Ethical Hacker Site Has Been Caught Spreading Ransomware

Security isn’t as black and white as people think, sometimes people do the bad things for the right reasons. This is the area that ethical hackers deal with, testing websites by employing the same techniques that those who want to cause harm or profit from your information illegally. Imagine the surprise then when a site used to support these ethical hackers was caught spreading ransomware this week.

Ransomware is a particularly nasty version of malware (malicious software) that works by encrypting your data, meaning you either pay the fee they want or potentially lose access to your data forever. Recently it’s affected several hospitals and even the FBI say you should just pay.

EC-Council is responsible for administrating the ethical hacker program, a system by which people can become trained and certified that their hacks are for legitimate and protective reasons, rather than malicious and illegal.

The site started spreading TeslaCrypt on Monday and seems to be targeting specific people. Those who visit the site using Internet explorer and only when they are redirected from a search engine are affected. If this didn’t cause enough trouble the hack seems to also use people’s IP addresses to determine their geographic location, meaning it targets a narrow group of people and makes its behavior seem more erratic, and thus harder to track and fix.

Requesting 1.5 bitcoins (around £442), the redirect exploit that allowed the ransomware to be installed was published by FOX News on Thursday after attempts to alert them privately yielded no responses.

Ethical hacking is a difficult business, with some companies considering you more foe than friend, but the help they provide stops issues like this (ironically) from happening.

Running Mac OS 6.0.1 On The Amiga 500 Computer

The perception among the tech industry is one of constant updating, but retro tech certainly has its place within fans minds if this fun hack is anything to go by. A Reddit and Imgur user by the username of wowbobwow (yippi yo yippy yay) Sorry but that sprang to mind, used an emulator called “A-Max” which in turn allowed the Mac ROM OS 6.0.1 to run on the Amiga 500.

For a minute let’s talk uber tech with regards to this application, emulation is any other faster computer program which mimics the behavior of a piece of computer hardware. The problem with this process is that when a program is run via emulation, said program becomes slower and therefore is unable to run at full speed due to the lack of bandwidth when imitating another system.  Therefore this project is not true emulation but is rather defined by a statement from the clever Hacker which is as follows,

“Worth noting that this is not “software emulation” like how you might run Mini vMac on a modern computer. This setup literally connects two Apple Macintosh ROM chips (from a Mac Plus, in this instance) to the Amiga’s floppy drive, and via some unholy alliance of A-Max controller software + Apple ROM code + the Motorola 68000 CPU in the Amiga (the same chip that powered all the early Macs), this is a “hardware” emulation system. Interestingly, the Mac boot disk I have is too old to be 32-bit compatible, so while it “sees” the full 9 megs of RAM in the Amiga, it can only access 512k of it.”

This project has been coined CoMacintosh by the author and it again conveys little limitation of what can be achieved by a skilled ethical hacker.

Thank You to Techworm for providing us with this information.

FBI Claims Security Researcher Was Able to Issue Commands to Engines

Security on planes has always been an issue, be it from people leaving their electronic devices on during flights or people making threats via social media. So when the FBI received a message from a security researcher claiming to have hacked an in-flight plane you can see why they might be concerned.

Chris Roberts is an aviation computer security researcher, that is he attempts to access and assess the security regarding plane’s as to prevent people from doing the same for more malicious reasons than to get paid. Apparently in his message Roberts claimed to have accessed the in-flight entertainment system. He then was able to overwrite code on the airplane Thrust management system, allowing him to control the engines on the plane in question.

Using his new access Roberts claims to have given an engine a climb command, resulting in the plane going sideways while still in flight. This isn’t the first time he’s been in trouble with the FBI because of his actions though, in 2015 he was detained after tweeting a joke about sending EICAS messages and toggling the oxygen masks. This resulted in him getting his iPad, MacBook Pro and his electronic storage devices confiscated for fear he was going to misuse them.

To the best of our knowledge Roberts has yet to be arrested or charged with any crime for the most recent claims, luckily for him I guess. Given the nature of the claims it’s a serious issue if he did manage to command the in-flight engines, especially if he hasn’t alerted the Airplane company regarding the issue. Ethical hacking is a serious issue these days, with some people crossing the line between ethical hacking and hacking just to make a point in order to get a payday.

I’ve always been comfortable on flights but should I take a second guess about taking my phone or laptop out while in flight?

Thank you Arstechnica for providing us with this information.

Image Courtesy of Airlines

Facebook’s Emotion Manipulation Study Angers Users

study was published recently showing that in January 2012, Facebook manipulated 689,003 members feeds to display a larger amount of positive or negative status updates. Running over a one week duration, this information was used to show that the moods of your friends on social media can affect your own mood positively or negatively on a day to day basis.

This manipulation has sparked outrage by some, claiming a lack of ethical practice – especially seeing as the ‘subjects’ were not notified of this study.

As far as legality is concerned, Facebook is in the clear as users agree to give up their data for analysis, testing and research upon sign up. However, the angered users aren’t claiming issues with the data collected, they’re upset that their feeds were manipulated without consultation.

Addressing the issue, a Facebook spokesman stated:

“This research was conducted for a single week in 2012 and none of the data used was associated with a specific person’s Facebook account. We do research to improve our services and to make the content people see on Facebook as relevant and engaging as possible. A big part of this is understanding how people respond to different types of content, whether it’s positive or negative in tone, news from friends, or information from pages they follow. We carefully consider what research we do and have a strong internal review process. There is no unnecessary collection of people’s data in connection with these research initiatives and all data is stored securely.” The Atlantic

Adam D.I Kramer (being one of the studies authors and a Facebook employee) gave his thoughts through a comment on a public Facebook status:

“And at the end of the day, the actual impact on people in the experiment was the minimal amount to statistically detect it,” he writes. “Having written and designed this experiment myself, I can tell you that our goal was never to upset anyone. […] In hindsight, the research benefits of the paper may not have justified all of this anxiety.” The Atlantic

So although Facebook users do agree to share their information, technically they aren’t in agreeance with the alteration of their data (in this case, news feeds).

Susan Fiske, a Princeton University psychology professor helped edit this study also shared some thoughts on the issue:

“It’s ethically okay from the regulations perspective, but ethics are kind of social decisions. There’s not an absolute answer. And so the level of outrage that appears to be happening suggests that maybe it shouldn’t have been done…I’m still thinking about it and I’m a little creeped out, too.” The Atlantic

Facebook has been rumored to partake in data manipulation studies like this more often than you may think. Should this access of data make you worried? Honestly the general population aren’t going to batt an eyelid, as long as they can access their fair share of recycled memes and baby photos.

Image courtesy of Post Grad Problems