Stock Exchange Software Glitch Costs U.S. Trading Firm Knight Capital $440 Million In Just A Few Minutes, Shares Plunge 70 Percent

Stock exchange glitch cost U.S. trading firm $440m in just a few minutes and could lead to its bankruptcy (Daily Mail, Updated Aug 3, 2012):

The largest U.S. trader of equities on Wall Street, Knight Capital Group Inc was fighting for its survival on Thursday after a trading glitch wiped out $440 million of the firm’s capital, leaving it on the edge of bankruptcy.

The massive capital loss has forced the $1.5 billion firm to seek new funding as its shares plunged 70 percent in two days.

Read moreStock Exchange Software Glitch Costs U.S. Trading Firm Knight Capital $440 Million In Just A Few Minutes, Shares Plunge 70 Percent

Windows 8: ‘Millions Of Desktop And Laptop PCs Will Get Kill Switches For The First Time

The Kill Switch Comes to the PC (Bloomberg/Businessweek, Feb. 16, 2012):

Janne Kytömäki, a Finnish software developer, was cruising Google’s (GOOG) Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online.

Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. “It was sort of unreal, watching something like that unfold,” says Kytömäki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple (AAPL), and Amazon (AMZN) all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.

With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft (MSFT) hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons. The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion “is a last resort, and it’s uncommon,” says Todd Biggs, director of product management for Windows Phone Marketplace.

Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.

Read moreWindows 8: ‘Millions Of Desktop And Laptop PCs Will Get Kill Switches For The First Time

New Email Viruses Take Over Computers (Without Opening Any Attachments Or Links)

Threat from new virus-infected emails which take over your PC even if you DON’T open their attachments (Daily Mail, Feb. 2, 2012):

A new class of cyber attack is threatening PCs – emails which infect PCs without the user having to open an attachment.

The user will not even be warned this is happening – the only message that appears is ‘loading’.

The email automatically downloads malicious software into your computer from elsewhere the moment a user clicks to open it.

The mails themselves are not infected – and thus will not ‘set off’ many web-security defence packages.

Security experts say that the development is ‘particularly dangerous’.

Read moreNew Email Viruses Take Over Computers (Without Opening Any Attachments Or Links)

Apple iTunes FLAW Allowed Government Spying For 3 Years

Apple iTunes flaw ‘allowed government spying for 3 years’ (Telegraph, Nov. 24, 2011):

An unpatched security flaw in Apple’s iTunes software allowed intelligence agencies and police to hack into users’ computers for more than three years, it’s claimed.

A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes, Apple’s media player, which is installed on more than 250 million machines worldwide.

The hacking software, FinFisher, is used to spy on intelligence targets’ computers. It is known to be used by British agencies and earlier this year records were discovered in abandoned offices of that showed it had been offered to Egypt’s feared secret police.

Apple was informed about the relevant flaw in iTunes in 2008, according to Brian Krebs, a security writer, but did not patch the software until earlier this month, a delay of more than three years.

“A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw,” he said in a blog post.

Read moreApple iTunes FLAW Allowed Government Spying For 3 Years

FBI Uses Surveillance Software To Track Suspects Online

Documents recently obtained through a Freedom of Information Act (FOIA) request reveal detailed information about the FBI’s electronic surveillance capabilities. The Electronic Frontier Foundation (EFF) filed the FOIA request in 2007 after it was reported that the agency was using “secret spyware.”

The documents show that software called the Computer and Internet Protocol Address Verifier (CIPAV) was used by the FBI since at least 2001. The software allows the FBI to collect a variety of information from a computer every time it connects to the Internet, including the IP address, Media Access Control (MAC) address, open communication ports, list of the programs running, URLs visited, and more.

It is unclear how the FBI installs the software on a computer, but it is suspected that the spyware exploits a vulnerability in the user’s browser, like other common Internet viruses.

Read moreFBI Uses Surveillance Software To Track Suspects Online

Stuxnet ‘Cyber Superweapon’ Wreaks Havoc in China, Infects Millions of Computers

See also:

Anti-Iran computer bug had powerful backers

Has the West declared cyber war on Iran?


An antivirus expert said the virus has infected over 6 million computer accounts

an-antivirus-expert-said-the-stuxnet-virus-has-infected-over-6-million-computer-accounts
The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media have reported.

A computer virus dubbed the world’s “first cyber superweapon” by experts and which may have been designed to attack Iran’s nuclear facilities has found a new target — China.

The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week.

Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.

It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.

The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.

“This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.

“Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added.

Another unnamed expert at Rising International said the attacks had so far infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.

Read moreStuxnet ‘Cyber Superweapon’ Wreaks Havoc in China, Infects Millions of Computers

Has the West declared cyber war on Iran?

Experts say the computer virus found in a nuclear plant is the work of a foreign power

president-mahmoud-ahmadinejad-visits-one-of-irans-nuclear-plants
President Mahmoud Ahmadinejad visits one of Iran’s nuclear plants, which have come under attack from the virus

Computers can go wrong, and everyone is used to it. But that’s at home. We assume that the machines controlling the infrastructure that makes everything tick – power stations, chemical works, water purification plants – have rock-solid defences in place to deal with unexplained crashes or virus attacks by malicious strangers.

Now, though, a new kind of online sabotage has reached its zenith with a self-replicating “worm” that started on a single USB drive and has spread rapidly through industrial computer systems around the world.

So sophisticated that many analysts believe it can only be part of a state-sponsored attack, the Stuxnet worm – or “malware” – is the first such programming creation designed with the specific intention of causing real world damage. And if the experts are right, it could herald a new chapter in the history of cyber warfare.

Read moreHas the West declared cyber war on Iran?

Anti-Iran computer bug had powerful backers

Stuxnet computer code designed to infect industrial plants created by well-funded hackers, says Symantec Corp expert

anti-iran-computer-bug-had-powerful-backers
Graph shows concentration of Stuxnet-infected computers in Iran as of August. Photograph: Symantec

A powerful computer code attacking industrial facilities around the world, but mainly in Iran, was probably created by experts working for a country or a well-funded private group, according to an analysis by a leading computer security company.

The malicious code, called Stuxnet, was designed to go after several “high-value targets”, said Liam O Murchu, manager of security response operations at Symantec Corp. But both O Murchu and US government experts say there is no proof it was developed to target nuclear plants in Iran, despite recent speculation from some researchers.

Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers. Government experts and outside analysts say they haven’t been able to determine who developed it or why.

The malware has infected as many as 45,000 computer systems around the world. Siemens AG, the company that designed the system targeted by the worm, said it has infected 15 of the industrial control plants it was apparently intended to infiltrate. It is not clear what sites were infected, but they could include water filtration, oil delivery, electrical and nuclear plants.

None of those infections has adversely affected the industrial systems, according to Siemens.

Read moreAnti-Iran computer bug had powerful backers

CIA Used Illegal, Inaccurate Software ‘Hack’ To Direct Secret Assassination Drones In Afganistan and Pakistan

Still wonder why civilian deaths spike in Afghanistan and Pakistan?


‘They want to kill people with software that doesn’t work’

predator-b-drone
The Predator B

The CIA is implicated in a court case in which it’s claimed it used an illegal, inaccurate software “hack” to direct secret assassination drones in central Asia.

The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA’s clandestine war against senior jihadis in Afganistan and Pakistan.

The dispute surrounds a location analysis software package – “Geospatial” – developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.

When the software firm then refused to rush the job, it’s claimed, Netezza illegally and hastily reverse-engineered IISi’s code to deliver a version that produced locations inaccurate by up to 13 metres. Despite knowing about the miscalculations, the CIA accepted the software, court submissions indicate.

IISi is now seeking an injunction to ban Netezza and the CIA from using the software or any derivative of it, in any context.

Read moreCIA Used Illegal, Inaccurate Software ‘Hack’ To Direct Secret Assassination Drones In Afganistan and Pakistan

US Police To Use Minority Report Style Computer Software To Predict Who Will Commit Crimes Before They Happen

What could possibly go wrong?


The real Minority Report: U.S. police trial computer software that predicts who is most likely to commit a crime

minority-report
Tom Cruise in Minority Report in which police were able to predict who was about to commit a crime

Police in America are to use Minority Report style computer programmes to predict who will commit crimes before they happen.

The software collates a range of variables then uses an algorithm to work out who is at the highest chance of offending.

In some cases it may even be able to predict where, when and how the crime will be committed.

Should trials prove a success the software could be used to help set bail amounts and suggest sentencing recommendations too.

It will be used by law enforcement agencies in Washington DC but could be rolled out nationwide if a success.

Its implementation is likely to spark an outcry from privacy campaigners and civil rights groups, not least because of the strong resemblance to the 2002 sci-fi thriller ‘Minority Report’.

Read moreUS Police To Use Minority Report Style Computer Software To Predict Who Will Commit Crimes Before They Happen