34 People Arrested in Global Crackdown on DDOS Attack Service Users

Today's topics include the arrest of 34 individuals in 13 countries charged with using online services that provide denial-of-service attacks to order, Apple’s security patch for its macOS and iOS, the release of Facebook’s Certificate Transparency Monitoring tool and Google’s improvements to its machine learning technology through its Embedding Projector technology.

International law enforcement agencies in more than dozen countries arrested 34 individuals in a cyber-crime sweep that focused on customers of online services that provide denial-of-service attacks to order.

In the United States, the FBI arrested a 26-year-old University of Southern California graduate student allegedly linked to distributed denial-of-service (DDoS) attack that knocked a San Francisco chat-service company offline. The suspect, Sean Sharma, was charged on Dec. 9 with purchasing a DDoS tool used to mount the attack, the FBI stated in a release.

Since last week, the FBI’s International Cyber Crime Coordination Cell, or IC4, and other law enforcement agencies—including Europol and the U.K.’s National Crime Agency—have arrested 34 suspects and conducted interviews with 101 individuals.

Apple is updating both its desktop macOS Sierra and iOS mobile operating systems for multiple security vulnerabilities. The iOS 10.2 update was officially released on Dec. 12, while the macOS 10.12.2 update followed a day later on Dec. 13.

Among the items fixed in iOS 10.2 is a vulnerability that was first publicly disclosed in a YouTube video on Nov. 16 that can enable a potential attacker to access a user's photos and contacts from the iPhone's lock screen. The vulnerability is identified as CVE-2016-7664 and was reported by Miguel Alvarado of iDeviceHelp.

On Dec. 13, Facebook announced the launch of its freely-available Certificate Transparency Monitoring tool, providing users with a simple way to search for recently issued certificates and to be alerted when a new certificate is issued for a specific domain.

SSL/TLS is the encryption standard used across the internet to secure websites. A best practice for SSL/TLS is for the security certificates to be issued by a known Certificate Authority (CA) to help guarantee authenticity and integrity.

Defective Certificates can be accidentally or maliciously issued, which is a risk that the Certificate Transparency effort aims to help mitigate. Google initiated the Certificate Transparency initiative, which involves Certificate Authorities publishing newly issued certificates to a Certificate Transparency (CT) log.

Facebook's tool enables users to search CT logs for certificates as well as provides a mechanism to subscribe to alerts on domains.

Google has open sourced its Embedding Projector, a web application that gives developers a way to visualize data that's being used to train their machine learning systems.

Embedding Projector is part of TensorFlow, the machine learning technology behind some popular Google services like image search, Smart Reply in Inbox and Google Translate.

In a technical paper, Google researchers described the Embedding Projector as an interactive visualization tool that developers can use to interpret machine-learning models that rely on what are known as “embeddings."

“With the widespread adoption of ML systems, it is increasingly important for research scientists to be able to explore how the data is being interpreted by the models,” Google engineer Daniel Smilkov said in Google’s open source blog.