China pledges neutrality unless US strikes North Korea first

China’s government says it would remain neutral if North Korea attacks the United States, but warned it would defend its Asian neighbor if the U.S. strikes first and tries to overthrow Kim Jong Un’s regime, Chinese state media said Friday.

“If the U.S. and South Korea carry out strikes and try to overthrow the North Korean regime, and change the political pattern of the Korean Peninsula, China will prevent them from doing so,” reported the Global Times, a daily Chinese newspaper controlled by the Communist Party.

Meanwhile, other Asia-Pacific countries have come out in support of the United States in the event of a North Korean nuclear attack.

Japan’s defense minister, Itsunori Onodera, said this week that his nation’s military was ready to shoot down North Korean nuclear missiles, if necessary.

In Australia, Prime Minister Malcolm Turnbull described his country and the U.S. as being “joined at the hip,” the South China Morning Post reported.

“If there is an attack on the U.S., the Anzus Treaty would be invoked,” and Australia would aid the U.S., Turnbull told Australia’s 3AW radio Friday morning. Turnbull was referring to a collective security agreement between the United States, Australia and New Zealand.

The Chinese response to the heightened tensions between the U.S. and North Korea followed a number of hot-headed proclamations.

North Korea has threatened the U.S. with a nuclear attack on Guam, a U.S. territory south of Japan, after President Donald Trump said additional threats against the country or its allies would be met with “fire and fury.”

On Thursday, the president doubled-down on the remarks, saying his original comment possibly “wasn’t tough enough.”

In a separate appearance, Trump added: “Let’s see what [Kim Jong Un] does with Guam. He does something in Guam, it will be an event the likes of which nobody has seen before – what will happen in North Korea.”

One North Korean government official, meanwhile, accused Trump of “going senile,” Fox News reported.

Read More >>

Read More

Donald Trump prepares supporters for worst as Robert Mueller's Russia investigation closes in

Embattled President tells fanbase election hacking conspiracy an establishment fabrication invented to deprive them of their leader of choice

President Donald Trump is again attacking the media on Monday, and his broadsides carry a newly ominous edge: He is both faulting the media for allegedly downplaying the size and intensity of support from his base and accusing them of trying to deliberately weaken that support for him.

7 Aug
Donald J. Trump  ✔ @realDonaldTrump
The Trump base is far bigger & stronger than ever before (despite some phony Fake News polling). Look at rallies in Penn, Iowa, Ohio.......

Donald J. Trump ✔ @realDonaldTrump
Hard to believe that with 24/7 #Fake News on CNN, ABC, NBC, CBS, NYTIMES & WAPO, the Trump base is getting stronger!
7:18 AM - Aug 7, 2017
 25,742 25,742 Replies   16,584 16,584 Retweets   69,173 69,173 likes

This comes some 24 hours after Deputy Attorney General Rod J. Rosenstein made big news by telling Fox News Sunday that if the special counsel finds evidence of crimes in the course of his probe into Russian sabotage of our election, it may be within the scope of his investigation to pursue them.

In these seemingly disparate developments, it is hard not to discern the potential for a volatile, combustible combination.

Because Trump is undermining our democratic norms and processes in so many ways, it is often easy to focus on each of them in isolation, rather than as part of the same larger story. But, taken together, they point to a possible climax in which Trump, cornered by revelations unearthed by Robert S. Mueller III's probe and by ongoing media scrutiny, seeks to rally his supporters behind the idea that this outcome represents not the imposition of accountability by functioning civic institutions, but rather an effort to steal the election from him - and from them.

On ABC's This Week, Trump counsellor Kellyanne Conway on Sunday dismissed the “entire Russia investigation” as a “total fabrication” to “excuse” Hillary Clinton's loss. This echoed Trump himself, who recently told a rally that the probe is an effort to “cheat” his supporters out of their legitimately elected leadership (i.e., him) with a “fake story” that is “demeaning to our country and demeaning to our Constitution.”

It bears repeating that Mueller's investigation is looking at how a hostile foreign power may have sabotaged our democracy, and at whether the Trump campaign colluded with it, and at conduct by Trump himself that came after the election: Whether the firing of former FBI Director James Comey after a demand for his loyalty was part of a pattern of obstruction of justice. The first of these has been attested to by our intelligence services, and evidence of the second (at least in the form of a willingness to collude) and the third of these has been unearthed by dogged scrutiny by news outlets. It is hardly an accident that Trump continues to cast doubt on the credibility of both those institutions, even as he and his spokespeople continue to cast the entire affair as an effort to reverse the election by illegitimate means.

This threatens damage on multiple levels. By casting the entire Russia story as fiction, Trump seeks to undermine the credibility of efforts to determine how our electoral system might be vulnerable to further attacks, separate and irrespective of what is learned about the Trump campaign's conduct, possibly making it less likely that we secure our system against any such future sabotage.

We don't know what all the ongoing scrutiny will produce in the way of revelations. But if it does produce any serious wrongdoing by Trump and/or his campaign - or even evidence of serious misconduct that is not criminal - it's not difficult to imagine what might happen next. Trump's advisers regularly tell us he will cooperate with Mueller's probe and play down the possibility of any effort to remove the special counsel. But Trump has confirmed that he is furious with his own attorney general, Jeff Sessions, for failing to protect him from Mueller's probe. That Trump confirmed this publicly only further underscores that he has zero sense of any obligation to the public to follow any rules of conduct, and plainly views any efforts to hold him accountable to those rules as illegitimate.

Conservative writer Matt Lewis floats a scenario in which Mueller, under pressure to produce results, slips into prosecutorial overreach, giving Trump voters legitimate reasons to feel that the presidency is being stolen from them. It is fair to worry about such an outcome, and we must remember that we are far from knowing the full truth about what happened in 2016. But it's also easy to envision the flip side: Trump demagoguing his supporters into a frenzy of rage, at rallies that are exactly like the ones we've seen in recent days, in the face of legitimate revelations.

To be sure, there are new signs that Republicans in Congress are taking steps to set up safeguards, should Trump try to remove Mueller. There is reassuring evidence that our institutions are holding - for now, anyway - and as Brian Beutler notes in The New Republic, it's likely that more future revelations about Trump's unfitness for the presidency will further undercut his efforts to cast institutions holding him accountable as illegitimate. But Trump is already giving every indication that he will go all out in trying. And how much damage that will cause is anyone's guess.

Read More >>

Read More

No more ransomware: How one website is stopping the crypto-locking crooks in their tracks

No More Ransom launched a year ago: here's the story of how cybersecurity firms and law enforcement are working together to bring down ransomware.

Law enforcement organisations and cybersecurity companies around the world have attempted to do what they can to disrupt ransomware -- whether through takedowns of cybercriminal gangs by the authorities or security companies finding and providing decryption keys.
But this disjointed approach can only get so far in the modern hyper-connected world in which criminals cooperate across international borders and time zones.

It's why the No More Ransom initiative was launched a year ago, with the idea of bringing together law enforcement and private industry to combine efforts in the fight against cybercrime.
"It's the idea of everyone bringing what they're best at to the table to jointly try and tackle the biggest threat that we see out there," says Steve Wilson, head of Europol's Cybercrime Centre (EC3).

Launched jointly by Europol, the Dutch National Police, McAfee (then Intel Security), and Kaspersky Lab on July 25 2016, No More Ransom provided keys to unlocking encrypted files, as well as information on how to avoid succumbing to ransomware in the first place.

The portal initially provided decryption tools for four ransomware families: Shade, Rannoh, Rakhn, and CoinVault. It was collaborative work on decrypting CoinVault that led to the creation of a precursor to No More Ransom.
"We were working on CoinVault and did a lot of work with the Dutch police, and we were able to identify the command and control servers the cybercriminals were using," says David Emm, principal security researcher, Kaspersky Lab.

The operation led to Kaspersky uploading free-to-use decryption keys to a website and it took off from there. "It was really successful and this was just one and part of a wider trend, so we wanted to establish wider involvement," he says.

McAfee agreed that this collaboration -- both between competing private firms and the authorities -- was the way forward in the fight against the escalation of ransomware.

"There was just a sense that what would be nice would be to have an initiative to collaborate and work together on. But also to have a single point that people could go to when we create free decryption tools," says Raj Samani, chief scientist at McAfee.

That single place was the No More Ransom portal, which since its launch has been hosted by Amazon Web Services and Barracuda Networks -- and if it wasn't for cloud-hosting, the website would have been overwhelmed on its first day.

"Part of my responsibility was to find a hosting provider and I remember at the time I was asked how many HTTPs requests do you think you'll get a day and I thought 12,000 a day would be reasonable," says Samani.

"On day one we had 2.7 million -- then during one day, the weekend of WannaCry, we had eight million hits in a single day, so it's much bigger than we ever thought."

Following the initial success of the initiative, seven more cybersecurity firms have since joined as associate partners -- Bitdefender, Check Point, Trend Micro, Emisoft, ElevenPaths, Avast and Cert.PL -- each contributing to the development of decryption keys.

Dozens of law enforcement agencies -- including Interpol, Enisa and the NCA -- have also become actively involved in the scheme, which also receives additional support from dozens of security firms. There's now 109 partners in total and for Wilson, the more involved, the merrier: "The more people we get to contribute, the better this resource is going to be," he says.

Cybercrime is a global problem, but while there is more international cooperation between law enforcement agencies than there's been before, rules and regulations mean that sometimes the authorities can't act as quickly as they'd like.

That's a disadvantage against global crime gangs, but private cybersecurity firms can be more flexible, enabling the No More Ransom operation to take the fight to cybercriminals at a faster pace by releasing decryption tools as and when they're developed.

"Law enforcement agencies have restrictions that criminals don't -- they have the logistics of paperwork. Whereas at least under the umbrella of a project like this, there's nothing to slow it down," says Emm.

It's difficult to quantify the exact number of decryptions which have occurred thanks to downloads from No More Ransom -- the portal just provides links, it doesn't monitor what happens next -- but it's thought that over 28,000 decryptions have taken place using the tools, saving millions from being paid to cybercriminals in the process.

"It really strongly justified a single response to this rather than over each country trying to develop something themselves," says EC3's Wilson.

No More Ransom doesn't discriminate about what decryption tools are added to the portal -- sometimes these come in batches, sometimes individual decryptors are uploaded as and when they're made available -- but how does this happen?

There are a number of ways. The first is if encryption keys simply get leaked. Indeed, an example of this occurred just hours after the launch of No More Ransom when the cybercriminal gang behind the Petya ransomware -- long before it caused a global incident -- leaked 3,500 decryption keys for a competing form of ransomware, Chimera. "We were able to grab them and create a tool," says Samani.

But most of the time, decrypting ransomware comes down to hard work, with cybersecurity firms and the authorities working together in order to identify ransomware variants and crack codes.

"Working with law enforcement, we identify the infrastructure, go through the proper legal process to seize the key server and extract the decryption keys," says Samani. That's how Shade ransomware was decrypted, resulting in 165,000 decryption keys being made available.

That's where the aid of law enforcement especially comes in -- a cybersecurity firm can't walk in and seize a botnet, but they can aid in its takedown, as was the case with Operation Avalanche, which took down a prominent malware botnet.

"On the offensive side from us, tackling the actual business model of ransomware-as-a-service and very much going after the large scale perpetrators of cybercrime is very much what we're trying to do," says Wilson.

Naturally, the very existence of No More Ransom has irked malicious actors. "Analysis of the chatter on underground forums shows how angry they are," says McAfee's Samani. "We even had a ransomware variant named after us -- there's an extension that had been encrypted as NoMoreRansom."

So the portal is required to have the best defences possible in order to prevent attacks against it.

"We've got to do all the normal housekeeping things to keep it secure. We've got to pen test it to ensure that it's as secure as we can make it. People are going to want to stop it, we need to make it as resilient as we can," says David Emm.

That's where Barracuda Networks and Amazon Web Services come in -- both powering the portal and keeping it safe from attackers -- in the spirit of cooperation on which No More Ransom is based.

"I'm blown away by how open and collaborative we've been. AWS, for example, hosting it for free, it's incredible, it's probably the most targeted website in the world and they've said OK, no arguments," says Samani.

A year on from the launch of No More Ransom, what's the project's future? An anniversary update includes more decryption tools and the website translated into even more languages to reflect the global interest in the project and to help users and businesses around the world.

The platform is now available in 26 languages, with the most recent additions Bulgarian, Chinese, Czech, Greek, Hungarian, Indonesian, Malay, Norwegian, Romanian, Swedish, Tamil and Thai.

Ransomware is a major problem and while no one is under any illusion that the project is going to eliminate the problem, those behind it are doing all they can to educate against the dangers of ransomware and provide aid against it.

"We totally accept that this isn't a panacea; there's always going to be a lag time between us being able to assist, but we're trying to make that difference," says Wilson.

That's no small task, given ransomware is ever-evolving - and things are likely to get worse before they get better.

Read More >>

Read More