Tor pulls in record donations as it lessens reliance on US government grants

Tor, the open source initiative which provides a more secure way to access the internet, is continuing to diversify its funding away from its long-standing reliance on U.S. government grants. The Tor Foundation — the organization behind the service which stands for ‘The Onion Router’ — announced this week that it brought in a record […]

Tor, the open source initiative which provides a more secure way to access the internet, is continuing to diversify its funding away from its long-standing reliance on U.S. government grants.

The Tor Foundation — the organization behind the service which stands for ‘The Onion Router’ — announced this week that it brought in a record $460,000 from individual donors in 2018. In addition, recently released financial information shows it raised a record $4.13 million from all sources in 2017 thanks to a growth in non-U.S. government donors.

The individual donation push represents an increase on the $400,000 it raised in 2017. A large part of that is down to Tor ally Mozilla, which once again pledged to match donations in the closing months of the year, while an anonymous individual matched all new backers who pledged up to $20,000.

Overall, the foundation said that it attracted donations from 115 countries worldwide in 2018 which reflects its importance outside of the U.S.

The record donation haul comes weeks after the Tor Foundation quietly revealed its latest financials — for 2017 — which show it has lessened its dependence on U.S. government sources. That’s been a key goal for some time, particularly after allegations that the FBI paid Carnegie Mellon researchers to help crack Tor, which served as a major motivation for the introduction of fundraising drives in 2015.

Back in 2015, U.S. government sources accounted for 80-90 percent of its financial backing, but that fell to just over 50 percent in 2017. The addition of a Swedish government agency, which provided $600,000, helped on that front as well as corporate donations from Mozilla ($520,000) and DuckDuckGo ($25,000), more than $400,000 from a range of private foundations, and, of course, those donations from individuals.

Tor is best known for being used by NSA whistleblower Edward Snowden but, with governments across the world cracking down on the internet, it is a resource that’s increasingly necessary if we are to guard the world’s right to a free internet.

Tor has certainly been busy making its technology more accessible over the last year.

It launched its first official mobile browser for Android in September and the same month it released TorBrowser 8.0, its most usable browser yet which is based on Firefox’s 2017 Quantum structure. It is also worked closely with Mozilla to bring Tor into Firefox itself as it has already done with Brave, a browser firm led by former Mozilla CEO Brendan Eich.

Beyond the browser and the Tor network itself, which is designed to minimize the potential for network surveillance, the organization also develops a range of other projects. More than two million people are estimated to use Tor, according to data from the organization.

Scammers are sending bomb scares to nab BTC

A new scam is making the rounds that promises to disrupt countless offices and schools. The scam is simple: the scammers send an email threatening to detonate a bomb if they don’t get a certain amount of Bitcoin within a specified time frame. Because there is little upside to ignoring a bomb threat at this […]

A new scam is making the rounds that promises to disrupt countless offices and schools. The scam is simple: the scammers send an email threatening to detonate a bomb if they don’t get a certain amount of Bitcoin within a specified time frame. Because there is little upside to ignoring a bomb threat at this point in history, entire offices are now being evacuated as this scam spreads.

The scammers usually send something like this:

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter:
We are not terrorists and dont assume any responsibility for explosions in other buildings.

This particular address is empty and the address changes with each email. The NYPD reacted to these threats and noted that they are not credible.

The FBI wasn’t so certain and recommend vigilance.

Ultimately scams like this one do more harm than good and are rarely credible. While nothing is impossible, please take a moment before panicking if you receive one of these emails.

Metacert’ Cryptonite can catch phishing links in your email

Metacert, founded by Paul Walsh, originally began as a way to watch chat rooms for fake Ethereum scams. Walsh, who was an early experimenter in cryptocurrencies, grew frustrated when he saw hackers dumping fake links into chat rooms, resulting in users regularly losing cash to scammers. Now Walsh has expanded his software to email. A […]

Metacert, founded by Paul Walsh, originally began as a way to watch chat rooms for fake Ethereum scams. Walsh, who was an early experimenter in cryptocurrencies, grew frustrated when he saw hackers dumping fake links into chat rooms, resulting in users regularly losing cash to scammers.

Now Walsh has expanded his software to email. A new product built for email will show little green or red shields next to links, confirming that a link is what it appears to be. A fake link would appear red while a real PayPal link, say, would appear green. The plugin works with Apple’s Mail app on the iPhone and is called Cryptonite.

“The system utilizes the MetaCert Protocol infrastructure/registry,” said Walsh. “It contains 10 billion classified URLs. This is at the core of all of MetaCert’s products and services. It’s a single API that’s used to protect over 1 million crypto people on Telegram via a security bot and it’s the same API that powers the integration that turned off phishing for the crypto world in 2017. Even when links are shortened? MetaCert unfurls them until it finds the real destination site, and then checks the Protocol to see if it’s verified, unknown or classified as phishing. It does all this in less that 300ms.”

Walsh is also working on a system to scan for Fake News in the wild using a similar technology to his anti-phishing solution. The company is raising currently and is working on a utility token.

Walsh sees his first customers as enterprise and expects IT shops to implement the software to show employees which links are allowed, i.e. company or partner links, and which ones are bad.

“It’s likely we will approach this top down and bottom up, which is unusual for enterprise security solutions. But ours is an enterprise service that anyone can install on their phone in less than a minute,” he said. “SMEs isn’t typically a target market for email security companies but we believe we can address this massive market with a solution that’s not scary to setup and expensive to support. More research is required though, to see if our hypothesis is right.”

“With MetaCert’s security, training is reduced to a single sentence ‘if it doesn’t have a green shield, assume it’s not safe,” said Walsh.

In letter to Congress, Apple sends strongest denial over ‘spy chip’ story

Apple has doubled down on its repudiation of Bloomberg’s report last week that claimed its systems had been compromised by Chinese spies. The blockbuster story cited more than a dozen sources claiming that China installed tiny chips on motherboards built by Supermicro, which companies across the U.S. tech industry — including Amazon and Apple — have […]

Apple has doubled down on its repudiation of Bloomberg’s report last week that claimed its systems had been compromised by Chinese spies.

The blockbuster story cited more than a dozen sources claiming that China installed tiny chips on motherboards built by Supermicro, which companies across the U.S. tech industry — including Amazon and Apple — have used to power servers in their datacenters. Bloomberg’s report also claimed that the chip can reportedly compromise data on the server, allowing China to spy on some of the world’s most powerful tech companies.

Now, in a letter to Congress, Apple’s vice president of information security George Stathakopoulos sent the company’s strongest denial to date.

“Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” he said. “We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted us about such an investigation.”

It follows a statement by both the U.K. National Cyber Security Center and U.S. Homeland Security stating that they had “no reason to doubt” statements by Apple, Amazon and Supermicro denying the claims.

Stathakopoulos added that Apple “repeatedly asked them to share specific details about the alleged malicious chips that they seemed certain existed, they were unwilling or unable to provide anything more than vague secondhand accounts.”

Apple’s statement is far stronger than its earlier remarks. A key detail missing in the Bloomberg story is that its many sources, albeit anonymous, provided the reporters with a first hand account of the alleged spy chips.

Without any evidence that the chips exist beyond eyewitness accounts and sources, Bloomberg’s story remains on shaky grounds.

Justice Department files criminal charges against seven Russian spies for Fancy Bear cyberattacks

U.S. prosecutors have charged seven suspects accused of working for the Russian GRU, the country’s military intelligence unit. The Justice Department’s National Security Division alleged the seven hackers were part of “a conspiracy to use computer hacking to obtain non-public, health information about athletes and others in the files of anti-doping agencies in multiple countries, […]

U.S. prosecutors have charged seven suspects accused of working for the Russian GRU, the country’s military intelligence unit.

The Justice Department’s National Security Division alleged the seven hackers were part of “a conspiracy to use computer hacking to obtain non-public, health information about athletes and others in the files of anti-doping agencies in multiple countries, and release of stolen information selectively and sometimes misleadingly.”

Prosecutors accused the seven Russian residents — charged with several counts of computer fraud and abuse and money laundering — of hacking into the World Anti-Doping Agency and several media outlets, among others. The U.S. also accuses the hackers of carrying out a massive disinformation campaign in the run-up to the 2016 presidential election — including stealing documents believed to be the Democratic National Committee.

The suspects named as GRU officers are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46.

The indictment accused the hackers of “often using fictitious personas and proxy servers,” and said they “researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers.”

“As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign,” prosecutors said. (Fancy Bear is also widely known as APT28.) “The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.”

The government said that the hacking efforts were part of a Russian government campaign set on “muddying or altering perceptions of the truth.”

“The actions of these seven hackers, all working as officials for the Russian government, were criminal, retaliatory, and damaging to innocent victims and the United States’ economy, as well as to world organizations,” said FBI director Christopher Wray. Their actions extended beyond borders, but so did the FBI’s investigation.

Three of the named Russians were also charged earlier this year as part of Special Counsel Robert Mueller’s probe into Russian interference in the 2016 election.

Although it’s not the first time that Russia has been linked or suspected of carrying out cyberattacks and spreading disinformation, the U.S. and U.K. have not until today officially accused the Kremlin of its role in these attacks.

The charges were filed hours after the U.K. and Dutch authorities found evidence that Russia had targeted the Organization for the Prohibition of Chemical Weapons in The Hague in April. The OPCW was investigating the poisoning of ex-Russian spy Sergei Skripal, who is living in the U.K. in exile.

U.K. Foreign Secretary Jeremy Hunt said the government was weighing up further sanctions against Russia, which it blamed for the attack.

China reportedly infiltrated Apple and other US companies using ‘spy’ chips on servers

Ready for information about what may be one of the largest corporate espionage programs from a nation-state? The Chinese government managed to gain access to the servers of more than 30 U.S. companies, including Apple, according to an explosive report from Bloomberg published today. Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China […]

Ready for information about what may be one of the largest corporate espionage programs from a nation-state? The Chinese government managed to gain access to the servers of more than 30 U.S. companies, including Apple, according to an explosive report from Bloomberg published today.

Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China where government-affiliated groups are alleged to have infiltrated its supply chain to attach tiny chips, some merely the size of a pencil tip, to motherboards which ended up in servers deployed in the U.S.

The goal, Bloomberg said, was to gain an entry point within company systems to potentially grab IP or confidential information. While the micro-servers themselves were limited in terms of direct capabilities, they represented a “stealth doorway” that could allow China-based operatives to remotely alter how a device functioned to potentially access information.

Once aware of the program, the U.S. government spied on the spies behind the chips but, according to Bloomberg, no consumer data is known to have been stolen through the attacks. Even still, this episode represents one of the most striking espionage programs from the Chinese government to date.

The story reports that the chips were discovered and reported to the FBI by Amazon, which found them during due diligence ahead of its 2015 acquisition of Elemental Systems, a company that held a range of U.S. government contracts, and Apple, which is said to have deployed up to 7,000 Supermicro servers at peak. Bloomberg reported that Amazon removed them all within a one-month period. Apple did indeed cut ties with Supermicro back in 2016, but it denied a claim from The Information which reported at the time that it was based on a security issue.

Amazon, meanwhile, completed the deal for Elemental Systems — reportedly worth $500 million — after it switched its software to the AWS cloud. Supermicro, meanwhile, was suspended from trading on the Nasdaq in August after failing to submit quarterly reports on time. The company is likely to be delisted.

Amazon, Apple, Supermicro and China’s Ministry of Foreign Affairs all denied Bloomberg’s findings with strong and lengthy statements — a full list of rebuttals is here. The publication claims that it sourced its information using no fewer than 17 individuals with knowledge of developments, including six U.S. officials and four Apple “insiders.”

You can (and should) read the full story on Bloomberg here.

China reportedly infiltrated Apple and other US companies using ‘spy’ chips on servers

Ready for information about what may be one of the largest corporate espionage programs from a nation-state? The Chinese government managed to gain access to the servers of more than 30 U.S. companies, including Apple, according to an explosive report from Bloomberg published today. Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China […]

Ready for information about what may be one of the largest corporate espionage programs from a nation-state? The Chinese government managed to gain access to the servers of more than 30 U.S. companies, including Apple, according to an explosive report from Bloomberg published today.

Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China where government-affiliated groups are alleged to have infiltrated its supply chain to attach tiny chips, some merely the size of a pencil tip, to motherboards which ended up in servers deployed in the U.S.

The goal, Bloomberg said, was to gain an entry point within company systems to potentially grab IP or confidential information. While the micro-servers themselves were limited in terms of direct capabilities, they represented a “stealth doorway” that could allow China-based operatives to remotely alter how a device functioned to potentially access information.

Once aware of the program, the U.S. government spied on the spies behind the chips but, according to Bloomberg, no consumer data is known to have been stolen through the attacks. Even still, this episode represents one of the most striking espionage programs from the Chinese government to date.

The story reports that the chips were discovered and reported to the FBI by Amazon, which found them during due diligence ahead of its 2015 acquisition of Elemental Systems, a company that held a range of U.S. government contracts, and Apple, which is said to have deployed up to 7,000 Supermicro servers at peak. Bloomberg reported that Amazon removed them all within a one-month period. Apple did indeed cut ties with Supermicro back in 2016, but it denied a claim from The Information which reported at the time that it was based on a security issue.

Amazon, meanwhile, completed the deal for Elemental Systems — reportedly worth $500 million — after it switched its software to the AWS cloud. Supermicro, meanwhile, was suspended from trading on the Nasdaq in August after failing to submit quarterly reports on time. The company is likely to be delisted.

Amazon, Apple, Supermicro and China’s Ministry of Foreign Affairs all denied Bloomberg’s findings with strong and lengthy statements — a full list of rebuttals is here. The publication claims that it sourced its information using no fewer than 17 individuals with knowledge of developments, including six U.S. officials and four Apple “insiders.”

You can (and should) read the full story on Bloomberg here.

Northwest fast food chain hack exposed customer credit cards

A beloved regional burger chain in the Pacific Northwest is the latest fast food company to suffer a major data breach. Burgerville, headquartered in Vancouver, Wash., disclosed today that any customers who used a credit or debit card from September 2017 to September 2018 at any of its locations may have had their card details […]

A beloved regional burger chain in the Pacific Northwest is the latest fast food company to suffer a major data breach.

Burgerville, headquartered in Vancouver, Wash., disclosed today that any customers who used a credit or debit card from September 2017 to September 2018 at any of its locations may have had their card details stolen. The company operates 42 locations in the region.

In August, the FBI contacted Burgerville to notify the company that it had been targeted in a cyberattack. The company believed that intrusion to be “brief” until September 19, when an internal forensics team identified that the chain was still affected by malware running on its systems. Burgerville coordinated with the FBI to neutralize and contain the malware, working with an external cybersecurity firm.

“As soon as Burgerville learned the intrusion was still active, the company immediately began steps to completely eradicate this breach, necessitating that all Burgerville systems be taken offline and upgraded simultaneously without any warning to the criminals,” the company said in a press release.

TechCrunch contacted Burgerville and the FBI to ask how many customers might have been affected by the hack. The company declined to provide additional details at this time.

While the company has yet to disclose many technical details, it attributed the attack to Fin7, a “prolific” international cybercrime group. In August, the Department of Justice apprehended three members of Fin7 involved in “a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.” Believed to be a billion-dollar operation, Fin7 operates under the guise of a front company while selling stolen data in online marketplaces.

The attack on Burgerville was likely accomplished by malware that infected its point-of-sale systems — a common target in the recent surge of restaurant cyberattacks. In this case, the company confirms that attackers were able to exfiltrate names, credit card numbers, expiration dates and CVV numbers.

According to the Department of Justice report, Fin7 began many of its attacks with spear phishing campaigns that delivered attachments laced with an “adapted version” of the malware known as Carbanak. An FBI report provides more detail on the group’s methods.

As part of its August announcement, the Department of Justice noted that Fin7 was behind already disclosed hacks of Chipotle, Chili’s and other food chains, including local businesses in Western Washington that remained unnamed at the time.

US government loses bid to force Facebook to wiretap Messenger calls

US government investigators have lost a case to force Facebook to wiretap calls made over its Messenger app. A joint federal and state law enforcement effort investigating the MS-13 gang had pushed a district court to hold the social networking giant in contempt of court for refusing to permit real-time listening in on voice calls. […]

US government investigators have lost a case to force Facebook to wiretap calls made over its Messenger app.

A joint federal and state law enforcement effort investigating the MS-13 gang had pushed a district court to hold the social networking giant in contempt of court for refusing to permit real-time listening in on voice calls.

According to sources speaking to Reuters, the judge later ruled in Facebook’s favor — although, because the case remains under seal, it’s not known for what reason.

The case, filed in a Fresno, Calif. district court, centers on alleged gang members accused of murder and other crimes. The government had been pushing to prosecute 16 suspected gang members, but are said to have leaned on Facebook to obtain further evidence.

Reuters said that an affidavit submitted by an FBI agent said that “there is no practical method available by which law enforcement can monitor” calls on Facebook Messenger . Although Facebook-owned WhatsApp uses end-to-end encryption to prevent eavesdroppers, not even the company can listen in — which law enforcement have long claimed that this hinders investigations.

But Facebook Messenger doesn’t end-to-end encrypt voice calls, making real-time listening in on calls possible.

Although phone companies and telcos are required under US law to allow police and federal agencies access to real-time phone calls with a court-signed wiretap order, internet companies like Facebook fall outside the scope of the law.

Privacy advocates saw this case as a way to remove that exemption, accusing the government of trying to backdoor the encrypted app, just two years after the FBI sued Apple over a similar request to break into the encrypted iPhone belonging to San Bernardino shooter Syed Farook.

Neither Facebook nor the FBI responded to a request for comment.

Alibaba’s Ant Financial denies stealing from Equifax

Ant Financial has denied claims that it covertly raided Equifax — the U.S. credit firm that was hit by a hack last year — to grab information, including code, confidential data and documents to help recruit staff for its own credit scoring service. The Alibaba affiliate, which is valued at over $100 billion, launched Sesame […]

Ant Financial has denied claims that it covertly raided Equifax the U.S. credit firm that was hit by a hack last year — to grab information, including code, confidential data and documents to help recruit staff for its own credit scoring service.

The Alibaba affiliate, which is valued at over $100 billion, launched Sesame Credit in China in 2015, and a report this week from The Wall Street Journal suggests that it leaned heavily on Equifax to do so. Ant Financial hired China-born Canadian David Zou from Equifax and the Journal claims that Zou looked up employee information to gauge potential hires and squirreled away confidential documents via his personal email account.

Ant was said to have offered Chinese staff at Equifax lucrative raises — reportedly tripling their salaries — with a focus on those who “provided instructions on specific Equifax information… if they jumped ship.” Apparently, however, only Zou did.

Zou, for this part, denies the claims. He said he looked up Equifax team members to help with work on his project in Canada, and forward information to his email account in order to continue his work when he went home.

Ant Financial went a step further with its own denial — from the firm’s statement:

Ant Financial did not use Equifax intellectual property or trade secrets, including code, algorithms or methodology in the development of our credit rating product. Ant Financial has found absolutely no evidence of Equifax software, data or code having been transferred to our systems.

We did not directly or indirectly encourage potential job applicants to obtain Equifax intellectual property or trade secrets. This would be a violation of Ant Financial’s Code of Business Conduct and we would take immediate action against any employee found engaging in this behavior. Further, we have specific agreements with our third-party recruiters that prohibit them from violating intellectual property rights of any parties. If any recruiter is found to have conducted such activities, we will stop accepting candidate referrals from them and may take legal action against them.

Ant said the Journal’s report is “full of innuendo based on disjointed facts and coincidence in timing.”

Beyond Ant, the report claims Equifax firm was also concerned when an unnamed Chinese firm swapped members of its delegation in the run-up to a meeting, a tactic that is apparently common among potential cases of espionage.

The company had been in contact with the FBI, but ultimately Equifax decided against pushing the matter. The Journal’s report also suggested that federal investigators backed down because they sensed that Equifax didn’t believe it had information that Chinese spies would be keen to get hold of. In addition, it hadn’t lost consumer information. Ultimately, of course, that leaked out when the firm was hacked last year.

“The story not only promotes hostility against a specific company, but also paints an overall narrative that maligns Chinese companies as a whole, and further promotes culturally divisive perceptions of ethnic Chinese people in America,” Ant said in its statement, which is attributed to the company’s general counsel, Leiming Chen.