Connect with us


How bitcoin and Putin are enabling the ransomware crime spree | John Naughton

Voice Of EU



I’ve just visited the Kaseya website. “We Are Kaseya,” it burbles cheerfully. “Providing you with best-in-breed technologies that allow you to efficiently manage, secure and back up IT under a single pane of glass.

“Technology,” it continues, “is the backbone of all modern business. Small to mid-size businesses deserve powerful security and IT management tools that are efficient, cost-effective, and secure. Enter Kaseya. We exist to help multi-function IT professionals get the most out of their IT tool stack.”

Translation: Kaseya produces remote management software for the IT industry. It develops and sells this software to remotely manage and monitor computers running Windows, OS X, and Linux operating systems. As many organisations will grimly confirm, managing your own IT systems is a pain in the arse. So Kaseya has lots of happy customers in the US, the UK and elsewhere.

Or, rather, it did have. On 2 July it was the victim of a ransomware attack that affected between 800 and 1,500 of its small business customers, potentially making it the largest ransomware attack ever. Such attacks are a form of kidnapping: intruders gain control of an organisation’s systems, encrypt its data, and demand payment (in cryptocurrency) in return for a key to decrypt the hostage data. In an impressive YouTube video posted on 6 July, Kaseya’s chief executive, Fred Voccola, said that the company had shut down the compromised program within an hour of noticing the attack, potentially stopping the hackers from hitting more customers. By industry standards, that was an agile and intelligent response. Other victims – such as the pipeline operator Colonial, and the Irish hospitals that were struck recently – have been much more traumatised.

So what is going on? Basically, what has happened is that, in a relatively short time, ransomware has become the new normal for organisations that are dependent on IT – which is basically every organisation in the industrialised world. And the fact that it happened to Kaseya, as Voccola put it, “just means it’s the way the world we live in is today”.

Men working on computers in front of a Kaseya logo
The attack on Kaseya affected between 800 and 1,500 of the businesses to which it provides services. Photograph: Dado Ruvić/Reuters

It is. So how did we get here? Three major factors were involved. The first was the invention and development of cryptocurrencies. Kidnapping in the old days was a risky business: the family might pay the ransom, but bundles of £20 notes were relatively easy to trace. Cryptocurrencies, on the other hand, are designed to be near-impossible to trace, so there’s no paper trail for police to follow.

“Ransomware is a bitcoin problem,” says the Berkeley researcher Nicholas Weaver, and doing something about it “will also require disrupting the one payment channel capable of moving millions at a time outside of money-laundering laws: bitcoin and other cryptocurrencies”.

The second factor is that ransomware has changed from being an exploit for lone cybercriminals into an industrialised business. We saw this earlier with distributed denial-of-service (DDoS) attacks: once upon a time if you wanted to bring down a server you first had to assemble a small virtual army of compromised PCs to do your bidding; now you can rent such a “bot army” by the hour.

Much the same applies for ransomware: there are a number of criminal gangs, such as REvil, that operate like companies providing what is essentially ransomware-as-a-service (RaaS). Criminals select a target and use REvil’s services in return for giving it a slice of the proceeds. Ross Anderson, professor of computer security at Cambridge University, regards this is “a gamechanger for the cybersecurity business” and he’s right.

The third factor is geopolitics. We live in a world that was created by the peace of Westphalia, which in 1648 brought to an end the thirty years’ war and established the system of sovereign states, which essentially ensures that rulers can do what they like within their own jurisdictions. The RaaS “firm” REvil operates in Russia, a jurisdiction ruled by an autocratic kleptocracy which has – as a state – brilliantly exploited digital technology for propaganda, disruption of democratic processes at home and abroad, and for cyber-espionage on a grand scale. The other day, for example, the NSA revealed that since 2019 Russian security agencies had been using a supercomputer cluster for “brute force” password-guessing on millions of western online services. Since these machines can perform millions of guesses every second, the chances of any normal password remaining safe are pretty poor.

And so are the chances of US, EU or UK law-enforcement agencies getting to arrest and extradite the beneficiaries of ransomware attacks on western organisations – as Joe Biden doubtless discovered when he met Vladimir Putin in Geneva the other week. So the only thing the REvil crowd have to worry about for the time being is making sure they pay up when Putin’s goons come looking for his share of the crypto-loot.

What I’ve been reading

Known unknowns
Donald Rumsfeld, Rot in Hell. Ben Burgis’s acerbic assessment in Jacobin magazine of the late Donald Rumsfeld.

Joy of home working
Paul Krugman on the relevance of Alexander Hamilton to our Covid experience. Nice New York Times column.

Antagonising antifa
People of Earth: Hello. Lovely message from aliens by Will Stephen in the New Yorker.

Source link


An Cosán wants to help tackle the digital skills gap with suite of new tools

Voice Of EU



The CEO of the non-profit told attendees at a community webinar that almost one in two adults in Ireland has low digital literacy levels.

Dublin-based education non-profit An Cosán is introducing a new suite of digital tools in an effort to tackle Ireland’s digital skills shortage.

Several An Cosán team members addressed the issue and the centre’s plan to tackle it at a recent webinar on digital inclusion the organisation hosted for its community partners.

Heydi Foster, CEO of the non-profit, called for a “whole of society approach” to increasing digital literacy, which, she said is an essential requirement to participate fully in society and to thrive in the 21st century.

Click here to check out the top sci-tech employers hiring right now.

Foster said: “Almost one in two adults in Ireland has low digital literacy levels, according to the Digital Economic and Society Index 2018. This is something that we all have a responsibility to address as a matter of urgency.”

She told the webinar attendees that a “collaboration between community, state and corporate sectors is urgently needed to ensure every adult has the necessary literacy, numeracy and digital skills to fully engage in society.”

Foster reminded the community partners of An Cosán’s founding principle “to leave no one behind” when it was first set up 35 years ago by co-founders Dr Ann Louise Gilligan and Dr Katherine Zappone.

The non-profit’s digital inclusion co-ordinator, Mark Kelly, then spoke about how An Cosán had been working with its partners to address digital exclusion in Ireland. Measures taken include a ‘Digital Stepping Stones’ tool developed with Accenture that allows people to evaluate their digital level competency. First rolled out in 2020, the tool identifies where people may need to upskill to fix any gaps in their digital skillset.

Kelly said the tool had been used by more than 5,300 people across the further education and training sector, including education and training boards, regional community training centres, local development companies, family resource centres and other community organisations.

To complement the success of the digital skills assessment tool, Kelly announced the development of a new suite of digital learning methods, using DigComp, the European digital competence framework.

Ariana Ball, corporate citizenship lead at Accenture, spoke during the webinar about the need for a growth mindset when it comes to teaching digital skills. The professional services company last year published a report on the digital skills shortage.

The report found that at least a quarter of the Irish population is excluded from an increasingly digital society because of socioeconomic reasons. This is leading to a “two-speed digital economy”, the report warned. It highlighted, in particular, the need for increased digital skills help for older people.

Recently, Vodafone Ireland partnered with charities Alone and Active Retirement Ireland to launch a new training programme to help those over the age 65 improve their digital skills. The Hi Digital programme aims to support 230,000 older Irish people as they overcome digital disenfranchisement.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading


The death of Charles Babbage, mathematician and inventor – archive, 1871 | Computing

Voice Of EU



The death is announced of Mr Charles Babbage, who has long held high rank among the mathematicians of the day. He was born on 26 December 1792, and having been privately educated, proceeded to Trinity College, Cambridge where he took his BA degree in 1814; but, curiously enough, his name does not appear in the mathematical tripos. In the course of his mathematical studies he found fault with the logarithmic tables then in use as being defective and unfaithful; and in order to improve them visited the various centres of machine labour in England and on the continent, and on his return directed the construction of a “difference engine” for the use of the government.

Another result of this tour was the production of his work on the Economy of Manufactures. By 1833 a portion of his machine (popularly known as “the calculating machine”) was prepared, and its operations were entirely successful. It was, however, never completed. He next prepared his Table of Logarithms of the Natural Numbers from 1 to 108,000, a work which was so highly esteemed that it was very soon afterwards translated into almost all the European languages.

A scaled-down version of Charles Babbage’s Analytical Engine, constructed in the 1860s.
A scaled-down version of Charles Babbage’s Analytical Engine, constructed in the 1860s. Photograph: Alamy Stock Photo

In 1811 Mr Babbage was elected Lucasian professor of mathematics, an office which had been filled by Sir Isaac Newton, Dr Isaac Barrow, Bishop Turton, Professor Airey, and other eminent persons. This post he resigned in 1811. Among his most prominent works may be mentioned A Ninth Bridgewater Treatise, the design of which was to show the error of a supposition implied in the first volume of that celebrated series, that ardent devotion to mathematical studies is unfavourable to religious faith.

Mr Babbage once, and it is believed once only, sought political honours, having become in 1832 a candidate for the borough of Finsbury, in the advanced Liberal interest, but was not successful. He was a Fellow of the Royal Society and a member of a large number of literary institutions.

Source link

Continue Reading


How to keep a support contract • The Register

Voice Of EU



On Call Let us take a little trip back to the days before the PC, when terminals ruled supreme, to find that the more things change the more they stay the same. Welcome to On Call.

Today’s story comes from “Keith” (not his name) and concerns the rage of a user whose expensive terminal would crash once a day, pretty much at the same time.

The terminal in question was a TAB 132/15. It was an impressive bit of kit for the time and was capable of displaying 132 characters of crisp, green text on a 15-inch CRT housed in a futuristic plastic case. Luxury for sure, unless one was the financial trader trying to use the device.

Once a day, at around 13:30, the terminal would hang. The user would have to reach behind it, power it off, wait a bit, and then fire it back up again. To placate the angry customer, a replacement was dispatched, and all was well. Until the problem started again. Another replacement was made. Another week or so went by with no complaints. And again, another call: the terminal was hanging. Same time. A few times a week.

“These terminals were in the thousand-dollar range,” Keith told us, so a monthly replacement cycle was not really an option. He even used one of the faulty units himself for a while and encountered no issues, which was odd in itself and, we reckon, planted a seed of suspicion.

As for the customer, he was raging by this point. “He was threatening to cancel our contract for his entire firm,” remembered Keith, which would hit the bottom line hard. A salesperson was sent out to see what was happening, but there was no failure.

A technician went out; again no failure. Was this a case of “Technician Syndrome”, where a problem cannot be replicated in front of service personnel? Maybe. Keith’s team were at their wit’s end while the customer had hit the end of his tether and gone beyond.

The solution to the problem was accidental. Keith was back on site, diagnosing an unrelated software issue, but could see the suspect terminal on the other side of the room. As he watched, the trader using the machine sat back for lunch, flipping through the pages of a financial newspaper. A phone call came through, and the trader slung the paper on top of the monitor, took the call, and then resumed work.

Oblivious to the newspaper.

A few minutes later there was uproar. The trader had stood and was slapping the side of the terminal, yelling all manner of not-safe-for-work oaths and casting aspersions upon the good name of Keith’s firm, the software, the programmers, and the computing industry in general. The cursing continued as the trader reached behind for the power switch, knocking the paper aside.

Keith had his solution. But was smart enough to know that a bland presentation of facts would probably not help. Instead, he arranged for his office to call the trader and tell him that a tech was on the way to help. He waited until the trader was distracted and sauntered over.

“Sure enough,” said Keith, “he said he was glad to see me but launched into a tirade again about the device’s many faults.”

He let the customer vent for a while, and surreptitiously placed the newspaper back on top over the heat vents on the terminal while pretending to examine the rear of the unit.

Now patience was needed. It wouldn’t take long – the terminal had, after all, only just recovered from its last overheating episode – and Keith encouraged the trader to unload all his woes and grievances.

The bug list was building as the screen suddenly flickered and locked up. “There! You see that?” exclaimed the user. Keith nodded and reached round the side of the terminal to cycle the power. Sure enough, it came back up.

Keith made a show of thanking the user for showing him the elusive bug and was staging a call with a co-worker, supposedly to prepare a replacement, when the terminal locked up again.

Keith wrinkled his forehead at the “mystery” before offering up an explanation.

“Ah!” he exclaimed, “Did you see how that flicker started from the top and moved to the down?”

Those familiar with the technology will know it was just following the raster pattern. The customer, on the other hand, did not.

“That is often a sign it is overheating,” said Keith, playing fast and loose with the truth, “but this office is cool?”

He pretended to be mystified until the penny dropped for the trader, who unleashed yet more expletives as he realised where he’d dropped his newspaper and snatched it away from the vents.

Feeling the volcanic heat spewing from the depths of the terminal, he turned to Keith, suddenly concerned: “Will it be OK?”

Of course it would. It had only been overheating for a short time every day. The apologies from the customer, who had “discovered” the problem, were profuse and copious. Keith excused himself, but not before rubbing a bit more salt into the wound by telling the user he needed to cancel the burn-in process of yet another expensive replacement.

As it turned out, rather than the customer cancelling the support contact, it ended up being extended.

“It was a good thing I’d let him ‘discover’ the fault,” said Keith. “If I had found it, he would have been very defensive and we still might have lost that contract.”

The minor bugs the user had reported while Keith had been waiting for the overheating to happen again were swiftly dealt with and the enhancement requests logged. Keith also reported back to his boss, who spent rather a lot of time laughing.

“It was a good day.”

Ever set the stage so the customer thinks they’re the hero of the hour? Or maybe you’ve wished all manner of unpleasantness upon your suppliers before realising the blame laid with you all along? Tell us about the time you picked up the phone with an email to On Call. ®

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!