Those of us who worked in TV repair shops, back when there was such a thing, will likely remember the cardinal rule of TV repair: Never touch the yoke if you can help it. The complex arrangement of copper wire coils and ferrite beads wrapped around a plastic cone attached to the neck of the CRT was critical to picture quality, and it took very little effort to completely screw things up. Fixing it would be a time-consuming and frustrating battle with the cams, screws, and spacers that kept the coils in the right orientation, both between themselves and relative to the picture tube. It was best to leave it the way the factory set it and to look elsewhere for solutions to picture problems.

But how exactly did the factory set up a deflection yoke? We had no idea at the time, only learning just recently about the wonders of automated deflection yoke yamming. The video below was made by Thomson Consumer Electronics, once a major supplier of CRTs to the television and computer monitor industry, and appears directed to its customers as a way of showing off their automated processes. They never really define yamming, but from the context of the video, it seems to be an industry term for the initial alignment of a deflection yoke during manufacturing. The manual process would require a skilled technician to manipulate the yoke while watching a series of test patterns on the CRT, slowly tweaking the coils to bring everything into perfect alignment.

Automating this process would have been a huge competitive advantage for a company like Thomson. Being able to provide correctly aligned CRT assemblies to a manufacturer would have been a productivity booster, especially since Thomson claimed to be able to adjust the process to the customer’s assembly line needs. They also say that the automated yamming process took just 30 seconds per tube thanks to a series of sensors and cameras watching the screen. The human element wasn’t completely eliminated, though; at the 3:50 mark, some unlucky QA tech is shown watching an endless carousel of tubes flashing a few test patterns to confirm the process. And you think your job sucks.

It’s not exactly clear when this video was made. The title suggests it was 1995, and that seems about right from the technology in the video, which includes a computer running a version of Windows from around that timeframe. Ironically, the LCD monitor on that touchscreen display was a harbinger of things to come for Thomson, which was out of the CRT business in the US less than a decade later.

youtube.com/embed/R3tS6T48_2Y?…

hackaday.com/2025/02/19/retrot…

Scientia Potentia Est

Michiaki Ikeda was a chubby-faced six-year-old when the nuclear age smacked him in the face with a blinding flash of light. Just as he was stepping out of an elevator at Nagasaki Medical University’s hospital, a nuclear weapon code-named Fat Man detonated seven hundred meters away from him. The bomb had the explosive equivalent in force of more than twenty kilotons of TNT and flattened almost everything within a kilometer radius. The concrete hospital building was mostly left standing, but the majority of the people inside were killed. The steel elevator shaft likely saved his life.
When he came to, it was pitch-dark, and the first sensation he recalled was the sound of something burning. Then the smell of smoke reached his nostrils, bringing him to his feet. As he stumbled out into what had been the hospital’s corridor, his eyes adjusted to the darkness, and he realized he was standing on dirt. The wood floors had been blown away. In the corner, he saw a nurse on the ground surrounded by shattered glass, and her face covered in blood. To Michiaki, it was as if someone had poured a bucket of blood over her head. Yet her eyes were open, and she was staring at him.
“Call the ambulance service,” she ordered, her expression a mix of shock and rage.
He looked around, but all he could see were shards of glass and wood panels blown from the ground. He crawled out a window frame and stepped down into what had been, just a little while before, a tranquil garden with water. Now, as he looked up, he could see some trees were toppled and the ones that still stood were in flames. When his eyes moved from the burning treetops down to the ground, the scene was pure horror. The hospital’s garden was strewn with corpses with hair burned into frizzy clumps. Some had eyeballs hanging down on their cheeks, and faces with their lips and flesh burned away, leaving the teeth and jaw exposed. There were some bodies with stomachs bloated to twice their normal size, and others with internal organs spilling out.
He fled the burning hospital grounds and instinctively started walking toward the city, thinking he would find help. Instead, he found more horror. The main boulevards of Nagasaki were cluttered with debris of blown-out buildings. The living were walking, their arms dripping with scorched flesh outstretched in front of them to avoid the pain of having burned skin touch their bodies. Dazed, they walked down the street, calling for water and looking for help that was not there.
Three days earlier, the United States had dropped an atomic bomb called Little Boy, which used highly enriched uranium, on Hiroshima, instantly killing some seventy thousand people.
Many more would die later from burns and radiation sickness.
Nagasaki had not been the primary target of Fat Boy, a plutonium implosion bomb. A B-29 Superfortress, Bockscar, was planning to drop Fat Boy on the city of Kokura, but cloud cover forced the pilot to divert to Nagasaki, a secondary target.
Nagasaki’s natural geography of mountains and valleys protected part of the population, preventing many of the immediate deaths that took place in Hiroshima, but the city center was devastated.
Along with a bomb, a second airplane flying over Nagasaki dropped canisters containing scientific instrumentation. The canisters also contained copies of a personal letter several Manhattan Project scientists addressed to a prominent Japanese scientist. “You have known for several years that an atomic bomb could be built if a nation were willing to pay the enormous cost of preparing the necessary material,” the letter, written by the nuclear physicist Luis Alvarez, read. “Now that you have seen that we have constructed the production plants, there can be no doubt in your mind that all the output of these factories, working 24 hours a day, will be exploded on your homeland.”
In Japan, the bomb had now decimated two cities. Six-year-old Michiaki was fortunate: miraculously uninjured, he was found by a nurse and taken to a bomb shelter in the mountains, where he was eventually reunited with his family. Michiaki did not know anything about what had happened that day. He only knew that this was not like the other bombings the city endured during the war, a routine so common that residents often ignored the sirens warning of enemy aircraft. “I had no clue what a nuclear or atomic bomb was—that something like that existed,” he recalled. “I just thought it was many, many big bombs that had fallen.”
—
The bomb dropped on Nagasaki was the third atomic device ever detonated. The first atomic explosion, called the Trinity Test, was conducted in secrecy on July 16, 1945, at Alamogordo, New Mexico. Americans learned about this new weapon after Little Boy was dropped on Hiroshima on August 6 of that year. The New York Times announced the nuclear age to the world with the headline “First Atomic Bomb Dropped on Japan; Missile Is Equal to 20,000 Tons of TNT; Truman Warns Foe of a ‘Rain of Ruin.’ ”
In Japan, however, what little news was reported about Hiroshima was only that incendiary bombs were used.
Speaking the day the bomb on Hiroshima was dropped, President Harry Truman revealed not just the existence of this terrifying new weapon but a massive project conducted in secrecy to build it. Across the country, over two and a half years, as many as 125,000 people had been involved in this secret project, Truman announced. Many workers did not even know exactly what they were working on, only that it was an important war project. “We have spent two billion dollars on the greatest scientific gamble in history,” he said, “and won.”
Truman was right: Less than a week after Nagasaki was bombed, the Japanese emperor announced the country’s unconditional surrender, telling the nation in a broadcast speech that despite great sacrifice “the war situation has developed not necessarily to Japan’s advantage.” More directly, he acknowledged the devastation wrought in Hiroshima and Nagasaki, saying “the enemy has begun to employ a new and most cruel bomb, the power of which to do damage is, indeed, incalculable, taking the toll of many innocent lives. Should we continue to fight, it would not only result in an ultimate collapse and obliteration of the Japanese nation, but also it would lead to the total extinction of human civilization.”
A few weeks after the Japanese surrender, Herbert F. York, a young physicist who had been one of the thousands of workers on the secret project Truman had referred to, brought his father to Oak Ridge, Tennessee, where uranium had been enriched for the Little Boy bomb dropped on Hiroshima. The work inside the plant itself was still secret, but its existence no longer was. Standing at the top of a hill, York pointed down proudly to the facility hidden in the valley below, where he had labored in secret for two years of the war. “We have made war obsolete,” he triumphantly told his father. It did not take York long to realize he was completely wrong.
In Japan, the power of the atomic bomb left people feeling helpless. In America, for that brief moment, it made people feel invincible. The idea that this same powerful weapon could soon threaten the United States had not yet sunk in. It would soon. The United States might have beaten the rest of the world in building an atomic bomb, but the Germans during the war had achieved something that the Americans, British, and Soviets had not: a guided ballistic missile. The V-2, a liquid-propelled rocket developed by Wernher von Braun and his team of scientists, could travel more than two hundred miles, with an engine thrust eighteen times greater than anything the Allies had achieved. The Nazis used it to terrorize England during the war.
The bombing of Hiroshima and Nagasaki hastened the end of World War II, and it also marked the beginning of a new war for scientific talent and engineering. The atomic bomb had proved that knowledge was power, and whatever nation had the most knowledge would have an edge in the next war. The Soviet Union might have been allies with the United States in its victory over Germany, but the two countries’ interests diverged even before Japan surrendered. In Germany, the Soviets and the Americans were already engaged in a race to capture knowledge.
—
Standing in Frankfurt’s Hauptbahnhof in 1949, twenty-eight-year-old William Godel paused to admire the grand arches and curved glass above the train terminal. Outside, most of the city was still many feet deep in rubble—the aftermath of bombing during the war. It was not just the station’s neo-Renaissance design Godel was admiring but also the fact that it had survived the war with only superficial damage. The strategic bombing of Germany had been highly effective at causing civilian casualties but not at stopping the industrial war machine.
“Hey, you,” an American woman snapped. “Come put this baggage aboard and I’ll give you a cigarette.”
“Jawohl, gnädige Frau,” Godel answered, picking up her bag. As he carried it to the train, he walked with a slight limp—a war injury, something not uncommon to see in a German man his age in Frankfurt; Germany was flooded with crippled veterans. The train station was also filled with Americans, mostly military service members and their families stationed in Germany. The Americans who walked through the station were smartly dressed, whether in military uniform or civilian clothing. The Germans, on the other hand, shambled about the train station in threadbare suits. Germany was still under Allied occupation. The Americans controlled Frankfurt, and many still harbored a deep resentment of the Germans.
Sometimes the Americans would tell him a compartment was for “Americans only.” Godel was accustomed to being given orders by Americans in the train station, and the woman’s request to carry her bag was a relief; it meant that he was passing for what he was meant to pass for: Hermann Buhl, a former member of Germany’s Wehrmacht, and not an American covert operative. The young American was posing as a German veteran so he could slip across Soviet-occupied areas in Germany and Austria, and even into the Soviet Union, recruiting Russian and German scientists, engineers, and military officers to work for the United States. His German was fluent, but not native, good enough to pass with the Americans and Russians, and even Germans, in many cases. German veterans could quickly figure out he was not really exWehrmacht, but that did not so much matter; they had other things to worry about in the late 1940s. “It was a high-risk undertaking, replete with forged documents, black-market funds, bribery, loose women, and all manner of illegalities and immoralities,” he later wrote. He was also on his own when it came to the Russians. “Don’t get caught,” one army general told him, “because I cannot help you worth a damn over there.”
Godel’s work was under the larger rubric of Operation Paperclip, the military intelligence program that was scooping up German scientists and engineers to bring to the United States. The project, so named for the paper clip attached to each scientist’s dossier, had already garnered the biggest bounty: von Braun and his team of rocket scientists. At the end of the war, von Braun had actively sought out the American military, knowing that he and his team would likely fare better with the United States than with the Soviet Union. In the spring of 1945, the Soviets dispatched specialized military intelligence teams to Germany to gather anything that could be found in the way of military technology, including missiles, radar, and nuclear research. The Soviets took Peenemünde, where von Braun and his rocket team had been based, but they had already fled, taking much of their design work with them. “This is absolutely intolerable,” Joseph Stalin said. “We defeated Nazi armies; we occupied Berlin and Peenemünde; but the Americans got the rocket engineers. What could be more revolting and
and more inexcusable?”
The Soviets eventually took whatever they could, sending hundreds of German personnel back to the Soviet Union, not to mention trainloads of equipment. The Soviets’ hunt for technical expertise was broad, but it also lacked focus. As von Braun put it, “The Americans looked for brains, the Russians for hands.”
In Germany before the war, von Braun had been part of a visionary group that dreamed of building rockets for space travel but agreed to work for the military, and eventually the Nazis, on weapons. In going with the Americans, he hoped again to work on space travel. Instead, von Braun and more than a hundred other rocket scientists were taken to the United States, initially to Fort Bliss, Texas, and relegated to showing the Americans how to build and operate the V-2. Unsure of what to do with the Germans, and unwilling to give them money to design new rockets, let alone fulfill von Braun’s ambitions of space travel, the Americans allowed his team to languish in the South.
The Soviets did not suffer from indecision, however. Using captured German know-how, the Soviets moved forward swiftly with designing rockets that could travel even greater distances than the V-2. “Do you realize the tremendous strategic importance of machines of this sort?” Stalin told a senior Russian rocket scientist after the war. “It could be an effective straightjacket for that noisy shopkeeper, Harry Truman. We must go ahead with it, comrades.” In the Soviet Union, the goal was clear. “What we really need,” said Pavel Zhigarev, the commander in chief of the Soviet air forces, “are long-range, reliable rockets that are capable of hitting the American continent.”
As the Soviets moved forward with their ballistic missile program, William Godel, disguised as Hermann Buhl, was on a parallel mission: trying to collect intelligence on Soviet military capabilities. He was growing increasingly convinced that the American military was pursuing weapons based on its own bureaucratic interests and not based on what intelligence was telling it was needed.
William Hermann Godel was born as Hermann Adolph Herbert Buhl Jr. on June 29, 1921, in Denver, Colorado, to Hermann Buhl Sr. and Lumena Buhl, German immigrants. Hermann Buhl Sr. died of pneumonia in 1931, and Lumena soon married another German immigrant, named William Frederick Godel, who ran his own insurance business and prior to World War II served as the German consul in Denver. The next year, Lumena’s new husband legally adopted his stepson and, at the suggestion of the judge, officially changed the boy’s name to William H. Godel. Relations between the two were icy at best. At one point, the younger Godel built a shack in the backyard to avoid living in the same house as his adoptive father.
After high school, Godel attended the New Mexico Military Institute in Roswell and then, later, Georgetown’s School of Foreign Service. He initially went to work for the War Department’s military intelligence division, but when the Japanese attacked Pearl Harbor, Godel was commissioned as an officer in the Marine Corps and participated in the initial landings in the Pacific. He was wounded twice, including at Guadalcanal in January 1943, where he was hit by a hand grenade. The fragments shattered the bone in his left leg and destroyed a good portion of its muscle. He was awarded the Purple Heart and sent back home to recuperate. For the rest of his life, he would need a leg brace and walk with a limp.
Godel desperately wanted to stay in the Marine Corps and insisted he was fit to serve, but by 1947, after a series of medical reviews, he lost the battle. The wound in his left leg was still not completely healed, and Godel was forcibly retired from the Marine Corps, declared medically unfit for service. He made enough of a name for himself that after the war General William “Wild Bill” Donovan, the wartime head of the Office of Strategic Services, recruited Godel to Washington to work as an intelligence research specialist for the army focusing on the Soviet Union.
It was a chaotic but exciting time to be involved in intelligence. Before the war, intelligence was regarded as something of a dirty business. “Gentlemen don’t read other people’s mail,” Secretary of State Henry Stimson declared in 1929, when explaining why the United States should halt its cryptanalysis work. Pearl Harbor and World War II might have discredited that view, but there was still nothing approaching a robust intelligence machine even after the war ended. There were, however, powerful personalities lobbying for power, particularly those who formed part of a close-knit community of military and intelligence operatives who had served together in World War II. Men like the air force brigadier general Edward Lansdale, a legendary spy, and William Colby, the future director of the CIA, emerged during this period. So, too, did William Godel.
In 1947, Harry Truman signed the National Security Act, which attempted to impose order on the bureaucratic chaos that emerged after World War II. The war had created a multitude of people and organizations vying for power, and the legal reorganization was supposed to bring some clarity with the establishment of the National Security Council and the Central Intelligence Agency while also streamlining the Department of Defense and creating the Department of the Air Force, splitting it off from the army. The National Security Act, in reality, simply spawned an array of new organizations all competing for resources. The army, the navy, and the newly created air force all claimed ownership of rocket and missile research, while the CIA also saw a need for military technology that could collect intelligence on the Soviet Union.
The most important of those new technologies was, as Stalin rightly pointed out, an intercontinental ballistic missile, or ICBM. It would be a categorically different military capability; by the early 1950s, the Soviet Union was building bombers that could carry nuclear weapons to the East Coast of the United States, but they could also be potentially detected and intercepted. In the United States, computer scientists were already hard at work developing computer systems that could link radars together, to allow the military to stop incoming Soviet bombers, but there was in the 1950s no existing technology that could conceivably stop an ICBM attack. Even if a missile were detected by radar, the military would have just seconds to respond, and then there was little to be done to stop it: it would be like trying to shoot a bullet out of the sky.
In the immediate years after World War II, there was initially little enthusiasm in the White House for investing in such long-range missiles. In 1947, President Truman, who had promised to bring federal debt under control, slashed the military’s rocket and missile programs. Funding was tight, and it was being fought over. The army, the navy, and the air force all had their own rocket and missile programs, each with justifications, often tenuous, for why that work properly belonged to them. The seeming triumph of American technology was short-lived. The United States had spent millions gathering up German technical talent, but when von Braun proposed research to his Pentagon masters to build more complicated rockets or—his ultimate goal—to design rockets that could travel into space, he was refused. It was a time of “professional gloom” for him and his team.
Yet the Soviets by 1949 had already developed a new ballistic missile, called Pobeda, or “Victory,” that could fly higher and carry more than the V-2 rocket. That same year, on August 29, the Soviet Union set off its first atomic bomb on the Kazakh Steppe, ending America’s monopoly on nuclear weapons. A little more than a month later, China fell to communism, and in June 1950 North Korea invaded South Korea. Truman, who thought he would demilitarize, was suddenly left dealing with twin threats of a Soviet nuclear and conventional buildup in Europe and a growing communist threat in Asia. The only choice for politicians in Washington seemed to be developing weapons even more powerful than those that had destroyed Hiroshima and Nagasaki.
—
On November 1, 1952, Herbert York made a call to the nuclear physicist Edward Teller with a brief message. It was “zero hour,” York told Teller, who was watching a seismometer at the Radiation Laboratory at Berkeley. Fourteen minutes passed, and then Teller called back with his own coded response: “It’s a boy.”
That “boy” was Ivy Mike, a 10.4-megaton hydrogen bomb that had just exploded in the clear blue waters of Eniwetok Atoll, vaporizing the island of Elugelab and creating, as Richard Rhodes described it, “a blinding white fireball three miles across.” The device, designed by Teller and Stanislaw Ulam, was a thousand times more powerful than the bomb that went off in Hiroshima. York, the young physicist who just seven years earlier had proudly told his father that war was obsolete, was now in charge of recruiting the scientists to design a new class of weapons whose power was so great that at one point it was feared the explosion would ignite the atmosphere and vaporize the oceans. Ivy Mike was a test of the world’s first thermonuclear weapon, known as the Super. This new bomb did more than create a new generation of superweapons; it also eliminated one of the last arguments against developing ICBMs. Thermonuclear weapons with yields in the many-megaton range meant that accuracy was no longer critical; with a big enough bang, hitting the target precisely was not as important. And once the thermonuclear weapon could be reduced in size, the military did not need bombers to haul weapons over long distances; it could pack them on an ICBM.
Three days after Ivy Mike exploded, Dwight D. Eisenhower, who had served as the supreme commander of the Allied forces in Europe during World War II, was elected president in a landslide, running on a campaign that focused heavily on battling communism. “World War II should have taught us all one lesson,” he declared. “The lesson is this: To vacillate, to hesitate—to appease even by merely betraying unsteady purpose—is to feed a dictator’s appetite for conquest and to invite war itself.”
By the time Eisenhower took office in January 1953, the Korean War was already drawing to a close, and he was alarmed by the growth in the federal budget. In the past two decades, spending had grown twenty-fold to more than $80 billion, and over half of that was going directly to the Pentagon. To rein in military spending, Eisenhower instituted a policy called New Look, which turned to nuclear weapons as a cost-effective way to offset drawdowns in conventional forces. It was fortuitous timing for rocket enthusiasts. Von Braun and his team had moved in 1950 to Huntsville, Alabama, where they were finally working on a new missile, called the Redstone. In Washington, Eisenhower was met with a flood of reports and panels making the case for rocket technology: both as weapons that could reach the Soviet Union and as a way to carry satellites into space. Rand, a newly established think tank funded by the air force, produced a series of reports proposing an earth-orbiting satellite as a military capability. Because satellites did not yet exist, there was still a question of national sovereignty: Would a satellite that flew over another country, such as the Soviet Union, be regarded as a violation of its airspace?
In 1954, the Technological Capabilities Panel, appointed by Eisenhower to look at the potential of a “surprise attack” by the Soviet Union, offered a solution: the United States would launch a purely scientific satellite as a pretext to establish “freedom of space,” which would then pave the way for military satellites. With all three of the military services developing separate technologies, the question was which should get to build the first rocket to space.
—
As the military services battled over a nascent space program, William Godel in the 1950s was in the midst of a different war in the intelligence world. Back in Washington, D.C., he worked as an assistant to General Graves Erskine, the Pentagon’s director of special operations. Godel quickly earned a reputation as the go-to guy for special assignments, particularly those that combined intelligence with science. Whether it was recruiting foreign scientists to work with the Pentagon or formulating plans for Operation Deep Freeze, which established the American presence in Antarctica (and earned him an eponymous plot of frozen water, the Godel Iceport), Godel was known as a man who could get things done.
Godel was also often called in to deal with the turf wars in areas like psychological operations. Frustrated by the lack of coordination for such operations—covert and overt—across government, President Truman in 1951 established the "Psychological Strategy Board" and appointed Godel as a member. The job brought Godel into periodic battles with the CIA, though many of them were petty. Official correspondence from the time mentions CIA officials clashing with Godel about everything from the CIA director’s refusal to attend a Pentagon function for visiting dignitaries to whether the CIA was providing a Hollywood studio with film footage of American prisoners of war held in North Korea. But the infighting was bad enough that Frank Wisner, the head of the CIA’s Office of Policy Coordination, banned Godel from his buildings.
It might have been run-ins like those that prompted a security investigation into Godel, something that was not unusual in an era when information dug up from background investigations was used as a blunt weapon to oust political enemies. In 1953, Pentagon security officials interviewed Godel after reports surfaced that his adoptive father had been a Nazi sympathizer.
While denying the allegation, Godel also distanced himself from the man who raised him. “I didn’t care for him,” Godel said. “I had no personal association with him other than as a man who has been very nice to my mother since I left in ’38.”
The investigation did not stop Godel’s upward trajectory in government, however. In 1955, Donald Quarles, then the assistant secretary of defense for research and development, assigned Godel to the National Security Agency, a part of government so highly classified at the time that its existence was not even acknowledged. The NSA had been established in 1952, bringing together the communications intelligence and code-breaking capabilities that had emerged from World Wars I and II. Like the rest of the Defense Department, the NSA was being scrutinized by the Eisenhower administration, which was unhappy with the quality of strategic intelligence. Godel was supposed to help straighten out the NSA’s overseas operations and cut back ineffective foreign bases. For Godel, the NSA assignment combined his twin interests in intelligence and technology. In a later unpublished interview, Godel had a simple description of his mission: he was a hatchet man. In 1955, the year Godel was assigned to scale back the NSA, a copy of his security interview, which included questions raised about his adoptive father’s Nazi sympathies, was sent over to the FBI at the personal request of J. Edgar Hoover to review. It is unclear what the FBI chief was looking for, but two years later Secretary of Defense Charles Wilson wrote back to Hoover: “Glad to know you think [Godel’s] doing a fine job.” Godel’s role by then had earned him consideration for a top slot at the NSA.
Godel might have been doing a fine job, but the NSA, like the rest of the defense and intelligence community, was about to become embroiled in yet a new crisis. The same year that Quarles sent Godel to revamp the NSA, he also appointed a panel to decide which rocket proposal would take the United States into space. The problem was that there was no civilian rocket program; only the military services were developing the technology that could launch a satellite into space. The air force’s plan was to launch an ICBM into space, and the army proposal would have involved relying on former Nazi scientists working at a military arsenal. The navy’s rocket, while the least mature, had the advantage of not being associated with a weapon. In the end, the panel passed over the army’s German rocket team and the air force’s ICBM, selecting instead the navy proposal, a rocket that was still in development. “This is not a design contest,” an outraged von Braun protested. “It is a contest to get a satellite into orbit, and we are way ahead on this.”
Von Braun’s concerns were ignored, even as over the next two years the navy fell behind schedule. The delays did not spark much concern among America’s political leaders, and particularly not for President Eisenhower, who still believed that the United States was ahead of the Soviet Union.
Then, in the fall of 1957, the CIA and the NSA were monitoring Soviet launches of intermediate-range missiles from Kapustin Yar, in western Russia, unaware of a much more important launch that was being prepared in Kazakhstan. Twelve years after winning a scientific gamble on nuclear weapons, Americans were about to face the reality that the horror the six-year-old Michiaki experienced in Nagasaki could soon reach the continental United States. The United States would no longer be invulnerable, and war was anything but obsolete.

#ColdWar #history #WernherVonBraun #ICBM #NuclearWar #TrinityTest #Alamogordo NewMexico #Hiroshima #LittleBoy #Nagasaki #FatMan #IvyMike #Thermonuclear #satellite #WilliamGodel #NSA

La Cybersecurity and Infrastructure Security Agency (CISA) degli Stati Uniti ha aggiunto al suo catalogo delle vulnerabilità note sfruttate ( KEV ) due falle di sicurezza che interessano Palo Alto Networks PAN-OS e SonicWall SonicOS SSLVPN, sulla base di prove concrete di sfruttamento attivo.

La società di intelligence sulle minacce GreyNoise ha affermato che ben 25 indirizzi IP dannosi stanno sfruttando attivamente CVE-2025-0108, con il volume di attività degli aggressori in aumento di 10 volte da quando è stato rilevato quasi una settimana fa. Le prime tre fonti di traffico di attacco sono Stati Uniti, Germania e Paesi Bassi.

I difetti sono elencati di seguito:

• CVE-2025-0108 (punteggio CVSS: 7,8) – Una vulnerabilità di bypass dell’autenticazione nell’interfaccia web di gestione PAN-OS di Palo Alto Networks che consente a un aggressore non autenticato con accesso di rete all’interfaccia web di bypassare l’autenticazione normalmente richiesta e richiamare determinati script PHP
• CVE-2024-53704 (punteggio CVSS: 8,2) – Una vulnerabilità di broken authentication nel meccanismo di autenticazione SSLVPN che consente a un aggressore remoto di aggirare l’autenticazione

“Palo Alto Networks ha osservato tentativi di exploit che collegano CVE-2025-0108 con CVE-2024-9474 e CVE-2025-0111 su interfacce di gestione web PAN-OS non protette e non corrette”, si legge in un avviso aggiornato.

Per quanto riguarda il CVE-2024-53704, la società di sicurezza informatica Arctic Wolf ha rivelato che gli autori della minaccia stanno sfruttando la falla come arma poco dopo che Bishop Fox ha reso disponibile una proof-of-concept (PoC).

L'articolo Allarme CISA: vulnerabilità critiche in PAN-OS e SonicOS sotto attacco! proviene da il blog della sicurezza informatica.

We get it. We also watched Star Trek and thought how cool it would be to talk to our computer. From Kirk setting a self-destruct sequence, to Scotty talking into a mouse, or Picard ordering Earl Grey, we intuitively know that talking to a computer is better than typing, right? Well, computers talking back and forth to us is no longer science fiction, and maybe we aren’t as happy about it as we thought we’d be.

We weren’t able to pinpoint the first talking computer in fiction. Asimov and van Vogt had talking computers in the 1940s. “I, Robot” by Eando Binder, and not the more famous Asimov story, had a fully speaking robot in 1939. You could argue that “The Machine” in E. M. Forster’s “The Machine Stops” was probably speaking — the text is a little vague — and that was in 1909. The robot from Metropolis (1927) spoke after transforming, but you could argue that doesn’t count.

Meanwhile, In Real Life

In real life, computers weren’t as quick to speak. Before the middle of the twentieth century, machine-generated speech was an oddity. In 1779, a mechanical contrivance by Wolfgang von Kempelen, famous for the mechanical Turk chess-playing automaton, could form simple words. By 1939, Bell Labs could do even better speech synthesis electronically but with a human operator. It didn’t sound very good, as you can see in the video below, but it was certainly expressive.

youtube.com/embed/0rAyrmm7vv0?…

Speech recognition would wait until 1952, when Bell Labs showed a system that required training to understand someone speaking numbers. IBM could recognize 16 different utterances in 1961 with “Shoebox,” and, of course, that same year, they made an IBM 704 sing “Daisy Bell,” which would later inspire HAL 9000 to do the same.

youtube.com/embed/gQqCCzrS5_I?…

Recent advances in neural network systems and other AI techniques mean that now computers can generate and understand speech at a level even most fiction didn’t anticipate. These days, it is trivially easy to interact with your phone or your PC by using your voice. Of course, we sometimes question if every device needs AI smarts and a voice. We can maybe do without a smart toaster, for instance.

So What’s the Problem?

Patrick Blower’s famous cartoon about Amazon buying Whole Foods is both funny and tragically possible. In it, Jeff Bezos says, “Alexa, buy me something from Whole Foods.” To which Alexa replies, “Sure, Jeff. Buying Whole Foods.” Misunderstandings are one of the problems with voice input.

Every night, I say exactly the same phrase right before I go to sleep: “Hey, Google. Play my playlist sleep list.” About seven times out of ten, I get my playlist going. Two times out of ten, I get children’s lullabies or something even stranger. Occasionally, for variety, I get “Something went wrong. Try again later.” You can, of course, make excuses for this. The technology is new. Maybe my bedroom is noisy or has lousy acoustics. But still.

That’s not the only problem. Science fiction often predicts the future and, generally, newer science fiction is closer than older science fiction. But Star Trek sometimes turns that on its head. Picard had an office. Kirk worked out of his quarters at a time when working from home was almost unheard of. Offices are a forgotten luxury for many people, and if you are working from home, that’s fine. But if you are in a call center, a bullpen, or the bridge of the Enterprise, all this yakking back and forth with your computer will drive everyone crazy. Even if you train the computer to only recognize the user’s voice, it will still annoy you to have to hear everyone else’s notifications, messages, and alerts.

Today, humans are still better at understanding people than computers are. We all have a friend who consistently mispronounces “Arduino,” but we still know what he means. Or the colleague with a very thick accent, like Checkov trying to enter authorization code “wictor wictor two” in the recent movie. You knew what he meant, too.

youtube.com/embed/yMOp-1r2ras?…

Some of the problems are social. I can’t tell you the number of times I’m in the middle of dictating an e-mail, and someone just comes up and starts talking to me, which then shows up in the middle of my sentence. Granted, that’s not a computer issue. But it is another example of why voice input systems are not always as delightful as you’d think.

Solutions?

Probably got great battery life.
Sure, maybe you could build a cone of silence over each station, but that has its own problems. Then again, Spock and Uhuru sometimes wore the biggest Bluetooth Earbud ever, so maybe that’s half of the answer. The other half could be subvocalization, but that’s mostly science fiction, although not entirely.

What do you think? Even telepathy probably has some downsides. You’d have to be careful what you think, right? What is the ideal human-computer interface? Or will future Star Fleet officers be typing on molecular keyboards? Or will it wind up all in our brains? Tell us what you think in the comments.

hackaday.com/2025/02/19/be-car…

Quasi 59 mila americani sono diventati vittime di truffatori , perdendo 697,3 milioni di dollari in truffe sentimentali nel 2024. Dietro le belle parole e le promesse d’amore si nascondevano inganni e una trappola finanziaria.

Sebbene il numero di casi di frode segnalati sia diminuito nel corso degli anni, le somme di denaro sottratte ai truffatori restano elevate. Nel 2023 sono state registrate 62,4 mila truffe di questo tipo, con perdite pari a 702,7 milioni di dollari. Ciò indica un cambiamento nelle tattiche dei truffatori, che ora si concentrano su schemi con frodi finanziarie più grandi, tra cui gli investimenti in criptovalute.

Secondo i dati di IC3, nel 2023, le truffe basate sulla fiducia e sulle relazioni sentimentali hanno rappresentato il 6% di tutti i reclami per truffe sulle criptovalute, causando perdite per oltre 215,8 milioni di dollari. Ciò significa che le truffe sentimentali stanno diventando sempre più parte di schemi finanziari più ampi, in cui le vittime non solo vengono indotte a credere nell’amore, ma anche convinte a investire denaro.

Anche la perdita media per frode varia. Ad esempio, in Idaho ha raggiunto i 61.784 dollari, in West Virginia i 51.588 dollari e in Oregon i 50.136 dollari. Sebbene il numero complessivo di truffe sentimentali sia in calo, i truffatori non stanno abbandonando i loro stratagemmi di seduzione, stanno semplicemente cambiando il loro approccio. L’uso della tecnologia, compresa l’intelligenza artificiale, consente agli aggressori di creare profili più convincenti, generare messaggi credibili e persino foto false per ingannare le vittime.

Gli investimenti fraudolenti basati su rapporti di fiducia rappresentano una minaccia crescente. Molte truffe iniziano con una relazione sentimentale, per poi trasformarsi in truffe sugli investimenti. Alle persone ingannate viene proposto di investire denaro in criptovalute o altri asset, il che comporta la perdita di ingenti somme di denaro.

Il problema delle truffe sentimentali è complicato dal loro basso tasso di rilevamento: molte vittime si vergognano semplicemente a denunciare l’accaduto. Le ricerche dimostrano che solo il 3,66% di questi casi viene registrato ufficialmente. Si stima che il danno effettivo causato da questo tipo di frode negli Stati Uniti potrebbe raggiungere i 535 miliardi di dollari.

Per evitare di essere scoperti, è importante ricordare i segnali chiave di una frode: richieste inaspettate di trasferimento di denaro, eccessiva fretta nello sviluppare relazioni, rifiuto di videochiamate o riunioni, nonché storie di improvvisi problemi finanziari. Al minimo dubbio, dovresti interrompere la comunicazione, verificare le informazioni e chiedere consiglio ai tuoi cari.

Le truffe sentimentali continuano a evolversi, diventando parte di schemi criminali più complessi. Ma con maggiore consapevolezza e cautela, è possibile evitare la trappola e risparmiare non solo denaro, ma anche tranquillità.

L'articolo Falsi Amori, Veri Inganni! Truffe Romantiche e Crypto per Raggiri Milionari nel 2024 proviene da il blog della sicurezza informatica.

It is easy to forget that many technology juggernauts weren’t always the only game in town. Ethernet seems ubiquitous today, but it had to fight past several competing standards. VHS and Blu-ray beat out their respective competitors. But what about USB? Sure, it was off to a rocky start in the beginning, but what was the real competition at that time? SCSI? Firewire? While those had plusses and minuses, neither were really in a position to fill the gap that USB would inhabit. But [Ernie Smith] remembers ACCESS.bus (or, sometimes, A.b) — what you might be using today if USB hadn’t taken over the world.

Back in the mid-1980s, there were several competing serial bus systems including Apple Desktop Bus and some other brand-specific things from companies like Commodore (the IEC bus) and Atari (SIO). The problem is that all of these things belong to one company. If you wanted to make, say, keyboards, this was terrible. Your Apple keyboard didn’t fit your Atari or your IBM computer. But there was a very robust serial protocol already in use — one you’ve probably used yourself. IIC or I2C (depending on who you ask).

I2C is robust, simple, and cheap to implement with reasonable licensing from Philips. It just needed a little tweaking to make it suitable for peripheral use, and that was the idea behind ACCESS.bus. [Ernie] tracked down a 1991 article that covered the technology and explained a good bit of the how and why. You can also find a comparison of A.b, I2C, and SMBus in this old datasheet. You can even find the 3.0 version of the spec online. While DEC was instrumental in the standard, some of their equipment used SERIAL.bus, which was identical except for using 12 V power and having a slightly different pinout.

The DEC Station 5000 was an early adopter of ACCESS.bus. From the user’s guide:

In theory, one ACCESS.bus port could handle 125 devices. It didn’t have a hub architecture like USB, but instead, you plugged one device into another. So your mouse plugs into your keyboard, which plugs into your printer, and finally connects to your PC.

The speed wasn’t that great — about 100 kilobits per second. So if ACCESS.bus had won, it would have needed to speed up when flash drives and the like became popular. However, ACCESS.bus does sort of live even today. Computer monitors that support DDC — that is, all of them in modern times — use a form of ACCESS.bus so the screen you are reading this on is using it right now so the monitor and PC can communicate things like refresh rates.

We love to read (and write) these deep dives into obscure tech. The Avatar Shark comes to mind. Or drives that used photographic film.

hackaday.com/2025/02/19/in-a-w…

Microsoft Threat Intelligence ha individuato una nuova variante di XCSSET, il pericoloso malware modulare per macOS che infetta i progetti Xcode. Sebbene al momento gli attacchi rilevati siano limitati, la scoperta di questa variante segna un’evoluzione preoccupante della minaccia, con nuove tecniche di offuscamento, meccanismi di persistenza aggiornati e strategie di infezione ancora più sofisticate.

XCSSET: un ritorno con nuove armi

Questa è la prima variante conosciuta di XCSSET dal 2022, e porta con sé miglioramenti significativi che lo rendono ancora più insidioso. Oltre alle capacità già note, come il furto di dati da wallet digitali, la raccolta di informazioni dall’app Note e l’esfiltrazione di file di sistema, il malware ora utilizza tecniche avanzate per eludere le difese e garantire la propria persistenza.

Offuscamento migliorato: più difficile da individuare

La nuova variante di XCSSET adotta un approccio altamente randomizzato per generare i payload all’interno dei progetti Xcode infetti. Le tecniche di codifica variano sia nella metodologia che nel numero di iterazioni, rendendo più complessa la rilevazione. Mentre le versioni precedenti utilizzavano esclusivamente xxd (hexdump) per l’encoding, questa variante introduce anche la codifica Base64, aumentando ulteriormente la complessità dell’analisi. Inoltre, i nomi dei moduli nel codice sono offuscati, rendendo difficile determinare il loro scopo.

Persistenza aggiornata

XCSSET sfrutta due nuovi metodi per garantirsi un’esecuzione continua sul sistema infetto:

• Metodo zshrc: il malware crea un file ~/.zshrc_aliases contenente il payload e modifica il file ~/.zshrc, assicurandosi che il codice venga eseguito ogni volta che si apre una nuova sessione shell.
• Metodo dock: scarica un tool firmato chiamato dockutil da un server di comando e controllo (C2) e lo usa per manipolare gli elementi del dock. Il malware sostituisce il percorso del Launchpad con una versione fasulla, assicurandosi che ogni volta che viene avviato dal dock, si esegua anche il codice malevolo.

Nuove tecniche di infezione nei progetti Xcode

XCSSET ha migliorato anche le modalità con cui inserisce il proprio codice nei progetti Xcode bersaglio. La variante sceglie tra tre strategie:

• TARGET
• RULE
• FORCED_STRATEGY

Inoltre, può posizionare il payload all’interno della chiave TARGET_DEVICE_FAMILY nelle impostazioni di compilazione, eseguendolo in una fase successiva del processo di sviluppo.

Come proteggersi da XCSSET?

Microsoft Defender for Endpoint su Mac è in grado di rilevare XCSSET, compresa questa nuova variante, ma la miglior difesa è la prevenzione. Per proteggersi da questa minaccia:

• Ispezionare attentamente i progetti Xcode prima di scaricarli o clonarli da repository.
• Evitare di installare applicazioni da fonti non affidabili, preferendo gli store ufficiali delle piattaforme software.

La costante evoluzione di XCSSET dimostra ancora una volta come i cybercriminali continuino a perfezionare i loro strumenti per aggirare le difese. Per gli sviluppatori e gli utenti Mac, la prudenza è l’unica arma efficace contro queste minacce sempre più insidiose.

L'articolo XCSSET torna a colpire: il malware che infetta i progetti Xcode si evolve con nuove tecniche di attacco proviene da il blog della sicurezza informatica.

The year in figures

• 27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam
• 18% of all spam emails were sent from Russia
• Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments
• Our Anti-Phishing system thwarted 893,216,170 attempts to follow phishing links
• Chat Protection in Kaspersky mobile solutions prevented more than 60,000 redirects via phishing links from Telegram

Phishing and scams in 2024

Phishing for travelers

In 2024, cybercriminals targeted travel enthusiasts using fake hotel and airline booking websites. In one simple scheme, a fraudulent site asked users to enter their login credentials to complete their booking — these credentials ended up in criminal hands. Sometimes, the fake login form appeared under multiple brand names at once (for example, both Booking and Airbnb).

Another scheme involved a more sophisticated fake site, where users could even select the purpose of their trip (business or leisure). To complete the booking, the scammers requested bank card details, claiming that a certain sum would be temporarily blocked on the account to verify the card’s authenticity. Legitimate booking services regularly request payment details, so the victim may not suspect anything in this case. To rush users into entering their data carelessly, on the phishing page, the scammers displayed warnings about dwindling accommodation availability and an imminent payment deadline for the booking. If the victim entered their data, the funds were not frozen but went straight into the criminals’ pockets.

Cyberthreats in the travel sector affected not only tourists but also employees of travel agencies. By gaining access to a corporate account, criminals could conduct financial transactions on behalf of employees and gain access to large customer databases.

Fake accommodation sites often sent messages to property owners, telling them to log in to “manage their property.” This scheme targeted people renting out their homes through online booking platforms.

Other scam pages featured surveys, offering respondents gifts or prize draws for participating. In this case, victims risked both their credentials and their money. Such fake giveaways are a classic scam tactic. They are often timed to coincide with a significant date for the travel industry or a specific company. For example, the screenshot below shows an offer to take part in a giveaway of airline tickets to celebrate Ryanair’s birthday.

After completing the survey, users may be asked to share the offer with a certain number of contacts, and then pay a small fee to receive the expensive gift. Of course, these prizes are non-existent.

Trapped in social networks

To steal credentials for social media and messenger accounts, scammers used another classic technique: asking users to verify themselves. In one scheme, the victim was redirected to a website that completely replicated WhatsApp’s design. The user entered their phone number and login code, handing their credentials straight over to the cybercriminals.

Beyond verification scams, fraudsters also lured victims with attractive offers. For example, in the screenshot below, the victim is promised free Instagram followers.

Some cybercriminals also used the promise of adult content to lure victims into entering their credentials in a fake authorization form.

Other scammers took advantage of Facebook and Instagram being owned by the same company. On a fraudulent page, they claimed to offer a service that allowed users to find Instagram profiles by entering their Facebook login and password.

Some scams offered users a surprise “gift” — a free Telegram Premium subscription. To enable the messenger’s premium features, the victim only had to enter their phone number and a one-time code on a fraudulent website.

Some fake social media and messenger pages were designed not to steal login credentials but to install malware on victims’ devices. Taking advantage of the popularity of Facebook Lite for Android, scammers offered users a “more advanced official version”, claiming it had extra features missing in the original app. However, instead of an upgraded app, users downloaded malware onto their devices.

Similarly, installing a supposedly free Telegram client with an activated Premium subscription often led to downloading malware.

Social media business services were increasingly used as a pretext for credential theft, as they play a key role in developing and promoting businesses and are directly linked to financial operations. Cybercriminals tricked Telegram channel owners into logging in to a phishing platform imitating the official Telegram Ads tool, thereby stealing their Telegram credentials. To make the scam more convincing, the attackers detailed how Telegram advertising works and promised millions of ad views per month.

TikTok users have also been targeted. TikTok Shop allows sellers to list curated products—items featured in videos—for potential buyers to find and purchase. Scammers created fake TikTok Shop pages to steal seller credentials, potentially leading to both reputational and financial damage.

In another case, fraudsters informed Facebook fan page owners of unusual activity in their accounts. Potential victims were prompted to check their profile by entering their login credentials into a phishing form.

Cryptocurrency: don’t mistake scams for real deals

One of last year’s most sensational stories was the cryptocurrency game Hamster Kombat. This clicker game, simulating the creation of a crypto exchange in a gamified format, quickly attracted a massive audience. Players eagerly awaited the moment when the in-game coins could be exchanged for real virtual currency. But while the official listing was delayed, the fraudulent schemes wasted no time.

Fraudsters claimed to offer cash-out services for in-game coins by converting them into rubles. To withdraw money, criminals claimed, users just had to log in through a fake Telegram page.

The growing anticipation for the new cryptocurrency’s market launch was frequently exploited by cybercriminals to steal seed phrases from crypto wallets. Scammers announced an early token sale, requiring users to log in through a fake page to participate. Of course, there was no mention of such promotions on official resources.

The popularity of Hamster Kombat was also abused in scam schemes. For example, users were offered access to a crypto wallet supposedly containing a significant sum in virtual coins. To claim it, the unsuspecting victims had to share information about the “opportunity” with a certain number of contacts in messaging apps. Having made their potential victim an accomplice in spreading false information, the scammers demanded a small commission for the withdrawal and disappeared with the stolen money.

A more elaborate scam also aimed to trick users into paying a “commission”, but with a slightly different approach. First, visitors to the page were asked to register to learn about some new activity related to Hamster Kombat.

Once registered, they were suddenly informed of having won a large amount of the HMSTR cryptocurrency supposedly as part of an experiment conducted on the platform. Exploiting uncertainty around the token’s listing, scammers urged victims to bypass the official trading launch and exchange their in-game currency for Bitcoin immediately.

To make it more convincing, the page displayed an exchange rate at which the “prize” would be converted.

However, after clicking the “Exchange coins” button, users were prompted to pay a commission for the service.

Everyone who paid this fee lost their money and received no Bitcoin.

Phishing attacks also targeted TON wallet users. In this case, scammers lured victims with promises of bonuses, requiring them to link their crypto wallets on fraudulent websites.

TON cryptocurrency was also used as bait in scam schemes. In a classic scenario, users were promised a quick way to earn digital currency. Fraudsters advertised a cloud mining service that allegedly generated high profits without any effort. After registering, unsuspecting users could monitor their “earnings” but had to pay a commission in cryptocurrency to withdraw funds.

Another “profitable” crypto scam resembled a Ponzi scheme: victims were required to recruit at least five new participants into the program—without receiving any money, of course. The scam site mimicked an online earning platform.

Visitors were instructed to install Telegram and use an unofficial bot to activate a crypto wallet where profits would supposedly be deposited.

According to the instructions, users then had to buy Toncoin and register in the program through a referral link from another participant. The scam worked by enticing people to make a small investment in the hopes of making big profits—the victims used their own funds to purchase the cryptocurrency for registration. But as with any pyramid scheme, only those at the top profited, while everyone else was left with nothing but empty dreams.

All or nothing: multipurpose phishing

Victims of phishing frequently included bank clients and users of government service portals. In such schemes, users first received a notification that they needed to update their account credentials. Cybercriminals used various communication channels to contact their victims: email, text messages, and chats in messaging apps. The victims were then led to fake sites where they were asked to provide their personal data. First, they entered their personal login credentials on the organization’s website.

Next, they were prompted to provide their email account credentials. The scammers also attempted to collect identity document details and other data, including the bank card PIN code.

Additionally, these phishing forms requested answers to security questions commonly used for additional verification in banking transactions.

This way, the cybercriminals gained full access to the victim’s account. Even the PIN code could be useful for the scammers in gaining access to the account. Security questions served as an extra safeguard for fraudsters in case the bank’s security service detected suspicious activity.

False idols

Phishing schemes also exploited the images of real people. For example, users browsing YouTube could stumble upon ad videos of celebrities announcing giveaways for their fans. Clicking the link in such a video led users to a page containing a post supposedly from the celebrity’s social media account, explaining how to claim the prize. However, when attempting to collect the “winnings”, visitors were asked to pay a small commission—insignificant compared to the value of the “gift.” Needless to say, those who paid the fee lost their money. The prize never existed, and the video was nothing more than a deepfake.

Spam in 2024

Scams

Token giveaway scam

Throughout the year, we frequently encountered emails announcing fake cryptocurrency airdrops, allegedly from teams of well-known crypto projects. The recipients, referred to as the platform’s “most valuable users,” were invited to participate in an “exclusive” event as a thank you for their loyalty and exceptional engagement.

New users unfamiliar with cryptocurrency were lured in with a unique opportunity to take part in the token giveaway and win a large sum—all they had to do was register on the platform, which was, of course, fake.

Scammers in 2024 closely monitored cryptocurrency market news. For example, in the spring, ahead of Notcoin’s upcoming listing, scam messages appeared featuring countdown timers, urging potential victims to participate in an airdrop allegedly arranged just for them.

Scam emails also targeted users of the cryptocurrency game Hamster Kombat, popular among Russian-speakers. Players eagerly awaited the HMSTR token listing, which was repeatedly postponed—a delay that scammers were quick to exploit. In the fall of 2024, they began sending emails pretending to be from the Hamster Kombat team, promising generous cash prizes if victims clicked a link to a fake game site.

Similar offers were distributed via a fraudulent website mimicking a major cryptocurrency exchange. In both cases, to claim the coveted tokens, victims had to link their cryptocurrency wallets.

“Nigerian” scam

In 2024, the Nigerian scam remained popular among spammers. Furthermore, fraudsters used both time-tested and trending themes to deceive victims. Cybercriminals employed various tricks and manipulations to engage with email recipients, with the ultimate goal of extracting money.

Most often, users were lured into classic schemes: fraudsters posed as terminally ill wealthy individuals seeking a worthy heir, lottery winners eager to share their prize, or investors offering opportunities in a promising business. Sometimes, to evade suspicion, scammers “rescued” their victims from other fraudsters and offered to compensate them for any financial losses. For example, in the summer of 2024, we came across an interesting case where an alleged victim of crypto fraud suggested that fellow sufferers contact a group of noble hackers for help recovering lost cryptocurrency.

Some scam offers were quite unexpected, as they didn’t promise vast riches, and, therefore, might not attract such a wide audience. In mid-to-late 2024, we saw scam emails claiming to be looking for new owners for pianos due to relocation or the previous owner’s passing.

We also encountered even more creative scam narratives. For example, an email allegedly sent from a secret society of Illuminati promising to share their wealth, power and fame if the recipients agree to join their grand brotherhood.

Other “Nigerian” scam emails capitalized on current news events. Thus, the most talked-about event of 2024, the US presidential election, significantly influenced the types of scams we saw. For example, one scam email claimed that the recipients were incredibly lucky to be eligible to receive millions of dollars from Donald Trump’s foundation.

Scam in the Russian segment

Last year, the Russian segment of the internet was not spared from mass scam mailings. We frequently encountered schemes mimicking investment projects of major banks, promising users easy earnings and bonuses. Fraudsters also sent out emails with promotional offers from home appliance and electronics stores. Customers were informed of huge discounts on sales that were supposedly about to end.

The links in such emails led to fraudulent websites that looked identical to legitimate online stores but stood out with extremely low prices. After paying for their desired items, customers lost their money, as orders were never actually placed.

Beyond electronics, scammers also offered other discounted products. In one such campaign, users received an email advertising a sneaker store selling popular models at affordable prices.

Judging by the technical headers of the emails, both the sneaker store and electronics store promotions were sent by the same fraudsters.

Additionally, we came across emails offering recipients to apply for debit or credit cards under favorable conditions. Unlike the electronics and shoe sale scams, these messages were legitimate referral programs from major banks, which enterprising spammers tried to monetize. Technically, such emails are not scams, as their links lead to real banking websites, and recipients do not face any risks. However, senders profit from registrations via the referral program. Nevertheless, we do not recommend clicking links from unknown senders, as seemingly harmless emails from a referral platform could be phishing or scam messages.

Emails with malicious links and attachments

Password-protected archives

In 2024, there was an increase in emails distributing password-protected archives containing malicious content. Sometimes, these files were included not as attachments but via download links, which also required a password. Presumably, this was the attackers’ attempt to bypass email security filters. Typically, the archive password was mentioned in the email text, and sometimes in the attachment’s filename. Notably, fraudsters often disguised malicious archives or links as files with other extensions, such as PDF, XLS, or DOC.

Since April 2024, we have been recording similar distributions of files with the double extension .PDF.RAR, targeting employees of Russian companies in the government, financial, manufacturing, and energy sectors.

We assume that these messages were sent from compromised email accounts of the recipients’ business partners. Some emails contained real correspondence, to which attackers replied with an email containing the malware. All the emails we examined in this campaign were unique. The attackers likely crafted messages to closely mimic the style of the compromised business partner.

Similar messages containing malicious files were also found in other languages. However, unlike campaigns targeting Russian-speaking users, these had more general themes—attachments were disguised as invoices, commercial offers, supply orders, tender schedules, court notices, and other documents.

Pre-trial claims and lawsuits

Last year, attackers frequently threatened legal action to convince victims to click dangerous links or open malicious attachments. These messages primarily targeted Russian companies but were also observed in other languages. Typically, fraudsters posed as business partners, demanding debt repayment; otherwise, they “would be forced to take the matter to arbitration court.” In one such campaign, pre-trial claims in attachments were .DOC files containing VBA scripts. These scripts established connections with command servers and downloaded, saved, and executed malicious files on the victim’s device. Kaspersky’s products detect this payload with the verdict HEUR:Trojan-Downloader.MSOffice.Sload.gen.

In some cases, cybercriminals gave no reason for their legal threats but instead attempted to shock victims with an already “filed” lawsuit to pressure them into opening the attachment. Of course, it contained malware.

Emails with malicious SVG files

According to our observations, the past year saw a rise in the distribution of malicious SVG files. Disguised as harmless images, these files contained scripts that downloaded and installed additional malware on the victim’s device. (Our solutions detect these scripts as Trojan.Script.Agent.sy and Trojan.Script.Agent.qe.) The emails we encountered were written in Spanish and posed as fake legal case notifications and court summons. The text included a password for opening the attached file.

Threats to businesses

Fake deals

A special category of emails that users complained about in 2024 was requests for quotation from suspicious senders. These emails were sent either from free email addresses or recently created domains. Attackers signed the emails with the names of large companies, included links to their websites, and sometimes even used official company logos. These emails followed a uniform template: the “buyers” briefly introduced themselves, expressed interest in the recipient’s products, and requested a catalog or price list. Interestingly, the fraudsters did not seem to care about the type of goods involved.

If the recipient responded, events could unfold in two ways. In some cases, after receiving a reply to the initial seemingly legitimate request, the fraudsters sent malicious attachments or links in the next email.

In another scenario, the “buyers” engaged in further correspondence with their “potential partner”—the victim—discussing details and insisting on their conditions, including post-payment and requiring the seller to cover customs duties. This meant that the supplier bore all the risks of delivery and could lose their goods without receiving any payment.

Facebook

In the spring of 2024, we discovered an interesting phishing email scheme that leveraged legitimate Facebook notifications. The service sent entirely legitimate emails to users mentioned in threatening posts. The attackers used compromised Facebook accounts, renamed to “24 Hours Left To Request Review. See Why,” and changed the profile picture to an icon featuring an orange exclamation mark.

Then, the fraudsters created posts on these pages tagging the business accounts of potential victims. The tagged users received notifications from the alarmingly-named pages.

These posts contained more details than the emails: victims were warned about an impending account ban due to a complaint from another user. To dispute the ban for violating service terms, the recipient of the “notification” was required to follow a phishing link from the post—leading to a fake site with Meta logos that requested Facebook login credentials.

We also found phishing emails containing legitimate Facebook links in October 2024, but this time without using the platform’s infrastructure. These emails contained notifications of lawsuits for copyright infringement and the removal of unlawful posts from the recipient’s profile. The target was warned that their personal and business pages would be blocked within 24 hours, pressuring them to take hasty and careless action.

However, they were immediately offered the chance to appeal by contacting the “Appeal Support Center.” The link in the email led to a phishing site disguised as Meta’s support service, where the victim was also asked to enter their profile password. To make the phishing link more convincing, a legitimate mechanism for redirecting users to external Facebook resources was used.

At the end of 2024, we noticed an email campaign targeting companies promoting their business pages on Facebook. These emails mimicked official Meta for Business notifications and threatened to block the user’s account and business page for violating the platform’s rules and community policies.

To dispute these accusations, the fraudsters urged the profile owners to click a link to contact “Facebook support” in a legitimate messenger. However, in reality, the victim was communicating with the owner of a fan page called “Content Moderation Center,” imitating an official support service employee. The scam could have been identified by the “Fan Page” label in the chat, though it was easy to miss.

News agenda

In 2024, scammers continued to exploit news agenda in spam campaigns.

During the UEFA Euro 2024 football championship in Germany, emails began to appear offering merchandise with UEFA EURO 2024 logos.

After Pavel Durov’s arrest in Paris, we noticed English-language messages calling for donations to supposedly fund his legal defense.

In the fall of last year, a scam campaign began circulating, offering not-yet-released MacBook Pro M4 devices at low prices or even for free. The links in these emails led to fake websites imitating major marketplaces.

Before Black Friday, we recorded a surge in spam offering exclusive discounts. The links in these messages lured victims to sites disguised as marketplaces, electronics stores, and financial institutions.

B2B spam campaigns

Online promotion services

One of the most common categories of spam email in 2024, complained of frequently by our corporate clients, was commercial offers for online promotion. Users were offered services such as creating or redesigning websites, setting up SEO tools, and purchasing databases with potential client contacts and other information. Other advertised services included guest post placement with backlinks to the client’s site, writing positive reviews, removing negative reviews, and creating personalized email campaigns. While these messages are not malicious or fraudulent, they are mass-distributed and unsolicited, causing inconvenience to users. The popularity of this type of spam is likely driven by the development of digital marketing tools and the search for new clients for small- and medium-sized businesses amid growing online competition.

Buying likes and followers on social media

We also frequently encountered business offers for the online promotion of company accounts on social media. Spammers sell fake likes and followers. They often pose as employees of real social media marketing firms, claiming to be industry leaders. At the end of their emails, the spammers included a link to a marketing platform and payment options for their services. One such campaign, which we observed throughout the past year and is still active, stood out due to the variety of languages used in the emails and the diversity of domain names. With these tactics, the spammers aimed to reach a global audience.

AI in B2B emails

The growing popularity of neural networks has led companies to actively integrate AI into their business processes. We assume that clients of such organizations, in turn, are drawn to service offers that incorporate neural networks. As a natural consequence of this trend, AI-driven solutions began appearing in spam campaigns advertising online marketing services.

Spammers emphasized using AI, particularly ChatGPT, to perform various business tasks. We identified the following themes in these emails:

• Attracting website traffic
• Creating advanced lead generation strategies
• Developing unique approaches tailored to a brand’s identity
• Producing and publishing content
• Launching personalized multi-channel marketing campaigns
• Creating custom videos for YouTube channels

Other topics also appeared in spam emails, but they all shared the same goal—enhancing business processes and attracting potential clients.

Another particularly popular category of spam related to neural networks was advertising online events. Last year, we encountered numerous examples of emails promoting webinars about the promising capabilities and practical applications of AI in business operations.

Targeted phishing in 2024

In 2024, two main trends were observed in targeted phishing:

1. Notifications on behalf of a company’s HR department. Employees were asked to fill out or sign a document, such as a vacation schedule, accessible via a link in an email. Sometimes, instead of routine requests, attackers resorted to more extravagant tactics—such as inviting employees to check if they were on a list of staff to be dismissed.

Phishing email from HR

In all these cases, the common factor was that clicking the link led the employee to a phishing login page instead of the actual corporate portal. Most often, attackers targeted Microsoft accounts, though some phishing forms mimicked internal corporate resources.

Fake login form

1. Emails from a seller to a buyer, or vice versa. One common scheme involved a buyer or seller asking the victim to review an offer or respond to questions about product delivery and required specifications. These emails contained attached documents that actually concealed phishing links.

Example of a phishing email from a seller

When attempting to open the attachment, the user was redirected to a phishing page. As in the previous case, these fake forms harvested Microsoft credentials and corporate account logins.

Fake password entry form

Statistics: phishing

The number of phishing attacks in 2024 increased compared to the previous year. Kaspersky solutions blocked 893,216,170 attempts to follow phishing links—26% more than in 2023.

Number of Anti-Phishing triggerings, 2024 (download)

Map of phishing attacks

Users from Peru (19.06%) encountered phishing most often. Greece (18.21%) ranked second, followed by Vietnam (17.53%) and Madagascar (17.17%). They are closely followed by Ecuador (16.90%), Lesotho (16.87%) and Somalia (16.70%). The final places in the TOP 10 are occupied by Brunei (16.55%), Tunisia (16.51%) and Kenya (16.38%).

* Share of users who encountered phishing out of the total number of Kaspersky users in the country/territory, 2024

Top-level domains

The most common domain zone hosting phishing sites remains the COM zone (29.78%)—its popularity has increased one and a half times compared to 2023. In second place is the XYZ domain (7.10%), which ranked fifth last year, followed by TOP (6.97%), which retained its position in the top ten. Next, with a slight margin from each other, are the ONLINE (4.25%) and SITE (3.87%) domain zones, where phishing sites were less actively hosted last year. The Russian RU domain (2.23%) and the global NET domain (2.02%) are in sixth and seventh place, respectively. Following them are CLICK (1.41%) and INFO (1.35%)—the year before, these zones were not frequently used. Closing the top ten is another national domain: UK, with a share of 1.33%.

Most frequent top-level domains for phishing pages, 2024 (download)

Organizations targeted by phishing attacks

The rating of organizations targeted by phishers is based on the detections of the deterministic component in the Anti-Phishing system on user computers. The component detects all pages with phishing content that the user has tried to open by following a link in an email message or on the web, as long as links to these pages are present in the Kaspersky database.

In 2024, the highest number of attempts to access phishing links blocked by Kaspersky solutions was associated with pages imitating various web services (15.75%), surpassing global internet portals (13.88%), which held the top position in 2023. The third and fourth positions in last year’s top ten also swapped places: banks moved ahead (12.86%), overtaking online stores at 11.52%. Attackers were also interested in social media (8.35%) and messengers (7.98%): attacks targeting them strengthened their positions in the ranking. For websites imitating delivery services, we observed a decline in phishing activity (6.55%), while the share of payment systems remained unchanged at 5.82%. Also included in the list of the most frequently targeted organizations were online games (5.31%) and blogs (3.75%).

Distribution of organizations targeted by phishers, by category, 2024 (download)

Statistics: spam

Share of spam in email traffic

In 2024, spam emails accounted for 47.27% of the total global email traffic, an increase of 1.27 p.p. compared to the previous year. The lowest spam levels were recorded in October and November, with average shares dropping to 45.33% and 45.20%, respectively. In December, we observed a seemingly slight upward trend in junk emails, resulting in the fourth quarter of the year being the calmest. Spam activity peaked in the summer, with the highest number of emails recorded in June (49.52%) and July (49.27%).

Share of spam in global email traffic, 2024 (download)

In the Russian internet segment, the average spam share exceeded the global figure, reaching 48.57%, which is 1.98 p.p. higher than in 2023. As in the rest of the world, spammers were least active at the end of the year: in the fourth quarter, 45.14% of emails were spam. However, unlike global trends, in Runet, we recorded four months during which the spam share exceeded half of all traffic: March (51.01%), June (51.53%), July (51.02%), and September (51.25%). These figures identified the third quarter as the most active, with a share of 50.46%. December was the calmest month, and interestingly, despite spam levels being generally high or the same in Russia, the number of spam emails in December was lower than the global figure: 44.56%.

Share of spam in Runet email traffic, 2024 (download)

Countries and territories where spam originated

We continue to observe an increase in the share of spam sent from Russia—from 31.45% to 36.18%. The United States and mainland China, which held second and third place last year, swapped positions, with China’s share increasing by 6 p.p. (17.11%) and the US share decreasing by 3 p.p. (8.40%). Kazakhstan, which entered the top twenty for the first time last year, rose from eighth to fourth place (3.82%), pushing Japan (2.93%) down, and causing Germany, previously in fifth place, to drop one position with a share of 2.10%. India’s share slightly decreased, but the country moved up two positions from last year to seventh place. Conversely, the amount of spam sent from Hong Kong more than doubled (1.75%), allowing this territory to take eighth place in the top twenty. Next come Brazil (1.44%) and the Netherlands (1.25%), whose shares continued to decline.

TOP 20 countries and territories where spam originated in 2024 (download)

Malicious email attachments

In 2024, Kaspersky solutions detected 125,521,794 attempts to open malicious email attachments, ten million fewer than the previous year. Interestingly, one of the peaks in email antivirus detections occurred in April—in contrast to 2023, when this month had the lowest malicious activity. In January and December, we observed a relative decrease in detections, while increases were noted in spring and autumn.

Number of email antivirus detections, 2024 (download)

The most common malicious email attachments were Agensla stealers (6.51%), which ranked second last year. Next were Badun Trojans (4.51%), which spread in archives disguised as electronic documents. The Makoob family moved from eighth to third place (3.96%), displacing the Noon spyware (3.62%), which collects browser passwords and keystrokes. The malicious Badur PDFs, the most common attachments in 2023, dropped to fifth place with a 3.48% share, followed by phishing HTML forms from the Hoax.HTML.Phish family (2.93%). Next in line were Strab spyware Trojans (2.85%), capable of tracking keystrokes, taking screenshots, and performing other typical spyware actions. Rounding out the top ten were SAgent VBS scripts (2.75%), which were not as actively used last year, the Taskun family (2.75%), which maintained its previous share, and PDF documents containing phishing links, Hoax.PDF.Phish (2.11%).

TOP 10 malware families distributed as email attachments, 2024 (download)

The list of the most widespread malware reflects trends similar to the distribution of families, with a few exceptions: the Hoax.HTML.Phish variant of malicious HTML forms dropped two positions (2.20%), and instead of a specific Strab Trojan sample, the top ten included the ISO image Trojan.Win32.ISO.gen, distributed via email (1.39%).

TOP 10 malicious programs distributed as email attachments, 2024 (download)

Countries and territories targeted by malicious mailings

In 2024, users in Russia continued to face malicious email attachments more frequently than other countries, although the share of email antivirus detections in this country decreased compared to last year, to 11.37%. China ranked second (10.96%), re-entering the top twenty after several years. Next came Spain (8.32%), Mexico (5.73%), and Turkey (5.05%), which dropped one position each with a slight decline in malicious attachments. Switzerland (4.82%) took sixth place, appearing in the ranking for the first time. Following them were Vietnam (3.68%), whose share declined, and the UAE (3.24%), which strengthened its position in the ranking. Also among frequent targets of malicious spam were users from Malaysia (2.99%) and Italy (2.54%).

TOP 20 countries and territories targeted by malicious mailings, 2024 (download)

Conclusion

Political and economic crises will continue to provide new pretexts for fraudulent schemes. In some cases presented in the 2024 report, we can observe the “greed” of cybercriminals: the use of two different company brands on the same page; a credible fake of a resource aimed not at stealing credentials but at stealing money; comprehensive questionnaires that can lead not only to loss of access to funds but also to identity theft. Such multi-layered threats may become a new trend in phishing and scam attacks.

We continue to observe major news events being exploited in spam campaigns that promise easy earnings and discounted goods or services. The growing user interest in artificial intelligence tools is actively being leveraged by spammers to attract an audience, and this trend will undoubtedly continue.

securelist.com/spam-and-phishi…

One can 3D print with conductive filament, and therefore plausibly create passive components like resistors. But what about active components, which typically require semiconductors? Researchers at MIT demonstrate working concepts for a resettable fuse and logic gates, completely 3D printed and semiconductor-free.

Now just to be absolutely clear — these are still just proofs of concept. To say they are big and perform poorly compared to their semiconductor equivalents would be an understatement. But they do work, and they are 100% 3D printed active electronic components, using commercially-available filament.

How does one make a working resettable fuse and transistor out of such stuff? By harnessing thermal expansion, essentially.

The conductive filament the researchers used is Electrifi by Multi3D, which is PLA combined with copper micro-particles. A segment printed in this filament is normally very conductive due to the densely-packed particles, but as temperature increases (beginning around 40° C) the polymer begins to soften and undergoes thermal expansion. This expansion separates the copper particles, causing a dramatic increase in electrical resistance as electrical pathways are disrupted. That’s pretty neat, but what really ties it together is that this behavior is self-resetting, and reversible. As long as the PLA isn’t straight up melted (that is to say, avoids going over about 150° C) then as the material cools it contracts and restores the conductive pathways to their original low-resistance state. Neat!

So where does the heat required come from? Simply passing enough current through the junction will do the job. By carefully controlling the size and shape of traces (something even hobbyist filament-based 3D printers are very good at) this effect can be made predictable and repeatable.

The simpler of the two test components uses the resistance spike as a self-resetting fuse. The printed component is designed such that current above a threshold triggers a surge in resistance, preventing damage to some theoretical circuitry downstream. As long as the component is not destroyed by heating it to the point that it melts, it self-resets as it cools.

The transistor is a bit more interesting. By designing two paths so that they intersect each other, one can be used as a control path and the other as a signal path. Applying a voltage to the control path electrically controls the resistance of the signal path, effectively acting as a transistor. Researchers combined these basic transistors into NOT, AND, and OR gates. One is shown here.

This whole system is scalable, low-cost, and highly accessible to just about anyone with some basic equipment. Of course, it has some drawbacks. The switching speed is slow (seconds rather than nanoseconds) and being thermally-driven means power consumption is high. Still, it’s pretty nifty stuff. Check out the research paper for all the nitty-gritty details.

We’ve seen 3D printed triboelectric generators so it’s pretty exciting to now see printed active electronic components. Maybe someday they can be combined?

hackaday.com/2025/02/19/mit-de…

I canali Telegram degli hacker filorussi di NoName057(16) sono stati eliminati da telegram. Ma subito gli attivisti ricreano nuovi canali marchiati con il suffisso “reborn“.

Ma non è tutto, nei loro primi post sui nuovi canali, pubblicano un nuovo attacco ad infrastrutture italiane con attacchi di Distributed Denial-of-Service (DDoS) frutto del progetto DDoSia da loro coordinato.

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Di seguito viene riportato il messaggio presente nel post di oggi sul loro nuovo canale telegram.
Schiacciare l'infrastruttura internet italiana

❌Banca d'investimento italiana Mediobanca Banca di Credito Finanziario SpA (chiuso da geo)
check-host.net/check-report/233b848ck43e

❌Benelli Armi S.p.A. è un'azienda italiana produttrice di armi da fuoco
check-host.net/check-report/233b883fk23

❌Nexi - Società finanziaria italiana
check-host.net/check-report/233b899aka73

❌Fiocchi Munizioni - Il più grande produttore italiano di munizioni (chiuso per motivi geo)
check-host.net/check-report/233b8a88k5e4

❌Franchi - Azienda italiana produttrice di armi da fuoco
check-host.net/check-report/233b8be5k793

❌Danieli - azienda italiana internazionale, fornitrice di attrezzature e impianti per l'industria metallurgica
check-host.net/check-report/233b8d24k48

Che cos’è un attacco Distributed Denial of Service

Un attacco DDoS (Distributed Denial of Service) è un tipo di attacco informatico in cui vengono inviate una grande quantità di richieste a un server o a un sito web da molte macchine diverse contemporaneamente, al fine di sovraccaricare le risorse del server e renderlo inaccessibile ai suoi utenti legittimi.

Queste richieste possono essere inviate da un grande numero di dispositivi infetti da malware e controllati da un’organizzazione criminale, da una rete di computer compromessi chiamata botnet, o da altre fonti di traffico non legittime. L’obiettivo di un attacco DDoS è spesso quello di interrompere le attività online di un’organizzazione o di un’azienda, o di costringerla a pagare un riscatto per ripristinare l’accesso ai propri servizi online.

Gli attacchi DDoS possono causare danni significativi alle attività online di un’organizzazione, inclusi tempi di inattività prolungati, perdita di dati e danni reputazionali. Per proteggersi da questi attacchi, le organizzazioni possono adottare misure di sicurezza come la limitazione del traffico di rete proveniente da fonti sospette, l’utilizzo di servizi di protezione contro gli attacchi DDoS o la progettazione di sistemi resistenti agli attacchi DDoS.

Occorre precisare che gli attacchi di tipo DDoS, seppur provocano un disservizio temporaneo ai sistemi, non hanno impatti sulla Riservatezza e Integrità dei dati, ma solo sulla loro disponibilità. pertanto una volta concluso l’attacco DDoS, il sito riprende a funzionare esattamente come prima.

Che cos’è l’hacktivismo cibernetico

L’hacktivismo cibernetico è un movimento che si serve delle tecniche di hacking informatico per promuovere un messaggio politico o sociale. Gli hacktivisti usano le loro abilità informatiche per svolgere azioni online come l’accesso non autorizzato a siti web o a reti informatiche, la diffusione di informazioni riservate o il blocco dei servizi online di una determinata organizzazione.

L’obiettivo dell’hacktivismo cibernetico è di sensibilizzare l’opinione pubblica su questioni importanti come la libertà di espressione, la privacy, la libertà di accesso all’informazione o la lotta contro la censura online. Gli hacktivisti possono appartenere a gruppi organizzati o agire individualmente, ma in entrambi i casi utilizzano le loro competenze informatiche per creare un impatto sociale e politico.

È importante sottolineare che l’hacktivismo cibernetico non deve essere confuso con il cybercrime, ovvero la pratica di utilizzare le tecniche di hacking per scopi illeciti come il furto di dati personali o finanziari. Mentre il cybercrime è illegale, l’hacktivismo cibernetico può essere considerato legittimo se mira a portare all’attenzione pubblica questioni importanti e a favorire il dibattito democratico. Tuttavia, le azioni degli hacktivisti possono avere conseguenze legali e gli hacktivisti possono essere perseguiti per le loro azioni.

Chi sono gli hacktivisti di NoName057(16)

NoName057(16) è un gruppo di hacker che si è dichiarato a marzo del 2022 a supporto della Federazione Russa. Hanno rivendicato la responsabilità di attacchi informatici a paesi come l’Ucraina, gli Stati Uniti e altri vari paesi europei. Questi attacchi vengono in genere eseguiti su agenzie governative, media e siti Web di società private

Le informazioni sugli attacchi effettuati da NoName057(16) sono pubblicate nell’omonimo canale di messaggistica di Telegram. Secondo i media ucraini, il gruppo è anche coinvolto nell’invio di lettere di minaccia ai giornalisti ucraini. Gli hacker hanno guadagnato la loro popolarità durante una serie di massicci attacchi DDOS sui siti web lituani.

Le tecniche di attacco DDoS utilizzate dal gruppo sono miste, prediligendo la “Slow http attack”.

La tecnica del “Slow Http Attack”

L’attacco “Slow HTTP Attack” (l’articolo completo a questo link) è un tipo di attacco informatico che sfrutta una vulnerabilità dei server web. In questo tipo di attacco, l’attaccante invia molte richieste HTTP incomplete al server bersaglio, con lo scopo di tenere occupate le connessioni al server per un periodo prolungato e impedire l’accesso ai legittimi utenti del sito.

Nello specifico, l’attacco Slow HTTP sfrutta la modalità di funzionamento del protocollo HTTP, che prevede che una richiesta HTTP sia composta da tre parti: la richiesta, la risposta e il corpo del messaggio. L’attaccante invia molte richieste HTTP incomplete, in cui il corpo del messaggio viene inviato in modo molto lento o in modo incompleto, bloccando la connessione e impedendo al server di liberare le risorse necessarie per servire altre richieste.

Questo tipo di attacco è particolarmente difficile da rilevare e mitigare, poiché le richieste sembrano legittime, ma richiedono un tempo eccessivo per essere elaborate dal server. Gli attacchi Slow HTTP possono causare tempi di risposta molto lenti o tempi di inattività del server, rendendo impossibile l’accesso ai servizi online ospitati su quel sistema.

Per proteggersi da questi attacchi, le organizzazioni possono implementare soluzioni di sicurezza come l’uso di firewall applicativi (web application firewall o WAF), la limitazione delle connessioni al server e l’utilizzo di sistemi di rilevamento e mitigazione degli attacchi DDoS

L'articolo NoName057(16) Cancellato da Telegram! Ma subito il “Reborn” Con Attacchi DDoS All’Italia! proviene da il blog della sicurezza informatica.