Remote Support
Menu

Monthly Archives2016 September

Home / Blog

Quantum Internet Edges Closer As Researchers Teleport Photon State Six Kilometers Away

Researchers from the University of Calgary, Canada, teleported the state of a photon (particle of light) over a six kilometer distance through a “dark fiber” cable. The accomplishment set a new record in quantum teleportation, getting us a little closer to having quantum networks, and ultimately a quantum internet.

Rise Of Quantum Systems

Over the past few years, research into quantum computers and quantum networks has increased as more academics and technology companies began to believe that we may be close to figuring out just how to make these systems work, and then use them outside of the lab.

We’ve had D-Wave announce a more specialized type of quantum computer, and upgrading it every few years. More recently, we’ve had IBM and Google announce their working universal quantum computers. We’ve also had research that showed quantum computers could be built on silicon (as opposed to more expensive materials). Even the NSA has begun warning that the day when quantum computers will break existing forms of encryption is sooner than we think.

Quantum networks are a somewhat different area of research, but still relevant to the quantum field as a whole. If we can teleport information, we may be able to drastically increase the amount of information we can send through networks, and the speed at which we send it, too.

A quantum internet would be beneficial to quantum computers in the same way our regular internet is beneficial to traditional computers. Quantum networks could also aid in protecting communications against eavesdropping, although the jury is still out on how effective that would actually be.

Calgary’s Experiment

The experiment done by the researchers from the University of Calgary involves using quantum “entanglement,” a process they explain below:

“Being entangled means that the two photons that form an entangled pair have properties that are linked regardless of how far the two are separated,” explained Wolfgang Tittel, professor in the Department of Physics and Astronomy at the University of Calgary and leader of the project.

“When one of the photons was sent over to City Hall, it remained entangled with the photon that stayed at the University of Calgary.”

The photon whose state was teleported to the university was then generated in a third location in Calgary, and then it also traveled to the City Hall, where it met the photon that was part of the entanglement pair.

“What happened is the instantaneous and disembodied transfer of the photon’s quantum state onto the remaining photon of the entangled pair, which is the one that remained six kilometres away at the university,” said Tittel.

Tittel’s group had to overcome some significant challenges along the way. One of the main issues concerned how the variable temperature outside would change when the photons would arrive at City Hall. The two photons were eventually timed to arrive within 10 picoseconds of each other, which is one trillionth–that is, one millionth of one millionth–of a second.

Towards A Global Quantum Internet

The long-term goal of the Tittel group is to create the basic building blocks for a global quantum internet. The City of Calgary will aid in this task by offering access to “dark fiber,” which got its name from its composition; it’s a single optical cable with no electronics or equipment to interfere with the quantum technology.

“By opening The City’s dark fiber infrastructure to the private and public sector, non-profit companies, and academia, we help enable the development of projects like quantum encryption and create opportunities for further research, innovation and economic growth in Calgary,” said Tyler Andruschak, project manager with Innovation and Collaboration at The City of Calgary.

“The university receives secure access to a small portion of our fibre optic infrastructure and The City may benefit in the future by leveraging the secure encryption keys generated out of the lab’s research to protect our critical infrastructure. In order to deliver next-generation services to Calgarians, The City has been increasing its fibre optic footprint, connecting all City buildings, facilities and assets,” added Andruschak.

Source: toms hardware

http://www.tomshardware.com/news/quantum-internet-photons-teleportation,32735.html

Guest blog: Nemucod ransomware analysis

Guest blog: Nemucod ransomware analysis

Guest blog: Nemucod ransomware analysis

Posted by    on   Sep 2, 2016

[Original Post HERE]

In the run up to VB2016, we invited the sponsors of the conference to write guest posts for our blog. In the third of this series, Webroot’s Jesse Lopez writes about the Nemucod ransomware.

Note: some security vendors refer to the downloader component alone (which has been seen to download other kinds of malware as well) as ‘Nemucod’. This analysis focuses on both the downloader and the ransomware.

 

Nemucod is a piece of ransomware that changes file names to *.crypted. While it’s not a brand new variant, a lot has changed in the last few months, and different methods have been used, but one thing has remained constant: it is deployed via bogus shipping invoice spam messages.

The JavaScript initially received in a spam email downloads malware and encryption components stored on compromised websites. Because this ransomware is written in a scripting language, it’s easy to modify and re-deploy, and in most cases, it has bypassed anti-virus and spam protection. However, a flaw has been found in the encryption routine, which allows victims to recover their files.

  • January 2016: Nemucod changes file names to ‘.crypted’, but does not actually encrypt them.
  • March 2016: Adds XOR encryption using a 255-byte key contained in a downloaded executable. This downloaded executable encrypts the first 2048 bytes of a file.
  • April 2016: 7-Zip is used instead, which creates an archive to password-protect files.
  • April 2016: Instead of a hard-coded key, the JavaScript generates a key and passes it as an argument to the downloaded executable and performs the encryption of the first 1024 bytes of each targeted file.
  • May 2016: A small change is added to the previous build, which encrypts 2048 bytes instead of 1024 bytes.
  • June – August 2016: A PHP script is used along with a PHP interpreter to encrypt the first 1024 bytes of a file.

The following is an example of an email used to distribute Nemucod:

1-email-example.png

After opening the email attachment, you can see that the file located inside is a JavaScript file cleverly disguised as a .doc. The file appears to be a .doc for users with the folder option setting ‘hide extensions for known file types’ enabled:

2-file-appears-to-be-doc.png

JavaScript analysis

When the sample is first opened, it is heavily obfuscated; this is done by design as a means to thwart AV analysis and static detection:

3-Nemucod-Java.png

After de-obfuscating the script, I found that several compromised domains are used to store multiple files for use later on in the execution routine. Of the downloaded files, we can see that the first two (a1.exe and a2.exe) are designed as backdoors to the system. a1.exe is usually W32.Kovter and a2.exe is usually W32.Boaxxe. Since PHP is not installed natively on the Windows OS, the third and fourth files to be downloaded (a.exe and php4ts.dll) are part of a portable PHP interpreter, which allows the ransomware (a.php – the fifth file to be downloaded) to run.

4-Nemucod-Java-2.png4b-Nemucod-Java-3.png

Analysis of a.php

At first, we saw several samples of a.php written in plain text without obfuscation, but the developers soon changed this to thwart static detection techniques. The obfuscation techniques below use chr() to encode each as a number specified in ASCII, while also using array() to store the php script in a list of array values.

Examples of obfuscated ransomware variants

chr()

5-Nemucod-chr.png

To de-obfuscate this, I converted all of the chr values to ASCII characters and finally decoded base64 stored to get the original script.

Array()

6-Nemucod-Array.png

To de-obfuscate this, I echoed the output of implode for all of the arrays (and removed eval), using the following at the end of the script:

;echo implode($f,"); ?>

De-obfuscated:

7-Nemucod-php.png

 

The PHP script first uses ‘set_time_limit(0);’ to keep the interpreter running.

A recursive TREE function is then used with preg_match to match folders:

winnt|boot|system|windows|tmp|temp|program|appdata|application|roaming|msoffice|temporary|cache

If a match is found, the script opens the directory and checks for more directories using is_dir; if a directory is found, it runs TREE again, which continues the loop to check whether the object is a folder or a file.

Once a file is found, it uses preg_match again to match its file extension:

zip|rar|r00|r01|r02|r03|7z|tar|gz|gzip|arc|arj|bz|bz2|bza|bzip|bzip2|ice|xls|xlsx|doc|docx|pdf|djvu|fb2|rtf|ppt|pptx|pps|sxi|odm|odt|mpp|ssh|pub|gpg|pgp|kdb|kdbx|als|aup|cpr|npr|cpp|bas|asm|cs|php|pas|class|py|pl|h|vb|vcproj|vbproj|java|bak|backup|mdb|accdb|mdf|odb|wdb|csv|tsv|sql|psd|eps|cdr|cpt|indd|dwg|ai|svg|max|skp|scad|cad|3ds|blend|lwo|lws|mb|slddrw|sldasm|sldprt|u3d|jpg|jpeg|tiff|tif|raw|avi|mpg|mp4|m4v|mpeg|mpe|wmf|wmv|veg|mov|3gp|flv|mkv|vob|rm|mp3|wav|asf|wma|m3u|midi|ogg|mid|vdi|vmdk|vhd|dsk|img|iso

Once a file matching the file extensions above is found, it stores that file name and path as the variable ‘$fp’ and a new variable, ‘$x’, is made, which uses the function fread.

fread() reads up to length bytes from the file pointer referenced by handle.

After reading the first 1024 bytes of a file, a for loop is used with strlen and the variable $k (a base64 string) to encrypt the files.

Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send

Questions, issues or concerns? I'd love to help you!

End chat
Click ENTER to chat