25 Million Devices Infected / Voting In The Dark / 7 Million Student Records Exposed / $3 Million Florida Sextortion Scheme
Jacob Kastrenakes: ‘Agent Smith’ malware has replaced Android apps’ code on 25 million devices
A newly discovered piece of Android malware that replaces portions of apps with its own code has infected more than 25 million devices, according to security firm Check Point. Check Point’s researchers named the malware “Agent Smith” because of the methods it uses to attack a device and avoid detection.
The malware doesn’t steal data from a user. Instead, it hacks apps and forces them to display more ads or takes credit for the ads they already display so that the malware’s operator can profit off the fraudulent views. Check Point says the malware looks for known apps on a device, such as WhatsApp, Opera Mini, or Flipkart, then replaces portions of their code and prevents them from being updated…Despite its focus on India, which accounts for 15 million infections, Check Point says the malware also made its way to the US where more than 300,000 devices were infected. The malware’s operator also seems to have attempted to expand into the Google Play Store, sneaking in 11 apps that included code related to a simpler version of the malware. The malware remained dormant, though, and Check Point says Google has now removed all of the discovered malicious apps.
Check Point says a key vulnerability that Agent Smith relies on was patched several years ago in Android. But developers need to update their apps in order to take advantage of the added protections. Evidently, many have not.
“This application was as malicious as they come,” Check Point writes of the malware. According to the researchers, the malware appears to be run by a Chinese company that claims to help developers publish their apps internationally.
You can find this story today over at The Verge.
Tim Cushing: Voting Machine Makers Claim The Names Of The Entities That Own Them Are Trade Secrets
Recently, the North Carolina State Board of Elections asked suppliers of electronic voting machines a simple question: who owns you? (h/t Annemarie Bridy) …This seems like very basic information — information the Board should know and should be able to pass on to the general public. After all, these are the makers of devices used by the public while electing their representatives. They should know who’s running these companies and who their majority stakeholders are. If something goes wrong (and something always does), they should know who’s ultimately responsible for the latest debacle.
It’s not like the state was asking the manufacturers to cough up code and machine schematics. All it wanted to know is the people behind the company nameplates. But the responses the board received indicate voting system manufacturers believe releasing any info about their companies’ compositions will somehow compromise their market advantage…The government can’t do everything itself. It will need vendors to supply goods and services. But these vendors need to operate under the same transparency the government is forced to, if they want to secure these lucrative contracts. Voters aren’t given a choice in voting machine providers. They’re stuck with whatever their government gives them. But when the government actually decides to perform a little vetting, the makers of the machines trusted to deliver accurate vote counts want to hide behind trade secret exceptions to prevent the public — and their elected officials — from knowing exactly who they’re dealing with when they head into the voting booth.
Given the abhorrent track record of so many voting machine companies, it’s no surprise they’re extremely reluctant to share any details with the voting public. But that doesn’t make them right. It just makes them a little bit more evil.
Get the names of these companies and more details found in the rest of this story at TechDirt.
Paul Bischoff: 7 million student records exposed by K12.com
A K12.com database containing almost 7 million student records was left open so that anyone with an internet connection could access it. On June 25, 2019, Comparitech and security researcher Bob Diachenko uncovered the exposure. The data leak involved a MongoDB instance that was made public.
K12.com provides online education programs for students. This exposure affected its A+nyWhere Learning System (A+LS) which is used by more than 1,100 school districts.
The exposed database held almost 7 million (6,988,504) records containing students’ data. The information held within each record included: Primary personal email address, Full name, Gender, Age, Birthdate, School name…
account credentials and more. An unsupported version of MongoDB was in use and unsecured remote desktop enabled. This is just the latest in a string of discoveries that container services are often misconfigured to be open by default rather than secured. If you know a student who has used k12 services or if your school uses it internally, it’s time to take steps to secure yourself against identity theft.
Get the grisly details over at Comparitech’s article today.
DOJ: Florida Attorney Sentenced to 60 Months in Prison for Multi-Million Dollar Pornography Film Copyright Fraud Scheme
A Florida attorney was sentenced to 60 months in prison followed by two years of supervised release for his role in a multi-million dollar fraud scheme to obtain payments from extortion victims to settle sham copyright infringement lawsuits by lying to state and federal courts throughout the country…John L. Steele, 48, who pleaded guilty on March 6, 2017, was sentenced today before U.S. District Judge Joan N. Ericksen of the District of Minnesota who also ordered Steele to pay restitution in the amount of $1,541,527.37.
According to his guilty plea and documents filed in court, between 2011 and 2014, Steele and his co-defendant Paul R. Hansmeier, both practicing lawyers, executed a scheme to obtain millions of dollars by threatening copyright lawsuits against individuals who allegedly downloaded pornographic movies from file-sharing websites. Steele admitted in court during his plea that he and Hansmeier created a series of sham entities, which they surreptitiously controlled, to obtain copyrights to pornographic movies — some of which they filmed themselves — and then uploaded those movies to file-sharing websites like “The Pirate Bay” in order to lure people to download the movies. Steele and Hansmeier then filed bogus copyright infringement lawsuits that concealed both their role in distributing the movies, and their personal stake in the outcome of the litigation. After filing the lawsuits, the defendants gained authority from the courts to subpoena internet service providers for identification information of the subscriber who controlled the IP address used to download the movie. With that information, the defendants used extortionate tactics such as letters and phone calls to threaten victims with enormous financial penalties and public embarrassment unless they agreed to pay a $3,000 settlement fee.
According to the indictment, the plea agreement and other court documents, in November 2011, in order to distance themselves from the specious lawsuits and any potential fallout, Steele and Hansmeier created and used Prenda Law, among other law firms, to pursue their fraudulent lawsuits. Steele acknowledged at his plea hearing that he and Hansmeier exerted de facto control over Prenda Law throughout the scheme, but recruited a now-deceased Illinois attorney to pretend to own and control the law firm.
In October 2012, the defendants changed their tactics and began filing lawsuits falsely alleging that computer systems belonging to their sham clients had been hacked. To facilitate their phony “hacking” lawsuits, the defendants recruited individuals who had been caught downloading pornography from a file-sharing website, to act as ruse “defendants.” These ruse defendants agreed to be sued and permit Steele and Hansmeier to conduct early discovery against their supposed “co-conspirators” in exchange for Steele and Hansmeier waiving their settlement fees. During his plea hearing, Steele admitted that the allegations of “hacking” in these complaints were made up.
In total, Steele and Hansmeier obtained approximately $3 million from the fraudulent copyright lawsuits.
This case was the result of an investigation conducted by the FBI and IRS-Criminal Investigations.
You can find this story and more details published at Justice.gov
👍 Help us out be thumbing this up or giving it claps or telling people or sharing it on social media please…and for goodness sake SUBSCRIBE. It’s free after all.
Politics may be married to technology and big media, but sometimes individuals can make a difference.
Get “The Dirty Deeds Playbook” today for just $2.99 on Kindle or for a few dollars more in paperback.
This satirical field manual uses fools & fanatics to sew chaos in American elections. Tools & techniques, observations & deception I’ve seen in the process over these past few years.
Support this news aggregation service by checking out our website at www.yourtechmoment.com today. Links there show all the places you can listen to the podcast or watch for free. Check out our FireTV app and Amazon Alexa skill for your flash briefing.
Also, find out about our other projects, buy books, advertise or support this project with merchandise purchases.