U.K. student Arrested for PlayStation, Xbox DDoS Attacks

A U.K. man was arrested this week as part of an investigation into recent DDoS attacks on the PlayStation and Xbox networks.

Both platforms were knocked offline in December, allegedly at the hands of a hacking group that calls itself the Lizard Squad.

Officers from the U.K.'s South East Regional Organized Crime Unit (SEROCU) this week arrested an 18-year-old man from Southport, England. The teenager was brought in on multiple charges, including unauthorized access to computer material with intent to commit further offenses.

A number of electronic and digital devices were seized in a raid on his home.

Still in the early stages of their investigation, SEROCU said it will continue cooperating with the FBI in the U.S., and the Titan ROCU (North West Regional Organized Crime Unit) in Britain.

"This is a significant arrest … of a U.K. citizen suspected of engaging in serious and organized cyber crime on the national and international stage," Deputy Chief Constable Peter Goodman, national policing lead for cyber security at the Association of Police Officers (ACPO), said in a statement.

"This arrest demonstrates that we will pursue those who commit crime with the false perception they are protected within their own homes or hiding behind anonymous online personas," Goodman added.

Neither the FBI nor U.S. Department of Justice immediately responded to PCMag's request for comment.

According to Craig Jones, head of cyber crime at SEROCU, the teen in question is also accused of "swatting," or falsely reporting a serious crime so that law enforcement will show up at a specific location, often with guns drawn and in full tactical gear.

In this case, officials received fake phone calls via Skype about a major incident in which SWAT teams were dispatched in the U.S.

"Cyber crime is an issue which has no boundaries and affects people on a local, regional and global level," Jones said.

SEROCU is asking that anyone with information regarding cyber offenses report the details to Action Fraud or the Crimestoppers hotline.

"As we continue to build capability and develop skills across wider policing, we still need industry, communities, and individuals to protect themselves by implementing basic security measures," Goodman said, "whilst taking full advantage and enjoyment the opportunities the world wide web provides."

Hacker's List allows you to hire a hacker anonymously and quickly

Hacker's List, a website that offers to connect customers and "professional" hackers for hire, would have you believe that just about everyone, at one point or another, needs to hack into something. And it wants to help.

The website — which shows listings as far back as November, when it launched — includes more than 400 posts from users seeking hackers. There are around 70 hacker profiles displayed on the site, but many of them don't appear to be active.

"Hiring a hacker shouldn't be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience," reads the website.

Hacking is no longer considered a task only reserved for high-stakes situations, like international espionage. 

There are listings for a variety of activities, which are called "projects" on the website, from breaking into iPhones to tampering with academic grades.

Once a user posts a job, hackers will respond with ideas for how to accomplish the task. After that, the person doing the hiring picks a hacker, based on price, availability. When pricing is agreed upon, the first payment is made. (Though Hacker's List claims it holds all payments until the project is complete.)

Bids for hackers can range from low prices (say, $1) to thousands. One listing, for example, wants hackers to remove content and images from search engines. The buyers is willing to pay as much as $4,000 for the job. Using this website, of course, doesn't mean that a hacker will automatically take on the job — many of the posts don't have any bids at all.

Data breaches are seemingly more common than ever before. The hackers freelancing for the listing service will have varying skill levels, but, as Mashable's Christina Warren put it, everyone should have the expectation that "our privacy and security are finite and will probably be breached."

To help keep sites secure, use password managers and generators — like LastPass — as well as two-factor authentication, which requires a password and a uniquely generated code, to protect email accounts and computer systems. The better the security, the more difficult it is to hack.

Hiring hackers online isn't new, and services sometimes have surprising legitimacy. One example: NeighborHoodHacker.com, which has a 1-888 number and live-chat receptionist. There's even a dedicated website for reviewing them. If something goes awry, the users can consult one of Hacker's List's "dispute specialists."

Of course, how legal all of this is remains entirely questionable. The site's terms and conditions forbid "use the Service for any illegal purposes," but breaking into someone's personal email, for one, is almost never OK, lawfully speaking.

The founders of the website are still too afraid to go public, according to The New York Times. The report said the founders were advised by legal counsel about how to structure the website to avoid liability for any wrongdoing by people either seeking to hire a hacker or by hackers agreeing to do a job. The site is registered in New Zealand.

Chinese Spies Stole Australia’s New F-35 Lightning-II fighter Jet Design, Snowden Reveals

The latest document release by Edward Snowden revealed the industrial-scale cyber-espionage operation of China to learn the secrets of Australia's next front-line fighter aircraft – the US-built F-35 Joint Strike Fighter (JSF).

Chinese spies stole "many terabytes of data" about the design of Australia’s Lockheed Martin F-35 Lightning II JSF, according to top secret documents disclosed by former US National Security Agency intelligence contractor Edward Snowden to German magazine Der Spiegel.

Chinese spies allegedly stole as much as 50 terabytes of data, including the details of the fighter’s radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets.

So far, the F-35 Lightning II JSF is the most expensive defence project in the US history. The fighter aircraft, manufactured by US-based Lockheed Martin, was developed at a cost of around $400 billion (£230 billion).

WhatsApp banning users for using third-party apps

Popular mobile messaging service WhatsApp is banning users who install and use WhatsApp Plus, a third-party Android app that offers access to the service along with some additional features. 

WhatsApp is banning users for 24 hours and returning an error message informing them that they have violated its terms of service. 

The messaging service has also posted the reason for the ban on its website's FAQ section. "WhatsApp Plus is an application that was not developed by WhatsApp, nor is it authorized by WhatsApp. The developers of WhatsApp Plus have no relationship to WhatsApp, and we do not support WhatsApp Plus. Please be aware that WhatsApp Plus contains source code which WhatsApp cannot guarantee as safe and that your private information is potentially being passed to 3rd parties without your knowledge or authorization. Please uninstall your application and install an authorized version of WhatsApp from our website or Google Play. Then, you will be able to use WhatsApp," it mentioned. 

WhatsApp Plus offers some additional features including themes and ability to modify chat screens but is a privacy hazard as private messages of users go through a server not controlled or owned by WhatsApp. Some ill-informed online reports had mentioned that WhatsApp Plus was an upcoming version of WhatsApp following which a number of users had started using the app. 

In November 2014, WhatsApp had added a new end-to-end encryption feature to its Android app with Open Whisper Systems, a San Francisco-based software group that developed the "TextSecure" programme, to protect users' conversations from unwanted surveillance and snooping. Using the third party app would have even bypassed this feature. 

WhatsApp Comes To The Desktop

There’s now a desktop version.

It’s a web app rather than a native client — and for now, at least, it seems to only play friendly with Google Chrome.

But if you’re ready to dive in, you can find the new web-ready version of WhatsApp right over here…

One weird catch: to log in on the desktop, you have to take a picture of a QR code through WhatsApp on your phone. This is necessary, presumably, because WhatsApp uses your phone number and SMS verifications rather than usernames/passwords. This currently works on Android, Windows Phone, and BlackBerry… but “due to Apple platform limitations” (WhatsApp’s words, there — we’re not sure what limitations they mean), iOS users are left out in the cold.

On the platforms where it works, however, it’s very slick.

Kim Dotcom starts end-to-end encrypted video calling service: MegaChat

Mega has opened beta testing for a new encrypted video calling service that integrates with its existing file hosting and sharing offerings.

The new MegaChat only supports voice and video calling for now, but text chat and video conferencing will be added soon, Mega founder Kim Dotcom said on Twitter.

The service runs inside Web browsers, not through a dedicated application, and is free to use. It can be launched from the mega.nz (not mega.co.nz) website by clicking on the new “Conversations” button in the left-side toolbar after logging in.

One of the most important features of the service is that, according to the company, it uses end-to-end encryption. This means that Mega shouldn’t have access to users’ encryption keys and shouldn’t be able to decrypt communications.

“No US based online service provider can be trusted with your data,” Dotcom said in December when he revealed plans to launch the service. “They must provide the US Government with backdoors,” he claimed at the time positioning MegaChat as a Skype alternative.

Of course, Dotcom is no friend to the U.S. government, which has been trying to extradite him from New Zealand to face copyright infringement and other charges in connection to the activity of his former company, Megaupload.

Also, end-to-end encryption only protects communications from upstream surveillance if there are no errors or intentional backdoors in the implementation, so until security researchers and cryptography experts have a chance to look at Mega’s implementation it would probably be best not to use the service for highly sensitive communications. The service is currently in the testing phase anyway, so the existence of bugs wouldn’t be unusual.

“Mega offers a security bounty again,” Dotcom announced Thursday on Twitter. “Please report any security flaw to us. We’ll fix it and reward you. Thanks for helping.”

A video calling test with MegaChat went relatively smooth. There were brief moments of video and audio degradation (mostly video), but not worse than typically experienced with Skype on the same machine and with the same Internet connection.

Teen hanged himself after receiving ransomware scam email

A 17-year-old college student who suffered from autism hanged himself after receiving a ransomware scam.

Joseph Edwards was alarmed after receiving an email that falsely claimed he'd been spotted browsing illegal websites and needed to pay £100 (payable in Ukash electronic money) or face being prosecuted. The email pushing the well-known police ransomware scam also downloaded malware that locked up his laptop once it was opened.

Police ransomware of this type does not encrypt files and is normally much easier to purge from infected systems, a factor that underlines the tragedy of what transpired.

Edwards was so distressed by the accusation and the extortionate demand that he took his own life hours after falling victim to the cruel scam on 6 August last year.

The A-level student's developmental disability likely made him more susceptible to thinking the scam email, supposedly sent from from Cheshire police, was genuine, a coroner heard on Thursday.

Edwards, who attended a mainstream school despite his autism, was found hanged at his family home in Windsor, Berkshire by his mother Jacqueline Edwards, who told the coroner that he probably didn't understand the implications of his actions. She has since begun a campaign to raise awareness about internet scams.

After Joseph's death, a Facebook page was created called "Fake Police Email Scam in Memory of Joseph Edwards" (available here).

"He didn't seem to have any worries known to me. I don't think he really understood," Jacqueline Edwards told the coroner.

"Joseph was subjected to a scam on the internet, a threatening, fake police link that was asking for money," his mother said in a statement, the Daily Telegraph reports. "He would have taken it literally because of his autism and he didn't want to upset Georgia [his sister] or me."

Detective Sergeant Peter Wall said it was very difficult to trace those responsible for the "elaborate" scam but it's likely to have originated outside the UK. Historically a lot of this type of fraud has come from Ukraine and to a lesser extent Romania.

The spam email, complete with Cheshire Police insignia, falsely claimed that indecent images had been found in the possession of the recipient, the intended mark for the scam.

The teenager died from asphyxia as a result of hanging, according to the post-mortem. Coroner Michael Burgess recorded an open verdict.

"He was suspended from the bannister by a ligature," Coroner Burgess ruled. "Although he undertook that action himself, his intention is not clear from the evidence."

"This scam may have caused him great distress and difficulty," he added.

The tragedy is mercifully rare but not unprecedented. Last year a Romanian “ransomware victim” hanged himself and his four-year-old son. A strain of police ransomware called IcePol was linked to the case, which involved extortionate demands for around $21,600. In 2012-13 the average Romanian yearly salary was just $7,200.