Posts Tagged ‘Eastern European’

Insurance For Cybercriminals, or Giant Sting?

October 9th, 2012 10:32 admin View Comments


tsu doh nimh writes “Brian Krebs follows up on a recent Slashdot discussion about a cybercrime gang that is recruiting botmasters to help with concerted heists against U.S. financial institutions. The story looks at the underground’s skeptical response to this campaign, which is being led by a criminal hacker named vorVzakone (‘thief in law’), who has released a series of videos about himself. vorVzakone also is offering a service called ‘insurance from criminal prosecution,’ in which miscreants can purchase protection from goons who specialize in bribing or intimidating Russian/Eastern European police into scuttling cybercrime investigations. For $100,000, the service also claims to have people willing to go to jail in place of the insured. Many in the criminal underground view the entire scheme as an elaborate police sting operation.”

Source: Insurance For Cybercriminals, or Giant Sting?

Inside Look At Eastern European Vs. East Asian Hackers

September 19th, 2012 09:30 admin View Comments


wiredmikey writes with a snippet from Security Week: “Much of the talk about cybercrime remains focused on East Asia. But according to a new report, it is hackers in Eastern Europe that have actually emerged as more sophisticated. In a report entitled ‘Peter the Great vs. Sun Tzu’ … compared hackers from the two regions. His conclusion — the Eastern Europeans are far more insidious and strategic. While East Asian groups tend to work for other organizations interested in their skills, hackers from Eastern Europe generally operate in small, independent units, and are focused on profit. Their infrastructure tends to be developed by them specifically for their own use in attacks. ‘They [Eastern European groups] tend to want to be in control of their entire infrastructure and will routinely set up their own servers for use in attacks, develop their own DNS servers to route traffic and create sophisticated traffic directional systems used in their attacks,’ according to the report. ‘If they do go outside, they will carefully select bulletproof hosts to support their infrastructure. It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple.’”

Source: Inside Look At Eastern European Vs. East Asian Hackers

A National Paywall That Works

February 14th, 2012 02:02 admin View Comments

piano-150.jpgWhile the paywall experiment of the New York Times has received a lot of play in various online forums, one place where a working paywall – meaning that it is both making money for publishers and attracting traffic – is less well known, in the eastern European country of Slovakia. There an independent tech vendor called Piano Media has been successfully experimenting with its own paywall-based system of online publishing. Launched in Bratislava last spring, it gives subscribers online access to content from all nine of Slovakia’s leading news sites. What’s more, it does so for a single flat fee (less than US $4 per month, which is going up in March by 25%) that is paid after visitors have had a chance to sample a certain number of articles for free. Users can pay for their subscriptions by SMS messages, typical of what many can pay for in Europe.

Slovakia is a country with less than six million total population, and the paywall story is covered this week in the Columbia Journalism Review by William Baker here. It is a lesson that others should study carefully. Indeed, the model has worked so well that they have expanded into neighboring Slovenia (and often the two countries are confused by outsiders) earlier this year.

Here are some lessons learned from the experience:

  • Be a small fish in an even smaller pond. “Slovakia’s biggest news publishers are much smaller than key players in other countries. They did not have billion dollar annual revenues to protect. This meant less institutional inertia keeping them from putting their trust in a small, untried company. It also meant that they did not have the time and spare cash necessary to create paywalls of their own,” writes Baker. Slovakia doesn’t have its own native language version of Google news, and there are few other news sources in the language either.
  • Spend a lot of time hand-holding skittish publishers. “Apple or Microsoft or Google are not getting into the business of spending two months meeting with the publisher and advising them how to do business. That’s what we’re doing,” says Tomas Bella, the CEO of Piano.
  • Limit the number of total monthly comments. Yes, you have to subscribe to comment, that isn’t all that special. But what is unusual is that your overall comments are capped each month. This has resulted in troll-free forums, and the publishers have thought that the level of Slovakia’s Internet discourse has risen since after the paywall.
  • Challenge some long-held beliefs of publishers. Bella has had a chance to see that many assumptions about paywalls, or online publishing, weren’t accurate. Many of his content providers have changed the way they post articles based on his actual observations, which has helped to boost traffic too.

Whether Piano’s national model can work in countries with larger publishing ventures remains to be seen. But in eastern Europe, it appears to be working.

Source: A National Paywall That Works

Was Conficker Stuxnet’s Trojan?

December 2nd, 2011 12:03 admin View Comments

The Military

Rambo Tribble writes “Reuters has published a provocative article describing the findings of cyberwarfare expert John Bumgarner, a former Army intelligence officer. His contention is that Conficker identified targets, then opened the door for Stuxnet. ‘His analysis challenges a common belief that Conficker was built by an Eastern European criminal gang to engage in financial fraud. The worm’s latent state had been a mystery for some time. It appears never to have been activated in the computers it infected, and security experts have speculated that the program was abandoned by those who created it because they feared getting caught after Conficker was subjected to intense media scrutiny. If confirmed, Bumgarner’s work could deepen understanding of how Stuxnet’s commanders ran the cyber operation that last year sabotaged an underground facility at Natanz, where Iranian scientists are enriching uranium using thousands of gas centrifuges.’”

Source: Was Conficker Stuxnet’s Trojan?

Egypt Goes Dark As Last ISP Pulls Plug

January 31st, 2011 01:20 admin View Comments


CWmike writes “Egypt is now off the grid. Four days after the Egyptian government ordered Internet service providers to disconnect from the Internet, the country’s last working Internet company has abruptly vanished from cyberspace. Noor Group, a small service provider that hosted Internet connections for the country’s stock exchange and other businesses, became completely unreachable at around 10:46 p.m. Cairo time (Eastern European Time), according to Earl Zmijewski, general manager with Internet monitoring company Renesys. ‘It looks like they’re completely lights-out now,’ he told IDG News’ Robert McMillan. Thought to handle only about 8 percent of the country’s Internet connections, Noor had served as a critical lifeline to Egypt since the government had ordered service cut early Friday morning. Nobody is sure how Noor was able to keep operating, even as larger ISPs such as Vodafone and Telecom Egypt voluntarily cut their Egyptian networks off from the rest of the world.” To help with this, engineers from Google, Twitter and SayNow have rolled out a “speak-to-tweet” service, which lets people dial in to an international phone number, leave a voice mail, and have the audio file made available online via an automated Twitter update.

Source: Egypt Goes Dark As Last ISP Pulls Plug

The Squabble Resumes: Does More Wealth Make a Nation Happier?

December 14th, 2010 12:31 admin View Comments

Big group of young jumping people.A new study out this week has rekindled an old economics fight: When countries get richer, do they get happier?

For Richard Easterlin, the answer has always been “no.” He became famous in economics circles beginning in the 1970s for articulating his namesake idea, the “Easterlin paradox.” He found that when you compare rich countries to poor countries, the people in the wealthy nations were more satisfied. But when a country’s economic position improved over time, the people in that country didn’t get happier.

“If you look across countries and compare happiness and GDP [gross domestic product] per capita, you find that the higher the country’s income, the more likely it is to be happier,” Easterlin said. “So the expectation based on point-in-time data is if income goes up, then happiness will go up. The paradox is, when you look at change over time, that doesn’t happen.” [LiveScience]

Now Easterlin is back with a new study in the Proceedings of the National Academy of Sciences, one that extends his argument to even more countries.

The new study, Easterlin said, is the broadest finding about the paradox so far. The researchers gathered between 10 and 34 years of happiness data from 17 Latin American countries, 17 developed countries, 11 Eastern European countries transitioning from socialism to capitalism and nine-less developed countries. They found no relationship between economic growth and happiness in any case. Even in a country like China, the researchers wrote, where per capita income has doubled in 10 years, happiness levels haven’t budged. South Korea and Chile have shown similarly astronomical economic growth with no increase in satisfaction. [LiveScience]

Why should this be so? Easterlin’s explanation lies with the idea that one’s expectations for what the good life entails, or “aspirations” as he puts it, don’t rise and fall with the fluctuations of the economy. That is, just because a recession sinks the stock market back to 2004 levels doesn’t mean that you’d be satisfied with the stuff and the quality of life you had then now that you’ve tasted more. Conversely, he argues, an immediate jolt in your pocketbook would inflate your mood, but eventually you’d get used to the new standard of living and come to expect it as your baseline. So, in this hypothetical scenario, your overall affluence rose in the long term but your happiness did not.

That all sounds good in theory. But as long as Easterlin has been advocating his paradox, others have insisted that the effect is not real. One economist in opposition is Justin Wolfers, whose own work finds that opposite: there is a direct connection between economic development and a long-term increase in life satisfaction. You can read Wolfers’ full take at The New York Times’ Freakonomics blog, but in essence he says:

Easterlin’s Paradox is a non-finding.  His paradox simply describes the failure of some researchers (not us!) to isolate a clear relationship between GDP and life satisfaction. But you should never confuse absence of evidence with evidence of absence. [The New York Times]

While the economists spar over the data, there is another question: Is the data any good? The researchers use the well-regarded World Values Survey, but the slipperiness of “happiness” is a problem that vexes all who attempt to quantify it and box it up and chart it out on nice little graphs.

Commenting on the new results, Alexander Gorban, a mathematician at the University of Leicester, said it was difficult to quantify happiness because of the problem of comparing material and subjective wellbeing. “Unfortunately, both are very difficult to put in numbers. It is a priori clear that subjective happiness or satisfaction is a very fragile and non-universal concept strongly influenced by cultural and even linguistic intercultural differences. Moreover, the material wellbeing is also not easy to quantify.” [The Guardian]

So we’re not reliable well-being self-reporters. Furthermore, Gorban notes, the studies rely on gross domestic product (GDP) as their indicator of a country’s economic state. But GDP is not necessarily an indicator of an average person’s relative affluence, especially in societies (like, say, the United States) with growing class disparities.

Nevertheless, Wolfers studies have found that there is no satiation point with money and happiness. That is: The more money you already have, the lesser the happiness gain from getting more money. But there is not point, he says, where more money brings zero gains in happiness.

Image: iStockphoto

Source: The Squabble Resumes: Does More Wealth Make a Nation Happier?

Spammers Were Offering 2K For The Gawker Database. Now They Have It For Free.

December 14th, 2010 12:14 admin View Comments

In the modern media equivalent of a Greek myth, the Gawker empire was hit hard over the weekend when it was revealed that a hacker group had infiltrated its commenter database via a vulnerability in its source code, exposing the user names and encrypted passwords for over 1.3 million commenters. To further drive the moral of this story home, the group, which goes by the name Gnosis, pulled a dictionary attack and unencrypted about 188K of the easiest ones like “password” or “qwerty” releasing the whole database and source code package in a torrent on Pirate Bay.

Apparently the Gawker data breach was no secret on the Internet and people had offered Gnosis money for the Gawker database before the release. According to a Gnosis representative who gave details to TechCrunch, the group received several offers all in the vicinity of 2K, mostly from spammers and re-salers, “certainly not for good.”

Already Internet nogoodniks are taking advantage of the exploit. A hack-related Twitter attack on Sunday forced users to tweet about the Acai berry diet. TechCrunch Senior Editor Erick Shoenfeld fell prey to what looks like the second iteration of the Acai attack this morning. The New York Post reports that one woman had her entire life “turned upside down when her social media accounts were taken over and used to post anti-Semetic messages. Behemoths LinkedIn, Yahoo and World Of Warcraft have all taken measures to protect against further attacks.

Because many people use the same password across multiple sites, this spammer’s delight is going going to get worse before it gets better. Especially if the attacks spread from social media to financial services. It’s time to get an entirely new password if you’ve ever commented on Gawker, for everything, even if your password (like both of mine) is still encrypted in the full_db.txt file. You can check if your information has been exposed here.

Peter Kafka@pkafka
Peter Kafka

Damnit. Can’t remember all my new passwords.

about 3 hours ago via TweetDeckRetweetReply

When asked why they didn’t accept any of the offers, our Gnosis source replied, “We didn’t sell because we thought that would be too far. It’s one thing finding out that your database was leaked, and its another to find out that it was sold. We are not heartless, we know the implications for selling it, even though a minority of the group wanted to sell it.”

While the Gnosis representative admitted that there are lot of interesting things that can be done with a hacked database, the more serious issue here is the public availability of the PHP source code which leaves open the possibility of further exploits, “Just say if Gawker recovers fully, and all is well, six months down the line some Eastern European hackers jump in and do the whole thing again, because they had access to the source and found a way to exploit it.”

In a comment explaining the breach Gawker founder Nick Denton, who reportedly has a meeting with the FBI today, hinted at hiring an independent security firm to improve security. Not enough says the Gnosis rep, who holds that all the sites’ API keys and cookies are in still in the source code and that while difficult, those with nefarious intent can still impersonate Gawker users, “I would bite the bullet and release all the source code if I were them officially, and go ‘open source.’”

Denton, who is in the unenviable position of being the busiest person in the world at the moment, did not reply to my questions about the measures being taken to further protect users and the ethical implications of such a large breach. He only responded with this link to show that Gawker site traffic hadn’t fallen since the release, when asked about that in an addendum to my first email.

Source: Spammers Were Offering 2K For The Gawker Database. Now They Have It For Free.

Rebate Networks: Meet The Company That Cloned Groupon In 29 Countries

November 16th, 2010 11:12 admin View Comments

Nowadays, Groupon clones are a dime a dozen. Variations of the daily deal concept have been cropping up in in almost all parts of the world as of late, i. e. Russia, China, Japan, Germany, the UK, or in the US itself. But Berlin-based Rebate Networks is taking the idea of copying Groupon to the extreme. As you can see on the map below, the company needed a mere eight months to cover three continents with a total of 29 local Groupon clones.

Very quietly, Rebate Networks either helped to set up or invested in existing Groupon-like sites in South America (four different countries), Europe (17 countries) and East Asia (eight countries). The entire portfolio is listed up here and was just made public for the first time.

What’s interesting about this strategy (apart from the speedy execution) is that the Germans are focusing on relatively small and high-growth markets Groupon proper hasn’t entered so far, for example with Notelapierdas in Argentina, Ensogo in the Philippines, or Kolektiva in Croatia (in addition to bigger markets, i.e. China, Germany, and the UK).

And it looks as if Rebate Networks are very successful with their copy-and-deploy-fast-worldwide approach. Co-founder Stefan Glaenzer tells me his company is actually still expanding, having just invested US$1 million each in Groupon clones dealkeren in Indonesia and NhomMua in Vietnam.

Glaenzer and his partner (and CEO) Michael Brehm also say Rebate Networks’ portfolio companies are currently leading in all South East Asian countries they operate in (more info here), “most” of the Eastern European countries, and in China (where his company owns a minority stake in Lashou).

Groupon proper is leading in Japan and Germany (where Rebate Networks’ clones Piku and Daily Deal are said to be the No. 2 players). Groupon entered those markets by buying local clones, and it’s obvious buy-outs are what Rebate Networks ultimately aims for with its portfolio companies, too. (Another German-led Groupon clone factory called “Group Buying Global”, which is following a very similar strategy, could spoil the plan in some cases though).

In the meantime, watch what Groupon CEO Andrew Mason thinks of clones here.

Source: Rebate Networks: Meet The Company That Cloned Groupon In 29 Countries

Gang Arrested For Stealing Millions Using ZeuS

September 29th, 2010 09:20 admin View Comments

Orome1 writes “Nineteen people were arrested yesterday in the UK and are suspected of being part of an Eastern European gang that used the ZeuS Trojan to steal online banking credentials from unsuspecting victims and syphon around £2 million per month to their accounts.”

Source: Gang Arrested For Stealing Millions Using ZeuS

Bank Employee Plants Malware on ATMs

April 9th, 2010 04:46 admin View Comments

Wired’s Threat Level has a piece on a Bank of America employee, Rodney Reed Caverly, who has been charged with installing malware on ATMs in North Carolina. Caverly, who worked on the bank’s IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. “The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it… At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly.”

Source: Bank Employee Plants Malware on ATMs