Month: January 2018

Enlarge (credit: Check Point Software)

In 2016, researchers uncovered a botnet that turned infected Android phones into covert listening posts that could siphon sensitive data out of protected networks. Google at the time said it removed the 400 Google Play apps that installed the malicious botnet code and took other, unspecified "necessary actions" to protect infected users.

Now, roughly 16 months later, a hacker has provided evidence that the so-called DressCode botnet continues to flourish and may currently enslave as many as four million devices. The infections pose a significant risk because they cause phones to use the SOCKS protocol to open a direct connection to attacker servers. Attackers can then tunnel into home or corporate networks to which the phones belong in an attempt to steal router passwords and probe connected computers for vulnerabilities or unsecured data.

Even worse, a programming interface that the attacker's command and control server uses to establish the connection is unencrypted and requires no authentication, a weakness that allows other attackers to independently abuse the infected phones.

Enlarge (credit: Aurich Lawson)

Later this year, Ars Technica will turn 20 years old. Our success has always been inextricably linked to the dedication of our readers, with 15 million of you arriving each month from around the world. To all of us who work here, that loyalty is profoundly humbling. We work hard to live up to it, including in the way we fund our operations.

Today, we are asking you to consider supporting Ars Technica by becoming a subscriber. We've made some changes to the program in 2018, including lowering our prices and adding more goodies. Here is our new line-up:

1. Free: Read Ars supported by ads, using one of the lightest ad loads of major media sites. All content remains available without rate-limits or gates.
2. Ars Pro for $25/year (or $3/month): Read Ars ad-free and get access to full-text RSS feeds along with our subscriber-only forums for just seven cents a day. If just 1 percent of people blocking ads on Ars subscribed to this option, we'd be able to hire five more journalists.
3. Ars Pro++ for $50/year: Read Ars ad-free, get a yearly tech gift from Ars (this year, it's an Ars-branded YubiKey 4, a $40 value), gain access to full-text RSS feeds and article PDFs, and read in "clean reading mode"—a special ad-free layout designed for pure readability. All that for the price of a latte each month!

You can review the details and sign up for the new subscription tiers here.

VentureBeat

VentureBeat's Evan Blass is back with another phone leak. This time it's the Samsung Galaxy S9, which has just had its launch event announced for February 25.

As expected, this year's iteration looks a lot like the Galaxy S8. Samsung did a major redesign last year, so we were expecting a phone that more or less looks the same. It's still a phone that is nearly all-screen with round corners, a battery of sensors at the top for Iris scanning, and a Bixby button for launching Samsung's horrible voice assistant. The main addition for 2018 is a new camera, which is expected to have a variable aperture.

Enlarge / Rob Bertholee (L), head of the General Intelligence and Security Service of the Netherlands (AIVD), and Dutch Minister Ronald Plasterk of the Ministry of the Interior, address a press conference on the presentation of the AIVD's annual report in Zoetermeer, the Netherlands, on April 21, 2016. AIVD reportedly penetrated the network of a Russian hacking group directed by Russia's Foreign Intelligence Service (SVR) in 2014, and shared the intelligence with the US. (credit: ROBIN VAN LONKHUIJSEN/AFP/Getty Images))

According to a report in the Dutch newspaper de Volkskrant, the General Intelligence and Security Service of the Netherlands (AIVD)—the Netherlands' domestic intelligence service—had hacked into the network of a building at a Russian university in Moscow some time in the summer of 2014. The building housed a group running a hacking campaign now known as "Cozy Bear," one of the "threat groups" that would later target the Democratic National Committee.

AIVD's intrusion into the network gave them access to computers used by the group behind Cozy Bear and to the closed-circuit television cameras that watched over them, allowing them to literally witness everything that took place in the building near Red Square, according to the report. Access to the video cameras in a hallway outside the space where the Russian hacking team worked allowed the AIVD to get images of every person who entered the room and match them against known Russian intelligence agents and officials.

Based on the images, analysts at AIVD later determined that the group working in the room was operated by Russia’s Foreign Intelligence Service (SVR). An information and technology sharing arrangement with the National Security Agency and other US intelligence agencies resulted in the determination that Cozy Bear’s efforts were at least in part being driven by the Russian Federation’s leadership—including Russian President Vladimir Putin.

Enlarge / IMAGE's instrument deck during construction. If those are still working, its rediscovery may be valuable. (credit: NASA)

Earlier this week, an amateur radio astronomer named Scott Tilley decided to have a look for the presence of secret military satellites. It's something he apparently does semi-regularly, and in this case his search was inspired by the Zuma satellite, a secret US government payload that was reportedly lost on its way to space. Most accounts have suggested that Zuma failed to make it to orbit, but the secrecy of the mission (we've got no clear idea what Zuma even was) means that everything about its fate is unclear. Tilley could either find a hint that Zuma is up there—or stumble across some other hardware put into space by other countries.

Instead, he found an undead NASA mission.

Given the clear indication of a radio signal, Tilley matched its orbit to a NASA satellite called IMAGE. IMAGE was launched back in 2000 with a mission of studying Earth's magnetosphere. Over five years of operation, it created a three-dimensional map of the charged particles that move along Earth's magnetic field lines. But contact was lost in 2005, and NASA eventually attributed that to a one-time event in the power system that the satellite wasn't designed to recover from.