Hackers have managed to install code on the sites that uses visitors’ computers to “mine” the cyber-currencies.

One scan of the most popular websites found hundreds harbouring the malicious mining code.

By getting lots of computers to join the networks, attackers can quickly generate cash.

“This is absolutely a numbers game,” said Rik Ferguson, vice-president of security research at Trend Micro.

Malicious use

Mr Ferguson said crypto-currencies operated by getting lots of computers to work together to solve the tricky mathematical problems that establish who spent what. This establishes a digital ledger, or blockchain, of spending activity with a particular coin.

The number crunching is called mining and new crypto-coins are handed out to miners who are the first to solve the complex sums.

The more computer power that someone can amass, said Mr Ferguson, the more coins they can generate.

“There’s a huge attraction of being able to use other people’s devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources,” he said.

“Crypto-coin mining malware is nothing new,” said Mr Ferguson, adding that the growing value of established cyber-currencies and the emergence of potentially valuable new ones was driving malicious use of the scripts.

A security researcher has scanned the code behind the million most popular websites to see which ones are running the widely used Coin Hive mining script.

Many sites use this and others, such as JSE Coin, legitimately to generate some money from their steady stream of visitors. Metrics published on the Coin Hive site suggest that a site that gets one million visitors a month would make about $116 (£88) in the Monero crypto-currency by mining.

On many sites found in the scan, the way the script was concealed suggested it had been uploaded surreptitiously.

The BBC contacted several of the sites in the UK running the Coin Hive script and those that responded said they did not know who added it to their site. Some have now deleted the mining code, updated their security policies and are investigating how the code was implanted.

Coin Hive’s developers said it had also taken action against malicious use.

“We had a few early users that implemented the script on sites they previously hacked, without the site owner’s knowledge,” they said in a message to the BBC. “We have banned several of these accounts and will continue to do so when we learn about such cases.”

It encouraged people to report malicious use of Coin Hive and said any site using it should inform users that their computer could be enrolled in a mining scheme. Some security programs and ad-blocking software now warn users when they encounter miners.

Security service Cloudflare has also suspended the accounts of some customers after they started using mining scripts. It explained its action by saying that it considered the code to be malware if visitors were not told about it.

Cloud cracking

Surreptitious coin mining is not just a problem for websites that have been hit by hackers. Many others across the tech world are moving to tackle the problem.

Last week, two senior officials in the Crimean government were reportedly firedbecause they had started using a lot of official machines to mine bitcoin. The creators of the FiveM add-on or “mod” for video game GTA V released an update which stopped people adding miners to their code.

High-profile websites including the Pirate Bay, Showtime and TuneProtect have all been found to be harbouring the script.

Prof Matthew Caesar, a computer scientist at the University of Illinois, said mining was also starting to cause problems for companies that offered cloud-based computing services.

Prof Caesar said he and student Rashid Tahir started investigating the problem after conversations with several cloud firms revealed that all of them had experienced trouble with coin-mining.

“If someone can hack into a cloud account they have access to a huge amount of computer power,” he said. “They can get huge value from those accounts because there’s not much limit on the number of machines they can use.

“Often,” he said, “the billing systems the cloud services run do not reveal what’s going on. Someone can get in and cause a lot of damage before they are shut down.”

Victims can be left with huge bills for servers that attackers rented to do their coin-mining, he said.

The Illinois researchers are developing a monitoring system that can spot when the mining software was being used, he said.

The ways that modern processors handle the complicated maths demanded by crypto-currencies are relatively easy to spot if someone goes looking for them, said Prof Caesar.

“We’re in the process of working with one cloud computing company to deploy the monitor in their network,” he said.

“We’re also looking at how we can do this on personal computers as well,” he added.

–

Source: BBC

The post Websites hacked to mint crypto-cash appeared first on Citi 97.3 FM - Relevant Radio. Always.

Bob Iger didn’t name the film, but it was thought to be Pirates of the Caribbean: Dead Men Tell No Tales.

But now Iger has told Yahoo Finance: “To our knowledge we were not hacked.”

“We decided to take [the threat] seriously but not react in the manner in which the person who was threatening us had required.”

But, he added: “We don’t believe that it was real and nothing has happened.”

Iger had told employees earlier this month that the hackers had demanded the ransom in bitcoin and that they would release the film online in a series of 20-minute chunks unless it was paid.

The Disney boss was keen to stress how technology has benefitted Disney but also said it also presented significant challenges to the film industry.

“In today’s world, cyber security is a front burner issue,” he said.

“We like to view technology more friend than foe… [but] it is also a disruptor.”

–

Source: BBC

The post Film hack threat was a hoax – Disney appeared first on Citi 97.3 FM - Relevant Radio. Always.

Recurrent attacks up to 3 November flooded the cable link with data, making net access intermittent.

Researchers said the attacks showed hackers trying different ways to use massive networks of hijacked machines to overwhelm high-value targets.

Experts said Liberia was attacked by the same group that caused web-wide disruption on 21 October.

Those attacks were among the biggest ever seen and made it hard to reach big web firms such as Twitter, Spotify and Reddit.

Short bursts
The attacks were the first to send overwhelming amounts of data from weakly protected devices, such as webcams and digital video recorders, that had been enrolled into what is known as a botnet.

A botnet variant called Mirai was identified by security firms as being the tool used to find and compromise the insecure devices.

The source code for Mirai has been widely shared and many malicious hacker groups have used it to seek out vulnerable devices they can take over and use to mount what are known as Distributed Denial of Service (DDoS) attacks.

“There’re multiple different botnets, each with a different owner,” security researcher Kevin Beaumont told the BBC. “Many are very low-skilled. Some are much better.”

For more than two weeks, my internet has not been working properly. At first I thought it was a problem with my internet provider, which often suffers from slow speeds. But this feels more serious.

Even when you do get online, the connection repeatedly cuts out. I’ve spent the past week trying to upload some photos and audio to send to London, without success.

A woman who runs a computer club for young people in the capital, Monrovia, tells me that they have been having trouble getting on to Facebook and that their connection has slowed in recent weeks.

The hotel I am staying at in the north-eastern town of Ganta is right next to the network tower of a company that provides my internet service, but the connection is still coming in and out.

The hackers behind the “huge” network that attacked Liberia, dubbed botnet#14, were “much more skilled”, Mr Beaumont said.

“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” he wrote in a blogpost.

Network firm Level 3 confirmed to tech news site ZDNet that it had seen attacks on telecoms firms in Liberia making access to the web spotty. Other reports suggested mobile net access was affected too.

The attacks varied in length with some lasting only 30 seconds and the longest being sustained for a few minutes. At times the amount of data being funnelled towards Liberia exceeded 600 gigabits per second.

Net access in Liberia comes via an undersea cable whose capacity is shared with many other nations in West Africa.

“They’re trying a number of different techniques for short bursts, against the companies who own the submarine cable to Liberia,” said Mr Beaumont, adding that commands to botnet#14 seemed to originate in the Ukraine.

Mr Beaumont said the controllers of botnet#14 were refining their control of the attack system but it was not yet clear who it would be turned against next.

A Twitter account, called #Miraiattacks has been set up by a security company to monitor the many different attack targets hit by Mirai botnets. Earlier targets included computer security firms, schools, food-ordering services and gaming sites.

–

Source: BBC

The post Hack attacks cut internet access in Liberia appeared first on Citi 97.3 FM - Relevant Radio. Always.

The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”.

It did not include any credit card data, the site said, adding it believed the attack was state-sponsored.

In July, Yahoo was sold to US telecoms giant Verizon for $4.8bn (£3.7bn).

The FBI has confirmed it is investigating the attack.

Password change urged

News of a possible major attack on the technology firm emerged in August when a hacker known as “Peace” was apparently attempting to sell information on 200 million Yahoo accounts.

Yahoo on Thursday confirmed the breach was far bigger than first thought.

The data taken includes names, email addresses, telephone numbers, dates of birth and encrypted passwords.

Yahoo recommended all users should change their passwords if they had not done so since 2014.

Questions for Yahoo: Analysis by Dave Lee, BBC North America technology reporter, San Francisco

The nature of the information stolen feels somewhat run-of-the-mill – no payment info, and passwords were encrypted. Good. But the chain of events leading up to this unprecedented announcement gives rise to some incredibly pressing questions for Yahoo.

Why did it take so long for them to confirm the hack and its scale? Why did it take them so long to tell users and prompt them to protect themselves?

State-sponsored attacks are typically for political, not financial gain. So why were details reportedly being sold online? What evidence is there that it was state-sponsored?

Verizon, which has agreed to buy Yahoo, said it had not been told until a couple of days ago – why not? And why is Marissa Mayer, a chief executive who has presided over bad deals and now the biggest breach in internet history, still in charge?

Verizon told the BBC it had learned of the hack “within the last two days” and said it had “limited information”.

The company added: “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities.

“Until then, we are not in position to further comment.”

Yahoo said in a statement: “Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry.”

Reuters reported three unnamed US intelligence officials as saying they believed the attack was state-sponsored because it was similar to previous hacks linked to Russian intelligence agencies.

Nikki Parker, vice-president at security company Covata, said: “Yahoo is likely to come under intense scrutiny from regulators, the media and public and rightly so. Corporations can’t shy away from data breaches and they must hold their hands up and show that they are committed to resolving the problem.”

She added: “Let’s hope the ink is dry on the contract with Verizon.”

Questions are being asked about the length of time it took Yahoo to fully acknowledge the breach.

“It is really worrying that a breach from 2014 can have gone undetected for so long,” said Prof Alan Woodward from the University of Surrey.

“It is also surprising the public statement took so long to appear.

Top 10 previous breaches

• MySpace accounts – 359m
• LinkedIn accounts – 164m
• Adobe accounts – 152m
• Badoo accounts – 112m
• VK accounts – 93m
• Dropbox accounts – 68m
• tumblr accounts – 65m
• iMesh accounts – 49m
• Fling accounts – 40m
• Last.fm accounts – 37m

“I would have thought most companies had learned by now that early disclosure is better, even if you have to revise and update as you learn more.

“I can understand a few days delay to confirm the breach is genuine as fake data dumps are increasingly common, but six weeks seems rather too long.”

The scale of the hack eclipses other recent, major tech breaches – such as MySpace (359 million), LinkedIn (164 million) and Adobe (152 million).

Yahoo was founded in 1994 by Jerry Yang and David Filo and in its first decade was a pioneer of internet services.

It was once the most popular website in the US and the company was worth about $125bn, but Yahoo lost ground towards the end of the first decade of the century, leading to its purchase by Verizon.

Verizon’s motivation for purchasing the struggling Yahoo was to simply gain its massive user base.

More than a billion people visit a Yahoo-owned site every month, and Verizon was hoping to use that to sell targeted advertising.

Yahoo Timeline

• 1994 Yahoo – which stands for Yet Another Hierarchically Organized Oracle – is founded

• 2000 Yahoo valued at $125bn at height of dot.com boom

• 2002 Google rejects a $3bn bid from Yahoo

• 2008 Microsoft’s $44.6bn offer for Yahoo is turned down

• 2013 Blogging site Tumblr acquired by Yahoo for $1.1bn

• 2015 Yahoo makes net loss of $4.4bn

• 2016 Verizon agrees $4.8bn deal to buy Yahoo

–

Source: BBC

The post Attack on Yahoo hit 500 million users appeared first on Citi 97.3 FM - Relevant Radio. Always.

Segundo Tevez was taken by a group of men while driving his car in Moron, some 30km (20 miles) west of Argentina’s capital.

Police said the Tevez family had received several calls from the men demanding a ransom to free him.

Local media say a ransom of 400,000 pesos (£30,000; $50,000) was paid.

Neither the family nor the authorities have confirmed whether a payment was made.

“He is OK,” a spokesman for the family said.

The former Manchester United and Manchester City striker was granted permission to travel to Argentina by his current club, Juventus.

But reports in Italy said he had chosen not to return following the release.

Carlos Tevez, who was born Carlos Alberto Martínez, was raised by Segundo and his aunt after his biological father was killed and his mother abandoned him.

The BBC’s Ignacio de los Reyes in Buenos Aires says it is unclear whether the kidnapping was pre-meditated or if the group just targeted an expensive-looking car.

It is not the first time relatives of football stars have been the targets of kidnappings in Argentina.

In 2002, the brother of former Argentina and Barcelona player Juan Roman Riquelme was kidnapped and the footballer allegedly paid $160,000 (£95,000) to free him.

–

Source: BBC

The post Carlos Tevez’s father freed after Argentina kidnapping appeared first on Citi 97.3 FM - Relevant Radio. Always.

Argentina coach Alejandro Sabella named his provisional list of 30 players for the tournament in Brazil, which will be cut to 23, and their was no room for the former Manchester City, Mancester United and West Ham striker, who scored 19 Serie A goals as Juventus won the Scudetto.

However Di Santo, who has scored only four goals for Werder Bremen this season, is included. He has never hit double figures in a season, and was released by Wigan last summer following their relegation.

Tevez has never played for Sabella, who became Argentina boss in 2011. The striker has gone on record saying he would have no problem sitting on the bench behind preferred front-men Sergio Aguero and Gonzalo Higuain, but it appears the coach does not view Tevez as a team player.

Tevez famously caused a stir at Manchester City by going on strike mid-season, playing golf instead of football after falling out with then-boss Roberto Mancini.

The post 2014 World Cup: Di Santo chosen over in form Carlos Tevez appeared first on Citi 97.3 FM - Relevant Radio. Always.