Category Archives: Shitware

Europol Arrests Unnamed Man For Politely Persuading Eurobanks To Part With Cash

Posted on by

On Monday, March 26, armed thugs representing themselves as "Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies" arrested a yet-unnamed "mastermind" — who stands accused of causing "cumulative losses of over EUR 1 billion for the financial industry". And apparently this is not difficult:

"In all these attacks, a similar modus operandi was used. The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies. Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money."

I.e. chair warmers were asked politely to install "Back Orifice" — and they (whether out of stupidity, or in exchange for a cut of the take — we are not told) obliged. As for MS-Windows, installed on bank infrastructure and in ATM boxes all over Europe: it, in turn, worked precisely as it was designed to work.

As of the time of this writing, the number of "bank employees" arrested in connection with their indispensable work in making this heist possible — stands at: zero. Likewise, the number of Microsoft executives held to answer for the very existence of "infectious attachments" as a concept — stands also at zero.1

The "mastermind" and his merry men also stand accused of Bernankeization without a license:

"Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money."

Magicking money into existence from thin air is, we learn, A-OK when carried out from a well-pedigreed bag of lard parked in an Aeron in New York — but not so much when it is done by non-bluebloods and on the wrong side of the Atlantic.

The accused, presently nameless — and held incommunicado — also stand to be punished for the unforgivable USG.crime of having "laundered via cryptocurrencies".

  1. On the other hand, the EU bureaucracy informs us that the "perpetrator" of this "crime" supposedly was "vacationing in Spain" — rather suspiciously similar to the previous three major USG.kidnapping-under-the-colour-of-law victims; evidently crafting a replacement cover story for USG thugs' free hand in lifting people straight from the streets of Bucharest & elsewhere, would overrun the budget?  

Nine Citizens of Iran Given the Honour of Inclusion in USG.FBI's 'Wanted List'

Posted on by

On Friday, March 23, USG once more indulged its recently-acquired taste for indicting in absentia loyal soldiers of a sovereign nation — this time, nine signals-intelligence professionals residing in, and lawful citizens of, Iran. For carrying out their duties in service to their sovereign, USG saw it fit to charge (archived OCR) them in USG kangaroo court with the USG.crime of "Conspiracy to Commit Computer Intrusions".

For the role of "victims" of this "crime", USG chief prosecutor Rosenstein cast:

"… 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund",

from whom the "criminals" have "stolen" "…more than 31 terabytes of academic data and intellectual property".

Interestingly, the most unforgivable USG.crime committed by the accused appears to have been a successful attempt to… re-create, in-house, "SciHub":

"The members of the conspiracy used stolen account credentials to obtain unauthorized access to victim professor accounts, which they used to steal research, and other academic data and documents, including, among other things, academic journals, theses, dissertations, and electronic books. The defendants targeted data across all fields of research and academic disciplines, including science and technology, engineering, social sciences, medical, and other professional fields. The defendants stole at least approximately 31.5 terabytes of academic data and intellectual property, which they exfiltrated to servers outside the United States that were under the control of members of the conspiracy… …Megapaper sold stolen academic resources to customers within Iran, including Iran-based public universities and institutions, and Gigapaper sold a service to customers within Iran whereby purchasing customers could use compromised university professor accounts to directly access the online library systems of particular U.S.-based and foreign universities."

I.e. roughly the same act of "terrorism" for which Aaron Swartz was hanged in New York in 2013.

It is worth noting that, while USG at one time, not so long ago, had "long hands" in Iran, these hands have recently acquired a tendency to get abruptly shortenedIranian-style. Therefore it remains unclear how, if at all, USG intends to bring the nine "criminals" to "justice". And one may safely suppose that the only people likely to hang in connection to this "conspiracy"… are the remaining USG moles in Iran, who supplied Rosenstein and his assistant Freislers with their "evidence".

"31337 w4r3z" in our time.

USG Whispers Pleas Of "War On Terror" And "Special Operations Command" In MikroTik Router Shitware Case

Posted on by

In the absence of firm admissions of guilt, known USG influence outlets including Conde Nast publications are pleaing that the malware pushed into phuctorable MikroTik routers was part of a US Special Operations Command anti-Terrorism effort (archived, archived). Presumably this is part of the terrorist Pantsuit USG campaign to creating dialogue points for shifting the overton window on shitware.

Ledger "Hardware Wallet" Backdoored By Child Who Releases Proof Of Concept Attack

Posted on by

Saleem Rashid has published a vulnerability report on the "Ledger Nano S" hardware wallet (archived). The nature of the vulnerability thorougly counters marketing and damage control PR offered by the firm and it's CEO Eric Larchevêque. This incident once again demonstrates that magic totems are no substitute for hygiene.

USG Attacks Softest "Crypto" Target Possible

Posted on by

Today the USG under the name of President Trump announced sanctions against an ICO offering advanced by the Maduro government in Venezuela. Expect substantial wank and declarations of "effectiveness" in the USG's combat against "trade" in this plainly toxic asset no one but the criminal ICO issuers wanted in the first place. Full text below: Continue reading

Five Days After Erection "100 Year" Pedestrian Bridge Collapses In Florida

Posted on by

This week a pedestrian bridge with an advertised "100 Year Lifespan" collapsed on its fifth day post erection. Architectural features of the bridge included concrete trusses and a concrete roof for aesthetic effect. The bridge collapsed onto an active roadway. Six cadavers have been recovered from the rubble so far (archived).

NSA's Payload for the 'Phuctorable' MikroTik Routers Found

Posted on by

Kaspersky Inc has published an analysis (archived) of a MS Windows rootkit, therein nicknamed "Slingshot".

The item exhibits the traditional smell of USG-authored shitware, e.g. validly-signed Windows drivers for the persistence layer. However the more interesting aspect is that it is spread via infected routers, of a type which, astonishingly even for consumer shitware, forces the execution of a x86 Windows binary for initial configuration.

An infected router dutifully augments this configurator with a rootkit installer; the rootkit, in turn, contains the typical keylogger and saved-password-collector, network topology probe, etc. components.

The more interesting and "unmentioned/unmentionable" aspect is however the identity of the router's manufacturer:

MikroTik. That very same Latvian USG shill company that's been deploying routers with nonfunctional RNGs and trivially-Phuctorable SSH keys for its entire existence. And dutifully spreads obfuscatory squid ink whenever the danger of public exposure seems acute.

Memcached DDoS Attacks Lead To Record Breaking Levels Of Wank

Posted on by

A recent wave of amplified DDoS attacks utilizing wrongly configured memcached servers has lead to unprecedented levels of wank among the self described "seekootity community" in recent days. The attacks work by sending spoofed UDP packets to the maliciously unsecured servers triggering the servers to respond by spewing data at the target destination.

The wank comes from an obvious solution which neuters the offending nuissance memcached installations. The memcached servers capable of being recruited into DDoS attacks are also vulnerable to being issued a "flush-all" command which will cause the server to register everything in its cache as expired. This denies an ongoing denial of service attack cached items to dump on a target (archived).

The wankers are naturally compelled to wank about the supposed ethics and inconveniences this obvious solution imposes on the dangerous idiots operating nuissance machines.

Public Bailout Of Bezos Bungle Continues In Indiana

Posted on by

Regional accreditors have given approval to a plan which would allow Indiana's Purdue University, a public institution, to bail out Jeff Bezos' expensive education bungle "Kaplan University" in a deal which delivers the Bezos venture relief from the costs of operating the school. The Bezos venture will still be involved after selling the money sink to Purdue for a nominal sum. Kaplan is positioned to receive an unknown amount of ongoing income for delivering "marketing" and ancilliary "services" to Purdue.

SSL Certificate Reseller Leaks Private Keys

Posted on by

The CEO of SSL certificate reseller Trustico emailed the private keys for more than 23,000 keypairs to an employee of their "root authority" as part of a request to have the certificates mass revoked (archived). The identity of the mysterious "CEO" of Trustico has eluded reports though a fellow identifying himself at this time as "product manager Zane Lucas" (WOT:nonperson) has apparently been responsding to press inquiries. At other times in press releases related to Trustico have mentioned a "Zane Lucas, director" (archived). How Trustico acquired customer private keys appears to be related to their now unreachable website having offered an online "private key generator" which it directed customers too.