Connect with us

Biz & IT

Fancy Bear imposters are on a hacking extortion spree



Travelex didn’t pay the ransom this time and instead weathered a DDoS attack the hackers launched as a sort of warning shot and then a second barrage. “Whoever’s behind this probably thought that Travelex must be a soft target based on what happened at the beginning of the year,” says Greg Otto, a researcher at Intel471. “But why would you hit a company that has probably gone through the effort to shore up their security? I understand the logic, but also I just think there are holes in that logic.” Travelex did not return a request from WIRED for comment about the August extortion attempt.

Extortion DDoS attacks have never been especially profitable for scammers, because they don’t have the visceral urgency of something like ransomware, when the target is already hobbled and may be desperate to restore access. And though this has always been a weakness of the strategy, the threats are potentially even less potent now that robust DDoS defense services have become widespread and relatively inexpensive.

“Generally speaking, DDoS as an extortion method isn’t as profitable as other types of digital extortion,” says Robert McArdle, director of forward-looking threat research at Trend Micro. “It’s a threat to do something as opposed to the threat that you’ve already done it. It’s like saying, ‘I might burn your house down next week.’ It’s a lot different when the house is on fire in front of you.”

Given the spotty effectiveness of extortion DDoS, attackers are invoking the notorious state-backed hacking groups in an attempt to add urgency and stakes. “They’re fear-mongers,” says Otto. And the attacks likely work at least occasionally, given that attackers keep returning to the technique. For example, Radware noted that in addition to impersonating Fancy Bear and Lazarus Group, attackers have also been going by the name “Armada Collective,” a moniker that extortion DDoS actors have invoked numerous times in recent years. It’s unclear whether the actors behind this incarnation of Armada Collective have any connection to past generations.

Though most organizations with resources for digital defense can protect themselves effectively against DDoS attacks, researchers say it’s still important to take these threats seriously and actually invest in strong protections. The FBI reinforced this message in a bulletin at the beginning of September about actors pretending to be Fancy Bear. It reported that at the beginning of August, thousands of institutions around the world began receiving extortion notes.

“Most institutions that reached the six-day mark did not report any additional activity or the activity was successfully mitigated,” the FBI wrote. “However, several prominent institutions did report follow-on activity that impacted operations.”

While the attacks may not be as crippling for most targets as ransomware can be, they still pose a nagging threat to organizations that don’t have adequate DDoS defenses in place. And with so many other types of threats to navigate, it’s easy to imagine that the scare tactics could work often enough to make it all worth attackers’ while.

This story originally appeared on

Continue Reading

Biz & IT

SpaceX Starlink public beta begins: It’s $99 a month plus $500 up front



Enlarge / A SpaceX Starlink user terminal/satellite dish.

SpaceX has begun sending email invitations to Starlink’s public beta and will charge beta users $99 per month plus a one-time fee of $499 for the user terminal, mounting tripod, and router. The emails are being sent to people who previously registered interest in the service on the Starlink website. One person in Washington state who got the email posted it on Reddit. Another person who lives in Wisconsin got the Starlink public-beta invitation and passed the details along to Ars via email.

SpaceX is calling it the “Better Than Nothing” beta, perhaps partly because the Starlink satellite service will be most useful to people who cannot get cable or fiber broadband. But the email also says, “As you can tell from the title, we are trying to lower your initial expectations.”

The rest of the email reads as follows:

Expect to see data speeds vary from 50Mbps to 150Mbps and latency from 20ms to 40ms over the next several months as we enhance the Starlink system. There will also be brief periods of no connectivity at all.

As we launch more satellites, install more ground stations, and improve our networking software, data speed, latency, and uptime will improve dramatically. For latency, we expect to achieve 16ms to 19ms by summer 2021.

The Starlink phased-array user terminal, which is more advanced than what’s in fighter jets, plus mounting tripod and Wi-Fi router, costs $499 and the monthly subscription costs $99.

The email then provides a link for ordering service. There is apparently no data cap. A Starlink mobile app to help beta users set up and manage the service also just went live on Apple’s App Store and Google Play.

There’s another Reddit thread with speculation on when user terminals (i.e., satellite dishes) will arrive at people’s homes, but we haven’t seen any firm delivery dates.

“Worth it!”

Another Reddit commenter who lives in Washington State wrote that ordering the public beta came out to nearly $600 including a $50 shipping fee and tax. “Then I had to place a second order for the ridgeline mount for another $100. Worth it!” the person wrote.

While the standard startup kit comes with a tripod mount for the user terminal, two types of roof mounts are sold as optional extras. The Reddit thread includes links to PDFs of Starlink’s instructions for setting up the ridgeline mount or “volcano mount.”

Installing either mount on a roof is a lot more work than indicated by SpaceX CEO Elon Musk’s statement that users only have to plug the terminal in and point it at the sky. But users could also try placing the terminal in a location with a clear view of the sky, without a special roof mount.

It’s not clear whether the beta pricing is the same as what SpaceX will charge during general availability. We also don’t know how many people got the sign-up emails or have a full list of states where it’s available. We contacted SpaceX with several questions this morning and will update the article if we get a response.

The public beta was preceded by a limited beta that was provided to users for free. Musk recently said that the public beta will be for the northern US and “hopefully” southern Canada. SpaceX plans to provide Starlink to a school district in Texas in early 2021, but that doesn’t mean the public beta is available to anyone in the south. The wait may not be too long, though, as SpaceX has said it will reach “near global coverage of the populated world by 2021.”

Continue Reading

Biz & IT

Study shows which messengers leak your data, drain your battery, and more



Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews.

When a sender includes a link in a message, the app will display the conversation along with text (usually a headline) and images that accompany the link. It usually looks something like this:

For this to happen, the app itself—or a proxy designated by the app—has to visit the link, open the file there, and survey what’s in it. This can open users to attacks. The most severe are those that can download malware. Other forms of malice might be forcing an app to download files so big they cause the app to crash, drain batteries, or consume limited amounts of bandwidth. And in the event the link leads to private materials—say, a tax return posted to a private OneDrive or DropBox account—the app server has an opportunity to view and store it indefinitely.

The researchers behind Monday’s report, Talal Haj Bakry and Tommy Mysk, found that Facebook Messenger and Instagram were the worst offenders. As the chart below shows, both apps download and copy a linked file in its entirety—even if it’s gigabytes in size. Again, this may be a concern if the file is something the users want to keep private.

Link Previews: Instagram servers download any link sent in Direct Messages even if it’s 2.6GB

It’s also problematic because the apps can consume vast amounts of bandwidth and battery reserves. Both apps also run any JavaScript contained in the link. That’s a problem because users have no way of vetting the security of JavaScript and can’t expect messengers to have the same exploit protections modern browsers have.

Link Previews: How hackers can run any JavaScript code on Instagram servers.

LinkedIn performed only slightly better. Its only difference was that, rather than copying files of any size, it copied only the first 50 megabytes. Haj Bakry and Mysk reported their findings to Facebook, and the company said that both apps work as intended.

Meanwhile, when the Line app opens an encrypted message and finds a link, it appears to send the link to the Line server to generate a preview. “We believe that this defeats the purpose of end-to-end encryption, since LINE servers know all about the links that are being sent through the app, and who’s sharing which links to whom,” Haj Bakry and Mysk wrote.

Discord, Google Hangouts, Slack, Twitter, and Zoom also copy files, but they cap the amount of data at anywhere from 15MB to 50MB. The chart below provides a comparison of each app in the study.

Talal Haj Bakry and Tommy Mysk

All in all, the study is good news because it shows that most messaging apps are doing things right. For instance, Signal, Threema, TikTok, and WeChat all give the users the option of receiving no link preview. For truly sensitive messages and users who want as much privacy as possible, this is the best setting. Even when previews are provided, these apps are using relatively safe means to render them.

Continue Reading

Biz & IT

SpaceX Starlink to go South for first time with planned deployment in Texas



Enlarge / Starlink logo imposed on stylized image of the Earth.

SpaceX has agreed to provide Internet service to 45 families in a Texas school district in early 2021 and to an additional 90 families later on, the school district announced last week. The announcement by Ector County Independent School District (ECISD) in Odessa said it will be the “first school district to utilize SpaceX satellites to provide Internet for students.”

“The project will initially provide free Internet service to 45 families in the Pleasant Farms area of south Ector County,” the district said. “As the network capabilities continue to grow, it will expand to serve an additional 90 Ector County families.”

The Texas location is notable because the ongoing, limited Starlink beta exists only in the northern US, and SpaceX CEO Elon Musk has said an upcoming public beta will only be for the northern US and “hopefully” southern Canada. SpaceX has over 700 Starlink satellites in orbit, and will be able to expand the service area as it deploys more of the nearly 12,000 it has been authorized to launch. In Washington state, Starlink has been deployed to rural homes, a remote tribe, and emergency responders and families in wildfire-stricken areas.

The ECISD announcement said the service will begin “early in 2021” without saying exactly when, but an article by the Odessa American newspaper said it will be in January. The total project cost is $300,000, half of which is being provided by Chiefs for Change, a nonprofit group for school-district leaders, according to the Odessa American. Families who are selected will get Internet service for free for one year, the report said.

It’s not clear whether any of the money is going to SpaceX. The school district has some costs, as it plans to “identify the families [who will get service] and facilitate delivery of the necessary equipment to those homes.”

No word on other Southern US locations yet

The timeline for wider Starlink availability in the American South is still unknown. We asked SpaceX if it plans to deploy Starlink in any other Southern locations in early 2021, and for more details on when service will be available across the United States. We’ll update this article if we get more information.

In August 2019, SpaceX detailed a plan in which each SpaceX launch of 60 satellites would deploy the satellites in “three different orbital planes” instead of just one, “accelerating the process of deploying satellites covering a wider service area.” At the time, SpaceX told the FCC this change would “potentially” let it deploy broadband in the Southern United States in late 2020.

As ECISD pointed out, the pandemic has demonstrated the importance of home Internet for students who have to learn and complete assignments from home when in-person classes are unavailable. Stories of children sitting outside schools, libraries, and McDonald’s stores to use Wi-Fi, either because their families cannot afford broadband or it simply isn’t available where they live, have been disappointingly common.

“When COVID-19 forced the closure of school buildings last spring, it really brought to the forefront just how large the digital divide is in Ector County,” the ECISD announcement said. “As ECISD leaders dove into surveys of teachers, students, and families, they found some 39 percent of families have limited to no Internet access. The SpaceX Starlink satellite technology will provide high-speed, low-latency broadband Internet to an area where that type of access is not currently available or affordable.”

Continue Reading