News Roundup 24 April 2017

Russia proposes ban on VPNs, proxies and anonymisers

Russia’s government is targeting VPNs, proxies and anonymiser sites that specifically unblock restricted websites in the country.

The introduction of new legislation will require these services to start blocking blacklisted domains, as well as targeting search engines that include blocked sites in search results. If they refuse to comply, these anonymisers could likewise end up in the blacklist.

The Russian government is well-known for blocking domains and keeping a close eye on proxies, particularly on the grounds of copyright infringement. The government’s telecommunications agency Roskomnadzor has maintained an internet blacklist for several years and blocked access to well-known sites including RuTracker and even Reddit, albeit temporarily.

In response, Russian citizens have long been using VPNs, proxies, mirror sites and browser services like Tor to circumvent blocked sites and services.

According to Russian news outlet Vedomosti, the government is planning a new bill, which has been confirmed by a federal official, that targets services capable of unblocking restricted websites. If the bill is passed, it will require VPNs and anonymisers to avoid unblocking sites on the net watchdog’s blacklist. It will also require search engines to delete links to blocked sites in their results. Failure to comply with the bill may result in a fine of 700 thousand rubles, around $12,400.

The bill was introduced by the Russian Security Council and is overseen by Roskomnadzor. A team of lawyers from the Media Communications Union (MCU) have been working out the finer details of the bill before it is debated by MPs. At present, the MCU is intent on blocking users from access to pirate sites using web-based CGI proxies.

Net freedom and human rights watchdog Roskomvoboda has reported 100 or so resources that circumvent the ban. Last month, the Russian State Durma passed legislation to block mirror services and obliging search engines to delete links from its results.

At present the legislation is still in the draft stage.

Thousands of Windows computers may be infected with NSA backdoor virus

At least 10,000 Windows computers could be infected by a virus that would provide the National Security Agency (NSA) of the United States direct access to user data.

The NSA implant, codenamed “DoublePulsar”, was listed by the secretive hacker group known as Shadow Brokers after 107,000 Windows computers were identified in one Internet scan by the Switzerland-based security organization Binary Edge. Other scans have suggested between 30,000 and 60,000, even as many as 100,000 infected computers.

In an attempt to evade detection, DoublePulsar does not write any files to the host system, which means rebooted systems wipe the virus, and which could explain why there is such a wide range of estimates on infected systems.

According to some experts, the estimation of 30,000 is too high, considering NSA’s reputation for stealth and immediate retraction if threatened by detection. Others have suggested that the detection script is generating false positives, or perhaps that hackers have downloaded the DoublePulsar released by Shadow Brokers to target unpatched Windows systems.

In response to the news, a spokesperson from Microsoft said: “We doubt the accuracy of the reports and are investigating.” Yet, it’s still probable that there are hundreds of thousands of infected systems, which may be susceptible to other attacks once infected.

Leave a Comment