Archive

Archive for December 11, 2019

Fintech Startup Qwil Raises $24.4 Million in Equity and $200 Million in Debt by REUTERS

December 11, 2019 Leave a comment


By REUTERS

Qwil, a startup that provides financing to freelancers and small businesses, has raised $24.4 million in equity and $200 million in debt funding from investors including Jefferies Financial Group Inc, the company said on Wednesday.

Published: December 10, 2019 at 06:00PM

from NYT Technology https://ift.tt/2E9BuHa
via IFTTT

Categories: Internet Tags: ,

Peru Plans Taxing Netflix, Uber and Digital Businesses: Official by REUTERS

December 11, 2019 Leave a comment


By REUTERS

Peru wants foreign digital companies such as Netflix Inc, Uber Technologies Inc and Spotify Technology SA to pay taxes on sales they make in the Andean country, the head of the local tax collection agency told Reuters on Tuesday.

Published: December 9, 2019 at 06:00PM

from NYT Technology https://ift.tt/349ro3J
via IFTTT

Categories: Internet Tags: ,

George Laurer, Who Developed the Bar Code, Is Dead at 94 by SAM ROBERTS

December 11, 2019 Leave a comment


By SAM ROBERTS

Every purchase evokes his design of the rectangular Universal Product Code. But although it became ubiquitous, he received no royalties.

Published: December 10, 2019 at 06:00PM

from NYT Technology https://ift.tt/2Pcp1bZ
via IFTTT

Categories: Internet Tags: ,

YouTube Takes Tougher Stance on Harassment by DAISUKE WAKABAYASHI

December 11, 2019 Leave a comment


By DAISUKE WAKABAYASHI

A new policy is a response to criticism that the video service hasn’t done enough to curb bad behavior by users.

Published: December 10, 2019 at 06:00PM

from NYT Technology https://ift.tt/36qnPYk
via IFTTT

Categories: Internet Tags: ,

The Great $50M African IP Address Heist

December 11, 2019 Leave a comment

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.-based researcher whose findings shed light on a murky area of Internet governance that is all too often exploited by spammers and scammers alike.

There are fewer than four billion so-called “Internet Protocol version 4” or IPv4 addresses available for use, but the vast majority of them have already been allocated. The global dearth of available IP addresses has turned them into a commodity wherein each IP can fetch between $15-$25 on the open market. This has led to boom times for those engaged in the acquisition and sale of IP address blocks, but it has likewise emboldened those who specialize in absconding with and spamming from dormant IP address blocks without permission from the rightful owners.

Perhaps the most dogged chronicler of this trend is California-based freelance researcher Ron Guilmette, who since 2016 has been tracking several large swaths of IP address blocks set aside for use by African entities that somehow found their way into the hands of Internet marketing firms based in other continents.

Over the course of his investigation, Guilmette unearthed records showing many of these IP addresses were quietly commandeered from African businesses that are no longer in existence or that were years ago acquired by other firms. Guilmette estimates the current market value of the purloined IPs he’s documented in this case exceeds USD $50 million.

In collaboration with journalists based in South Africa, Guilmette discovered tens of thousands of these wayward IP addresses that appear to have been sold off by a handful of companies founded by the policy coordinator for The African Network Information Centre (AFRINIC), one of the world’s five regional Internet registries which handles IP address allocations for Africa and the Indian Ocean region.

That individual — Ernest Byaruhanga — was only the second person hired at AFRINIC back in 2014. Byaruhanga did not respond to requests for comment. However, he abruptly resigned from his position in October 2019 shortly after news of the IP address scheme was first detailed by Jan Vermeulen, a reporter for the South African tech news publication Mybroadband.co.za who assisted Guilmette in his research.

KrebsOnSecurity sought comment from AFRINIC’s new CEO Eddy Kayihura, who said the organization was aware of the allegations and is currently conducting an investigation into the matter.

“Since the investigation is ongoing, you will understand that we prefer to complete it before we make a public statement,” Kayihura said. “Mr. Byauhanga’s resignation letter did not mention specific reasons, though no one would be blamed to think the two events are related.”

Guilmette said the first clue he found suggesting someone at AFRINIC may have been involved came after he located records suggesting that official AFRINIC documents had been altered to change the ownership of IP address blocks once assigned to Infoplan (now Network and Information Technology Ltd), a South African company that was folded into the State IT Agency in 1998.

“This guy was shoveling IP addresses out the backdoor and selling them on the streets,” said Guilmette, who’s been posting evidence of his findings for years to public discussion lists on Internet governance. “To say that he had an evident conflict of interest would be a gross understatement.”

For example, documents obtained from the government of Uganda by Guilmette and others show Byaruhanga registered a private company called ipv4leasing just a year after joining AFRINIC. Historic WHOIS records from domaintools.com [a former advertiser on this site] indicate Byaruhanga was the registrant of two domain names tied to this company — ipv4leasing.org and .net — back in 2013.

Guilmette and his journalist contacts in South Africa uncovered many instances of other companies tied to Byaruhanga and his immediate family members that appear to have been secretly selling AFRINIC IP address blocks to just about anyone willing to pay the asking price. But the activities of ipv4leasing are worth a closer look because they demonstrate how this type of shadowy commerce is critical to operations of spammers and scammers, who are constantly sullying swaths of IP addresses and seeking new ones to keep their operations afloat.

Historic AFRINIC record lookups show ipv4leasing.org tied to at least six sizable blocks of IP addresses that once belonged to a now defunct company from Cameroon called ITC that also did business as “Afriq*Access.”

In 2013, Anti-spam group Spamhaus.org began tracking floods of junk email originating from this block of IPs that once belonged to Afriq*Access. Spamhaus says it ultimately traced the domains advertised in those spam emails back to Adconion Direct, a U.S. based email marketing company that employs several executives who are now facing federal criminal charges for allegedly paying others to hijack large ranges of IP addresses used in wide-ranging spam campaigns.

Bill Woodcock is executive director of Packet Clearing House, a non-profit research institute dedicated to understanding and supporting Internet traffic exchange technology, policy, and economics. Woodcock said it’s not unheard of for employees at regional Internet registries (RIRs) to get caught selling off IP addresses as a side hustle, but that this case is by far the longest-running alleged scheme to date.

“It’s not unprecedented in the sense that there have been insider deals in the past done illicitly by employees of other RIRs,” he said. “But typically they’ve been one-off or short-lived before getting caught or fired.”

Anyone interested in a deeper dive on Guilmette’s years-long investigation — including the various IP address blocks in question — should check out MyBroadband’s detailed Dec. 4 story, How Internet Resources Worth R800 Million (USD $54M) Were Stolen and Sold on the Black Market.

from Krebs on Security https://ift.tt/2RG0vlc
via IFTTT

Trickbot Operators Now Selling Attack Tools to APT Actors

December 11, 2019 Leave a comment

North Korea’s Lazarus Group – of Sony breach and WannaCry fame – is among the first customers.

from Dark Reading: https://ift.tt/2LKP9ZC
via IFTTT

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

December 11, 2019 Leave a comment

Researchers were able to extract AES encryption key using SGX’s voltage-tuning function.

from Dark Reading: https://ift.tt/2tb8DAb
via IFTTT