Category Archives: CODE BREAKING

WannaCry researcher denies in court about creating banking malware

The security researcher rose to fame for curbing the spread of the WannaCry ransomware recently

A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware.

Marcus Hutchins, 22, said he was not guilty during a hearing at a Las Vegas court after he was arrested and detained earlier this week.

The news was confirmed by his attorney Adrian Lobo, speaking on Facebook Live to local reporter Christy Wilcox, at the court house.

Hutchins was granted bail on a bond of $30,000 during a hearing at a Las Vegas court.

But he will “not be released today lawyers says could not get bail in time,” according to Wilcox in a tweet.

He will not be allowed access to devices with an internet connection, said Wilcox, and he will be tagged to be monitored at all times.

Hutchins, also known as @MalwareTechBlog, stormed to fame earlier this year after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware in May.

By registering a domain found in the code, he stopped the spread of the malware.

The Justice Department announced Thursday that it was charging Hutchins with malicious activity, unrelated to the WannaCry cyberattack.

The security researcher, a British native, was arrested shortly before boarding a flight home. He had been attending the Def Con security conference late last month. He was briefly detained in a federal detention facility in Nevada, then later questioned by the FBI at its field office in Las Vegas.

Hutchins was later indicted, along with an unnamed defendant, on six charges relating to allegations that he created the Kronos malware, a trojan that can steal banking usernames and passwords from victims’ computers.

He was also charged with five other counts, including wiretapping — thought to relate to the interception of passwords; and violating the controversial Computer Fraud and Abuse Act, which serve as the basis of US hacking laws.

Hutchins will appear at a court in Wisconsin, where the case was filed, on August 8.

Developing… more soon.

Henry Sapiecha

Rise of encryption tests intelligence in Isis fight

encryption locks symbol image

One challenge above all stands out for western counter-terrorism agencies fighting Isis: the rise of encryption technology across modern communications.

The jihadis are more than aware of the fact.

Investigators will be focusing on the nature of communications between the eight terrorists behind the deaths of 129 people in Paris on Friday, and their covert planning and logistics support network.

But with a cell of such size, involving co-ordination across several countries, what has come to the fore is the question of whether encrypted apps on their smartphones or secure email on computers obscured the intelligence picture before the massacre.

“There has been a significant increase in the operational security of a number of these operatives and terrorist networks as they have gone to school on what it is that they need to do in order to keep their activities concealed from the authorities,” John Brennan, CIA director, said in Washington at the CSIS think-tank on Monday.

Encryption affects counter-terrorism work on two levels. First, the increasingly off-the-shelf availability of apps and platforms that have high levels of security, particularly those with end-to-end encryption, offers terrorists increasing levels of secrecy.

But second, the spread of less rigorous encryption across a broader range of everyday web and smartphone software, from email to social media platforms, also means that even those with inferior standards are harder to monitor.

Agencies are therefore not just “going dark”, as they refer to their information shortfall, on the activities of specific, high-value targets, but on the broad amount of “chatter” they depend on for the core of their counter-terrorism analysis. Chatter is so crucial because it is what produces the leads for deeper investigations. In an age in which Isis is creating a far more diffuse terror threat, radicalising thousands of young, would-be jihadis through social media, such leads are vital.

“We are trying to pick signals out of the noise,” says a senior official at the Five Eyes signals intelligence alliance that combines the US, UK, Canada, Australia and New Zealand. “But what encryption is doing is vastly increasing that noise.”

The speed of technological development makes trying to keep up an almost impossible task.

“Almost every new app, whether it’s for file-sharing or sending photos that disintegrate or playing at orcs and dragons these days has some level of communication in it. We have to keep on top of them all,” says the official. “It’s around 1m.”

Isis, for its part, has what one British security source describes as a “highly sophisticated” digital security operation to make the task of signals intelligence work against it as hard as possible.

Isis and encryption technology


Intelligence tracking of Isis under question

Abaaoud killed but presence in France points to failure of EU agencies

The rise of encryption technology poses an increasing challenge for counter-terrorism agencies fighting Isis. Ravi Mattu asks Sam Jones, FT defence and security editor, why intelligence chiefs are so worried.

Isis adapts constantly, he says. Two years ago, its mujahideen were frequent users of messaging services such as Kik and Vibr. Their presence on social media services such as Twitter was particularly noteworthy.

But the opening of Washington’s bombing campaign against the group marked a turning point in which Isis moved to close its digital blackout blinds. The so-called caliphate clamped down on its fighters’ activities and apps. Orders were issued to fighting units on how to scrub tell-tale metadata from pictures and social media output online. And guides quickly circulated on which smartphone apps were the hardest to crack.

The jihadis turned initially to sites such as Russia’s VKontakte and Diaspora or anonymous text-sharing websites such as and Pastebin.

Isis now favours Telegram, a messaging app that advertises its services as “heavily encrypted” with the bonus of a self-destruct feature. For Isis, the app has another crucial benefit. Users can sign up to secure “channels” that broadcast messages.

The militant group has several channels established. The largest was identified by Memri, a Middle East media think-tank, in a report last month. Nashir, Isis’s flagship channel on Telegram, broadcasts in numerous languages: it has more than 10,000 Arabic followers, 998 in English, 348 in French and 340 in German.

Telegram said on Wednesday it had blocked 78 Isis-related channels across 12 languages, identified because of users reporting them to its abuse email. The start-up has responded to requests to remove content such as porn, in countries where it is illegal, but it has also pledged not to block those who express their opinions peacefully.

“It’s a game of catch-up,” says Callum Jeffray, national security research fellow at the Rusi think-tank. “As soon as intelligence agencies find a means of accessing one platform, more spring up. There is this adaptive and learning element of Isis that means this whole debate over encryption and data are going to play out for years to come.”

Additional reporting by Hannah Kuchler in San Francisco


Henry Sapiecha

Cyberattacks Increasingly Rapid and Deceptive: Symantec


In 2014, cybercriminals, using increasingly rapid and deceptive attacks, targeted the financial sector to stole massive amounts of data from major institutions, according to Mountain View, Calif.-based Symantec’s Internet Security Threat Report.

Other highlights: Twenty percent of financial, insurance and real estate companies were at risk of spear-phishing attacks in 2014, similar to the 2013 rate; 30% of finance workers were targeted with spear-phishing attacks, where emails were frequently sent requesting payment by credit card or the completion of a wire transfer; and, financial information was the fourth most common type of information exposed in 2014.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” Kevin Haley, director, Symantec Security Response said in a release. “We’re seeing attackers trick companies into infecting themselves by ‘Trojanizing’ software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”

In a record-setting year for zero-day vulnerabilities, Symantec research revealed that it took software companies an average of 59 days to create and roll out patches. That was up from only four days in 2013. Attackers took advantage of the delay and, in the case of Heartbleed, exploited the vulnerability within four hours.

Meanwhile, advanced attackers continued to breach networks with highly-targeted spear-phishing attacks. What makes last year particularly interesting is the precision of these attacks, which used 20% fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Email remains a significant attack vector for cybercriminals, but they continue to experiment with new attack methods across mobile devices and social networks to reach more people, with less effort.

In a separate announcement the Department of Homeland Security, in collaboration with Interpol and the FBI, released a Technical Alert to provide further information about the Simda botnet that has compromised more than 770,000 computers worldwide with a self-propagating malware since 2009. A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Recommended actions to remediate Simda infections include use and maintain anti-virus software, change, keep operating system and application software up-to-date, and use anti-malware tools.


Henry Sapiecha


WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London on August 18, 2014 image

WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London on August 18, 2014. Photo: JOHN STILLWELL

WikiLeaks is planning new releases of secret documents on controversial negotiations and intelligence agency operations, according to the anti-secrecy organisation’s Australian founder, Julian Assange.

In an interview with Fairfax Media, Mr Assange  said that while he does not expect to leave Ecuador’s London embassy any time soon, WikiLeaks very much remains in the business of publishing the secrets of diplomats and spies.

“There’ll be more publications – about large international so-called free trade deals, and about an intelligence agency,” Mr Assange said.

Over the past two years WikiLeaks has published leaked documents relating to the secret Trans Pacific Partnership trade negotiations as well as talks on the proposed multilateral agreement on Trade in Services.

In December 2014, WikiLeaks also published a leaked US Central Intelligence Agency analysis of the effectiveness of drone strikes and another CIA paper on the implications of enhanced airport security arrangements for clandestine intelligence operatives.

At that time WikiLeaks said the CIA documents were the beginning of a series of releases relating to the US espionage agency.

Julian Assange inside the Ecuadorian Embassy in 2014 image

In a wide ranging interview Mr Assange discussed the recent establishment of a secure internet chat system to enable anonymous sources to contact WikiLeaks and the prospective reintroduction of a secure electronic drop box to facilitate the deposit of leaked documents

Mr Assange acknowledged that re-establishing a drop box had proved a challenge since the WikiLeaks submission system had been disabled when a disgruntled member left the group in late 2010.

“Given the realities of mass surveillance, and the intense focus on WikiLeaks, we knew we needed a much stronger approach,” he said.

“There have been a number of efforts to do this, by others and ourselves, but until now every one has failed the test.  Our new system has some innovation that will be visible, and a lot that is not.”

Mr Assange said that a key challenge arose from the fact that any website open to receive anonymous leaks was an “exposed front door that becomes a permanent target” for intelligence and law enforcement agencies.

One part of the solution is to embed the instructions and code for the submission system on every webpage so that potential sources would be concealed amidst the estimated 500,000 unique readers who visit the WikiLeaks website each month.

“That gives a source some cover,” Mr Assange said, “but it’s important to understand that the protection of sources requires much more than a single technological fix.”

“A combination of elements is needed – cryptologic, jurisdictional and personal security.”

Mr Assange acknowledged his physical location in Ecuador’s London embassy was “a complicating factor, but not insurmountable” in WikiLeaks operations, and pointed to the assistance given by WikiLeaks staffer Sarah Harrison to former US intelligence contractor and whistleblower Edward Snowden as a demonstration of high levels of operational security.

Mr Assange said that he was hopeful that Sweden’s highest court would strike down the still current arrest warrant for him to be questioned about sexual assault allegations that were first raised in August 2010.

He has lived at Ecuador’s London embassy since June 2012 when the South American country granted him political asylum on the grounds that he is at risk of extradition to the United States to face espionage and conspiracy charges arising from the leaking of thousands of secret documents by US Army private Chelsea Manning.

In March, a US court confirmed that WikiLeaks and Mr Assange are still being targeted in a long-running investigation by the US Department of Justice and Federal Bureau of Investigation. British police are on guard outside the Ecuadorian embassy, waiting to arrest Mr Assange so he can be extradited to Sweden for questioning about the sexual assault allegations. Mr Assange denies the allegations and his lawyers have advised that he is at risk of extradition to the US from both Sweden or the United Kingdom.

Sweden’s Supreme Court confirmed this week it will hear an appeal by Mr Assange seeking to quash the arrest warrant on the grounds that prosecutors had failed to progress the case and that he has been denied access to key facts relevant to the decision to arrest him.

However, the British Foreign and Commonwealth Office (FCO) has confirmed even if the Swedish warrant disappeared British police would still seek to arrest Mr Assange for breaking his bail conditions when he sought refuge in the Ecuadorian embassy.

“When my legal team asked the FCO whether they were aware of any US extradition proceedings, they refused to confirm or deny,” Mr Assange said.

“There’s also the question of US and UK investigations relating to Sarah Harrison as myself as a consequence of our assistance to Snowden,” he added.

Mr Assange said he hadn’t had any contact from Australian consular officials for more than a year. His Australian passport, currently held by British authorities, has expired. He has been advised that he must physically present himself at the Australian High Commission in London if he wishes to obtain a new passport.

“The Australian Government and DFAT [Department of Foreign Affairs and Trade] like to make a big song and dance about helping Australians overseas, but the reality is they do as little as possible, especially when they don’t like someone’s politics.

“I’m probably not moving for a while yet,” he said.


Henry Sapiecha


A slide from documents leaked by NSA whistleblower Edward Snowden.

A slice from documents leaked by NSA whistleblower Edward Snowden.

When you’re happy and you know it (and you really want to show it) what do you do if you’re a spy at the United States National Security Agency successfully cracking encryption? You draw a stick figure doing a happy dance.

Over the Christmas break, the German Der Spiegel magazine published new disclosures and documents of signals intelligence cooperation between the United States and its “5-eyes” partners – Britain, Canada, Australia and New Zealand – revealing that the secret agencies had broken most widely used forms of internet encryption.

Among priority intelligence targets were virtual private networks (VPNs) – secure computer networks commonly used by large companies and organisations to transfer data between offices, and by consumers to protect their privacy.

Another slide shows the spy agency's excitement when being able to decrypt.

Another slide shows the spy agency’s excitement when being able to decrypt.

But in one of the documents published, “Intro to the VPN Exploitation Process”, the NSA celebrated its ability to break into VPNs in an unusual, childish-like way: a spy drew a stick figure doing a “happy dance”.

Examples of successful VPN interception cited in the leaked documents include government networks in Afghanistan, Greece, Pakistan and Turkey as well as a Russian telecommunications company being compromised.

It comes after another slide released in October 2013 poked fun at the NSA’s ability to tap into the fibre-optic cables that link up Google’s data centres. In that slide, on “Google Cloud Exploitation”, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data resides.

A slide released in late 2013 showing how the NSA broke into Google's data stream.

A slide released in late 2013 showing how the NSA broke into Google’s data stream.

In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.

When told about the NSA successfully penetrating Google’s data stream, two engineers with close ties to Google exploded in profanity when they saw the drawing. “I hope you publish this,” one of them said.

Google later said it was racing to encrypt the traffic between its data centres.

“It’s an arms race,” Eric Grosse, vice president for security engineering at Google, told the Washington Post. “We see these government agencies as among the most skilled players in this game.”


Henry Sapiecha

Meet the phone cracker Navid Sobbi explains what a treasure trove of information your phone can be and how to protect your information.

If you thought wiping your mobile phone once to delete its contents, or having a passcode to protect it from prying eyes was enough, think again.

Meet the ultimate mobile phone data extractor, a $40,000 Israeli-made machine manufactured by Cellebrite and used by private investigator Navid Sobbi’s business National Surveillance and Intelligence and numerous law-enforcement agencies around the word.

The machine can crack passwords and extract varying degrees of data from almost every smartphone on the market bar a number of Blackberry models and the iPhone 5 and above. Photos, texts, locations and more can be extracted from the phone’s memory even if previously wiped.

The Cellebrite system phone access image

Navid connects an iPhone up to a laptop to begin examination of the data recovered. Photo: Tessa Stevens

In total, the device claims to be able to extract varying degrees of data from about 8000 phone models. Newer iPhones are not susceptible to the password cracking because Apple’s encryption methods have improved over time, but most phones are still able to have their data extracted if the password is provided, Mr Sobbi said.

“If it’s a smartphone such as Android or Apple we can get absolutely everything,” he said.

“So that’s locations, SMS, MMS, passwords, notes, emails and call logs.”

The Cellebrite system phone access image www.intelagencies (1)

The Cellebrite system has a cable for every phone on the market. Photo: Tessa Stevens

Often data from mobile phones is used to corroborate or disprove theories in criminal trials.

In one recent case, US forensic investigators looked at data stored on murder suspect Pedro Bravo’s smartphone to infer he used the phone’s flashlight when he buried the body of a former friend in a remote wooded area. Bravo was later found guilty of the murder.

Mr Sobbi said most phones were “easy” to get into.

The Cellebrite system phone access image www.intelagencies (2)

The Cellebrite system can extract data from a variety of phones. Photo: Tessa Stevens

He said the could bypass an iPhone 4 passcode and get into the phone “within about five minutes”.

Some Android phones, such as the HTC One, were also easy to crack but piecing the data together was a time consuming task. Blackberrys for example were “extremely hard to get into”, he said.

Blackberry is well known for its secure phones, being the preferred brand of governments for their leaders and diplomats. Sydney bikies have also reportedly used them to thwart police efforts to intercept their communications.

Based in Sydney, Mr Sobbi has worked with NSW Police on criminal matters and also in tendering evidence for family court cases. He has also assisted with corporate leak investigations, where employees have taken a company’s intellectual property to a competitor.

Those that have accidentally deleted data – like family photos – also go to him for help and in about 90 to 95 per cent of cases he has been able to successfully retrieve the data.

“But it all comes down to how the phone is used,” he said. “So if, for example, the phone has been factory-reset a number of times or damaged, then our success rate is a lot less.”

After using the Cellebrite tool for several years, Mr Sobbi said it was most surprising it could get location data even when a phone’s GPS was turned off.

“We’ve noticed that [some phones] still store probably every 15 minutes or once every hour … a location of where the device is,” Mr Sobbi said.

“Even if [location is] off in the GPS option, it might store it from the cell tower option.”

He advised people to wipe their phones several times before selling or disposing of them.

“When a consumer wants to change their phone or just wants to give their phone to someone else, the best thing to do is at least restore it back to factory settings a minimum of about five times.

“The more you do that the harder it becomes for the forensic examiner to recover the data.”

He said he could also extract data from tablets and computer hard drives.

Although many law-enforcement agencies praise the Cellebrite system, not everyone is happy.

The American Civil Liberties Union of Michigan has previously expressed concern about how its state police force has used the gadget, saying it can “quickly download data from cell phones without the owner of the cell phone knowing it”.

commercial business loans info flyer (22)

Henry Sapiecha

A Closer Look: Ways to hide, secure data on police proof phones

group communications worlwide image

NEW YORK (AP) — Apple got a lot of attention last week when it released a new privacy policy along with a declaration that police can’t get to your password-protected data.

Essentially, your photos, messages and other documents are automatically encrypted when you set up a passcode, with or without a fingerprint ID to unlock the phone. Apple says it cannot bypass that passcode, even if law enforcement asks.

Google says it will also encrypt data by default in an upcoming Android update. The option has been there, but many people don’t know about it or bother to turn it on.

Apple, Google and other tech companies have been trying to depict themselves as trustworthy stewards of personal information following revelations that the National Security Agency has been snooping on emails and other communications as part of an effort to identify terrorists. Apple is also trying to reassure customers about its commitment to security and privacy after hackers broke into online accounts of celebrities who had personal photos stored on Apple’s iCloud service.

Beyond setting up passcodes, some phones have additional tools for hiding or securing sensitive photos and documents stored on the phone, particularly if you need to lend or show your phone to someone.

Here’s a closer look at some of those options:


i phone image black on white

In the latest software update for mobile devices, iOS 8, Apple offers an easier way to hide photos from your collection in the Photos app. Simply press down on the photo or the thumbnail of it and tap “Hide.”

However, the photo will still appear in individual albums, including a new one called “Hidden.” You can go there to unhide hidden photos.

So why bother? This feature is mainly useful when you want to let people glance through your entire collection of photos. That could be when you’re sitting with a friend in the same room or making a presentation before a large audience. You can hide embarrassing or incriminating photos – such as naked selfies – as long as you remain in control of the device. If you hand it to a friend and walk out, your friend can browse through the albums section.


samsung-galaxy-alpha image white

The Galaxy S5 phone introduced a private mode. You turn it on in the settings, under “Private Mode” in the Personalization section.

You then go through your phone to mark certain content as private. With photos, for instance, just go to the Gallery app and select the photos or albums you want to keep private. Then hit the menu icon for the option to “Move to Private.” This also works with selected video, music, audio recordings.

After you’ve marked your files as private, you need to go back to the settings to turn Private Mode off. Think of that setting as the door to a vault. Turning it on opens the door and lets you move stuff in and out. Turning it off closes and locks the door. It’s the opposite of what you might think: Private Mode needs to be off for your content to be secure.

Once locked, it is as though the content never existed. No one will know what’s inside the vault, or whether there’s even anything inside. To unlock the vault, you need your passcode or fingerprint ID.

The private-mode feature is also part of Samsung’s Galaxy Tab S tablets and the upcoming Galaxy Note phones.

 LG G 3


LG’s flagship phone has a guest mode. You can lend a phone to a friend without giving your friend access to everything. You can even set a separate unlock code for the guest, so that you don’t have to give out yours.

Look for “Guest mode” in the settings under the General tab. You then specify which apps your guest can access. For instance, you might want to give access to the phone, alarm clock and music, but you might want to block email and texts.

In some cases, guests have limited access to your content. With the Gallery app, your collection of photos won’t generally appear unless they are in the “Guest album.” Guests can take photos, too, and have them appear there. On the other hand, if you enable access to the Photos app, your guest gets everything. Likewise, there are no restrictions with email or texts if you allow access to those apps.

I recommend logging in as a guest – with the alternative code – to verify what’s available after you pick the apps to allow.

Beyond the guest mode, the G3 lets you lock certain images in the Gallery app during normal use, similar to what the Galaxy devices offer.


Digital Life A Closer Look Phone Privacy

These tips touch only the surface of what you can do to protect your privacy.

For instance, these apply only to data stored on the device. For files stored on Internet-based storage services such as iCloud and Dropbox, you’ll want to make sure you have a strong password and turn on a second layer of protection, often known as two-step verification. I covered that in a previous column, which can be found here: .

You’ll also want to pay attention to what data you’re sharing through apps.

With iOS, you can choose which apps can know your location and when, such as all the time or only when the app is actively running. Go to the “Location Services” settings under “Privacy.” Unfortunately, it tends to be all or nothing with Android. You can turn off location services, but that affects all apps, including maps and others that might need your location.

With both iOS and Android, you can choose to limit ad targeting based on your interests and surfing history.

For an explainer, read our column here: .

Henry Sapiecha


Nova: The Spy Factory Full Video

Examine the high-tech eavesdropping carried out by theNational Security Agency and the pitfalls of surveillance in an age of terrorism.

CIA, FBI, NSA organizations investigate the al qaeda involvement in 9/11 September 11 2001 twin towers world trade centre wtc bombing truth conspiracy

Henry Sapiecha