Month: August 2016

The name "Project Sauron" came from code contained in one of the malware's configuration files. (credit: Kaspersky Lab)

Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation state.

The malware—known alternatively as "ProjectSauron" by researchers from Kaspersky Lab and "Remsec" by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus.

Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don't help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target.

Android Police's mockup of the new Nexus devices, based on inside information. (credit: Android Police)

With Android 7.0 Nougat and the new Nexus devices fast approaching, Google is no doubt hard at work developing and testing the latest wave of features coming to the Android ecosystem. The Android N Developer Preview has given us a look at the Android Open Source Project (AOSP) side of things, and it looks like the coming Nexus devices will be the launch point for the proprietary "Google" side of Android.

These could trickle down to other devices someday, but for now it seems like Google is developing a suite of Nexus-exclusive features to further differentiate the Nexus line from regular phones. There has been a never-ending string of rumors and reports about the new Nexus devices and their accompanying software, so here's a roundup of the latest rumors we're monitoring from reliable sources.

The Nexus Launcher and Google Wallpapers

Google's current home screen is the "Google Now Launcher," which started as an exclusive Nexus feature and eventually made its way to the Play Store. For 2016, there is apparently a new Google home screen called the "Nexus Launcher," which re-imagines what an Android home screen should look like. We've actually heard about this app from two different sources: the app's existence was first revealed by Android Police and then a full APK was later leaked by Nate Benis.

HACK THE POKE-PLANET! Oh, wait, wrong meme... (credit: Aurich vs GITS vs Pokémon)

When we first wrote about the world of automated Pokémon Go-playing "bot" programs a few weeks ago, we predicted a brewing technological war. Developer Niantic was inevitably going to deploy cheat-detection technology, and hackers would subsequently work to break through that detection. Last week, we saw the first battle in that war, and so far it seems like the hackers are winning handily.

After largely ignoring the growing issues of bots (and related mapping hacks) for weeks, Pokémon Go developer Niantic rolled out a mandatory game update last Wednesday focused on cutting off server access for such unofficial apps. In a blog post last Thursday, Niantic cited "aggressive efforts by third parties to access our servers outside of the Pokémon Go game client and our terms of service." The developer argued these hacks were overloading its servers and its employees, slowing efforts to improve the game and bring it to new markets.

"Developers have to spend time controlling this problem vs. building new features," Niantic wrote. "It’s worth noting that some of the tools used to access servers to scrape data have also served as platforms for bots and cheating which negatively impact all Trainers. There is a range of motives here from blatant commercial ventures to enthusiastic fans but the negative impact on game resources is the same."

SkyFire’s new infrared technology is intended to capture high-resolution images of the lunar surface. (credit: Lockheed Martin)

The maiden launch of NASA's Space Launch System, likely in late 2018 or early 2019, will primarily serve to demonstrate that the massive rocket is capable of delivering a sizable payload—the Orion spacecraft—into a lunar orbit. However, amid the launch fireworks and shakedown mission for the uncrewed Orion spacecraft, NASA will also manage to do a little science.

The adapter ring that connects Orion to the rocket will include 13 bays for CubeSats, shoe-box sized payloads that until now haven't been delivered in significant numbers into deep space. Each of those payload operators is working to finalize contracts with NASA for the ride into space, and on Monday, Lockheed Martin announced a few details of its 6U CubeSat, called SkyFire. Lockheed's payload will capture high-quality images of the Moon. And in exchange for the ride into deep space, NASA will receive data from the mission.

“The CubeSat will look for specific lunar characteristics like solar illumination areas,” James Russell, Lockheed Martin SkyFire principal investigator, said in a news release. “We’ll be able to see new things with sensors that are less costly to make and send to space.”

(credit: Getty / Aurich)

AT&T has agreed to pay $7.75 million after a Drug Enforcement Administration (DEA) investigation uncovered a cramming scam in which AT&T customers were billed $9 a month for a non-existent directory assistance service.

When the DEA investigated two Cleveland-area companies for drug-related crimes and money laundering, the agency seized the companies' "cars, jewelry, gold, and computers." In the process, the feds "discovered financial documents related to a scheme to defraud telephone customers," according to a Federal Communications Commission announcement today.

"The key participants in the scheme told DEA agents that the companies were set up to bill thousands of consumers (mostly small businesses) for a monthly directory assistance service on their local AT&T landline telephone bills," the FCC said. "The DEA referred this investigation to the FCC’s Enforcement Bureau in 2015." The FCC investigated further and convinced AT&T to agree to today's settlement.

Enlarge / Devices running the iOS 10 beta. (credit: Andrew Cunningham)

Public betas are now a given for major and minor iOS and macOS releases for Apple, but that wasn't the case just a couple of years ago. The reason? Apple Maps, according to a Fast Company piece with quotes from Apple CEO Tim Cook, Software Engineering SVP Craig Federighi, and Internet Software and Services SVP Eddy Cue.

To recap, the Maps app in iOS switched from using Google's data to Apple's in iOS 6 back in 2012. The transition did not go well; the reception from the press and the public was bad enough that it prompted a rare apology and led to the departure of longtime iOS software head Scott Forstall.

"We made significant changes to all of our development processes because of [Maps]," Cue told Fast Company. "To all of us living in Cupertino, the maps for here were pretty darn good. Right? So [the problem] wasn’t obvious to us. We were never able to take it out to a large number of users to get that feedback. Now we do."

MICROS, an Oracle-owned division that's one of the world's top three point-of-sale services, has suffered a security breach. The attack possibly comes at the hands of a Russian crime gang that siphoned out more than $1 billion from banks and retailers in past hacks, security news site KrebsOnSecurity reported Monday.

Oracle representatives have told reporter Brian Krebs that company engineers "detected and addressed malicious code in certain legacy MICROS systems" and that the service has asked all customers to reset their passwords for the MICROS online support site. Anonymous people have told Krebs that Oracle engineers initially thought the breach was limited to a small number of computers in the company's retail division. The engineers later realized the infection affected more than 700 systems.

Krebs went on to report that two security experts briefed on the breach investigation said the MICROS support portal was seen communicating with a server that's known to be used by the Carbanak Gang. Over the past few years, Carbanak members are suspected of funneling more than $1 billion out of banks, retailers, and hospitality firms the group hacked into.

Shaun Bridges was captured by CCTV security cameras, leaving a Secret Service field office with a large bag. The government said the bag may have contained hard drives with keys needed to access his Bitstamp wallet. (credit: US Attorney's Office San Francisco)

The lawyer representing Shaun Bridges, the corrupt Secret Service agent who was part of the Silk Road investigation, has said that his recent appeal is largely worthless and has asked to be removed from the case.

Davina Pujari, who is Bridges’ third lawyer since his appeals process began in December 2015, wrote in a filing last Friday to the 9th Circuit Court of Appeals:

After having carefully examined this record and after having researched the relevant statutes and case law, counsel has concluded that this appeal presents only legally frivolous issues. Therefore, counsel requests the Court's permission to withdraw as attorney of record and to allow Appellant to file any further briefs he deems necessary.

Last year, Bridges was sentenced to 71 months in prison after pleading guilty to stealing money from Silk Road dealers while investigating the site. He is now in federal prison in Terre Haute, Indiana, and is set to be released in January 2021.

The building that houses the IceCube servers. (credit: USAP.gov)

Tantalizing hints have regularly turned up to indicate the existence of a sterile neutrino—a theoretical fourth type of neutrino separate from the three predicted by the Standard Model. Researchers have now searched for it using the IceCube Neutrino Observatory, a powerful neutrino detector in Antarctica that is able to spot neutrinos of cosmic origin. Could this particle finally be found, ushering in a thrilling new era of physics?

No. IceCube’s search has turned up nothing, as revealed in results published today. The lack of detection doesn’t necessarily mean sterile neutrinos don’t exist, but it does put the strictest constraints on them yet, narrowing down the range of energies they could have and informing future studies on where to look.

Had sterile neutrinos been found, they would have explained anomalies in old research, revealed new physics beyond the Standard Model, and potentially provided clues for mysteries such as the nature of dark matter and the imbalance between matter and anti-matter in the Universe. “If you throw in a fourth neutrino, it changes everything,” said Francis Halzen, principal investigator for IceCube and one of the paper’s authors.