E-sports site settles covert Bitcoin mining case for $1 million

Earlier this year, we reported on how the competitive video gaming community E-Sports Entertainment Association (ESEA) secretly updated its client software with Bitcoin-mining code that tapped players' computers to mint more than $3,600 worth of the digital currency.

The site took full responsibility, blaming a rogue employee, and ended up immediately liquidating the bitcoins and donating the $3,713.55 to the American Cancer Society. For good measure, ESEA kicked in another $3,713.55.

But the story didn’t end there. On Tuesday, New Jersey announced that it had come to a $1 million settlement (PDF) with ESEA as a way to end a criminal case that state prosecutors had brought against the company.

Read 5 remaining paragraphs | Comments


Holiday Season Phishing Scams and Malware Campaigns

Original release date: November 19, 2013

As the winter holidays approach, US-CERT reminds users to stay aware of seasonal scams and cyber campaigns, which may include:

  • electronic greeting cards that may contain malware
  • requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
  • screensavers or other forms of media that may contain malware
  • credit card applications that may be phishing scams or identity theft attempts
  • online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers
  • shipping notifications that may be phishing scams or may contain malware

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

This product is provided subject to this Notification and this Privacy & Use policy.

Smart TV from LG phones home with user’s viewing habits, USB file names

It sounds like the premise of a Philip K. Dick story, but it's not. A blogger has offered evidence that his Internet-connected television has been transmitting detailed information about his family's viewing habits, including the times and channels they watch and even the names of computer video files stored on connected USB drives.

The unidentified blogger, whose twitter profile described him as a "developer, tweaker and Linux enthusiast" living in UK county of Yorkshire, said the LG Smart TV model is LG 42LN575V and was manufactured May 2013. He provided screenshots of data packets he said he captured showing the information his TV sent unencrypted over the Internet. The data appeared to show a device ID unique to his set, along with the name of the channel it was tuned to. In his tests, the information was sent in the clear every time the channel was changed. Even more remarkable, he said, the smart TV sent the data even after he waded through the system preferences and set the "Collection of watching info" setting to "off" (it was on by default).

But the logging didn't stop there. Included in the traffic sent over the Internet were the names of files stored on a USB drive connected to the LG television. For dramatic purposes and to ensure he chose a file name not likely used by the firmware, he created a mock video file called Midget_Porn_2013.avi, loaded it onto a USB drive and plugged it into his TV. Sure enough, the file name was transmitted unencrypted in HTTP traffic sent to the address GB.smartshare.lgtvsdp.com. In some cases, he said, file names for an entire folder were transmitted, and other times nothing at all was sent. He never determined the rules that controlled when data was or wasn't sent.

Read 9 remaining paragraphs | Comments


2014 Predictions from Symantec


The secret to predicting the future is to listen for the whisper.

By the time you’ve heard things in a loud, clear voice they have already come true. I’ve been listening to the whispers in 2013 and have a pretty good idea for what we’ll be hearing loud and clear in 2014. Below are my predictions of the top things we’ll hear and what they will mean for us in 2014.

  • People will finally begin taking active steps to keep their information private.
  • Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure.
  • The “Internet of Things” becomes the “Internet of Vulnerabilities.”
  • Mobile apps will prove that you can like yourself too much.

“Wait a minute…The Internet knows more about me than my own mother?”

People will finally begin taking active steps to keep their information private.

Privacy issues have littered the headlines in 2013, delivering a wake-up call to people and businesses about the amount of personal information we share and that is collected every day by everyone from your doctor to your social network. You can expect to see privacy protection as a feature in new and existing products. Then, beyond 2014, we’ll be arguing on whether or not these features actually provide any privacy protection. Expect Tor, which enables online anonymity, to become a popular application across the spectrum of Internet users. You’ll also see a resurgence of users adopting aliases and fake names on social networking sites to protect their privacy. And you know who is going to lead the way on this? Teens. They do care about privacy—and not just where their parents are concerned. Given this, more people will move to new, upstart and niche social networking sites, in an attempt to hang with their friends in obscurity. Which leads to my next prediction…

 “Adult supervision is not wanted but adult behavior may keep you out of trouble.” 

Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure.

It’s tempting to believe that you can move to a new neighborhood and all your old problems will go away. They don’t in real life and they won’t when it comes to social networking. Any new social network that attracts users will also attract scammers and miscreants. Users who feel it’s just them and their friends on these new sites are in for a big (and unpleasant) surprise. Your mother won’t be there to remind you, so let me: If something sounds too good to be true, it almost certainly is a scam. Protect yourself by using security best practices no matter where you are on the Internet, or how you connect to it. And speaking of connecting…

“Your toaster is not infected, but your security camera just robbed you blind.

The “Internet of Things” becomes the “Internet of Vulnerabilities.”

You can expect dumb things will get smarter in 2014. With millions of devices connected to the Internet—and in many cases running an embedded operating system—in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system. Major software vendors have figured out how to notify customers and get patches for vulnerabilities to them. The companies building gadgets that connect to the Internet don’t even realize they have an oncoming security problem. These systems are not only vulnerable to an attack – they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities. Given this, we are going to see new threats in ways in which we’ve never seen before.

“I like you, I like you, I like you... That will be $20 and your login and password, please.”

Mobile apps will prove that you can like yourself too much.

People (generally) trust those they sleep with, so it should not be surprising that with 48 percent of people sleeping with their smart phones, they are lulled into a (false) sense of security about them. In 2013, we reported on a mobile app that would secure additional “likes for your postings on Instagram. All you had to do was hand over your login and password to some guy in Russia. More than 100,000 people saw nothing wrong with that. We trust our mobile devices and the wonderful apps that run on them to make our lives better. We suspend disbelief for that device that sits in our pocket, purse or nightstand. The bad guys are going to take advantage of this big time in 2014. I’m not even talking about malware – mobile apps are going to be behind hoaxes, cons and scams of all sorts in 2014.  

So, there you have them, my predictions for 2014. Of course, the best part of trying to predict the future is being surprised by the unforeseen and the unimaginable. I'll be right on some of my predictions. I'll be proved wrong on others. What’s certain is that I'll be listening for all the new whispers to see what 2015 will bring.