satelliteSatellites can give us access to high speed Internet in even the most remote locations, such as in the middle of the dessert, on a a boat at sea, or even the Arctic. Unfortunately, with this great convenience, comes a great liability since hackers can easily break into these feeds to use them. Now, a Spanish cyber security researcher named Leonardo Nve, is presenting proof that not only is it easy and cheap (around $75) to hack into and use these satellite connections, but that it’s also easy for hackers to gain access to private networks, intercept satellite Internet users’ requests for web pages, replace them with spoofed sites, and they can do all of this anonymously.

“What’s interesting about this is that it’s very, very easy,” says Nve. “Anyone can do it: phishers or Chinese hackers … it’s like a very big Wi-Fi network that’s easy to access.”

Nve’s research proves that anyone using satellite Internet is not as safe as they think they are. A hacker that knows how to do this can set up fake websites designed to look and act like the real thing and steal your password information or install malicious software on your computer. So far, Nve has tested this out on geosynchronous satellites aimed at Europe, Africa and South America, but he says that there is little doubt that the same tricks would work on satellites facing North America or anywhere else.

What makes these attacks possible is that these satellite’s signals are usually left unencrypted due to logistical and legal issues with scrambling the signal. Encrypting the signal would make it much harder for companies to communicate with each other, and also has to do with the satellites sending out a signal to more than one country at a time. Different countries have different laws that have to do with Internet satellites, and it has been tough making them all agree on the same laws about how this hidden layer of the satellite security should be encrypted.

Even though there is nothing the companies and have nations agreed on yet, and it would take a lot of work, something has to be done. Nve’s work shows us just how vulnerable our satellite Internet is, and that if some ill-intended hackers or enemy states would start using this against us, it could potentially cause a lot of damage to both regular civilians and government agencies using satellite Internet.

(Via Forbes)

Read More →

lock-compIn the never-ending war against shadowy Internet criminals, gangs based in Eastern Europe that electronically break into business computers, steal banking passwords, and transfer the money are a particularly dangerous and mysterious group. With their methods, they are hard enough to defeat as is, but they are also being accidentally aided in their actions through an unlikely source.

A lawsuit was filed on Wednesday in the United States District Court for the Eastern District of Virginia against this group of hackers by Unspam Technologies, an organization that gathers volunteers to discover information about spammers and other online rogues. In a refreshing bit of honesty, the lawyer for Unspam, Jon L. Praed, admits it is very unlikely the company will ever discover the name of these hackers. He claims instead that the purpose of the suit is to obtain the details of the thefts, the names of victims and other information from the compromised  computers in an attempt to increase security. The banks that have been affected by hackers are usually very reclusive in cases like these, therefore inadvertently aiding the hackers. By forcing the banks to give up information, Praed believes that security can be improved and the hackers can possibly be discovered.

Mr. Praed, who is head of the Internet Law Group in Arlington Virginia, has successfully used these “John Doe” suits (so called because the unnamed defendant is identified only as John Doe), to get information from third parties that can be passed to law enforcement and then used on civil suits to go after the main party. Back in 2007, Praed helped Unspam file a suit for the purpose of gathering info on illegal Internet pharmacies and their supporters, though its results are unknown.

“This lawsuit is intended to provide all those being victimized by this massive criminal enterprise the opportunity to come together to gather the data we need to fix the problem at a systems level,” Mr. Praed said.

While it seems that Praed believes he is fighting the good fight, banks may fight back against his subpoenas, even if they’re getting hurt by these hackers.

Banks do not want to get involved in these lawsuits and cases for a number of reasons. They argue that it’s a poor idea to publicize the techniques used by criminals in fraud cases or those meant to thwart them. Wit more information out in the open, it may only lead to more fraud attempts. Banks also want to keep these cases quiet to preserve the confidence and confidentiality of their customers.

“Banks are not the perpetrators of these crimes, and banks are spending tens or hundreds of millions of dollars of industry dollars trying to prevent those acts from taking place,” said Scott H. Frewing, a partner at the Baker & McKenzie law firm, which represents major banks. “The use of John Doe lawsuits to draw them into a civil litigation fight just raises the cost on the banks in a way that the courts may not sanction.”

Mr. Praed said that he hoped his John Doe lawsuit would encourage banks to improve their electronic defenses. “Unless we want to go back to putting our money in a mattress, more needs to be done.”

(Via New York Times)

Read More →