Life looks good for Brazilian hackers: the absence of a specific law against cybercrime leaves them feeling so invulnerable that the bad guys are shameless about publicizing their thefts and showing off the profits of a life of crime. We showed some of this in a presentation at the latest Virus Bulletin Conference, and it’s commonplace to find YouTube clips of Brazilian bankers and carders reveling in their ill-gotten gains and rubbing their easy money in the faces of hard-up victims (there’s one example here, and several more out there). It’s also common to find bad guys’ profiles on social networks such as Twitter, Tumblr, etc. Everything is done out in the open, without fear of being caught.
To help new “entrepreneurs” or beginners interested in a life of cybercrime, some Brazilian bad guys started to offer paid courses. Others went even further, creating a Cybercrime school to sell the necessary skills to anyone who fancies a life of computer crime but lacks the technical know-how. On a website dedicated to selling these courses and promoting the “school”, a careful search turns up courses like “How to be a Banker”, “Kit Spammer” or “How to be a Defacer”.
There’s been a lot of talk about a piece of software installed on many mobile devices called Carrier IQ. The intended purpose of the software according to the manufacturer is to collect metrics to improve many functions of the device on which it’s installed. The uproar has been that this software has access to so much private user data.
I’m often asked about the real danger of Android malware. This is a difficult question as it has many factors to consider, such as your location, your device, how many apps you install, and how reckless you are with the apps that you choose.
There are two common factions often at odds with each other. There is one side of the argument that states that the threat to Android is overblown, and that because the number of malicious samples discovered so far is so small in comparison with Windows malware, it’s insignificant. In fact when a company discloses their findings and they show any type of marked growth in this sector, they’re often accused of scaremongering to generate sales.
We are certainly living in interesting times. It was less than a week ago that a rumor appeared that Apple is going to switch to ARM processors for its next generation of laptops.
Obviously, this has very interesting implications for the future of computing and seems to indicate the increasing need for a computing platform that uses less power and that can be used for a day without the need for charging.
Earlier today, Google surprised the world by announcing the Google Chromebook – a netbook (huh, aren’t netbooks dead?) computer concept, built for now by Samsung and Acer around the Atom N750 CPUs. With 2GB of RAM and 16GB of SSD storage, the specifications are somehow low-end, however, this might not be a problem because as Google says in their promo, the web has more storage space than any computer. The price, when these will be available, is believed to be in the range of $400-$500.
When I saw the announcement, I thought to myself – why would anybody ever buy something like this?
I don’t know about the rest of the world, but in Russia the most popular SMS message is “Where are you?” But very soon that particular question is going to be irrelevant.
A few days ago Gartner published its list of the top 10 mobile applications to watch out for in 2012. First place went to Location-Based Services (LBSs).
Of course, there’s nothing new in technology that can pinpoint a mobile phone user’s location, and the whole range of services that comes with it offering information about individual users has been in the works for some time now.
But the thing is...
A few days ago one of my colleagues, who was in San Francisco listening to Bill Clinton’s keynote session at the RSA Conference, noticed on Facebook that his GPS and mobile services had gone a bit haywire. According to Google Maps, he had managed to visit Berlin, Disneyland in Florida and make it back to San Francisco all in the space of 2 minutes.
Another visitor to RSA also said that his location had been given as Disneyland in Florida for almost the whole week and that it was going to be difficult explaining to his boss what he’d been doing there instead of San Francisco :)
But on a more serious note, we are witnessing a very interesting process in human behavior. On one hand, users of mobile devices are increasingly willing to make public their exact whereabouts! I constantly see messages from my colleagues sent via Foursquare, for example, stating that they have arrived home (with a map of the town) or they are currently at some airport or other. This level of information is incomparable with the amount of personal data people used to make public. ‘Location’ used to mean the name of a town or city, but now it’s: “I’m here, right now!” to within a few meters.
On the other hand, monitoring people’s whereabouts is of more and more interest not only for law enforcement agencies but also for employers. Your employer can give you a company mobile and in return can expect to receive information about where you are, especially when you’re on a business trip. This type of tracking could even be used in legal disputes!
The situation is ideal for location-based services – there are people who want to publicize their whereabouts and there are other people who want to use that information. The consequences of this can be catastrophic. Here’s just one recent story about how people can be kidnapped and murdered as a result of information made public from their smartphones and posted on Facebook and Google.
OK, you might say these are exceptions and I’m paranoid. Maybe. But it can’t be hard to imagine a situation where a husband and wife end up having an argument after tracking each other’s movements. Or what about if an employer sees that his worker is in Disneyland like the story above? You can hardly blame it all on Bill Clinton :)
The growth in these services will soon lead to such serious problems protecting your personal life that all previous problems will seem like child’s play.
If I created applications for mobile phones, I’d seriously think about an app that didn’t state my real location but a false one!I’d definitely buy it.
Or at least I’d do everything so that this type of functionality appeared in our Mobile Security product :)