By EditorDavid from Slashdot's news-for-nodes department
An anonymous reader writes:
The FBI issued a press release about the 30-year prison sentence for a 58-year-old Florida man running "the world's largest child pornography website, with more than 150,000 users around the world." But their investigation involved what Gizmodo describes as "a decision controversial to this day" -- taking over the child pornography site and running it "for almost two weeks while distributing malware designed to unmask its visitors." Thursday the FBI described it as "a court-approved network investigative technique" which led to more than 1,000 leads in the U.S. and "thousands more" for law enforcement partners in other countries, leading to arrests in the EU, Israel, Turkey, Peru, Malaysia, Chile, and the Ukraine. Those 1,000 U.S. leads led to "at least 350 U.S-based individuals arrested", as well as actual prosecutions of 25 producers of child pornography and 51 hands-on abusers, while 55 children were "identified or rescued" in America, and another 296 internationally who were sexually abused.
Though Motherboard describes it as hacking "over 8,000 computers in 120 countries based on one warrant," the FBI calls it their "most successful effort to date against users of Tor's hidden service sites," adding that the agency "has numerous investigations involving the dark web." Though they'd soon became aware of the site's existence, "given the nature of how Tor hidden services work, there was not much we could do about it" -- until a foreign law enforcement agency discovered the site had "slipped up" by revealing its actual IP address, and notified the U.S. investigators. The FBI also says the investigation "has opened new avenues for international cooperation in efforts to prosecute child abusers around the world."
The site's two other administrators -- both men in their 40s -- were also given 20-year prison sentences earlier this year.Read Replies (0)
By EditorDavid from Slashdot's les-tweets department
"The French media and public have been warned not to spread details about a hacking attack on presidential candidate Emmanuel Macron," writes Slashdot reader schwit1, with the election commission threatening criminal charges. But meanwhile, "the leaked documents have since spread like wildfire across social media, particularly on Twitter," reports Recode.
Nicole Perlroth, a cybersecurity reporter with the New York Times, pointed out that an overwhelming amount of the tweets shared about the Macron campaign hack appear to come from automated accounts, commonly referred to as bots. About 40% of the tweets using the hashtag #MacronGate, Perlroth noted, are actually coming from only 5% of accounts using the hashtag. One account tweeted 1,668 times in 24 hours, which is more than one tweet per minute with no sleep... Twitter appears not to have done anything to combat what is obviously a bot attack, despite the fact the social media company is well aware of the problem of bot accounts being used to falsely popularize political issues during high-profile campaigns to give the impression of a groundswell of grassroots support.
The Times reporter later tweeted "This could be @twitter's death knell. Algorithms exist to deal with this. Why aren't you using them?" And one Sunlight Foundation official called the discovery "statistics from the front lines of the disinformation wars," cc-ing both Twitter CEO Jack Dorsey and Mark Zuckerberg. In other news, the BBC reports France's president has promised to "respond" to the hacking incident, giving no further details, but saying he was aware of the risks because they'd "happened elsewhere"."Read Replies (0)
By EditorDavid from Slashdot's contentious-community-processes department
An anonymous reader quotes InfoWorld:
The next edition of standard Java had been proceeding toward its planned July 27 release after earlier bumps in the road over modularity. But now Red Hat and IBM have opposed the module plan. "JDK 9 might be held up by this," Oracle's Georges Saab, vice president of development for the Java platform, said late Wednesday afternoon. "As is the case for all major Java SE releases, feedback from the Java Community Process may affect the timeline..."
Red Hat's Scott Stark, vice president of architecture for the company's JBoss group, expressed a number of concerns about how applications would work with the module system and its potential impact on the planned Java Enterprise Edition 9. Stark also said the module system, which is featured in Java Specification Request 376 and Project Jigsaw, could result in two worlds of Java: one for Jigsaw and one for everything else, including Java SE classloaders and OSGI. Stark's analysis received input from others in the Java community, including Sonatype.
"The result will be a weakened Java ecosystem at a time when rapid change is occurring in the server space with increasing use of languages like Go," Stark wrote, also predicting major challenges for applications dealing with services and reflection. His critique adds that "In some cases the implementation...contradicts years of modular application deployment best practices that are already commonly employed by the ecosystem as a whole." And he ultimately concludes that this effort to modularize Java has limitations which "almost certainly prevent the possibility of Java EE 9 from being based on Jigsaw, as to do so would require existing Java EE vendors to completely throw out compatibility, interoperability, and feature parity with past versions of the Java EE specification."Read Replies (0)
By EditorDavid from Slashdot's malware-search-engines department
An anonymous reader quotes The Stack:
Search engine Shodan has announced a tool to help businesses hunt out and block traffic from malware command-and-control servers. The new Malware Hunter service, which has been designed in a collaborative project with threat intelligence company Recorded Future, continuously scans the internet to locate control panels for different remote access Trojans, including Gh0st RAT, Dark Comet, njRAT, XtremeRAT, Net Bus and Poison Ivy. The internet crawler identifies botnet C2 servers by connecting to public IP addresses and sending traffic which mimics that of an infected device. If the receiver computer sends back a response, that server is flagged.
The article reports that Shodan's Malware Hunter tool has already traced over 5,700 RAT servers -- more than 4,000 of them based in the United States.Read Replies (0)
By EditorDavid from Slashdot's eggs-bacon-spam-and-sausage department
An anonymous reader write:
Wednesday was the 39th anniversary of the world's first spam, sent by Gary Thuerk, a marketer for Massachusetts' Digital Equipment Corporation in 1978 to over 300 users on Arpanet. It was written in all capital letters, and its body began with 273 more email addresses that wouldn't fit in the header. The DEC marketer "was reportedly trying to flag the attention of the burgeoning California tech community," reports the San Jose Mercury News. The message touted two demonstrations of the DECSYSTEM-20, a PDP-10 mainframe computer.
An official at the Defense Communication Agency immediately called it "a flagrant violation of the use of Arpanet as the network is to be used for official U.S. government business only," adding "Appropriate action is being taken to preclude its occurence again." But at the time a 24-year-old Richard Stallman -- then a graduate student at MIT -- claimed he wouldn't have reminded receiving the message...until someone forwarded him a copy. Stallman then responded "I eat my words... Nobody should be allowed to send a message with a header that long, no matter what it is about."
The article reports that today the spam industry earns about $200 million each year, while $20 billion is spent trying to block spam. And the New York Times even has a quote from the DEC employee who sent that first spam. "People either say, 'Wow! You sent the first spam!' or they act like I gave them cooties."Read Replies (0)
By EditorDavid from Slashdot's as-in-beer department
An anonymous reader writes:
"Walk into a comic shop this Saturday, May 6, and you'll get some free comic books," reports NPR. "You can find your closest shop by typing your ZIP code into the Comics Shop Locator on the Free Comic Book Day page... While you're there, buy something... The comics shops still have to pay for the 'free' FCBD books they stock, and they're counting on the increased foot traffic to lift sales." There's many familiar characters among the 50 free titles this year, according to Gizmodo. Marvel's free comics are a Guardians of the Galaxy tie-in by Brian Michael Bendis and a Secret Empire prequel, "which has seen Steve Rogers transform from a patriotic superhero to the fascist leader of an invasive Hydra force that has taken over the U.S." Meanwhile, D.C. Comics will re-release "the excellent second issue of the current Wonder Woman Rebirth series," and there's also comics based on Rick & Morty, Buffy The Vampire Slayer, and Star Trek: The Next Generation.Read Replies (0)
By BeauHD from Slashdot's enhanced-screening department
An anonymous reader quotes a report from Phys.Org: The State Department wants to review social media, email addresses and phone numbers from some foreigners seeking U.S. visas, as part of the Trump administration's enhanced screening of potential immigrants and visitors. The department, in a notice published Thursday in the Federal Register, said it was seeking public comment on the requirement. But it also said it is requesting a temporary go-ahead from the White House budget office so the plan can take effect for 180 days, beginning May 18, regardless of those comments. The proposed requirements would apply to visa applicants identified for extra scrutiny, such as those who have traveled to areas controlled by terrorist organizations. The State Department said it estimates that the rules would affect about 0.5 percent of total U.S. visa applicants, or roughly 65,000 people. Affected applicants would have to provide their social media handles and platforms used during the previous five years, and divulge all phone numbers and email addresses used during that period. U.S. consular officials would not seek social media passwords, and would not try to breach any privacy controls on applicants' accounts, according to the department's notice.Read Replies (0)