Search Results for “Sean Gallagher”

September 21, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Controversial Cryptography Company Crown Sterling Touts Decryption Accomplishment, Experts Immediately Deride Company’s Claim

Controversial digital cryptography company Crown Sterling issued a press release claiming that it had decrypted two RSA 256-bit asymmetric public keys in approximately 50 seconds from a standard laptop computer before a gathering of what the press release says is “approximately 100 academics and business professionals,” a claim met with great derision among experts who understand cryptography. Crown Sterling also released a video of the decryption demonstration. Crown Sterling has been promoting its “Time AI” cryptographic system which it says will fix the breakable-ness of RSA cryptography by using an entirely different method of generating keys, one that doesn’t rely on factoring large prime numbers. The company is suing cybersecurity conference Black Hat for alleged breach of contract over a sponsored presentation it gave at the event in August, which generated jeers from the presentation attendees.

Related: Schneier on Security, Yahoo Finance

Tweets:@thepacketrat @thepacketrat @lesleycarhart @TheSweetKat @gregotto @LargeCardinal @henrykploetz @erratarob @malwaretechblog @matthew_d_green @XorNinja @taviso

Schneier on Security: Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
Yahoo Finance: Crown Sterling Decrypts RSA Asymmetric Public Keys in Live Demonstration

@thepacketrat: Sooooo. Anyone available to comment on this?
@thepacketrat: Video here.
@lesleycarhart: Wow, the hole just gets deeper and deeper...
@TheSweetKat: Breaking news: Crown Sterling cracks symmetric encryption method known as ROT-13
@gregotto: Crown Sterling (the company that is suing Black Hat) just sent out a press release saying it decrypted RSA keys Thursday in front of a room full of academics in California yesterday.If you were in that room, I would like to speak with you
@LargeCardinal: I think @matthew_d_green has done stuff on this, but these numbers don't seem that impressive... Doing some digging now.
@henrykploetz: Well, this is Sagemath on my Ultrabook (X1 Carbon 2017). I'm assuming the default implementation is single-threaded. So, "50 seconds" is exactly the expected performance on a 4-core laptop.
@erratarob: Cracking 256-bit RSA keys is simple and not a convincing demonstration. Whatever you demo in a controlled setting with a laptop is not believable, since you can cheat. This means nothing.Solving any real-world problem, such as the above key, is what would convince people.
@malwaretechblog: Who exactly are they trying to impress? You can factor 256 bit RSA on a smartphones in < 1h, and 512 bit is doable in a few mins with a EC2 cluster.
@matthew_d_green: These Crown Sterling people are going to launch a cryptocurrency, mark my words.
@XorNinja: Say what you want about Crown Sterling, but this is definitely a breakthrough in cryptography bullshit
@taviso: I googled some of the strings in the output, it looks like a modified version of cado-nfs, e.g. the tasks.threads message comes from here ?;a=blob;f=scripts/cadofactor/;hb=6b6df64249cf60eeace0f7611a266d972af74d56#l806

September 6, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Flagstaff Cancels Classes in Its School District Due to Ransomware Discovered During Routine Maintenance

All classes were canceled September 5 at Flagstaff Unified School District (FUSD) schools in Arizona after the discovery of a ransomware attack against the district’s servers during routine maintenance on Wednesday, September 4. The district says all FUSD issued devices, including laptops, at all sites need to be updated and asked all FUSD employees to bring any Windows-based laptops to Sinagua Middle School by 9 a.m. Friday. Officials say they have to “break the connection” from the Internet to all school devices to mitigate the issue.

August 23, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Would-Be Digital Cryptography Firm Crown Sterling Sues Black Hat Conference Organizers, Ten ‘Doe’ Defendants Over Disruption at Sponsored Presentation

After almost getting booed off the stage at Black Hat, “emerging digital cryptography” firm Crown Sterling is suing conference company UBM alleging that its Black Hat USA event had breached “its sponsorship agreement with Crown Sterling and the implied covenant of good faith and fair dealing arising therefrom.” The company also accuses the conference organizers of “other wrongful conduct” connected to events surrounding the presentation of a paper by Crown Sterling CEO and founder Robert E. Grant. In addition to legally targeting the conference, Crown Sterling has also filed suit against 10 “Doe” defendants, who it claims orchestrated disruption of the company’s sponsored talk at Black Hat. Before, during and after the conference, cryptographers were extremely skeptical with what Crown Sterling was pitching, with some referring to the talk as “snake oil crypto.”

Related: U.S. District Court (PDF), Business Wire, Cyberscoop

Tweets:@malwarejake @gossithedog @jwgoerlich @J0hnnyXm4s @oscaron @matir @halvarflake @betoonsecurity @snlyngaas @thepacketrat @JGamblin @fs0c131y @shotgunner

U.S. District Court Southern District of New York: Complaint (PDF)
Business Wire: Crown Sterling Files Complaint Against UBM — Owner and Organizer of Black Hat USA 2019 Cryptography Industry Conference
Cyberscoop: The company behind ‘Time A.I.’ is suing the company behind Black Hat

@malwarejake: Does Crown Sterling know there are photos and videos of the room? Because you can call this room a lot of things, but "filled to capacity with conference attendees" isn't one of them...
@gossithedog: Remember the TIME AI(tm) people, Crown Sterling, who bought a talk at Black Hat and then presented laughable rubbish buzzword nonsense? They’re suing Black Hat. If this was a smaller con it would finish them. Never give Crown Sterling a stage again, any and every event.
@jwgoerlich: Remember waaay back at ?Black Hat, when there was a crazy five dimension “crypto” talk, TIME AI, and ? @dguido ? called them out?Well. The TIME AI guys are back. And they brought lawyers.(via ? @thepacketrat ?)
@J0hnnyXm4s: This is the best they could come up with: Holding Black Hat responsible for the conduct of its attendees. GLHF
@oscaron: The only guy I saw complaining was THIS guy....who is connected to Crown Sterling
@matir: Crown Sterling is like a flat earther who read a math textbook while on LSD.
@halvarflake: The Crown Sterling thing is the Infosec variant of the Trump administration :-). Don't reply plz, this is a statement and not an invitation to discuss.
@betoonsecurity: Crown Sterling is a fraud. Not allegedly. I am actively accusing them of being frauds and charlatans.
@snlyngaas: The COO referred Jeff to the lawsuit, but also didn't fail to mention that Crown Sterling has an "exciting" new product set to take the cybersecurity industry by storm.
@thepacketrat: From the lawsuit: "Excitement over Crown Sterling's presence had been building..."
@JGamblin: If 5D encryption doesn't work for Crown Sterling I think they have the Laapr (Lawsuit as a Press Release) market cornered.
@fs0c131y: Seriously? These guys have no shame
@shotgunner: Never fails to amaze me how stupid companies are and those that control them. Crown Sterling is apparently going all out on the stupidity path lol.

August 22, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Five of the Local Governments Hit by Sweeping Ransomware Attacks in Texas Identified, Malware Doesn’t Appear to by Ryuk Variety

Five local governments of 22 that were struck by ransomware in Texas have been identified. Lubbock County, which escaped major disruptions, Borger, where the ransomware “impacted normal City business and financial operations and services,” Kaufman, which was “severely affected,” Keene, where the city’s system for paying water bills was pulled down and Wilmer, where the police department, water department, and public library were all affected. While the ransomware used in the attack has not been identified, it does not appear to be Ryuk malware, which hit a number of local governments in June and July.

Related: Gadgets Now, NDTV, Houston Chronicle, Naked Security, : Top News, StateTech Magazine,, Forbes,,,, Threatpost, Nextgov, Los Angeles Times, NewsChannel10, CBSLocal

August 5, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Destructive Malware Attacks Jumped by 200% During the First Six Months of 2019, Ransomware Attacks Up by 116%

Destructive malware attacks increased 200% between January to July 2019 in comparison to the previous six-month period, according to a report issued by IBM’s X-Force Incident Response and Intelligence Services (IRIS). Ransomware attacks in particular increased by 116%, although not all ransomware is destructive or features wipers that destroy data. Around 50% of these attacks targeted organizations in the manufacturing industry the researchers noted. Other sectors significantly affected included oil and gas and education.

October 2, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Google’s Password Checkup Will Flag Bad or Weak Passwords Stored Within Chrome and Send Users Straight to Relevant Sites So They Can Be Changed

Google has moved its Chrome extension called Password Checkup, which it introduced in February, to its Chrome password manager feature where it examines any Web passwords saved within Chrome that are synchronized using a Google account to check against breach data, poor passwords and re-used passwords. If a password saved in Chrome raises any of these red flags, users can go straight to the sites with bad passwords using the “Change Password” button provided next to each compromised or weak password.

Related: National Cybersecurity, ZDNet Security, ExtremeTech,, The Parallax, TechRepublic, The Verge, Help Net Security, The Mac Observer, Fortune, PCWorld, IT News, Ubergizmo, BetaNews, TechSpot, Engadget,, Threatpost


National Cybersecurity : Harris poll backs Google plan to improve password security
ZDNet Security: Google launches Password Checkup feature, will add it to Chrome later this year
ExtremeTech: Google Announces New Privacy Options for Maps, YouTube, and More Google Google Makes It Simpler To See If Your Passwords Have Been Compromised By Data BreachesSee Passwords Compromised Data Breaches
The Parallax: Harris poll backs Google plan to improve password security
TechRepublic: Google: Most people still have terrible password habits
The Verge: Google is making it easier to check if your passwords have been compromised in a data breach
Help Net Security: Google adds Password Checkup feature to Google Accounts, Chrome
The Mac Observer: Google Will Tell Users if Their Password has Been Hacked
Fortune: Google’s New Password Security Tool Flags Compromised Websites
PCWorld: Google’s new Password Checkup tells you if your accounts can be compromised
IT News : Google’s new Password Checkup tells you if your accounts can be compromised
Ubergizmo : Google’s New Password Checkup Tool Lets You Know If You’ve Been Compromised
BetaNews: Google launches enhanced password management capabilities
Techspot : Google is adding its Password Checkup feature directly into Chrome
Engadget: Google’s Password Checkup feature will be built into Chrome Google’s Password Manager Now Warns About Compromised Accounts
Threatpost: Google Adds Password Checkup Feature to Chrome Browser

@google: If "P@s$w0rd” is your password, it’s probably time for a Password Checkup. Now you can check all your saved passwords for security issues with Password Checkup in your Google Account ? #NationalCyberSecurityAwarenessMonth

September 25, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Card-Skimming Malware Operators Magecart 5 Appear to Be Targeting Level 7 Routers Associated With Wi-Fi Networks Used at Airports, Hotels, Resorts and Some Retail Environments

A known group of criminal Web malware operators called Magecart 5 appears to be targeting commercial layer 7 routers typically associated with Wi-Fi networks commonly used to provide free or paid Wi-Fi Internet access at airports, hotels, resorts, and even in some retail environments, researchers at IBM X-Force IRIS report. Magecart 5 is one of many groups associated initially with the Magecart card skimming malware. The IBM researchers also found that the group is corrupting an open-source mobile application library used to create touch “sliders” to allow users to swipe through galleries “to ensure that every developer using the slider will end up serving the attackers’ malicious code, leading to the compromise of user data of those using the finished product.”

Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Threat Group Tortoiseshell Is Targeting U.S. Military Veterans and Companies With Malicious Employment Site, Installs Spyware to Collect Data About Target Systems

A threat group, Tortoiseshell, previously identified as being behind a set of attacks on IT providers in Saudi Arabia, has now been spotted targeting US military veterans and companies with a malicious webpage,, that purports to be an employment site, according to Cisco Talos. The bogus site offers a free desktop client which is, in reality, a spyware installer. Tortoiseshell is reported to be behind attacks on eleven companies in Saudi Arabia. All of the attacks used the same remote access tool, Backdoor.Syskit by Symantec, coded in both Delphi (the Object Pascal programming language introduced by Borland) and Microsoft .NET. A similar backdoor, named “IvizTech” in this case, is part of a package dropped by the website discovered by Talos. When the installer connects, it downloads two files from a server hosted by a company in Atlanta: a reconnaissance tool and the backdoor. If it fails to install, the backdoor sends an email to a Gmail address from another Gmail address (, the credentials for which are hard-coded in the installer. The reconnaissance tool, with the filename “bird.exe,” is internally named Liderc, collects data about the infected system, including date, time, installed drivers, patch level, network configuration, domain controller, name of the administrator account, and a list of other accounts available.

Related: ZDNet Security, Techaeris, SecurityWeek, Cisco Talos

Tweets:@campuscodi @joetidy

June 27, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Iranian Threat Group APT33 Switches to 1,200 New Domains Used for Controlling, Spreading Malware After Infrastructure Is Exposed, Report

Activity from APT33, also known as Elfin, the Iranian threat group previously tied to the Shamoon wiper attack and other Iranian cyber-espionage and destructive malware attacks has risen dramatically, with the organization creating over 1,200 domains for use in controlling and spreading malware, Recorded Future’s Insikt Group reports. Recorded Future found that APT33 had launched attacks on multiple Saudi companies, including two healthcare organizations as well as an Indian media company and a “delegation from a diplomatic institution.” The majority of these attacks involved “commodity” malware, well-known remote access tools (RATs). Of the 1,200 domains, 728 were identified communicating with the infected hosts and five of the 728 domains were observed communicating with hosts infected by one of 19 mostly publicly available RATs. After being called out by Symantec, which revealed APT33’s infrastructure, the group registered over 1,200 new domains to continue its activity.

June 4, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Twitter Account Reportedly Belonging to the Operator of the Baltimore Ransomware Attack Taken Down

A Twitter account, @robihkjn, which has been confirmed by researchers to be that of the operator of the ransomware that took down Baltimore City’s networks May 4, has been taken down after posting racist taunts of Baltimore City officials and tweeting documents demonstrating that at least some data was stolen from a city server. The messages posted on Twitter matched those delivered to Baltimore along with the malware according to Joe Stewart, an independent security consultant working on behalf of the cloud security firm Armor, and Eric Sifford, a security researcher with Armor’s Threat Resistance Unit (TRU). The two security professionals also confirmed that some of the documents posted to the account came from the Baltimore City government. The operator of the Twitter account said that the NSA exploit EternalBlue was not used to spread the ransomware within Baltimore City’s networks.