ランサムウエア攻撃、支払い身代金は253件7万ドルに。引き出しは無し

最大規模のランサムウエア攻撃による身代金支払いは5月17日午前(日本時間)現在で253件71,647米ドル相当(約800万円)ですが、払われたビットコインが引き出された形跡はなく、目下”収入”はゼロのようです。各国の捜査機関や情報機関が犯人捜しを進めています。150ヵ国30万件もウイルスソフトが駆け巡ったのはメールのリンクを使って感染先から次々に新たな攻撃先を捜す命令が書き込まれていたためでした。このため第1号の感染先を特定することが犯人追跡に重要になりますが、どうもその場所は東南アジアだったようです。しかし、疑われた国は否定しています。

既に亜種が複数確認されており、第2波の攻撃を指摘する専門家もいますが、ぜい弱性が狙われたのはウインドウズXPで修正パッチの対応も進んでいますので、これ以上に警戒が必要なのは悪のりする連中が出てきていることです。このブログに載せているメールアドレスにも突然不審なメールが続いています。大手IT会社名でもきました。よくできていましたが発信アドレスは存在しないものでした。リンク先はクリックしていませんが、ほとんどはセキュリティサービスを提供するという詐欺です。今回の攻撃が大きく取り上げられたためこうした手合いも稼ぎ始めています。

ソースは多数ですが、例えば
ソース

150ヵ国30万台を感染させて”売り上げ”はたった600万円

世界150ヵ国で30万台のパソコンをクラッシュさせた過去最大のランサムウエア攻撃の”売り上げ”は5月16日午前(日本時間)現在で209件55,169米ドル(約625万円)にしかなっていないようです。また、今回のランサムウエア「WannaCry」の初期バージョンプログラムに北朝鮮に繋がるハッカー集団「Lazarus」の痕跡が見つかったとして、「今回の攻撃の背後に北朝鮮がいる可能性がある」という情報が流されましたが、これはまだ未確認情報です。今回のランサムウエアのプログラムにロシア語などで使われるキリル文字があったという情報もあります。 続きを読む

【一部修正】 未曾有なランサムウエア攻撃、世界の政府機関、有名企業・組織が被害、日本の大手2社の数千台も。原発、交通、電気などインフラは警戒が必要

金曜日に世界を襲った未曾有のランサム攻撃による被害は週明けの5月15日になってさらに拡大、各国で有名な企業、団体・組織や政府機関での被害が確認されています。日本関連でも大手2社を含め600件約2000台に被害が出たとみられています。暗号解読キー料金として300ドル分のビットコインを3日以内に支払うよう要求、これを超えると身代金は倍の600ドルになり、7日後には暗号化されたファイルの復元は不可能になると脅す脅迫文がパソコンの言語に対応して28カ国語で表示されます。これまでに確認されたのは150ヵ国23万件と過去に例がない規模になっています。被害はウインドウズXPが多い(マイクロソフトは異例の修正パッチを配布済み)ですが、ウインドウズサーバー2003でも発生しています。専門家は亜種に変化させた第2波の攻撃の恐れがあるとして警戒を求めています。 続きを読む

☆緊急☆ 未曾有のランサムウエア攻撃、世界150ヵ国20万件被害。病院ばかりでなくフェデックスなど物流も、日本、シンガポールなどアジアも狙われる。月曜(15日)朝にクラッシュ拡大の恐れ

タイトルに書いたような被害が起きていますが、月曜(15日)朝にさらに全世界的にクラッシュが拡大する可能性が指摘されています。 続きを読む

サイバー攻撃にぜい弱な海運業界、GPSダウンの事例も、保険カバー不十分

一般の産業界に比べて海運業界のサイバーセキュリテイ対策が遅れているとたびたびいわれていますが、専門家は攻撃者のスキルがアップしている中でGPSへの妨害事例を挙げ、さらに被害カバーのための保険に隙間が空いている点を指摘します。 続きを読む

ベトナムの主要空港、航空会社のサイトにハッキング攻撃、「南シナ海問題で非難」、「1937CNチーム」名乗る

ベトナムの主要空港のインフォメーションボードやと航空会社のサイトが7月29日夕(現地時間)、ハッキング攻撃を受けました。書き換えられたインフォメーションボードには、南シナ海問題でベトナムとフィリピンを非難・侮辱するメッセージが表示され、「1937CNチーム」を名乗っていました。 続きを読む

ペンタゴンが準備する「サイバー9・11」の衝撃のシナリオ

米国防総省(ペンタゴン)が深刻なサイバー攻撃に対する準備を進めています。「サイバー9・11」と名付けられたシナリオで想定された国家・都市・生活機能の崩壊の姿は現代のサイバー攻撃の実相です。 続きを読む

EUとツイッター、グーグルなどIT大手4社がヘイトスピーチ排除の行動規範で合意

欧州委員会(EU)は5月31日、人種差別やテロを助長するヘイトスピーチをネット上から排除する行動規範(code of conduct )についてフェイスブック、ツイッター、YouTube、マイクロソフト(グーグル)のIT大手4社と合意したと発表しました。4社は指摘を受ければ精査し、24時間以内に必要ならアカウントの無効化やコンテンツの削除をすることになります。ソーシャルメディア(SNS)を媒介として差別主義が拡大している現状に対し、EUはSNS管理者などと連携して実効性のある対策を打ち出したことになります。

現在の日本では他の人種や民族、国家、宗教を認めないヘイトスピーチを容認あるいは黙認する右翼勢力が政治に大きな影響力を持っていますから政治力に頼ることはできませんが、SNSなどの管理者はこのEUの決断を受けて自主的にEU行動規範の意味を噛みしめて行動に移してほしいものです。

数年前からEUはヘイトスピーチ対策に動いていますが、緊急性を感じた背景はテロでした。若者に対する扇動効果が高いネット上の情報に対して放置はできなくなったためです。自主的な判断力がない層にSNSは絶大な効果を持っています。EUは表現の自由を尊重していますが、ヘイトスピーチに対しては司法的な手続きを待っていたのでは間に合わないというネットの特性から「24時間以内」の削除という基準を設けたとみられます。また、この行動規範には大手4社ばかりでなく他のサービスプロバイダも加わってほしいと呼び掛けています。

以下にEUのプレスリリースを貼っておきます。
European Commission – Press release

European Commission and IT Companies announce Code of Conduct on illegal online hate speech

Brussels, 31 May 2016

The Commission together with Facebook, Twitter, YouTube and Microsoft (“the IT companies”) today unveil a code of conduct that includes a series of commitments to combat the spread of illegal hate speech online in Europe.

The IT Companies support the European Commission and EU Member States in the effort to respond to the challenge of ensuring that online platforms do not offer opportunities for illegal online hate speech to spread virally. They share, together with other platforms and social media companies, a collective responsibility and pride in promoting and facilitating freedom of expression throughout the online world. However, the Commission and the IT Companies recognise that the spread of illegal hate speech online not only negatively affects the groups or individuals that it targets, it also negatively impacts those who speak out for freedom, tolerance and non-discrimination in our open societies and has a chilling effect on the democratic discourse on online platforms.

In order to prevent the spread of illegal hate speech, it is essential to ensure that relevant national laws transposing the Council Framework Decision on combating racism and xenophobia are fully enforced by Member States in the online as well as the in the offline environment. While the effective application of provisions criminalising hate speech is dependent on a robust system of enforcement of criminal law sanctions against the individual perpetrators of hate speech, this work must be complemented with actions geared at ensuring that illegal hate speech online is expeditiously reviewed by online intermediaries and social media platforms, upon receipt of a valid notification, in an appropriate time-frame. To be considered valid in this respect, a notification should not be insufficiently precise or inadequately substantiated.

Vĕra Jourová, EU Commissioner for Justice, Consumers and Gender Equality, said, “The recent terror attacks have reminded us of the urgent need to address illegal online hate speech. Social media is unfortunately one of the tools that terrorist groups use to radicalise young people and racist use to spread violence and hatred. This agreement is an important step forward to ensure that the internet remains a place of free and democratic expression, where European values and laws are respected. I welcome the commitment of worldwide IT companies to review the majority of valid notifications for removal of illegal hate speech in less than 24 hours and remove or disable access to such content, if necessary.”

Twitter’s Head of Public Policy for Europe, Karen White, commented: “Hateful conduct has no place on Twitter and we will continue to tackle this issue head on alongside our partners in industry and civil society. We remain committed to letting the Tweets flow. However, there is a clear distinction between freedom of expression and conduct that incites violence and hate. In tandem with actioning hateful conduct that breaches Twitter’s Rules, we also leverage the platform’s incredible capabilities to empower positive voices, to challenge prejudice and to tackle the deeper root causes of intolerance. We look forward to further constructive dialogue between the European Commission, member states, our partners in civil society and our peers in the technology sector on this issue.”

Google’s Public Policy and Government Relations Director, Lie Junius, said: “We’re committed to giving people access to information through our services, but we have always prohibited illegal hate speech on our platforms. We have efficient systems to review valid notifications in less than 24 hours and to remove illegal content. We are pleased to work with the Commission to develop co- and self-regulatory approaches to fighting hate speech online.”

Monika Bickert, Head of Global Policy Management at Facebook said: “We welcome today’s announcement and the chance to continue our work with the Commission and wider tech industry to fight hate speech. With a global community of 1.6 billion people we work hard to balance giving people the power to express themselves whilst ensuring we provide a respectful environment. As we make clear in our Community Standards, there’s no place for hate speech on Facebook. We urge people to use our reporting tools if they find content that they believe violates our standards so we can investigate. Our teams around the world review these reports around the clock and take swift action.”

John Frank, Vice President EU Government Affairs at Microsoft, added: “We value civility and free expression, and so our terms of use prohibit advocating violence and hate speech on Microsoft-hostedconsumer services. We recently announced additional steps to specifically prohibit the posting of terrorist content. We will continue to offer our users a way to notify us when they think that our policy is being breached. Joining the Code of Conduct reconfirms our commitment to this important issue.”

By signing this code of conduct, the IT companies commit to continuing their efforts to tackle illegal hate speech online. This will include the continued development of internal procedures and staff training to guarantee that they review the majority of valid notifications for removal of illegal hate speech in less than 24 hours and remove or disable access to such content, if necessary. The IT companies will also endeavour to strengthen their ongoing partnerships with civil society organisations who will help flag content that promotes incitement to violence and hateful conduct. The IT companies and the European Commission also aim to continue their work in identifying and promoting independent counter-narratives, new ideas and initiatives, and supporting educational programs that encourage critical thinking.

The IT Companies also underline that the present code of conduct is aimed at guiding their own activities as well as sharing best practices with other internet companies, platforms and social media operators.

The code of conduct includes the following public commitments:

・The IT Companies, taking the lead on countering the spread of illegal hate speech online, have agreed with the European Commission on a code of conduct setting the following public commitments:
・The IT Companies to have in place clear and effective processes to review notifications regarding illegal hate speech on their services so they can remove or disable access to such content. The IT companies to have in place Rules or Community Guidelines clarifying that they prohibit the promotion of incitement to violence and hateful conduct.

・Upon receipt of a valid removal notification, the IT Companies to review such requests against their rules and community guidelines and where necessary national laws transposing the Framework Decision 2008/913/JHA, with dedicated teams reviewing requests.

・The IT Companies to review the majority of valid notifications for removal of illegal hate speech in less than 24 hours and remove or disable access to such content, if necessary.

・In addition to the above, the IT Companies to educate and raise awareness with their users about the types of content not permitted under their rules and community guidelines. The use of the notification system could be used as a tool to do this.

・The IT companies to provide information on the procedures for submitting notices, with a view to improving the speed and effectiveness of communication between the Member State authorities and the IT Companies, in particular on notifications and on disabling access to or removal of illegal hate speech online. The information is to be channelled through the national contact points designated by the IT companies and the Member States respectively. This would also enable Member States, and in particular their law enforcement agencies, to further familiarise themselves with the methods to recognise and notify the companies of illegal hate speech online.

・The IT Companies to encourage the provision of notices and flagging of content that promotes incitement to violence and hateful conduct at scale by experts, particularly via partnerships with CSOs, by providing clear information on individual company Rules and Community Guidelines and rules on the reporting and notification processes. The IT Companies to endeavour to strengthen partnerships with CSOs by widening the geographical spread of such partnerships and, where appropriate, to provide support and training to enable CSO partners to fulfil the role of a “trusted reporter” or equivalent, with due respect to the need of maintaining their independence and credibility.

・The IT Companies rely on support from Member States and the European Commission to ensure access to a representative network of CSO partners and “trusted reporters” in all Member States helping to help provide high quality notices. IT Companies to make information about “trusted reporters” available on their websites.

・The IT Companies to provide regular training to their staff on current societal developments and to exchange views on the potential for further improvement.

・The IT Companies to intensify cooperation between themselves and other platforms and social media companies to enhance best practice sharing.

・The IT Companies and the European Commission, recognising the value of independent counter speech against hateful rhetoric and prejudice, aim to continue their work in identifying and promoting independent counter-narratives, new ideas and initiatives and supporting educational programs that encourage critical thinking.

・The IT Companies to intensify their work with CSOs to deliver best practice training on countering hateful rhetoric and prejudice and increase the scale of their proactive outreach to CSOs to help them deliver effective counter speech campaigns. The European Commission, in cooperation with Member States, to contribute to this endeavour by taking steps to map CSOs’ specific needs and demands in this respect.

・The European Commission in coordination with Member States to promote the adherence to the commitments set out in this code of conduct also to other relevant platforms and social media companies.

The IT Companies and the European Commission agree to assess the public commitments in this code of conduct on a regular basis, including their impact. They also agree to further discuss how to promote transparency and encourage counter and alternative narratives. To this end, regular meetings will take place and a preliminary assessment will be reported to the High Level Group on Combating Racism, Xenophobia and all forms of intolerance by the end of 2016.

Background

The Commission has been working with social media companies to ensure that hate speech is tackled online similarly to other media channels.

The e-Commerce Directive (article 14) has led to the development of take-down procedures, but does not regulate them in detail. A “notice-and-action” procedure begins when someone notifies a hosting service provider – for instance a social network, an e-commerce platform or a company that hosts websites – about illegal content on the internet (for example, racist content, child abuse content or spam) and is concluded when a hosting service provider acts against the illegal content.

Following the EU Colloquium on Fundamental Rights in October 2015 on ‘Tolerance and respect: preventing and combating Antisemitic and anti-Muslim hatred in Europe’, the Commission initiated a dialogue with IT companies, in cooperation with Member States and civil society, to see how best to tackle illegal online hate speech which spreads violence and hate.

The recent terror attacks and the use of social media by terrorist groups to radicalise young people have given more urgency to tackling this issue.

The Commission already launched in December 2015 the EU Internet Forum to protect the public from the spread of terrorist material and terrorist exploitation of communication channels to facilitate and direct their activities. The Joint Statement of the extraordinary Justice and Home Affairs Council following the Brussels terrorist attacks underlined the need to step up work in this field and also to agree on a Code of Conduct on hate speech online.

The Framework Decision on Combatting Racism and Xenophobia criminalises the public incitement to violence or hatred directed against a group of persons or a member of such a group defined by reference to race, colour, religion, descent or national or ethnic origin. This is the legal basis for defining illegal online content.

Freedom of expression is a core European value which must be preserved. The European Court of Human Rights set out the important distinction between content that “offends, shocks or disturbs the State or any sector of the population” and content that contains genuine and serious incitement to violence and hatred. The Court has made clear that States may sanction or prevent the latter.

For more information:

hate_speech_code_of_conduct_en

Framework Decision on combating certain forms and expressions of racism and xenophobia by means of criminal law

ソース(EUサイト=プレスリリース)

《一部追加》 ★新手の「ハイテク海賊」の脅威現実に。積荷データハッキング、乗船し高価積荷狙う

武装した海賊が船をハイジャックし、船や乗組員を人質にして金を取る、というのが海賊の姿でしたが、IT技術を駆使した新手の「ハイテク海賊」が出てきています。船会社のサイバーセキュリティのぜい弱性が指摘されてきましたが、そこをつく手口で、きちんと防衛策を取ることが必要です。 続きを読む

「イスラム国」ハッカー、中国・清華大サイト乗っ取る

工科部門で世界1になった中国を代表する清華大学(北京市)のホームページを自称「イスラム国」ハッカーが乗っ取ってウエブページを改変。聖戦への呼びかけとみられる英文メッセージが馬に乗った聖戦戦士の画像と共に載せられました。大学側は直ぐに削除しました。中国では昨年夏、新疆の80歳のイスラム教徒が「異教徒と戦う」と言って「イスラム国」への参加を表明しています。 続きを読む

← 前のページ次のページ →