Internet News (January 2018)

Bitcoin Still On The Rise, Hackers See Opportunity

Breaking record after record, Bitcoin gained a huge 20% spike in price recently, bringing it up to around the $14,800 USD mark. Could there be a more obvious target then for hackers to focus their gaze upon?

The crypto-mining marketplace company NiceHash has recently been hacked, resulting in nearly 5000 Bitcoin being stolen, with an estimated value of some $57 million at the time, which, just 24 hours later had risen to over $70 million.

NiceHash, a cloud-based crypto-mining marketplace, was founded in 2014 as a means for people to connect from all over the world to farm out their computing power or rent said power for themselves, in order to generate new Bitcoin.

Following the attack, numerous NiceHash users had reported their Bitcoin wallets were empty, with an official response of confirmation coming later after the site had gone down with a bog standard “undergoing maintenance” excuse.

Following the attack, NiceHash ceased all operations while they figured out exactly how much was stolen, along with how it was taken in the first place. The site was down for maintenance for quite some time after the attack, due to the complex task of identifying exactly how the attack happened and coding a solution to patch the security flaw. While no official number for the theft was given, users circulated a wallet address that suggested a sum in the region of 4,736 BTC was the total drained out of NiceHash’s wallet.

While commencing this investigation, NiceHash also stated that they had reported the theft to the “relevant authorities and law enforcement”, and have been “cooperating with them as a matter of urgency.” The company then also issued a public statement aimed more directly at its users, stating, “We understand that you will have a lot of questions, and we ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service. We will endeavour to update you at regular intervals.”

It took quite some time for the site to get back on its feet, with NiceHash confirming its first payout since the attack over 2 weeks later on the 22nd of December tweeting proudly about it (see tweet here).

This also introduced more stringent rules regarding when payouts could happen and at which minimum thresholds, many users being quite the opposite of happy about the whole situation, replying with comments about these new thresholds such as “.1 BTC is ridiculous”, while others even decided that enough is enough. “Let me get this straight. You lose $60 million because (you) already held onto our BTC longer than you should have and now you want to hold it even longer? Nah, I’m out.”

NiceHash isn’t the first to be hit in recent months either, with Parity, another cryptocurrency site who had nearly $32 million in Ether (ETH) stolen back in July, also forcing the company to freeze a further $160 million in the currency to safeguard it from further theft.

Facebook To Clamp Down On “Engagement Bait” Posts

Facebook users, we’ve probably all seen it from at least one person on our friends list: “Share this for a chance to win!”,  and other such related posts that most of us glance over and just carry on down the page after breathing a deep sigh, maybe even going so far as to stop following them if it keeps happening often enough.

But why do these posts exists you ask? Well, an obvious reason is that there’s money to be made! Driving up “engagement”, be it with likes, shares, or comments, help increase the “reach” of a post, the metric used to gauge how far a post has, well… reached. Ahem… By getting others they are already networked with to boost this engagement, that reach can extend quite significantly, if you take the six degrees of separation idea to heart.

Wikipedia’s description of the idea describes it more concisely:  “Six degrees of separation is the idea that all living things and everything else in the world are six or fewer steps away from each other so that a chain of ‘a friend of a friend’ statements can be made to connect any two people in a maximum of six steps.”

The basis for the idea was floating around in the early 20th century, and was first put to the written word in 1929 by Hungarian author Frigyes Karinthy contained within a series of short stories titled “Everything is Different”.

Drifting back to the relevance of the topic, naturally the reach that Facebook’s posts can reach is limited by the number of users. That being said, Facebook has reported some 2 billion monthly active users; when compared against the world’s 7+ billion people, that’s still quite a large overall percentage, one that could theoretically cover the entire population of the planet within the six degrees of separation paradigm.

Facebook has decided, however, that both it and its users don’t want what is being termed “engagement bait” on its platform, categorizing such posts that are made purely for the sake of increasing a post’s reach to a larger portion of the user base of the platform. Facebook has begun clamping down on these posts, demoting many posts and even whole pages they deem to be employing such tactics in attempts to increase overall “authenticity” of the posts that end up in user’s feeds.

Facebook has laid out newly updated news feed publisher guidelines to help users avoid the types of post content that could cause a demotion, along with examples.

Ofcom Further Pushes UK ISPs For Better Broadband Coverage

“Everyone should have good access to the internet, wherever they live and work”, Ofcom’s Technology Chief, Steve Unger, states. Most of you probably take fast, stable internet connections for granted these days, so those words may seem obvious already, but there are still many in the country who don’t have access to an internet connection fast enough to be deemed worthy of earning an acceptable rating from Ofcom.

Ofcom states that the minimum cutoff for defining ‘“decent’ broadband is a speed of 10 megabits per second (Mbps), with many recoiling out of shock at how low that value may be by modern standards – many more of you not even really know if that’s even a good or bad value.

Put into perspective, average speeds quoted across major UK ISP websites vary, but are all fairly consistently touting speeds in excess of 100 Mbps or more, 10 times the bare minimum that Ofcom dictates, and while bare minimum is being quite generous here, those speeds are far more than enough for basic internet tasks related to browsing web pages and sending emails at what could be considered to be an acceptable rate.

cyberspace-2784907_1920

But how many people could really not have internet that meets that bare minimum, when it seems that all major ISPs easily deal in speeds well in excess of that? Well, quite a lot still it turns out, with a Connected Nations report stating that around 4% of properties in the UK were unable to get a broadband speed fast enough to meet these standards, last year. Roughly 1.6 million properties were in this category.

Smartphone access to wireless internet via 3G and 4G + technologies also showed room for improvement, Ofcom said, with many handsets only getting weak signals while travelling. Unger said in a statement that “Broadband coverage is improving, but our findings show there’s still urgent work required before people and businesses get the services they need.”

Ofcom also looked at upload speeds, something that is becoming more valuable and increasing in demand due to the proliferation of screen sharing, video conferencing, as well as live streaming used by individuals and companies alike. These all require a better upload speed in order to perform well, and the guidelines that Ofcom lays out for the minimum is 1 Mbps for upload.

The most obvious reason for the percentage of properties spanning the UK unable to obtain these minimum speeds is that of location; rural areas just don’t tend to receive the same infrastructure investments that larger towns and cities do, resulting in exchanges or street cabinets too far away from homes to make a decent connection over traditional phone lines via copper wiring.

That being said, there has been an increase in the proportion of overall access to so-called superfast broadband services running at over 30 Mbps. As of May 2017, around 91% of properties were capable of receiving a service under this classification, creeping up 2% on 2016’s 89%. Popularity for these faster rates is undeniable, with roughly 38% of properties in the catchment areas that are capable of these speeds signing up for services providing them.

On the wireless internet front, approximately 58% of properties were able to receive a 4G signal indoors, a much more significant improvement year on year, coming from just 40% in 2016. However, as previously stated, this coverage becomes far from perfect once on the move, with only 43% of the UK’s landmass getting signals from all four major mobile operators.

Ofcom has stated that they are monitoring mobile connectivity along travel routes in order to note the improvements that operators were making for their customers.

Closing on a thoughtful note, Unger stated that “People have never relied so much on their phones in daily life”. Certainly food for thought about just how increasingly large a role mobiles phones play in how we stay connected and keep in touch on a regular basis.

Amazon Investigated by ASA Over Complaints About Unfulfilled “Next Day” Deliveries

Amazon’s guarantee regarding “next-day” deliveries is one of the main topics of discussion at the UK Advertising Standards Authority (ASA) currently, who are in the process of deciding whether the company should be placed under formal investigation after numerous complaints from customers claiming that the company is failing to live up to its advertised promise. Amazon offers its Prime service for £7.99 per month, which includes the benefits of free, express, next day delivery for a wide array of products, and a similar service is offered to non-Prime customers on certain items over a minimum spend.

The ASA says that they “have received a handful of complaints about Amazon parcel deliveries and we are at the initial assessment stage.” An Amazon representative was quick to divulge to the BBC that the ASA had confirmed that there was no investigation as of yet.

There have apparently been a total of five complaints to the ASA since the beginning of the month, and the consumer rights group “Which?” rightfully states that companies missing specified delivery dates are in breach of contract, and the customers are well within their rights to cancel the purchase and receive a full refund in those cases.

Customers are urged to get in contact with the retailer directly first to make their complaints heard, explaining to them that the delivery has failed to arrive by the stated date in order for them to help remedy the situation themselves.

The Resurgence Of The Mobile Phone Physical Keyboard

Outside of oddities such as the BlackBerry KeyOne, it’s been quite some times since physical keyboards on mobile phones have been in the public eye, but Nokia seem to be lining up a product to do just that, according to an ‘educated guess’ by a “well-known source that has been behind many Nokia leaks” that has spoken with Nokia Power User.

This news follows the recent FCC filing and approval for a new phone with the model number “TA-1047”. While details on the device are barebones at best, the documentation in the filing does define a relatively small device measuring 133mm tall by 68mm wide…and that’s about it.

This source estimates that the phone could well be a device with a relatively small, roughly 80mm screen, a pixel resolution of just 480 x 480, a physical QWERTY keyboard, and a custom OS known as Kai OS, running on a weaker 205 series Qualcomm chip.

Judging by the specs, and if the report is remotely accurate, this phone is probably a budget device aimed at a specific audience, with a high probability that the public, in the West at least, will never end up seeing it anyway due to the cover letter paired along with the filing to the FCC, specifically stating that the device will not be available for use in the US market.

This piece is full of conjecture and estimations from an unnamed source. But if the device does come to market anywhere like the specs quoted in this article, it will, if nothing else, show that other companies are prepared to keep taking runs at implementing physical keyboards in mobile phones. As to whether these attempts result in something the end user will want or like using though, is another matter.

Three Hackers Arrested, Plead Guilty, To Crimes Related To Botnet

Three hackers, the creators and distributors of the botnet called Mirai, which was responsible for crippling numerous major websites over the last year, have been arrested by US Federal officials and have since pleaded guilty to their crimes.

Federal court documents unsealed on Tuesday 12th of December list the three as being indicted by an Alaskan court the preceding week on multiple charges befitting their roles in the cyber attacks that took place with the botnet they created. The three hackers have been identified as Paras Jha, 21 from New Jersey, Josiah White, 20 from Washington, and Dalton Norman, 21 from Louisiana.

The botnet itself was designed to scan for insecure Internet of Things (IoT) devices, and add them to the botnet’s arsenal for future attacks. the botnet was designed to exploit one of the oldest and easiest, tricks in the book – gaining access to devices where its password had not been changed from the default. Adding everything from routers to cameras, this botnet would then be deployed in attacks on major websites and infrastructure servers.

These attacks would then be used as leverage to extort money. The plea agreement that Jha produced elaborates that they “conspired to conduct DDoS attacks against websites and web hosting companies located in the United States and abroad”, and furthermore attempted to extort money “in exchange for halting the attack.”

Jha had advertised the botnet heavily on dark web forums in September and October of 2016, and also admitted to securely deleting and subsequently posting the source code for, the Mirai botnet’s software online for free, which has since been used as the basis for many similar attacks by others.

Jha and White had already been previously called out by internet blogger Brian Krebs earlier this year after his blog was taken offline by a considerable 620 Gbps sized attack using the Mirai botnet. It appears that Jha was the president of a company called ProTraf Solutions, a DDoS mitigation firm; the motive for these attacks then becomes plain to see.

White confessed to writing the code for the botnet’s scanner, the part responsible for finding and hijacking the vulnerable devices that were subsequently used in attacks, while Norman admits to helping find and exploit zero-day vulnerabilities in order to gain access to more devices.

In the 3 months between December 2016 and February 2017, the botnet managed to succeed in infecting and taking control of over 100,000 devices, which they combined into another botnet dubbed Clickfraud, for use as a fake click service for advertising in order to generate revenue.

The three charged ended their involvement with the original Mirai botnet towards the end of 2016 when the source code was posted publicly. They will be facing sentences each of up to five years in prison.

Internet News – December 2017

Subscribe to the Starjammer Bulletin

More about The Starjammer Bulletin

The Starjammer Bulletin is the official newsletter for The Starjammer Group, its customers, clients, affiliates and subscribers. With over ten years under our belt, we are proud of our commitment to our clients, and of our assurance that we provide them with the best level of service and help that they have come to know and respect us for. The Starjammer Group is proud of its track record to date, and strives to improve its products, services and standing on all fronts. Our mantra has always been '21st century thinking'. Why? Simple: we love doing what we do, enjoy our work, and work on the principle that our customers, clients and associates should share in the fun. Business shouldn't be a chore: we spend on average 8 hours per working day in the office, or factory, behind a desk, stall or wheel. We employ people who are not only competent and good at their job, but people who have that something; that little spark that grabs our attention. It can't be defined, and it's not always obvious. Nethertheless, we have been lucky to attract and keep the right people. Something we are proud of.