Spread the word – Occupy the Internet

Right now at a UN meeting in Dubai, authoritarian regimes are pushing for full governmental control of the Internet in a binding global treaty — if they succeed, the internet could become less open, more costly and much slower. We have only 2 days to stop them.

The Internet has been an amazing example of people power — allowing us to connect, speak out and pressure leaders like never before. That’s largely because it’s been governed to date by users and non-profits and not governments. But now countries like Russia, China and United Arab Emirates are trying to rewrite a major telecom treaty called the ITR to bring the Internet under its control — the web would then be shaped by government interests and not by us, the users. Tim Berners Lee, one of the “fathers of the Internet,” has warned that this could increase censorship online and invade our privacy. But if we object with a massive people-powered petition, we can strengthen the hand of countries fighting this power grab.

We have stopped attacks like this before and can do it again before the treaty text is locked this week. A wave of opposition to a new ITR is already building — sign the petition to tell governments hands off our Internet! and then forward this email to everyone you know — when we hit 1 million signers, it’ll be delivered straight to the delegates at this cozy meeting.

The meeting to update the ITR (International Telecommunication Regulations) is being convened by a UN body called the International Telecommunications Union (ITU). Normally, it wouldn’t merit much attention, but Russia, China, Saudi Arabia and others are trying to use the meeting to increase government control of the Internet through proposals that would allow for access to be cut off more easily, threaten privacy, legitimize monitoring and traffic-blocking, and introduce new fees to access content online.

At the moment, our Internet has no central regulatory body, but various non-profit organisations work together to manage different technological, commercial and political interests to allow the Internet to run. The current model is certainly not without its flaws. US dominance and corporate influence highlight the need for reform, but changes should not be dictated from an opaque governments-only treaty body. They should emerge from an open and transparent, people-powered process — putting the interests of us users in the center.

The ITU does extremely important work — expanding affordable access for poor countries and securing networks — but it’s not the right place to make changes to how the Internet operates. Let’s ensure that our Internet stays free and governed by the public and show the ITU and the world that we won’t stay silent in the face of this Internet attack. Click here to sign and then share this email widely.

Avaaz members have come together before to save the free web — and won. More than 3 million of us demanded the US kill a bill that would have given the government the right to shut down any website, helping push the White House to drop its support. In the EU, the European Parliament responded after 2.8 million of us called on them to drop ACTA, another threat to the free net. Together, now we can do it again.

With hope,

Pascal, Ian, Paul, Luca, Caroline and the rest of the Avaaz team


Cerf and Berners Lee Criticize ITU Conference (IT Pro Portal):

ITU and Google face off at Dubai conference over future of the internet (Guardian):

Keep the Internet Open (New York Times):

Proposal for global regulation of web (Financial Times):

Who controls the Internet? (Guardian):

Avaaz.org is a 17-million-person global campaign network
that works to ensure that the views and values of the world’s people shape global decision-making. (“Avaaz” means “voice” or “song” in many languages.) Avaaz members live in every nation of the world; our team is spread across 19 countries on 6 continents and operates in 14 languages. Learn about some of Avaaz’s biggest campaigns here, or follow us on Facebook or Twitter.

You are getting this message because you signed “ITU: Hands off our Internet!” on 2012-12-11 03:15:35 using the email address ajl@gam.co.za.

To ensure that Avaaz messages reach your inbox, please add avaaz@avaaz.org to your address book. To change your email address, language settings, or other personal information, go here, or simply go here to unsubscribe.To contact Avaaz, please do not reply to this email. Instead, write to us at www.avaaz.org/en/contact or call us at +1-888-922-8229 (US).

No virus found in this message.
Checked by AVG – www.avg.com
Version: 2012.0.2221 / Virus Database: 2634/5450 – Release Date: 12/10/12


Cheap access to corporate computers

By Mark Ward Technology correspondent, BBC News

Cybercriminals are openly selling illegal access to the computer networks of many of the world’s biggest companies. For only a few pounds or dollars, fraudsters and scammers can get the login in details for a server sitting on the network of a Fortune 500 firm.

Those renting access can use the machine to carry out their own scams, such as sending spam, or use it as a springboard for a wider hacking attempt on a big company. The network access is just one of a wide range of cybercrime services now available on the underground economy.

Called Dedicatexpress, the hacked server service was uncovered by security researcher Brian Krebs who spent two weeks tracking down the site, accessing its forums and getting hold of a list of the corporate networks to which it offered access.

Currently, the site has about 17,000 servers available but he estimates that about 300,000 have been listed since the site started in 2010. Since Mr Krebs wrote about it, the site has changed to become member-only.

Spam funnel

Mr Krebs said the site was acting as a broker on behalf of hackers who had already won access to the networks as a result of separate attacks.

“It seems to they are gathering these from people who are selling them to the service,” he told the BBC.

“They maybe individual hackers that have no use for these but know they have value and are re-selling them.”

The servers listed could prove useful to spammers or other fraudsters who want to use corporate resources, which typically include high speed net links and powerful computers for their own ends.

Dedicatexpress puts some restrictions on what customers can do with some hacked servers, said Mr Krebs. Paypal fraud, online gambling and dating site scams are among activities banned on some.

While openly offering hacked servers for sale may be a surprise or a shock to some, Mr Krebs said it was likely that the computers had been compromised for a long time.

“My sense is that a lot of these systems are probably abused quite a bit before they get to this point,” he said. “They may have been wrung out in other ways before they are sold to a service like this.”

The first cybercriminal or hacker that won access to the server probably used it for their own ends, he said. That might have involved stealing company secrets, using it as a server for a phishing scam or to funnel spam through.

“These could provide someone with full control of a machine which is on the inside of a major corporation’s network,” said Yuval Ben-Itzhak, chief technology officer at security firm AVG. “They can be used to attack machines outside of the network under the disguise of a trusted company.”

Mr Ben-Itzhak said it was easy for firms to stop cyber-thieves winning access if they changed default passwords and made sure those they did pick were hard to guess. Anything else, he suggested, was just being “sloppy”.

Underground express

Rik Ferguson, director of security research and communications at Trend Micro, said the existence of Dedicatexpress showed how sophisticated the underground economy had become.

“That’s the beauty of digital crime as far as the criminal is concerned,” he said. “It doesn’t have to be exclusive, the same ‘stolen goods’ can be sold and resold with no deterioration in quality, whether that is intellectual property, credentials, stolen accounts or network access.”

Dedicatexpress was just one of many, many sites run out of countries in Eastern Europe that made up the underground economy, said Mr Ferguson.

A report by security firm Trend Micro showed that Russia was at the centre of this widespread criminal economy in which any and every cybercrime service is on sale – at a price. The rates being charged for the various services, including everything from hacking corporate mailboxes to sending junk texts, were detailed in the report.

One of the most expensive services on offer on the underground was the purchase of an entire botnet for about £435 ($700). A botnet is a network of hijacked home computers that a hacker has compromised. The computers on this network can be plundered for saleable data or used as proxies for spamming campaigns or phishing attacks.

If buying a botnet is too expensive, renting one for an hour can cost as little as £1.20 ($2), and sending a million emails out via it would cost about £6. The Trend Micro report found that custom hacking jobs were more expensive though unlikely to break the bank. For instance, hacking a Gmail, Facebook or Twitter account would cost about £100.

Cybercrime in Russia had long ceased being a “hobby” for hackers, said Mr Ferguson, and had become a way of life for many criminals who were making a good living from their nefarious deeds. Brian Krebs said he was no longer shocked by the scale and sophistication of the hi-tech crime economy.

“A few years ago I would have been,” he said. “Now? Not so much. There are just so many of these types of services out there and these hacked servers are very widely available.”

source: BBC