All posts by Connor Jones

“Bulletproof” dark web data centre seized by German police


Connor Jones

30 Sep, 2019

German authorities scuppered a pervasive dark web operation on Friday, saying it was being run out of a former NATO bunker.

Seven individuals have been arrested on the suspicion of being associated with organised crime and as accessories to hundreds of thousands of crimes through their hosted dark web platforms such as the Wall Street Market and Cannabis Road.

The outfit is believed to be spearheaded by a 59-year-old Dutchman who, authorities understand, acquired the bunker located in the small town of Traben-Trarbach in 2013.

After buying the bunker, the man who is yet to be named by authorities is claimed to have transformed it into a large and highly secure data centre, designed “exclusively for illegal purposes”, according to prosecutor Juergen Bauer, as reported by the Associated Press.

Dark web marketplaces are infamous for being cornucopias of crime where people can buy drugs, weapons, credit card information, forged documents and more.

As suspects linked to the operation of such as site, 13 suspects in total, aged 20-59, can all be charged as accessories to every crime and transaction that took place on their hosted sites.

“I think it’s a huge success… that we were able at all to get police forces into the bunker complex, which is still secured at the highest military level,” said regional criminal police chief Johannes Kunz. “We had to overcome not only real, or analogue, protections; we also cracked the digital protections of the data centre.”

Authorities described the facility as a “bulletproof hoster”, designed specifically to conceal the activity from law enforcement.

Policing the unknown

The dark web has proven to be a reliable sanctuary for cyber criminals due to its decentralised and anonymous nature. Websites are accessed through The Onion Router (Tor) browser and a user’s connection is redirected through multiple different global locations which makes the identification of an online criminal nigh-on impossible.

The proliferation of cryptocurrencies has also contributed to the anonymity of criminals as, like their web traffic, payments made using cryptos are also beamed through multiple addresses making them difficult track.

It started with bitcoin but since then other cryptocurrencies have gained popularity, and new and more anonymous coins have been devised. Monero is one such coin that’s favoured by criminals as it conceals the sender and recipient’s address more comprehensively than others.

Cryptocurrency tumblers are another tool that hampers policing efforts. They offer a service that’s the cryptocurrency equivalent of money laundering; users send their coins to a tumbling service, pay a fee and get completely different coins in return, further complicating tracking efforts made by authorities.

While authorities have famously been able to clamp down on certain marketplace operations, their success, in some cases, hasn’t been attributed to sophisticated web tracking techniques – the fatal clues have sometimes been found through the criminals’ poor web hygiene.

For example, perhaps the most well-known dark web market Silk Road was eventually seized by authorities after finding posts made by the owner Ross Ulbricht which advertised the marketplace on a ‘clear net’ bitcoin forum along with his personal email address in a separate post.

The network is difficult to crack, but as the FBI evidenced with the seizure of Playpen, they can take down sites if they hack the endpoint. Authorities deployed malware on the abuse-distribution platform that revealed the IP address of any user that clicked on illegal images, leading to the arrest of the site’s operator.

IT Pro contacted the National Cyber Security Agency for comment but it did not reply at the time of publication.

Dedicated global taskforces

As the dark web becomes a more widespread issue, dedicated dark web security organisations have been formed around the world to help tackle the issue.

The seizure of the Alphabay and Hansa marketplaces in 2017 was a global coordinated effort named Operation Bayonet and led by Europol, but required help from law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France.

The huge effort required in Bayonet provided the catalyst that led to the formation of Europol’s own dedicated dark web team and the US followed suit six months later with its Joint Criminal Opioid Darknet Enforcement (J-CODE) team.

“Criminals think that they are safe on the darknet, but they are in for a rude awakening,” said Attorney General Sessions on the J-CODE launch. “We have already infiltrated their networks, and we are determined to bring them to justice.

“In the midst of the deadliest drug crisis in American history, the FBI and the Department of Justice are stepping up our investment in fighting opioid-related crimes. The J-CODE team will help us continue to shut down the online marketplaces that drug traffickers use and ultimately that will help us reduce addiction and overdoses across the nation.”

Google invests $3 billion in European data centre expansion


Connor Jones

20 Sep, 2019

Google’s CEO Sundar Pichai announced today that the company will be investing a further three billion euros (£2,642,906,834) into European data centres over the next two years.

This additional investment brings Google’s total investment in European digital infrastructure to 15 billion euros (£13,212,675,000) since 2007 – an endeavour which has supported 13,000 jobs, according to a Copenhagen Economics study.

In addition, a further 600 million euros (£528,393,000) will be pumped into the expansion of its data centre operations in Hamina, Finland, which it originally bought in 2009 and transformed it from an old paper mill to a high-tech facility which supports 4,300 jobs.

“The Nordic countries are great examples of how the internet can help drive economic growth,” said Pichai. “Our Hamina data centre is a significant driver of economic growth and opportunity. It also serves as a model of sustainability and energy efficiency for all of our data centres.”

The Hamina facility is situated near to the Russian border and uses seawater taken from the Gulf of Finland to reduce the amount of energy required to cool the hardware.

Google announced yesterday that it has continued on its commitment to using as much green energy as possible by completing the largest corporate purchase of renewable energy in history.

“These deals will increase our worldwide portfolio of wind and solar agreements by more than 40 percent, to 5,500 MW–equivalent to the capacity of a million solar rooftops,” said Pichai. “Once all these projects come online, our carbon-free energy portfolio will produce more electricity than places like Washington D.C. or entire countries like Lithuania or Uruguay use each year.”

Currently, Google’s other European data centres are located in the Netherlands, Ireland and Belgium, but last year it announced plans to build an entirely carbon-neutral data centre in Denmark, adding to its European data centre portfolio and bolstering its green energy drive.

The tech giant plans to invest $700 million (£616,769,017) into the new green site in Frederica, Denmark and use machine learning to ensure ever watt is used effectively.

Europe is somewhat of a hotbed for data centres, particularly for Google’s in Scandinavia which can operate using better energy efficiency than other locations around the world.

Microsoft revs up connected car cloud service with TomTom


Connor Jones

9 Sep, 2019

Satellite navigation giant TomTom has partnered with Microsoft to integrate its technology in the Redmond company’s cloud-based Connected Vehicle Platform (MCVP).

Navigation usage data will be collected and sent back to the platform, which works in tandem with Microsoft Azure, and will allow car manufacturers to make better-informed decisions for tailored services, thanks to being able to tap into the compute power of a large cloud platform. 

Diagnostic data will also be driven back to the platform which will allow car makers to make data-driven decisions for engineering and design changes.

TomTom’s location intelligence which includes traffic information and map services will also be made available to cars’ navigation apps in addition to aiding autonomous driving.

MCVP aims to unify connected cars and the data they collect with its Azure platform so its customers can create improved in-vehicle services, such as traffic alerts and better understand the needs of those with connected cars.

It extends further from just consumers, commercial and industrial vehicles are all compatible with the platform so businesses can harness the data from their fleet of trucks, ships, drones and cranes to help create more efficient processes.

Microsoft has already attracted prominent vehicle manufacturers to its platform; Volkswagen agreed last year to build its automotive cloud platform on Azure.

“Our integration with the Microsoft Connected Vehicle Platform means that automakers can get access to precise and reliable navigation and driving behaviour data easily, while of course adhering to privacy principles,” said Cees van Dok, chief product officer at TomTom.

“This data could, for instance, be used to predict the range of an electric vehicle based on driving behaviour and planned route more accurately; or to work out, based on navigation behaviour, what connectivity package for online navigation would be best suited for a driver. This is a game-changer for OEMs.” 

This TomTom-Microsoft partnership is an extension to its existing relationship, which was bolstered in February after the navigation specialist was selected by Microsoft to be its sole location data for its mapping services. TomTom’s data is used across a variety of Microsoft products including Azure Maps, Bing, Cortana, Windows and will also be used in future releases.

“With Microsoft Connected Vehicle Platform serving as the digital chassis of the car, telematics, infotainment, and data from sensors are all connected to the cloud in the same way, effectively solving the pain point of managing different systems for scale, security, and reliability,” said Tara Prakriya, partner group program manager of Microsoft Connected Vehicle Platform and mobility at Microsoft. “We’re delighted to add navigation intelligence data from TomTom to MCVP.” 

The pair’s partnership hasn’t always been so fruitful, though. Back in 2009, they both sued each other within a month, alleging patent infringements on both sides. The case was later settled with both sides having to pay the other an undisclosed sum.

Microsoft launches bug bounty programme Chromium-based Edge


Connor Jones

21 Aug, 2019

Microsoft has launched a fresh bug bounty programme specifically for its Chromium-based Edge browser, offering rewards double the value of its previous HTML Edge version.

The maximum reward for hunters finding significant flaws in the latest version of its flagship browser has increased to $30,000 for the most critical vulnerabilities.

Other issues will be judged by their significance, depending on how impactful the flaw is to future versions of Edge, with hunters being rewarded from $1,000 upwards.

The launch of the latest bug bounty programme coincides with the launch of the beta preview of the next Edge version and will work hand-in-hand with Microsoft’s Researcher Recognition Program.

The initiative acts somewhat like a loyalty card for bug hunters who follow Microsoft’s vulnerability disclosure process: Points are awarded for every bug they report and these points can be multiplied depending on the product on which they’re found.

A bug found in Azure or Windows Defender, for example, is eligible for a 3x points multiplier whereas Edge on Chromium gets a mere 2x multiplier – GitHub and LinkedIn receive none.

Once a hunter accrues enough points, they “may be recognised in our public leaderboard and rankings, annual Most Valuable MSRC Security Researcher list, and invited to participate in exclusive events and programs,” said Microsoft.

The program will also run alongside the pre-existing bug bounty for the HTML version of Edge, which offers rewards of between $500 – $15,000.

“Vulnerabilities that reproduce in the latest, fully patched version of Windows (including Windows 10, Windows 7 SP1 or Windows 8.1) or MacOS may be eligible for the Microsoft Edge Insider bounty program,” said Microsoft. “Windows Insider Preview is not required.”

Since the browser is powered using Chromium, the new bug bounty programme will support the Chrome Vulnerability Reward Program “so any report that reproduces on the latest version of Microsoft Edge but not Chrome will be reviewed for bounty eligibility based on severity, impact, and report quality,” it added.

The Chrome Vulnerability Reward Program currently offers rewards ranging vastly from $500 to $150,000 with the greatest rewards likely to be issued for bugs found in Chrome OS.

Apple also announced the expansion of its bug bounty programme at Black Hat 2019 in August, making it the most lucrative bounty program in tech.

In addition to dishing out special iPhones to select bug hunters, making it easier for them to investigate the flagship Apple device, it announced a maximum reward for bugs of up to $1.5 million.

Back in March, an Argentinian teenage bug hunter became the first in the world to earn $1 million from lawfully finding and disclosing bugs in bounty programs. He reported more than 1,600 bugs – notable inclusions were major issues with Twitter’s and Verizon’s products.

The majority of Chrome extension installs are split across these 13 apps


Connor Jones

5 Aug, 2019

Google’s Chrome extension store is said to be dominated by just a handful of popular applications, with the majority of its application selection having fewer than 1,000 installs, according to a new study.

Figures released from Extension Monitor show that although Chrome now boasts over 1 billion extension installs, only 13 apps have over 10 million installs each.

Of the 188,000 extensions that make up the store, it’s believed as much as 87% of these have fewer than 1,000 installs, including 24% that have either one or zero installs. The figures also show that around half of all extensions have been installed less than 16 times.

Security was a common theme identified when looking at the most downloaded extensions – adblockers, antivirus applications, password managers and VPNs dominated the list of most popular extensions. Other prominent categories included communications and shopping.

Well-known apps such as Grammarly, Adblock, Honey, Avast Online Security, Skype and Google Translate dominated the top spots. LastPass and Google Hangouts were among the apps just shy of the 10 million mark.

The 10 million club:

  • Cisco Webex Extension
  • Google Translate
  • Avast Online Security
  • Adobe Acrobat
  • Grammarly for Chrome
  • Adblock Plus – free ad blocker
  • Pinterest Save Button
  • Skype
  • AdBlock
  • Avast SafePrice
  • uBlock Origin
  • Honey
  • Tampermonkey

Even though a large proportion of extensions have a comparably low install-base, it’s the extensions in this bracket that are often the most malicious, which collectively can still target a large number of users. Last month we reported that some Google Chrome extensions harvest user data as part of a “murky data economy” and then sell that data onto Fortune 500 companies.

The scheme was thought to have affected up to 4 million users across the various extensions, most of which had thousands of installs each, although some exceeded one million. The sensitive data was then accessible by anyone who was willing to pay a fee as small as $49.

In response, Google pointed users to its policy changes made in June 2019 and how it plans to make the Chrome Web Store more secure, a policy that’s since been slammed by the Electronic Frontier Foundation (EFF).

The organisation said that the changes would do nothing to secure the Web Store as they don’t address the APIs used by extensions to aggregate and sell data. Instead, the EFF claims Google should simply enforce existing policy properly.

“Ultimately, users need to have the autonomy to install the extensions of their choice to shape their browsing experience, and the ability to make informed decisions about the risks of using a particular extension,” said the EFF. “Better review of extensions in Chrome Web Store would promote informed choice far better than limiting the capabilities of powerful, legitimate extensions.”

JEDI contract put on hold after intense lobbying efforts


Connor Jones

2 Aug, 2019

The $10 billion JEDI contract to supply cloud computing services to the Pentagon has been halted after an aggressive lobbying campaign from rival tech companies.

According to CNN, which first reported the story, an inside campaign was allegedly carried out to dissuade President Trump from choosing Amazon’s AWS as the winner of the contract.

Amazon and Microsoft are currently the only two companies in the race after Oracle and IBM were knocked out of the running months ago, but a one-page document was given to Trump which appears to visually outline Amazon’s ten-year plan for cloud monopolisation.

The document is identical to one created by Oracle’s top Washington lobbyist, Kenneth Glueck, an executive vice president with the company, Glueck told CNN.

CNN remarked that the document delivered to Trump, which may have been the deciding factor in delaying the JEDI contract due to be announced this month, was designed to play up to the feud between Trump and Amazon CEO Jeff Bezos.

“So sorry to hear the news about Jeff Bozo being taken down by a competitor whose reporting, I understand, is far more accurate than the reporting in his lobbyist newspaper, the Amazon Washington Post,” tweeted Trump in relation to Bezos’ divorce at the time. “Hopefully the paper will soon be placed in better & more responsible hands!”

Defence Secretary Mark Esper is currently investigating allegations of unfairness in the awarding of the contract, according to Pentagon spokeswoman Elissa Smith.

“Keeping his promise to Members of Congress and the American public, Secretary Esper is looking at the Joint Enterprise Defense Infrastructure (JEDI) program,” Smith said in a statement on Thursday to Reuters. “No decision will be made on the program until he has completed his examination.”

Speculation surrounding the treatment of AWS in the contract’s bidding process has raged on for months, some have argued that the nature of the contract itself favours AWS and the services it offers.

Reports also suggest that Senator Mark Rubio penned a letter to national security advisor John Bolton requesting the contract be delayed.

“I respectfully request that you direct the delay of an award until all efforts are concluded in addition to evaluating all bids in a fair and open process in order to provide the competition necessary to obtain the best cost and best technology for its cloud computing needs,” Rubio reportedly wrote.

The Joint Enterprise Defence Infrastructure (JEDI) contract is worth $10 billion and the project to renovate the Pentagon’s IT infrastructure into a contemporary cloud-based one could span 10 years.

Microsoft is killing off Skype for business


Connor Jones

31 Jul, 2019

Microsoft is calling time on Skype for Business Online’s as the company tries to promote the adoption of Microsoft Teams.

Support for the collaboration platform will be terminated on 31 July 2021, just 10 years after it was acquired by the Redmond giant. Every new Microsoft 365 customer will be onboarded to Microsoft Teams by default from 1 Septemeber 2019, with no option to select Skype for Business Online instead.

Microsoft said that current Skype for Business Online customers won’t experience any change in service and will be able to add new users as needed until the termination date.

“Over the last two years, we’ve worked closely with customers to refine Teams, and we now feel we’re at the point that we can confidently recommend it as an upgrade to all Skype for Business Online customers,” said James Skay, senior product marketing manager at Microsoft.

“Teams isn’t just an upgrade for Skype for Business Online, it’s a powerful tool that opens the door to an entirely new way of doing business,” he added.

Microsoft has listed a range of product investments it will be making to ensure an easy migration to Teams for businesses that are firmly settled with Skype for Business Online.

One of these will be the upcoming interoperability between Skype for Business Online and Microsoft Teams, coming in the first quarter of 2020. The update will allow customers on both platforms to communicate via calls and text chats.

Other feature requests from Skype for Business Online users will also be honoured in future Teams updates, such as DynamicE911 which forwards detailed location data when making an emergency phone call directly from the platform. Shorter data retention periods will also be in Teams by the end of 2019, so data that shouldn’t remain on the service will be wiped when the user needs it to be.

Contact centre integration and compliance recording solutions are also in Teams already. First announced at Microsoft’s Inspire event earlier this month, recording software used by businesses for regulatory compliance, liability protection and quality assurance is now supported in Teams with more partnerships in the pipeline.

Teams has so far been a very successful product for Microsoft. Earlier this month, the company announced that it has more active users than its main rival Slack, just two years after launching the platform.

Azure revenue surpasses Windows for the first time


Connor Jones

19 Jul, 2019

Microsoft’s cloud business revenue has surpassed income from its Windows arm for the first time ever, with the company’s fourth-quarter financial results demonstrating the strength of its cloud infrastructure and services.  

It’s just one of the many areas that defied analyst expectations as the Redmond-based company excelled across the board, posting revenue hikes in nearly all areas of the business.

There are no exact figures to illustrate how well Azure is doing specifically because Microsoft bundles the figures into its umbrella “intelligent cloud business”. However, the revenue for the company’s cloud arm increased 19% to $11.4 billion, narrowly beating Windows in its “personal computing” business which made $11.3 billion – an increase of 4%.

The prioritisation of cloud services began when Sadya Nadella took the reigns in Redmond back in 2014 and ever since, all-things-cloud have been driving the company’s revenue. 

The one division in decline was Microsoft’s gaming business which pulled down the revenue score for its Personal Computing arm – handing the lead to Intelligent Cloud. Overall gaming revenue declined 10% with Xbox software and services down 3%.

Other than the minor blip in gaming, the future looks healthy for Microsoft. It continues to build on its lead as the world’s most valuable company, a revelation which it announced in April after it surpassed Apple and became valued at over $1 trillion for the first time ever – a feat achieved in no small part to its ever-booming cloud growth.

“It was a record fiscal year for Microsoft, a result of our deep partnerships with leading companies in every industry,” said Satya Nadella, chief executive officer of Microsoft. “Every day we work alongside our customers to help them build their own digital capability – innovating with them, creating new businesses with them, and earning their trust.

“This commitment to our customers’ success is resulting in larger, multi-year commercial cloud agreements and growing momentum across every layer of our technology stack,” he added.

Microsoft currently sits in second place in terms of its market share for cloud business, with Amazon Web Services (AWS) commanding a majority lead. According to Canalys, AWS dominates with a 32.8% market share, Microsoft’s Azure comes in with 14.6% and Google Cloud, which recently pivoted towards hybrid cloud, has 9.9%.

Thousands of sites fall to Magecart ‘spray and pray’ attack


Connor Jones

12 Jul, 2019

More than 17,000 domains have been compromised in an attack launched by the prolific hacking group Magecart, according to attack surface management firm RiskIQ.

The attack preys upon websites with leaky Amazon S3 buckets, an attack method seen all too often despite them now being protected by default. The researchers said that anyone with an AWS account could read or write files in the affected buckets.

The attackers scanned the web for misconfigured buckets to see if they had any Javascript files they could download and add their skimming code, overwriting the script on the bucket.

Magecart was trying to run scripts on websites to glean and make off with payment information that can then be sold on for profit. It wasn’t just smaller websites affected by the attack, some of the 17,000+ compromised websites fell into the top 2,000 Alex rankings.

The problem with the attacker’s methodology is this type of skimming attacks rarely works on payment pages of websites, which makes the chance of a successful attack low compared to a more considered, targeted approach.

But the Magecart group could still enjoy “a substantial return on investment” due to the range of the attack. “The ease of compromise that comes from finding public S3 buckets means that even if only a fraction of their skimmer injections returns payment data, it will be worth it,” said Yonathan Klijnsma, threat researcher at RiskIQ, in a blog post.

“Perhaps most importantly, the widespread nature of this attack illustrates just how easy it is to compromise a vast quantity of websites at once with scripts stored in misconfigured S3 buckets,” he added. “Without greater awareness and an increased effort to implement the security controls needed to protect the content stored in these buckets from theft or alteration by malicious attackers, there will be more – and more impactful – attacks using techniques similar to the ones outlined in this blog.”

Exploiting misconfigured Amazon S3 buckets is a common attack method used time and again by opportunistic cyber criminals.

Earlier in the year, Facebook apps Cultura Collectiva and At the Pool became victims of a similar attack, with the cyber criminals making off with 540 million records, including users’ names, IDs and comments made through Facebook’s social integration.

“Like any other security procedure, security policies are a good mechanism for protecting the access to your S3 Bucket, but it needs to be used the right way,” said Boris Cipot, senior security engineer at Synopsys. “It has to be understood, and the user needs to know what they are doing when applying those policies to their buckets.

“Unfortunately, misconfigured policies then can lead to examples like those where the attacker can identify buckets with those misconfigured policies and modify the content on them,” he added. “Every user should have a good understanding of what they’re doing, but if this is not possible, leave it to professionals that know how to handle security.

“On the other hand it would be nice to see if Amazon could make a policy screening functionality were they could identify such misconfigured policies and warn the user – or in some cases even forbid the usage of loose policies.”

Other notable examples of devastating attacks made possible by leaky buckets include the leak of data belonging 120 American households by Experian. The NSA, WWE and Accenture also suffered similar attacks.

The future looks bright, however. According to reports, since Amazon enabled encryption for buckets by default, the number of exposed files has plummeted to less than 2,000 whereas the number was in the region of 16 million beforehand.

Cloud database management set to soar in coming years


Connor Jones

1 Jul, 2019

The trend involving databases being used for analytics under the ever-popular software as a service (SaaS) model will see 75% of all databases being deployed or migrated to a cloud platform, according to Gartner’s latest predictions.

The IT analyst house also said that just 5% of these will ever be considered by owners to be taken back into on-premise infrastructure as businesses continue to realise the benefits of widespread cloud adoption.

“According to inquiries with Gartner clients, organisations are developing and deploying new applications in the cloud and moving existing assets at an increasing rate, and we believe this will continue to increase,” said Donald Feinberg, distinguished research vice president at Gartner.

“We also believe this begins with systems for data management solutions for analytics (DMSA) use cases — such as data warehousing, data lakes and other use cases where data is used for analytics, artificial intelligence (AI) and machine learning (ML).

“Increasingly, operational systems are also moving to the cloud, especially with conversion to the SaaS application model.”

Research from Gartner shows that worldwide revenue from database management systems was up a significant 18.4% to $46 million and cloud database management systems accounted for 68% of that.

The company also notes that Microsoft and AWS account for more than 75% of the total market growth, indicating a trend towards cloud service providers becoming the new data management platform.

On-premise infrastructure rarely offers built-in capabilities to support cloud integration which is why its growth isn’t as vibrant as its cloud counterparts. The industry is growing, but at a much slower rate and not because of new on-premise deployments, but because of price increases and forced upgrades.

“Ultimately what this shows is that the prominence of the CSP infrastructure, its native offerings, and the third-party offerings that run on them is assured,” said Feinberg. “A recent Gartner cloud adoption survey showed that of those on the public cloud, 81% were using more than one CSP.

“The cloud ecosystem is expanding beyond the scope of a single CSP — to multiple CSPs — for most cloud consumers,” he added.

The UK is adopting the cloud more than others in the EU, according to figures from Eurostat published late last year.

A sixth-place ranking among EU countries for cloud adoption is primarily due to the high rate of British enterprises using some form of cloud service.

British businesses beat the average EU country in this regard by a significant margin, with 41.9% using at least one cloud service compared to the average of 26.2% – a figure beaten only by a handful of Scandinavian nations, Denmark, Sweden and Finland among them.