Dark web marketplace shuts down over security concerns

Agora, one of the biggest online black markets, has shut down because of security concerns, its website reports.
 
Agora, one of the biggest online black markets, has shut down because of security concerns, its website reports.
 
The site said fears that a recently discovered flaw in the network on which it runs could lead to Agora’s servers being located, were behind the move. Administrators said they would keep the site offline until they could come up with a long-term solution.
 
According to one expert, the issue showed that users could not entirely trust the dark web’s security. “Once again, something that many people were putting their trust into on the internet is being revealed to be not quite so trustworthy after all.” said the security expert Graham Cluley. He suggested that a study into a vulnerability in the Tor network’s security, which was published by the Massachusetts Institute of Technology last month, was the source of the administrators’ concerns. It detailed how hidden servers could be exposed accurately.
 
Agora is often used to buy and sell drugs online. Last month, it announced that it would no longer allow the sale of guns. Its rules also explicitly prohibit payments for assassinations, weapons of mass destruction, poisons and images of child sexual abuse.
 
In their posting, the Agora administrators wrote: “Recently research… shed some light on vulnerabilities in Tor Hidden Services protocol which could help to deanonymize server locations.” They said that they had seen “suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on”, which led them to relocate.
 
The administrators added that they had a solution to the problem “in the works”, but that it would take time to implement. “At this point, while we don’t have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved,” the statement read.
 
The statement was held on its own site on the dark web and included a public PGP key that matched the one listed on the site’s contact page. The decision to take the site down was first reported by the news website DeepDotWeb.
 
 

O2’s ‘smart network’ aims to reduce signal not-spots by directing mobile signal to users

Mobile network O2 are claiming that they have the smartest mobile network in the country following the introduction of new network technology.
 
Mobile network O2 are claiming that they have the smartest mobile network in the country following the introduction of new network technology.

 
O2 are describing the new tech as an ‘intelligent self-optimising network’ which detects the best coverage for customers in a particular area and then redirects mobile signal (in real time) towards the recipient.
 
The new system also monitors the quality of voice calls, texts and mobile data, which can then be assessed and used to help pinpoint where the network need to make improvements – helping to improve the all-round quality of coverage across the country. This is being seen as one solution towards tackling the UK’s ‘not-spots’.
 
O2 COO Derek McManus has said, “The way in which our customers use and experience our network is incredibly powerful and there is a lot we can learn from it. As well as regular infrastructure upgrades, we also prioritise the introduction of new technologies and are proud to bring this innovation to the UK. Our customers now use the smartest, most intelligent network available, which learns and responds to precisely how they choose to use it.”
 
McManus also added, “Our five year £3bn network modernisation program has so far seen us roll out 4G to 575 towns and cities across the UK and we are on track to achieve 98% indoor and outdoor population coverage by 2017.”

First customers connected in trial of G.fast ultrafast broadband

bt alcatel peoples phone

 
 
Residents of Huntingdon – a market town in Cambridgeshire – today became the first people in the UK to take part in the field trial of a new type of ultrafast broadband technology from BT.
 
The trial, which is being delivered by Openreach, is open to all communications providers on equal terms. That means people will have a choice of service provider and any technological developments will benefit the wider industry.
 
Two thousand homes and businesses will be covered by the trial in the coming weeks. It is already delivering speeds of up to 330 megabits per second (Mbps) – more than ten times the current UK average – using G.fast, a new technology that has been pioneered by BT’s R&D division.
 
G.fast changes the way today’s broadband is transmitted, delivering ultrafast speeds that currently require fibre to be run all the way to the premises (FTTP). This is significant as it will enable Openreach to make ultrafast broadband available to a much larger number of homes and businesses, and in a shorter timeframe, than if it had focused on FTTP alone.
 
If trials* like the one in Huntingdon prove successful – and if UK regulation continues to encourage investment – Openreach aims to start deploying G.fast in 2016/17 alongside its fibre-to-the-cabinet and fibre-to-the-premises services.
 
The company believes that G.fast will enable it to make speeds of a few hundred megabits per second available to millions of homes by 2020 and deliver up to 500Mbps to most of the UK within a decade as the technology is developed further.
 
Culture Secretary John Whittingdale said: “The UK already leads Europe when it comes to superfast broadband coverage and speeds, with around 40,000 more homes and businesses getting access every week thanks to the government rollout.
 
“We want to stay ahead of the competition and so it’s good to see this continued investment and innovation in the industry. BT is harnessing its world-class technology and engineering expertise to help the UK lead the way on ultrafast broadband and remain a world leading digital economy.”
 
Joe Garner, CEO Openreach said: “Today is the start of a new chapter in building Britain’s connected future. This is the largest trial of G.fast technology in the world and it builds on the pioneering research of BT’s world-class R&D teams.
 
“We conducted the world’s first G.fast trial in 2013, and our experts have been heavily involved in creating global industry standards for this technology. We’re now eager to support all our service providers in learning how customers enjoy the service.
“The people of Huntingdon will play an extremely important role in helping us gauge how the technology performs, and how we might deliver ultrafast speeds to more of the UK over the coming years.”
 
The trial will run for 6-9 months, allowing Openreach, and its 8 communications provider trialists, as well as BT’s R&D division, to assess the technical performance of the technology across a large footprint.
 
Various methods of deployment will be used to provide a valuable insight into how the technology can be used on a day-to-day basis, including how usage might grow over time.
 
The speeds on offer will allow people to stream live ultra-high-definition 4K video content to multiple devices at once, all whilst simultaneously browsing the web, uploading videos and photos, or playing online games.
 
The company has pioneered research into G.fast technology since 2007 and has been heavily involved in driving the creation of global industry standards in that time. It is working on the trials with international vendors ADTRAN, Alcatel-Lucent andHuawei, and also with chipset manufacturers and global standards bodies, to drive the speed and performance of G.fast technology.

Hackers hijack the net’s phone books

Online services that charge to kick people out of games or bombard websites with data have been put out of action by PayPal and security researchers.
 
Online services that charge to kick people out of games or bombard websites with data have been put out of action by PayPal and security researchers.
 
The payment firm and the experts worked together to identify the accounts used by so-called “booter” services. They are thought to carry out hundreds of thousands of attacks each year and charge up to $300 (£200) a month. Research suggests the action cut the number of active booter services by about 90%.
 
The booting services use many different ways to batter sites with data but have joined with many other cybercriminals recently in abusing part of the net’s infrastructure – the Domain Name System (DNS). This acts like a phone book and translates the website names people use into the numeric equivalents that computers are happy with. So, for example, when you type bbc.co.uk, DNS translates that into 212.58.244.18 so your browser can find the page.
 
“DNS underlies everything you do on the internet,” said Neil Cook, chief technology officer at security firm Cloudmark. It is used billions of times a day to make sure you reach the site you are looking for. Its very usefulness has made it a tempting target for criminally-minded hackers, said Mr Cook, especially because few firms see it as a potential attack vector.
 
 “Most people just see it as plumbing,” he said. “They don’t see it as a security hole.” 

But it is, he said. An attacker that can subvert the DNS system has total control over the data emerging from a company, internet service provider (ISP), home or phone.
 

Cloudmark was alerted to its potential for trouble by one of it customer, a mobile operator that noticed a massive jump in the amount of data being sent to its DNS servers. This was odd because the typical DNS query does not involve much data – a simple query and response. There was no good reason why, suddenly, far more data was being sent to those computers.
 
Closer inspection revealed the culprit. “It was a rogue operator,” said Mr Cook. “It had installed software on user’s handsets so it did not have to pay roaming charges.” The rogue was outside the UK and was funnelling customers data via DNS so it did not have to travel over the main mobile network and be paid for.
 
At its fastest, DNS can move data around at about 200 kilobits per second – much slower than most mobile networks. But, said Mr Cook, the fact that users paid nothing to browse the web overseas offset the inconvenience.
 
Tom Neaves from security firm Trustwave said that might be plenty fast enough if an attacker wants to move a small amount of data – such as a password. “A lot of people underestimate its potential as an attack tool because it was never meant to be used to transfer a lot of data,” he said.
 
Mr Neaves has proved just how useful it can be for attackers by creating software that exploits DNS to slowly steal data. For criminal hackers intent on industrial espionage that slow rate is fine – especially when you consider that, on average, it takes companies more than 200 days to spot an intruder insider their network.

 
Trustwave has seen DNS exploited in other ways too, he said. It can be used as a command and control channel for a malicious program attackers have got running on a machine inside a network. Or as a way for attackers to communicate across networks in different companies.
 
And it does not end there, said senior analyst Darren Anstee from network monitoring experts Arbor. “There are a lot of ways to exploit DNS to do bad things,” he said.
 
Most often Arbor had seen it used to carry out Distributed Denial of Service attacks that sought to knock a site offline by overwhelming it with data. Using well-known techniques, said Mr Anstee, DNS servers could be tricked into sending data to a particular site. If enough DNS servers are enrolled into the attack the amount of data turning up at a target site can be overwhelming.
 
Arbor had seen attacks that funnelled more than 100 gigabits of data a second at a target. That’s so much that it can have a knock-on effect on other systems on the same network. “The attack tools exist and the capability is built into various botnets and crimeware services,” he said. Online there are so-called “booter” services that abuse DNS in a bid to knock people off game servers.
 
Attackers had targeted home routers in a bid to subvert their DNS settings so they can get a look at the traffic and scoop up login names and passwords as they travel, he said.

 
Public-spirited efforts such as the Open Resolver Project have helped to patch many vulnerable home routers and stop them being abused for either DDoS attacks or to steal data. The OSR has enjoyed a lot of success and has managed to get about seven million devices fixed.
 
Unfortunately there are still about 20 million vulnerable devices accessible online, said Bruce van Nice, a director at DNS specialist Nominum. “That’s a pretty good base of stuff that can be used for attacks,” he said.
 
Defending against DNS-based attacks is hard because many of the defensive techniques used to counter other attacks do not work well when applied to DNS. This is because DNS only works well if data can travel quickly to and from servers. Inspecting each packet to see if it is properly formed and is not being used to steal data would slow the whole system down. Users would complain as web browsing slowed to a crawl.
 
There are techniques that can clean up traffic and mitigate DDoS attacks but defenders need to be aware that novel ways to abuse DNS are being produced all the time.
 
Adversaries are not idle and are refining their techniques, said Mr van Nice. “We see activity every single day and we see evolution in those attacks so someone is improving their capabilities. They do not do that without good reason.”
 
 

Samsung Pay versus Apple Pay

peoples phone samsung logo

Samsung has launched its mobile wallet service Samsung Pay in South Korea.
 
It joins Apple – which launched a rival facility last year – in trying to convince shoppers to use their handsets, rather than plastic cards, to make in-store purchases. And Samsung believes it has one critical fact that will work in its favour: its tech works with a much larger number of existing payment terminals.
 
In truth, it’s still unclear whether using mobiles to buy goods offline has much appeal beyond a novelty factor when it comes to non-geek members of the public.
 
But with two of the biggest names in tech betting their mobile payment services will help their handsets stand out, the days of slipping a bulky wallet into your pocket or handbag could be numbered. At launch, Samsung Pay is only available in the company’s home country.
 

But it will expand to the US on 28 September, and the firm has indicated that the UK, Spain and China will be next to get the facility sometime in the near-future. That signals a more aggressive rollout than Apple Pay, which currently remains limited to the US and UK.
 
However, there are two other additional factors to consider. Samsung Pay will only work with the firm’s newest Android smartphones: Galaxy S6, Galaxy S6 Edge, Galaxy S6 Edge+, Galaxy Note 5.
 
And bank/credit card providers involved must be signed up to the scheme. Unlike Google Wallet and several other earlier payment apps, there’s no need to unlock the phone and launch a special app to get started. Assuming you’ve already entered your payment card details, all you need do is swipe up from the bottom of the device’s face and Samsung Pay will appear, even if the screen was turned off to begin with. Next, pick a credit card and scan your fingerprint or provide a Pin code. Finally, you have to bring the phone close to the payment terminal within 15 seconds to complete the sale.
 

Like Apple Pay, Samsung’s service is designed to work existing “tap-and-go” terminals that use near field communication (NFC) transmissions. This is the technology that was widely deployed across the UK alongside the introduction of chip-and-pin cards. But Samsung Pay’s added trick is that it also works with magnetic stripe readers, which remain popular in the US and Asia. This is thanks to a proprietary technology it calls Magnetic Secure Transmission (MST).
 
“Rather than swiping the card, which normally transmits the data, we are using electronic signals [made by alternating current through] coils inside the phone to send the signal over,” Thomas Ko, vice president of Samsung Pay, explained. “So, from the machine’s perspective it is actually receiving the same amount of information that it would from a magnetic reader.”
 
Samsung has been able to deploy the innovation thanks to its takeover of LoopPay – an American company that initially tried to pioneer the tech via bulky add-on smartphone cases. Payment cards have indeed been successfully targeted by thieves who clone the details coded on their magnetic stripes.
 

However, Samsung Pay uses a security system called tokenisation to protect against this threat. Rather than transmitting the same, static “primary account number” (Pan) each time, a Samsung Pay handset instead sends: a 16-digit “token” – this is unique to each payment card stored on each handset and represents the relevant bank/credit card account without revealing the actual account’s details, a cryptogram – a one-use code generated by an encryption key stored on the handset. 
 
These two sets of data are sent to the payment processor, who checks they correspond before authorising the payment. Even if a thief were able to get close enough to intercept the transmission, there is no way for them to reverse-engineer the token to deduce the victim’s card account details. And they would not be able to use the token with another magstripe reader unless they also had a way to generate a matching cryptogram. That should should be next to impossible to do without access to the encryption key.
 
The system works without changes having to be made to the magstripe machine itself. It treats MST transmissions as if they are a traditional card swipe.
 

It’s unlikely that many people will be swayed from Apple’s iOS ecosystem solely because of the type of mobile payments Samsung supports. Perhaps the more important comparison is with Android Pay – Google’s forthcoming mobile wallet service. Google is also pitching its service as simple to use because it doesn’t need a special app to be launched. But it will require payment terminals to offer NFC support.
 

Even so, one shouldn’t totally discount app-based rivals – especially if they can offer distinctive services of their own. In South Korea Kakao Pay also allows users to make money transfers to each other and AliPlay does something similar in China. Meanwhile, in the US the forthcoming CurrentC service is promising “exclusive offers” to its users.

Bitcoin could split in debate over currency’s future

A row over changing the software that produces bitcoins could split the virtual currency, core developers say. Bitcoin XT, a new version, is currently being recommended by the currency’s chief scientist, Gavin Andresen.

 
A row over changing the software that produces bitcoins could split the virtual currency, core developers say. Bitcoin XT, a new version, is currently being recommended by the currency’s chief scientist, Gavin Andresen.
 
And its developer, Mike Hearn, says its adoption is essential to ensure the currency can cope with growing demand. But some, including a large number of bitcoin miners in China, are resisting XT because of how it might affect control over the currency.
 
Bitcoin’s blockchain – a digital ledger of all transactions made with the currency – is currently made up of 1MB blocks. Bitcoin XT would enable these blocks to grow to 8MB. But this would mean XT was no longer compatible with existing Bitcoin software, creating, its detractors say, two separate currencies and eroding trust in both.
 
Mr Hearn saidC the Bitcoin community’s reaction to the release of the XT software at the weekend had been mixed, but there were some encouraging signs. “We’ve gone from zero people running the software to 10% of the network in 72 hours, which is really good,” he said
 
But many are unhappy the core development team at Bitcoin is currently in disagreement over whether Bitcoin XT is right for the future of the currency. A pool of large Chinese mining groups, for example, have said they will not adopt the software unless it is unanimously adopted by the core team.
 
Mr Hearn said he had decided to force the issue in order to overcome the stalemate. “If you look at the guys working on the Bitcoin core, they talk about consensus all the time – but if you ask them what they really mean, they can’t tell you,” he said. “There is no consensus about what consensus means.”
 
Mr Hearn acknowledged, however, the reduced control developers had under XT would mean they would have to split the currency a second time if they were unhappy with future decisions. “If we go off the rails and do things that aren’t in the best interests of the community, then the solution is fork it again,” he said.
 
Dr Vili Lehdonvirta, at the Oxford Internet Institute, said the adoption of Bitcoin XT would mean “the community has much fewer guarantees of being listened to”. “Those algorithms are made by humans and whoever writes them gets to have power over the system,” he said.
 
Dr Lehdonvirta added increasing block size could potentially make Bitcoin less accessible. “Downloading the whole blockchain is already such an effort that most people choose not to run Bitcoin on their computers,” he said. “This would put Bitcoin on a trajectory where that problem is exaggerated.”
 

Wiltshire farmer builds his own mast for 4G signal

mobile phone mast peoples phone

A farmer from Wiltshire has built his own 4G broadband mast after getting frustrated with slow internet access at his home.
 
Richard Guy, from Salisbury, built the mast using two solar panels to power a 4G adaptor.
 
He then linked the homemade technology to his property using fibre-optic cables and now enjoys broadband speeds comparable with some urban areas.

Ofcom launches one-stop mobile coverage checker

peoples phone ofcom logo

People can now check their operator’s mobile phone coverage using a simple, powerful online tool launched by Ofcom today.
 
Ofcom’s Mobile Coverage Checker provides a single-stop for consumers and businesses across the UK to discover the quality of the mobile coverage in areas where they live and work, or somewhere they intend to move.
 
Users can zoom to a specific location on a UK map, or simply enter a place name or postcode, to receive data on coverage for each mobile network – down to 100 square metres. The map uses data provided by EE, O2, Three and Vodafone.
 
Consumers increasingly expect a reliable mobile service. The new map therefore shows where reliable coverage is likely to be available, whatever type of handset is used, using new research by Ofcom into the signal strength needed to provide a good consumer experience.
 
The map also takes account of the increasing shift from handsets with external aerials to smartphones with internal aerials, which can sometimes be less effective at picking a signal.
 
Each area has been ranked with a colour-coded system, with green showing the highest likelihood of mobile coverage and red the lowest. The map shows: Voice and data coverage by mobile operator; coverage inside and outside of buildings; and topographical information allowing users to identify areas where there are natural obstructions to coverage, such as valleys and hills.
 
Helping to improve mobile coverage and quality of service are priority areas for Ofcom. The new map is designed to support consumers in choosing a service that best suits their needs, while promoting competition between mobile operators. Ofcom is inviting users to check their coverage experience and leave feedback, which will help refine and improve the tool, with a new version expected in the autumn.
 
In related work, Ofcom is seeking to improve the process for switching between different mobile providers. Ofcom outlined possible options to achieve this in July, and will take this work forward in the coming weeks.
 
Steve Unger, Ofcom’s Chief Technology Officer, said: “Access to reliable mobile phone coverage used to be a ‘nice to have’. Now it’s essential to many people’s lives. We believe our map is the most comprehensive tool available to consumers and businesses to check mobile coverage. We’re encouraging people to feed back after using the map, so we can continue to improve its accuracy.”

Carphone Warehouse facing potential fine of up to £500,00 for data breach

The Information Commissioners Office (ICO) have confirmed that they are investigating the cyber attack that recently hit Carphone Warehouse for 2.4 million customer records including sensitive data.
 
The Information Commissioners Office (ICO) have confirmed that they are investigating the cyber attack that recently hit Carphone Warehouse for 2.4 million customer records including sensitive data.
 
Wednesday 5th August saw cyber criminals attack the CPW back office and make away with sensitive data including; customers bank details, dates of birth and addresses.
 
The ICO can issue fines of up to £500,000 to companies who breach the strict laws surrounding data protection. Back in 2013 the ICO issued a fine of £250,000 to Sony after the Playstation Network platform was hacked into and private information belonging to millions of customers was stolen.
 
As of now there is no information on whether the Carphone warehouse will incur any fines, although based on the ICO’s track record of fining companies who breach the data protection laws we imagine that there will be some penalty awarded to the mobile retailer.

Firm that promised to block nuisance calls fined for ‘bullying’

peoples phone ico logo information commissioners ofice

A firm that promised to block all nuisance calls has been fined by the Information Commissioner – for making nuisance calls itself.
 
Point One Marketing – trading as Stop the Calls – was said to have operated in a “bullying and aggressive way”. The company, based in Bournemouth, claimed it was an official service to stop nuisance calls.
 
It was fined £50,000 by the Information Commissioner’s Office (ICO), following hundreds of complaints.
 
Some people said they had been shouted at when they asked the company not to call them again. One woman who suffered from dementia was persuaded to hand over her credit card details.
 
“They tried to sell a product that they claimed would stop nuisance calls, knowing full well they were responsible for so many such calls themselves,” said the ICO’s head of enforcement, Stephen Eckersley. “That they operated in what appears to have been such a bullying, aggressive way only makes matters worse.”
 
The official way to stop nuisance calls is through the Telephone Preference Service, which is free to use.