Month: February 2016

Utah state representative David Lifferth has written a bill that, if passed, would make it punishable by law to post his name, likeness, and love for yeti selfies on the Internet. (credit: David Lifferth)

A bill proposed in the Utah State House of Representatives on Monday would update and amend passages in the state's criminal code regarding "offenses committed by means of electronic or computer functions." However, in attempting to address the issue of "doxing"—meaning, publishing personally identifying information on the Internet as a way to harass or attack someone—the bill's language may consequently target free online speech.

Utah HB 255, titled "Cybercrime Amendments," counts State Representative David E. Lifferth as its lead sponsor, and it includes amendments that would penalize denial-of-service attacks and false emergency reports at specific locations (i.e. swatting). Utah state criminal code already punishes certain kinds of electronic communications "with intent to annoy, alarm, intimidate, offend, abuse, threaten, harass, frighten, or disrupt the electronic communications of another," and HB 255 would append that specific passage to count the act of "distributing personal identifying information" as actionable, should that be done with any of the aforementioned intent.

"This bill as drafted is clearly unconstitutional," Electronic Frontier Foundation Staff Attorney Nate Cardozo said to Ars Technica in a phone interview. "There may be anti-doxing legislation out there which does make sense, but this bill creates a crime if you, with the intent to annoy, publish someone else's name. If I want to say [online], 'Sam is a poo-poo head,' that's a crime under this draft."

A federal judge has dismissed a proposed class-action lawsuit against Google that alleges fraud because the media giant sometimes requires people wanting a free Gmail account to spend seconds filling out a two-word CAPTCHA—the second word of which is not for security purposes and instead provides an economic gain to Google unbeknownst to the user.

As we all know, CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." They're everywhere online, and are designed to do what they say. They usually ask online surfers to type in a word that appears on the screen to enable deeper access into a website and hopefully keep out bots.

The JSocket website: open for business on the open Web (at least right now). (credit: Sean Gallagher)

A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service. It was recently detected in an attack on a Singapore bank employee. Previously known as AlienSpy or Adawind, the malware was all but shut down in 2015 after the domains associated with its command and control network were suspended by GoDaddy. But according to Vitaly Kamluk, the director of Kaspersky Lab's Asia/Pacific research and analysis team, the malware has been modified, rebranded, and is open for service again to customers ranging from Nigerian scam operators to possible nation-state actors. Ars has confirmed that the service is offered openly through a website on the public Internet.

AlienSpy was found last spring on the Android phone of Alberto Nisman, the Argentinian prosecutor who died under suspicious circumstances just as he was apparently about to deliver a report implicating the Argentine government in the bombing of a Buenos Aires Jewish community center in 1994. Now resurrected under the names JSocket and jRat, according to a presentation by Kamluk at the Kaspersky Security Analyst Summit 2016 in Tenerife, the malware is available through an open website to subscribers at prices ranging from $30 for one month to $200 for an unlimited license. Kamluk believes the service's author is a native Spanish speaker, possibly based out of Mexico.

JSocket includes a number of typical "RAT" (remote access tool) capabilities, including video capture from webcams, audio capture from microphones, the ability to detect antivirus software on a system, a keylogger to record key strokes, and a virtual private network key-stealing feature that could be used to gain access to any of the VPNs used by the victim. Kaspersky has tracked more than 150 attack campaigns against more than 60,000 targets with the latest iterations of the malware, with Nigerian e-mail-based scam operations (particularly those targeting banks) being the biggest adopters of the tool. The lion's share of the remaining subscribers to the malware appeared to come from the US, Canada, Russia, and Turkey.