Author: Sean Gallagher

Several security researchers have discovered a new type of malware that jumps onto the ransomware bandwagon, encrypting victims' files and then demanding a payment of half a bitcoin for the key. Named "Locky," the malware depends on a rather low-tech installation method to take root in a user's system: it arrives courtesy of a malicious macro in a Word document.

Security researchers Kevin Beaumont and Lawrence Abrams each wrote an analysis of Locky on Tuesday, detailing how it installs itself and its components. The carrier document arrives in an e-mail that claims to be delivering an invoice (with a subject line that includes an apparently random invoice number starting with the letter J). When the document is opened, if Office macros are turned on in Word, then the malware installation begins. If not, the victim sees blocks of garbled text in the Word document below the text, "Enable macro if the data encoding is incorrect"—and then infects the system if the user follows that instruction.

Somehow, this malware has already infected hundreds of computers in Europe, Russia, the US, Pakistan, and Mali. The malicious script downloads Locky's malware executable file from a Web server and stores it in the "Temp" folder associated with the active user account. Once installed, it starts scanning for attached drives (including networked drives) and encrypts document, music, video, image, archive, database, and Web application-related files. Networked drives don't need to be actively mapped to be found, however.

In January of 2014, Yahoo CEO Marissa Mayer's keynote at CES in Las Vegas featured the launched Yahoo Tech, the company's technology news "digital magazine." She had hired former New York Times technology columnist David Pogue in October of 2013 as the site's architect and shining star and brought in a stable of other editorial talent to create digital magazines for other "verticals" (food, cars, music, and health among them) as part of her big turnaround strategy for the company. But the turnaround never materialized, and now the sites are being shut down or scaled down.

Dan Tynan, editor-in-chief at Yahoo Tech, revealed his departure in an e-mail to staff published by Politico today. "Well, that was not entirely unexpected," Tynan wrote in the memo. "Eight Hundred and Four days after taking the purple, my career as a Yahoo is over." Politico reported that Yahoo intended to shut down Yahoo Tech along with a flight of other sites.

However, a Yahoo spokesperson told Ars that Yahoo Tech was not being shut down—but several other brands are. And Tynan's departure is part of a broader layoff being announced today. "In early February Yahoo shared a plan for the future, with this new plan came some very difficult decisions and changes to our business," the spokesperson said. "As a result of these changes some jobs have been eliminated and those employees will be notified today. We thank those employees for their outstanding service to Yahoo and will treat these employees with the respect and fairness they deserve."

Hollywood Presbyterian Medical Center, a hospital in Los Angeles, is the victim of what officials describe as an ongoing cyberattack. A hospital spokesperson told Ars in a prepared statement that "patient care has not been affected" by the intrusion. And an executive of the hospital told reporters that the attack was "random" and not targeted at patient records.

However, local news organizations have reported that some emergency patients were diverted to other hospitals—and that some of the hospital's systems have been locked down by ransomware. The hospital has reverted to paper patient registration and medical records, according to NBC 4 in Los Angeles, and the hospital's network has been shut down for over a week.

A spokesperson for the Federal Bureau of Investigations' Los Angeles office confirmed to Ars that HPMC had been targeted in a cyberattack, but he declined to comment further as an investigation is ongoing. The amount being demanded by the attackers to provide the key to unlock the hospital's systems has not been made public, though it has been reported to be as much as 9,000 Bitcoin—the equivalent of $3.6 million.

Last October, a Defense Department tethered radar blimp broke loose of its moorings near Baltimore and drifted across two states—taking out power lines as it dragged its tether cable behind it in a 13-hour, unguided flight. A new investigation into the incident has revealed that most of the damage could have been avoided. The aerostat—half of the pair used by the Joint Land Attack Cruise Missile Defense Elevated Netted Sensor (JLENS) System—would have come down without causing nearly as much damage if someone had remembered to install its batteries.

The JLENS program, which uses two high-flying aerostats with radar domes (one a search radar system and the other a targeting radar to lock onto low-flying cruise missiles and other potential threats), has cost over $2.7 billion since the program began in 1998. Each aerostat was equipped with an automatic deflation system to bring the giant floating sensor to the ground quickly in the event of a cable break. But the system's batteries had not been installed at the time of the accident, so the system failed to activate when main power was lost.

The report, a summary of which was obtained by the Los Angeles Times, found that "design, human, and procedural issues all contributed" to the aerostat breaking loose, disrupting air traffic and causing jets to be scrambled to track its progress. When it finally came down 160 miles north in Moreland Township, Pennsylvania, the Army had state police bring it down the rest of the way with approximately 100 shotgun blasts. At the time, authorities believed they had no other way under the circumstances to deflate it.

One of the biggest problems the US Navy faces today is the threat of quiet, short-range diesel-electric submarines. When running on batteries alone, these subs are extremely difficult for the Navy's ships, subs, and patrol craft to detect with passive sonar. In war games with US allies—and in recent propaganda-generating "drills" by Iran's navy—US ships have consistently ended up in the periscope crosshairs of diesel submarines that have gone undetected or that the Navy has simply lost track of. The best way to keep tabs on diesel submarines is to literally stay on top of them, tracking them with subs or ships from the moment they set out to sea until they return home.

This is the sort of thing the US Navy used to do with Soviet submarines operating off the coast of the US. The problem is that doing it for diesel submarines in distant parts of the world would tie up ships and sailors, pulling them away from other missions—and the US Navy doesn't have the same sort of resources for antisubmarine warfare that it had during the Cold War to bring to bear on the diesel-electric subs of potential adversaries. This is especially true for those operating in waters far from the US. That's a problem that a Defense Advanced Research Projects Agency project now nearing fruition seeks to solve with drone ships.

During a roundtable with media last week, Deputy Director Steve Walker announced that DARPA and its contractor Leidos would launch the first full prototype of an autonomous ship designed to hunt submarines and trail them for weeks at a time. Eventually, autonomous vessels could be deployed to track the latest generation of quiet diesel-electric submarines over distances of thousands of miles, providing targeting information to US Navy submarines, ships, and patrol planes—or simply harassing the subs with relentless active tracking to deter them from carrying out their mission.

On November 22, 2015, a group of teenagers broke into the house of a Baltimore man, stealing his bicycle and finding a spare key to his Jeep Renegade. They then took off, stealing the Jeep and taking it for a multiday joyride before abandoning it with an empty gas tank and some minor damage.

In Baltimore (as I can sadly say from personal experience), the story would usually end there with an insurance claim and a shrug. But the group of young men involved in the burglary and theft were all captured on a Nest camera as they rifled through drawers. And some of them left more potential digital evidence when they paired their phones over Bluetooth with the Jeep's UConnect system.

One of the thieves was identified from a head shot from the camera footage a few weeks later by a school police officer, and has already pleaded guilty in juvenile court. But the apprehended youth wouldn't give police the identities of the others involved in the theft. Because he's a juvenile, he'll likely be released soon in any case.

Community mapping applications come in all shapes and sizes. There are apps to help drivers avoid speed traps, maneuver around traffic jams, and find cheap gas. And now there's one that helps people avoid being pulled from their car by the Ershad—Iran's morals police.

Anonymous developers in Iran recently released an Android app that is intended to help young Iranians share intelligence about Ershad checkpoints. Called "Gershad," the app depends on crowdsourced reports from users to help others avoid being stopped, harassed, or even possibly beaten or arrested for failing to adhere to the Ershad interpretations of Islamic morality.

The app was highlighted by Nima Akbarpour, the presenter of Persian Click (a technology show on BBC's Persian service).

Today, the Obama administration released the president's Cybersecurity National Action Plan (CNAP), a set of executive actions and budget requests that seeks to fix federal agencies' information security woes. The plan aims to spur broader efforts to protect citizens' privacy and the security of the nation's businesses and infrastructure from criminals and other threats. And it starts off by creating a commission to figure out how to do that.

The Federal government's information security posture, as demonstrated by the Office of Personnel Management breach last year, is at best antiquated and at worst horrific in its inadequacy. The CNAP looks to rapidly infuse money into efforts to modernize the decrepit information security systems at agencies such as the Social Security Administration, which as President Obama wrote in an op-ed piece published today by the Wall Street Journal, "uses systems and code from the 1960s. No successful business could operate this way.”

To make the fixes, the Obama administration is asking for over $19 billion in spending scattered across the proposed 2017 budget and is making a number of immediate moves that require funding now—$3.1 billion for an Information Technology Modernization Fund and to pay a new Federal Chief Information Security Officer (with a salary of between $123,175 and $185,100 a year, Top Secret/SCI clearance required—apply by February 26 if interested).

A prematurely posted copy of the US Air Force's fiscal year 2017 budget request was pulled down from the service's website today but not before defense analysts and journalists were able to download the document and find a number of surprises. While it had been previously announced by the Department of Defense that five fewer F-35A fighters would be purchased in 2017, the plan outlined in the 2017 Air Force budget would cut even more F-35s from purchase plans over the next 10 years, deferring the purchase of 45 planes until later.

In a statement introducing the budget plans, Air Force officials wrote, "The Air Force is facing a modernization bow wave in critical nuclear and space programs over the next ten years that, under current funding levels, we simply cannot afford." A recent assessment of the Air Force's nuclear forces reinforced calls for a major investment in modernization of systems, some of which have been in place with few modifications since the 1970s and 1980s.

The F-35 program, one of the Air Force's most expensive procurements, has been cut back as a result as the Air Force instead proposes a budget that "restores some capacity in the short-term, funds readiness to executable levels, and makes additional investments in nuclear, space, cyber, command and control (C2), and intelligence, surveillance, and reconnaissance (ISR) capabilities," according to the introductory statement.

On Sunday, the Democratic People's Republic of Korea (North Korea) launched a rocket carrying a satellite into orbit despite protests from neighboring countries and the US that it is a violation of previous agreements on missile testing. The Kwangmyŏngsŏng-4 satellite, an "earth observation satellite" ostensibly for monitoring agricultural output, apparently reached orbit. But the satellite is apparently tumbling out of control, according to a US Department of Defense official.

Meanwhile, in testimony before the Senate Armed Services Committee Tuesday morning, Director of National Intelligence James Clapper said that intelligence has confirmed that North Korea has resumed production of plutonium at a reactor in Yongbyon. The regime of North Korean leader Kim Jong-un had announced the return to production operations in September of 2015. Clapper said that "North Korea has been operating the reactor long enough so that it could begin to recover plutonium from the reactor's spent fuel in a matter of weeks to months."

The launch, the renewed plutonium production, and the test last month of a "boosted" nuclear warhead (which North Korea claimed was a hydrogen bomb) have all been seen as evidence that North Korea is moving forward with development of nuclear ballistic missiles that could potentially reach the west coast of the United States. Timed both to coincide with lunar new year celebrations and the Super Bowl in the US, the Kwangmyŏngsŏng-4 satellite flew over the San Francisco Bay area just an hour after the end of Super Bowl 50.