The WannaCry ransomware attackers demanded payment in the cryptocurrency. But its use in the ‘clean’ economy is growing, too, and could revolutionise how we use money
In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.
El gigante de la informática criticó el papel de los gobiernos y organizaciones que coleccionan vulnerabilidades informáticas que después pueden ser robadas o vendidas a delincuentes informáticos. La empresa pide que lo sucedido sea una lección para erradicar esta práctica en el mundo.
Expertos en informática advierten que un nuevo ataque global con un brote de ransomware es “inminente” y que incluso podría ser lanzado el lunes. BBC Mundo te cuenta los detalles y cómo protegerte de estos virus.
Un ciberataque “de dimensión nunca antes vista” logró este viernes bloquear el acceso a los sistemas informáticos de instituciones estatales y empresas de varios países.La policía europea, Europol, indicó que el ciberataque era de una escala “sin precedentes” y advirtió que una “compleja investigación internacional” era necesaria para “identificar a los culpables”.
Thanks to Edward Snowden, we know the apparatus of repression has been covertly attached to the democratic state. However, our struggle to retain privacy is far from hopeless
In the third chapter of his History of the Decline and Fall of the Roman Empire, Edward Gibbon gave two reasons why the slavery into which the Romans had tumbled under Augustus and his successors left them more wretched than any previous human slavery. In the first place, Gibbon said, the Romans had carried with them into slavery the culture of a free people: their language and their conception of themselves as human beings presupposed freedom. And thus, says Gibbon, for a long time the Romans preserved the sentiments – or at least the ideas – of a freeborn people. In the second place, the empire of the Romans filled all the world, and when that empire fell into the hands of a single person, the world was a safe and dreary prison for his enemies. As Gibbon wrote, to resist was fatal, and it was impossible to fly.
The power of that Roman empire rested in its leaders’ control of communications. The Mediterranean was their lake. Across their European empire, from Scotland to Syria, they pushed roads that 15 centuries later were still primary arteries of European transportation. Down those roads the emperor marched his armies. Up those roads he gathered his intelligence. The emperors invented the posts to move couriers and messages at the fastest possible speed.
Using that infrastructure, with respect to everything that involved the administration of power, the emperor made himself the best-informed person in the history of the world.
That power eradicated human freedom. “Remember,” said Cicero to Marcellus in exile, “wherever you are, you are equally within the power of the conqueror.”
The empire of the United States after the second world war also depended upon control of communications. This was more evident when, a mere 20 years later, the United States was locked in a confrontation of nuclear annihilation with the Soviet Union. In a war of submarines hidden in the dark below the continents, capable of eradicating human civilisation in less than an hour, the rule of engagement was “launch on warning”. Thus the United States valued control of communications as highly as the Emperor Augustus. Its listeners too aspired to know everything.
We all know that the United States has for decades spent as much on its military might as all other powers in the world combined. Americans are now realising what it means that we applied to the stealing of signals and the breaking of codes a similar proportion of our resources in relation to the rest of the world.
The US system of listening comprises a military command controlling a large civilian workforce. That structure presupposes the foreign intelligence nature of listening activities. Military control was a symbol and guarantee of the nature of the activity being pursued. Wide-scale domestic surveillance under military command would have violated the fundamental principle of civilian control.
Instead what it had was a foreign intelligence service responsible to the president as military commander-in-chief. The chain of military command absolutely ensured respect for the fundamental principle “no listening here”. The boundary between home and away distinguished the permissible from the unconstitutional.
The distinction between home and away was at least technically credible, given the reality of 20th-century communications media, which were hierarchically organised and very often state-controlled.
When the US government chose to listen to other governments abroad – to their militaries, to their diplomatic communications, to their policymakers where possible – they were listening in a world of defined targets. The basic principle was: hack, tap, steal. We listened, we hacked in, we traded, we stole.
In the beginning we listened to militaries and their governments. Later we monitored the flow of international trade as far as it engaged American national security interests.
Un error en uno de los principales programas de conexión segura utilizado en Internet ha tenido potencialmente expuestos a millones de usuarios desde hace dos años. El lunes, Google difundió un punto débil en el sistema de cifrado que utiliza para sus conexiones seguras, llamado OpenSSL, que también ha afectado a gigantes como Yahoo y Amazon. Esta grieta, existente desde 2011 y descubierta en diciembre de 2013 por un técnico de Google, podría haber permitido a hackers robar contraseñas de los usuarios.
El problema afecta a las conexiones seguras, las que comienzan con “https” y aparecen en la barra de direcciones cuando el usuario introduce datos delicados, habitualmente contraseñas. El fallo ha sido bautizado en inglés como Heartbleed, o “corazón sangrante”, porque afecta a un tipo de intercambio de información en web, el Heartbeat (latido de corazón).
El agujero de seguridad está en el código fuente (los bloques de construcción que componen un programa informático) de las versiones 1.0.1 a 1.0.1f de OpenSSL. Ya existe una nueva versión lista para descargar que subsana el fallo: la 1.0.1g. Los internautas de las páginas que utilizan este código habrían sido potencialmente vulnerables desde 2011. Y si alguien hubiera accedido a información confidencial, no habría dejado rastro. Pero los expertos llaman a la calma porque no hay razones para suponer que la seguridad haya sido violada desde entonces.
Open SSL es un sistema de seguridad utilizado por algunas de las principales web que existen, y “entre el 50% y el 70%” de servidores según Igor Unanue, técnico de la empresa de seguridad S21SEC. Ricardo Galli, fundador de Menéame, rebaja los servidores afectados a unos 500.000. Es gratuito y funciona como una herramienta que las web utilizan para cifrar la información que intercambian con los usuarios individuales, para que esta no pueda ser robada por terceros.
Open SSL es un programa de código abierto. Es decir, supuestamente cualquier programador puede participar en la escritura de su ADN, aunque eso no quiere decir que lo pueda alterar a voluntad como los artículos de Wikipedia.
Lo usan desde Yahoo, Google, Facebook o Amazon, a la plataforma de juegos Steam, pasando por el software de conexión segura Tor. Potencialmente podría haber dejado sin cobertura de seguridad a millones de usuarios que almacenan los datos de sus tarjetas bancarias en páginas de pago, o que utilizan el e-mail o los mensajes instantáneos.
The severity of the Heartbleed bug means that rushing to change passwords could backfire
Internet security researchers say people should not rush to change their passwords after the discovery of a widespread “catastrophic” software flaw that could expose website user details to hackers.
The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including usernames, passwords and cryptographic keys being used inside the site. Those at risk include Deutsche Bank, Yahoo and its subsidiary sites Flickr and Tumblr, photo-sharing site Imgur, and the FBI.
About half a million sites worldwide are reckoned to be insecure. “Catastrophic is the right word,” commented Bruce Schneier, an independent security expert. “On the scale of 1 to 10, this is an 11.”
But suggestions by Yahoo and the BBC that people should change their passwords at once – the typical reaction to a security breach – could make the problem worse if the web server hasn’t been updated to fix the flaw, says Mark Schloesser, a security researcher with Rapid7, based in Atlanta, Georgia.
Doing so “could even increase the chance of somebody getting the new password through the vulnerability,” Schloesser said, because logging in to an insecure server to change a password could reveal both the old and new passwords to an attacker.
Code error means that websites can leak user details including passwords through ‘heartbeat’ function used to secure connections
Hundreds of thousands of web and email servers worldwide have a software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections, experts say.
They could also leak personal information to hackers when people carry out searches or log into email.
The bug, called “Heartbleed”, affects web servers running a package called OpenSSL.
Among the systems confirmed to be affected are Imgur, OKCupid, Eventbrite, and the FBI’s website, all of which run affected versions of OpenSSL. Attacks using the vulnerability are already in the wild: one lets a hacker look at the cookies of the last person to visit an affected server, revealing personal information. Connections to Google are not vulnerable, researchers say.
SSL is the most common technology used to secure websites. Web servers that use it securely send an encryption key to the visitor; that is then used to protect all other information coming to and from the server.
It is crucial in protecting services like online shopping or banking from eavesdropping, as it renders users immune to so-called man in the middle attacks, where a third party intercepts both streams of traffic and uses them to discover confidential information.
The peer-to-peer software company is planning an encrypted chat service as demand for secure communications tools rises
BitTorrent, the company which maintains the popular peer-to-peer downloading protocol, has announced an entry into the world of secure communications.
With the launch of the alpha version of BitTorrent Private Chat, users are able to use a similar version of the distributed network that enables fast (and frequently illegal) downloads of large files in order to chat privately and securely.