Data is assessed by our team members

Investigations can reveal some very sensitive & personal data. This intel is assessed by us & closely guarded used only for the purpose of fullfilling the needs of our clients to achieve the results we are commissioned to undertake More »

Team leader heads a group of professional investigators on the ready

We are proud to have access to the finest team members & discreet qualified persons who pride themselves in obtaining results for our clients where others fail. More »

The latest technology & equipment allow us to keep our finger on the intel pulse

Scientific apparatus & technical staff allow us to get sensitive & usefull information by utilizing the latest technology in getting information for our clients.The storage, use & availability of this data is done with great care More »

Communications between team members & networks is critical

In these days of world wide communications being at a peak of efficiency, the task of passing on & receiving information in the blink of an eye becomes possible between our team members & the network we have access to More »

Team leader & CEO of the intel agencies group is Donna-Lee Sapiecha Eyers

Donna-Lee is here at her graduation law degree ceremony proudly supported by her mother Karen, her sister Sharah-Lee & father Henry More »

 

Five Eyes, Nine Eyes & 14-Eyes Countries and VPNs Important to know when using (or planning to use) a VPN

The content herein is part of an article published in a VPN site where at the end of this short introduction there will be a link to take you to a lot more viewpoints & info. ENJOY.

This article will discuss available VPNs in relation to the 5 Eyes, the 9 Eyes and the 14 Eyes government surveillance alliances.

Encryption is the only way to protect private communications. While there are encrypted messaging systems that can be used for direct correspondence, virtual private networks (VPNs, also based on encryption) are the best tools for hiding internet activity, such as which websites are visited. Again, there are valid reasons to do so: to protect the privacy of religion, sexual orientation and sensitive medical conditions; all of which can be inferred from visited websites.

Background

During the second world war, US and UK intelligence agencies worked closely on code-breaking. After the war, the UK center at Bletchley Park evolved into the Government Communications Headquarters (GCHQ). The American service evolved into the National Security Agency (NSA). In 1946, the working relationship between the two countries was formalized in the UKUSA agreement. It worked on signals intelligence (SIGINT); that is, the interception and analysis of adversarial telecommunications.

In order to provide global coverage for communications interception, Australia, New Zealand and Australia joined the UK and the USA – and became known as the Five Eyes.

However, such is the NSA’s global dominance of intelligence gathering, other countries have sought to cooperate in return for specific ‘threat’ information from the NSA. This has led to other SIGINT groupings: the 9 Eyes and the 14 Eyes.

The operation of these intelligence agencies was long kept secret. As global communications have increased – and as perceived threats have grown (first in the Cold War between east and west and more recently in the ‘war on terror’), the 5 Eyes in particular began to secretly use technology to gather everything for later analysis. GCHQ, for example, had a secret project called Mastering the Internet. None of this was publicly known.

In 2013, NSA whistleblower Edward Snowden leaked thousands of top secret NSA and GCHQ documents showing, for the first time, the extent to which national governments spy on everybody. It is always done in the name of ‘national security’, and both the relevant agencies and their governments insist on their right to do so.

MORE HERE

Henry Sapiecha

Labor senator Sam Dastyari warned wealthy Chinese donor Huang Xiangmo his phone was tapped

Labor senator Sam Dastyari warned Chinese Communist Party-linked political donor Huang Xiangmo last year that his phone was likely tapped by government agencies, including the US government.

Before the two spoke, Mr Dastyari gave Mr Huang counter-surveillance advice, saying they should leave their phones inside and go outside to speak.

The face-to-face meeting between the pair in the grounds of Mr Huang’s Mosman mansion in Sydney last October came several weeks after Mr Dastyari quit the frontbench over his dealings with Mr Huang.

It also occurred after ASIO briefed senior political figures, including from the Australian Labor Party, that Mr Huang was of interest to the agency over his opaque links to the Chinese government.

Security agencies have the capacity to use mobile phones as surveillance devices without a user’s knowledge.

A Canberra source with knowledge of the meeting said on background that Mr Dastyari blamed the US government for the scandal that earlier enveloped him and Mr Huang and said he was the subject of surveillance, including by the US government.

Details of the phone tap warning and other dealings involving the pair have been collected by national security officials, Fairfax Media has confirmed, and the revelations are likely to spark debate about sweeping reforms proposed by the Turnbull government to counter foreign interference in Australia.

Attorney-General George Brandis said the revelation raised questions about Mr Dastyari’s loyalty.

“This comes at a time when members and senators are under intense scrutiny over whether they hold dual citizenship. Of the 226 Australians elected at the 2016 federal election, the person whose allegiance to Australia is most in question is Sam Dastyari,” Mr Brandis said.

The Mosman meeting occurred more than a month after media reports in early September last year that ASIO’s top spy, Duncan Lewis, had warned Labor “that some of their donors had strong links to the Chinese Government”.

Those same media reports also detailed dealings between Mr Dastyari and Mr Huang. Among them were that Mr Huang had paid a $5000 legal bill for Mr Dastyari, and that Mr Huang had told a Chinese Communist Party newspaper that “political demands and political donations” should be linked.

Also among the revelations that damaged Mr Dastyari were comments he reportedly made at a press conference with Mr Huang that contradicted Labor policy on the South China Sea, and echoed Beijing’s policy position.

These events led to Mr Dastyari’s resignation from the Labor frontbench on September 7 last year.

Two Labor sources have also confirmed that, shortly after these events, Opposition Leader Bill Shorten warned Mr Dastyari through a “back channel” that ASIO had concerns about Mr Huang. Mr Shorten’s office declined to answer questions about if or when this occurred, although a source with first-hand knowledge of the ASIO warning relayed to Mr Dastyari said it was generic and did not contain any classified information known to Mr Shorten.

On Monday, Fairfax Media asked Mr Dastyari why he had told Mr Huang his phone was tapped, and why he advised him to move outside his house and not to speak near his phone.

Mr Dastyari responded: “I reject any assertion that I did anything other than put to Mr Huang gossip being spread by journalists.”

Fairfax Media also asked Mr Dastyari why he met Mr Huang in person, rather than calling him, and why he thought a face-to-face meeting was appropriate weeks after the extensive public reporting about ASIO’s concerns regarding Chinese Communist Party-connected donors.

Mr Dastyari said: “After the events of last year, I spoke to Mr Huang to tell him that I did not think it was appropriate that we have future contact. I thought it was a matter of common courtesy to say this face to face.”

Mr Dastyari has since begun his public rehabilitation, and was promoted to deputy senate whip in February.

Mr Dastyari said on Monday: “I have never received a security agency briefing, or received any classified information about any matter, ever. I’ve never passed on any protected information – I’ve never been in possession of any.”

His statement did not address what fellow Labor officials had told him about Mr Huang.

Mr Huang, a billionaire property developer, has close ties to the Chinese consulate in Sydney and, until the weekend, headed a Sydney organisation aligned with the Chinese Communist Party’s political lobbying and propaganda agency, the United Front Work Department.

On Saturday, Mr Huang stepped down as chairman of the Australian Council for the Promotion of the Peaceful Reunification of China (ACPPRC), and was lauded as a “banner” and likened to a patriotic flag who had made “heroic achievements” in the past year.

On September 14, 2016, weeks prior to the Mosman meeting, US ambassador John Berry said the US was concerned about Chinese government involvement in Australian politics, in remarks reported in connection to Mr Dastyari’s dealings with Mr Huang.

On September 28, also prior to the meeting, Mr Huang dispatched members of the ACPPRC for a meeting in Beijing with a senior Chinese government official, who directed the members to “make allies to obtain international support” and contribute to the “great revitalisation of the Chinese nation”.

ASIO began an assessment of Mr Huang’s citizenship application in early 2016. The application remains blocked by ASIO and, earlier this year, national security officials interviewed Mr Huang at a secure Sydney CBD location.

Fairfax Media and Four Corners have previously revealed that after the citizenship request first stalled in early 2016, Mr Huang asked Mr Dastyari to intervene on his behalf. Mr Dastyari or his office called immigration officials four times in the first six months of 2016, but the senator has described this contact as routine.

The Turnbull government is planning to introduce news laws this year to counter foreign interference from Beijing and other nations and require agents or official advocates of foreign governments to register under a foreign agents registration act. The latter reform may concern ex-senior Liberal and Labor figures who work for companies or institutions controlled or directed by Beijing or its proxies.

A former intelligence officer told Fairfax Media that the instruction to Mr Huang to talk not within the vicinity of his phone amounts to counter-surveillance advice. Mr Dastyari is a security-conscious member of federal parliament who, along with many colleagues, uses encrypted applications to communicate.

Henry Sapiecha

Intel: We’ve found severe bugs in secretive Management Engine, affecting millions

An attacker can use Intel’s flaws to run malware that’s invisible to the operating system.

 Intel’s self-learning AI chip aimed at autonomous machines

Thanks to an investigation by third-party researchers into Intel’s hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers.

The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS).

Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code.

The researchers in August published details about a secret avenue that the US government can use to disable ME, which is not available to the public.

Intel ME has been a source of concern for security-minded users, in part because only Intel can inspect the firmware, yet many researchers suspected the powerful subsystem had bugs that were ripe for abuse by attackers.

Goryachy and Ermolov will present their research on an ME flaw at Blackhat in December, detailing how an attacker can run unsigned code in the microprocessor and remain invisible to the main CPU and any anti-malware software.

ME runs on its own microprocessor and, as a Google engineer recently revealed, a modified version of the MINIX operating system.

Google was so afraid of UEFI and Intel ME that it created NERF, or the Non-Extensible Reduced Firmware, which it uses to manage Chromebooks. NERF runs on a Linux kernel rather than MINIX and removes ME’s web server and IP stack, key EUFI drivers, and neuters the ability for ME and EUFI to self-reflash the firmware.

The ME engine supports Intel’s Active Management Technology (AMT), which allows admins to remotely manage and fix devices.

A flaw discovered this May in AMT, which affected chips from 2008, highlighted another problem: patching it required an ME firmware update on machines that hardware vendors had stopped supporting. Only enterprise machines with vPro were affected, but the bug prompted EFF’s demands for Intel to provide a way to disable ME.

Similarly, patching machines will depend on OEMs pushing Intel’s fixes to devices. So far, Intel only lists Lenovo as having fixes available.

To help users address the current batch of bugs, Intel has released a detection tool for Windows and Linux systems, which displays a risk assessment of the system. Intel says the bugs may affect PCs, servers, and IoT platforms.

The bugs affect systems using Intel’s 6th, 7th, and 8th Generation Core CPUs, a range of Xeon processors, as well the Apollo Lab Atom E3900 series, Apollo Lake Pentium, and Celeron N and J series chips.

Intel says the flaws would allow an attacker to “Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity”.

The attacker could also load and execute arbitrary code that would be invisible to the user and operating system.

The highest severity issue was the flaw discovered by Goryachy and Ermolov, which concerned multiple buffer overflows in the ME’s kernel. Intel’s audit found several other high-severity buffer overflows in AMT in the ME firmware, TXE, and SPS.

One of the flaws it found would allow a remote attacker to execute arbitrary code if they had Admin access.

Intel unveils the 8th Gen Intel Core processor family and launches the first of the family on Monday, Aug. 21, 2017. The 8th Gen Intel Core processors are designed for what’s next and deliver up to 40% gen over gen performance boost. (Credit: Intel Corporation)

The bugs affect systems using Intel’s 6th, 7th, and 8th Generation Core CPUs, and a range of Xeon Celeron processors, among others. Image: Intel

Previous and related coverage

Researchers say Intel’s Management Engine feature can be switched off

Updated: Researchers have shown how Intel’s all-powerful Management Engine in its CPUs could be disabled.

MINIX: Intel’s hidden in-chip operating system

Buried deep inside your computer’s Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It’s slow, hard to get at, and insecure as insecure can be.

Shore up your defenses: Budget extra for an IT audit in 2018 [Tech Pro Research]

With the odds of a data breach on the rise, companies should consider increasing their IT audit budget for 2018. Auditors can spot and help remedy security holes that may have been overlooked.

Read more about Intel and security

Henry Sapiecha

Australia likely to get its own GDPR

Everyone in the Australian cybersecurity ecosystem has a role to play to ensure the security of the nation, according to Nationals Senator Bridget McKenzie.

The mandatory data breach notifications laws coming into effect in Australia next year will be followed by other laws to ensure everyone in the digital ecosystem — including government divisions, large corporates, small to medium-size enterprises (SMEs), and consumers — are playing their role in keeping Australia “cyber secure”, according to Senator Bridget McKenzie.

McKenzie, who is the chair of the Foreign Affairs, Defence, and Trade Legislation Committee, likened cyber breaches to the “system of disease in the pre-industrial revolution that just swept through”.

“Cyber breaches have the capacity to wipe out industries, wipe out systems, wipe out communities, if every member of that community or that cyber ecosystem isn’t following best practice when it comes to keeping their information secure,” McKenzie told ZDNet at the Australian Computer Society’s Reimagination Thought Leaders’ Summit.

“It’s not just defence’s job or ASIO’s or DSTO’s or the government’s indeed, but every SME and private homeowner needs to have an eye for cybersecurity, making sure their data’s safe.”

McKenzie said mandatory data breach notifications laws, set to come into effect next year, is a step towards keeping organisations alert and accountable, with other laws expected to be introduced in Australia in the upcoming years, possibly similar to those coming into effect next year in the European Union.

The European Union’s (EU) General Data Protection Regulation (GDPR) will require organisations around the world that hold data belonging to individuals from within the EU to provide a high level of protection and explicitly know where every piece of data is stored.

Organisations that fail to comply with the regulation requirements could be fined up to €20 million, or, in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year — whichever is higher.

“No longer can you say, ‘Oh I’ll leave it to someone else because the flow-on effects, the interconnectedness, the Internet of Things, is such that if one member of that web, if you like, has a security breach, it has flow-on effects for everybody involved,” McKenzie said.

Additionally, Australians need to have the confidence that they can share private information such as their health details and not have it end up in the public sphere, otherwise the nation will not be able to experience the full benefits of technology, McKenzie said.

Shadow Minister for the Digital Economy Ed Husic said, however, that the government has a long way to go in building that confidence, given 50,000 Australians have been affected by a government data breach that occurred in October. He noted that the breach was not a technological error, but a human error.

“How do we build consumer or citizen confidence about protection of privacy?” Husic said. “50,000 people were affected by a data breach across government, releasing details of passwords and credit cards. It’s not all tech related … people often blame tech for this. It’s people and the way that they use data and it’ll be interesting to see the details that come out on this in the next few days.”

“This data breach occurred back in October, no public explanation of it, no detail about what was known, what was being done to fix it. If we want people to be confident that data is being used well by government, then the government’s got a long way to go to build that confidence.”

Husic added that the government needs to lead by example; it should be notifying the public about data breaches if it wants businesses to do the same.

“[The government’s] got to do some things itself. And you can’t lecture business about getting focused on cybersecurity if you’re losing your own moral authority … because you’re not looking after data within your own batch,” he said.

McKenzie believes in Australia’s growing status as a cybersecurity hub, saying that the nation is equipped with the right expertise in this area. She added that Australia is in the process of creating a strong cybersecurity industry capable of exporting.

“Our law enforcement and intelligence agencies are world-class. We’re also part of Five Eyes, which means we have a lot of access to information and technology and collaboration opportunities,” she said. “We lead the world in quantum computing … and it [has the] potential to contribute further to security of data and security of communications particularly in the intelligence and defence spheres.

“We’ve really got some technical expertise, but also I think a richness around governance frameworks and excellence in regulatory frameworks that can also assist other governments and other organisations worldwide to understand best practices in the area.”

In September, Ambassador for Cyber Affairs Dr Tobias Feakin communicated a similar sentiment, saying Australia has an international standing in cybersecurity, and brings “key qualities” to the table.

Australia has also played a role in the creation of international peacetime norms for cyberspace, including chairing the first United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) in 2013, and helping develop the 11 international norms agreed to in subsequent UN GGE meetings.

“We have regional knowledge beyond most. We have a trusted diplomatic brand, and that’s something that we intend to capitalise on. We have strategic and economic interests in the region. And we have long-standing development partnerships across the region already,” Feakin said at the second annual SINET61 conference in Sydney.

“We need to capitalise on those, make the most of them. Not just for us as a government, [and] for regional partners as well, but also for our private sector … We see this issue as central to our economic future,” he said.

“It’s only this year that it’s just reached the point, of tipping over, to 50 percent of all internet users living in the Asia-Pacific. But really, still, there’s huge economic growth to unravel there, because still 60 percent of all households don’t have internet coverage.”

Last month, launching the International Cyber Engagement Strategy, Foreign Minister Julie Bishop said that for the purpose of national security, cyberspace cannot be an ungoverned space.

“Just as we have international rules that guide how states behave, and how states should behave towards each other, the international rules-based order that’s been in place for about 70 years, so too must states acknowledge that activities in cyberspace are governed by the same set of rules as military and security activities in traditional domains,” Bishop said in October.

“The 2016 US presidential election focused the world’s attention on the potential for cyber operations to interfere with democratic processes. This cannot be allowed to continue. It strikes at the very heart of the sovereignty of nations.”

According to the International Cyber Engagement Strategy, Australia will develop an international “architecture for cooperation” including mechanisms to respond to unacceptable behaviour in cyberspace in a timely manner.

“Australia’s responses to malicious cyber activity could comprise law enforcement or diplomatic, economic, or military measures as appropriate for the circumstances. This could include, but is not restricted to, offensive cyber capabilities that disrupt, deny, or degrade the computers or computer networks of adversaries,” the strategy states.

The strategy also implies that the nation has the capability to identify the source of cyber attacks.

“Depending on the seriousness and nature of an incident, Australia has the capability to attribute malicious cyber activity in a timely manner to several levels of granularity — ranging from the broad category of adversary through to specific states and individuals,” the strategy states.

In September, the federal government pledged AU$50 million over seven years for the cybersecurity cooperative research centre (CRC), with over AU$89 million in further funding to come from 25 industry, research, and government partners.

The cybersecurity CRC will deliver solutions to increase the security of critical infrastructure, the government said at the time, which includes “frameworks, products, and approaches that will service existing and future ICT enterprises across a broad range of platforms and operating systems”.

Assistant Minister for Industry, Innovation and Science Craig Laundy said the activities of the cybersecurity CRC will contribute to the objectives laid out in Australia’s AU$240 million Cyber Security Strategy, which is aimed at defending the nation’s cyber networks from organised criminals and state-sponsored attackers.

Related Coverage

Just one day after its release, iOS 11.1 hacked by security researchers

The bugs were found in Apple’s Safari web browser.

With a physical key, Google says it can protect you from nation-state hackers

When two-factor doesn’t cut it against the most sophisticated adversary, Google thinks it has an answer.

IoT security: Keeping users on their toes means staying on yours

IoT has introduced new vulnerabilities that can put your network at risk. Providing users with ongoing security training — and examples that relate to their work — will help keep your data safe.

Hacking group targets banks with stealthy trojan malware campaign

Stolen credentials are used to launch attacks which include the ability to stream live video of the screens of infected users.

This destructive wiper ransomware was used to hide a stealthy hacking campaign

“ONI” ransomware deployed on hundreds of machines in an effort by attackers to cover tracks of “Night of the Devil” campaign — which exploited leaked-NSA exploits.

www.scamsfakes.com

www.crimefiles.net

Henry Sapiecha

Malaysia data breach compromises 46.2M mobile numbers

Suspected to have originated from a 2014 attack, the breach is estimated to affect 46.2 million mobile numbers and compromise data such as home addresses and SIM card information.

A massive cybersecurity breach is reported to have compromised personal data of 46.2 million mobile numbers in Malaysia, exposing details such as home addresses and SIM card information.

The breach affected both postpaid and prepaid numbers as well as subscribers from all major mobile carriers in the country, including Maxis, Altel, Digi, and Celcom, according to Lowyat.net. The local website earlier this month said it received information that personal data linked to millions of Malaysians were being peddled online.

Apart from customer data from local telcos, it added that the information included those that belonged to various websites such as Jobstreet.com, Malaysian Medical Association, and Malaysian Housing Loan Applications. Leaked data from Jobstreet.com, for instance, contained the candidate’s login name, nationality, and hashed passwords.

Timestamps in the compromised data suggested that the breach occurred between 2014 and 2015, said Lowyat.

Commenting on the breach, Darktrace’s Asia-Pacific managing director Sanjay Aurora said such “low and slow” attacks could lay stealthily in networks for years without anyone noticing. He added that traditional defense tools would not be able to identify and block such attacks.

“Lateral movements are incredibly difficult to catch, with attackers spending an average of 260 days in a network before striking,” Aurora explained. He pointed to the need for machine learning tools that could learn on-the-job and dynamically tweak its analysis based on new information.

“Alongside this, there needs to be a cultural change,” he added, stressing the need to stop victim-blaming so businesses would not fear coming forward.Lowyat

Lowyat said it had handed the information to industry regulator, Malaysian Communications And Multimedia Commission, which later released a statement confirming it was investigating the incident.

According to local reports, Communications and Multimedia Minister Datuk Seri Salleh Said Keruak said the police also was involved in the investigation.

Malaysia has a population of some 31.2 million, so some subscribers likely will hold more than one compromised mobile number. The report added that the list may contain inactive numbers as well as temporary ones issued to visitors to the country.

Henry Sapiecha

Huge Locky ransomware campaign sends 23M messages in 24 hours

Locky ransomware is making a comeback, with one of the largest attacks this year. Here’s how to protect your business.

www.scamsfakes.com

White smudge letter background with metal folder icon and red skull filled with random letters ransomware concept 3D illustration

Earlier this week, a Locky ransomware campaign sent more than 23 million messages out across the US in one of the largest attacks in the second half of 2017, according to a post from AppRiver.

Ransomware dominated the cyberthreat landscape in 2016, increasing more than 600% over the year before, with Locky attacks leading the way. As noted by ZDNet, at the start of 2017 distribution of Locky sharply declined, with Cerber variants taking its place.

But Locky made a comeback in recent months, and this massive attack shows just how dangerous it can be. On Monday, just as many US workers were arriving to their offices, the malicious email campaign began inundating their inboxes. The malware traffic spike began that morning just after 7 a.m. CST, the post noted.

The emails in the attack were “extremely vague,” Troy Gill, manager of security research at AppRiver, wrote in the post. They included subject lines such as “please print,” “documents,” “photos,” “images,” “scans,” and “pictures.”

SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

Each message included a ZIP attachment that contained a Visual Basic Script (VBS) file nested inside a secondary ZIP file, the post say. When a user clicks on it, the VBS file starts a downloader that reaches out to “greatesthits[dot]mygoldmusic[dotcom]” to pull the latest Locky ransomware.

After that, Locky begins encrypting all files on the user’s machine, and adding [.]lukitus to those encrypted files.

Once the victim’s files have all been encrypted, the attackers change their desktop background to an image with instructions for decryption. They also place an HTM file named “Lukitus[dot]htm” on the desktop.

Then, the victim is instructed to install a TOR browser, and is provided a Darkweb site to pay 0.5 Bitcoins, or about $2,150. Once the payment is made, the attackers promise to redirect the victim to the decryption service.

This attack is still occurring, the post noted. On Monday, AppRiver had quarantined more than 5.6 million messages in the campaign. And there currently are no publicly shared methods to reverse this Locky strain, Gill wrote.

AppRiver recommends the following tips to protect your computer from ransomware attacks:

1. Run regular software and hardware updates. These updates often contain security patches to holes that ransomware and other malware variants exploit. Automatic software updates are the best option, but if not possible, then you should set up alerts for the newest updates. You should also set a max number of times they can “snooze” the alert.

2. Have layered, redundant security in place. Ransomware is often delivered via an email attachment or malvertisement on the web. By having email and web protection, you can prevent ransomware from ever entering your network.

3. Back up your files. A secure backup allows you to rid your network of malware and then restore your files, so you don’t have to pay a criminal and hope he keeps his word to un-encrypt your data.

For more tips on how to avoid and mitigate ransomware attacks, click here

www.scamsfakes.com

Henry Sapiecha

The top 10 extremely destructive ransomware attacks of 2017, to date

Ransomware variants NotPetya, WannaCry, and Locky are among those that wreaked havoc for businesses worldwide this year.

 

Laptop in a dark room with red skull and crossbones on glowing binary code screen background

www.scamsfakes.com

Ransomware continues to dominate the cybersecurity landscape in 2017, with businesses large and small paying millions of dollars to unlock encrypted files. These attacks appeared in 64% of all malicious emails sent in Q3, and with major successful campaigns such as NotPetya and WannaCry, show no signs of slowing down, according to a new report from security firm Webroot, released Tuesday.

“This past year was unlike anything we’ve ever seen,” David Dufour, vice president of engineering and cybersecurity at Webroot, said in a press release. “Attacks such as NotPetya and WannaCry were hijacking computers worldwide and spreading new infections through tried-and-true methods. This list is further evidence that cybercriminals will continue to exploit the same vulnerabilities in increasingly malicious ways. Although headlines have helped educate users on the devastating effects of ransomware, businesses and consumers need to follow basic cybersecurity standards to protect themselves.”

Here are the top 10 worst ransomware attacks of 2017 so far, according to Webroot:

1. NotPetya

NotPetya started as a fake Ukranian tax software update, and went on to infect hundreds of thousands of computers in more than 100 countries over the course of just a few days. This ransomware is a variant of Petya, but uses the same exploit behind WannaCry. It hit a number of firms in the US and caused major financial damage: For example, the attack cost pharmaceutical giant Merck more than $300 million in Q3 alone, and is on track to hit that amount again in Q4.

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

2. WannaCry

WannaCry (also known as WannaCrypt) has been one of the most devastating ransomware attacks in history, affecting several hundred thousand machines and crippling banks, law enforcement agencies, and other infrastructure. It was the first strain of ransomware to use EternalBlue, which exploits a vulnerability in Microsoft’s Server Message Block (SMB) protocol.

3. Locky

Locky is currently the top payload in terms of ransomware and across all malware families, according to a report from security firm Proofpoint. While Locky was 2016’s most popular ransomware strain, new variants called Diablo and Lukitus also surfaced this year, using the same phishing email attack vector to initiate their exploits.

4. CrySis

CrySis—typically spread by hacking into Remote Desktop Services and manually installing the ransomware—started last year in Australia and New Zealand. RDP is one of the most common ways to deploy ransomware, Webroot noted, because cybercriminals can compromise administrators and machines that control entire organizations. In May, some 200 master keys were released allowing victims to decrypt and unlock their systems, ZDNet reported.

5. Nemucod

The Nemucod ransomware family has been active since at least 2015, and arrives in the form of a phishing email that appears to be a shipping invoice. Then, it downloads malware and encryption components stored on compromised websites.

SEE: End user data backup policy (Tech Pro Research)

6. Jaff

Jaff arose in May 2017, and heavily mimics tactics used by Locky. It uses the Necurs botnet to send millions of spam emails to targets globally over just a few hours, and demands victims pay 1.79 Bitcoins—currently more than $6,000.

7. Spora

Spora ransomware is distributed when cybercriminals hack legitimate websites and add JavaScript code, making a pop-up alert appear that prompts users to update their Chrome browsers. Upon infection, the ransomware can steal credentials from victims, making money from both extorting ransoms and potentially selling the stolen information, as ZDNet noted.

8. Cerber

Cerber uses ransomware-as-a-service to allow non-technical cybercriminals to extort payments from victims, with the developers of the malware taking a cut of the money gained.

9. Cryptomix

Cryptomix is one of the few types of ransomware that does not have a type of payment portal available on the dark web, the report noted. Instead, victims must wait for the cybercriminals who locked their machine to email them instructions for payment in Bitcoin.

10. Jigsaw

Jigsaw, first seen in 2016, embeds an image of the clown from the Saw movies into a spam email. When the user clicks it, the ransomware encrypts their files, but also deletes files if the user takes too long to make the ransom payment of $150, according to Webroot.

To learn more about how your business can avoid ransomware attacks like these, click here.

MORE STUFF TO KNOW BELOW ABOUT SCAMS & RANSOMWARE

www.scamsfakes.com  

Henry Sapiecha

NATIONAL AFFAIRS 150 Australian jihadis pose terror threat if they return home: Julie Bishop

ABOUT 150 Australians are, or have been, fighting with Arab insurgents & Muslim Extremests in Syria and Iraq and pose a security threat if they return home, says Julie Bishop.

DO NOT ALLOW PEOPLE BACK INTO AUSTRALIA WHO CARRIED OUT ATTROCITIES IN SYRIA & IRAQ

The Foreign Minister’s warning came amid evidence convicted terrorist Khaled Sharrouf, who fled Australia earlier this year, has joined the Islamic State of Iraq and al-Sham’s uprising in northern Iraq.

As ISIS militants battle with Iraqi government troops, The Australian today revealed that Sharrouf — who left for Syria using his brother’s passport — was thought to be among the thousands of ISIS fighters swarming threatening Baghdad.

Intelligence agencies told Ms Bishop this morning that the cohort of about 150 Australian fighters “in Syria and beyond” initially supported “more moderate opposition groups” but are increasingly turning to “more extreme” groups such as ISIS.

“These are brutal people (in ISIS). The executions and the killings and their boasting of it on social media makes this a particularly virulent form of terrorism,” Ms Bishop told ABC Radio after the briefing.

“These people are so extreme that al-Qa’ida is even distancing itself from them.

“I had an intelligence briefing from our agencies this morning and our best estimate is that there are about 150 Australians … who have been or are still fighting with opposition groups in Syria and beyond.”

AUSSIE JIHADI: Joins Iraq conflict

ACTION: Calls to revoke radicals’ citizenship

Ms Bishop said she had cancelled numerous Australian passports belonging to suspected extremists and Australian intelligence agencies were working with regional partners to counter the threat posed by the fighters’ return.

“We are concerned that Australians are working with (these militants), becoming radicalised, learning the terrorist trade, and if they come back to Australia of course it poses a security threat and we’re doing what we can to identify them.”

Ms Bishop said it was an offence under Australian law to take part on either side of the Iraqi conflict, or support a listed terrorist organisation such as ISIS, with penalties of up to 25 years’ jail.

Tony Abbott said he was making preparations to ensure the safety of Australian personnel in Baghdad, should the Iraqi capital be attacked.

“It is a dangerous and difficult situation. You have a terrorist army consolidating its hold over a large swath of Iraq and Syria with the intention presumably of creating a terrorist state with dangerous and unpredictable consequences for the region and for the wider world,” Mr Abbott said.

“We are redoubling our vigilance at our borders to try to ensure that jihadists do not gain access to our country or are monitored if they have the right of access to this country.”

Immigration Minister Scott Morrison said he was able to cancel the visas of permanent residents suspected of fighting overseas, just as he cancelled the visa of Rebels Motorcycle Club president Alex “The Maltese Falcon” Vella last week.

“I’m not going to comment on any specific cases for obvious reasons, but Australians should know this — they’ve seen my decision in relation to another matter, Mr Vella, and they know what I do on character grounds more generally; so they’ll know I will act when I need to act, every time,” he told ABC TV.

Labor’s foreign affairs spokeswoman Tanya Plibersek described returning Australian fighters as a “very serious risk’’, and says she supports government efforts to stop the threat.

Overseas fighters returned well trained, radicalised, and with a “sick sort of street cred’’, she said.

“That allows them to convince other impressionable young people that perhaps going to fight is a good idea, or perhaps committing crimes here in Australia might be a good idea,’’ she said.

Ms Bishop, who has announced $5 million aid for refugees fleeing ISIS’s advance, conceded the Western and Iranian-backed government of Shia prime minister Nouri al-Maliki was “not a good” administration.

“It is the only government in place in Iraq at present. It’s not a good one and the problems between the Sunnis and the Shias are exacerbated by his manner of excluding them from the government.

“He’s now calling for national unity — that’s a start — we need to see a political solution because a military solution could be catastrophic.”

In the wake of authorities failing to stop Sharrouf from leaving Australia, the Independent National Security Legislation Monitor, Bret Walker SC, said there should be reporting requirements for those convicted of terror offences, and an associated national database established.

As The Australian reported in May, Sharrouf travelled to Syria with fellow Australian Mohamed Elomar, who is also believed to be fighting with ISIS. Elomar is the nephew of Mohamed Elomar, one of the ringleader’s of the 2005 Pendennis conspiracy. Sharrouf and Elomar Sr were convicted in the Pendennis trial. Sharrouf served three years and 11 months in jail for his role in the conspiracy, which saw 18 people convicted over a plot to attack targets in Sydney and Melbourne.

Before fleeing Australia, Sharrouf was facing charges relating to alleged weapons offences committed last year. His friends and family denied any knowledge of him fighting with ISIS, and claimed a Facebook account detailing Sharrouf’s activities in Iraq was a fake.

Additional Reporting: Paul Maley and Mark Schliebs

www.crimefiles.net

Henry Sapiecha

Malcolm Turnbull and Benjamin Netanyahu witness MOU on defence industry co-operation Australia & Israel

Jerusalem: The prime ministers of Australia and Israel have shared a warm bearhug and pledged deeper cooperation on cyber-security in the fight against global terror threats.

Mr Turnbull arrived in Jerusalem on Monday afternoon, local time, on a trip that had been delayed and truncated by the political fallout from the High Court’s dual citizenship ruling.

But there was no ill feeling on show at Benjamin Netanyahu’s headquarters, where he was welcomed by the Israeli prime minister pronouncing him “mishpacha” – family.

“Malcolm you are a true friend of Israel,” Mr Netanyahu said. “Our two nations understand each other in the deepest sense… and your personal commitment to Israel is absolutely clear.”

Mr Turnbull said it was a “long schlepp” from Australia but “it feels like family”.

“We are all fighting together against militant Islamist terrorism,” he said. “It’s a threat to Israel, it’s a threat to Australia and it’s a threat to all who value and cherish freedom.”

After two hours of meetings, including a one-on-one discussion then an official bilateral, the men witnessed the signing of a new memorandum of understanding on defence industry co-operation.

Mr Turnbull said they had spoken at length on the Islamist terror threat, and the role of technology in both enabling and fighting against it.

The prime ministers of Australia and Israel shared a warm bearhug and pledged deeper cooperation on cyber-security Photo: Dan Peled

Technology has “empowered individuals who seek to do us harm”, he said, and cyber security was more important than ever.

Israel is considered a cyber warfare superpower, alongside the US, Russia, China and the UK.

It accounts for 10 per cent of global sales of computer and network security technology.

But it also has significant offensive powers.

In October it emerged that in 2015 an Israeli security agency hacked into Russian antivirus firm Kaspersky, which enabled it to watch Russian spies as they worked to infiltrate sensitive US networks.

Israel was reported to have used cyber weapons to spy on the Iran nuclear negotiations in 2014 and 2015.

And Israel was reportedly behind the Stuxnet virus, dubbed the world’s first digital weapon, which was used to disrupt Iran’s uranium enrichment plants.

Last year Mr Turnbull announced a $230 million cyber security strategy, which would include an offensive capability to launch pre-emptive attacks on ‘cyber raiders’.

Mr Turnbull said Monday’s agreement would lead to closer collaboration between the two countries on cyber security.

“It is vitally important that we work more closely together, more of the time, to keep our people safe from terrorism,” he said.

A particular problem was the encrypted apps that terrorists used to communicate in secret, he said.

“We look forward to deeper collaboration on defence, particularly in the cyber domain,” he said.

After the meeting Mr Turnbull told media the two men had also discussed the Iran nuclear deal, which Israel opposes but Australia supports.

It has recently come under pressure from the US, where president Trump has disavowed but so far not scrapped the agreement.

Mr Turnbull said Australia “absolutely understand Israel’s very real concerns and anxieties about Iran moving to a nuclear weapons capability but we are not persuaded that moving away from the agreement … would be beneficial in preventing that type of proliferation.”

Asked on the state of domestic politics, Mr Turnbull denied it was in a state of turmoil after the High Court decision.

“The business of government goes on,” he said. “It’s business as usual.”

Asked if he’d had enough with politics, Mr Turnbull responded “I’ve never had more fun in my life.”

Henry Sapiecha

New USA Federal Requirements On Cellphone Surveillance

WASHINGTON (AP) — Federal law enforcement officials will be routinely required to get a search warrant before using secretive and intrusive cellphone-tracking technology under a new Justice Department policy announced Thursday.

The policy represents the first effort to create a uniform legal standard for federal authorities using equipment known as cell-site simulators, which tracks cellphones used by suspects.

It comes amid concerns from privacy groups and lawmakers that the technology, which is now widely used by local police departments, is infringing on privacy rights and is being used without proper accountability.

“The policy is really designed to address our practices, and to really try to promote transparency and consistency and accountability — all while being mindful of the public’s privacy interest,” Deputy Attorney General Sally Yates told reporters in announcing the policy change.

The policy applies only to federal agencies within the Justice Department and not, as some privacy advocates had hoped, to state and local law enforcement whose use of the equipment has stirred particular concern and scrutiny from local judges.

The technology — also known as a Stingray, a suitcase-sized device — can sweep up basic cellphone data from a neighborhood by tricking phones in the area to believe that it’s a cell tower, allowing it to identify unique subscriber numbers. The data is then transmitted to the police, helping them determine the location of a phone without the user even making a call or sending a text message.

The equipment used by the Justice Department does not collect the content of communications.

Even as federal law enforcement officials tout the technology as a vital tool to catch fugitives and kidnapping suspects, privacy groups have raised alarms about the secrecy surrounding its use and the collection of cellphone information of innocent bystanders who happen to be in a particular neighborhood or location.

In creating the new policy the Justice Department was mindful of those concerns and also sought to address inconsistent practices among different federal agencies and offices, Yates said.

“We understand that people have a concern about their private information, and particularly folks who are not the subjects or targets of investigations,” Yates said.

The new policy requires a warrant in most cases, except for emergencies like an immediate national security threat, as well as unspecified “exceptional circumstances.” The warrant applications are to set out how the technology will be used.

In addition, authorities will be required to delete data that’s been collected once they have the information they need, and are expected to provide training to employees.

The policy could act as a blueprint for state and local law enforcement agencies in developing their own regulations. But it’s unclear how broad an impact Thursday’s announcement will have, since it does not directly affect local police agencies unless they’re working alongside federal authorities on a case or relying on their assistance.

Use of the technology has spread widely among local police departments, who have been largely mum about their use of the technology and hesitant to disclose details — often withholding materials or heavily censoring documents that they do provide.

Local departments have faced scrutiny from judges about how they deploy the equipment, though agencies have often insisted that non-disclosure agreements with the FBI limit what they can say.

The FBI has said that while specific capabilities of the equipment are considered sensitive, it did not intend for the agreements to prevent the police from disclosing to a court that the equipment was used in a particular case. Yates said she expected the FBI to revise any such agreements to be more transparent.

The American Civil Liberties Union called the policy a good first step, but expressed disappointment that it did not cover federal agencies outside the Justice Department or local police who use federal funds to purchase the surveillance equipment. It called on the Justice Department to close remaining loopholes, such as the one allowing for warrantless surveillance under undefined “exceptional circumstances.”

“After decades of secrecy in which the government hid this surveillance technology from courts, defense lawyers, and the American public, we are happy to see that the Justice Department is now willing to openly discuss its policies,” ACLU lawyer Nathan Freed Wessler said in a statement.

Nate Cardozo, a staff attorney with the Electronic Frontier Foundation, a privacy group, praised the policy as an important step, though he said he suspected Justice Department attorneys saw “the writing on the wall” and recognized that judges would increasingly begin requiring warrants.

Though the policy does not require local police to follow the lead of federal agencies, “this is going to let the air out of state law enforcement’s argument that a warrant shouldn’t be required.”

“We think that given the power of cell-site simulators and the sort of information that they can collect — not just from the target but from every innocent cellphone user in the area — a warrant based on probable cause is required by the Fourth Amendment,” Cardozo said.

Henry Sapiecha