Microsoft targeting Asia with new cybercrime hub

ExpressVNP

Microsoft has stepped up its fight against online crime with the opening of a new global Cybercrime Satellite Centre in Singapore.

The new centre joins Tokyo and Beijing as the third satellite in the area, and the fifth overall, as Microsoft expands upon its Washington DC and Berlin bases.

The primary aim of the new satellite will be to support the fight against online crime in a geographical area that is quickly becoming a hotbed for hackers. With a specific focus on protecting Microsoft assets, it will take aim at malware and botnets.

The facility will lend its services to Southeast Asian and Oceanic countries including India, South Korea, Australia and New Zealand.

Speaking at a press conference on Monday, Richard Boscovich, Microsoft’s assistant general counsel of its digital crimes unit, said:

“One of the reasons we’re opening a center, particularly here is, obviously, Singapore is one of the major financial centers in the world.

A lot of money comes through Singapore, it’s a relatively wealthy nation and criminals follow the money.

They’re in the business of stealing.”

Dedicated to fighting cybercrime

Bosco, as he prefers to be known, also explained how the team works closely with Interpol – which has a centre dedicated to fighting cybercrime located in the area – and will continue to do so when the facility officially opens in April.

Furthermore, Bosco also explained how Microsoft chose to target Asia, saying that the area was experiencing rapid growth in the IT sector, something which had the knock-on effect of amplifying the attention of hackers and other for-profit cyber criminals:

“We look at cybercriminals as business people and they follow [emerging markets] which are economically lucrative.”

He noted how many computer users in the region do not have a security mind-set, *** them particularly susceptible to cybercriminals. The new facility will therefore look into region-specific malware and other threats.

The Singapore centre will run under Microsoft’s digital crimes unit, operating primarily as a support unit, according to Keshav Dhakad, Microsoft’s Asia regional director of digital crimes unit.

The tech firm’s global digital crimes unit, which works in tandem with industry partners, internet service providers and law enforcement agencies, includes more than 100 lawyers, engineers, investigators and forensic analysts, and data scientists located in Europe, the Middle East and Asia.

It also works with computer emergency response teams (CERTs), offering free access to its Cyber Threat Intelligence Program that processes and analyses over 500 million transactions per day for malware infections. It also provides training for third party partners.

Singapore’s Second Minister for Home Affairs and Trade and Industry, S. Iswaran said the country presented a “natural target for cybercriminals” due to its status as a high volume business hub for a range of multinational companies.

He confirmed how both business and government websites had been targeted by attackers in the past few years and suggested the number of attacks could increase in the future as Singapore continues to prosper.

In welcoming the new Microsoft cybercrime satellite centre, Iswaran said:

“The sharing of expertise and information through cross-industry and public-private partnerships is a cornerstone of any effective cybersecurity ecosystem. It is critical that we create an environment of trust where networks can share intelligence expeditiously and partner organizations can discuss measures to tackle threats or prevent similar incidents from taking place”

Microsoft, meanwhile, will remain focused elsewhere even as the new hub opens for business.

Bosco highlighted China and the high rate of infection among machines in the country which he said was due, primarily, to the proliferation of pirated software, including Microsoft’s own operating systems:

“There’s a huge amount of infections within China, and the result of that from our investigative work was that it comes from an unsecured supply chain.

What happens is you’re getting a lot of people infected because of simply buying a computer with pre-installed malware. Sometimes, it’s not even that, it comes with all of the features, such as automatic updates and firewalls disabled.

The minute you put it on the Internet, even if you’re not infected, within hours you will be infected and it just cascades and you’ll see a huge amount of infections in China because of that.”

Featured image: Gajus / Dollar Photo Club

ExpressVNP

The Equation Group, hard drives and the Death Star of malware

ExpressVNP

Researchers at Kaspersky Lab have uncovered a new cyber-espionage toolset that possesses more than a passing resemblance to similar kits used by US intelligence agencies.

In a report released last Monday, the Moscow-based security firm detailed the attack tools which it says were created by the “Equation Group”.

The hacker group, Kaspersky says, successfully infiltrated thousands of government agencies with what it describes as the “Death Star” of malware.

The long list of victims includes military bodies, government and diplomatic institutions, Islamic leaders and thousands of firms across the aerospace, finance, media, energy, and tech industries.

Analysis of the Equation group’s command and control infrastructure revealed how widely spread it has become, featuring some 300 domains as well as over 100 servers located in the US, UK, Italy, Germany, Panama, Costa Rica, Malaysia, Colombia, the Czech Republic and many others.

Kaspersky described a collection of tools utilised by Equation, naming them as:

  • EQUATIONDRUG – A very complex attack platform used by the group on its victims. It supports a module plugin system, which can be dynamically uploaded and unloaded by the attackers.
  • DOUBLEFANTASY – A validator-style Trojan, designed to confirm the target is the intended one. If the target is confirmed, they get upgraded to a more sophisticated platform such as EQUATIONDRUG or GRAYFISH.
  • EQUESTRE – Same as EQUATIONDRUG.
  • TRIPLEFANTASY – Full-featured backdoor sometimes used in tandem with GRAYFISH. Looks like an upgrade of DOUBLEFANTASY, and is possibly a more recent validator-style plugin.
  • GRAYFISH – The most sophisticated attack platform from the EQUATION Group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup.
  • FANNY – A computer worm created in 2008 and used to gather information about targets in the Middle East and Asia. Some victims appear to have been upgraded first to DoubleFantasy, and then to the EQUATIONDRUG system.
    Fanny used exploits for two zero-day vulnerabilities which were later discovered with Stuxnet.
  • EQUATIONLASER – An early implant from the EQUATION group, used around2001-2004. Compatible with Windows 95/98, and created sometime between DOUBLEFANTASY and EQUATIONDRUG.

Kaspersky researchers also warned that the list of tools was unlikely to be exhaustive, suggesting Equation may still have more surprises to spring.

Worryingly, some of the tools discovered by Kaspersky have similarities with old favourites including the Flame malware and Stuxnet which targeted Iranian nuclear reactors under the direction of US President Barack Obama.

The Equation tools were discovered on “dozens of popular HDD brands” and, according to Costin Raiu, director of Kaspersky Lab’s global research and analysis team, were able to remain both undetected and irremovable – the malware infected the firmware on drives, allowing it to “resurrect” itself, even after a drive was reformatted or the operating system was reinstalled.

Raiu explained:

“Once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware/firmware area, but there are no functions to read it back.

It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”

Using the Grayfish tool, Equation also creates a hidden and persistent area on a hard drive which is then used to save stolen data which can be collected at a later time by the attackers and used for breaking encryption protocols. Raiu explained how Grayfish runs at boot, *** the capture of encrypted passwords a relative breeze.

Network access to machines is not even an essential prerequisite to getting Equation on to a drive – Raiu explained that the Fanny component was of particular interest because it had the ability to bypass airgap defences and could be propagated via a “unique USB-based command and control mechanism,” using USB sticks with a hidden partition that could be used to collect system data from a system when installed and activated.

When the USB stick is later plugged into a system with internet connectivity it will forward the stored data to its command and control servers.

Kaspersky began trailing the Equation group after analysing a computer belonging to a Middle East research institute in 2008. It discovered the Fanny component being used to attack unknown vulnerabilities with two zero-day exploits, both of which were later discovered to be coded into Stuxnet.

Despite such a strong digital likeness to components of Stuxnet, a spokesperson for the NSA would not confirm US involvement in Equation, saying that the agency was aware of the report but was unwillingly to discuss or pass any comment upon it.

Featured image: Ian Bunyan / Public Domain Pictures.net

ExpressVNP

Solve for “X”: Equation Group hackers leave more questions than answers

ExpressVNP

Stuxnet and Flame are two of the most well-known malware operations in the world, but according to a new report from security company Kaspersky Lab, both may owe their existence to an ever more secretive organization: The Equation Group. As noted by a recent Ars Technica article, these hackers have been flying under the radar for the past 14 years and had a hand in the development of nearly every piece of high-profile malware ever developed. And while their activities are finally coming to light, these new discoveries leave more questions than answers.

Familiar Parentage

Citizens of the United States aren’t exactly enamored with the National Security Agency (NSA), especially after the recent Snowden revelations. And while the Kaspersky Lab report stops short of calling out NSA brass as those in charge of the Equation Group, they found “detailed evidence” that implicated the spy agency. For example, there’s a highly-advanced keylogger among Equation Group tools called “Grok” in the source code; Snowden-leaked documents also refer to a Grok keylogger developed by the NSA. What’s more, NSA malware called “STRAITBIZZARE” bears a strong resemblance to platforms named “STRAITACID” and “STRAITSHOOTER” in Equation Group documents. Add in the fact that Snowden said STRAITBIZZAR could be turned into a “disposable shooter” and the connections seem like more than mere coincidence.

So what has the Group been doing all these years, and how did they finally get caught? More importantly, what kind of risk do they pose?

A Long History

In 2002 or 2003, the Group intercepted an Oracle Database installation CD in transit, infected it with a malicious payload and then had it delivered. In 2009, they did the same thing to a group of high-profile scientists — the researchers had recently attended a conference in Houston and received a CD containing pictures and lecture materials. It also contained malware designed to keep track of their activities. All told, Kaspersky Lab reports that the Equation Group has perpetrated at least 500 infections across 42 countries including Iran, Russian, India and the United States. What’s more, they’ve developed some of the most potent malware on the planet.

It all started with Equation Laser in 2001, then Equation Drug and DoubleFantasy between 2004 and 2008. Next came Fanny, GrayFish and Grok Keylogger; more recently the Group released GrayFish 2.0 and Triple Fantasy. Each type of malware had a specific function and target in mind — Fanny, for example, was meant to compromise “air gapped” machines; those that were not connected to the Internet or other devices. By designing malware that could be hidden and transported on a USB stick, it was possible for the Equation Group to infect computers anywhere, anytime. Simply put, no other malware group could keep up. Costin Raiu of Kaspersky Lab says the “Equation Group are the ones with the coolest toys.”

Getting Caught?

Most hackers and malware creators slip up eventually. A recent RT article talks about the FBI grabbing two of their most-wanted cyber criminals in Pakistan earlier this month. The two had been arrested in 2012 but disappeared after extradition efforts failed; just three year later and they’re back in custody. The Equation Group is much more sophisticated, but apparently they’re not immune to mistakes. Their biggest slip-up was to let several server domains expire, domains which were quickly picked up by security researchers. This allowed them to discover a host of malware types and start to get some sense of the Group’s scope of work. But unlike the FBI’s most-wanted, there are no names and no faces attached to the Equation Group. In fact, a recent Mashable article warns that if your personal devices somehow get infected by Group malware, the only way to be safe is by destroying them outright; no antivirus scan can combat these threats.

Scared Straight

So what’s the risk level for everyday users? Low-to-medium. Equation Group malware is used to carry out targeted attacks on corporations and countries of interest; personal data isn’t of much use. But it’s worth noting that the Group won’t hesitate to use personal devices as middlemen to reach high-priority targets. This makes it a good idea to protect your browsing and computing habits with a secure connection and VPN — no sense giving the Group a reason to poke around in your digital life.

They may be partially uncovered but they’re not caught, so this equation is far from solved.

Featured image: iampixels / Dollar Photo Club

ExpressVNP

Hacktivism and vandalism were the main motivations for DDoS attacks last year

ExpressVNP

Distributed denial of service (DDoS) attacks are growing in size, frequency and complexity, according to the latest Annual Infrastructure Report from Arbor Networks.

The security vendor’s 10th Annual Worldwide Infrastructure Security Report (WISR) highlights how the largest reported attack of the year was a was a whopping 400Gbps, some fifty times the size of the biggest attack noted in the 2004 report. With another nine events logged at over 100Gbps over the course of last year, the size of the attacks certainly is significant.

The company also notes how, in 2013, just over a quarter of respondents to its survey had experienced over 21 attacks per month. By this year that figure had risen to 38 percent.

DDoS attacks: the targets

Of the 287 respondents, 90% said the DDoS attacks experienced by their organisations were at the application level while multi-faceted attacks including volumetric, application layer and state exhaustion techniques were seen by 42% of the surveyed organisations.

Unsurprisingly, perhaps, over a quarter of respondents said they had seen attacks which targeted cloud services.

Data centers were a target often picked out by attackers and their efforts had a large impact too – more than a third of operators saw attacks which completely exhausted their bandwidth which led not only to a loss of business but collateral damage too.

Enterprises suffered at the hands of DDoS attacks too though with almost half of Arbor’s survey respondents saying they saw attacks over the preceding 12 months. In two fifths of those attacks the organisations internet connectivity was completely saturated.

Many companies unprepared for DDoS attacks

Despite the increase in DDoS attacks and their severity, many companies remain ill-prepared with 10% of respondents saying they were totally unprepared to respond to an incident. Only 40% of those surveyed said they well adequately prepared to respond to such an attack vector.

Commenting on the findings, Arbor Networks Director of Solutions Architects Darren Anstee said:

“In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files. Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now.”

What’s the motive?

But it’s not just corporate entities that need to be wary of distributed denial of service attacks. Beyond the report’s understandable interest in the corporate sector, Arbor also revealed how non-financial reasons were in fact the biggest motivator for such attacks.

As per the previous three years of reporting, vandalism and the promotion of ideological hacktivism remained popular reasons for these types of attack.

Another perennial favourite, gaming, the report said, “has gained in percentage, which is no surprise given the number of high-profile, gaming-related attack campaigns this year,” concluding that DDoS-for-hire services were often employed by gamers to settle scores or grudges against other players.

For such people DDoS attacks were a favoured means of attack due to the relative ease of pulling them off or of finding such services for hire.

Arbor notes that many of the biggest such attacks take advantage of popular household hardware including games consoles, routers and modems which can be compromised via the Simple Service Discovery Protocol, part of the UPnP standard. Such devices often pose a tempting target due to their reliance on default login credentials and owners’ reluctance to change them.

Featured image: Gajus / Dollar Photo Club

ExpressVNP

Is ransomware the greatest highway robber of the 21st century?

ExpressVNP

The days of a Dick Turpin type of character pulling you over on the side of the road and demanding your valuables in return for sparing your life are thankfully long gone but highway robbery has never really disappeared. It has instead morphed into another type of crime in which money is demanded with menaces – ransomware.

What is ransomware?

Ransomware is an internet-related crime that has largely flown under the radar. Whilst recent high profile events such as the Sony hack have revealed the hacker’s penchant for trying to extort money from their victim, and the last few years have seen an increase in the number of people and organizations coming forward to bemoan CryptoLocker, it is a crime that is almost as old as the internet.

The first known instance arrived in 1989 and was known either as PC Cyborg or the “AIDS” Trojan. Much like newer variants, it encrypted files on the victim’s hard drive, saying that a software license had expired. “PC Cyborg Corporation” then offered a way out – the unlocking of the files for a mere $189.

More recently, CryptoLocker has proven to be a bane for PC users around the world, locking up drives with RSA public-key cryptography, until such time as a payment of around $400 was handed over in return for their unlocking.

Other recent forms of ransomware include the RIG exploit kit which first appeared around April 2014. By adopting malicious advertising techniques – known as malvertising – the kit delivers Cryptowall, another form of malware that relies upon encryption with a 2048-bit RSA key.

Similarly, OphionLocker emerged last year, and is spread in much the same way that Cryptowall is. Using advanced elliptic curve cryptography it demands payment in Bitcoins and utilizes a Tor2web URL to provide the victim with instruction on how to pay in a manner that is incredibly hard to track or close down.

So how do you protect your devices, money and data from such an insipid attacker?

Frustratingly the means of protection and mitigation are rather *** so it is quite the surprise that so many people still fall victim to this type of extortion.

For some people the thought of paying the ransom may seem like a good idea. Whilst we’re sure that some people may have actually got their data back by doing so, reports of such online are few and far between. Handing cash over to the criminals will simply encourage them to continue, may lead to you being targeted again with other types of attack and goes onto finance who knows what.

How to protect yourself from ransomware

It’s much better then to ensure that you don’t become a victim in the first place and below are some tips on how to do just that:

  • A VPN can help protect against malware.
  • Security software is the backbone of a good defense – as long as the user keeps their program fully up to date with the latest virus signatures – but it doesn’t offer 100% protection. The time it takes security vendors to block new threats is ever shortening but it is still a game of catch-up nonetheless.
  • Therefore, it is essential that you also keep your other software fully patched and up to date and, more crucially, the importance of *** regular backups cannot be emphasized enough. Nor can the need to test those backups to ensure that they have worked.
  • For those of you working in a business environment it is also worth pointing out the value of training your staff so that they are aware of the risks. A general level of security awareness should guide them away from the more obviously risky activities that could lead ransomware onto your system.
  • Similarly, those of you with partners and children who share your machine, or have ones of their own, may wish to explain some security basics to them in order to lessen the chances of them clicking on or opening something they may later regret.
  • Finally, do not let the platform you are on dictate your desire to address the risk of ransomware – Europol have previously warned that criminals are not just targeting Windows machines – they also have a keen interest in mobile devices and Apple computers too.

Featured image: Andrey Armyagov / Dollar Photo Club

ExpressVNP

Happy Year of the Sheep!

ExpressVNP

From everyone at ExpressVNP, we wish you a happy and prosperous Year of the Sheep!

For many of our users, this is a very special celebration. Friends and family will gather, fireworks will be lit, and delicious food will be eaten as we ring in the new year.

Get ExpressVNP today to secure your Internet and wish your friends and family a Happy New Year on Facebook, YouTube, and more.

You can download ExpressVNP on your Windows computer, Mac, iOS, or Android. You’ll enjoy lightning-fast speeds and reliable service.

Don’t just take our word for it. Read the reviews and get ExpressVNP today.

Happy Year of the Sheep! (Ram! Goat!)

Featured image: J. Jones / ExpressVNP

ExpressVNP

The Internet of Things and your right to a private life

ExpressVNP

“Technology is nothing. What’s important is that you have a faith in people, that they’re basically good and smart, and if you give them tools, they’ll do wonderful things with them” – Steve Jobs.

The Internet of Things (IoT) is very much here and it’s likely to be around for quite some time.

On the face of it, an interconnected network of every day devices sounds both good and smart but is our faith in such devices and the people who create them well-placed?

As a privacy-minded organization, we have our doubts.

The essence of the problem is the fact that manufacturers of so-called ‘smart’ devices have two main motivations – the need to make a compelling product that sells and the often greater need to make a financial profit.

With that in mind, you have to ask where their interests lie – is it in privacy and security or in generating a return on investment?

The trouble with wearable IoT

The first problem with IoT from an article writing point of view is the fact that there are so many devices which now fall under that umbrella, from watches to fitness trackers and television sets to fridges and many, many other devices besides.

With that in mind, we are only looking at a few of them today but that doesn’t mean to say that you should instantly assume that other ‘smart’ devices are any different.

So, if we first look at what is arguably the gadget de jour – the wearable fitness tracker (and the same applies for the so-called ‘smart’ watch) – what can we learn?

The first point, and the most salient, was made very eloquently indeed by an August 2014 report from Symantec in which the security vendor highlighted how the cost of tracking such devices was a mere drop in the ocean when compared with the cost of actually purchasing one.

For just $75 Symantec researchers were able to build a tracker using a Raspberry Pi, a Bluetooth 4.0 adaptor, an SD card and a battery pack. Once completed, the homemade tracker was taken to public locations in Switzerland and Ireland and used to passively scan the airwaves and pluck out device serial numbers or other identifying information which could be used to track the wearer, prompting researchers to say:

“In our testing, we found that all the devices we encountered can be easily tracked using the unique hardware address that they transmit. Some devices (depending on configuration) may allow for remote querying, through which information such as the serial number or a combination of characteristics of the device can be discovered by a third party from a short distance away without *** any physical contact with the device.”

Worse than that, the researchers also dug deeper into wearable devices, discovering that the associated apps often contacted multiple domains, leaked data and had questionable privacy policies that gave the impression that developers were either not taking privacy seriously or had not thought through their policies – a sign, perhaps, that profit comes before people?

Therefore, as the report suggests, the use of wearable tech is not synonymous with privacy and any reader concerned about the latter would be well advised not to purchase the former.

The trouble with household IoT

But wearable devices are not the only devices that fall under the IoT heading – household appliances do too, often with unfortunate side effects.

The previously mentioned fridge is a good example. Back in January 2014 a large-scale global cyber attack was under way. Law enforcement knew they weren’t looking for the stereotypical spotty, nerdy kid in his mum’s basement though – they had an altogether different type of suspect in mind.

Described as white and barely three feet tall, the accused was in fact an IoT refrigerator who stood accused of sending out over three quarters of a million spam emails. Not on his own mind – he had help – from 100,000 other similarly connected household gadgets.

While a spam run is hardly a threat to your privacy, it is a damn big nuisance and an indicator of how household devices can be used for purposes beyond those which they were built for.

Take for instance the humble TV set.

Back in November 2013 The Register reported how supposedly smart TVs from Korean manufacturer LG were too clever by far.

By dialling home every time the user changed channel it could actually be argued that the TV set was watching more than the viewer themselves.

Worse than that, it was also discovered that media files played on the set via inserted USB sticks were also fair game – the names of files were also sent back to South Korea. While some LG-owning viewers were probably not too fussed about who knew they were watching videos of their cat, or looking at a collection of dodgy selfies, purveyors of adult ‘art’ may have been less enthusiastic about LG being aware of their late night viewing pleasures.

What do we think of IoT

By now you have probably guessed that we here at ExpressVNP are not the biggest fans of the Internet of Things.

While some of the devices could well satisfy our inner geek, the accompanying privacy concerns shatter our faith in smart people doing good things with them.

We don’t like the idea of being tracked via our watches or fitness devices and we’re even less keen on how the data from those devices can end up on third, fourth or even fifth party websites, either through the implementation of unclear privacy policies, or through potential security issues at data storage centers.

We like our milk cold but we don’t want our fridge taking advantage of our hospitality by offering Viagra to our friends, family members and other online contacts.

And we certainly don’t want our TV set to know what we watch at night, however wholesome our viewing habits are.

And we definitely, definitely do not want any association with the new breed of devices that offer to help us with our after-TV activities thank you very much. It’s not only because we don’t need any help in that area, it’s also because we know how data can end up in the wrong hands and we don’t know what would be worse – strangers seeing how we ‘perform’ or medical insurance companies knowing about our pedestrian or risk-fuelled private lives.

Coping with the Internet of Things

To conclude, the Internet of Things is interesting but it is scary too.

Gadgets and gizmos appeal to many people and there is and will be a huge level of interest in just about anything that can connect to the internet in order to help us get fitter, save money or help us bring a little control to our otherwise chaotic lives.

So we know some of you will dabble, even though we don’t think you should.

With that in mind, here are some damage limitation tips (if you though we were going to offer tips on how to stay completely safe with the IoT then you probably should keep well away from it):

  • Always lock any internet-enabled device with a screen lock or password to prevent unauthorized access
  • Never, ever, ever, use the same password more than ONCE. Every account and device you have should have a unique and hard to guess password that does not contain names or pathetic excuses for security such as the ever-popular “123456”
  • If your device is Bluetooth-enabled switch it off when not in use
  • Read privacy policies carefully, especially in regard to how data is stored, used and who it is shared with. If third parties can gain access to your data read their privacy policies too
  • Never share too much information with a connected device or associated website
  • If you are using a device that allows you to share results or other data with social sites think carefully before doing so – if you put fitness data online, for example, then anyone can (and will) read it
  • Does your IoT device note location data? If so, make sure it isn’t sharing it unnecessarily
  • Is your device telling you that an app or operating system update is available? What are you waiting for – install it now
  • Can you add a security solution to your device? If so, do so
  • Can your device make use of encryption technology? You know what you need to do.

Featured image: dragonstock / Dollar Photo Club

ExpressVNP

Terror in the skies? New malware clips drone wings

ExpressVNP

Are drones the answer to manned surveillance flights and retail deliveries? Both governments and companies like Amazon have been working hard to sell this line but have been met with stiff resistance. Citizens are understandably concerned about the risks posed by both public and private drones — a concern that seems more justified than ever, thanks to the release of new malware that can hijack these flying devices mid-flight. Has the dream of drone-filled skies become a nightmare?

Going Down!

According to a recent Forbes article, a new strain of malware called “maldrone” is now *** the rounds, courtesy of India-based Citrix security engineer Rahul Sasi. Using previous drone hacking techniques as a starting point, Sasi devised a piece of malware which bypasses the device’s application programming interface (API) and instead goes directly for the autonomous decision-*** unit — effectively the drone’s “brain”.

While Sasi’s method only works in close proximity, he claims it will work across multiple drone types, from standard Parrot ARs to models like the DJI Phantom. In a video posted to YouTube, Sasi shows the hack taking place in real-time and what happens when he issues a “kill command”, causing the drone to shut off and fall from the sky. This is the real terror in his discovery: While previous attempts focused on giving control to other pilots or malicious attackers, Sasi’s effort is focused on drone sensor communication as a way to fully transfer control to a remote desktop or mobile device. Yikes!

As noted above, this isn’t the first time drones have been infected with malware. In 2013, Gizmodo reported that security researcher Sami Kamkar created the “SkyJack” malware package, which used a Parrot AR and Raspberry Pi attachment to infect other drones as it flew, creating an army of remote-controlled robots. And in 2012, James “substack” Halliday created a Virus-Copter to infect nearby drones and redeploy them as autonomous infectors.

Crash and Burn

But is all theoretical, right? Not quite. The Verge reports that on January 26th, a DJI Phantom drone crashed on the White House grounds. This prompted a response from President Obama calling for improved drone regulation, and drone maker DJI said it is introducing mandatory firmware that will prevent its drones from flying over the DC area. While it appears that no malware was involved in this case — the pilot told secret service agents he was drinking — the increased use of drones by private citizens and for public use makes legitimate hacking an inevitability.

In fact, malware has already infected official Air Force Predator and Reaper drones — as reported by Naked Security, in 2011 a piece of unknown keylogging code was detected in these aircraft as they flew over Afghanistan. Defense officials said they could not determine the code’s origin or keep drones clean, since after every deletion the malware reappeared.

Air Patrol

Beyond drones, there’s also the risk of malware infecting traditional aircraft. We Live Security reports that while some experts think that hacking planes in mid-flight is either difficult or impossible, the increasing amount of wireless technology used on board only makes it a matter of time. As a result, researchers are looking to develop networks that can “reconfigure” themselves around malware once it has been detected and prevent any loss of control. It’s also worth noting that in 2010, a Spanish commercial aircraft was brought down in part because of malware that prevented on-board safety systems from warning pilots that the plane’s flaps and slats were retracted upon takeoff.

Drone-ing On

Despite potential malware issues, drone makers and delivery services like Amazon continue to push ahead with autonomous flying research. In fact, the retail giant just released a stern letter warning the US that if test flight standards don’t loosen, they’ll divert testing resources and potential revenue to the UK.

Bottom line? Because something hasn’t happened, doesn’t mean it won’t. Just as the idea of search companies tracking your browsing habits and governments monitoring your IP address seemed like the stuff of science fiction just a few years ago, the idea of malware-infected drones only seems remote because it hasn’t happened at large scale. But with pilots drunk-flying onto White House grounds and researchers working to prove that any device, anywhere is a risk, you may want to keep one eye on your digital privacy — and the other on the sky.

Featured image: funkyfrogstock / Dollar Photo Club

ExpressVNP

How to watch the Six Nations live on BBC iPlayer from abroad with a VPN

ExpressVNP

Are you a rugby fan who’s having trouble streaming your favorite matches? With a VPN, you can stream without having to worry about slow speeds or network throttling!

Use ExpressVNP to secure your Internet connection while you watch the greatest Rugby tournament of the year.

You can even stream live content from BBC iPlayer straight to your PC, Mac or even iOS and Android phone or tablet devices.

How to stream the Six Nations tournament with ExpressVNP

It’s as easy as 1, 2, 3. Just follow these steps:

  1. Purchase an ExpressVNP subscription.
  2. Download our ExpressVNP app on the device of your choice. We’ll also send you an email with a download link once you’ve purchased a subscription.
  3. Connect to a VPN server where the Six Nations is being broadcast.
  4. Sit back, relax, and enjoy the 6 Nations!

Six Nations Fixtures

Last updated Friday 3rd February 2017, all times in GMT.

Saturday 4th February 2017

14:25 Scotland v Ireland
16:50 England v France

Sunday 5th February 2017

14:00 Italy v Wales

Saturday 11th February 2017

14:25 Italy v Ireland
16:50 Wales v England

Sunday 12th February 2017

15:00 France v Scotland

Saturday 25th February 2017

14:25 Scotland v Wales
16:50 Ireland v France

Sunday 26th February 2017

15:00 England v Italy

Friday 10th March 2017

20:05 Wales v Ireland

Saturday 11th March 2017

13:30 Italy v France
16:00 England v Scotland

Saturday 18th March 2017

12:30 Scotland v Italy
14:45 France v Wales
17:00 Ireland v England

Who are you cheering for? Leave a comment and let us know what you think the scores and results will be!

Featured image: Diego Barbieri / Dollar Photo Club

ExpressVNP