This Week In Cybercrime: Your Computer is Infected. May I Help You?

Plus: U.S. security agency spreads false cyberterror rumors, and hackers steal and post records from 53 universities

2 min read
This Week In Cybercrime: Your Computer is Infected. May I Help You?

Scareware Crackdown

Who hasn’t been busy on their computer and received an e-mail or pop-up window in the Internet browser warning that their computer has been compromised and that it is imperative to contact a certain company to rid the machine of harmful viruses? That type of scam, called scareware, has become a major focus of the U.S. Federal Trade Commission (FTC). On 3 September, the FTC reported that it has taken a leading role in investigating reports of consumers being defrauded by scammers who convince them to turn over control of their computers—ostensibly to fix them—only to extort sometimes hundreds of dollars for unnecessary repairs. The announcement came the day after a U.S. court levied a total of $163 million in fines against several scareware distributors found guilty of tricking more than a million computer users into believing that their machines were riddled with malware.

Nate Anderson, an Ars Technica editor, details a textbook example of the ruse in an article based on his conversation with a scammer who insisted he was calling from the clearly fictional ‘Windows Technical Support.’ “My computer, he told me, had alerted him that it was infested with viruses,” Anderson wrote. “He wanted to show me the problem—then charge me to fix it.” The only problem, Anderson explained in the article, was that he isn’t a Windows computer user. So it was clear from the outset that the offer of assistance was a setup. Unfortunately, so many others fall for these come-ons.

DHS Cries Wolf

To what can we attribute the U.S. Department of Homeland Security’s spreading of false claims that Russian hackers had broken into an Illinois water district’s SCADA system and sabotaged a water pump? This after DHS had taken to task a regional fusion center (where federal, state, and local law enforcement agencies share and analyze information) for causing needless panic with the same information. A Wired article reports that a U.S. Senate subcommittee investigation has revealed that the agency pushed the false information in reports to Congress and the intelligence community even after the FBI and other investigative agencies had debunked the story. Worse, says the congressional report, which was released on 2 October, is that DHS never did get around to retracting its claims. The department’s excuse? “[The unsubstantiated claims did] exactly what [they were] supposed to do – generate interest,” DHS officials told Senate investigators. But interest in what exactly?

SchoolofCompromisedComputerSystems.edu

The New York Times reports that on 1 September, a group of hackers calling themselves Team GhostShell posted thousands of purloined personal records from 53 universities around the world, including Harvard, Stanford, Cornell, and the University of Zurich. The data includes the names, usernames, passwords, addresses and phone numbers of students, faculty and staff at the schools. Though most of the data was already publicly available, some sensitive information such as university employees’ payroll information was in the mix. The hackers, who published the material on Pastebin.com, insist that their actions were not motivated by profit but to “raise awareness towards the changes made in today’s education.” The group, which took the opportunity to lodge a complaint about changes in Europe’s education laws and rising tuition in the United States, noted that they were not the first to break into a goodly portion of the servers they breached. “When we got there, we found that a lot of them have malware injected,” the hackers wrote on Pastebin.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less