tag:theconversation.com,2011:/us/topics/trojan-1617/articlesTrojan – The Conversation2015-03-12T19:12:29Ztag:theconversation.com,2011:article/383682015-03-12T19:12:29Z2015-03-12T19:12:29ZWe need to take responsibility for our own safety online<figure><img src="https://images.theconversation.com/files/74580/original/image-20150312-13505-1tgnarx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">We need to take charge and teach ourselves a bit about the internet in order to stay safe online.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/29881930@N00/2085856619/in/photolist-4bjyva-7c8Nkq-9HtFRE-dgagZ1-kHEiaF-9tRA4D-9gub9D-9gub74-9tRAgF-9TNLRF-9pEcUR-9wzD7S-pQm51E-9RDn8n-m95cF-9Rq7zn-pLE7Pq-q9qvLq-jomrhH-7YHZRg-mdhyCW-rhCEmY-nuPDb7-jvdNEs-qoadZi-jUfRub-9H923x-9z3tT1-9A6hRm-85fndj-p5NukG-4bozKA-4boAbU-9fvXxU-9gxgfQ-9zrYy7-ipnvtP-b9aK74-7Az84Q-9wzDjY-qoJmMW-9RDmZc-nq91UE-9ndbXy-9heMYh-o3oLa4-o1vDW1-9t75Yf-9yuX22-9oNhUi">gail/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span></figcaption></figure><p>Going online without understanding the basics of how the internet works is like getting behind the wheel without knowing the road rules: you might still get where you’re going, but you could be a danger to yourself and those around you.</p>
<p>Using the internet is now a daily activity for most Australians. Yet, the number of people who actually understand the internet’s mechanics is small. Government and schools do work to promote <a href="http://www.australia.gov.au/topics/it-and-communications/cyber-security">cyber security</a> and <a href="http://www.cybersmart.gov.au/">cybersafety</a>, but the message is still not getting widespread attention. </p>
<p>Ultimately there is only so much that government or businesses can do to keep us safe online. At a certain point, we need to take personal responsibility and educate ourselves about how to use the internet safely.</p>
<h2>Rules of the road</h2>
<p>A <a href="http://www.psypress.com/books/details/9781848721661/">recent book</a> on “cyberpsychology” and new media highlights the reasons why there has been a lag in awareness of cyber security. Much of it comes down to changing attitudes of internet users. </p>
<p>Various studies have shown that there is a general lack of understanding about how the internet actually affects us. This is particularly the case since the advent of <a href="http://www.oreilly.com/pub/a/web2/archive/what-is-web-20.html">Web 2.0</a>, whereby we started posting user-generated content to the internet, some of it of a private nature.</p>
<p>Internet use has evolved quickly, and the rate of adoption of new applications has been phenomenal, outstripping the pace of regulation or research into internet use. When cars started hitting the roads in the early 20th century, they didn’t change nearly as rapidly, and governments responded quickly through regulation and promoting new road rules.</p>
<p>While some of us are aware of the dangers of the internet, the idea that “it won’t happen to me because I am not doing anything ‘dodgy’” is a common fallacy. Car owners have insurance because they know that even if they drive carefully, they do not have full control of the environment and other drivers.</p>
<p>There is also a generally low level of digital literacy, including basic things like knowing how a web browser works, what sources to trust and where uploaded information is stored. </p>
<p>This low level of digital literacy also contributes to the attitude of some parents and teachers, who proclaim it’s impossible to keep up with their children. Therefore cyberspace is seen as the domain of so called “<a href="http://www.marcprensky.com/writing/Prensky%20-%20Digital%20Natives,%20Digital%20Immigrants%20-%20Part1.pdf">digital natives</a>”. Conversely, parents are able to instruct their children when they hop in the driver’s seat.</p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/74581/original/image-20150312-13523-14sa2qu.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Sometimes we need to admit we’re constantly learners when it comes to technology.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/canonsnapper/409167139/in/photolist-Ca68R-gyxMWt-4AKJ3g-4wmzy-MZJsM-4bYrhk-5NisDH-evAUMm-78RUqX-32LLv-4vhty5-dSXEBp-3baxQa-3S5akV-7xrQGs-nkLUfp-7wybZY-e4UtWr-e51cf1-9UFHtZ-4rijnH-3bawK8-9Kxoui-e51mYN-7SSCAp-7b7Cn9-9ue8SV-e51jLG-6aH2zm-aAuz1-e51fkw-e7s7JG-e51kUA-dUggSv-6nCbix-7SVUVS-e4Ut9p-gMWsGW-e4UyRi-6acgmD-i46wrk-6PEw3e-22f6WE-8xXCS3-5LQsBv-7SVUBG-9jjhGg-7FRj2F-ecnvAL-dQDqT9">Michael Summers/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/">CC BY-NC-ND</a></span>
</figcaption>
</figure>
<p>Some people may also divest personal responsibility when it comes to cybersafety, preferring to trust government, via regulation, or business, through their own security policies, to protect them. Or they hope that their work or school will set up adequate firewalls. </p>
<p>This is problematic in that it is us who have final control in what we seek out, download, share or allow access to. Ultimately, firewalls are useless if the we freely provide the sensitive information to those who would misuse it. </p>
<h2>Staying in our lane</h2>
<p>In Australia there is a relatively strong culture of privacy and confidentiality. An example of this is shown by the <a href="http://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/rp1112/12rp03#_Toc309206419">resistance to a national smart card</a> even just for health reasons, and the <a href="http://www.theaustralian.com.au/in-depth/cabinet-papers/mps-urged-to-spruik-doomed-australia-card/story-fnkuhyre-1226792641896">national identity card</a>. </p>
<p>This Australian interest in protecting privacy could to be harnessed to stimulate more widespread interest in cyber security more broadly. </p>
<p>However, it is important to understand the limits of Australian privacy laws and appreciate that it can be difficult to administer such laws. The internet does not have clear national boundaries making Australian laws potentially limited as most of us access sites internationally. </p>
<p>Christopher Kuner, a lawyer at Hunton & Williams, has written a <a href="http://ijlit.oxfordjournals.org/content/early/2010/03/11/ijlit.eaq002.short">concise summary</a> of the progress of privacy laws internationally. </p>
<p>And just as a driver should know their vehicle and its limitations, we should know the basics of our browser settings and the privacy settings of any apps and software we might be using. In addition, as more are using the <a href="https://theconversation.com/au/topics/cloud-computing">cloud</a>, they should also be aware of the <a href="http://www.oaic.gov.au/privacy/privacy-archive/privacy-speeches-archive/privacy-and-the-cloud">conditions of using these services</a>. After all, most drivers carefully pick the mechanic who services their car.</p>
<p>There is also a need for us to be aware of what we are sharing online. More importantly, with whom we are sharing it. It is easier than ever for strangers to get to know us just by looking at what we share through social media. Disparate pieces of information, even from different sites, can be pulled together to form a picture of us, making us an easier target for things like identity theft. </p>
<h2>Getting behind the wheel</h2>
<p>Finally, we should be aware of unfamiliar websites and the possibility of <a href="https://theconversation.com/au/topics/trojan">Trojans</a>, <a href="https://theconversation.com/au/topics/malware">malware</a> and <a href="https://theconversation.com/au/topics/phishing">phishing</a> scams. </p>
<p>Usually a simple Google search will yield a lot of information on how we can minimise these kinds of threats. Google itself also has pages of useful information on <a href="https://www.google.com/safetycenter/everyone/start/">online safety</a>. We don’t hand over our car keys to strangers, or let others know publicly where we keep them. Neither should we freely allow access to our personal devices or our private information.</p>
<p>Government regulation and business protections alone are not sufficient to keep us safe online. Just like on the roads, it also takes a measure of personal responsibility and a commitment to learn the basic skills required to use the internet to keep ourselves, and those around us, protected from online threats.</p><img src="https://counter.theconversation.com/content/38368/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Shanton Chang receives funding from The Collier Foundation and The Telematics Trust.</span></em></p>There is only so much government and business can do to keep us safe online. Ultimately we need to take personal responsibility for how we use the internet.Shanton Chang, Associate Professor in Information Systems, The University of MelbourneLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/377742015-02-19T15:36:26Z2015-02-19T15:36:26ZMalware infecting hard disk firmware remained hidden for 15 years – but who’s responsible?<figure><img src="https://images.theconversation.com/files/72496/original/image-20150219-28194-1ocqvrz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Picking off hard drive manufacturers, one by one.</span> <span class="attribution"><span class="source">Kaspersky Lab</span></span></figcaption></figure><p>It sometimes seems that whenever security researchers discover some new exploit or malware that allows the monitoring of remote computers, the finger is quickly pointed at the US intelligence agencies. </p>
<p>Security firm Kaspersky has <a href="http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage">recently revealed</a> a complex malware developed by a group called <a href="http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/">Equation</a>. Although its report made no mention of the US National Security Agency, subsequent <a href="http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216">news reports</a> held it responsible anyway.</p>
<p>This seems to follow the logic that, as Equation’s malware uses techniques similar to Stuxnet, if Stuxnet was developed by the NSA then Equation’s must also have been developed by the NSA. But despite everything that’s been written about Stuxnet’s origins, there’s no conclusive proof tying it to the NSA, or anyone else.</p>
<p>Such breathless headlines unfortunately obscure how interesting this <a href="http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/">new suite of malware</a> is – not least that it isn’t new, but dates back to 2001. That is eons in technological terms. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=351&fit=crop&dpr=1 600w, https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=351&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=351&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=441&fit=crop&dpr=1 754w, https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=441&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/72497/original/image-20150219-28187-1n0h4x3.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=441&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A family of malware evolving over more than a decade.</span>
<span class="attribution"><span class="source">Kaspersky Lab</span></span>
</figcaption>
</figure>
<h2>Hard drive attack</h2>
<p>What’s also interesting is the way the attackers hid the malware: by embedding the malicious code into the <a href="http://www.webopedia.com/TERM/F/firmware.html">firmware</a> (hard-coded software) built into hard disk drives found in practically every computer. Not just drives from one manufacturer, but almost all the mainstream brands – perhaps even the one that powers the computer on which you read this now. Why is this important? It means you could wipe the entire drive, reinstall your computer’s software from scratch – <a href="http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html">and still be infected</a>. </p>
<p>The only more attractive hiding place for an attacker is the firmware that is required to start the computer, the BIOS, but viruses that attack the BIOS have been around for decades and hardware has been adapted in defence. On the other hand, looking at hard drive firmware and adopting defences against tampering with it just hasn’t been on the agenda, a fact that has allowed this malware to go undetected for so long.</p>
<h2>An updated, evolving threat</h2>
<p>And it’s not just that the attackers were able to work out how to embed their malware in the drives’ firmware; they appear also to have been able to update it with improved versions. This would require updating (“flashing”) not just the malware but the original firmware code too, without which the drive wouldn’t function. This is considered <a href="https://www.ibr.cs.tu-bs.de/users/kurmus/papers/acsac13.pdf">technically advanced even today</a> – yet someone seems to have developed the capability to do so more than 10 years ago. This is technically impressive.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/HitPEFU7EVY?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A new meaning to installing ‘on’ my hard drive.</span></figcaption>
</figure>
<p>So the fact that such an advanced technique was deployed so long ago prompts us to wonder what else is out there that we don’t know about? It’s not as if this is the first such discovery: <a href="https://theconversation.com/new-cyber-attack-model-helps-hackers-time-the-next-stuxnet-21985">Stuxnet</a>, <a href="https://theconversation.com/flame-a-weapon-of-the-us-led-cyberwar-or-corporate-spyware-7423">Flame</a>, <a href="https://theconversation.com/introducing-regin-one-of-the-most-sophisticated-espionage-bugs-ever-discovered-34616">Regin</a> and now Equation, all of which appear to have been active for many years. To paraphrase Oscar Wilde: to miss one piece of malware looks like misfortune, to miss four looks like trend.</p>
<h2>Pointing the finger</h2>
<p>It is easy, as we see from some of the headlines, to attribute blame based upon circumstantial evidence such as those who was attacked. However, this assumes that a state actor is responsible – and that only certain countries have the wherewithal to develop such a capability. Yet, as the video above demonstrates, one individual with skills and time <a href="http://spritesmods.com/?art=twitter1943&page=4">was able to do much the same</a>.</p>
<p>One of the extraordinary things about cyber warfare and cyber espionage is how it has levelled the playing field between adversaries who might be hugely unequal in other ways. With a relatively small team and modest budget anyone could potentially develop very clever software. Cyberspace is the ideal platform to wage asymmetric warfare. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=375&fit=crop&dpr=1 600w, https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=375&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=375&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=471&fit=crop&dpr=1 754w, https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=471&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/72479/original/image-20150219-28191-1ng1tmy.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=471&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Pointing the finger of blame based on who was targeted is not conclusive.</span>
<span class="attribution"><span class="source">Kaspersky Lab</span></span>
</figcaption>
</figure>
<p>The reports of all these threats – Regin, Stuxnet, Flame, and others – carry the assumption that a government is responsible. It’s not an unreasonable assumption considering that the software’s primary function is espionage. But while nation states are the consumers of intelligence gathered in this way, it doesn’t mean that their agencies are responsible – there is an active market for such information, which means there is a commercial motivation for others to collect it. </p>
<p>Criminal hackers steal personal information to sell on the black market to those who would commit fraud. They might equally gather data of interest to governments and law enforcement and sell it to them. In many ways it is a classic market: with limitless demand there will always be those willing to supply.</p>
<p>In any event, it’s worth reading the full range of reports available and forming your own judgement. Like reading only a single newspaper, the likelihood is that the news is reported with a particular slant – such as blaming the NSA. And while you can be sure of very little when it comes to final attribution of these attacks, you can be sure that individual reports carry their own bias. If you are able, it is worth concentrating on the technical detail as that is where you’re more likely to find the truth. </p>
<p>And expect to hear more such stories in the future – after all, if malware can be hidden so succesfully 10 years ago imagine what’s possible today.</p><img src="https://counter.theconversation.com/content/37774/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Alan Woodward does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Mystery malware capable of hiding itself in a hard drives’ internal electronics has been revealed, having spread worldwide for more than a decade.Alan Woodward, Visiting Professor , University of SurreyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/298732014-07-30T05:24:53Z2014-07-30T05:24:53ZYou don’t need a fast car to rob a bank any more, just malware<figure><img src="https://images.theconversation.com/files/55194/original/2f7ypth4-1406651997.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Swag bags and getaway cards are so 20th century.</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-201245861/stock-photo-hacker-typing-on-laptop-with-binary-code.html?src=B04d0e9q6YtD23eOBAopSA-1-17">Andrey_Popov</a></span></figcaption></figure><p>The number of physical robberies on banks <a href="http://www.telegraph.co.uk/finance/financial-crime/10538081/Bank-robberies-fall-90pc-as-new-security-outsmarts-thieves.html">has fallen dramatically</a> in recent years, but the amount of money banks are losing through electronic methods has rocketed. In 2013 for example, the annual fraud indicator estimated the annual cost of fraud in the UK was [£52bn](https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/206552/nfa-annual-fraud-indicator-2013.pdf], most of it unidentified, and <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/118536/afi-2010.pdf">almost double</a> what it was five years before. So it’s easy to put up CCTV cameras, bulletproof glass and alarm bells, but in an electronic world there are infinite ways to commit fraud. </p>
<p>In fact there are so many targets in a electronic world that criminals can focus their efforts on the customer, the bank or the merchant. With virtually no footprint at all, criminal gangs can install malware within any part of the e-commerce infrastructure and either steal user credentials or modify transactions. It may be tempting to see this as a victimless crime, but large-scale fraud can have serious implications on the global financial market, not to mention user trust.</p>
<p>Individuals have been finding ways around electronic security for decades. Well known examples include <a href="http://mentalfloss.com/article/19484/true-crime-john-draper-original-whistle-blower">John Draper</a> (aka Captain Crunch), who in the 1970s used a whistle tuned to 2.6kHz that was given away in cereal packs to fool the pitch-controlled security system on the US telephone network, allowing him to make long-distance calls free of charge. Then there was Vladmir Levin, from Russia, who siphoned off millions from Citibank customers in the early 1990s by finding a way around their dial-up wire transfer service. </p>
<p>These days, any script kiddie can create their own targeted attack on the finance system. You don’t need extensive programming skills or even a deep knowledge of how the e-commerce infrastructure works. A key target is the end user, since they tend to be the weakest link in the chain.</p>
<h2>Holy Boleto!</h2>
<p>The latest reminder came with the recent attacks on Boleto Bancário, the Brazilian inter-bank payment system, which were <a href="http://www.zdnet.com/rsa-brazils-boleto-malware-stole-nearly-4-billion-in-two-years-7000031197/">announced</a> earlier this month. Known colloquially as Boleto, a vast amount of low-dollar transactions were hijacked by the latest malware, most probably set up by Brazilian organised crime gangs. With the theft amounting to nearly $4bn (£2.4bn), it could be the largest fraud in history. </p>
<p>Boleto is the second-most-popular payment method in Brazil after credit cards and has around 18% of all purchases. It is typically used to pay phone and shopping bills. One reason it is popular is that many Brazilians don’t have a credit card, and even when they do have one, they are often not trusted. </p>
<p>The fraud worked very simply. It tricked customers to install a piece of malware on their system and then waited until they visited their bank’s website. It spread using what is called spear phishing, which is the most common method these days, where users are sent emails with links on them. When the user clicks on them, they will run a program on their computer, and install the malware.</p>
<p>The malware used what is called a man-in-the-browser attack, where the malware sits in the browser, including Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. It is known commonly as a Eupuds, which is classified as an information-stealing Trojan that stays alive by writing itself on to a user’s hard drive and modifying the relevant Windows registry key so that it starts every time the computer is booted up. As well as infecting browsers using Windows operating systems, it can also steal information through the likes of Windows Live/Hotmail and Facebook. </p>
<p>In the case of Boleto, it worked by detecting the traffic between the browser and server by searching for specific relevant strings linked to bank sites. It then recorded all the information that had to be submitted about the recipient of the Boleto transaction. It then submitted the transfer for payment and modified it by substituting an attacker’s account for the recipient’s one. As many as 200,000 IP addresses were infected and 83,000 user email credentials were stolen in a move that had been going on for two years. </p>
<p>Of the statistics received, all the infected machines were running Microsoft Windows as their operating system. The majority were running Microsoft Windows 7 (78.3%), with Microsoft Windows XP second-most popular (17.2%). Of the browsers detected, the most popular was Internet Explorer (48.7%), followed by Chrome (34%) and Firefox (17.3%); and the most popular email domain used to steal user credentials was hotmail.com (94%). The reason that the impact was so great is that Boleto is only used in Brazil, thus malware detection software has not targeted it since it is a limited market.</p>
<p>All the same, the threat should have been detected more quickly. The first signs of the ZIP file containing the malware appeared in 2010. Cisco Systems was highlighting the distribution of the spam emails in 2012 and more warnings highlighted the threat last year. </p>
<h2>Wake up and smell the malware</h2>
<p>These attacks should serve as a wake-up call for the finance industry and governments around the world. What is most worrying about this type of fraud is that it could compromise the whole of the finance industry. It could even bring down major finance companies and even nation states with a single large-scale event. </p>
<p>As long as there’s one person who will to click on a link in an email, there will be the potential for fraud. This is why the focus is moving towards end-users. So what’s the solution? Users need to watch what they click, and also protect their systems by installing the latest upgrades from the likes of Microsoft and having up-to-date virus software. Until customers and major organisations find a way of getting fully across these threats, these are dangerous times to bank. </p><img src="https://counter.theconversation.com/content/29873/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bill Buchanan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The number of physical robberies on banks has fallen dramatically in recent years, but the amount of money banks are losing through electronic methods has rocketed. In 2013 for example, the annual fraud…Bill Buchanan, Head, Centre for Distributed Computing, Networks and Security, Edinburgh Napier UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/64962012-05-03T04:30:16Z2012-05-03T04:30:16ZBy Jupiter: the gas giant’s Trojans were captured, not pre-formed<figure><img src="https://images.theconversation.com/files/10309/original/zz8ht2bx-1336014804.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Trojans such as (1173) Anchises appear to have been caught in Jupiter's orbit, mid-flight.</span> <span class="attribution"><span class="source">Dave Hosford</span></span></figcaption></figure><p>You’ll remember that, about a year ago, Canadian astronomers announced the discovery of <a href="https://theconversation.com/earths-first-trojan-found-say-hello-to-our-little-friend-2525">a small asteroid sharing the earth’s orbit.</a></p>
<p>The asteroid in question, 2010 TK<sub>7</sub>, is a “planetary Trojan” – an object sharing an orbit with a planet.</p>
<p>While Earth only has one such companion (that we know of), the giant planets Jupiter and Neptune are accompanied by vast swarms of these objects. Both likely host at least a million Trojan asteroids larger than 1km in diameter, trapped in swarms that both lead and trail the host planet in its orbit.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&rect=1%2C195%2C594%2C501&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=800&fit=crop&dpr=1 600w, https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=800&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=800&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1005&fit=crop&dpr=1 754w, https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1005&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/2505/original/Earth_s_trojan_companion_image_1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1005&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The motion of Earth’s trojan, in green, relative to the Earth, over a period of years.</span>
<span class="attribution"><span class="source">Paul Wiegert, University of Western Ontario</span></span>
</figcaption>
</figure>
<p>Just recently my fellow researchers and I discovered that a “Jovian” Trojan (sharing an orbit with Jupiter) discovered in 1930, <a href="http://en.wikipedia.org/wiki/1173_Anchises">(1173) Anchises</a>, <a href="http://arxiv.org/abs/1204.1388">is actually unstable</a> – that is, it will eventually escape from Jupiter’s grasp to roam the wider solar system.</p>
<p>More on Anchises and the significance of our discovery in a moment. But first, a bit of background …</p>
<h2>The Jovian Trojans</h2>
<p>Of the populations of Trojans in our solar system, the Jovian Trojans are by far the best studied. The first Jovian Trojan found, <a href="http://www.enotes.com/topic/588_Achilles">(588) Achilles</a>, was discovered way back in 1906.</p>
<p>As such, you might expect we’ve had plenty of time to work out everything there is to know about the way these objects formed and how they behave. In reality, the more we study them, the more surprises are thrown our way.</p>
<p>Perhaps the most surprising characteristic of the Jovian Trojans is the great variety of orbits they possess. Unlike the planets, which move in orbits that are <a href="http://hyperphysics.phy-astr.gsu.edu/hbase/orbv.html">relatively circular</a> and almost lie in exactly <a href="http://en.wikipedia.org/wiki/Ecliptic">the same plane</a>, the Jovian Trojans include objects moving on orbits that are inclined by almost 60º to the plane of the solar system.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/10303/original/tzryxcw4-1336012298.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The planets in our solar system orbit in virtually the same plane.</span>
<span class="attribution"><span class="source">spradnyesh</span></span>
</figcaption>
</figure>
<p>Other Trojans move on orbits so eccentric that, at their furthest distance from the sun, they are more than 50% further away than at their closest (such as <a href="http://en.wikipedia.org/wiki/(40237)_1998_VM6">asteroid (40237)</a>, which ranges between 4.07 and 6.36 times the distance from Earth to the sun).</p>
<p>The key to understanding this unexpectedly “puffed up” population of objects lies in understanding how our solar system formed and then evolved into its current state.</p>
<h2>The formation of Jupiter’s Trojans</h2>
<p>The reason there are so many objects in Jupiter’s Trojan clouds is that orbits within those clouds are dynamically stable – once an object is moving on one of those orbits, the chances are it will stay there for billions of years. </p>
<p>This stability is the reason we have large populations of Trojans in the first place. But it also poses a problem for astronomers.</p>
<p>The evolution of objects under gravity – their so-called <a href="http://arxiv.org/abs/1106.4114">“dynamical evolution”</a> – is a time-reversible process. If an object can be transferred from one orbit to another purely under the influence of gravity, then the reverse transfer is also possible.</p>
<p>Because the Trojans are thought to be highly dynamically stable, this means it’s very unlikely a given Trojan will be ejected from the Trojan cloud. So if you were to return to the solar system in a billion years, the Trojan clouds would look pretty much as they do today.</p>
<p>This becomes a problem when you consider how the Trojans got there in the first place.</p>
<p>If it’s very hard for objects to escape the region, then it is equally very hard for objects to be captured to that region. And so the most simple explanation for the presence of the Trojan clouds would seem to be that the Trojans formed in those clouds, and have remained there ever since.</p>
<figure><a href="http://spaceobs.org/wp-content/uploads/2011/08/hitrfix.gif"><img width="440" alt="Jovian Trojan animation" src="http://spaceobs.org/wp-content/uploads/2011/08/hitrfix.gif"></a><figcaption>A view of the motion of two populations of interesting asteroids - [the Hildas](http://en.wikipedia.org/wiki/Hilda_family) in red and the [Jovian Trojans](http://en.wikipedia.org/wiki/Jupiter_Trojan) in green. At the centre of the plot lies the sun, with Jupiter located to the right. The animation is plotted in “co-rotating co-ordinates” meaning your point of view is essentially rotating at the same speed at which Jupiter orbits the sun. As a result Jupiter stays in one place on the plot and you can see the motion of the objects plotted with respect to Jupiter. Note how objects in the Trojan clouds (the green dots) rotate around the centre of the clouds (a point 60º around Jupiter’s orbit from the giant planet), but never move far enough from that location to closely encounter Jupiter. </figcaption></figure>
<h2>Growing Trojans</h2>
<p>The sticking point with this “in-situ” hypothesis is the distribution of Trojan orbits. It’s now <a href="http://en.wikipedia.org/wiki/Formation_and_evolution_of_the_Solar_System">well accepted</a> that our planetary system (as well as the many <a href="https://theconversation.com/topics/exoplanets">exoplanetary systems</a> being discovered) formed from a disk of material around the youthful sun.</p>
<p>Such disks (called <a href="http://en.wikipedia.org/wiki/Protoplanetary_disk">protoplanetary disks</a>) are known to be very dynamically cold. In other words, they are very thin and consist of gas and dust moving on orbits that are very close to circular, and lie in the same plane.</p>
<p>Several studies – including <a href="http://adsabs.harvard.edu/abs/2009MNRAS.398.1715L">one by my colleagues and I</a> - have shown a number of problems with forming the Jovian (and Neptunian) Trojan populations in-situ from such a disk.</p>
<p>Two of these, in particular, stand out:</p>
<p>1) Studies of in-situ Trojan formation have repeatedly shown their <a href="http://www.thefreedictionary.com/accretion">accretion</a> (the process by which objects form through collisions between small grains of dust and ice) would be too inefficient to produce a large number of Trojans before the protoplanetary disk is blown away by the youthful and hyperactive sun.</p>
<p>2) More troublesome for the theory of in-situ formation, the Trojan populations formed in those studies always have very dynamically cold properties.</p>
<p>In other words, Trojans formed in this manner move on orbits that are essentially circular, and all lie within, at most, a couple of degrees of the plane of the solar system. This is in stark contrast to the highly excited clouds of Trojans we observe in our own solar system, with many Trojans moving on highly inclined and relatively eccentric orbits.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/10301/original/by8g9vc4-1336011757.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Jupiter’s Trojans didn’t form at their current location, from a protoplanetary disc.</span>
<span class="attribution"><span class="source">European Southern Observatory</span></span>
</figcaption>
</figure>
<p>We therefore have a problem: the <a href="http://astro.berkeley.edu/%7Eechiang/ppp/trojan.pdf">Trojans can’t have formed in-situ</a>.</p>
<p>But the Trojan clouds are so dynamically stable that securely capturing even a few Trojans from the population of unstable objects that whizz around the outer solar system seems highly unlikely. Capturing a population that possibly numbers in the millions seems even more unlikely.</p>
<h2>Wandering planets</h2>
<p>Fortunately, in the last ten or 15 years, a solution to this problem has gradually been revealed.</p>
<p>Through <a href="http://adsabs.harvard.edu/abs/1995AJ....110..420M">a combination of detailed studies</a> of our own solar system, and the discovery of a wide variety of <a href="http://www.space.com/15467-giant-alien-planet-splits-2-worlds.html">exoplanetary systems vastly different to our own</a>, it’s now widely accepted that giant planets migrate over vast distances, both during and after their formation, before coming to rest in their final orbits. </p>
<p>In our own solar system, a key piece of evidence for this migration is the objects known as the <a href="http://en.wikipedia.org/wiki/Plutino">Plutinos</a>. These objects are named after the first member discovered, the dwarf planet <a href="http://www.cosmosmagazine.com/news/656/134340-the-planet-formerly-known-pluto">134340 Pluto</a>.</p>
<p>These objects, which orbit the sun beyond the orbit of Neptune, have many similarities with the Trojans. They move on orbits that can be highly inclined and <a href="http://www.windows2universe.org/physical_science/physics/mechanics/orbit/eccentricity.html">highly eccentric</a>, with many on paths that cross the orbit of Neptune.</p>
<p>They are protected from ever encountering that planet by the action of a “<a href="http://en.wikipedia.org/wiki/Orbital_resonance#Mean_motion_resonances_in_the_Solar_System">mean-motion resonance</a>”. That is, the Plutinos orbit the sun twice in the time it takes Neptune to complete three orbits. This means that whenever a Plutino crosses the orbit of Neptune, Neptune is always far away from the crossing point.</p>
<figure><a><img width="440" alt="Mean-motion resonance" src="http://upload.wikimedia.org/wikipedia/commons/8/83/Galilean_moon_Laplace_resonance_animation.gif"></a><figcaption>An example of mean-motion resonance, in this case in the inner moons of Jupiter. For every orbit of Jupiter that Ganymede completes, Europa completes two and Io completes four.</figcaption></figure>
<p>Studies of the formation of our solar system have shown that the Plutinos are a population of objects that were captured into resonant orbits by Neptune, as the giant planet migrated outwards through the solar system.</p>
<p>As the planet migrated, the resonance swept outward before it and acted a bit like a broom, collecting a huge number of objects and pushing them along with it. As the Plutinos were carried along by the resonance, they were pushed on to ever-more-eccentric and inclined orbits.</p>
<p>As a result, it is possible, to some extent, to work out how far Neptune migrated by the degree to which the Plutinos have been moved off simple, same-plane orbits.</p>
<p>It turns out <a href="http://adsabs.harvard.edu/abs/1993Natur.365..819M">Neptune migrated outward by <em>at least</em> one billion kilometres</a> (seven times the distance between Earth and the sun), gathering Plutinos as it moved.</p>
<h2>Further migration</h2>
<p>Neptune was certainly not the only giant planet in our solar system to migrate. The other giants, too, will undoubtedly have moved significant distances before coming to rest at their current locations.</p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=645&fit=crop&dpr=1 600w, https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=645&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=645&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=811&fit=crop&dpr=1 754w, https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=811&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/10302/original/btzwtp2j-1336011969.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=811&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The giant planets, including Jupiter, seem to have wandered through the solar system earlier in their lives.</span>
<span class="attribution"><span class="source">Wikimedia Commons</span></span>
</figcaption>
</figure>
<p>This migration holds the key to the origin of their Trojan populations.</p>
<p>As Jupiter migrated inwards, Saturn was also migrating through the outer solar system. Eventually, the two planets reached a separation where they began to strongly interact with one another, destabilising each other’s orbits. This destabilisation would also have strongly destabilised the Jovian Trojan clouds. </p>
<p>Once those regions became unstable, it became very easy for the solar system’s small bodies to pass through those regions. Equally, any objects “trapped” in those clouds would easily escape.</p>
<p>This process resulted in a vast amount of material – the debris from which the planets were forming – sleeting through the Trojan region on all manner of orbits. </p>
<p>Eventually, Jupiter and Saturn migrated away from an arrangement in which they were strongly perturbing one another. At that time the Trojan clouds became the dynamically stable places we see today.</p>
<p>As a result, the population of objects that was passing through the Trojan clouds as they transitioned back to stability was frozen in, the objects trapped on now-stable orbits.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=600&fit=crop&dpr=1 600w, https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=600&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=600&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=754&fit=crop&dpr=1 754w, https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=754&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/10297/original/9x62zj2s-1336010660.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=754&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The Jovian Trojans (green) are found in two main groups: one behind and one in front of Jupiter’s orbit.</span>
<span class="attribution"><span class="source">Wikimedia Commons</span></span>
</figcaption>
</figure>
<p>Unstable objects in the outer solar system (the <a href="http://en.wikipedia.org/wiki/Short-period_comet">short</a> and <a href="http://en.wikipedia.org/wiki/Comet#Orbital_characteristics">long-period comets</a> and <a href="http://en.wikipedia.org/wiki/Centaur_%28minor_planet%29">the Centaurs</a>) move on orbits with a wide range of inclinations and eccentricities (the result of their ongoing chaotic encounters with the planets that continually sling-shot them to new orbits).</p>
<p>This means that new Trojans captured from those populations would also move on a wide range of orbital inclinations and eccentricities. Just like the populations we observe today.</p>
<h2>Here’s one we prepared earlier …</h2>
<p>If this “capture model” of Trojan formation is true, one would expect Trojans to be captured with a range of stabilities. Some objects would be captured to orbits right on the edge of the region of stability, while others would be captured to the most stable regions. </p>
<p>In other words, if the Trojans were captured, we should expect a small fraction of them to be dynamically unstable, albeit with relatively long lifetimes. As time passed, the unstable Trojans would gradually bleed away from the clouds, leaving a population that appears ever more stable.</p>
<p>Which brings me back to the discovery made by our team. As mentioned, we have now identified one such unstable Trojan. In fact, it’s the first Jovian Trojan to be shown to be dynamically unstable.</p>
<p>1173 Anchises was the ninth Jovian Trojan to be discovered, in 1930. It moves on a moderately eccentric orbit, inclined to the plane of the solar system by almost 7º. In all respects, it appears to be a typical Jovian Trojan. </p>
<p>In order to study the behaviour of Anchises, we carried out a highly detailed computational simulation of its orbital evolution.</p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=945&fit=crop&dpr=1 600w, https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=945&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=945&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1187&fit=crop&dpr=1 754w, https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1187&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/10304/original/df9wp5mg-1336012451.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1187&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">German astronomer Maximilian Franz Joseph Cornelius Wolf discovered the first Trojan, (588) Achilles, in 1906.</span>
</figcaption>
</figure>
<p>We created a vast swarm of almost 20,000 “clones” of Anchises, with each clone initially moving on a very slightly different orbit. All of these different orbits agreed with the orbit published for the asteroid, within its observational uncertainties.</p>
<p>We then followed the motion of these Anchises clones in our simulated solar system for 4 billion years.</p>
<p>If the Trojan was totally dynamically stable, one would expect that all (or almost all) the test particles would still be trapped in the Trojan cloud at the end of the simulations.</p>
<p>Remarkably, though, half of the clones were ejected from the solar system (or collided with one of the planets!) within the first 350 million years of the simulation. By the end, just 224 clones remained in the Jovian Trojan cloud - a survival fraction of scarcely more than 1%.</p>
<p>Such a survival rate is entirely compatible with the idea that (1173) Anchises is one of the last survivors of a once-greater population of unstable Trojans, captured by Jupiter during its migration, but not held tightly enough to be truly dynamically stable.</p>
<p>We also found that (1173) Anchises is physically unusual. Using data collected by the infra-red space observatories <a href="http://en.wikipedia.org/wiki/IRAS">IRAS</a>, <a href="http://en.wikipedia.org/wiki/AKARI">Akari</a> and <a href="http://en.wikipedia.org/wiki/Wide-field_Infrared_Survey_Explorer">WISE</a>, we found that (1173) Anchises is one of the darkest objects in the solar system, reflecting just 2.7% of the light that falls upon it.</p>
<p>(An object’s reflectivity, so to speak, is known as its <a href="http://en.wikipedia.org/wiki/Albedo">“albedo”</a>. The earth, by contrast, has an albedo of roughly 30%.)</p>
<h2>But what does it all mean?</h2>
<p>Our discovery of (1173) Anchises’ instability is one more piece of evidence in support of the idea that the Jovian Trojans are a captured, rather than pre-formed, population.</p>
<p>It is also further evidence (if any was needed) that the giant planets did indeed migrate in their youth and that the solar system was not always the placid and stable place it appears to be today.</p>
<p>At the same time, our discovery also poses many interesting questions. If (1173) Anchises is a captured object, where did it form?</p>
<p>Is it an object that formed closer to the sun, that was captured as it escaped from the inner solar system? Or did it form much further from the sun, in the icy depths of the outer solar system?</p>
<p>As always, there’s much more to learn.</p><img src="https://counter.theconversation.com/content/6496/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Jonti Horner gratefully acknowledges the financial support of the Australian government through ARC Grant DP0774000. This research made use of data products from the Wide-field Infrared Survey Explorer, which is a joint project of the University of California, Los Angeles, and the Jet Propulsion Laboratory/California Institute of Technology, funded by the National Aeronautics and Space Administration. Jonti's collaborators on this project were Dr. Thomas Müller, of the Max-Planck-Institut für extraterrestrische Physik, Garching, Germany, and Dr. Patryk Sofia Lykawna, from the Astronomy Group within the Faculty of Social and Natural Sciences at Kinki University, Osaka, Japan.</span></em></p>You’ll remember that, about a year ago, Canadian astronomers announced the discovery of a small asteroid sharing the earth’s orbit. The asteroid in question, 2010 TK7, is a “planetary Trojan” – an object…Jonti Horner, Post Doctoral Research Fellow, UNSW SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/37652011-10-10T19:40:43Z2011-10-10T19:40:43ZEin spy: is the German government using a trojan to watch its citizens?<figure><img src="https://images.theconversation.com/files/4260/original/314989744_5b5a852b47_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">R2D2 could be listening to conversations and logging keystrokes, with high-level backing. </span> <span class="attribution"><span class="source">practical owl</span></span></figcaption></figure><p>On October 8, Berlin’s hacking collective the <a href="http://www.ccc.de/">Chaos Computer Club</a> (CCC) announced it <a href="http://www.ccc.de/en/updates/2011/staatstrojaner">had analysed a piece of software</a> it believed had been written by the German Government. </p>
<p>Once installed on a computer, the software could quietly listen to conversations on <a href="http://theconversation.com/rebuilding-the-damaged-brain-can-stem-cells-be-used-as-repair-kits-3557">Skype</a>, log keystrokes and switch on the computer’s web-cam. It would then report this data back to servers, two of which <a href="http://www.f-secure.com/weblog/archives/00002249.html">were identified</a> – one in the US and the other in Germany. </p>
<p>The program could also be remotely updated and potentially used to install and run other programs. The security company F-Secure’s Mikko Hypponen <a href="http://www.f-secure.com/weblog/archives/00002249.html">reported</a> its own findings on the <a href="http://technet.microsoft.com/en-us/library/dd632948.aspx">malware</a> (malicious software) and confirmed the CCC’s analysis. </p>
<p>It dubbed the <a href="http://technet.microsoft.com/en-us/library/dd632948.aspx">trojan</a> “R2D2”, from the text “CRPO-r2d2-POE” used by the software to initiate data transfer.</p>
<p>Regarding the German government’s involvement in the R2D2 trojan, Mikko wrote:</p>
<p>“We have no reason to suspect CCC’s findings, but we can’t confirm that this trojan was written by the German government. As far as we see, the only party that could confirm that would be the German government itself.”</p>
<p>But the CCC believed it had found an example of a “Bundestrojaner” (Government trojan) which, from 2007, was being used to conduct online searches of suspects by law enforcement agencies without much restriction. In 2008, a <a href="http://www.dw-world.de/dw/article/0,2144,3152627,00.html">ruling by a German Constitutional Court</a> restricted use to cases in which human lives or state property were in danger, and only after permission had been granted by a judge.</p>
<p>The CCC maintains the German government used a different term for the spy software o get around the restrictions on online searches: “Quellen-TKÜ”. That means “source wiretapping”, listening to conversations on sources such as Skype, for example, in order to prevent a person from encrypting the conversation. </p>
<figure class="align-left ">
<img alt="" src="https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/4259/original/2202253598_b8b88e48bb_b.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">Leo Reynolds</span></span>
</figcaption>
</figure>
<p>But the capabilities of the R2D2 trojan allowed for much more than this.</p>
<p>The trojan itself was poorly written and potentially allowed for others to take control of the software once installed. The concern here is that someone could take over the malware and capture information themselves or plant false evidence.</p>
<h2>Government use of malware</h2>
<p>The use of <a href="http://www.geekstogo.com/190/what-is-a-backdoor-trojan/">backdoor trojan</a> software by law enforcement agencies came to the fore in 2001 when the <a href="http://www.nsa.gov/">NSA</a> or FBI were rumoured to have produced software known as [Magic Lantern](http://en.wikipedia.org/wiki/Magic_Lantern_(software). </p>
<p>This software emerged as part of a Freedom of Information request filed by the Electronic Privacy Information Center that <a href="http://epic.org/privacy/carnivore/foia_documents.html%5D">revealed documents</a> concerning a project called “Carnivore”. </p>
<p>That project allowed for full online surveillance of a particular internet address. It was used in conjunction with a Magic Lantern backdoor trojan specifically targeted at capturing encryption passwords. This, in turn, would allow the FBI to unencrypt captured communication. </p>
<p>At the time, anti-virus software companies were faced with the dilemma of whether to remove known government backdoor trojans. In 2001, various anti-virus software vendors <a href="http://gcn.com/articles/2001/12/06/antivirus-vendors-are-wary-of-fbis-magic-lantern.aspx">made declarations</a> about whether their software would remove a suspected FBI backdoor trojan. </p>
<p>Companies such as F-Secure <a href="http://www.f-secure.com/virus-info/bdtp.shtml">stated categorically</a> they would never knowingly leave detected malware on a computer. Representatives of security software company <a href="http://www.sophos.com/en-us/">Sophos</a> agreed but Eric Chien, chief researcher at <a href="http://www.symantec.com/norton/ps/2up_de_de_nis360t3.html?om_sem_cid=hho_sem_ic:au:ggl:en:e%7Ckw0000006084">Symantec</a> at the time stated the company would <a href="http://www.securityfocus.com/news/292">not detect Government malware</a>. </p>
<p>The assumption was that the software would have enough protective mechanisms in place to prevent the wrong people gaining control of it. As has been demonstrated by the case of the R2D2 trojan, this is quite clearly not the case. </p>
<p>The software has very few protective mechanisms and was open to hijacking, as the CCC <a href="http://www.ccc.de/en/updates/2011/staatstrojaner">demonstrated</a>.</p>
<p>As more human activity migrates to the internet, including criminal and terrorist activities, governments (and law enforcement agencies in particular) will be turning to every available technique to intercept and collect information. </p>
<p>Germany’s BND (foreign intelligence service), it was <a href="http://www.spiegel.de/international/germany/0,1518,549894,00.html">alleged by Der Spiegel</a>, used spyware to monitor the Ministry of Commerce and Industry in Afghanistan and obtain confidential documents, passwords and email. </p>
<p>Surveillance trojans have also been <a href="http://news.techworld.com/security/3200593/swiss-coder-publicises-government-spy-trojan/">used by the Swiss</a>, and the <a href="http://news.techworld.com/security/10446/austrian-police-to-use-crime-busting-trojans/">Austrian Police</a>.</p>
<h2>An open barrel</h2>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=458&fit=crop&dpr=1 600w, https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=458&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=458&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=575&fit=crop&dpr=1 754w, https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=575&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/4261/original/303845531_be1e92c1dc_b.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=575&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
<span class="attribution"><span class="source">**ste**</span></span>
</figcaption>
</figure>
<p>The CCC has made <a href="http://www.ccc.de/en/updates/2011/staatstrojaner">a number of allegations</a> about the origins and potential ramifications of the R2D2 trojan. The group firstly assumed this was a “Bundestrojaner light” because it was sent the software from someone who presumably had cause to believe they were being subjected to a source wiretapping. </p>
<p>Also, <a href="http://nakedsecurity.sophos.com/2011/10/09/government-backdoor-trojan-chaos/?utm_source=twitter&utm_medium=gcluley&utm_campaign=naked%2Bsecurity">according to senior technology consultant Graham Cluley</a> of <a href="http://www.sophos.com/en-us/">Sophos</a>, there were comments in the code that were suggestive of a link with German authorities, including the phrase “Ozapftis” – a Bavarian phrase meaning the “Barrel is open”, invoked when the first barrel is opened at Oktoberfest. </p>
<p>Why this is indicative of a German government hacker rather than an independent German hacker who likes beer is open to debate.</p>
<p>Even if the trojan is one the Government has deployed, it is again an assumption to believe they would utilise the extra capabilities without first seeking a judge’s permission, which, since the 2008 ruling, they are entitled to do in certain limited circumstances. </p>
<p>Although, as has been seen in the US, laws that cover protection against terrorism, such as the <a href="http://epic.org/privacy/terrorism/hr3162.html">Patriot Act</a> are more commonly being used for a range of other purposes, including drug trafficking which made up 73.7% of Patriot Act “sneak-and-peak” <a href="http://irregulartimes.com/index.php/archives/2011/02/04/use-of-patriot-act-power-for-drug-war-skyrockets/">searches in 2009</a>.</p>
<p>There are a number of observations that can be made from the CCC’s announcement: </p>
<p>First, anti-spyware software from any company that would even contemplate not detecting malware, irrespective of its origins, would have to be treated with caution. Companies that have declared their approach to detecting all malware should be favoured. </p>
<p>Second, it brings into question the use of government sponsored anti-virus initiatives unless they give free choice of vendors to the public. Why would you trust a government sponsored anti-virus software package if they are also producing malware for general use? </p>
<p>Finally, it’s interesting to note the R2D2 trojan would only work if the person being targeted was using a PC with Windows. So perhaps the easiest solution for anxious German citizens at present is to use Linux, an Apple Mac OSX computer or a smart phone?</p><img src="https://counter.theconversation.com/content/3765/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>On October 8, Berlin’s hacking collective the Chaos Computer Club (CCC) announced it had analysed a piece of software it believed had been written by the German Government. Once installed on a computer…David Glance, Director, Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.