ransomware again, really?

Malware logo Crystal 128. (Photo credit: Wikipedia)

Some days ago a friend of mine reported me that his company has been affected by a ransomware cryptoloker style. I keep hearing people infected by this kind of infection and I am starting to wonder if people has really understood what a cryptomalware really is and how it works.

 

here from Wikipedia:

”

Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction.

Some forms of ransomware systematically encrypt files on the system’s hard drive (cryptoviral extortion, a threat originally envisioned by Adam Young and Moti Yung) using a large key that may be technologically infeasible to breach without paying the ransom, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.”

 

now let first try to understand what this means in practical words:

“a ransomware is a malware“, this should make clear that this is something bad.

“that restricts access to a computer system” , this clearly means that the aim of this kind of malware is to make you hard to log in to your computer andor data.

those days the most common form of this malware type is the cryptomalware, a malware that specifically deal with your data encrypting them. this basically means that your data are not deleted or moved but, simply, the malware make them unreadable. if you want to get access to your data again it requires of a ransom to be paid , if you are lucky.

now let us try to understand why this kind of malware is so popular, the reason are basically 2:

1. it is easy to get infected
2. it allow a quick access to money

let try to understand why it is easy to get infected by a cryptomalware:

To Crypt or not to Crypt.

Unlike we commonly think, encrypting a file is really easy and need really low permissions: you just need the right to edit the file.

you don’t really need to create special algorithm all you need is deeply documented in literature, beside crypto API are present everywhere and it’s an easy job to reach needed libraries.

So the encryption technique is still hard to be understood by IT managers, not for bad people.

if encryption is easy likewise is easy to have enough right to encrypt a file, you just need your ordinary rights on a file. you do not need administrator right, privilege escalation or esoteric techniques, your right to edit (Write) is enough.

Just remember:

If you can save it, then you can change it

Now this kind of rights are common for any user in any O.S. Even in the most security savvy organization if you can’t open a file or edit you can’t work on it.

On the other end the number of applications, programs, apps or whatever that are able to read and write with your same rights are simply almost all the one present in your system.

this means that a ransomware has:

• consolidated technology to rely on

• greatest attack surface (basically any app, browser)

• low rights needed

a heaven.

another interesting aspect of the ransomware is that the activities it does are almost standard inside the OS, does not open weird ports, does not change configuration settings, does not create users…it just write… as an ordinary user or app.

This makes the identification quite difficult for any antimalware system, since the operation is a normal one, and there are thousands of write operation on file every moment.

A good cryptomalware, moreover, does not need to target sensitive system files, that can require specific access permissions. due to its aim (allow the attacker to make money) it just need to target normal documents: .PDF, .DOC, .XLS, .PST …..

and those are the documents you commonly use, edit and save.

I want you to understand a critical point:

if your antivirusantimalware didn’t detected the ransomware on the infected machine, there is no way that other AVAM can detect the operation against normal readwrite operation on files, since a good ransomware just access what the user can access and do what the user usually do.

So what you need to be infected? All you need is your browser or the access to an infected application and you have an open windows to the world of encryption.

But I have antivirus on servers…..

good for you, good security practice to avoid infection spreads across your networks, almost useless against cryptomalware activities coming from an infected machine.

Got infected, and now?

It is easy to get infected, it is a different story to get rid of it.

Basically you need the key and the algorithm used to encrypt the file to decrypt it. This can be done usually in two ways, but neither of the two gives guaranties:

1. you pay the ransom
2. you ask support to an antivirus company

let try to understand option 1.

there is no guarantees that once the ransom has been paid you got your key. the reason can be different, and not necessarily related to the “ethic” of your attacker (please feel some irony in the previous statement).

there are a lot of old ransomware in the wild coming from old attack campaigns that are no longer monitored, and may be there is no one ready to accept your payment in bitcoin or any other virtual currency.

this is a more common issue than you think, a ransomware attack is not meant to last for ever, but the infected sources can remain infected for a lot of time even after the attack.

the attacker can been already been arrested or simply consider to risky to accept the payment.

and I didn’t mentions other unlucky condition, like been a collateral damage of a target attack to someone else, just so unlucky to find a test code to prepare an attack ……

so pay is an option but without guaranties…

let consider option 2

If nobody gives you the code you can try to analyze the encrypted files to find out if there are “fingerprints” resembling some known attack, in this case you can try to guess the encryption key somehow once you understand what is the cryptoware that makes the damage. luckily to avoid too much resource consumption usually keys and algorithm are not the most resource intensive, so some reverse engineering is still possible.

antivirus companies have samples and technology to try to save your data… try is the key.

there are no guaranties.

The problem is how much time you need to free your data form this unwanted encryption. it is a matter of time or, if you like more, processor power. even if well equipped even antimalware companies have limitation in terms of resources, so it is not always possible to encrypt your data.

I am sorry but this is the sad truth, in a world with unlimited resources we would not be affected, but we are not in this kind of world.

What should we do?

I wrote about this in the past (same subject actually). the very first step should be:

1. isolate the infected machine
2. report the incident to the local authorities
3. report the incident to your antivirus software company
4. start a recovery and mitigation activity.

1. isolate the infected machine

a ransomware can encrypt easily so it can spread easily: shared folders on servers are an easy target. before you can realize it your user can have create a lot of more damage. and if your antivirus didn’t catch it and you use the same antivirus on the servers there are no reason to expect a different behavior on your fileservers.

2. report the incident to the local authorities

believe it or not, police enforcement units can be of great support, you can be victim of a running ransomware attack that they are already monitoring or simply they can track down the attacker and get the key. Keep in mind that a ransom, unless is organized by a government in form of taxes, is never legal.

 3. report the incident to your antivirus software company

like for the previous point you can be lucky enough and they have a solution, as I wrote before it is not sure but is a possibility. beside reporting an attack that has not be detected makes possible to write protection signatures. don’t even think for a moment that since you got hit ones you are safe for the rest of your life. this is not like “chicken pots”  , you can’t be immunized.

4. start a recovery and mitigation activity.

this is the harsh point right?

what means recovery and mitigation?

well let be clear: till you do not have forensic proofs on how the infection strikes you, you can’t say you are safe. the malware that fucked you once can be still there lurking in the dark inside your network.

you should take all the needed precautions rising up the level of monitoring, checking for unusual write activity and alert your users on what are the steps to follow.

the target is to lower the kind of damage the ransomware can do again till you are not sure you are clean, and the incident is solved.

about recovery, well it is clear here that the king of the lab is a good backup policy. This means to have a system that can allow you to recover your data to a previous state, when data were not affected. this will lower the amount of damage you are going to face.

there are thousands of articles on how to manage correctly backup so I will not spend time here. just if you think backup is obsolete you probably didn’t understood what backup means (and what are the current available technologies).

just want to mention a couple of things:

disaster recovery and backup are two different things, so do not think you can use one instead of the other

some vaulting system, versioning , journaling and other technologies can be useful to mitigate and recover from this kind of accidents.

sometimes would be enough to plan correctly what you already have in your OS to survive this kind of problem, versioning and journaling of files are technologies present in windows and Linux, you just have to carry out them knowing what you are doing (possibly).

 

to the next, cheers.

Related articles

• Ransomware pushers up their game against small businesses
• Canadian Imperial Bank of Commerce You have received a secure e-mail – word doc malware
• Ransomware pushers up their game against small businesses
• Watch out small business owners: There’s a new threat to your point of sale system
• Danish Post Office Now Delivers Ransomware, Sort Of
• To Catch Ransomware Suspects, Dutch Police Relied on a Russian Security Firm
• Another day. Another Ransomware.
• TeslaCrypt 2.0: Cyber Crime Malware Behavior, Capabilities and Communications
• Hacker Lexicon: A Guide to Ransomware, the Scary Hack That’s on the Rise
• Encryption Software

I'm at Lacchiarella! October 11, 2015 at 05:31PM

http://4sq.com/hyYzZX
via IFTTT

I'm at via g d'annunzio 29,vistarino! October 10, 2015 at 10:53PM

http://4sq.com/HdQWvE
via IFTTT

Type of Managers

Managers and Problems solving

Managers

Managers role, leaders and VW

One of the things that make me think about the Volkswagen Diesel gate is the role of the management inside a company. All Diesel gate is a demonstration of how dangerous is to have bad managers in a company. It is supposed that managers have the responsibility to take decision and drive the company to reach the goals, this is the justification for their paycheck at the end a manager have to

• take decisions
• take responsibility

but is this actually the truth?

My experience as trainer, consultant and coach alas told me that the truth is quite different, and we can find clear example everywhere. Every time something goes wrong there are always good excuses (laws, government, economical outlook, competition, price …) great justifications (I didn’t know, I can’t look at every detail, my people should have dealt with this…) but seldom sincere apologies and acts of responsibility.

Take as an example the Volkswagen affair. Volkswagen CEO resign, with a millionaire paycheck, after making such a mess of the company. But the rest of the managers? In a hierarchical structure there should be a mix of direct responsibility and delegation, 11 million cars not compliant can’t be done without anyone knows.

Someone has approved some bad choices, and someone has to be responsible. The CEO and at least all the management chain that deal with the production share a big part of this responsibility, and so they should pay part of the costs. And believe me the magnitude of the damage is big, and it will be clear in the next years. Once you lose the trust of the people you loose one of the most important asset of your company, something that a lot of managers are not able to understand. Alas it is easier to talk how to rise RoI through savings than how to keep value trough brand, company and personal ethics.

I am sorry but big paycheck means also you have to pay the price for your mistakes. Alas this is not what happen in today big infrastructures. Higher level often means the less responsibility for the bad performances. The responsibility is always pushed down till the lower levels.

This is something that is quite clear to anyone worked in a Big Company. The problems are always someone else ones,  and when managers take “difficult” and “painful” decision, as large layoffs, they, basically, turn the problem and the cost of their bad choices to the lower level,  but you know:

someone has to pay.

When I train managers I usually try to explain them that their role is not to give orders but take responsibility.

Unlike personal contributors a manager inside the company has responsibility towards the lower levels and towards the upper level, being a manager means to manage resources in the proper way to meet the result the company need.

There are a lot of good reasons to want a manager do this.

If a manager is just a mere executor is actually  useless for the company: a paycheck without a brain is not something I would bet my money on. So what a manager should do?

Towards lower level a good manager should try to remove obstacle in order to allow them to reach their goals, and not expecting that the obstacle being remove by hisher people. This should be reflected in hisher KPI. If the team does not reach the goal all the company suffer, and a manager is the primary responsible.

I always criticize managers that told me that they want solutions and not problems from their team. If they are not a part, proactive part, of the solution they are, basically, part of the problem.

Being part of the solution does not means to tell someone “do it” but means to analyze the steps required to solve the problem and use all the instrument available to solve it. This could means asking for new resources, change plans and escalate to upper levels the problem if resources are not available.

If the management structure is flat this means a manager couldshould share the resource request directly with hisher peer, in a more hierarchical structure the manager have to ask resource to hisher upper level who will find the correct way.

Of course all those activities should be done inside a framework of policies and indications that allow the correct monitoring and managing of the resources.

If in Volkswagen there was anyone who approved the actions that caused this mess then, heshe is the responsible. But also the rest of the management chain share the responsibility, since they didn’t put in place the correct procedures to avoid this.

Mistake or not this is anyway a management problem, and management should take the responsibility for that, not only the CEO.

All this has nothing to do with leadership but is related to management. there is always a big confusion between the two roles: a leader and a manager are not the same thing,

of course a good manager should have also some leadership skills, but mainly it has to be a good manager.

of course a leader should have also some management skills, but a leader can be just a personal contributor inside a company, not necessarily a manager.

Alas there are roles that need both, a CEO is one of them. As CEO of a company you should prove great management skills as well as leadership ones, same request for the board level.

But where a leader and a manager differs?

Well a leader should be able to inspire people, track new paths, being an example of ethics. A leader should be able to do that “step more” that managers can avoid to do.

But a leader can’t be necessarily a manager or highly successful entrepreneur, we should be wise enough to know the difference.

If you think to the nowadays industrial world there are some “leaders” that are able to inspire: people like Steve Jobs, Bill Gates, Warren Buffet, Richard Branson, Jeff Bezos to name a few well-known names.

Are they perfect? I don’t think so

Are they leader? yes they are

 

Why they are leader? The simplest answer is because people recognize their leadership and … have you noticed that all those examples “create” their company and brand?

There are also other leaders, may be not under the media’s spotlights, but those should be known mostly by everyone (well may be my mum would have some problem).

Then there are great managers and great entrepreneurs that are important as well, but are a completely different thing.

There are also a lot of companies that lives (or sometimes survive) without leadership but just with good management (sorry for the great management, leadership is needed).

Just to be clear there are also companies that lives also without leadership and good management may be because of the past glories but sooner or later have to pay the price (and I have some example in mind now).

What kind of company was VW in your mind?

Related articles

• Volkswagen’s $7.3 billion diesel deception is a blessing in disguise
• Volkswagen emissions glitch were behind the brand’s recall letters from April
• Volkswagen’s recall letters in April warned of an emissions glitch
• Once Upon A Crisis At Volkswagen
• Volkswagen warned of emission glitch in April
• Volkswagen Admits ‘Defeat Device’ On 11 Million Engines Worldwide, Sets Aside $7.2B
• Volkswagen CEO is ‘deeply sorry’ to break public trust
• Volkswagen ‘to name and shame’ emission scandal culprits
• Board member expects further resignations at Volkswagen
• Volkswagen Chief Resigns; More Heads To Roll In Diesel Tailpipe Scam

The Visa for the Kingdom of Saudi Arabia is driving me crazy

Map of the territory and area covered by present-day Saudi Arabia. (Photo credit: Wikipedia)

We live in an open interconnected world, travelling haven’t been easier than ever but if you travel a lot for job, as I have to do, well you find out that there is something that can really drive you crazy: the VISA on your passport.

The visa, is everything but the sign for an open world. It is a way to put barrier at our borders and controls who can get in and out, but sometimes it is interesting to find how VISA can be difficult to be managed… language barrier, cultural barrier and sometimes organizational issues can make your experience quite painful, even in country that we usually consider friendly.

I am now fighting with the visa for the Kingdom of Saudi Arabia should be in Riyadh to deliver some training after being in USA for the annual ISF meeting (where I have a speech)  of course business time constrain are not aligned with the VISA timing and therefore a business roundtrip can become a painful headache, mostly if, as for my case, you have to deal with some issues by yourself. Well the result is that while I am still trying to find out what I have to do and collect all the documentation my flight plan have to be changed dramatically and so, and this is not making me very happy indeed.

Now I understand why we need specialized structure dealing with visa :).

well I am not sure if I will be able to do all the required trip this time, but worth as a lesson for the future, if you need a visa plan it 3 month in advance because you never know…..

🙁

 

MÉXICO: PRIMER ANIVERSARIO DE LA DESAPARICIÓN FORZADA DE LOS ESTUDIANTES DE AYOTZINAPA

MÉXICO: PRIMER ANIVERSARIO DE LA DESAPARICIÓN FORZADA DE LOS ESTUDIANTES DE AYOTZINAPA

La desaparición forzada de los estudiantes de Ayotzinapa en 10 escalofriantes cifras

43 – Estudiantes detenidos y sometidos a desaparición forzada por la policía el 26 de septiembre de 2014.

6 – Personas ejecutadas extrajudicialmente la noche del 26 de septiembre de 2014 (tres estudiantes y tres transeúntes).

25 – Personas heridas.

42 – Estudiantes cuyo paradero aún se desconoce.

1 – Estudiante de 19 años, Alexander Mora Venancio, cuya muerte se confirmó el 6 de diciembre de 2014 después de que expertos de la Universidad de Innsbruck realizaran análisis de ADN y determinaran que el ADN extraído de un trozo de hueso calcinado presuntamente hallado en un río coincidía con el de la familia de este estudiante.

110 – Detenciones realizadas en relación con el caso, sin que haya habido ninguna condena.

Al menos 70 – Fosas comunes descubiertas en torno a Iguala desde la desaparición forzada de los estudiantes.

104 – Restos humanos hallados en esas fosas.

25.700 – Cifra estimada de personas que han sido objeto de desaparición forzada o han quedado en paradero desconocido en los últimos años, casi la mitad de ellas durante el actual mandato del presidente Peña Nieto.

6 – Número de condenas federales desde que la desaparición forzada se convirtió en delito federal en 2001.

México: La desaparición forzada de los estudiantes de Ayotzinapa. Calendario
El 26 de septiembre de 2014, 43 estudiantes de la Escuela Normal Rural Raúl Isidro Burgos de Ayotzinapa fueron objeto de desaparición forzada en Iguala, estado de Guerrero. Los restos calcinados de uno de ellos fueron hallados semanas después. Los otros 42 continúan en paradero desconocido.

He aquí un calendario de los sucesos clave que condujeron a una de las violaciones de derechos humanos más alarmantes de la historia mexicana reciente.

• Septiembre de 2014

26 – Un centenar de estudiantes de la Escuela Normal Rural Raúl Isidro Burgos de Ayotzinapa, en el estado de Guerrero, sur de México, viajan a la ciudad de Iguala (a 120 km de distancia). Su propósito es recaudar dinero y pedir prestados autobuses para asistir a una manifestación convocada en Ciudad de México para conmemorar el aniversario de la masacre de estudiantes desarmados de Tlatelolco, ocurrida el 2 de octubre de 1968.

Los estudiantes viajan en dos autobuses y “toman prestados” otros tres más de la estación de autobús para continuar su viaje.

Esa noche, hacia las nueve, la policía municipal se enfrenta violentamente a los estudiantes en distintos incidentes en la localidad de Iguala. Las autoridades abren fuego contra los estudiantes. La policía estatal y la federal, así como el ejército, presencian los ataques sin proteger a los estudiantes; aún no está claro si participaron más activamente.

Los sucesos se saldan con la ejecución extrajudicial, aquella misma noche, de tres estudiantes y tres transeúntes. Resultan heridas 25 personas. Cuarenta y tres estudiantes son víctimas de desaparición forzada.

27 – El cadáver de Julio César Mondragón Fontes, estudiante de 22 años, es hallado con la cara desollada y los ojos arrancados. Los familiares de los 43 estudiantes los declaran desaparecidos.

El procurador general del estado de Guerrero abre una investigación sobre los hechos.

28 – Las autoridades locales culpan de los crímenes a los miembros del cártel de la droga Guerreros Unidos y detienen a 22 policías de Iguala.

• Octubre

1 – El alcalde de Iguala, José Luis Abarca, huye y se oculta.

5 – El procurador general de la República de México abre otra investigación sobre la desaparición de los estudiantes, en paralelo a la llevada a cabo por las autoridades del estado de Guerrero.

A petición de las familias de las víctimas, el Equipo Argentino de Antropología Forense (EAAF) empieza a participar en la investigación forense, junto a la investigación del procurador general de la República.

6 – El presidente mexicano, Enrique Peña Nieto, aborda por primera vez la desaparición de los estudiantes en un discurso televisado. Dice: “La sociedad mexicana y las familias de los jóvenes estudiantes que lamentablemente se encuentran desaparecidos demandan con toda razón el esclarecimiento de los hechos y que se haga justicia”.

8 – Miles de personas participan en una manifestación en Ciudad de México para exigir que se encuentre a los estudiantes.

10 – El procurador general de México, Jesús Murillo Karam, informa de que se ha detenido a cuatro personas por la desaparición de los estudiantes, y que se han encontrado otras cuatro fosas comunes en Iguala, Guerrero.

14 – Funcionarios de la Procuraduría General de la República declaran que 28 de los cadáveres hallados en la primera fosa común no pertenecen a los estudiantes.

15 – La policía de Iguala encuentra seis fosas comunes más en la zona.

16 – Enrique Peña Nieto dice que la resolución del caso es una “prioridad” para el estado mexicano.

17 – El procurador general de México, Jesús Murillo Karam, anuncia la detención del presunto líder del cártel Guerreros Unidos, Sidronio Casarrubias Salgado, en relación con la desaparición de los estudiantes.

También informa de que hasta el momento se ha detenido a 36 policías municipales de las localidades de Iguala y Cocula, en el estado de Guerrero, junto con 17 miembros de bandas delictivas, y que se han hallado tres fosas comunes más en Iguala.

22 – Murillo Karam declara que el alcalde de Iguala, José Luis Abarca, y su esposa ordenaron el ataque contra los estudiantes.

23 – El gobernador del estado de Guerrero, Ángel Aguirre, dimite.

29 – Las familias de los estudiantes desaparecidos se reúnen por primera vez con el presidente Enrique Peña Nieto en Ciudad de México.

• Noviembre

4 – El alcalde de Iguala, José Luis Abarca, y su esposa, María de los Ángeles de Pineda, son detenidos en Ciudad de México. Abarca es enviado a una prisión de máxima seguridad.

7 – El gobierno mexicano declara que los estudiantes murieron a manos de miembros del cártel local Guerreros Unidos y que sus cadáveres fueron incinerados en un basurero local.

11 – El equipo de expertos forenses argentino declara que no se ha identificado ninguno de los restos hallados en Cocula, Iguala y La Parota.

12 – Representantes del gobierno mexicano y los familiares de los estudiantes firman un acuerdo para que la Comisión Interamericana de Derechos Humanos nombre un grupo de expertos que ayude en las investigaciones.

18 – El director del Grupo de Trabajo sobre Desapariciones Forzadas o Involuntarias, Ariel Dulitzky, dice: “No hay capacidad de análisis de inteligencia, y todo esto demuestra que el Estado, o no tiene la voluntad, o si la tiene, carece de capacidad para investigar, juzgar, y sancionar los casos de desaparición forzada”.

24 – Los familiares de otras personas desaparecidas en Iguala en incidentes anteriores encuentran ocho fosas comunes en la zona.

Los expertos forenses argentinos informan de que 3 de los 30 cadáveres encontrados en fosas comunes en Pueblo Viejo, en el municipio de Iguala, no pertenecen a los estudiantes.

27 – El presidente Peña Nieto anuncia un plan de 10 pasos para reformar la policía y el poder judicial. Propone la creación de 32 cuerpos de policía estatales y elimina más de 1.800 equipos de policía municipal que, según dice, podrían estar infiltrados en el crimen organizado.

• Diciembre

6 – El Equipo Argentino de Antropología Forense confirma que un fragmento de hueso hallado en una fosa común pertenece a uno de los estudiantes: Alexander Mora Venancio, de 19 años.

7 – Murillo Karam confirma la identificación de Alexander Mora. Declara además que el ex alcalde de Iguala, José Luis Abarca, y su esposa están siendo investigados por desaparición forzada.

Los expertos forenses argentinos declaran que no hay pruebas suficientes que apoyen la teoría de que los restos hallados en el río Cocula fueran incinerados en el basurero local.

• Enero de 2015

14 – El alcalde de Iguala es acusado formalmente de ser el autor intelectual de la desaparición forzada de los 43 estudiantes. Tomas Zerón, director de la investigación llevada a cabo por la Procuraduría General de la República, dice que todas las líneas de investigación se han cerrado.

27 – Jesús Murillo Karam declara que todos los estudiantes fueron asesinados e incinerados en un basurero de Cocula.

• Febrero

1 – Varios agentes de policía y miembros de bandas delictivas detenidos afirman haber sido torturados para que confesaran su participación en la desaparición de los estudiantes.

7 – Los expertos forenses argentinos rebaten la teoría oficial, ya que sus conclusiones fueron prematuras y se basaron en una interpretación sesgada de las pruebas existentes. Los expertos explican que, aunque no existen pruebas forenses que vinculen a los estudiantes desaparecidos con los restos humanos hallados en el basurero de Cocula, existen indicios claros de que al menos algunos de los restos pertenecen a víctimas que no están relacionadas con este caso.

27 – El procurador general de la República, Jesús Murillo Karam, es sustituido por Arely Gómez, senadora del partido en el gobierno, el PRI.

• Abril

8 – Se recibe por primera vez el testimonio de dos conductores de autobús, tras una recomendación formulada por los expertos independientes designados por la Comisión Interamericana para evaluar la investigación.

15 – El grupo de expertos designado por la Comisión Interamericana de Derechos Humanos informa a la Procuraduría General de la República de la existencia de un quinto autobús que, hasta el momento, no se ha incluido en la investigación.

• Julio

29-30 – Se analizan finalmente las ropas halladas en el lugar de los hechos, tras la recomendación de los expertos independientes que evalúan la investigación.

• Septiembre

6 – Un nuevo informe del grupo de expertos designado por la Comisión Interamericana de Derechos Humanos sobre la desaparición de los estudiantes rebate la teoría de que sus cadáveres podrían haber sido incinerados en un basurero, conforme afirman las autoridades, y pone de manifiesto los graves defectos de la investigación sobre el caso, incluidos los graves errores en el manejo de las pruebas.

El presidente Peña Nieto dice que su investigación continúa abierta.

16 – Las autoridades informan a los medios de comunicación de la posible nueva identificación de uno de los restos como pertenecientes a Jhosivani Guerrero de la Cruz.

17 – Los expertos del Equipo Argentino de Antropología Forense aclaran que la coincidencia genética hallada durante los análisis de ADN no es lo suficientemente alta como para ser considerada una identificación positiva de Jhosivani Guerrero de la Cruz.

 

Related articles

• Investigation of 43 Missing Mexican Students Back to Zero
• Disappearances in Mexico, One Year Later: New Theories but Few Answers
• Mexico: Damning Report On Disappearances
• Mexico orders new probe into students’ deaths
• Experts reject Mexican government’s account of 43 students vanished
• ‘Asleep’ For A Year: Aldo Gutierrez, Forgotten Victim Of Mexico’s Ayotzinapa Attacks
• Parents of missing Mexican students demand new investigation
• Mexican cartel leader arrested in connection to disappearance of 43 students
• Cartel member held over 43 student deaths
• Mexican state ‘hid truth’ about how students were killed