Privacy News Roundup 28 November 2016

The Investigatory Powers Bill: what it means for UK citizens

Since the Investigatory Powers Bill was passed into law last week, after being officially granted by the Queen, Internet service providers (ISPs) are now required to keep a full record of every site visited by their customers.

The bill obliges ISPs to keep a full list of Internet connection records (ICRs) for one year whereby every website visited visit is recorded. The record can be requested by a wide range of government agencies and organizations at any point.

The list of agencies includes the Metropolitan Police, other local, national and military police, intelligence agencies such as GCHQ, the Ministry of Defence, Revenues and Customs, the National Health Service and many others. Only high ranking officials in each organization can request access to the records.

theresa_may_snoopers_charter
The Queen has officially passed the Investigatory Powers Bill, which extends the surveillance powers of the UK Government and its various agencies and organization. Source: Flickr.

400% increase in encryption since Trump’s election win

Open Whisper Systems, the software company previously endorsed by whistleblower Edward Snowden, has reported a 400% increase in use of its encrypted messenger app Signal since since Donald Trump’s win in the US presidential election. Its co-founder Moxie Marlinspike said the following:

Donald Trump is about to be in control of the least accountable surveillance apparatus in the history of the world. That’s something that’s been expanding under Obama, and I think people were comfortable with that in the sense that they trusted his personal judgement. I think people are less comfortable with how Donald Trump is going to use that.

Ransomware targets San Francisco transport system giving free rides to passengers

Last weekend, San Francisco’s transport service, locally known as “Muni”, has been targeted by the malware software Ransomware, which caused affected ticket machines to dispense free rides for passengers.

Over 2000 systems at the public transport agency are believed to have been affected, including Windows workstations, servers and ticketing machines. Affected systems indicated on the boot-up screen with a modified Master Boot Record (MBR) display showing the following:

You Hacked, ALL Data Encrypted. Contact For Key([email protected])ID:681 ,Enter.

During the attack, which happened on Friday afternoon, Muni’s bus and rail services continued to run and passengers were able to travel for free. The Ransomware, which is a variant of HDDCyptor, uses freeware and open source tools to encrypt hard drives and network-shared files, as well as overwriting the MBR on infected computers. Affected systems had returned to normal by Sunday.

At this stage it’s probable that San Francisco’s Transport Agency (SFMTA) was not specifically targeted. Instead it seems that it was an unfortunate chance victim of the Ransomware, which may have infected the systems via an authorized email attachment, a booby-trapped website or via downloading a malware-infected file.

When contacted, the alleged attacker claimed that an SFMTA employee downloaded an infected torrent file. Journalist Steve Ragan of CSO Online received the following demand from the attacker:

if You are Responsible in MUNI-RAILWAY !
All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit!
We have 2000 Decryption Key !
Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!!
We Only Accept Bitcoin , it’s So easy!
you can use Brokers to exchange your money to BTC ASAP
it’s Fast way!

At the current exchange rate, 100 Bitcoins is roughly equivalent to over $70,000. There hasn’t been any indication yet that SFMTA has paid the ransom. It is hoped that the transport agency has an effective contingency plan to recover any lost data. Because of the high profile nature of this case, it’s likely that law enforcement agencies will eagerly pursue the attackers.

muni
San Francisco’s transport system, Muni, had been hacked by Ransomware, leading to free travel for two days. Source: sfmta.com.

Leave a Comment