Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Democrats

Comey Denies Clinton Email 'Reddit' Cover-Up (politico.com) 137

An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.
Government

US Believes Hackers Are Shielded By Russia To Hide Its Role In Cyberintrusions: WSJ (newsmax.com) 90

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.
Cellphones

Verizon Technician Is Accused of Selling Customers' Call Records and Location Data To Private Investigator (ap.org) 46

A former Verizon technician who worked in Alabama is being accused of selling customers' private call records and location data to an unnamed private investigator. Authorities said the data was sold for more than four years, from 2009 to 2014. The Associated Press reports: [Daniel Eugene Traeger] logged into one Verizon computer system to gain access to customers' call records, authorities said. He used another company system known as Real Time Tool to "ping" cellphones on Verizon's network to get locations of the devices, according to the plea agreement. He then compiled the data in spreadsheets, which he sent to the private investigator for years, the court records show. "Between April 2009 and January 2014, the defendant was paid more than $10,000 in exchange for his provision of confidential customer information and cellular location data to the PL, an unauthorized third party," court records state. Though Traeger was based in the Birmingham area, the court records do not indicate whether the information that was sold involved Verizon Wireless customers in Alabama or elsewhere. He faces up to five years in prison, but prosecutors are recommending a lesser sentence since he accepted responsibility, according to terms of the plea agreement.
Piracy

Cloudflare: We Can't Shut Down Pirate Sites (torrentfreak.com) 100

CloudFlare has said it cannot shut down piracy websites. The CloudFlare's response comes two months after adult entertainment outfit ALS Scan filed a complaint at a California federal court two months ago in which the company accused the CDN service of various counts of copyright and trademark infringement. From a TorrentFreak report:"CloudFlare is not the operator of the allegedly infringing sites but is merely one of the many intermediaries across the internet that provide automated CDN services, which result in the websites in question loading a bit faster than they would if they did not utilize CDN services." If Cloudflare terminated the accounts of allegedly infringing websites, the sites themselves would still continue to exist. It would just require a simple DNS reconfiguration to continue their operation. "Indeed, there are no measures of any kind that CloudFlare could take to prevent this alleged infringement, because the termination of CloudFlare's CDN services would have no impact on the existence and ability of these allegedly infringing websites to continue to operate," Cloudflare writes. As such, the company argues that it's not "materially contributing" to any of the alleged copyright infringements.
Crime

Across US, Police Officers Abuse Confidential Databases (ap.org) 171

Sadie Gurman and Eric Tucker, reporting for Associated Press:Police officers across the country misuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons that have nothing to do with daily police work, an Associated Press investigation has found. Criminal-history and driver databases give officers critical information about people they encounter on the job. But the AP's review shows how those systems also can be exploited by officers who, motivated by romantic quarrels, personal conflicts or voyeuristic curiosity, sidestep policies and sometimes the law by snooping. In the most egregious cases, officers have used information to stalk or harass, or have tampered with or sold records they obtained. No single agency tracks how often the abuse happens nationwide, and record-keeping inconsistencies make it impossible to know how many violations occur. But the AP, through records requests to state agencies and big-city police departments, found law enforcement officers and employees who misused databases were fired, suspended or resigned more than 325 times between 2013 and 2015. They received reprimands, counseling or lesser discipline in more than 250 instances, the review found.
Privacy

Apple Logs Your iMessage Contacts - And May Share Them With Police: The Intercept 61

The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
Democrats

FBI Investigating Possible Hack of Democratic Party Staffer Cell Phones (cnn.com) 105

In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.
Communications

Anti-Defamation League Declares Pepe the Frog a Hate Symbol (time.com) 377

An anonymous reader quotes a report from TIME: The Anti-Defamation League (ADL) has declared a popular internet meme depicting a cartoon frog to be a hate symbol. Pepe the Frog's beginnings were unoffensive: he is the creation of comic book creator Matt Furie, who featured the frog as a character in the series Boy's Club beginning in 2005. The character subsequently became a beloved meme, often called the "sad frog meme" and shared with a speech bubble reading "Feels good man" or "Feels bad man." But recently, as the Daily Beast reported in May, the character has been co-opted by a faction of Internet denizens who decided to reclaim it from the mainstream, and began sharing it in anti-Semitic contexts. "Images of the frog, variously portrayed with a Hitler-like mustache, wearing a yarmulke or a Klan hood, have proliferated in recent weeks in hateful messages aimed at Jewish and other users on Twitter," the ADL wrote in a statement. "Once again, racists and haters have taken a popular Internet meme and twisted it for their own purposes of spreading bigotry and harassing users," wrote ADL CEO Jonathan A. Greenblatt.
The Almighty Buck

Revealed: How One Amazon Kindle Scam Made Millions of Dollars (zdnet.com) 40

An anonymous Slashdot reader shares an excerpt with us from a report via ZDNet that summarizes a catfishing scheme designed to deceive Amazon users into buy low-quality ebooks: Emma Moore is just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinks Amazon customers into buying low-quality ebooks, which have been boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers. Catfishing isn't new -- it's been well documented. Some scammers buy fake reviews, while others will try other ways to game the system. Until now, nobody has been able to look inside at how one of these scams work -- especially one that's been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance. Shershnyov was able to stay in Amazon's shadows for two years by using his scam server conservatively so as to not raise any red flags. What eventually gave him away weren't customer complaints or even getting caught. It was good old-fashioned carelessness. He forgot to put a password on his server.
Government

FCC Official Asks Agency To Investigate Ban On Journalists' Wi-Fi Personal Hotspots At Debate (arstechnica.com) 164

Yesterday, it was reported that journalists attending the presidential debate at Hofstra University were banned from using personal hotspots and were told they had to pay $200 to access the event's Wi-Fi. The journalists were reportedly offered the option to either turn off their personal hotspots or leave the debate. Cyrus Farivar via Ars Technica is now reporting that "one of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban." Ars Technica reports: Earlier, Commissioner Jessica Rosenworcel tweeted, saying that something was "not right" with what Hofstra did. She cited an August 2015 order from the FCC, forcing a company called SmartCity to no longer engage in Wi-Fi blocking and to pay $750,000. Ars has since updated their report with a statement from Karla Schuster, a spokeswoman for Hofstra University: The Commission on Presidential Debates sets the criteria for services and requires that a completely separate network from the University's network be built to support the media and journalists. This is necessary due to the volume of Wi-Fi activity and the need to avoid interference. The Rate Card fee of $200 for Wi-Fi access is to help defray the costs and the charge for the service does not cover the cost of the buildout. For Wi-Fi to perform optimally the system must be tuned with each access point and antenna. When other Wi-Fi access points are placed within the environment the result is poorer service for all. To avoid unauthorized access points that could interfere, anyone who has a device that emits RF frequency must register the device. Whenever a RF-emitting device was located, the technician notified the individual to visit the RF desk located in the Hall. The CPD RF engineer would determine if the device could broadcast without interference.
Electronic Frontier Foundation

EFF Calls On HP To Disable Printer Ink Self-Destruct Sequence (arstechnica.com) 247

HP should apologize to customers and restore the ability of printers to use third-party ink cartridges, the Electronic Frontier Foundation (EFF) said in a letter to the company's CEO yesterday. From an ArsTechnica report:HP has been sabotaging OfficeJet Pro printers with firmware that prevents use of non-HP ink cartridges and even HP cartridges that have been refilled, forcing customers to buy more expensive ink directly from HP. The self-destruct mechanism informs customers that their ink cartridges are "damaged" and must be replaced. "The software update that prevented the use of third-party ink was reportedly distributed in March, but this anti-feature itself wasn't activated until September," EFF Special Advisor Cory Doctorow wrote in a letter to HP Inc. CEO Dion Weisler. "That means that HP knew, for at least six months, that some of its customers were buying your products because they believed they were compatible with any manufacturer's ink, while you had already planted a countdown timer in their property that would take this feature away. Your customers will have replaced their existing printers, or made purchasing recommendations to friends who trusted them on this basis. They are now left with a less useful printer -- and possibly a stockpile of useless third-party ink cartridges."
Privacy

Facebook Told To Stop Taking Data From German WhatsApp Users (bloomberg.com) 38

An anonymous reader shares a Bloomberg report: Facebook, already under scrutiny in the U.S. and the European Union for revisions to privacy policies for its WhatsApp messaging service, was ordered by Hamburg's privacy watchdog to stop processing data of German users of the chat service. In a renewed clash with the social-network operator, Johannes Caspar, one of Germany's most outspoken data protection commissioners, ordered Facebook to delete any data it already has. The news comes as EU privacy regulators, who previously expressed concerns about the policy shift, meet in Brussels to discuss their position. There's no legal basis for Facebook to use information of WhatsApp customers, Caspar said Tuesday. "This order protects the data of about 35 million WhatsApp users in Germany," Caspar said. "It has to be their decision as to whether they want to connect their account with Facebook. Therefore, Facebook has to ask for their permission in advance. This has not happened."
Piracy

YouTube-MP3 Ripping Site Sued By IFPI, RIAA and BPI (torrentfreak.com) 303

An anonymous reader quotes a report from TorrentFreak: Two weeks ago, the International Federation of the Phonographic Industry published research which claimed that half of 16 to 24-year-olds use stream-ripping tools to copy music from sites like YouTube. The industry group said that the problem of stream-ripping has become so serious that in volume terms it had overtaken downloading from 'pirate' sites. Given today's breaking news, the timing of the report was no coincidence. Earlier today in a California District Court, a huge coalition of recording labels sued the world's largest YouTube ripping site. UMG Recordings, Capitol Records, Warner Bros, Sony Music, Arista Records, Atlantic Records and several others claim that YouTube-MP3 (YTMP3), owner Philip Matesanz, and Does 1-10 have infringed their rights. The labels allege that YouTube-MP3 is one of the most popular sites in the entire world and as a result its owner, German-based company PMD Technologies UG, is profiting handsomely from their intellectual property. YouTube-MP3 is being sued for direct, contributory, vicarious and inducement of copyright infringement, plus circumvention of technological measures. Among other things, the labels are also demanding a preliminary and permanent injunction forbidding the Defendants from further infringing their rights. They also want YouTube-MP3's domain name to be surrendered. "YTMP3 rapidly and seamlessly removes the audio tracks contained in videos streamed from YouTube that YTMP3's users access, converts those audio tracks to an MP3 format, copies and stores them on YTMP3's servers, and then distributes copies of the MP3 audio files from its servers to its users in the United States, enabling its users to download those MP3 files to their computers, tablets, or smartphones," the complaint reads. "Defendants are depriving Plaintiffs and their recording artists of the fruits of their labor, Defendants are profiting from the operation of the YTMP3 website. Through the promise of illicit delivery of free music, Defendants have attracted millions of users to the YTMP3 website, which in turn generates advertising revenues for Defendants," the labels add.
The Courts

US Department of Labor Is Suing Peter Thiel's Startup 'Palantir' For Discriminating Against Asians (reuters.com) 455

Palantir Technologies is a secretive start-up in Silicon Valley that specializes in big data analysis. It was founded in 2004 by Peter Thiel, Alex Karp, Joe Lonsdale, Stephen Cohen, and Nathan Gettings, and is backed by the FBI and CIA as it "helps government agencies track down terrorists and uncover financial fraud," according to Reuters. Today, the U.S. Department of Labor filed a lawsuit against the company, alleging that it discriminated against Asian job applicants. Reuters reports: The lawsuit alleges Palantir routinely eliminated Asian applicants in the resume screening and telephone interview phases, even when they were as qualified as white applicants. In one example cited by the Labor Department, Palantir reviewed a pool of more than 130 qualified applicants for the role of engineering intern. About 73 percent of those who applied were Asian. The lawsuit, which covers Palantir's conduct between January 2010 and the present, said the company hired 17 non-Asian applicants and four Asians. "The likelihood that this result occurred according to chance is approximately one in a billion," said the lawsuit, which was filed with the department's Office of Administrative Law Judges. The majority of Palantir's hires as engineering interns, as well as two other engineering positions, "came from an employee referral system that disproportionately excluded Asians," the lawsuit said. Palantir denied the allegations in a statement and said it intends to "vigorously defend" against them. The lawsuit seeks relief for persons affected, including lost wages.
Security

Windows 10 Will Soon Run Edge In a Virtual Machine To Keep You Safe (arstechnica.com) 161

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.
Government

ISP To FCC: Using The Internet Is Like Eating Oreos (consumerist.com) 227

New submitter Rick Schumann shares with us a report highlighting an analogy presented by an ISP that relates Double Stuf Oreos to the internet. Specifically, that Double Stuf Oreos cost more than regular Oreos, and therefore you should pay more for internet: The Consumerist reports: "Ars Technica first spotted the crumbly filing, from small (and much-loathed) provider Mediacom. Mediacom's comment is in response to the same proceeding that Netflix commented on earlier this month. However, while Netflix actually addressed data and the ways in which their customers use it, Mediacom went for the more metaphor-driven approach. The letter literally starts out under the header, 'You Have to Pay Extra For Double-Stuffed,' and posits that you, the consumer, are out for a walk with $2 in your pocket when you suddenly develop a ferocious craving for Oreo cookies." Of course their analogy is highly questionable, since transmitting data over a network doesn't actually consume anything, now does it? You eat the cookie, the cookie is gone, but you transmit data over a network, the network is still there and can transmit data endlessly. Mediacom's assertion that the Internet is like a cookie you eat, is like saying copying a file on your computer somehow diminishes or degrades the original file, which of course is ridiculous.
Bitcoin

Japanese To Pay Utility Bills Using Bitcoin (thestack.com) 36

An anonymous reader quotes a report from The Stack: Japanese citizens will soon be able to pay their utility bills using bitcoin. The facility is being provided by Coincheck Denki, a new service offered by the Japanese bitcoin company, which will be available to users in November. Coincheck outlined the new plan on its website. Also called 'Coincheck Electricity,' it will allow users to pay their electricity bills directly from their Coincheck bitcoin wallet. It also offers a discount plan for heavy users of electricity, with 4-6% of the total bill discounted for heavy users of electricity who pay in bitcoin. Coincheck's parent company, Reju Press, initially partnered with Mitsuwa Inc., to create the bitcoin payment system. Coincheck now works with Mitsuwa subsidiary E-Net Inc., and has formed a partnership with Marubeni Power Retail Corporation, which operates power plants in 17 locations in central Japan. Marubeni has offices in 66 countries worldwide, although no plans have been announced to take the bitcoin payment option outside of Japan. While the initial bitcoin payment rollout is for electricity bills, Coincheck plans to expand its offerings to bitcoin payment for 'life infrastructure,' to include payment of gas, water and mobile phone bills. It may even partner with landlords to allow customers of Coincheck to pay rent using bitcoin. The bitcoin payment plan will be rolled out in Chubu, Kanto (including Tokyo) and Kansai regions to start, with additional areas to be added sequentially. The company hopes to offer bitcoin payment options to one million electric customers within the first year.
Privacy

California Enacts Law Requiring IMDb To Remove Actor Ages On Request (hollywoodreporter.com) 314

California Gov. Jerry Brown on Saturday signed legislation that requires certain entertainment sites, such as IMDb, to remove -- or not post in the first place -- an actor's age or birthday upon request, reports Hollywood Reporter. From the report: The law, which becomes effective Jan. 1, 2017, applies to entertainment database sites that allow paid subscribers to post resumes, headshots or other information for prospective employers. Only a paying subscriber can make a removal or nonpublication request. Although the legislation may be most critical for actors, it applies to all entertainment job categories. "Even though it is against both federal and state law, age discrimination persists in the entertainment industry," Majority Leader Ian Calderon, D-Whittier, said in a statement. "AB 1687 provides the necessary tools to remove age information from online profiles on employment referral websites to help prevent this type of discrimination."Bloomberg columnist, Shira Ovide said, "Congratulations, IMDB. You have now become the subject of California law." Slate writer Will Oremus added, "Sometimes I start to think California is not such a bad place and then they go and do something like this."
Microsoft

Microsoft Patents A User-Monitoring AI That Improves Search Results (hothardware.com) 68

Slashdot reader MojoKid quotes a HotHardware article about Microsoft's new patent filing for an OS "mediation component": This is Microsoft's all-seeing-eye that monitors all textual input within apps to intelligently decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the Mediator and processed. So when the user goes to, for example, the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query.

The search engine (e.g., Bing and Cortana) uses contextual rankers to adjust the ranking of the default suggested queries to produce more relevant [results]. The operating system...tracks all textual data displayed to the user by any application, and then performs clustering to determine the user intent (contextually).

The article argues this feels "creepy and big brother-esque," and while Microsoft talks of defining a "task continuum," suggests the patent's process "would in essence keep track of everything you type and interact with in the OS and stockpile it in real-time to data-dump into Bing."
Censorship

Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com) 146

"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.

One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."

Slashdot Top Deals