An international operation involving law enforcement agencies and private sector companies is combating the threat from a type of malicious software (malware) used by criminals to steal from bank accounts. In the first project of its kind for a UK law enforcement agency, the National Crime Agency has brought together partners from the law enforcement and private sectors, including the FBI, Europol, BAE Systems Applied Intelligence, GCHQ, Dell SecureWorks, Kaspersky Lab and the German Federal Police (BKA) to jointly address the Shylock trojan.
As part of this activity, law enforcement agencies are taking action to disrupt the system which Shylock depends on to operate effectively. This comprises the seizure of servers which form the command and control system for the trojan, as well as taking control of the domains Shylock uses for communication between infected computers. This has been conducted from the operational centre at the European Cybercrime Centre (EC3) at Europol in The Hague. Investigators from the NCA, FBI, the Netherlands, Turkey and Italy gathered to coordinate action in their respective countries, in concert with counterparts in Germany, Poland and France.
Shylock - so called because its code contains excerpts from Shakespeare's Merchant of Venice - has infected at least 30,000 computers running Microsoft Windows worldwide. Intelligence suggests that Shylock has targeted the UK more than any other country, although the suspected developers are based elsewhere. The NCA is therefore coordinating international action against this form of malware.
Symantect describe the Trojan here, although this assessment was made in 2011 and the number of infections is significantly lower than the current estimates stated above.
Related Stories
"The Bill & Melinda Gates Foundation, the primary backer for the inBloom educational grading and service (which also acts as a platform for third-party applications), is catching flak for its role in encouraging the outsourcing of US Education. The article (cited by RMS today) argues that though the Common Core is a scary new concept that takes power away from state and local school governance, the real danger is allowing corporate enterprises to have so much control over our classrooms. The Washington Post also reports a case where Pearson included corporate logos and promotional materials inside its test booklets."
ZDNet report a update in NATO policy regarding cyber-defence:
Reflecting how all international conflicts now have some digital component, NATO has updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons.
The organisation's new cyber defence policy clarifies that a major digital attack on a member state could be covered by Article 5, the collective defence clause. That states that an attack against one member of NATO "shall be considered an attack against them all" and opens the way for members to take action against the aggressor - including the use of armed force - to restore security.
That NATO is updating its cyber defence strategy now shows how rapidly cyber warfare has jumped up the agenda. While defence strategies are usually expected to last a decade, its last cyber strategy was only published three years ago.
(Score: 2) by AnonTechie on Saturday July 12 2014, @06:37AM
It is nice to see public/private partnership in a worthwhile endeavour. I hope they are successful.
Albert Einstein - "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
(Score: 2) by c0lo on Saturday July 12 2014, @09:03AM
It's also nice to see that malware authors started to show some culture: I feel better when robed by a lover of classic culture than when being robbed by, for instance, the tax office (even if the classic cultured robber need to work harder in this instance: I stopped using windows more than 5 years ago).
What is really surprising though: the malware analysts managed to recognize the references - I didn't think the industry pay enough for the analysts to enjoy life enough to recall and/or re-read Shakespeare.
So, what's next? "Sing, O goddess, the anger of Achilles son of Peleus"?
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by mendax on Saturday July 12 2014, @10:32AM
What about "Tell me, O Muse, of the man of many devices, who wandered full many ways after he had sacked the sacred citadel of Troy"? Achilles was an asshole, whereas Odysseus was a clever, studly, and wily man. Surely, hackers would rather be associated with him.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by c0lo on Saturday July 12 2014, @12:35PM
How's that? Why do you say so?
Yea see... Odysseus showed too much sense (and too little ethics, but that's another angle to the story - one which raises the question what types of hackers would take him as a role model).
As such, without Menelaus (the true loser and asshole. Married with the most beautiful woman in the world and let her slip away?), he would have remained in Ithaca, tangled into his wife's peplos instead of devising those many devices. Remember? He almost managed to make himself scarce from the trojan war by feigning madness (in spite of the oaths he took)
Now, go code these in the next epic software piece you'll write
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by mendax on Saturday July 12 2014, @07:27PM
Well, you do have a point. Menelaus was a great asshole but then so was Agamemnon. Let's face it, all of the prominent Greeks were all assholes--humility was something they knew nothing about, but Odysseus makes a better role model for the hackers than Achilles.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by kaszz on Saturday July 12 2014, @06:46AM
When a boat sinks one first plugs the leak, and first then one pumps out the water. The organizations should deal with the malicious software producer to begin with. It's the root problem.
(Score: 2) by NCommander on Saturday July 12 2014, @07:38AM
Easier said than done, unfortunately. Binary code and metadata can give a fair bit of estimation against various code to determine when it was written, compiled with, sometimes even language and location, but anyone who's half competent to write something like this would likely be smart enough to sanitize the headers. When it comes time to deploy, you break into a target someplace far-far-away from where you are, upload the file, and execute, and then let it run.
One could reasonable wrap methods to find command and control servers in a decentralized way making it harder and harder to locate the group involved in coding it. Add things like poly-genetic viruses which change their executable code to help hide theirselves, it makes life much much ugly. Take a look at famous worms and crud, and see how often those who deploy it are truly caught. Pretty sure it's less than 10%.
Still always moving
(Score: 2) by kaszz on Saturday July 12 2014, @08:23AM
Malware will always be written. But some target types get more than they should. It might be hard to fix but it's what's needed.
(Score: 0) by Anonymous Coward on Monday July 14 2014, @11:24AM
They tried to do it but Micro$oft is too big to fail.
(Score: 2) by mendax on Saturday July 12 2014, @10:27AM
One wonders who is going to extract a pound of flesh from whom regarding this cooperation? The bad guys who make malware do sometimes fight back.
It's really quite a simple choice: Life, Death, or Los Angeles.
(Score: 2) by tathra on Saturday July 12 2014, @03:14PM
sounds like justification for putting backdoors in every computer and router. when you're watching everyone all the time, you'll surely catch the bad guys. remember, if you arent doing anything wrong, you have nothing to hide, and if you do have something to hide, you're clearly a terrorist and deserve your trip to gitmo or express package delivery from DronEx. or so i'm told.