Author: Sean Gallagher

A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service. It was recently detected in an attack on a Singapore bank employee. Previously known as AlienSpy or Adawind, the malware was all but shut down in 2015 after the domains associated with its command and control network were suspended by GoDaddy. But according to Vitaly Kamluk, the director of Kaspersky Lab's Asia/Pacific research and analysis team, the malware has been modified, rebranded, and is open for service again to customers ranging from Nigerian scam operators to possible nation-state actors. Ars has confirmed that the service is offered openly through a website on the public Internet.

AlienSpy was found last spring on the Android phone of Alberto Nisman, the Argentinian prosecutor who died under suspicious circumstances just as he was apparently about to deliver a report implicating the Argentine government in the bombing of a Buenos Aires Jewish community center in 1994. Now resurrected under the names JSocket and jRat, according to a presentation by Kamluk at the Kaspersky Security Analyst Summit 2016 in Tenerife, the malware is available through an open website to subscribers at prices ranging from $30 for one month to $200 for an unlimited license. Kamluk believes the service's author is a native Spanish speaker, possibly based out of Mexico.

JSocket includes a number of typical "RAT" (remote access tool) capabilities, including video capture from webcams, audio capture from microphones, the ability to detect antivirus software on a system, a keylogger to record key strokes, and a virtual private network key-stealing feature that could be used to gain access to any of the VPNs used by the victim. Kaspersky has tracked more than 150 attack campaigns against more than 60,000 targets with the latest iterations of the malware, with Nigerian e-mail-based scam operations (particularly those targeting banks) being the biggest adopters of the tool. The lion's share of the remaining subscribers to the malware appeared to come from the US, Canada, Russia, and Turkey.

The US Air Force has a problem. While it bets its future on the stealth of the F-22 and F-35 fighters, that stealth has come at a cost: reduced weapon loads. To be stealthy, the aircraft both have to carry all of their weapons in internal bays, significantly limiting how many bombs and missiles they can carry to strike at targets on the surface and defend themselves from other fighters.

Without mounting weapons on external hard points on its wings—and creating a much bigger radar target as a consequence—the F-22 can carry just two air-to-air missiles and two JDAM bombs—though the new, smaller Small Diameter Bomb II (SDB II) allows it to carry eight bombs and two air-to-air missiles in the same space. The Air Force's F-35A fighters delivered so far aren't cleared for combat, and the first wave of F-35s being delivered to the Marine Corps (Block 2B) are restricted to two bombs and two air-to-air missiles because the software for more weapons hasn't been finished.

So, what are these multimillion-dollar aircraft supposed to do once they've emptied their weapon bays? That is where the Air Force's research and development plans, detailed in the 2017 Defense Department budget request being sent to Congress this month, come in: the Air Force wants to develop an arsenal plane. Defense Secretary Ashton Carter described the arsenal plane as "a flying launch pad for all sorts of different conventional payloads. In practice, the arsenal plane will function as a very large airborne magazine, networked to 5th-generation aircraft that act as forward sensor and targeting nodes.”

Hey, all you newly minted unmanned air vehicle enthusiasts out there (and especially those of you in the San Francisco Bay area)! The Know Before You Fly campaign has an important message for you: don't bring (or fly) your drone to Super Bowl 50. The campaign—a joint effort of the Association for Unmanned Vehicle Systems International (AUVSI), the Academy of Model Aeronautics (AMA), and the Federal Aviation Administration (FAA)—is urging drone and model aircraft owners to respect the temporary flight restrictions (TFR) covering everywhere in a 32-mile radius around Levi's Stadium in Santa Clara, California, on February 7.

The FAA usually places restrictions on the airspace around any major event with attendance of 30,000 people or more, including sporting events and concerts. But because of its high-security profile, the Super Bowl is getting a much larger no-fly zone than usual. The Super Bowl TFR, which lasts from 2:00pm Pacific Time until midnight, covers almost all of the Bay Area, including all of San Francisco and Oakland to the north and Santa Cruz and most of the northern Monterey Bay coast to the south.

The Know Before You Fly campaign, which operates the website for registering new drones under the FAA's recently announced regulations, is part of a broader effort by the FAA and its industry and nonprofit partners to reduce the risk of drones interfering with commercial and government aircraft or injuring people on the ground. The FAA has also launched a mobile app, called B4UFLY, to allow drone operators to check for TFRs where they are, based on geolocation data. Hint: if you live in a major urban area, you are probably in a restricted flight area, since any hospital or other facility with a helicopter pad qualifies as an "airport" for FAA purposes. The app is in Apple's iOS App Store, and an Android version is in testing now through the Google Play Store (though Ars was unable to access the test version).

In the Department of Defense's budget request for 2017, the Air Force has conceded what to many has been obvious—that the F-35 Joint Strike Fighter will not be ready to take the place of the A-10 Thunderbolt II (also known as the "Warthog") in close air support missions any time soon. In its budget request, the Air Force is seeking funds to keep the A-10 flying, and DOD officials say the aircraft will remain in service until at least the 2022 fiscal year.

Defense Secretary Ashton B. Carter gave a summary of the budget request in a speech at the Economic Club of Washington, DC on February 2. He said that the A-10 would be replaced by the F-35 squadron by squadron as the new aircraft are brought into service. But the Air Force has also reduced the number of F-35A aircraft it plans to purchase in 2017.

Officials at the Air Force's F-35 Joint Program Office had suggested last year that a "block buy" of F-35 aircraft, possibly in 2018, would reduce the overall cost of the program. But that idea is being opposed by the Defense Department's chief of systems testing. Michael Gilmore, the DOD's Director of Operational Testing and Evaluation (OT&E), has warned against committing to a "block purchase" of the F-35 by the US and other military customers until after the aircraft passes its initial operational test and evaluation.

Watch the skies. In an alert filed with the United Nations' International Maritime Organization, the government of the Democratic People's Republic of Korea (otherwise known as North Korea) announced plans to launch a satellite sometime in February. The nation also provided warnings for the areas where its boost stages might plummet back to the surface. Japan's Ministry of Defense has since announced that Japan will shoot down the rocket if it flies toward Japan.

The launch, from North Korea's western coast near its border with China, will likely be the latest version of North Korea's Kwangmyŏngsŏng ("Bright Star") satellite series, aboard the latest version of the Unha ("Galaxy") rocket. The splash locations given by North Korea for the launch—the first stage landing in the Yellow Sea between South Korea and China and the second in the Philippine Sea east of the Philippines—are nearly identical to those of North Korea's last orbital effort.

The launch announcement comes just a month after a surprise nuclear weapons test in which the regime of Kim Jong-un claimed to have detonated a thermonuclear bomb. North Korea also claims to have developed a miniaturized nuclear warhead that could be placed atop a ballistic missile, though US intelligence officials have downplayed those reports.

Particle, a company that makes development kits for wireless Internet of Things applications—formerly known as Spark Devices—is preparing to ship a new board-based computer that will allow developers to use Arduino code to build mobile wireless devices based on GSM cellular connections. The Electron will allow developers to build Internet of Things devices that can connect nearly anywhere in the world where there's a 2G or 3G mobile wireless network.

Electron is the followup to Particle's Photon, a Wi-Fi based device with similar capabilities. Both Photon and Electron can use Arduino "sketch" code or code written in Particle's own development tool. And Particle offers a cloud service that allows developers to scale up their devices to full-production deployments of more than 100,000 devices.

Part of the appeal (and the business model) for Electron is that it comes with its own global data plan. Using an IoT SIM that works on cellular networks in over 100 countries, the Electron's basic data plan starts at $2.99 per month for 1 megabyte of data and 99 cents for each additional megabyte. That's not a lot of data, but Electron is intended mostly for "machine to machine" (M2M) applications, where relatively small messages are sent between the device and the cloud—not for things like streaming video or more consumer-type broadband cellular applications.

If you're wondering how much the war against the Islamic State is costing the US and why the Obama administration isn't ramping up its bombing campaign even more, consider this fact: from August 2014 to December 2015, the US military dropped $1.3 billion in smart bombs and other guided munitions on ISIS targets in Iraq and Syria, with air operations costing an average of about $11.2 million per day.

So many smart bombs have been dropped during the roughly 9,000 missions flown by US Air Force and Navy aircraft that the Department of Defense is running out of the guided weapons—and the Pentagon wants to stock up for ramped-up attacks. The military also wants to accelerate updates to the aging B-52 fleet to convert them into "arsenal ships" that can hang around for long periods of time and deliver bigger loads of guided bombs against targets such as ISIS.

Defense One reports that the Obama administration will send a request to Congress next week to approve an additional $1.8 billion for the DOD in order to purchase 45,000 new Joint Direct Attack Munition (JDAM) smart bombs and other air-dropped ordnance. The $1.8 billion bomb request is part of a total of $7.5 billion the Pentagon will seek to cover Operation Inherent Resolve, the ongoing operation against ISIS.

The US State Department has declared 22 of the e-mails stored on former Secretary of State Hillary Clinton's personal mail server to contain information classified as "top secret." In some cases, those e-mails were related to "special access programs"—the highest level of classification for government secrets, reserved for protected intelligence and other information kept closely protected because of its sensitivity. The State Department did not reveal whether the messages were all sent to Clinton or if she authored any of them.

Clinton has maintained that she never sent any classified information using her personal e-mail—a hosted Exchange server that initially was operated from her own home.

The messages were "upgraded at the request of the intelligence community," State Department spokesperson John Kirby told the Associated Press, indicating that they had not been marked with that level of classification initially. There is no indication whether the information was sent or received by Clinton or whether it bore any classification mark to begin with.

Today, Iran's IRNA news agency broadcast video apparently taken from an Iranian Revolutionary Guard unmanned aircraft as it flew directly over an American aircraft carrier operating in the Persian Gulf. The US Navy has confirmed that an Iranian drone flew "directly over" the USS Harry S. Truman and near the French carrier Charles de Gaulle, which are both in the Persian Gulf launching airstrikes against Islamic State (Daesh) forces in Syria and Iraq.

Navy Commander Kevin Stephens, a spokesman for the US Navy's 5th Fleet, said that the Navy was "not in a position to verify the authenticity of the video as there are countless examples of similar footage to be found on the Internet." But he did confirm that an Iranian surveillance drone passed over the Truman on January 12. The drone did not pose a threat, he said. "It was, however, abnormal and unprofessional." Stephens added that the Navy would "respond appropriately as the situation dictates" to future incidents.

Iranian Navy Commander Admiral Habibollah Sayyari told IRNA that the drone's flight over the Truman was "a sign of bravery," and it "allowed our men to go so close to the warship and shoot such a beautiful and accurate footage of the combat units of the foreign forces." IRNA also reported that a small Iranian diesel submarine was involved in surveillance of the ships. The drone and submarine operations are part of an Iranian Navy exercise being mounted this week.

Documents provided to The Intercept by National Security Agency whistleblower Edward Snowden show new evidence of a long-running surveillance campaign against drones flown by the Israelis, Syrians, and other nations in the region. The operation by the United Kingdom's Government Communications Headquarters (GCHQ) signals intelligence organization, with the assistance of the NSA, intercepted scrambled analog video feeds from remotely piloted aircraft and tracked the movement of drones. In some cases, the operation even intercepted video from Israeli fighter aircraft during combat missions.

There was no supercomputing magic involved in at least most of the video interceptions. As part of an operation codenamed "Anarchist," NSA and GCHQ analysts used Image Magick (an open source image manipulation tool) and other open source software developed to defeat commercial satellite signal encryption. One of the tools, called antisky, was developed by Dr. Markus Kuhn of the University of Cambridge's Computer Laboratory. The tools could be used by anyone able to intercept satellite signal feeds then exhibit the patience and skill to sort through the pixels. However, the conversion to digital video feeds on some drones has apparently made video interception more difficult.

The signals were intercepted at a GCHQ station at the Royal Air Force's communications installation in the Troodos mountains of Cyprus. The facility, near Mount Olympus, is used by the GCHQ for exploiting satellite and radio communications in the eastern Mediterranean and Levant regions—including Israel, Syria, Lebanon, Turkey, Egypt, and much of North Africa. The encrypted signals were then processed with Image Magick and antisky, according to a training manual obtained by The Intercept. That manual details the process of "brute forcing" the breaking of encryption on satellite video feeds.