A man who has won about $1.5 million in poker tournaments has been arrested and charged with running an operation that combined spam, Android malware, and a fake dating website to scam victims out of $3.9 million, according to Symantec.
Symantec worked with investigators from the Chiba Prefectural Police in Japan, who earlier this week "arrested nine individuals for distributing spam that included e-mails with links to download Android.Enesoluty—a malware used to collect contact details stored on the owner’s device," Symantec wrote in its blog.
Android.Enesoluty is a Trojan distributed as an Android application file. It steals information and sends it to computers run by hackers. It was discovered by security researchers in September 2012.
The suspect flagged as the "main player running the operation" is 50-year-old Masaaki Kagawa of Tokyo, president of an IT firm named Koei Planning and a poker player with success in high-stakes tournaments around the world.
Masaaki Kagawa wins a big pot in the Aussie Millions Cash Game Invitational a few years ago.
Kagawa has reportedly won about $1.5 million in tournaments dating back to 2008 (minus entry fees). His most recent score was a third place finish in the 2013 Aussie Millions Poker Championship in February, which netted him $320,000.
Kagawa was already under investigation while playing in that tournament. Symantec explains:
From our observations, the operation began around September 2012 and ended in April 2013 when authorities raided the company office. We confirmed around 150 domains were registered to host the malicious apps during this time span. According to media reports, the group was able to collect approximately 37 million e-mail addresses from around 810,000 Android devices. The company earned over 390 million yen (approximately 3.9 million US dollars) by running a fake online dating service called Sakura in the last five months of the spam operation. Spam used to lure victims to the dating site was sent to the addresses collected by the malware.
The malware allegedly used in this operation appears to share source code with Android.Uracto, a Trojan that steals contacts and sends spam text messages to those contacts. Scammers maintaining Android.Uracto have not yet been identified.
Aereo, a service that streams over-the-air channels to its subscribers, has now spent more than a year serving residents of New York City. The service officially expands to Boston tomorrow and is coming to many more cities over the next few months, including Atlanta and Washington, DC. Aereo seems like a net-add for consumers, and the opposition has, so far, failed to mount a defense that sticks.
But the simple idea behind Aereo is so brilliant and precariously positioned that it seems like we need to simultaneously enjoy it as hard as we can and not at all. We have to appreciate it for exactly what it is, when it is, and expect nothing more. It seems so good that it cannot last. And tragically, there are more than a few reasons why it may not.
A little about how Aereo works: as a resident of the United States, you have access to a handful of TV channels broadcast over the air that you can watch for free with an antenna (or, two antennas, but we’ll get to that). A subscription to Aereo gets you, literally, your very own tiny antenna offsite in Aereo’s warehouse. The company streams this to you and attaches it to a DVR service, allowing you both live- and time-shifted viewing experiences.
Think mobile devices are low-power? A study by the Center for Energy-Efficient Telecommunications—a joint effort between AT&T's Bell Labs and the University of Melbourne in Australia—finds that wireless networking infrastructure worldwide accounts for 10 times more power consumption than data centers worldwide. In total, it is responsible for 90 percent of the power usage by cloud infrastructure. And that consumption is growing fast.
The study was in part a rebuttal to a Greenpeace report that focused on the power consumption of data centers. "The energy consumption of wireless access dominates data center consumption by a signiﬁcant margin," the authors of the CEET study wrote. One of the findings of the CEET researchers was that wired networks and data-center based applications could actually reduce overall computing energy consumption by allowing for less powerful client devices.
According to the CEET study, by 2015, wireless "cloud" infrastructure will consume as much as 43 terawatt-hours of electricity worldwide while generating 30 megatons of carbon dioxide. That's the equivalent of 4.9 million automobiles worth of carbon emissions. This projected power consumption is a 460 percent increase from the 9.2 TWh consumed by wireless infrastructure in 2012.
Aurich Lawson (after Aliens)
In one of the more audacious and ethically questionable research projects in recent memory, an anonymous hacker built a botnet of more than 420,000 Internet-connected devices and used it to perform one of the most comprehensive surveys ever to measure the insecurity of the global network.
In all, the nine-month scanning project found 420 million IPv4 addresses that responded to probes and 36 million more addresses that had one or more ports open. A large percentage of the unsecured devices bore the hallmarks of broadband modems, network routers, and other devices with embedded operating systems that typically aren't intended to be exposed to the outside world. The researcher found a total of 1.3 billion addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. There were no signs of life from the remaining 2.3 billion IPv4 addresses.
Continually scanning almost 4 billion addresses for nine months is a big job. In true guerilla research fashion, the unknown hacker developed a small scanning program that scoured the Internet for devices that could be logged into using no account credentials at all or the usernames and passwords of either "root" or "admin." When the program encountered unsecured devices, it installed itself on them and used them to conduct additional scans. The viral growth of the botnet allowed it to infect about 100,000 devices within a day of the program's release. The critical mass allowed the hacker to scan the Internet quickly and cheaply. With about 4,000 clients, it could scan one port on all 3.6 billion addresses in a single day. Because the project ran 1,000 unique probes on 742 separate ports, and possibly because the binary was uninstalled each time an infected device was restarted, the hacker commandeered a total of 420,000 devices to perform the survey.
After disasters (or to minimize expensive data use generally, and take advantage of available Wi-Fi), bypassing the cell network is useful. But it's not something that handset makers bake into their phones. colinneagle writes with information on a project that tries to sidestep a dependence on the cellular carriers, if there is Wi-Fi near enough for at least some users: "The Smart Phone Ad-Hoc Networks (SPAN) project reconfigures the onboard Wi-Fi chip of a smartphone to act as a Wi-Fi router with other nearby similarly configured smartphones, creating an ad-hoc mesh network. These smartphones can then communicate with one another without an operational carrier network. SPAN intercepts all communications at the Global Handset Proxy so applications such as VoIP, Twitter, email etc., work normally."
Read more of this story at Slashdot.
In the 1990s, client-server was king. The processing power of PCs and the increasing speed of networks led to more and more desktop applications, often plugging into backend middleware and corporate data sources. But those applications, and the PCs they ran on, were vulnerable to viruses and other attacks. When applications were poorly designed, they could leave sensitive data exposed.
Today, the mobile app is king. The processing power of smartphones and mobile devices based on Android, iOS, and other mobile operating systems combined with the speed of broadband cellular networks have led to more mobile applications with an old-school plan: plug into backend middleware and corporate data sources.
But these apps and the devices they run on are vulnerable… well, you get the picture. It's déjà vu with one major difference: while most client-server applications ran within the confines of a LAN or corporate WAN, mobile apps are running outside of the confines of corporate networks and are accessing services across the public Internet. That makes mobile applications potentially huge security vulnerabilities—especially if they aren't architected properly and configured with proper security and access controls.
I met Aaron Swartz in Cambridge shortly after he’d been indicted for downloading lots of JSTOR articles on MIT’s network in 2011. My Wired colleague Ryan Singel had been writing about his story, and I’d talked a lot with my friends in academia and publishing about the problems of putting scholarship behind a paywall, but that was really the level at which I was approaching it. I was there to have brunch with friends I’d known a long time only through the internet, and I hadn’t known Aaron that way. I certainly didn’t want to use the brunch to put on my journalist hat and pepper him with questions. He was there primarily to see his partner Quinn Norton’s daughter Ada, with whom he had a special bond. The two of them spent...
Robert Tercek at TEDxTransmedia 2012 - '7 Gifts for Creative Activists'
Robert Tercek is one of the world's most prolific creators of interactive content. He has created breakthrough entertainment experiences on every digital platform, including satellite television, game consoles, broadband Internet, interactive television and mobile networks. His expertise spans television, telecommunications and software. His motto is "Inventing the Future." He is passionate about inspiring audiences to seize their own destiny by thinking creatively and taking decisive action. At TEDx Transmedia 2012 he shared '7 gifts for creative activists' on creative collaboration and how to turn dreams into reality. Robert's website: www.roberttercek.com