Monthly Archives: September 2016

Courts gave Hacker who gave Isis ‘hitlist’ of US targets 20 years in prison

Do the crime do the time.Good to see.Let this be an example of what the courts can, will & do do to these masked ISIS cowardly terrorists & their support groups. These lessons should be learned by all who deliberately or inadvertently create danger to a country & its people or threaten national security.

internet-hacker image

Ardit Ferizi struggles to explain why he sent extremist group the details of hundreds of US government and military officials

Ardit Ferizi, a 20-year-old native of Kosovo, is the first person convicted in the US of both computer hacking and terrorism charges Photograph: Dominic Lipinski/PA

A hacker who helped Islamic State by providing the names of more than 1,000 US government and military workers as potential targets was sentenced on Friday to 20 years in prison.

The sentence was much higher than the six-year term sought by defense lawyers, who argued their client, Ardit Ferizi, meant no real harm and was not a true Isis supporter.

“He was a nonsensical, misguided teenager who did not know what he was doing,” said public defender Elizabeth Mullin. “He has never embraced Isil’s ideology.”

Ferizi, a 20-year-old native of Kosovo who was arrested last year in Malaysia, is the first person convicted in the US of both computer hacking and terrorism charges. He admitted hacking a private company and pulling out the names, email passwords and phone numbers of about 1,300 people with .gov and .mil addresses. Isis published the names with a threat to attack.

At Friday’s sentencing hearing, Ferizi struggled to explain why he did it, when asked directly by US district judge Leonie Brinkema for an explanation. He said that it all happened very quickly.

“I feel so bad for what I did,” he said. “I am very sorry for what I did, making people feel scared.”

Prosecutors asked for the maximum sentence of 25 years.

Assistant US attorney Brandon Van Grack said: “The defendant’s conduct has indefinitely put the lives of 1,300 military members and government workers at risk.”

He disputed the idea that Ferizi’s crime was a whim. Before turning over the names to the “Islamic State hacking division” last year, he operated a website devoted to propagating Isis propaganda. In online conversations, Ferizi defended Isis, and when he gave the 1,300 identities to the group, he knew he was putting them in would-be terrorists’ crosshairs, Van Grack said.

“This was a hitlist. The point was to find these individuals and hit them, to ‘strike at their necks’,” Van Grack said, mimicking the language Isis used when it published the names.

Van Grack quoted a letter from one of the victims, who said she had an easily identifiable name and was now nervous when she interacted with Muslims, something she felt guilty about. And Van Grack cited another terrorism case in northern Virginia, in which the defendant, Haris Qamar, allegedly used a hitlist, similar to the one Ferizi created, to stake out the homes of two neighbors in the town of Burke.

Mullin countered that nobody on the list has actually been harmed, and said much of the information Ferizi helped disseminate was publicly available anyway.

Court papers describe a difficult life for Ferizi, who was nominally raised as a Muslim and was just four years old when Nato airstrikes forced Serbian forces to withdraw from the territory, which subsequently became independent. Ferizi’s uncle was murdered and his father was kidnapped during the war, according to letters written by Ferizi’s family.

As a teenager, Ferizi got in trouble for hacking into Kosovar government databases, but he avoided jail. Ferizi went to Malaysia to study cybersecurity, but continued his hacking activities and developed worsening mental health problems, defense lawyers said.

He met an Isis recruiter on the internet while he was trying to expose online pedophiles, his lawyers said.


Henry Sapiecha

Yahoo data hacked – At risk are 500 million stolen account details

yahoo-logo image

Yahoo is the latest company to be embroiled in what is thought to be one of the largest cybersecurity breaches ever.

As data becomes more precious, especially to brands and publishers who are constantly trying to sift through the information to find pertinent monetisation strategies and more personalised user advertising, data security and privacy fears are already at an all time high.

Which is why a recent investigation by Yahoo, which confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by a “state-sponsored actor”, is nothing short of a PR nightmare.

It is becoming harder for brands and publishers to stay ahead of the ever-evolving online threats.

Based on the ongoing investigation, Yahoo say it believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is ‘currently’ in Yahoo’s network.

It’s working closely with law enforcement on this matter and the account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” a Yahoo spokesperson says.

It says it is notifying potentially affected users and is asking those who may be affected to change their passwords and adopt alternate means of account verification.

It recommends that all users who haven’t changed their passwords since 2014 to do this immediately and consider using Yahoo Account Key – an authentication tool that eliminates the need to use a password altogether.

“An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries,” a Yahoo spokesperson says.

“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”


Henry Sapiecha

High Risk Terrorist Offenders Bill under scrutiny

aust gov logo white on black

The Parliamentary Joint Committee on Intelligence and Security has reconvened for the 45th Parliament, electing Mr Michael Sukkar MP as Chair and the Hon Anthony Byrne MP as Deputy Chair and commencing work on a number of inquiries.

Criminal Code Amendment (High Risk Terrorist Offenders) Bill 2016

The Committee has commenced an inquiry into Criminal Code Amendment (High Risk Terrorist Offenders) Bill 2016, which was introduced into the Parliament on 15 September 2016.

The bill establishes a scheme for the continuing detention of high risk terrorist offenders at the conclusion of their custodial sentence. Measures in the bill include:

  • the Attorney-General can apply to the Supreme Court of a State or Territory for a continuing detention order during the last six months of the sentence of a ‘terrorist offender’,
  • a ‘terrorist offender’ is a person convicted of certain terrorist offences against the Criminal Code and serving a sentence of imprisonment for the offence,
  • the Supreme Court may make an order if satisfied to a high degree of probability that the offender poses an unacceptable risk of committing a ‘serious Part 5.3 offence’ [terrorist offence] if released,
  • under a continuing detention order a ‘terrorist offender’ is committed to detention in a prison for the period the order is in force, which can be up to three years,
  • a continuing detention order must be reviewed by the Court at least annually,
  • the continuing detention of minors is not permitted, and
  • an interim detention order of up to 28 days may be made by the Court in circumstances where an offender will be released before the application for a continuing detention order has been determined, and consecutive interim orders may be granted for up to three months.

The Committee invites submissions to the inquiry. Please email the Secretariat at by Friday 23 September 2016 if you intend to make a submission. Submissions are requested no later than Wednesday, 12 October 2016.

A public hearing will be held on Friday, 14 October 2016. The Committee has been asked to report by 4 November 2016.

Further information about the inquiry can be accessed via the Committee’s website at The Bill and Explanatory Memorandum can be accessed via

Declaration of Islamic State as a declared terrorist organisation under the Citizenship Act

The Committee has commenced a review of the declaration of Islamic State as a ‘declared terrorist organisation’ under section 35 of the Australian Citizenship Act 2007. This is the first time an organisation has been declared under the Act.

Section 35 of the Australian Citizenship Act 2007 provides that dual citizens aged over 14 years lose their Australian citizenship if they fight for, or are in the service of, a ‘declared terrorist organisation’ overseas.

Under section 35AA of the Citizenship Act, the Parliamentary Joint Committee on Intelligence and Security may review a declaration made by the Minister and report the Committee’s findings within the 15 sitting day parliamentary disallowance period.

Members of the public are welcome to make submissions to this review, which should be received no later than Friday, 7 October 2016.

The Minister’s declaration and supporting documentation are available on the Committee’s website.

Re-listing of six terrorist organisations under the Criminal Code

In its third inquiry, the Committee has commenced a review of the re-listing of Abu Sayyaf Group,
al-Qa’ida, al-Qa’ida in the Lands of the Islamic Maghreb, Jabhat al-Nusra, Jamiat ul-Ansar, and Jemaah Islamiyah.

Under section 102.1A of the Criminal Code, the Parliamentary Joint Committee on Intelligence and Security may review listings of terrorist organisations and report on the Committee’s findings within the 15 sitting day parliamentary disallowance period.

Members of the public are welcome to make submissions to this review. Submissions should be received no later than Friday, 7 October 2016.

Further information about these listings can be obtained from the Committee’s website.

Media enquiries: Chair, Mr Michael Sukkar MP (Deakin, Vic) on (03) 9874 1711 (Electorate office) or (02) 6277 4847 (Parliament House)


Henry Sapiecha

Scamming Ransomware network chalked up $121M in the 1st half of 2016

Healthcare and manufacturing companies are among the least prepared in preventing data loss, finds Intel’s McAfee Labs Threat Report, which reveals US$100,000 worth of hospital-targeted ransomware payments.

glowing-keyboard-hacker-security-620x465 image ransomware-attacks-synology-nas-devices image

A ransomware network appears to have chalked up US$121 million in payments over the first half of 2016 alone, as healthcare companies become hot targets due to their reliance on legacy systems.

A spate of ransomware attacks had been unleashed on hospitals early this year, with victims forking out some US$100,000 in payments to specific bitcoin accounts. While they still accounted for a comparatively small portion of overall ransomware targets, hospitals were among new verticals targeted by attack networks, according to Intel Security’s latest McAfee Labs Threat Report.

Researchers from the security vendor tracked a ransomware network that appeared to have receive bitcoin payments worth US$121 million from ransomware activities targeting several sectors. The distributor seemed to have chalked up profits of US$94 million in the first half of 2016 alone, the report stated.

Hackers split on ‘ethics’ of ransomware attacks on hospitals

Pointing to the increased focus on the healthcare sector, it noted that this industry’s dependence on legacy IT systems and medical devices with weak or no security as key reasons that made such companies targets. Furthermore, these organisations tapped third-party services that might be commonly used in the sector and needed immediate access to information to support patient care. These also made them hot targets for malicious attacks.

“Hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, vice president for Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”

He added that in addition to the manufacturing sector, the two industries provided significant opportunities for cybercriminals due to their weak defense mechanisms and complex environments. “Cybercriminals’ motive is ease of monetisation, with less risk,” Weafer said. “Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered, but you can’t change your most personal data or easily replace business plans, contracts, and product designs.”

The apparent compliance among healthcare and manufacturing companies might be due to the low frequency of attacks these sector experienced in the past, according to the McAfee survey. This, however, also meant the organisations made fewer investments in cybersecurity and had the least comprehensive data protection capabilities.

The report determined that retail and financial services companies had the most extensive protection against data loss, which was likely the result of the frequency of attacks targeting these sectors as well as the value of the data they held.

Across the board, more than 25 percent of respondents did not monitor data sharing and access involving sensitive employee or customer information. Some 37 percent did so, and this figure was a higher 50 percent where the largest organisations were concerned.

And while 90 percent had cloud security strategies, only 12 percent said they had visibility of data activities in the cloud.

Almost 40 percent had experience data loss involving physical media such as thumb drives, the report found, but only 37 percent used endpoint monitoring of user activities and physical media connections.

For the second quarter, McAfee Labs identified 316 new threats a minute with significant spikes in ransomware, mobile malware, and macro malware. Some 1.3 million new ransomware samples were recorded, the highest ever registered since the security vendor began tracking such threats.

Total ransomware climbed 128 percent in the quarter over the previous year, while macro malware increased 106 percent. New mobile malware reached a record high in the quarter, growing 151 percent year-on-year to hit nearly 2 million new samples.

New Trojans such as Necurs and Dridex fuelled more than 200 percent increase in new macro malware in the quarter.


Henry Sapiecha

Data-retention grants: Telstra gets $40m, Vodafone $29m, Optus $14m, NBN $1m

ISPs are being given 80 percent of their compliance costs, according to the attorney-general, under the government’s AU$128 million data-retention grants program.


Australian Attorney-General George Brandis has announced the recipients of its AU$128 million data-retention grant pool, with Australia’s largest telecommunications providers getting tens of millions of dollars in funding to comply with the federal government’s data-retention scheme.

Under the grants [PDF], Telstra is receiving AU$39.9 million; Vodafone Australia is receiving AU$28.8 million; Optus is receiving AU$14,8 million; Vocus and M2 — now one company — are receiving AU$3.4 million combined; MNF Group is receiving AU$3 million; TPG is receiving AU$2.2 million in combination with its now-subsidiary iiNet; Exetel is receiving AU$1.8 million; and the National Broadband Network (NBN) company is receiving AU$1,067,515.

Also receiving over AU$1 million are Broadband Solutions, with AU$2.2 million; Message4U, with AU$1.3 million; BigAir, with AU$1,042,666; and The Summit Group, with AU$1,032,000.

“Today, I am pleased to announce the outcomes of the AU$128.4 million Data Retention Industry Grants Programme,” Brandis said.

“The programme delivers on the government’s commitment to make a substantial financial contribution to service providers’ upfront costs of meeting their data-retention obligations, with particular emphasis on support for smaller providers.

“Most providers will receive a grant of 80 percent of their implementation costs … service providers will receive 50 percent of their grant immediately upon signing a funding agreement. This will help businesses on their path to compliance. The remaining 50 percent will be paid upon the completion of reporting requirements.”

The AU$128.4 million data-retention grants program, announced in January, was designed to cover the costs caused by upfront compliance with the newly passed data-retention legislation.

It has been divided between 180 ISPs, with the smallest amount being AU$10,000, received by ISP Arris, and the most received by Telstra.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the Australian government in March, came into effect last October. It will see customers’ call records, location information, IP addresses, billing information, and other data stored for two years by telcos, accessible without a warrant by law-enforcement agencies.

In April, small operators said they were continuing to do nothing about data-retention compliance due to the costs associated, according to Communications Alliance CEO John Stanton.

“Many service providers — particularly smaller operators — have told us that they are doing very little or nothing to build their compliance capabilities at the moment,” Stanton said at the time.

“Who can blame them — if they start investing in new systems now, without knowing how much of that investment will remain unfunded once the subsidies arrive, they are putting themselves at risk of bankruptcy.

“Other operators have been investing in compliance measures, but are doing so in an ongoing climate of uncertainty.”

Stanton on Monday afternoon welcomed the grants allocation announcement, saying the government has “done a reasonable job of apportioning the limited funds available”.

“Some of the larger players face heavy unfunded expenses to meet their compliance requirements,” he added, however.

“But the lengthy delay in finalising the grants process has put many services providers under immense pressure to complete, on time, the work to enable them to comply with this regime.

“The government should acknowledge that these delays have made compliance more difficult to achieve within the prescribed time frame.

“The Attorney-General should publicly commit that no action will be taken, come April next year, against any service provider that is genuinely working to comply with the regime, but has been disadvantaged by the slow pace of decision making.”

large loan application banners image (5)

Henry Sapiecha

Intel snaps up Movidius to create future computer vision, virtual reality tech

The deal may propel Intel further into next-generation technologies including VR, drones and artificial intelligence.

intel & mividius ceos together image


Intel has announced the acquisition of Movidius, a chip manufacturer focusing on developing next-generation computer sensing and vision technology.

San Mateo, California-based Movidius, which already counts Google and Lenovo as customers, develops sight capabilities for machines and PCs.

The company’s vision processing unit (VPU), the main shunt of the company, is a platform for on-device vision processing which works in tandem with Intel RealSense technology to give computer systems the capability to view 3D images, understand surroundings and objects, and then react accordingly.

This technology can be found within drones, security cameras, artificial intelligence and virtual reality, and as these industries develop, the potential use for such inventions will also increase.

The financial terms of the deal were not disclosed.

Remi El-Ouazzane, CEO of Movidius said in a blog post that Movidius will continue to focus on the “mission to give the power of sight to machines,” but the deal will give the firm’s development teams more resources to boost research and execute at scale.

The executive also revealed that Movidius has recently begun to focus on granting “sight” to low-power hardware, a complex task considering the use of sophisticated algorithms at the device level. At Intel, this challenge will continue, but cloud computing and networking will also be included in the project.

“When computers can see, they can become autonomous and that’s just the beginning,” El-Ouazzane commented. “We’re on the cusp of big breakthroughs in artificial intelligence. In the years ahead, we’ll see new types of autonomous machines with more advanced capabilities as we make progress on one of the most difficult challenges of AI: getting our devices not just to see, but also to think.”

In August, Intel revealed Project Alloy, a virtual reality headset which combines RealSense technology with battery power, allowing users to experience what Intel CEO Brian Krzanich called a “merged reality.”

Considering Movidius’ specialisation in power-limited devices and VR, the combination of both companies’ technology appears to be a solid fit — and that may only scrape the surface of what Intel plans for the new acquisition.

“We see massive potential for Movidius to accelerate our initiatives in new and emerging technologies,” said Josh Walden, Senior Vice President and General Manager of Intel’s New Technology Group. “The ability to track, navigate, map and recognize both scenes and objects using Movidius’ low power and high-performance SoCs opens up opportunities in areas where heat, battery life and form factors are key.”


Henry Sapiecha


Russian internet giant hacked, leaking a massive 98 million accounts

The internet giant stored passwords in unencrypted plaintext.

glowing-keyboard-hacker-security-620x465 image

Russian internet portal and email provider has become the latest victim in a growing list of historical hacks.

Breach notification site, which obtained a copy of an internal customer database, said the attack dates back to February 17, 2012.

More than 98.1 million accounts were in the database, including usernames, email addresses, social account data, and passwords, the group said in a blog post. Unlike other major breaches, those passwords were stored in unencrypted plaintext, meaning anyone at the company could easily see passwords.

The last time a breach on this scale was found using plaintext password storage was Russian social networking site, which saw 171 million accounts taken in the breach. now joins the hacked ranks of LinkedIn and in 2012, and MySpace and Tumblr in 2013.

LeakedSource said it had verified the breach, and has added the cache into its searchable database. is one of the largest websites in the world, and one of the most visited in Russia. Founded in 1996, the company provides search, news, email, and advertising, making it a powerhouse of the Russian internet. The company competes with Yandex, and (which also owns which made headlines for a second time this year for suffering at the hands of hackers again.

We reached out to prior to publication, but did not hear back. If that changes, we’ll update the piece.


Henry Sapiecha

Thousands of security threats happen every five minutes

hooded-hacker-with-laptop image

The pace at which businesses now find themselves operating has allowed for the files on a network to be encrypted and beyond an organisation’s reach in just five minutes.

In just five minutes, files on a company’s network can be encrypted and beyond its reach, according to Rik Ferguson, vice president of Security Research at Trend Micro.

Trend Micro has seen a lot of development around ransomware capabilities targeting businesses rather than consumers, Ferguson said during his keynote speech at Cloudsec Australia 2016 in Sydney on Thursday, with 1,800 new threats released out into the wild every five minutes.

Additionally, he said that more than 800,000 people are exposed to malicious URLs, exploit kits, phishing websites, malware, spam, and threats every five minutes, with almost 7,000 records on average being exposed in the same timeframe.

“Just so we can measure the speed of things, the fastest trains today … can reach top speed of about 450km/h. That means in five minutes, you can travel close to 40 kilometres. That’s an incredible distance to be able to go in a very, very short period of time,” Ferguson pointed out.

“It gives you an idea of really how short that time is. In five minutes, [aside from] propelling you across the surface of the earth, it can also result in a number of other things.

“If you were hit by a crypto ransomware attack, within five minutes, all of the files on your computer or the files, god forbid, on all of the computers on your network … can be encrypted and beyond your reach unless you paid criminals some money.”

Ferguson said that universities, corporations, individuals, and healthcare organisations are all being targeted by ransomware that is being developed with specific capabilities to target enterprise.

“Ransomware used to be a consumer thing that would go after your computer, your things, and encrypt all that knowing that if you wanted to get all the files back, you were going to pay the ransom,” he said.


“Over the course of the last calendar year, we saw 29 new families of ransomware, which was already a huge jump on the 13 in the year before that. In the first half of this year, we’ve already seen 79 new families of ransomware, which is a massive increase.”

He said that criminals are investing time, money, and expertise into creating new tools, tool kits, and delivery mechanisms to get ransomware out there, because “this stuff pays dividends”.

“One of the Trend Micro competitors out there, a startup, is offering a ransomware guarantee — but their guarantee is not you’ll never get hit by it; it’s that if you do get hit by it, they’ll pay the ransom for you. That’s a cybersecurity company offering to give money to criminals,” he said.

Over the last few years, Trend Micro has also seen an uptake in what Ferguson called business email compromise, or CEO fraud, which he said is a basic scam that pays criminals a lot of money.

“It’s really simple. It’s a criminal doing the research upfront, identifying the target organisation, looking at who fulfills which role, and then sending a fake email into that company or compromising a mailbox that belongs to an employee of that company,” he said.

“[The criminals] target an email of the right victim, quite often the CFO or someone responsible in the finance department of the business, with requests from a known colleague to pay outstanding money or wire transfer money to a third-party supplier, often abroad, who is fictitious.”


He said this practice has been hugely successful, with $2.3 billion lost to CEO compromise or fraud between 2013 and 2015, with an estimated 79 different countries being affected.

“A certain Australian government department, local council, lost over AU$200,000 to this scam by paying fake invoices. That’s AU$200,000 of your money, I guess, at the end of the day,” he said.

“Australia is not immune. You have the — I don’t know if it’s the good fortune or the misfortune — to speak one of the most simplest and widespread languages on the planet, and it’s the most-targeted language when it comes to cybercrime globally.”

Aside from being a VP with Trend Micro, Ferguson is also special adviser to Europol, project lead with the International Cyber Security Prevention Alliance, vice chair of the Centre for Strategic Cyber Security and Security Science, and an advisor to various UK government technology forums.

Also speaking at Cloudsec Australia 2016, Timothy Wallach, Supervisory Special Agent Cyber Taskforce with the FBI, said the two most significant increases the FBI has seen over the last couple of years has been ransonware or extortion, and business email compromise.

“This is probably the reason why we are seeing a decrease in the number of records stolen, because these schemes are much easier to monetise than compromising a network, stealing information, getting it to the dark web, and eventually on an online market,” he said.

When it comes to consumer ransomware, Wallach said the requested amount is somewhat affordable, at around $450 to $500. However, this is a lot different in an enterprise environment, as the ransom is usually based on the number of endpoints or the servers that are compromised.

“If an organisation has 30,000 endpoints in its network and potentially that many endpoints have been struck with ransomware, it’s generally 30,000 times one bitcoin,” he said.

“The FBI does not recommend paying your ransom. That’s a business decision an organisation has to make.

“When organisations pay ransom, they’re involved in the criminal activity. It’s encouraging the scheme to continue.”

Additionally, Wallach highlighted that paying a ransom does not always mean that you are left with a clean system, or that everything an organisation had initially lost has been recovered.

“Whatever infected your organisation in the first place is still there,” he said. “What we do recommend is prevention, business continuity, and remediation.


Henry Sapiecha

Dropbox hack leaks 68 million usernames and passwords

A hack way back from 2012 reportedly resulted in the breach of far more user information than previously believed.


dropbox-logo image

Wait, how many accounts were affected by a 2012 hack on Dropbox? About 68 million, according to multiple reports.

Back in 2012, Dropbox disclosed that a hacker had accessed its internal systems and accessed a list of user email accounts. It didn’t say the list included passwords.

Now Motherboard, security expert Troy Hunt, and online leak-tracker LeakedSource have each reported they reviewed stockpiles of account information from Dropbox. The account information includes emails as well as passwords, which are encrypted.

Dropbox head of trust Patrick Heim confirmed in a statement that the usernames and passwords were from mid-2012. The company said all customers who haven’t updated their passwords since that time period have been required to change their passwords.

Heim also reminded users that they should think about whether they reused their Dropbox passwords in other accounts.

“While Dropbox accounts are protected, affected users who may have reused their password on other sites should take steps to protect themselves on those sites,” Heim said in a statement.


Henry Sapiecha