Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Develop Algorithm To Trace Malware, Epidemics, More

timothy posted more than 2 years ago | from the you-can-observe-a-lot-just-by-looking dept.

Communications 47

hypnosec writes "Want to trace the source of a virus that has infected your computer? Researchers at the Federal Institute of Technology in Lausanne in Switzerland have the answer. The scientists have devised software capable of tracing computer viruses back to their source. Beyond computer viruses, the software can also trace terror suspects, rumor-mongering and even infectious diseases back to their source. Pedro Pinto, one of the researchers, explained that the algorithm works by going through information in a reverse direction back to the original source. He said, 'Using our method, we can find the source of all kinds of things circulating in a network just by "listening" to a limited number of members of that network.' The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the mastermind behind the attacks."

Sorry! There are no comments related to the filter you selected.

Truly astounding detective work (2)

plover (150551) | more than 2 years ago | (#40962517)

From TFA:

Taking social networking sites as another example, Pinto said individuals could use the algorithm to find out who had started a rumour posted to 500 contacts by looking at posts received by just 15 to 20 of them.

In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

The impressed button, I will not be pushing it tonight.

Re:Truly astounding detective work (1)

TubeSteak (669689) | more than 2 years ago | (#40962875)

The impressed button, I will not be pushing it tonight.

3 out of 20 terrorists using their algorithm.
A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

Re:Truly astounding detective work (0)

Anonymous Coward | more than 2 years ago | (#40962941)

Not all of them would have been writing about it. It's not magic.

False positives? (2)

AliasMarlowe (1042386) | more than 2 years ago | (#40962969)

A 15% success rate isn't anything to be crowing about, unless the false positive rate is near zero.

After reading TFS and the articles linked therein, I could find no mention of false positives. This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified. In fact, the articles did not even mention whether the classification was into positive-vs-unclassified, or positive-vs-unclassified-vs-negative. In the latter case, the rate of false negatives would also be of interest.

Re:False positives? (1)

Fnord666 (889225) | more than 2 years ago | (#40965155)

This is a critical issue for any classification system which is attempting to identify a small subset of a large population, especially when there are serious consequences for those identified.

In the lab perhaps this is true. In the field, or at least in the US, the critical issue seems to be whether there are serious consequences for those who are doing the identifying. If misidentification bear no consequences to the identifiers, then false positives are viewed as a minor issue at best.

Re:Truly astounding detective work (0)

Anonymous Coward | more than 2 years ago | (#40963013)

In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

The impressed button, I will not be pushing it tonight.

That's basically why the paper didn't manage to land on Nature/Science/PNAS-like journals -- I can tell you.

Re:Truly astounding detective work (1)

Joce640k (829181) | more than 2 years ago | (#40963041)

In other words, after creating a mathematical model of the right 500 people, and after planting 15 or 20 agents inside that 500 person network and monitoring their network traffic for a while, they were able to trace a rumor back to the originator.

This is exactly the trap that AI programmers fell into in the 1970s. Hindsight is always 20:20.

Re:Truly astounding detective work (0)

Anonymous Coward | more than 2 years ago | (#40963187)

Since it's scientists it carries an official air and will be greedily accepted by the masses*. It is by it's nature trivial to game and it will be enjoyable to point it at those I deem worthy of scorn.

*global warming scientists have shown the way.

Re:Truly astounding detective work (5, Informative)

Anonymous Coward | more than 2 years ago | (#40963355)

Hey guys I'm surprised to find that our paper showed up on slashdot! You can find the paper here: http://www.pedropinto.org (outside a paywall)

The media went a bit overboard with the coverage :) This is the most accurate article describing what the algorithm does: http://physics.aps.org/articles/v5/89

Hope this helps

Re:Truly astounding detective work (0)

Anonymous Coward | more than 2 years ago | (#40963717)

pedropinto.org also has the supplemental material needed in detail. Unfortunately this supplemental material is not available from APS if you aren't associated with a subscribing institution.

Re:Truly astounding detective work (1)

plover (150551) | more than 2 years ago | (#40966697)

Actually it helps a lot. Your paper is far more interesting than the news speculation, as it describes what you did and how to do it, as opposed to how it was applied through the lens of hindsight.

Unfortunately, too many "news" stories try to make their stories interesting by adding crazy speculation about hot topics. "This research uncovered 9/11 conspirators" is far too close to saying "Researchers built a terrorist detector!!!", which is completely untrue, as well as not the point. But it gets people reading their stories.

It seems the hardest part would be testing equality of messages at the nodes. Unless a message was a word-for-word copy, or a "forward" of the original, how would you know that "plane crashes into building", "airliner crashed into skyscraper", and "commercial flight flown into World Trade Center" were all equal messages? It's probably much easier with universally agreed upon topics like "typhoid" or "H5N1".

Anyway, the impressed button, now I will push it.

I don't believe it! (2)

Grindalf (1089511) | more than 2 years ago | (#40962577)

I don't believe this story, I think these kids are fake.

Re:I don't believe it! (1)

benjamindees (441808) | more than 2 years ago | (#40962899)

Pedro Pinto, you think he's fake?

Re:I don't believe it! (1)

gl4ss (559668) | more than 2 years ago | (#40963231)

not fake, just over hyping his product.

you need 20% of participants to be shills in the network. that's not terribly impressive at all. other than that it sounds just like normal logic and what I would have imagined to have been used to look for epidemics origins for maybe hundred years (say, you're monitoring cities a b c d and you know city e is between a and b, a and b get the outbreak simultaneously and c gets it after that and d gets it later, so you presume the outbreak broke out from city e - that's pretty much everything there sounds to be to this).

what I wonder is does it work for tor, probably not, it needs assurance that b received thing from a.

Bad Summary, Slashdot. Here's more information. (4, Informative)

brit74 (831798) | more than 2 years ago | (#40962603)

The articles seem rather scant on details, and the second link seems to be a repost of the same information in the first article. My first inclination was that the story was BS - I couldn't see any way that they can accomplish what they claim to accomplish, so perhaps the news agency just really screwed up the story. After researching a few other articles about this, my judgement is that they're tracing this stuff back to the source based on listening in on messages being sent around a bunch of connected nodes. A number of nodes would need to be monitored in advance (or at least have relatively good time-frames for when it arrived at various nodes) before the information could be traced back.

More articles on the subject:
The Original Article: http://physics.aps.org/articles/v5/89 [aps.org]
A second article with different details: http://www.ibtimes.com/articles/372537/20120810/facebook-rumor-math-terrorism-algorithm.htm [ibtimes.com]

Re:Bad Summary, Slashdot. Here's more information. (1)

SuricouRaven (1897204) | more than 2 years ago | (#40962789)

Not that serious a limitation. The governements of many countries already store a detailed description of all of internet traffic for a period of years. A few of them even admit to doing so.

Pity they don't mention... (1)

AliasMarlowe (1042386) | more than 2 years ago | (#40962995)

It's a pity neither of those editorial articles mentions what the false positive rate is. This is critical.

Actually, they don't even mention whether the algorithm identifies negatives as well as positives (i.e. those who can be ruled out of any follow-up investigations etc.), and if so, what the false negative rate is. This is also critical.

The article itself in Phys. Rev. Lett. [aps.org] is behind a paywall. Maybe it addresses the false positive issue, and the positive vs negative issue.

Good to see someone actually read the original (1)

golodh (893453) | more than 2 years ago | (#40963261)

My compliments: you went back to the original (scientific) article, rather than the editorial articles everyone quotes from. People tend not to do that on Slashdot .. too much effort I fear.

The article is indeed behind a paywall but one of the authors (Pinto) makes it available from his personal website.

Here is the link to the Physical Review Letters article: http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf [amazonaws.com]

and here is the link to some supplemental material like proofs, algorithm, complexity analysis, and application to a cholera outbreak in Kwazul-Natal to locate the source of the outbreak.

Re:Bad Summary, Slashdot. Here's more information. (1)

fa2k (881632) | more than 2 years ago | (#40963433)

Many antivirus companies have honeypots to detect new virii. It would be extremely interesting to independently trace the origin of things like Stuxnet.

Apple support? (0)

Anonymous Coward | more than 2 years ago | (#40962613)

Will this work on my iPad?

Cartman's Mom/Dad (0)

Anonymous Coward | more than 2 years ago | (#40962647)

Maybe with this technology we will finally find out who is Cartman's mom or dad (or both).

Re:Cartman's Mom/Dad (1)

wisty (1335733) | more than 2 years ago | (#40963265)

Maybe with this technology we will finally find out who is Cartman's mom or dad (or both).

No, because the network is almost trivial, due to the large number of connections.

So George Bush, Dick Cheney and who? (1)

Anonymous Coward | more than 2 years ago | (#40962657)

As in the peeps behind 9/11. Sounds like wonderful research. Full scholarships for everybody!

Re:So George Bush, Dick Cheney and who? (0)

Anonymous Coward | more than 2 years ago | (#40962717)

More like Cheney, Rumsfeld and maybe Rove? Bush might be an evil douchebag but brilliant strategist he is not!

Re:So George Bush, Dick Cheney and who? (0)

Anonymous Coward | more than 2 years ago | (#40962951)

Rove was a political strategist, not a hawk. Rabbi Dov Zakheim -- wrote the PNAC document, Pentagon controller on 9/11 (when 2.3 trillion was found "missing"), CEO of defense contractor that built remote aircraft control systems, forced to resign in 2004 after giving Israel another trillion worth of advanced military aircraft.

Re:So George Bush, Dick Cheney and who? (0)

Anonymous Coward | more than 2 years ago | (#40963117)

Not to forget Paul Wolfowitz

Who gains the most? (1)

Sussurros (2457406) | more than 2 years ago | (#40962783)

I have considered this problem previously and what looks to be between doable and feasible quickly falls away in the chaotic face of reality. I believe AC has hit this one right on the head - the quest for grants and scholarships is the only basis for these claims.

GUI interface using Visual Basic? (1, Funny)

NettiWelho (1147351) | more than 2 years ago | (#40962661)

Old News. [youtube.com]

lol noob (-1)

Anonymous Coward | more than 2 years ago | (#40962731)

You completely forgot that the botnet's django root isn't configured to handshake with the kernel's SSH drive. You need to disencrypt the GHM token before you can basic the packet switch, and to do that you need some serious emacs netcat. I hope you've been stockpiling kilobytes, because you're going to need all of them to bruteforce the apache grep's pixel subfilter. But then again, I guess you could try rerouting the keyboard buffer to the SSD SCSI.

Gee, given the 9/11 reference data... (-1)

Anonymous Coward | more than 2 years ago | (#40962673)

It's interesting how much data we had, given the complete lack of response to it.

In fact, the intentionally complete lack of response to it...

They can also ... (0)

Anonymous Coward | more than 2 years ago | (#40962759)

They can also stand on a street corner and by just asking people a simple question they can figure out where they came from, and whether they might be terrorists. Truly brilliant!

Easy to prove if it works (0)

Anonymous Coward | more than 2 years ago | (#40962775)

Trace me. Send me my current whereabouts ftw. Bonus points for GPS coordinates. You have 1 hour. Go.

Re:Easy to prove if it works (1)

AliasMarlowe (1042386) | more than 2 years ago | (#40963185)

Trace me. Send me my current whereabouts ftw. Bonus points for GPS coordinates. You have 1 hour. Go.

You are directly above the center of the Earth.
This representation of your whereabouts is accurate to millimeters. Now pay up...

Re:Easy to prove if it works (0)

Anonymous Coward | more than 2 years ago | (#40963225)

You are directly above the center of the Earth.

Now see, if you'd stopped there you might have raised at least a snigger. +1 internets

This representation of your whereabouts is accurate to millimeters. Now pay up...

But, considering the earth isn't a sphere you displayed at least -2 internets worth of duh, so now you owe me 1 internets.

Those two links. (0)

Anonymous Coward | more than 2 years ago | (#40962881)

The skynews article is horribly had ("The program, also known as an algorithm [...]") and the other link is a poorly done copy/paste of the former on a painfully slow, abusive, and generally bad site.

Where's the research? Papers? Source? Anything? Hello?

Shit, you'd almost get better coverage on faux news. Almost. Can't slashdot do any better?

Move beyond the files - scan/checksum EVERYTHING! (0)

Anonymous Coward | more than 2 years ago | (#40962889)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

* Know your router's firmware may easily be replaced on a hacker's whim?
* Shield all cables against leakage and attacks
* Still use an old CRT monitor and beg for TEMPEST attacks?
* Use TEMPEST resistant fonts in all of your applications including your OS?
* Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
* Use your PC on the grid and expose yourself to possible keypress attacks?
* Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
* Search out informative papers on these subjects and educate your friends and family about these attacks?
* Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof

prescriptions in Spain (-1, Offtopic)

Hazel Bergeron (2015538) | more than 2 years ago | (#40962909)

Can someone please clarify for me whether people in Spain of working age must unconditionally pay 40% of the actual cost of prescriptions?

Doesn't this mean that anyone poor on expensive medication essentially won't be able to afford it? This means that Spain doesn't have a comprehensive healthcare system at all.

master mind? (2)

PieceOfShitAndroid (2538056) | more than 2 years ago | (#40962957)

If the software was able to detect Dick Cheney et al as the master minds behind 9/11, I'll be impressed. Otherwise massive fail.

More... (0)

benjamindees (441808) | more than 2 years ago | (#40962961)

Bitcoins. Wikileaks.

Our OWNERS want us ALL silently ROOTED 24/7! (-1)

Anonymous Coward | more than 2 years ago | (#40962963)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

* Know your router's firmware may easily be replaced on a hacker's whim?
* Shield all cables against leakage and attacks
* Still use an old CRT monitor and beg for TEMPEST attacks?
* Use TEMPEST resistant fonts in all of your applications including your OS?
* Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
* Use your PC on the grid and expose yourself to possible keypress attacks?
* Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
* Search out informative papers on these subjects and educate your friends and family about these attacks?
* Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof

Link to Paper (0)

Anonymous Coward | more than 2 years ago | (#40963007)

http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf

Idiots at APS want $25.00 for something he puts on his own website for free.

My concerns... (-1)

Anonymous Coward | more than 2 years ago | (#40963029)

How do we trace where all the open source fags come from and their AIDS virus?

good post (-1)

Anonymous Coward | more than 2 years ago | (#40963345)

my neighbor's mom brought home $20050 the previous month. she has been making cash on the internet and bought a $395600 house. All she did was get lucky and apply the tips shown on this website http://linkpot.net/christen/

Hilarious (-1)

Anonymous Coward | more than 2 years ago | (#40963487)

"The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the master mind behind the attacks."

That would be Israel and the Mossad, right?

Oh, they "pin-pointed" three suspects who happened to be the ones that JEWS had already told us were behind 9/11?

What a joke.

flawed flawed flawed (1)

tbonefrog (739501) | more than 2 years ago | (#40964283)

Too broke to purchase the original article but the free article says they deal with 'nodes in a plane' and the African example uses waterways so they are essentially using a tree there. These are npot the most complex data structures imaginable.

Also the means of defeating their algorithm is easy to figure out. Just make it look like the virus came from a well-connected user. These are likely pwned already, anyhow.

Magic Algorithms ... (0)

Anonymous Coward | more than 2 years ago | (#40965239)

I don't see how any such algorithm could do such a thing as the data set is incomplete and/or erroneous. Does anyone here remember what HFT and the Blackâ"Scholes model equation did for the world economy.

"The team tested their software on a known data maze to check if their research actually pinpoints the individuals behind the 9/11 attacks and they were able to pin-point three suspects, out of which one was the master mind behind the attacks".

Applied Architectonics of Memetic Knowledge (0)

Anonymous Coward | more than 2 years ago | (#40973249)

Cool. Foucault would be proud. Of obvious utility to historians as well.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?