Thursday, 25 December 2014

Hack attack aimed at ISIS' opposition





  • Target email speaks to victims who are opposed to ISIS and asks for their help

  • It contains a link to a file sharing site, where a malicious file is hidden among photos

  • Malware is artless, and the writer encrypted it wrong

  • But it's dangerous: Being bare-bones makes it hard for security software to detect




(CNN) -- North Korea, with its previous technologically laggard image, may have just shocked the world with some alleged hacking savvy, but when ISIS comes to mind, so does the terrorists' digital bent.


The Islamist militants renowned for their bloodthirsty beheading videos and slick social media propaganda, may have extended their skills into low-level hacking, a cyber-security human rights group believes.


The Citizen Lab obtained new malware that has targeted the ISIS opposition group "Raqqa is being Slaughtered Silently," or RSS, and released an analysis of it Thursday.


The researchers from the University of Toronto can't confirm that the cyberattack is coming from the Islamic State in Iraq and Syria, especially since the Syrian regime led by Bashar al-Assad has also used Trojan horse software to fight activists since 2011.





Is your information on the deep web?




Cyber footprints of Syria's jihadists




Senior ISIS leaders killed in U.S. strike




ISIS pamphlets regarding women

But the workings of the malware, its intended target and what it achieves for the attacker lead The Citizen Lab to suspect ISIS the most.


ISIS hates RSS


ISIS is particularly motivated to strike RSS.


The Islamist extremist militants like to depict their stronghold city of Raqqa to the world as a caliphate paradise, where life under strictest Sharia is practically Heaven on Earth.


But RSS activists in the city reveal on social media Raqqa's bleeding underbelly, the terrorizing of residents.


Warnings of graphic content speckle its Twitter feed, where photos of public beheadings and stonings of residents in Syrian cities are posted in unflinching detail.


RSS also reports coalition airstrike hits against ISIS and warns Raqqa residents about new strict Sharia rules the militants impose on them.







But activists participating in RSS activities have another enemy. Before ISIS took over their town, they were taking the same actions against the Syrian regime.


Slapdash malware


The Raqqa target who passed along the malware to The Citizen Lab did not fall for its ploy, and the group was not successfully hacked, as far as The Citizen Lab researcher John Scott-Railton knows.


But he fears others who may have received the target email may not have been so savvy or lucky.


The malware used in the attack is simple and lean, and whoever wrote it did some things wrong -- or felt it wasn't necessary to do them right.


The Citizen Lab found the malware to be effective and very dangerous even without proper coding whistles and bells, because its targeting of victims is socially savvy.


This is how it works.


The victim receives an enticing email tailored to his anti-ISIS interests from people claiming to be expat Syrian activists living in Canada. They ask for the local activist's help in working with mainstream media.




ISIS opponents receive mock airstrike photos in malware target email

ISIS opponents receive mock airstrike photos in malware target email



"We are preparing a lengthy news report on the realities of life in Raqqah," the email reads. "We are sharing some information with you with the hope that you will correct it in case it contains errors."




ISIS opponents receive malware target emails containing fake activist photos

ISIS opponents receive malware target emails containing fake activist photos



Images are attached showing areal photos with spots marked on them portraying alleged ISIS strongholds and U.S. airstrike targets


And the email includes a link to a file sharing site, where the victim is encouraged to download files, which contain a slideshow of more such images.


But in the download is also a malicious file, and while the victim views more photos, it installs a set of small malware files onto the target's computer.


Find them, punish them


Once there, these bad files don't do much, The Citizen Lab said. Just enough.


"The custom malware ... beacons home with the IP address of the victim's computer and details about his or her system each time the computer restarts," it said in its study.


That's enough for militants who know the area to determine the user's physical location.


The files don't include a key logger -- although many forms of the software that monitors what infected users are writing are readily available on the Internet.





ISIS and the power of terror




THIS is more of a threat than ISIS

Such RATs (Remote Access Trojans) are typical of the Syrian regime, whose hackers seems more interested in obtaining opposition activist content, the researchers Scott-Railton and Seth Hardy said.


"A RAT would have provided much greater access alongside IP information," they said.


It makes the researchers think that whoever is using the slideshow malware may be interested only in "identifying and locating a target."


Find his Internet café or apartment; haul him in; punish him -- or execute him. That's probably the idea, The Citizen Lab said.


American journalist James Foley, who ISIS later beheaded, was captured coming out of an Internet café in Syria in 2012 before ISIS officially existed.


Regime's signature different


This attempted hack doesn't bear the signature of typical Syrian regime attackers, The Citizen Lab said.


They usually employ servers to facilitate data sent back by their RATs, but this malware doesn't need one. It sends an attachment with the sparse information it gathers to an email account.


"This functionality would be especially useful to an adversary unsure of whether it can maintain uninterrupted Internet connectivity," the researchers said.


Whether shoddiness or simplicity: That email is improperly encrypted, leaving the recipient's logon credentials open to interception. One of the malware's passwords is also visible in its code.


There are other apparent bugs, and software itself is unusually artless.


"It relies on a half dozen separate executable files, each with a single task," the researchers said.


But keeping it bare bones has an advantage, the researchers said.


"The program looks less like malware, and may attract less attention from endpoint protection tools and scanners. Detections were low when the file was first submitted to VirusTotal, for example. It registered only 6/55 detections by anti-virus scanners, or a 10% detection rate."


This malware flies under the radar.







-



How to decode a TripAdvisor review






Complaints outside a business's control don't make for a useful review. We know it hurts, we know somebody needs to pay, but if your team loses, it's hardly the bar's fault. Complaints outside a business's control don't make for a useful review. We know it hurts, we know somebody needs to pay, but if your team loses, it's hardly the bar's fault.

There's almost always something good that can be said about terrible things. Any reviewer who can't summon one is probably still working out high school angst.There's almost always something good that can be said about terrible things. Any reviewer who can't summon one is probably still working out high school angst.

"Coronation Street" star Jimmi Harkishin (Dev Alahan) isn't going to be at this bar every night, for everyone to meet. Mentioning your chance encounter isn't useful. "Coronation Street" star Jimmi Harkishin (Dev Alahan) isn't going to be at this bar every night, for everyone to meet. Mentioning your chance encounter isn't useful.

Your baby might have been born right after you had a tomato bisque at this restaurant, but that association doesn't make a review relevant. In fact, if it is, the place is probably best avoided. Your baby might have been born right after you had a tomato bisque at this restaurant, but that association doesn't make a review relevant. In fact, if it is, the place is probably best avoided.

Contribution counts beside each TripAdvisor and Yelp review hint at whether a user is being sincere or just popping in to prop up a business.Contribution counts beside each TripAdvisor and Yelp review hint at whether a user is being sincere or just popping in to prop up a business.

Excessive use of exclamation points (!!!!) and ad-speak jargon like "breathtaking," "unparalleled" and "fahrvergnügen" should raise red flags. Excessive use of exclamation points (!!!!) and ad-speak jargon like "breathtaking," "unparalleled" and "fahrvergnügen" should raise red flags.

After raining praise on the food at London's Gordon Ramsay restaurant, one TripAdvisor alarmist closed his one-star review with a diatribe about babies, demanding "that seats in this august room are only given to guests who can speak. Gordon... Its either the babies or me." [sic] After raining praise on the food at London's Gordon Ramsay restaurant, one TripAdvisor alarmist closed his one-star review with a diatribe about babies, demanding "that seats in this august room are only given to guests who can speak. Gordon... Its either the babies or me." [sic]

Any review that begins, "For those who actually read my other reviews ..." is probably a little deluded. These are the people who bludgeon their Facebook friends with photos of their every meal. Anything from a reviewer with a hyper-inflated review count should be read with skepticism.Any review that begins, "For those who actually read my other reviews ..." is probably a little deluded. These are the people who bludgeon their Facebook friends with photos of their every meal. Anything from a reviewer with a hyper-inflated review count should be read with skepticism.


Nothing in this world is one-size-fits-all -- reviews of the same check-in experience on the same day at the same hotel, for instance, can yield wildly varying results. Some workmanlike reviewers toil thoughtfully and thanklessly for the betterment of all mankind. These, finally, are the reviewers to trust.

Nothing in this world is one-size-fits-all -- reviews of the same check-in experience on the same day at the same hotel, for instance, can yield wildly varying results. Some workmanlike reviewers toil thoughtfully and thanklessly for the betterment of all mankind. These, finally, are the reviewers to trust.


Even a review titled "<a href='http://ift.tt/1lOwuJU' target='_blank'>Found a tooth in my food</a>" (not from this noodle-feasting gent) was prefaced by, "Usually they have good food ..." A review like this with a blend of positives and negatives is usually more reliable.

Even a review titled "Found a tooth in my food" (not from this noodle-feasting gent) was prefaced by, "Usually they have good food ..." A review like this with a blend of positives and negatives is usually more reliable.









  • User reviews are useful -- except when motivated by anything other than usefulness

  • Some reviews are odd -- such as complaining about too much sand at the beach

  • Best reviews offer an opinion, but also inform about the facts




(CNN) -- Professional travel reviewers are like prickly old movie critics -- once they've done enough traveling, dining and lodging, they can become weary and entitled, taking for granted the joys that accompany nightly turn-down service or unlimited bread sticks.


That's partly why user reviews on sites like TripAdvisor, Yelp and Google+ Local have become so useful.


But user reviews, too, have their shortcomings.


And if they're not complaining about too much sand at the beach, or too much Spanish in Spain, you may not know what they are.


Woody Hayes, the legendary Ohio State football coach, once opined of throwing the ball, "There are three things that can happen when you pass, and two of them ain't good."


Likewise, there are five kinds of online user review -- prompted by five basic motives -- and four of them are almost completely worthless.


Make sure you know which is which before you stake your next global game plan on TravelFreak1979's portfolio of reviews.


Motive No. 1: Wrath




Six bad capsules or one great experience? Reviews are a state of mind.

Six bad capsules or one great experience? Reviews are a state of mind.



Whether it's anger over a disappointing product or service, conniving competition or a disgruntled former employee, this makes the user less a reviewer than a vigilante.


A reviewgilante, if you will.


Telltale signs include:


Nothing good to say


Chernobyl has a delightful little self-lit café.


There's almost always something good that can be said about terrible things, and any reviewer who can't summon one is probably still working out high school angst.


Complaints outside the business's control


Legitimate criticisms about environmental noise or area safety can be helpful.


Bellyaching because a fellow patron's suicide leap "spoilt" your vacation karma, however, is not.


Commandments


"Avoid this place!" "Don't eat here!" "Stay away!"


You're not the boss of the Internet, JDWAG2309.


Defensiveness


Chippy travelers with Napoleon complexes can find condescension in a clothing label, so any service that's not accompanied by groveling is going to earn a sternly worded tirade.


If you read something to the effect of "... our waitress smirked when we thanked her for deigning to bring us another round of gravy boats ..." that reviewer doesn't need dinner, she needs a prescription.


Elitism


Foremost among the complaints warranting a one-star review of the second highest-rated hotel in Sydney: a king bed that was really just two twins pushed together and an iPad that wouldn't turn off.


If room service gets the wrong reviewer's white truffle and caviar kobe burger wrong, there's going to be hell to pay.


MORE: 10 top destinations to visit in 2015


Motive No. 2: Euphoria




We like exuberance, but sometimes the euphoria gets out of hand.

We like exuberance, but sometimes the euphoria gets out of hand.



The flip-side of wrath, euphoria is the result of an overabundance of tittering satisfaction.


Whatever the reasons for their extreme joy over a complimentary bowl of beer nuts or an extra towel, these people should be avoided on- and offline.


Telltale signs include:


Nothing bad to say


Kate Middleton had eczema.


The sound from a Stradivarius is the result of asymmetrical flaws in its production.


There's almost always a hole that can be punched in even the most perfect things, and any reviewer who can't fathom one isn't sharing the same reality most of the rest of us live in.


Experiences no one else will have


It's truly awesome that management took such great care of you.


But remarking, "The desk clerk is from my same village in Nottinghamshire, so he upgraded us from a supply closet to a 24-room villa!" is a one-time-only experience that's just distorting the curve for the rest of us.


Irrelevant praise


Where it's hard for reviewgilantes to find anything good to say about a place, euphoriacs are so full of gratitude they credit businesses with benefits they had nothing to do with.


Take a five-star TripAdvisor review of the UK's Depa Indiana restaurant titled "19 yrs ago, had a curry here & gave birth that same evening :)."


Unless this observation actually is relevant, in which case this restaurant, too, is to be avoided at all cost.


Motive No. 3: Profit




A reported 16% of Yelp restaurant reviews are fake.

A reported 16% of Yelp restaurant reviews are fake.



According to a Harvard study, 16% of Yelp restaurant reviews are fake.


Telltale signs of a phony review include:


It's the author's only review


Contribution counts beside each TripAdvisor and Yelp review hint at whether a user is being sincere or just popping in to prop up a business.


Words real people don't use


In their zeal to liven up the garden-variety contributions of real reviewers, fakers use lofty ad-speak words like "breathtaking," "succulent," "unparalleled," "mouth-watering," "sumptuous" "thrilling" and "fahrvergnügen."


Exclamation points


Life!!! Just isn't!!!!! This exciting!!!!!!!


Life stories


A Cornell study found that fake reviews center more on first-person narratives, like details about a travel partner and reasons for a trip.


Real reviews focus on specifics like bathroom size and pricing because they're boring and useful.


Admissions of fraud


It's not often someone confesses to getting kickbacks for their reviews, but it sure is appreciated when they do.


Magic Smile, one of the businesses implicated by the New York State Attorney General's office in its investigation of fake Yelp reviews, features this glowing endorsement: "I'm getting a free touch up for reviewing them here on yelp and that is just very cool!"


MORE: 14 amazing cruises setting sail in 2015


Motive No. 4: Status




If you\'re taking on this guy, it better not be for attention.

If you're taking on this guy, it better not be for attention.



The most unseemly of all motivations -- yes, even more than profit -- is that of the user who derives a kind of online celebrity from the number of reviews they've written.


Telltale signs include:


Self-absorption


The Hunter S. Thompsons of TripAdvisor, power users often make their reviews about themselves.


One TripAdvisor alarmist, after raining praise on the food at London's Gordon Ramsay restaurant, closed his one-star review with a diatribe about babies, demanding "that seats in this august room are only given to guests who can speak. Gordon... Its either the babies or me." [sic]


It's the author's 10,000th review


Professional writers get paid by the word and they don't write this much.


Forced humor


Everyone's a comedian.


Except that almost no one is a comedian.


Cute, snarky and glib, these reviews are packed with more rim-shot one-liners than a ... aw, hell, now they've got us doing it.


Motive No. 5: Duty




The most dutiful reviewers highlight the sweet and the sour.

The most dutiful reviewers highlight the sweet and the sour.



Awarding three stars may be like kissing your sister, but somebody's got to occupy the reasoned middle.


Here is where, without agenda, workmanlike reviewers toil thoughtfully and thanklessly for the betterment of all mankind.


These, finally, are the reviewers to trust.


Telltale signs include:


Concessions


Conscientious reviewers understand polarity -- that there are positives and negatives associated with everything.


Even a review titled "Found a tooth in my food" was prefaced by "Usually they have good food ..."


One reviewer who's been to Hedonism II 17 times still hasn't given it more than four stars.


Context clues:


Nothing in this world is one-size-fits-all, making distinguishing details about the reviewer helpful when trying to get your bearings as a reader.


A qualifying hotel review might read, "I'm 250 pounds, so I found the bathrooms at the Smurf Hotel a little cozy for my tastes ..."


That's it, actually


Despite what you may have heard, sober objectivity when reporting is remarkably simple.


MORE: $611,000 fine as TripAdvisor gets bad review in Italy


Originally published March 2014, updated December 2014.


Jordan Burchette has edited and written for several dozen magazines and websites including ESPN, Comedy Central, Thrillist and Woman's Day.



'Downton Abbey' opens for guests






"Downton Abbey" uses Highclere Castle for exterior shots of the fictional Crawley family estate. The TV series portrays an enchanting aristocratic lifestyle."Downton Abbey" uses Highclere Castle for exterior shots of the fictional Crawley family estate. The TV series portrays an enchanting aristocratic lifestyle.

Now, fans of "Downton Abbey" can spend a weekend at Highclere Estate, where the show is filmed. Situated north of the castle, London Lodge will open to guests on Valentine's Day 2015.Now, fans of "Downton Abbey" can spend a weekend at Highclere Estate, where the show is filmed. Situated north of the castle, London Lodge will open to guests on Valentine's Day 2015.


Originally built around 1840, the lodges were left derelict for decades. It took two years for the owners, the Earl of Carnarvon and his wife, to restore London Lodge.

Originally built around 1840, the lodges were left derelict for decades. It took two years for the owners, the Earl of Carnarvon and his wife, to restore London Lodge.

The cozy cottage-style lodges each have a wood-burning stove, full kitchen, double bedroom and bathroom with tub and dressing room.The cozy cottage-style lodges each have a wood-burning stove, full kitchen, double bedroom and bathroom with tub and dressing room.

The two self-catering lodges are available on specific weekends, when the castle is open to visitors. Prices start at $545 per night.The two self-catering lodges are available on specific weekends, when the castle is open to visitors. Prices start at $545 per night.

The lodge accommodates two and sits a mile away from the picturesque Highclere Castle.The lodge accommodates two and sits a mile away from the picturesque Highclere Castle.

Paths from London Lodge wind through the estate to Dunsmere Lake, The Temple of Diana and lookout spots toward the castle. The estate's gatehouse was built in 1793.Paths from London Lodge wind through the estate to Dunsmere Lake, The Temple of Diana and lookout spots toward the castle. The estate's gatehouse was built in 1793.

ITV's award-winning series is filming its sixth season at Highclere. With more than 11 million viewers, the show airs in more than 120 countries.ITV's award-winning series is filming its sixth season at Highclere. With more than 11 million viewers, the show airs in more than 120 countries.









  • Highclere Castle is the posh British mansion that doubles as Downton Abbey in the UK television series

  • The castle's 170-year-old London Lodge accommodation is now available for weekend bookings

  • The lodge comes complete with a fully equipped kitchen, but sadly no servants




(CNN) -- Downton Abbey, with its snooty aristocrats and even snootier butlers, has never been somewhere for the likes of us.


Until now.


Highclere Castle, the posh British mansion that doubles as Downton in the long-running UK television series, is opening up rooms to paying guests.


Bookings are now being taken for London Lodge, an historic gateway that forms a grand entrance to Highclere's extensive grounds in the countryside west of London.





'Downton Abbey' cast swoons over Clooney

Built around 1840, the "unique and luxurious" accommodation for two has, according to the estate, been restored over the past two years by the current Earl of Carnarvon and his wife (although they may have had help).


The rooms are split across the two buildings flanking the original gateway built in 1793.


Majestic Victorian castle


On one side there's a kitchen and sitting room arranged around a wood-burning stove.


On the other there's a double bedroom, bathroom and dressing area.


There are no servants quarters, so guests shouldn't expect white-gloved flunkeys delivering their morning newspaper.


And, since it's unlikely to available during filming, there's little chance of being witheringly insulted by the acid-tongued Dowager Duchess of Grantham.


What is on offer is a chance to gaze enviously at one of Britain's most majestic Victorian castles and the surrounding 6,000 acres of parkland.


Situated to the north of the castle, the lodge will be available for Valentine's Day 2015 and for selected weekends through the spring and summer.


There's no need to ask Carson to make the reservation. Weekend stays, priced from $545 per night, can be booked via the castle's website.


Highclere Castle , Newbury, Berkshire; +44 1635 253210



A 3-minute tour of Sri Lanka





  • A team of wedding cinematographers on a two-week trip have produced a stunning video of Sri Lanka

  • Dancers, festivals, tea plantations and elephants are featured

  • The video's cliff jumper earns a living performing frightening feats for tourists




(CNN) -- They met a daring cliff jumper.


They followed the path of religious pilgrims.


They negotiated with a road-blocking elephant.


And then a team of Australia-based cinematophers on a two-week road trip through Sri Lanka produced a three-minute memoir of their trip that ranks as the most "I wanna go there!" videos we've seen in a while.


"We all have Sri Lankan backgrounds and as we were growing up, we heard many stories from our parents about their childhoods in Sri Lanka," says Rukshan Fernando, co-founder of Melbourne-based Ferndara Creative and Creative Motion Cinematography.


Together with Ferndara co-founder Chamik Bandara and assistant Niha Sathasivam, the team has traveled often to Sri Lanka to film destination weddings for private clients.


But they'd never ventured beyond the tourist areas or towns in which they were paid to film.


On their latest trip, however, the group decided to hop in a minivan and go on a "very spontaneous and completely unplanned trip."


"We decided that for this work trip, we would set aside some time for ourselves to experience what life in Sri Lanka is like," says Fernando.




Team of cinematographers. Left to right: Rukshan Fernando, Chamika Bandara, Niha Sathasivam.

Team of cinematographers. Left to right: Rukshan Fernando, Chamika Bandara, Niha Sathasivam.



They got that and more -- as the video above illustrates -- as Fernando explained to CNN.


CNN: What are your favorite scenes in the video?


Rukshan Fernando: The elephants on the road is an interesting scene [0:20].


Some of the wild elephants in Sri Lanka are accustomed to blocking the road until they're fed.


Feeding wild animals is not permitted, but many people will throw food for the elephants so they eat and move on.


Another scene is the man cliff-jumping [0:22, 1:58], which was breathtaking and frightening at the same time.


He jumped with such ease then climbed back up the cliff without any support and was ready to jump again.


CNN: What's the cliff jumper's story?


Fernando: The cliff-jumping scene was shot at Galle Fort near the Galle Lighthouse.


He introduced himself as Red -- short for Reddog, his family name.


According to Red, he makes a living out of it and has been doing the jumps for a very long time now.


He jumps off the cliff for the amusement of tourists, usually for a small fee, around 1,000 rupees ($7).


There's a rock that juts out so the jump has to be precise, adding to the suspense.


CNN: Who's the solo dancer at the beginning and end of the video?




The Ferndara team travels frequently to Sri Lanka to film weddings.

The Ferndara team travels frequently to Sri Lanka to film weddings.



Fernando: She's Miurangana Fernando, a 23-year-old who has been dancing for 10 years.


Fernando's an accomplished dancer and dance instructor in the seaside town of Wennapuwa who has completed her arangetram (an important stage debut).


We featured her at the start and end, performing Tanze (Uda Rata Natum) Ves Tanz "Ves" dance, the classical Sri Lankan Kandyan dance from the hill city, Kandy.


CNN: What's the great looking festival that pops up?


Fernando: At almost the one-minute mark an elephant adorned in fancy garments is paraded through the street for Kataragama Peraphera.


This is one of the biggest celebrations in Sri Lanka and a pilgrimage for Sri Lankans.


Thousands of people show up, some walking for days to make it to Kataragama, which was a major capital of an ancient kingdom called Ruhuna.


We filmed on the final night, which included performances by up to 50 separate dance troupes, highlighting various dance traditions in Sri Lanka.


CNN: How about the tea plantations?


Fernando: The tea plantations are in Nuwara Eliya, a two- to thee-hour drive from Colombo.


The region is the premium tea plantation area due to its cold, foggy climate.


They actually belong to different companies that have been around since the British colonial period, with only little stumps and markers separating different plantations.




Tea plantations in Nuwara Eliya.

Tea plantations in Nuwara Eliya.



It has a very European and colonial feel, and used to be called Little England.


CNN: Any tips for photographing Sri Lanka?


Fernando: Smile.


If you smile at someone when filming them, this usually puts them at ease.


Sri Lankans are very welcoming and tolerant, usually they have no issue with being filmed or photographed.


It's also appreciated if you show them the photographs or clips.


This might lead to further opportunities to film more closely or do a re-take of something important you may have missed.


CNN: What were the challenges?


Fernando: The best way to get around is driving, but the roads aren't well developed in some areas.


There's lengthy travel time even for short distances.


Unexpected traffic also causes missed moments like sunsets or sunrises.


Getting permission at various venues can sometimes take a lot of effort and communication.



8 best vines in politics 2014


Joe Biden gets Vine'd


(CNN) -- Whether it's competing in a guitar battle or doing a karate kick in costume, there's a lot a politician can do in six seconds. With that, I give you the best Vines in politics for 2014:


1. Joe Biden goes into take a selfie while wearing a baseball cap, and it's really a Vine. Oh yes, the girl taking the Vine knows exactly what she's doing. #Biden'd


2. Michelle Obama's vegetable take on DJ Snake and Lil Jon's "Turn Down for What"


3. 77-year-old Rep. Jim McDermott, D-Washington, paid tribute to martial arts icon, Bruce Lee. And, no, this was not for Halloween.


4. A guitar battle that took place on not one, but two Vine accounts, where Rep. Keith Ellison, D-Minnesota, and Rep. Joe Crowley, D-New York, challenged each other with six-second Prince cover jam sessions:


5. Crowley's challenge:


6. Sen. Chris Murphy, D-Connecticut, went all meta, capturing Sen. Tim Kaine, D-Virginia, rocking out on the harmonica with a blues guitarist WHO KNEW?! #BFFs


7. Donald Trump got political, giving Miley Cyrus some advice:


8. And lastly, Rep. Eric Swalwell, D-California, toured DC in Google's self-driving car. Vine-selfie included:


That's a wrap for 2014. I can only imagine what the new year will bring.



How celebs are celebrating the holidays

Woman's drug probe 'nightmare' is over


American Stacey Addison was arrested September 5 while traveling solo in East Timor.


American Stacey Addison was arrested September 5 while traveling solo in East Timor.






  • Stacey Addison was detained by police in September during a taxi journey

  • She says another passenger in the cab picked up a package containing drugs

  • Addison was on a nearly two-year trip around the world

  • She is awaiting return of her passport so she can go back to the United States




Dili, East Timor (CNN) -- American traveler Stacey Addison says she was detained for months in East Timor because she unwittingly shared a taxi with a stranger carrying methamphetamine. Now she's out of jail -- and a guest of a former East Timor leader.


Addison, 41, of Oregon, was released from an East Timor prison Thursday, nearly four months after her initial arrest in the small Southeast Asian nation in a drug case in which she says she's innocent.


Addison appeared before reporters Thursday at the home of former East Timorese President and Nobel Peace Prize laureate Jose Ramos-Horta, who says he'll host her temporarily at his home.


Details on the reasons and conditions for her release, or when she would be able to leave the country, weren't available. She couldn't leave immediately Thursday, because her passport -- seized during the investigation -- had not been returned.


The U.S. State Department welcomed the decision, according to department spokesperson Jen Psaki, but confirmed that Addison remains in Timor-Leste where the government still retains her passport.


Both she and Ramos-Horta said they would not discuss details of the case.


Addison was asked what she would do when she is able to obtain a passport. Her answer: "Go home."


"I don't think my mom would ever forgive me if I didn't come home immediately and stay for a while," she said.


Addison's arrest in September was an unexpected bump in what had been a multi-year trip around the world.


She said she had been traveling solo since January 2013, having quit her job as a veterinarian to explore the globe. On September 5, she was sharing a cab from near the Indonesian border to the East Timor capital of Dili.


On the way, a fellow passenger asked to stop to pick up a package at a DHL office, her mother, Bernadette Kero of Oregon, has told CNN. After the man picked up the package, police surrounded the car and arrested the occupants, according to Kero.


The package was found to contain methamphetamine, Addison has said.


She initially was held for four nights, and a judge released her -- but prevented her from leaving the country while the case was still being investigated -- after the man testified that he didn't know her, Kero said.


In late October, during a court appearance where she thought she'd retrieve her passport, a judge ordered her arrest again and sent her to Gleno prison outside Dili.


Paul Remedios, a lawyer representing Addison, said at the time that the court detained her again because there was a warrant for her arrest, and that the reason for the warrant was unclear.


Addison said Thursday that she had petitioned for her release earlier this month, but didn't expect to be released on Thursday.


"I had kind of thought it wouldn't happen because it's Christmas -- that everything would be closed," she said. "I knew there was a petition pending, but it had been three weeks and I had heard nothing."


Kero told CNN last month that the case was a "nightmare." On Thursday, she said her daughter's release was "the best Christmas present I could imagine."


"The past four months have been an extremely stressful time for all of us," Kero wrote in an email Thursday. "Of course we are now hoping that her passport will be returned and she will be able to return home to Oregon very soon.


"Her lawyer will work on getting her passport released. I just want to be able to see her and give her a big hug."


Journalist Wayne Lovell reported from Dili, CNN's Kristina Sgueglia reported from New York, and CNN's Jason Hanna wrote in Atlanta. CNN's Jethro Mullen and Susan Candiotti contributed to this report.