Blog

  • John McAfee Wanted for Murder

    posted by Keito
    2012-11-12 21:57:29
    'Antivirus pioneer John McAfee is on the run from murder charges, Belize police say. According to Marco Vidal, head of the national police force's Gang Suppression Unit, McAfee is a prime suspect in the murder of American expatriate Gregory Faull, who was gunned down Saturday night at his home in San Pedro Town on the island of Ambergris Caye.

    Details remain sketchy so far, but residents say that Faull was a well-liked builder who hailed originally from California Florida. The two men had been at odds for some time. Last Wednesday, Faull filed a formal complaint against McAfee with the mayor's office, asserting that McAfee had fired off guns and exhibited "roguish behavior." Their final disagreement apparently involved dogs.

    UPDATE: Here is the official police statement:


    MURDER
    On Sunday the 11th November, 2012 at 8:00am acting upon information received, San Pedro Police visited 5 ¾ miles North of San Pedro Town where they saw 52 year old U.S National Mr. GREGORY VIANT FAULL, of the said address, lying face up in a pool of blood with an apparent gunshot wound on the upper rear part of his head apparently dead. Initial investigation revealed that on the said date at 7:20am LUARA TUN, 39years, Belizean Housekeeper of Boca Del Rio Area, San Pedro Town went to the house of Mr. Faull to do her daily chores when she saw him laying inside of the hall motionless, Faull was last seen alive around 10:00pm on 10.11.12 and he lived alone. No signs of forced entry was seen, A (1) laptop computer brand and serial number unknown and (1) I-Phone was discovered missing. The body was found in the hall of the upper flat of the house. A single luger brand 9 mm expended shells was found at the first stairs leading up to the upper flat of the building. The body of Faull was taken to KHMH Morgue where it awaits a Post Mortem Examination. Police have not established a motive so far but are following several leads.


    As we reported last week, McAfee has become increasingly estranged from his fellow expatriates in recent years. His behavior has become increasingly erratic, and by his own admission he had begun associating with some of the most notorious gangsters in Belize.

    Since our piece ran on last week, several readers have come forward with additional information that sheds light on the change in McAfee's behavior. In July of 2010, shortly before Allison Adonizio pulled the plug on their quorum-sensing project and fled the country, McAfee began posting on a drug-focused Russian-hosted message board called Bluelight about his attempts to purify the psychoactive compounds colloquially known as "bath salts."

    Writing under the name "stuffmonger," a handle he has used on other online message boards, McAfee posted more than 200 times over the next nine months about his ongoing quest to purify psychoactive drugs from compounds commercially available over the internet. "I'm a huge fan of MDPV," he wrote. "I think it's the finest drug ever conceived, not just for the indescribable hypersexuality, but also for the smooth euphoria and mild comedown."

    Elsewhere, he described his pursuit of "super perv powder" and warned about the dangers of handling the freebase version of the drug: "I had visual and auditory hallucinations and the worst paranoia of my life." He recommended that the most effective way to take a dose is via rectal insertion, a procedure known as "plugging," writing: "Measure your dose, apply a small amount of saliva to just the tip of your middle finger, press it against the dose, insert. Doesn't really hurt as much as it sounds. We're in an arena (drugs/libido) that I navigate as well as anyone on the planet here. If you take my advice about this (may sound gross to some of you perhaps), you will be well rewarded."

    Just before posting for the last time on April 1, 2011 (a date that for McAfee may well have been freighted with intentional significance), Stuffmonger identified himself as "John" and described his work pursuing quorum-sensing compounds and posted photos of his property in Orange Walk. In signing off, he explained that "the on-line world is more of a distraction than the self induced effects of the many experiments I've done using my own body over the past year or so, and I have work to do."

    MDPV, which was recently banned in the US but remains legal in Belize, belongs to a class of drugs called cathinones, a natural source of which is the East African plant khat. Users report that it is a powerfully mind-altering substance. In the comments section to my last Gizmodo piece, reader fiveseven15 writes: "mdpv is serious shit. would explain his paranoia and erraticness. i've been thru that. i played with mdpv for about two weeks, then started seeing shadow people in the corner of my eye, and what amphetamine heads call 'tree-cops'... its essentially really, REALLY f-ed up meth."

    On his website, addiction specialist Paul Earley warns about the dangers of MDPV: "Our experience clearly warns of the psychiatric and medical dangers of this drug. We have cared for multiple patients who have abused MDPV; they report intense and unpleasant visual hallucinations after a short binge. The drug feels non-toxic with its first use, but following a moderate binge users suffer mild to moderate paranoia… in about 10% of individuals who use higher doses, we have observed a sustained psychotic state with intense anxiety lasting 3 to 7 days."

    McAfee's intensive use of psychosis-inducing hallucinogens would go a long way toward explaining his growing estrangement from his friends and from the community around him. If he was producing large quantities of these chemicals, as implied on Bluelight, that would also shed light on his decision to associate with some of Belize's most hardened drug-gang members.

    McAfee's purported interest in extracting medicine from jungle plants provided him a wholesome justification for building a well-equipped chemistry lab in a remote corner of Belize. The specific properties of the drugs he was attempting to isolate also fit in well with what those closest to him have reported: that he is an enthusiastic amateur pharmacologist with a longstanding interest in drugs that induce sexual behavior in women. Indeed, former friends of McAfee have said he could be extremely persistent and devious in trying to coerce women who rebuff his advances to have sex with him.

    One other aspect of Stuffmonger's postings gibe with McAfee's general MO: his compulsion for making outrageous or simply erroneous assertions, even attached to subjects about which he is being generally sincere. Along with photographs of his lab near Orange Walk, for instance, he posted a picture of a decrepit thatched-roof hut and described it as original home in Belize. He seemed similarly to have embellished his descriptions of his feats of chemical prowess on the Bluelight discussion board, and this ultimately aroused the suspicions of his fellow posters. "Stuffmonger's claims were discredited," a senior moderator later wrote, "and he vanished."'

    http://gizmodo.com/5959812/
  • Malware inserted on PC production lines, says study

    posted by Keito
    2012-09-13 19:44:47
    'Cybercriminals have opened a new front in their battle to infect computers with malware - PC production lines.

    Several new computers have been found carrying malware installed in the factory, suggests a Microsoft study.

    One virus called Nitol found by Microsoft steals personal details to help criminals plunder online bank accounts.

    Microsoft won permission from a US court to tackle the network of hijacked PCs made from Nitol-infected computers.

    ---Domain game---

    In a report detailing its work to disrupt the Nitol botnet, Microsoft said the criminals behind the malicious program had exploited insecure supply chains to get viruses installed as PCs were being built.

    The viruses were discovered when Microsoft digital crime investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China.

    Four of the computers were infected with malicious programs even though they were fresh from the factory.

    Microsoft set up and ran Operation b70 to investigate and found that the four viruses were included in counterfeit software some Chinese PC makers were installing on computers.

    Nitol was the most pernicious of the viruses Microsoft caught because, as soon as the computer was turned on, it tried to contact the command and control system set up by Nitol's makers to steal data from infected machines.

    Further investigation revealed that the botnet behind Nitol was being run from a web domain that had been involved in cybercrime since 2008. Also on that domain were 70,000 separate sub-domains used by 500 separate strains of malware to fool victims or steal data.

    "We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," said Richard Boscovich, a lawyer in Microsoft's digital crimes unit in a blogpost.

    A US court has now given Microsoft permission to seize control of the web domain, 3322.org, which it claims is involved with the Nitol infections. This will allow it to filter out legitimate data and block traffic stolen by the viruses.

    Peng Yong, the Chinese owner of the 3322.org domain, told the AP news agency that he knew nothing about Microsoft's legal action and said his company had a "zero tolerance" attitude towards illegal activity on the domain.

    "Our policy unequivocally opposes the use of any of our domain names for malicious purposes," Peng told AP.

    However, he added, the sheer number of users it had to police meant it could not be sure that all activity was legitimate.

    "We currently have 2.85 million domain names and cannot exclude that individual users might be using domain names for malicious purposes," he said.'

    http://www.bbc.co.uk/news/technology-19585433
  • Computer virus hits second energy firm

    posted by Keito
    2012-09-02 16:33:08
    'Computer systems at energy firm RasGas have been taken offline by a computer virus only days after a similar attack on oil giant Aramco.

    The attacks come as security experts warn of efforts by malicious hackers to target the oil and energy industry.

    The attack forced the Qatar-based RasGas firm to shut down its website and email systems.

    RasGas, one of the world's largest producers of liquid petroleum gas, said production was not hit by the attack.

    The company said it spotted the "unknown virus" earlier this week and took desktop computers, email and web servers offline as it cleaned up.

    The report comes only days after Saudi Arabia's Aramco revealed it had completed a clean-up operation after a virus knocked out 30,000 of its computers. The cyber- assault on Aramco also only hit desktop computers rather than operational plant and machinery.

    Both attacks come in the wake of alerts issued by security firms about a virus called "Shamoon" or "Disstrack" that specifically targets companies in the oil and energy sectors.

    Unlike many other contemporary viruses Shamoon/Disstrack does not attempt to steal data but instead tries to delete it irrecoverably. The virus spreads around internal computer networks by exploiting shared hard drives.

    Neither RasGas nor Aramco has released details of which virus penetrated its networks.

    The vast majority of computer viruses are designed to help cyber-thieves steal credit card numbers, online bank account credentials and other valuable digital assets such as login names and passwords.

    However, an increasing number of viruses are customised to take aim at specific industries, nations or companies.

    The best known of these viruses is the Stuxnet worm which was written to disable equipment used in Iran's nuclear enrichment efforts.'

    http://www.bbc.co.uk/news/technology-19434920
  • Oracle issues patch for Java loopholes

    posted by Keito
    2012-09-02 14:12:04
    'Oracle has issued a patch for loopholes in its Java program that was being actively abused by cyber-thieves.

    The software giant took the unusual step of issuing the patch well before the usual date for security updates.

    The patch closes loopholes that together left users of almost every operating system vulnerable to infection by viruses.

    Tens of thousands of machines are believed to have been infected by viruses that exploit the bugs.

    Oracle typically issues security patches for Java every quarter but it tore up the usual schedule because the bugs were being increasingly abused.

    Security firms said code to exploit the loopholes had been recently added to the popular Blackhole crimeware kit. This software package is an all-in-one computer crime kit that makes it easy for those with little technical knowledge to become cyber-thieves.

    Adding code to the kit would hugely boost the numbers of malicious hackers trying to compromise computers running Java.

    Java is a widely-used programming language designed to let developers write programs once that can then be run, with minimal changes, on any computer. Oracle claims Java is used on more than one billion desktop computers.

    Some sites use it to add extras to their webpages that can be used via a browser add-on or plug-in. Some games, including Runescape and Minecraft, are built around Java.

    Security expert Brian Krebs said the safest way to avoid any trouble was to remove it from a computer system.

    "If you don't need Java, uninstall it from your system," he wrote in a blogpost about the security updates.'

    http://www.bbc.co.uk/news/technology-19434927
  • Oil Producer Saudi Aramco Reveals Cyber Attack Hit 30,000 Workstations

    posted by Keito
    2012-08-29 20:53:43
    'Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August.

    Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks. Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks.

    “The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network,” Saudi Aramco said over Facebook.

    “We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” Saudi Aramco’s chief executive, Khalid al-Falih, said in a statement.

    However, one of Saudi Aramco’s websites which was taken offline after the attack - www.aramco.com - remained down yesterday. E-mails sent by Reuters to people within the company continued to bounce back.

    Supposed hacktivists have claimed the hit on the oil giant, saying they would hit the company again tomorrow. The group said it was “fed up of crimes and atrocities taking place in various countries around the world”, in a post on Pastebin. They said they were targeting the House of Saud, the ruling royal family of Saudi Arabia, and targeted Aramco as it was “the largest financial source for Al-Saud regime”.

    The group, calling itself the ‘Cutting Sword of Justice’, claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers achieving a 75 percent infection rate of all the company’s systems. It refuted suggestions that a nation state was behind the attack.

    Symantec, one of the world’s largest internet security companies, said on the day after the Saudi Aramco attack that it had discovered a new virus that was targeting at least one organisation in the global energy sector, although it did not name that organisation.

    “It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable,” Symantec said in a blog posting about the virus, which it called W32.Disttrack. “Threats with such destructive payloads are unusual and are not typical of targeted attacks.”

    Saudi Aramco’s al-Falih said in his statement yesterday: “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack.”'

    http://thehackernews.com/2012/08/saudi-aramco-oil-producers-30000.html