The Mechanisms of Malware

Cybersecurity can be viewed as a perennial battle between privacy and entities who wish to invade and dismantle private channels of communication and encrypted information, regardless of their motivations. While government organisations, particularly in the United States, pose the greatest threat to personal security, the unregulated domain of the independent hacker has been the ground zero of millions of lines of malicious code.

Although independent hackers are often depicted as rogue individuals acting on morally-justifiable grounds, it is important to remember that many capable individuals are simply motivated by the same thing that drives most of our professional lives – money. Most prominently in recent years, ransomware has extorted millions of dollars from individuals and corporations worldwide.

Ransomware refers to software which, once launched on a victim’s computer, encrypts their data and demands payment, usually in bitcoin (BTC), under threat of either deleting the data or releasing sensitive information to the public. While several successful operations have led to the eradication of many notorious strains of ransomware, new software is constantly emerging, devising new methods for encryption and data extortion. Most recently, malware called Mamba forgoes the encryption of individual files, instead encrypting a user’s entire hard drive and demanding one Bitcoin (approx. R14000) to decrypt the infected computer.

While ransomware generally targets large corporations due to the payment potential, the malware can affect anyone. As with most malicious software, ransomware is generally spread via phishing emails, which contain links or attachments which, once opened, install the malicious code onto your device.  Older strains of ransomware may be easily removed through the use of decryption software developed in response to the initial outbreaks of these programs, but newer strains of ransomware, such as Mamba, remain unfeasible to break. In line with that timeless IT mantra – the best way to safeguard against data loss in these situations is to ensure that your important data is regularly backed up via external storage, whether that be cloud-based or on a physical hard-drive.

Perhaps the most insidious form of malware in popular culture, Remote Access Trojan (RAT) software and its uses have even been the subject matter of horror movies and dystopian series Black Mirror in recent years. RAT malware, generally distributed through phishing links, allows an attacker to control an infected computer remotely. Currently, Dark Comet(targeting Windows) and AlienSpy (targeting Apple OS) have infiltrated thousands of computers, allowing attackers to remotely spy on, and record individuals via their webcams. These programs circumvent popular antivirus tools, allowing them to go virtually undetected.

Again, prevention is more effective than treatment in the case of combatting RAT malware. Individuals can avoid infection by maintaining safe online practices – ensuring that your device’s firewalls and antivirus are regularly updated, being wary of unexpected emails and potential phishing links, and, importantly, ensuring that your device’s webcam is physically covered when not in use.

 

 

WikiLeaks: A different brand of whistleblower

In the latest of what has been a decade of monumental disclosures, on 7 March whistleblowing organisation WikiLeaks published documents detailing methods and equipment used by the CIA to breach consumer software. This is achieved using “Zero Day” exploits, which are vulnerabilities in programmes used by the CIA to gain access to millions of mobile devices.

The collection, Vault 7, which includes malware used by the CIA to hack Android and iOS, in addition to Samsung Smart TV’s, is the first leak in a series titled Year Zero. The series will examine the scope of the CIA’s global hacking capabilities and ongoing programs in coming months, exploring the agency’s awkward foray into the realm of cyber warfare and the potentially far-reaching ramifications of this venture. The source of the information wished to “initiate a public debate about the security, creation, use, proliferation, and democratic control of cyberweapons”.

Perhaps most concerning, beyond the CIA’s insidious array of surveillance tools, is the ease with which the cyber weaponry can be accessed – proliferation. According to WikiLeaks, since officers need to be able to access information via the internet, and the servers used to facilitate this are deemed unsafe to hold classified information, most of the code of the CIA’s cyber arsenal has been left unclassified. This means that the code, redacted in WikiLeaks’ releases, is freely available to anybody with the technical ability to access it, whether they are independent hackers or affiliated with governments or other political organisations. Given that the CIA has, until now, chosen to hide its knowledge of Zero Day exploits from monolithic developers including Apple, Microsoft, Google, and Samsung, these exploits could be leveraged by rogue entities to access the data of the millions of individuals using these companies’ platforms. Essentially, hundreds of millions of lines of malicious code have thus potentially been gifted to the cyber warfare community. This oversight evidences even the CIA’s lack of comprehension of the protocols of the digital landscape, a worrying reminder that privacy in cyberspace is more a loose sketch than a carved fortress.

As a news organisation, WikiLeaks has pioneered a new form of independent journalism unbounded by corporate interests or socio-political affiliations. Headed by controversial journalist and programmer Julian Assange, the group encourages the submission of leaks via secure channels such as Tor. WikiLeaks is supported by a wide network of independent volunteers, such as members of the WikiLeaks Research Community.

The Deep, Dark Web: An introduction

In recent years, the Darknet has entered the public consciousness as a kind of vast and unknown universe lurking ominously beneath the clearnet (the regular internet that we all know, perhaps a bit too well, and love, perhaps a bit too much). While it’s become infamous as a space rife with child pornography, and the illicit trade of weapons and drugs, the Darknet is also the platform used by WikiLeaks for the organisation’s data disclosures, as well as by activists across the globe to subvert internet censorship and coordinate revolutionary movements, most notably perhaps, playing an instrumental role in orchestrating 2011’s Arab Spring.

So, what exactly is it, and how has it become such an incredible tool for retaining internet anonymity?

Ironically, The Onion Router (TOR) project was initially developed by Naval researchers for the US Department of Defence (DOD), with the aim of creating a network for military personnel to communicate via civilian internet with complete anonymity. This method – called onion routing – sends packets of information randomly between users (nodes) on the network until it reaches its destination unencrypted. Each time the packet is routed through a node, a layer of encryption is “peeled back”, hence the term onion.

In 2006, the Tor project was launched as a non-profit entity, freely accessible to the general public, the rationale being that more nodes would create a more secure network, making it virtually impossible to trace data as it travels randomly between nodes across the globe.

Since then, the network has grown exponentially, boasting an average of around 100,000 new downloads per day in 2017. And although Tor has become synonymous with enabling illicit and dangerous activities, the software plays a far simpler, and more positive role, in regions subjected to state censorship. In the years prior to the Arab Spring, Tor developer Jacob Appelbaum conducted several Tor training camps in the Middle East, educating civilians on how to use the software to circumvent the oppressive state surveillance of internet activity throughout the region. Subsequently, Tor became an indispensable tool for civilians to coordinate and orchestrate a revolution by providing a gateway to access social media without risk of severe punishment. Currently, in heavily censored states ranging from Iran to China, Tor is being utilised by activists, journalists, and ordinary citizens in order to subvert and actively oppose the stranglehold of authoritarian regimes.

While it must be acknowledged that criminal entities have co-opted corners of the Dark Web for unconscionable purposes, this cannot be seen as grounds for dismantling what is currently one of the best tools available to the public for retaining personal freedom in an era of ever-encroaching mass surveillance.

Tor browser is available for download here.

Welcome to The Safe Room

“No system of mass surveillance has existed in any society that we know of to this point that has not been abused” – Edward Snowden.

The internet: a dark and expansive universe where a large chunk of our lives reside. Where we go to source information, nurture our egos, and relax in the perceived anonymity of the World Wide Web.

We prefer not to acknowledge that we are being watched.

But whether it be the Hydra gaze of infamous organisations like the National Security Agency (NSA), or the careful data collection of Facebook and Google, navigating the Internet with actual anonymity presents a minefield of challenges.

Luckily, where there is control there is resistance. And on the Internet, which has the potential to be the most truly democratized space we have ever known, a plethora of software is freely available to subvert the uncomfortable gaze of insidious observers. From the TOR project (ironically a product of the US military) to Pretty Good Privacy (PGP), I hope to outline simple mechanisms for protecting and affirming what should be an inalienable right – privacy – both through encrypted browsing and encrypted communication. Additionally, we’ll explore and demystify that most terrifying and unknown corner of cyberspace – the Deep, Dark Web; how it works, and what it actually holds.

While these may seem like excessive measures, it is impossible to underestimate the severity of the ongoing attacks to personal freedom being mounted by the highest echelons of the online world. With these tools at our disposal, why not safeguard our fundamental rights… while we still have them?