Archive for March, 2012

Cybercriminals have been uploading malicious Chrome browser extensions to the official Chrome Web Store and use them to hijack Facebook accounts, according to security researchers from Kaspersky Lab.

Fabio Assolini @ SAS 2012

Fabio Assolini @ SAS 2012

The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors or even removing social media viruses, said Kaspersky Lab expert Fabio Assolini in a blog post on Friday.

Assolini has recently observed an increase in the number of Facebook scams that use malicious Chrome extensions and originate in Brazil.

Once installed in the browser, these extensions give attackers complete control over the victim’s Facebook account and can be used to spam their friends or to Like pages without authorization.

In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, Assolini said. By the time it was identified, it had already been installed by 923 users.

“We reported this malicious extension to Google and they removed it quickly,” Assolini said. “But we noted the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

Uploading multiple rogue extensions on the Chrome Web Store and running several Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts.

The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50 or 100 thousand Likes to companies who wish to gain visibility on Facebook.

The use of Trojan horse browser extensions to hijack accounts is not new, nor is the method specific to Google Chrome. However, it has several advantages over other techniques. For one, users are more likely to trust an extension distributed from the official Chrome Web Store for Chrome, or Mozilla’s add-on repository for Firefox, than a clickjacking or phishing page. Few users are aware that browser extensions can intercept everything they do through the browser.

Security compromises based on rogue browser extensions are also more persistent than those based on password theft or other methods, because these extensions can piggyback on active sessions to perform unauthorized actions even if the account owners change their passwords or enable two-factor authentication.

“Think twice before installing a Google Chrome extension,” Assolini said.

1 Comment. Join the Conversation

Fake opinions are now what could be the most insidious spam which is growing.

Faceless astroturfing trolls are manipulating online debate.
If you spend your time reading forums and blog comments you’ve probably noticed the rise in suspicious posts designed to defend certain companies and certain points of view. It’s been happening for years, but it seems these astroturfing efforts are becoming more organised.

Keep in mind that I’m not talking about people who genuinely hold strong opinions. They’re entitled to express their opinions, whether or not I agree with them. Some of these people are trolls though, in that they enjoy starting arguments, belittling people and acting like jerks. This kind of trolling is the price we begrudgingly pay for the right to free speech.

Astroturfing corporate trolls are a different breed in that they’re getting paid to push a certain point of view and create the false impression of a grass roots movement (thus the “astroturfing” tag). In some ways they’re the enemy of free speech in that these fake opinions are designed to counteract real opinions or simply drown them out.

Traditionally public spaces for expressing opinions have been self-moderating, in that other people will straight-out accuse astroturfing trolls of having a hidden agenda. At this point the troll tends to slink away. You’ll see this in blogs and forums, as well as in the letters pages in newspapers and on talkback radio.

It’s hard to know how many comments, letters and callers are genuine, but the rampant astroturfers tend to stand out. While moderators might be reluctant to directly accuse people of corporate trolling, they can usually rely on others to do it for them.

What’s interesting is that corporate trolls are changing their tactics. They’re toning down their opinions while accusing journalists who disagree with them of bias. These astroturfing trolls are actually attempting to come across as the voice of reason and undermine the credibility of those who oppose them. Attacking those who don’t agree with you to undermine them is a trick straight out of the McCarthyism playbook.

This new form of astroturfing is far more subtle and harder to spot. Sometimes these corporate trolls actually stand out because they’re biased but still less opinionated than the other trolls and rabid fanboys. Other times they go off on tangents which seem reasonable but deliberately sidestep the point of the original article in order to make their own point.

In short these corporate trolls are trying to come across as “everyday Australians” rather than opinionated jerks. It’s a smart strategy and I suspect it’s working.

At the same time those behind astroturfing campaigns are investing in new technology designed to manage an army of fake online identities. They create entire fake digital lives to make their fake people seem real. Sometimes they even pay an army of “get rich working from home” people to do their dirty work for them.

In my experience, astroturfing corporate trolls are becoming more prevalent in Australia. Some of them are fake people offering fake opinions, while others are real people paid to spout fake opinions. Some Australian telcos are certainly moving down this path, along with other large corporates and lobby groups.

This is not just my crazy conspiracy theory. The Guardian wrote an interesting piece on the technology behind organised astroturfing last year, while Radio National and Independent Australia are two of several local outlets to examine the issue. Trying holding an online conversation about the environment, telecommunications or health issues such as smoking or gambling and you’ll see the astroturfing trolls at work, trying to shape public opinion without standing out from the crowd.

Astroturfing trolls have taken efforts to manipulate public debate to new lows. Free speech and anonymity might be core tenets of the digital agora, but they’re also letting powerful interests manipulate public debate in new and insidious ways.

Do you think astroturfing corporate trolls are becoming more prevalent and sophisticated? Should we try to thwart them? How?

Be the first to comment

Internet address controversy grows following US warning

Posted March 29, 2012 By David Kolle

A controversial move to expand internet addresses far beyond the norm of .com, .org or .net has provoked a rare threat from the US government to withdraw a key license from the body that runs the internet’s core functions.



The Internet Corporation for Assigned Names and Numbers (ICANN) depends on its US government contract to coordinate the unique addresses that tell computers where to find each other, without which the global internet could not function.

But this month the government warned that the non-profit body’s rules against conflicts of interest were not strong enough and only temporarily extended ICANN’s contract – which it has held since its formation in 1998 – instead of renewing it as many in the industry had expected.

A failure to secure the Internet Assigned Numbers Authority (IANA) contract would severely damage ICANN’s ability to implement its address expansion program, the most radical move in the organisation’s history.

The conflict of interest concerns arise from the fact that some past and present board members stand to benefit financially from the liberalisation of web addresses through ties to organisations that make money from registering new domain names or consulting on the expansion.

Currently, organisations are restricted to a couple of dozen so-called top-level domains, such as .com, .org or .net, or country code domains such as

ICANN wants to enable brands, cities or firms seeking to build new internet businesses to apply to own and run their own domains, for example .apple, .nyc or .gay, giving them more control over their web presence and a greater choice of names.

“Not to award ICANN the IANA contract would be to completely knock it off its foundations,” said Philip Corwin, who is legal counsel for the Internet Commerce Association, an organisation for domain name investors and developers.

“ICANN needs that contract to have the authority they need to really make this program work.”

The contract has been renewed until September.

A whole industry has already sprung up to take advantage of ICANN’s initiative. One of those is Top Level Domain Holdings, a London-listed firm set up to acquire and operate the new domains, whose chairman, Peter Dengate Thrush, was chairman of ICANN when it approved the change.

TLDH has already put in 40 applications and intends to submit more for domains including .miami and .music.

Many critics are sceptical as to whether ICANN will achieve its stated aim of boosting competition and innovation, pointing to previous experiments with the likes of .aero, .travel and .museum, which have gone largely unused.

But convinced or not, hundreds of consumer brands feel forced to apply for their own domains – a costly and complex process that comes with obligations to actively operate the domain – fearing they will lose out to rivals if they do not.

A three-month window will close on April 12, likely for years and possibly forever.

A recent survey by internet registry services company Afilias, which is applying for about 150 new domains on behalf of clients and already provides key infrastructure for .org, .info and .mobi, found considerable uncertainty about the process.

Of 200 major consumer brands it surveyed in the United States and Britain, 53 per cent were either not aware that they could participate in the process at all or did not know that the application window was open and when it would close.

Of those who were aware, however, 54 per cent of brands were in the process of applying, and only 6 per cent said they definitely would not.

“There’s a buzz about this now,” said non-executive Afilias director Jonathan Robinson.

Others with less of a stake in the process call such behaviour outright defensive.

“Of the people that I’m talking to, the vast majority of those that are moving ahead to apply don’t have a concrete business initiative in mind for how they will use the registry,” said Jeff Ernst of technology analysis firm Forrester.

“They’re fearful of another organisation getting their string, or they’re fearful that another competitor will buy its own and get first-mover advantage in doing something strategic.”

Stuart Durham, European sales director of consultancy Melbourne IT, which is preparing about 100 applications for customers, says interest is rapidly increasing as the end of the window approaches.

Joshua S. Bourne, a managing partner and co-founder of FairWinds Partners, a consultancy that works with brands on their internet strategy, said some of the world’s biggest brands were refusing to apply.

“I think we’re going to be very surprised on May 1st when some of the world’s biggest brands aren’t included,” he said. “They want to make a statement because they don’t agree with the whole ICANN process, but in the end I think they’ll regret it.”

Rod Beckstrom, ICANN’s outgoing chief executive, told Reuters the expansion was going smoothly. “We’re holding the course. There’s not a single complaint about anything to do with the administration of the program.”

But at a major ICANN meeting earlier this month he warned it was time for the organisation to tighten up its rules.

“ICANN must be able to act for the public good while placing commercial and financial interests in their appropriate context. How can it do this if all top leadership is from the very domain name industry it is supposed to coordinate independently?”

“Preserving ICANN’s ability to act independently, in the public interest, is paramount to the future of the Internet and this institution,” he said.

2 Comments so far. Join the Conversation
%d bloggers like this: