Related ECCNs

The rule creates new controls on hardware and software (ECCNs 4A005 and 4D004, respectively) specially designed or modified for the generation, command and control, or delivery of intrusion software. The EAR defines intrusion software as software specially designed or modified to avoid detection by monitoring tools² or to defeat protective countermeasures,³ of a computer or network capable device (such as a mobile device or smart meter). Intrusion software either 1) extracts data or information (from the computer or network-capable device) or modifies system or user data or 2) modifies the standard execution path of a program or process in order to allow the execution of externally provided instructions. According to the proposed rule, it does not include any of the following: Hypervisors, debuggers or Software Reverse Engineering (SRE) tools; Digital Rights Management (DRM) software; or software designed to be installed by manufacturers, administrators, or users, for the purposes of asset tracking or recovery.

The rule also adds paragraph 5A001.j “IP network communications surveillance systems or equipment” to ECCN 5A001 which is similar to controls on…

Source…

‘Malware sample in Wilson case named after place in AP’ | Mumbai News

February 12, 2021/in Computer Security

Mumbai: There is an Andhra Pradesh connection to the alleged planting of evidence by the National Investigating Agency in the laptop belonging to Elgar Parishad accused Rona Wilson.
When the laptop was first allegedly compromised in 2016, the hacker had named the first malware sample “Puttakota.exe.” It turns out that Puttakota is in Guntur district of Andhra Pradesh and near it lie the ruins of a 13th century hilltop Kondaveedu Fort. The place was also in the news in February 2016 after two persons were shot dead by AP anti-Naxal police in the Puttakota forest. Police had refuted claims by tribals that the deceased were “innocent hunters.” Wilson has relied on a digital forensic report by US-based Arsenal Consulting to quash the criminal proceedings against him in the Bombay high court. The NIA has submitted a chargesheet against Wilson alleging Maoist links, a conspiracy to disrupt communal peace, waging war against the nation and several terror offences under the stringent Unlawful Activities (Prevention) Act (UAPA).
The private cyber forensic report from the US said “this particular sample first connected to its C2 (command control) server on June 13, 2016 at 7.14 pm…and appears to have been customized on June 11, 2016.”
“Generally speaking and not commenting on this case, attackers usually name targeted malware based on what they perceive the target will find interesting enough to click upon. The name is the bait,” said Samir Datt, founder of Forensics Guru and president of Digital Investigators Association in India, on Thursday
The report by Mark Spencer of Arsenal Consulting said the “attacker” had a “naming convention” for the malware. “The NetWire (malware) sample ‘Puttakota.exe’ was launched from a folder named ‘requisition1302,’” said the report.
“It appears that the attacker included customization dates within ‘Host Id’ values to better identify particular Netwire samples deployed to victims such as Wilson,” the report by the consulting firm said.
While NIA has stood by the evidence it has collected, senior Pune police officers associated with the investigation of the case before it was transferred to the NIA in February…

Source…

One on One: Fred Wilson, Union Square Ventures (Nick Bilton/Bits)

June 14, 2010/in Security News

Nick Bilton / Bits:
One on One: Fred Wilson, Union Square Ventures — Fred Wilson, a New York City partner in the venture capital firm Union Square Ventures, struck gold in the late 1990s, when he helped in the multi-billion dollar sale of Geocities to Yahoo. Since then, Mr. Wilson’s firm has invested in a number …

Tag Archive for: wilson