Weekly Axis Of Easy #29
In this issue:
- Bell Canada pushes website blacklist
- Satori Botnet feared larger than Mirai
- Canadian spy agencies datamining ordinary citizens’ data in bulk
- Arizona using facial recognition on all citizens with a drivers license
- Don’t try this at home: Couple cashes in life savings to mine bitcoin
Canadaland reports that it has obtained a draft copy of a memo to the CRTC from Bell that proposes creation of an agency called “Internet Piracy Review Agency” (IPRA) which would maintain a list of websites determined to be “peddling piracy” and require all ISPs to block access to them. So far the plan seems to be backed by Bell, Shaw, Cineplex and Rogers (although they have publicly stated they are not sure if they will sign on or not).
Also read: http://www.michaelgeist.ca/2017/12/not-just-bell-shaw-calls-crtc-support-website-blocking/
Security researchers are alarmed at the rate with which the “Satori” botnet, a variation of the IoT centred Mirai, has begun “it’s awakening” (Satori means “Awaken” in Japanese). In the first week it was reported it appeared suddenly, on 285,000 hosts. Recall it was just over a year ago when Mirai caused one of the largest DNS outages ever when it knocked Dynect right off the internet for most of a day. Satori differs from Mirai in that it is more of a worm, using two critical exploits to connect to devices on ports 37215 and 52869 in order to infect them. The latter port uses a known exploit CVE-2014-8361, while the latter is believed to be a 0-day exploit against Huawei Home Gateway routers. We should also note that Satori is a different Mirai variation than the Reaper worm we reported on in #AxisOfEasy 23.
Also read: https://www.bleepingcomputer.com/news/security/satori-botnet-has-sudden-awakening-with-over-280-000-active-bots/
The Trudeau government aims to rewrite domestic national security legislation with the impending Bill C-59. A recently released discussion paper (which I can’t find anywhere) purportedly outlines how Canadian intelligence agencies will data mine citizens’ data in bulk in their never ending search for terrorist threats. Quoting the Globe article:
Parts of Bill C-59 “would accommodate the bulk acquisition of any publicly available information that has been published or broadcast for public consumption, including, for example, facial imagery captured in social-media posts,” the report says.
In Arizona security researchers are calling it a “perpetual criminal line-up”. When you get your picture taken for your drivers license, that photo now goes into a database law enforcement agencies can use, along with facial recognition software, to scan if you’re wanted for a crime somewhere or engaging in identity theft or other fraud. The state transport agency happily reports that they’ve been able to prosecute over 100 cases of identity fraud since 2015 using this system,
A BC couple has reportedly cashed out their life savings to go into the Bitcoin mining business. This is a cautionary tale. No matter what the opportunity is or how much I personally like Bitcoin, my “Rule #1” has always been: never bet the farm on any one thing”. In this case mining Bitcoin puts one in competition with some pretty heavy hitters throughout the world, and with the network difficulty where it is now, I can’t help but think the ship has sailed on this “opportunity” for the mom-and-pop operators. They could switch to other alt coins however.