Category Archives: COMPUTER CRIMES

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.

WannaCry researcher denies in court about creating banking malware

The security researcher rose to fame for curbing the spread of the WannaCry ransomware recently

A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware.

Marcus Hutchins, 22, said he was not guilty during a hearing at a Las Vegas court after he was arrested and detained earlier this week.

The news was confirmed by his attorney Adrian Lobo, speaking on Facebook Live to local reporter Christy Wilcox, at the court house.

Hutchins was granted bail on a bond of $30,000 during a hearing at a Las Vegas court.

But he will “not be released today lawyers says could not get bail in time,” according to Wilcox in a tweet.

He will not be allowed access to devices with an internet connection, said Wilcox, and he will be tagged to be monitored at all times.

Hutchins, also known as @MalwareTechBlog, stormed to fame earlier this year after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware in May.

By registering a domain found in the code, he stopped the spread of the malware.

The Justice Department announced Thursday that it was charging Hutchins with malicious activity, unrelated to the WannaCry cyberattack.

The security researcher, a British native, was arrested shortly before boarding a flight home. He had been attending the Def Con security conference late last month. He was briefly detained in a federal detention facility in Nevada, then later questioned by the FBI at its field office in Las Vegas.

Hutchins was later indicted, along with an unnamed defendant, on six charges relating to allegations that he created the Kronos malware, a trojan that can steal banking usernames and passwords from victims’ computers.

He was also charged with five other counts, including wiretapping — thought to relate to the interception of passwords; and violating the controversial Computer Fraud and Abuse Act, which serve as the basis of US hacking laws.

Hutchins will appear at a court in Wisconsin, where the case was filed, on August 8.

Developing… more soon. www.crimefiles.net

Henry Sapiecha

Phishing, sophisticated attacks most troubling to IT security pros

Staffing, training, budget shortfalls impact ability to protect organization.

black-hat-attendee-survey-graphic-2016 image www.intelagencies.com

www.scamsfakes.com

www.crimefiles.net

IT security professionals fear phishing and sophisticated attacks the most, but worry that staffing, training and budget shortfalls will hinder their ability to protect their organizations.

Adding to the anxiety, 72% of respondents said they felt it is likely their organizations would face a major data breach in the next 12 months. Fifteen percent said they had “no doubt” they would face a major security breach in the next year.

Those results are part of the findings of the 2016 Black Hat Attendee Survey, which was conducted in June with 250 security professionals. The annual Black Hat USA conference kicks off next week in Las Vegas.

The looming threat that eats at IT is phishing and other social engineering attacks. According to this year’s 2015 Verizon Data Breach Investigations Report, 30% of phishing messages were opened by the target recipient, up from 23% just last year. In addition, 12% clicked on the attachment that launched the malicious attachment, up from 11% in 2014.

Those numbers point to another finding in the Black Hat Attendee Survey, 28% of IT security pros said end-users who violate security policy are the weakest part of the corporate security chain. It’s a familiar refrain and a reality that today can come with damaging consequences.

On top of these concerns, the survey showed that companies are facing a serious shortage of qualified security pros. In the survey, 74% of respondents said they don’t have enough staff to deal with the threats they expect to see in the next 12 months.

And it gets worse. Those same IT security pros says they are not spending enough time on the things that most concern them, but instead are tasked with “measuring risk (35%), managing compliance with industry and regulatory requirements (32%), and troubleshooting security vulnerabilities in internally developed applications (27%).”

The survey indicated the gap between concerns and day-to-day actions is growing, and respondents said they were fearful that they are losing the war against cyber crime

Beautiful_Russian_1_300_250

Henry Sapiecha

 

171 million VK.com [Europe’s largest social network site] accounts stolen by hackers

It’s the latest of a string in historical hacks targeting large social networking sites.

vk-hero-screen-shot image www.intelagencies.com

A hacker has obtained 171 million user accounts associated with social networking giant, VK.com.

The stolen database contains full names, email addresses and plain-text passwords, and in many cases locations and phone numbers.

The St. Petersburg, Russia-headquartered social network — formerly known as VKontakte — is said to be the largest in Europe, with over 350 million users at the last count. The hack is thought to have been carried out in late-2012 or early 2013, but the hacker who is selling the data could not be more precise.

Given the timing, the entire store of VK’s data — which at the time had just under 190 million users — is likely to have been taken in the hack.

The hacker is now selling a smaller portion of the database — 100 million accounts, which is a little over 17 gigabytes in size — on a dark web marketplace for 1 bitcoin, or about $580 at the time of writing.

That same for-sale database was provided ZDNet for verification.

vk-com-screen-shot-2 image www.intelagencies.com

We examined the database that was provided by searching a selection of names in VK’s public search engine — many of which turned up valid results. We reached out to many of these via email (which were listed in the breach) for confirmation, but didn’t immediately hear back — we will update the story if that changes. A handful of queries returned nothing, indicating a user was no longer a member or had deactivated their account.

LeakedSource.com, a search engine that records breaches and allows users to search their details, also obtained a portion of the database — albeit a smaller data set of about 100 million records.

Given the social network’s predominance in Russia, the most common password was “123456,” in line with other breaches. LeakedSource.com also found that the most common email address came from mail.ru, which may not be a coincidence, since VK.com was bought by the Mail.ru group in 2014. That led to the ousting of the company’s founder, Pavel Durov, who later fled Russia amid a shake-up of the country’s media laws. Durov later founded encrypted chat app Telegram.

For its part, VK.com said in an email on Monday that it “hasn’t been hacked.”

“We are talking about old logins / passwords that had been collected by fraudsters in 2011-2012. All users’ data mentioned in this database was changed compulsorily,” said a spokesperson. “Please remember that installing unreliable software on your devices may cause your data loss. For security reasons, we recommend enabling 2-step verification in profile settings and using a strong password.”

An email to Durov on Sunday went unreturned.

Correction: an earlier version of this story had a headline which suggested that 171 million user accounts are up for sale, when in fact a smaller 100 million database was put up for sale. We regret the error.

BBB

Henry Sapiecha

 

Hacker claims to be selling millions of Twitter account details

The hacker has links to the MySpace, LinkedIn, & Tumblr “mega breaches.”

twitter-offices-signage image www.intelagencies.com

A hacker, who has links to the recent MySpace, LinkedIn, and Tumblr data breaches, is claiming another major tech scalp — this time, it’s said to be millions of Twitter accounts.

A Russian seller, who goes by the name Tessa88, claimed in an encrypted chat on Tuesday to have obtained the database, which includes email addresses (and sometimes two per person), usernames, and plain-text passwords.

Tessa88 is selling the cache for 10 bitcoins, or about $5,820 at the time of writing.

The seller said they obtained 379 million accounts as early as 2015. That would be far more than its 310 million monthly active users, but could account for cumulative accounts, such as inactive users.

An analysis of the database by LeakedSource, a breach notification site which received the database from the seller on Wednesday, showed there are in fact over 32 million purported accounts in the database, after duplicates were removed.

LeakedSource said in a blog post that it was unlikely that Twitter was breached, and pointed to malware as the culprit.

“The explanation for this is that tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” the blog post said.

The group said it was able to verify the passwords associated with 15 users. LeakedSource shared a portion of the database with me. Two colleagues whose email addresses were in the database were able to verify their password. A third colleague said they had not used the email address found in the database to join Twitter.

LeakedSource said that the passwords were likely “stolen directly from consumers, therefore they are in plaintext with no encryption or hashing.” The groups said it did not believe that Twitter stored data in plain-text at the time the data was taken, thought to be around 2014.

“These credentials however are real and valid,” said the group. “The lesson here? It’s not just companies that can be hacked, users need to be careful too.”

As we’ve seen in recent data breaches, the most common password was “123456,” with the third and fourth password being “qwerty” and “password” respectively.

A Twitter spokesperson said in prepared statement: “We are confident that these usernames and credentials were not obtained by a Twitter data breach — our systems have not been breached. In fact, we’ve been working to help keep accounts protected by checking our data against what’s been shared from recent other password leaks.”

In a recent tweet, the company also said that it periodically checks its data against recent password leaks to ensure that accounts stay secure.

Given the high-profile Twitter account takeovers in recent days — which included Facebook co-founder Mark Zuckerberg — it would be an easy assumption to make that Twitter had been hacked.

But Zuckerberg’s account was not in the database obtained by LeakedSource, the blog post said.

The hackers who took over Zuckerberg’s account said at the time they acquired his “dadada” password from the LinkedIn breach.

When asked, a LinkedIn spokesperson declined to comment, pointed to a recently-updated company blog post, but ruled out any new breach, and advised users to change any re-used passwords on other sites.

f6

Henry Sapiecha

Ubuntu Forums hack exposes 2 million site users

An anonymous hacker grabbed usernames, email addresses, then salted and hashed passwords.

ubuntu-forum-form image www.intelagencies.com

The company that builds Ubuntu, a popular Linux distribution, has said its forums were hacked Thursday.

Canonical, which develops the operating system, said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker

The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.

That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.

The statement stressed that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.

Since the breach, the servers were wiped, rebuilt, and hardened, passwords were changed, and the forum software was fully patched.

The statement added that although the forums relied on Ubuntu’s single sign-on service, the passwords were hashed and salted, turning them into randomized strings of data. But the statement did not say which hashing algorithm was used — some algorithms, like MD5, are still in use but are deprecated, as they can be easily cracked.

A spokesperson for the company did not immediately respond to a question about the hashing algorithm.

fg56

Henry Sapiecha

ISPs, communication firms file legal complaint over UK GCHQ spying

eyes peeking through usa blinds image www.intelagencies.com

Seven internet service and communications providers worldwide have filed a legal complaint against the UK’s spy agency GCHQ in light of the Snowden revelations.

The complaint was filed on Wednesday by US firms RiseUp and May First/People Link, the UK’s GreenNet, Netherlands-based Greenhost, Zimbabwe’s Mango, Korean firm Jinbonet, Germany’s Chaos Computer Club and Privacy International in collective action against GCHQ’s intelligence activities.

The organizations say they are calling for an end to GCHQ’s “attacking and exploitation of network infrastructure in order to unlawfully gain access to potentially millions of people’s private communications.”

After former NSA contractor Edward Snowden leaked confidential documents to the media revealing the surveillance activities of the US government, it was discovered that the UK’s nose was far from clean. The GCHQ has come under fire for a number of activities, including using telecom firms to access undersea cables which allow the tapping of communication lines.

The complaint (.PDF) was filed today with the UK’s Investigatory Powers Tribunal, an organization which investigates complaints against public bodies.

The claimants assert that GCHQ’s “attacks on providers” are not only illegal, but are destructive and undermine the “goodwill organisations rely on.” In addition, the claimants say that the government’s actions have damaged trust placed in security and privacy.

The claimants draw on a number of examples within their complaint, including the targeting by GCHQ of Belgian telecommunications company Belgacom’s employees. It is alleged that GCHQ infected computer systems with malware to gain access to important network infrastructure. In addition, three German internet exchange points are believed to have been targeted through a joint NSA-GCHQ operation, where exchange points were tapped — allowing the government agencies to spy on Internet traffic.

GCHQ and the NSA’s network exploitation and intrusion capabilities, including covert data injections, also come under fire within the complaint.

While the groups bringing the complaint forward were not specifically named in the documents released by Snowden to the media, they say that GCHQ and the NSA’s surveillance activities can be challenged because any internet and communications provider could be at risk, and both the companies themselves and their customers could become targets.

The case filed today follows two other cases filed by Privacy International following the Snowden leaks. The first complaint was lodged due to the mass surveillance programmes TEMPORA, PRISM and UPSTREAM, and the second against the use of spyware and malicious software by GCHQ to gain access to computer systems.

Eric King, Deputy Director of Privacy International, said:

“These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endangers the world’s most powerful tool for democracy and free expression. It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GHCQ and the NSA, must come to an end immediately.”

Henry Sapiecha

THIS SITE IS UNDER CONSTRUCTION-WATCH THIS SPACE

Welcome to Acbo Call Centre

UnderConstruction

Henry Sapiecha

pi spy glass line-13