• some 411 scam mails in my own language - but Google translate is not so good

    "Dit zal worden uitbetaald of gedeeld met deze percentages, 60 % voor mij en 40 % voor jou . Ik heb beveiligd alle nodige juridische documenten die kunnen worden gebruikt om back-up van deze eis die wij gaan maken met de bank bevestigd. Alles wat ik nodig heb is in uw namen in te vullen op de documenten en legaliseren in de rechtbank hier om u te bewijzen als de rechtmatige begunstigde . Alles wat ik nodig is uw eerlijke samenwerking,
    vertrouwelijkheid en vertrouwen zodat wij deze transactie doorzien. Ik garandeer je 100 % succes in deze deal, Houdt u er zeker van zijn dat deze deal onder een legitieme regeling die u beschermen tegen eventuele
    schending van de wet zal worden uitgevoerd.

    Als u geïnteresseerd bent in deze deal zijn, vriendelijk herbevestigen de volgende gegevens om ons in staat stellen verder te gaan:

    1 . Uw volledige naam :
    2 . uw telefoonnummers (kantoor en mobiel )
    3 . uw Faxnummer :
    4 . uw volledige adres :
    5 . uw leeftijd / geslacht :
    6 . je werk / beroep :
    7 . uw prive / alternatief e-mailadres
    8 . uw nationaliteit

    Na gegaan door middel van een methodische zoeken, heb ik besloten om contact met u hopen dat u vindt dit voorstel interessant vindt, Gelieve op uw bevestiging van dit bericht met vermelding van uw interesse , ik zal
    verstrekken u met meer informatie. Neem dan contact met mij op via telefoon: +447561845072 of per E -mail, trachten mij te laten weten wat uw beslissing dan het houden me op te wachten. Je kunt me schrijven in het
    Engels, indien mogelijk , want mijn Nederlands is niet goed.

    Met vriendelijke groet

    Dr Christopher Johnson
    Hoofd van de Boekhouding Auditdienst
    Credit Suisse Bank
    One Cabot Square, London E14 4QJ Londen
    TELEFOON: +447561845072"

    well they are learning languages or they are using google translate or somebody to translate it for them

    nice try, but no thanks

  • French CNIL privacy watchguard can now inspect french sites for dataleakage online

    Law No. 2014-344 of 17 March 2014 amends France's Data Protection Act giving the Data Protection Authority, the CNIL, the right to perform online checks. The new power allows the CNIL to remotely detect and react to data breaches on the Internet. The findings will be recorded and may result in enforcement action.

    The online inspections will apply to "data freely accessible or rendered accessible" online, mainly large databases of contact and billing information, and does not allow the CNIL to override or break companies' security to gain entry into their information systems.

    A CNIL spokesperson told PL&B: "The CNIL will not infringe companies' security to gain access to their systems. But I want to stress that 'security breaches' only represent a part of our online inspections. This new law also allows us to check how individuals are informed of the use of their data, how their consent is collected when it's necessary and how cookies and tracking tools are employed."

    "If an infringement has occurred, the CNIL's President can decide whether to issue an injunction or not. This injunction will compel the organization to take the necessary measures within a determined period of time."

    This new power, contained in a consumer protection law is in addition to the existing on-site inspections. The CNIL is planning to start online inspections in the next few weeks.

    See the law at http://www.legifrance.gouv.fr/affichTexte.do;jsessionid=?cidTexte=JORFTEXT000028738036
    The CNIL's summary of the effect of the new law on its operations is at http://www.cnil.fr/linstitution/actualite/article/article/un-pouvoir-dinvestigation-renforce-grace-aux-controles

    note : this means that they will be able to set up monitoring bots who can spider the net for leaks and data from french sites or on french sites without even having the limits securityresearchers have. They can't breach or penetrate the sites but it is not said that they can only work through Google which has as an advantage that they can scan online even if the searchbots are limited to a specific part of the internet infrastructure. You can find more information online if you don't have to go only through Google because for example internal files and websites in development are excluded from Google but can be discovered by pinging, portscanning and tracerouting or dns-scanning.

  • how cisco and other try to hide bribes to autocratic regimes

    In Cisco’s Russia operations, funds for kickbacks were built into the large discounts Cisco gave certain middleman distributors that were well-connected in Russia. The size of the discounts are head-turning, usually 35% to 40%, but sometimes as high as 68% percent off the list price.

    And there was a catch: Instead of discounting equipment in the normal way, by lowering the price, parts of the discounts were often structured as rebates: Cisco sent money back to the middlemen after a sale. Some intermediaries were so close to the Russian companies and government agencies — Cisco’s end customers — that these intermediaries functioned as their agents.

    These middleman companies would direct the rebate money to be sent to bank accounts in offshore havens such as Cyprus, the British Virgin Islands, or Bermuda.

    The former Cisco employees said they do not know who owns or controls those offshore accounts — in other words, who ultimately received the rebates. But they said the rebates were actually kickbacks. As one of them put it, “The main logic behind the rebates was to make sure they were able to stimulate, materially stimulate, the officials” who worked for the government entities.
    http://www.buzzfeed.com/aramroston/cisco-kickbacks-russia

    seems smart

    so on paper you sell the infrastructure for 5000 $ to the firm or administration

    after the sale you pay 2000 $ as a reduction to the representative who has to give a bankaccount

    you don't control if that account is linked to the firm or somewhere offshore - none of your business

    now expand this model to 1 billion $ and we are talking about hundreds of millions of $

    now expand this to most of the western investments and now you understand why those people around Putin are all billionaires ......

    or in any autocratic state (including China)

  • russian undercover socalled Anonymous Ukraine campaign with creditcards falls flat

    Nobody believed that Anonymous Ukraine had something to do with Maidan or anything really Anonymous democracybelieving in Ukraine. It was probably a Russian undercover operation trying to punish the western sanctions and especially those from the creditcards with a socalled new leak of millions of 'creditcards'. THe leaks were analysed by researchers and they said that the leak of in total 300GB and upto 800 million creditcards of which only part of it had the full user data - would come in different parts. The first were published last week. It was about 6 million creditcards.

    The analysis has been done and the following now becomes clear

    "The firm also updated its DataLossDB website, which tracks public data breaches, with the following statement: “Based on further analysis along with discussions with journalists, it appears that this credit card dump contains valid, but older card data that had been previously disclosed. To date, there is no solid evidence this represents a new breach. “ 

     

    Goddijn stressed that the firm has been unable to unearth “where the data was previously disclosed” or who the group behind the attack is – although she admitted to hearing the same rumours - via numerous technology news websites - of it being a smear campaign by Russian opponents . “All I can say is the group is claiming an affiliation and seems to want to disrupt the financial system. Unless there are additional disclosures, it's anyone's guess.”
    http://www.scmagazineuk.com/anonymous-ukraine-credit-card-leak-is-old-data/article/340397/

    That it is an info-op campaign is clear because the twitter acount has been closed, the files have disappeared and there is no response whatsoever on whatever possibility to contact. It was a hit-and-run operation that has fallen flat and that was broken off probably because the risk was too great that the whole operation would be discovered if there would be new activity as they would now be under enormous investigation for any new activity and online you only have to fuck up your cover during one second to be discovered - as Lulzsec found out the hard way. 

    Another reason that this could be Russian is because the greatest datafiles and dataservices with such information can be found on the Russian cybercrime network and that there are many articles who state that there is some cooperation between the Russian cybercrime networks and the intelligence networks in Russia.

    At the same time Ukraine and the US are to work together to clean up their cybercrime networks who were in a safe heaven before Maidan took over. So the Ukranian underworld had to reason at all to speed up that process because they still have to migrate their services and servers from their safe heaven to.... Russia.

  • #oprussia more leaks (6) from Chinese embassy in Moscow coming from Anonymous - what to expect

    Chinese Embassy in Moscow. Right you are. We did spearphished them twice in a row, delivering our top of the
    line RAT tool to their darkest areas of Intranet within the office in Moscow.

     

    Well to cut crap short – this particular release is 1st in a series of 7 releases. Tonight we release TRADE DEP,
    and next DEFFENSE ATTACHE DEP and so on.
    https://www.cyberguerrilla.org/blog/?p=17959

    we will keep you informed

    another interesting thing is that it was done by spearphishing some very chosen targets who were afterwards rooted and their access to the files and servers was abused - and as these access were all legitimate - nobody saw a thing

    but if this one is already 2 GB how much in fact did they download ? Many more I think.

    And nobody sawy this ? THis was all normal and his was done all the time (behavioural analysis needed)

  • Anonymous first leak of Chinese embassy in Moscow #oprussia - the files work

    http://belsec.skynetblogs.be/archive/2014/03/31/kiev-first-glimpse-of-anonymous-hack-of-chinese-embassy-in-8148984.html

    these are the files to download (2 giga)

    https://anonfiles.com/file/57f77032874bf7b4b7b383c6e55ae907

    https://anonfiles.com/file/d773a5198520723c88cab68145e96ed4

    https://anonfiles.com/file/b91d2c53f0b44874f512a39e1bbfb53f

    https://anonfiles.com/file/a8776bfecc40a70c4ad5f9dab73636af

    https://anonfiles.com/file/87efec5bc606e8669b03adf1a72339e3

    https://anonfiles.com/file/ac6b8cf9e31ea39b04a4d4e8e662528d

    https://anonfiles.com/file/bc275db04e5d62835e2fe9f1125ddefb

    https://anonfiles.com/file/00a129efc45d02c93e0dcb8dd421a699

  • #kiev the US sanctions that will hit the most Russia are those that aren't published

    So what exactly would releasing oil from there do? Let's say U.S. production and imports from Canada and Mexico were to hold place. The U.S. would need to release about 950,000 barrels per day to meet all of the United States' current demand. Based on the SPR's 727 million barrels in storage, we could do this for well over two years and drive down global prices significantly. Surprisingly, though, we don't even need to go to that extreme. According to economist Phillip Verleger in a recent Quartz article, if the U.S. were to release only 500,000 barrels per day from the SPR, it would lead to a $10 drop in oil prices and would cost Russia $40 billion in sales. At this pace, we could maintain this pace for more than four years and could potentially cause Russia's GDP to drop by 4%. 
    http://www.fool.com/investing/general/2014/03/30/america-may-have-just-unveiled-a-new-weapon-to-com.aspx

    stealth sanctions

    we don't do it to punish Russia but to help Europe

    but if we hit Russia hard enough with it so that it will go back to a normal international behavior and relationship, that would be more than welcome

    it also shows the advantage of building up strategic reserves when prices are low to use them at your strategic advantage

    if you are running enormous datacenters, the same idea can be implemented by you because it will mean that your energy costs may stay down while those of the other big players will increase because they are totally dependent on the external price without any assets to limit the impact

  • #kiev first glimpse of Anonymous hack of Chinese embassy in Russia about backdoors in Ukraine Telecom operator Intertelecom

    The files on Anonfiles don't seem to work

    the only thing we have for the moment is the explanation and a glimpse of 54 documents

    the total download should be around 2GB if it is going to be available one day

    they are in Russian and Chinese but somebody who will read this will speak either or both of these languages

    this shows you once more why cybersecurity is so much more important today if you are an embassy and surely if you are a telecom operator

    "Russian Cyber Command —Transmission 004 The Golden Sun of the Red Dragon East ….

     

    Our brothers from Latin America suggest that last name Putin is a derivative of Putto – male prostitute – lulz

     

    Tonight Great Lulz of the World ! We deliver a message.

     

    4 thouz who dont wanna read the rest - China embassy in Moscow hacked – Chinese delivered Rusal executives backdoored equipment designated to Ukraine GSM/CDMA provider Intertelecom – Rusal violating the agreement with China Export has managed to deliver it to Spy Company in Kharkiv, Ukraine – ALTRON – the whole operation
    was masterminded by V.Yanukovich counselor Nikolay Malomuzh (former chief of Intelligence of Ukraine) 2010.

     

    Next leak we deliver the whole package of docs revealing the secrets of cooperation between Malomuzh and Russian
    RUSAL executives puppettiers of FSB. Nikolay Malomuzh of Ukraine has masterminded with Rusgazneft, Mizgirev Sergey of that co. has protectorate of Malomuzh son Jaroslav and gave hime position in Salans international law firm in Kiev over the protectorate of Skolkovo Valeria Pavlyukovskaya, a malicious plot to control Western Ukraine by contracting Altron Executives to install backdoored equipment into Intertelecom infrastructure. Chinese found out about this only when their intelligence in Ukraine has informed them of Malomuzh being involved with Yanukovich company Tantalit and masterminded 20th of February shooting of Maidan activists. Inside we deliver all the evidence that chinesecontracted from their sources in Ukraine – whole INTERTELECOM infrastructure including clients with full ID, IMEI, ESN, IMSI etc etc – pretty nasty stuff
      what we can say?
    https://www.cyberguerrilla.org/blog/?p=17959

    the documents

  • #kiev the russian troops are moving even closer to the Ukranian border now

    this is setting alarms off everywhere

    if you have watched the film about the Cuban Missile crisis (based on real events) you will understand that troop movements are 'language' between superpowers about intentions or responses to plans

    the troops are special troops trained in already occupied regions or regions that they have already 'cleansed'

    Embedded image permalink

  • biggest Chinese corruption scandal ever - 300 people arrested and 14 billion confiscated

    Chinese authorities have seized assets worth at least 90 billion yuan ($14.5 billion) from family members and associates of retired domestic security tsar Zhou Yongkang, who is at the centre of China's biggest corruption scandal in more than six decades, two sources said.

    More than 300 of Zhou's relatives, political allies, proteges and staff have also been taken into custody or questioned in the past four months, the sources, who have been briefed on the investigation, told Reuters.

     

    The sheer size of the asset seizures and the scale of the investigations into the people around Zhou - both unreported until now - make the corruption probe unprecedented in modern China and would appear to show that President Xi Jinping is tackling graft at the highest levels.
    http://www.reuters.com/article/2014/03/30/us-china-corruption-zhou-idUSBREA2T02S20140330

  • the threatdata framework of Facebook (a good example)

    The ThreatData framework is comprised of three high-level parts: feeds, data storage, and real-time response. Feeds collect data from a specific source and are implemented via a light-weight interface. The data can be in nearly any format and is transformed by the feed into a simple schema we call a ThreatDatum. The datum is capable of storing not only the basics of the threat (e.g., evil-malware-domain.biz) but also the context in which it was bad. The added context is used in other parts of the framework to make more informed, automatic decisions.

    Here are some examples of feeds we have implemented:

    • Malware file hashes from VirusTotal [0];

    • Malicious URLs from multiple open source blogs and malware tracking sites;

    • Vendor-generated threat intelligence we purchase;

    • Facebook's internal sources of threat intelligence; and

    • Browser extensions for importing data as a Facebook security team member reads an article, blog, or
      other content.

    • Data Storage

    • Once a feed has transformed the raw data, it is fed into two of our existing data repository technologies: Hive[1] and Scuba[2].

    • We use Hive storage to answer questions based on long-term data:
    • Have we ever seen this threat before?

    • What type of threat is more prevalent from our perspective: malware or phishing?

     Scuba gives us the opposite end of the analysis spectrum:

    • What new malware are we seeing today?

    • Where are most of the new phishing sites?

    Real-time Response

    Maintaining accurate threat databases is great and can help answer challenging questions, but that's only part of the challenge in protecting the graph. We also need to quickly and consistently address threats that come to our attention. To help us, we built a processor to examine ThreatDatum at the time of logging and act on each of these new threats. Here are some examples we've implemented so far:

  • European court of justice set to favor more drastic blocking of content by ISP's

    source

    this is the interpretation of that advice that the Avocat General gave but who is mostly followd

    In fact the case is that the European ISP's for the moment ask not to be asked to block content because it is pirated or not conform the local copyright rules or whatever reason because they fear they will be blocking also content that is not infringing on anything but the avocat general seems to think that (this is not a quote but the interpretation)

    "broader injunctions, which do not specify exactly what an ISP must do to block access, are allowed. However, ISPs themselves will then be responsible for "taking all reasonable measures" to block access, as long as those measures don't block lawful content. That seems like kind of a huge mess for ISPs who will now have to deal with injunctions asking them to block stuff, where they'll be required to show "reasonable measures" but will also need to balance that against blocking access to legitimate content. This decision seems to try to thread a needle, where the result is likely to be many new lawsuits as censorship injunctions are issued, and ISPs have to figure out how to balance the order without blocking access to legitimate content. It seems likely that many ISPs will opt for limiting their own liability by defaulting towards overblocking to avoid having to face challenges suggesting they didn't take enough "reasonable measures."
    https://www.techdirt.com/articles/20140327/11031526711/eu-court-justice-tries-to-thread-needle-demanding-isps-censor-pirate-sites-is-okay-cant-block-legal-content.shtml

    the main effect will be that there will be more global blockades

  • In France, the Authority for the TV/Radio will be also responsable for the internet

    D'abord, le CSA va étendre son domaine à internet. Il va hériter de l'envoi des emails aux pirates, mission actuellement effectuée par la Hadopi.

    Mais le CSA va aussi devenir un régulateur de larges pans du web: tous les services de vidéo et de musique, que ce soit sur PC, consoles de jeux, magasins d'applications... Juridiquement, cette extension se fait de manière très simple. La loi va redéfinir les "services audiovisuels" de manière bien plus large pour englober tout le web. Désormais, il s'agira de "la mise à disposition d’œuvres audiovisuelles, cinématographiques ou sonores, quelles que soient les modalités techniques de mise à disposition".

    Mais ce n'est pas tout. Le CSA fera aussi respecter sur le web les grands principes moraux dont il est déjà le garant à la radio et à la télévision: "le CSA veille au respect par les services audiovisuels, de la protection de l’enfance et de l’adolescence, de la dignité de la personne humaine, et de l’interdiction de l’incitation à la haine ou à la violence pour des raisons, de race, de sexe, de meurs, de religion ou de nationalité".
    http://www.bfmtv.com/economie/exclu-bfm-business-csa-dote-super-pouvoirs-web-743561.html

    The CSa will be responsable to make the internet in France respect the same rules and laws that are used for radio and TV and they will have the same powers to do so. They will also be responsable for sending the warning letters to users who download pirated stuff (HADOPI) but they will also have numerour powers to punish the hosters and ISP who aren't respecting their rules or aren't responding to their warnings.

    this has still to pass the parliament although

    it is still a very interesting path to choose if you want to supervise the internet

  • privacycommission in Holland doesn't want any copies of IDcards in private hands anymore

    The Dutch Data Protection Authority (DPA) is taking action against companies which still ask people for a copy of their passports. It wants to slap fines on companies for violations of the law, according to a report in the Dutch national newspaper De Telegraaf.
    Many companies are asking their customers to produce a copy of their passport or driving license. But this, warns the CBP, increases the risk of identity fraud. 

     

    The Dutch DPA currently has the right to impose a conditional penalty on companies who demand ID copies, but the organisation is now seeking authorisation to impose fines to enforce compliance. Draft legislation to that effect will soon be debated in the Dutch Parliament.

     

    "Checks are enough”
    "Of course, companies should be able to check whether their customers are who they say they are, but checking a photo and passport number should be sufficient," says CPB Board Member Wilbert Tomesen. "What we now see in practice are passport copies piling up behind counters. That's almost asking for identity fraud. Which has major financial and social consequences for people. Soon, though, companies can expect a hefty fine, one that will hurt. "
    http://www.fraudhelpdesk.org/newsitem/cbp_action_against_id_copies

    this will change many things if we would do this in Belgium

  • what is the cleanup work for Telenet and Skynet today according to Google badware

    this is for Telenet

    and his is for skynet

    but skynet has said they were going to invest millions of euro's in security with a real kind of crisiscenter, NO ?

    so in a year time this should be quite empty no ?

  • Only Telenet limits and interferes with P2P and bittorrent traffic

    source http://wiki.vuze.com/w/Bad_ISPs#Belgium

    this is based upon tests by users around the world and is updated permanently

  • 122 presidents and leaders of state were special targets of the NSA

    this is the file about which there is so much to do

    this is an example of 12 people out of 122 who were special targets of the NSA