Survivors From Gay Concentration Camps In Chechnya Are Sharing Their Horrifying Stories

On April 1, The New York Times reported that Chechen authorities were arresting and killing gay men. According to leading Russian opposition newspaper Novaya Gazeta, over 100 men between the ages of 16 and 50 had been detained “in connection with their nontraditional sexual orientation, or suspicion of such."

Authorities lured victims by posing “as men looking for dates” on social networking sites, and many gay men fled the region. Now, survivors of Chechnya’s gay concentration camps are speaking out about the torture they endured.

A report published by the Russian LGBT Network includes testimonies from 33 gay men who are currently facing persecution. According to the report, it’s likely that dozens of men have been murdered and, despite pressure on the Chechen government, detainment camps remain prevalent.

Marcos del Mazo/LightRocket/Getty Images

"One day, all my relatives were informed about the fact that I was detained. ‘The Lord’ came to us, the chairman of the parliament — Magomed Daudov. We were all set down before the Lord. The Lord approached us, took pictures on his phone, and asked if each of us was gay. We had to answer ‘yes,’ This all happened in front of our relatives," one victim said. "He talked to our relatives, saying that we brought disgrace to the nation and to our families. He told them that if they honour the traditions, they must kill us. And that if they did everything, they would not be punished for it."

Authorities told families that if they killed their gay relatives, they would not be prosecuted for the murders and many honor killings occurred as a result. One witness recounts the story of a young man who was killed by his father and uncle, then buried in the woods without a funeral.

The victim pool increased when captured gay men were threatened with death if they didn’t share the names of other homosexuals.

"They threw me to the floor and beat me. They beat my chest and my face with their feet, and they hit my head against the floor. One of them said: ‘Do not beat him until the shock stage, at that point he will stop feeling pain. We don’t need that,’" one survivor recalls. "They addressed me with female pronouns and demanded that I tell them the names of other gay people I knew. They threatened to kill me if I didn’t."

The Russian LGBT Network has moved 64 gay individuals to safer housing in central Russia, but the vast majority of endangered people remain trapped in Chechnya.

You can donate to the Russian LGBT Network here.

Click here to sign Amnesty International’s petition urging the Russian and Chechen authorities to investigate these abductions and bring those responsible to justice.

Like what you see? How about some more R29 goodness, right here?

Goodbye Paradise

16 Steamy Erotic Stories Written By Women — & Why They’re Important

Here’s Where To Find The Best Porn For You On The Web

via Refinery29 http://r29.co/2ujLneX

Here’s how Tim Cook explained why removing apps in China is not like helping the FBI hack iPhones (AAPL)

Tim CookAP

Apple CEO Tim Cook on Tuesday defended his company’s decision to stop offering special apps that let Chinese users circumvent the country’s internet restrictions.

The recent removal of some VPN apps from Apple’s App Store in China has prompted criticism, with some accusing Apple of bowing to pressure from Beijing and placing its business interests above its values.

VPN, or virtual private network, apps allow users to connect directly and securely to the internet, bypassing the filters that the Chinese government uses to block certain sites (including Google, YouTube, and Facebook).

Apple’s anti-VPN moveseemed at odds with the image it has sought to create for itself as a champion of freedom and privacy. In 2016, the company famously battled with the US FBI, refusing to help law-enforcement officials unlock an iPhone that belonged to one of the suspects in the December 2015 terror attack in San Bernardino, California, that killed 14 people.

Is there a double-standard?

Not at all, said Cook.

Cook was asked about Apple’s VPN move in China during the post-earnings conference call on Tuesday. He said that Apple was simply responding to stepped-up enforcement of Chinese regulations that require anyone operating a VPN to have a license from the government. He noted that the App Store still offered “hundreds” of VPN apps from developers based outside of China and that Apple’s philosophy always involves "engaging" with governments it doesn’t agree with.

Here’s why Cook said Apple’s actions in China are not inconsistent with its values or its policies in the US:

"Some folks have tried to link it to the US situation last year. They’re very different. In the case of the US, the law in the US supported us. It was very clear. In the case of China, the law is also very clear there. Like we would if the US changed the law here, we would have to abide by it in both cases. That doesn’t mean that we don’t state our point of view in the appropriate way. We always do that."

NOW WATCH: This cell phone doesn’t have a battery and never needs to be charged

See Also:

SEE ALSO: Apple stock surges to all-time high as forecast hints at strong sales boost

via Business Insider http://read.bi/2vHMRD8

This video shows all 150,966 deaths in ‘Game of Thrones’

As one of the more popular shows on TV, Game of Thrones is certainly no stranger to controversy. Even though the show airs on HBO — a channel were ostensibly anything goes — there have been some vocal critics who have lambasted the show for the way it treats women and its depiction of violence that some argue is gratuitous and a tad over the top. Of course, Game of Thrones author George R.R. Martin has been quick to dismiss such criticisms, noting in the past that “drama comes out of conflict” and that “if you portray a utopia, then you probably wrote a pretty boring book.”

All that said, there’s no denying that death is one of the reasons why GOT is so enthralling and compelling. After all, it takes a special skill to create a character so vile (read: King Joffrey) that viewers are actively hoping for his brutal demise. Individual character deaths aside, GOT is also no stranger to depicting death on a massive scale, often in the form of intricately choreographed scenes of large-scale battles.

All in all, the last six seasons have seen no shortage of death. From popular characters to nameless peasants, no one in the Game of Thrones universe is truly ever safe. In light of that, the YouTube channel Leon Andrew Razon Compilations recently put together a video compilation highlighting every single on-screen death the series has seen since its inception. Taking things an interesting step further, the video also advances a tally of all the deaths the show has seen. The resulting figure is pretty astounding: 150,966 deaths to be precise. Note, though, that the tally does include animals.

Regardless, this video compilation must have taken forever to put together and you can check out the finished result below.

VIDEO

via BGR http://bit.ly/2srAN7u

New Loki Variant Being Spread via PDF File

Background

The Loki Bot has been observed for years. As you may know, it is designed to steal credentials from installed software on a victim’s machine, such as email clients, browsers, FTP clients, file management clients, and so on. FortiGuard Labs recently captured a PDF sample that is used to spread a new Loki variant. In this blog, we will analyze how this new variant works and what it steals.

The PDF sample

Figure 1. Content of the PDF sample

The PDF sample only contains one page, shown above, which includes some social engineering content to entice users to download and run the malware.

Figure 2. Objects inside the PDF sample

According to the sample content (Figure 2), an annotation object in the sample includes an URI action, where the malware is downloaded.

Add itself to Startup folder

When this malware is executed the very first time, it copies itself to “%AppData%\subfolder”, and renames it as “citrio.exe” in my test enviroment. It then creates a VBS file which can start “citrio.exe”. Figure 3 shows its code. The VBS file is added into the system Start Menu so it can automatically run whenever the system starts. After all these actions are complete, “citrio.exe” is started.

 

Figure 3. The VBS file in Startup with its code

How the new Loki variant works

All the APIs being called in this malware are hidden, which will be restored before calling. This increases the difficulty for researchers to analyze it. Figure 4 shows an example. After calling the sub_4031E5 function with the hash(C5FA88F1h) and DLL number (0Ah), eax points to the API “CommandLineToArgvW”.

Figure 4. Restoring the hidden API

The author of the malware has written a number of functions for stealing credentials from a victim’s machine.  There is an array that is used to store the function pointers. Figure 5 shows part of the function pointers.

Figure 5. Array with function pointers

As you may have noticed, I added the comment behind each function to show you which software it steals credentials from. The malware calls those functions one by one in a loop. Here is the list of most of the software whose credentials can be stolen.

Browser software:

Mozilla Firefox, IceDragon, Safari, K-Meleon, Mozilla SeaMonkey, Mozilla Flock, NETGATE Black Hawk, Lunascape, Comodo Dragon, Opera Next, QtWeb, QupZilla, Internet Explorer, Opera, 8pecxstudios, Mozilla Pale Moon, Mozilla Waterfox.

IM software:

Pidgin.

FTP software:

FTPShell, NppFTP, oZone3D MyFTP, FTPBox, sherrod FTP, FTP Now, NetSarang xftp, EasyFTP, SftpNetDrive, AbleFTP, JaSFtp, Automize, Cyberduck, FTPInfo, LinasFTP, FileZilla, Staff-FTP, BlazeFtp, FTPGetter, WSFTP, GoFTP, Estsoft ALFTP, DeluxeFTP, Fastream NETFile, ExpanDrive, Steed, FlashFXP, NovaFTP, NetDrive, SmartFTP, UltraFXP, FTP Now, FreshFTP, BitKinex, Odin Secure FTP Expert, NCH Software Fling, NCH Software ClassicFTP, WinFtp Client, WinSCP, 32BitFtp, FTP Navigator.

Game software:

Full Tilt Poker, PokerStars.

File manager software:

NexusFile, FullSync, FAR Manager, Syncovery, VanDyke SecureFX, Mikrotik Winbox.

SSH/VNC client software:

SuperPutty, Bitvise BvSshClient, VNC, KiTTY.

Password manager software:

mSecure, KeePass, EnPass, RoboForm, 1Password.

Email client software:

Mozilla Thunderbird, foxmail, Pocomail, IncrediMail, Gmail Notifier Pro, DeskSoft CheckMail, Softwarenetz Mailing, Opera Mail, Postbox  email, Mozilla FossaMail, Internet Mail, MS Office Outlook, WinChips, yMail2, Flaska.net Trojita, TrulyMail.

Notes/Todo list software:

To-Do DeskList, Stickies, NoteFly, Conceptworld Notezilla, Microsoft StickyNotes.

Stealing Microsoft Outlook Credentials and Stickies Pictures

From the above analysis, it is clear that this new Loki variant is capable of stealing credentials from more than 100 different software tools (if installed.) In this section, we are going to present how it steals the credentials of Microsoft Outlook and pictures from Stickies.

To do this, It goes through three sub-keys (for three different versions) in the system registry to get saved email accounts, email addresses, username, password, SMTP, POP3, IMAP related information, and so on.

The three sub-keys are:

Figure 6. Microsoft Outlook saves credentials in the registry

 

Figure 7. Copying sub-key “POP3 Password”

What you can see in the above figures are the Outlook credentials in the system registry of my test enviroment. The malware is able to read them from here by calling the API “SHQueryValueExW”. All stolen information is stored in a global buffer.  See Figure 8.

Figure 8. Stolen Outlook credentials in global buffer

For the Stickies attack, since I didn’t have that software installed I simply modified my test machine to simulate that it was installed. Here we go.

Figure 9 shows part of the code for Stickies. It gets the strings “*.png”, “*.rtf”, “%s\stickies\images” dynamically created before using. The malware steals png and rtf files from the sub-folders “\stickies\images” and “\stickies\rtf” in several system directories, such as %AppData%, %UserProfile%.

Figure 9. Code snippet for Stickies

I created a sub-folder “%AppData%\stickies\images” and put a .png file into it. Loki reads the png file into that global buffer behind the Outlook data. It also collects system information from the victim’s machine, such as computer name, user name, processor property, etc. After all collected information is ready, it sends them to its C&C server using a HTTP POST request, the body of which is the data stolen from the victim’s machine. And the data is delivered in a kind of compression format. Figure 10 shows a screenshot of the packet in WireShark.

Figure 10. Send the data stolen from Outlook and Stickies to the C&C server

Solution

The URL “194.88.105.202/~ninjagro/pdfs/QUOTATION.exe” has been rated as Malicious Websites and “http://bit.ly/2ssxQ75” as Phishing by the FortiGuard Webfilter service.

The downloaded exe file has been detected as W32/Injector.DONO!tr and the PDF file as Data/Loki_Phish.A!tr by the FortiGuard Antivirus service.

IoC

URL:

“194.88.105.202/~ninjagro/pdfs/QUOTATION.exe”

http://bit.ly/2ssxQ75”

Sample SHA256:

QUOTATION (1).pdf

E71379A53045385C4AC32E5BE75A04E3D2A9FC7B707FB4478CE90FE689F66D19

QUOTATION.exe

FA417E0B42362C40301750809DF9F0C9BDBF333269F50F74832D4F471358AAED

via Fortinet Blog | Latest Posts http://bit.ly/2r9wASv

Skydivers have an amazing new use for drones

Latvian company Aerones has built the ultimate skydive drone. The company claims that skydiver Ingus Augstkalnsm completed the first skydive from a drone.

Follow Tech Insider: On Facebook

See Also:

via Business Insider http://read.bi/2rLCuwX

Russian search engine Yandex’s Ukraine offices raided for ‘treason’

Already under sanctions by the Ukrainian government, Russian search giant Yandex has been raided by the country’s security services.

The raids, in capital Kiev and the southern city Odessa, were conducted under the treason articles of the country’s criminal code, according to Russian state newsagency TASS.

Reuters says the basis of the complaint is that the company is collecting user data on Ukrainians and sending it back to Russia.

Yandex’s only statement was to confirm that “representatives of Ukraine’s Security Services” (the SBU) went to its offices in the two cities, adding that its lawyers would help with any investigation.

The SBU has posted a statement saying the information sent to Russia was “for use in reconnaissance and acts of sabotage”.

Prior to sanctions imposed earlier this month, Yandex claimed 11 million users in the Ukraine and had 320 staff in the country.

Earlier this month, Yandex joined social networks VK and Odnoklassniki, Kaspersky Labs and the Mail.ru e-mail service on a sanctions list proclaimed by Ukrainian president Petro Poroshenko. That list was drawn up in retaliation for Russia’s ongoing support for separatists in the east of the country and its annexation of the Crimea.

Poroshenko’s post (ironically on VK) said Russia’s ongoing interference in other countries (including France earlier this month) “show the time has come to act differently and more decisively”. He’s promised to end his own use of Russian sites.

When the ban was announced, a spokesman for Vladimir Putin said Russia hasn’t “forgotten about the principle of reciprocity”, according to The Guardian. ®

via The Register http://bit.ly/2rlrAeB