Category Archives: INTERNET

Interpol arrests alleged ringleader of $60 million online scam network

Suspected head of an international criminal network, which took $60 million from victims, has been caught — following cooperation between authorities and cybersecurity firms.

interpol-online-fraud-investigation screen image www.intelagencies.com

Interpol worked with Nigerian authorities, Trend Micro and Fortinet on the investigation. (Image: Interpol)

The alleged head of an international network responsible for compromising the email accounts of businesses across the world and then using them to scam victims out of a combined $60 million has been arrested by Interpol.

Known as ‘Mike’, the 40 year-old Nigerian national behind the scams is suspected of deceiving thousands of victims, with one incident of this business email compromise scam resulting in one target being conned out of $15.4 million.

Interpol hopes physical border security will solve virtual borders

Although physical and virtual borders are vastly different, Interpol is already seeing results suggesting that it can apply the concept to online criminal activity.

‘The suspect headed a network of cybercriminals and hackers across Nigeria, Malaysia, and South Africa who used malware to compromise the accounts of small and medium-sized businesses then use the hijacked accounts — including those of executives — to carry out cyber fraud,” Interpol said.

Organisations in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US all had their email accounts compromised by the cybercriminal gang, which then used trust in emails from the hacked business to trick unsuspecting victims into transferring them money for items and services they would never receive.

The man accused of leading the operation was arrested in Port Harcourt, Nigeria, following collaboration between Interpol, the Nigerian Economic, and Financial Crime Commission (EFCC), using intelligence provided by cybersecurity firms Trend Micro and Fortinet.

Working with the Interpol Digital Crime Centre, Trend Micro — which has been sharing threat information with the global police since 2014 — and Fortinet were able to help locate the suspect in Nigeria, which then led to his arrest in June.

Following the arrest, a forensic examination of seized devices showed that he’d been involved in a range of cybercriminal activities, with two main schemes that used the compromised business email accounts, the agency said.

Firstly, the operation engaged in payment diversion fraud where a supplier’s email was compromised and used to send fake messages to the buyer, asking for payments to a bank account under criminal control.

The gang also engaged in CEO fraud, hacking email accounts of executives, and then using their privileges to request money be transferred, with the funds ending up in a bank account operated by the fraudsters.

In total, victims were scammed out of over $60 million, which was laundered through accounts in China, Europe, and the US in order to avoid detection. According to Interpol, business email fraud represents a significant growing threat with tens of thousands of companies having fallen victim in recent years.

“The public, and especially businesses, need to be alert to this type of cyber-enabled fraud,” said Noboru Nakatani, executive director of the Interpol Global Complex for Innovation.

“Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams,” he added.

‘Mike’ and another suspect arrested in Nigeria face charges of hacking, conspiracy, and obtaining money under false pretences. Both are currently on bail as the investigation continues.

Hot_Russian_300_250

Henry Sapiecha

www.crimefiles.net

www.scamsfakes.com

Cyberattacks Increasingly Rapid and Deceptive: Symantec

Aspire-Hero-image www.intelagencies.com

In 2014, cybercriminals, using increasingly rapid and deceptive attacks, targeted the financial sector to stole massive amounts of data from major institutions, according to Mountain View, Calif.-based Symantec’s Internet Security Threat Report.

Other highlights: Twenty percent of financial, insurance and real estate companies were at risk of spear-phishing attacks in 2014, similar to the 2013 rate; 30% of finance workers were targeted with spear-phishing attacks, where emails were frequently sent requesting payment by credit card or the completion of a wire transfer; and, financial information was the fourth most common type of information exposed in 2014.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” Kevin Haley, director, Symantec Security Response said in a release. “We’re seeing attackers trick companies into infecting themselves by ‘Trojanizing’ software updates to common programs and patiently waiting for their targets to download them—giving attackers unfettered access to the corporate network.”

In a record-setting year for zero-day vulnerabilities, Symantec research revealed that it took software companies an average of 59 days to create and roll out patches. That was up from only four days in 2013. Attackers took advantage of the delay and, in the case of Heartbleed, exploited the vulnerability within four hours.

Meanwhile, advanced attackers continued to breach networks with highly-targeted spear-phishing attacks. What makes last year particularly interesting is the precision of these attacks, which used 20% fewer emails to successfully reach their targets and incorporated more drive-by malware downloads and other web-based exploits.

Email remains a significant attack vector for cybercriminals, but they continue to experiment with new attack methods across mobile devices and social networks to reach more people, with less effort.

In a separate announcement the Department of Homeland Security, in collaboration with Interpol and the FBI, released a Technical Alert to provide further information about the Simda botnet that has compromised more than 770,000 computers worldwide with a self-propagating malware since 2009. A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Recommended actions to remediate Simda infections include use and maintain anti-virus software, change, keep operating system and application software up-to-date, and use anti-malware tools.

ooo

Henry Sapiecha

China hackers make US uni unplug engineering computers-Is China a nation of thieves & cheats??

penn state seal-university image www.intelagencies.comchinese flag image www.druglinks.infohackers at work shadow image www.intelagencies.comchinese peoples faces image www.intelagencies.com

Washington: Penn State University, which develops sensitive technology for the US Navy, said on Friday that Chinese hackers have been sifting through the computers of its engineering school for more than two years.

One of the United States’ largest and most productive research universities, Penn State offers a potential treasure trove of technology that’s already being developed with partners for commercial applications. The breach suggests that foreign spies could be using universities as a backdoor to US commercial and defence secrets.

The hackers are so deeply embedded that the engineering college’s computer network will be taken offline for several days while investigators work to eject the intruders.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” said Penn State President Eric Barron in a letter to professors and students. “This is an incredibly serious situation, and we are devoting all necessary resources to help the college recover as quickly as possible.”

The Federal Bureau of Investigation notified the university of the breach in November 2014, spawning a months-long investigation that eventually found two separate groups of hackers stealing data.

The first group has been linked by investigators to the Chinese government, according to a person familiar with the probe. The second group has not been identified, the university says, but investigators believe it is the work of state-sponsored hackers.

The investigation and remediation efforts have already cost Penn State millions of dollars, said Nicholas Jones, the university provost.

US engineering schools – Massachusetts Institute of Technology, the California Institute of Technology, Berkeley, Carnegie Mellon, and Johns Hopkins – have been among the top targets of Chinese hacking and other intelligence operations for many years. These forays have been for both commercial and defence purposes, and universities have struggled to secure their computers against these advanced attacks.

In addition to online activities, the Chinese have sent legions of graduate students to US schools and have tried to recruit students, faculty members and others at both universities and government research facilities, several recent law-enforcement investigations show.

“There is an active threat and it is against not just Penn State but against many different organisations across the world, including higher education institutions,” said Nick Bennett, a senior manager at Mandiant, a security division of FireEye Inc., which aided the university in the investigation.

Universities “need to start addressing these threats aggressively”, Mr Bennett said in an interview.

Among Penn State’s specialties is aerospace engineering, which has both commercial and defence applications important to China’s government. The university is also home to Penn State’s Applied Research Laboratory, one of 14 research centres around America that work mainly for the military.

That the hackers were in the network undetected for more than two years raises the possibility that they used connections between computers to move into more highly guarded networks, including defence contractors, government agencies or the Navy, according to the person familiar with the investigation.

Washington Post

ooo

Henry Sapiecha

See everything you’ve ever Googled with this little-publicised web tool

google logo sign image www.intelagencies.com

Take a peek into your own personal Google vault, if you’re so brave. Photo: Tamara Voninski

You probably don’t remember what you Googled 10 minutes ago, let alone the myriad inane and fleeting things you’ve searched since the engine’s beginnings.

But unless you’re browsing in incognito mode or have tweaked your account settings, Google remembers those things. Not only that: Google logs all of your searches, analyzes them, and uses them to individually personalise the search results you see – which has pretty profound implications for both literacy and privacy.

Now, the search giant has created a way for users to better understand that process. In a feature quietly rolled out last January, and surfaced by a Google blog over the weekend, users can download their search histories from Google, including things they’ve searched across computers and phones.

These histories aren’t 100-percent comprehensive: They only include searches you’ve made while signed in on your Google account. (Admittedly, if you have Gmail, this is probably more or less most of the time.)

Google also delivers them as JSON files, which aren’t the most human-readable things. But if you download your search history from the little drop-down in the top right corner of this page, open it in your computer’s notepad or other plain-text editing app, and search for the term “query_text,” you’ll get a rundown of everything you’ve ever searched.  I downloaded my archive to make this GIF of every phrase I’ve Googled in the past seven days. (No, I didn’t edit anything out; yes, you want to see Skateboarding Taco for yourself.)

google-gif image www.intelagencies.com

So what’s the point of this, exactly, besides the novelty? The stated purpose of Google Takeout, a four-year-old user data program to which this feature belongs, is to give people an easier way to transfer their data from Google to other services. If I wanted to switch my email from Gmail to AOL, for instance, I could use Google Takeout’s email archive to port all my old messages over.

But there’s a really critical literacy purpose here, as well: By seeing what data Google has on you – and in what quantities – you can also begin to understand the decisions it makes about what you do and do not see.

Google search results are famously variable: What you see when you search “ice cream” is different from what I see, or what the person next to you on the subway sees, or even what you’ll see an hour from now. That’s because Google’s pagerank algorithm is designed to surface the results that it thinks you’ll find most relevant; everything else effectively gets buried.

That’s obviously a really useful service, particularly when you’re searching something like ice cream. (At the top of my Google results right now: The best ice cream places in D.C.) But when it comes to heftier topics – say, the 2016 election or gender equality – what Google terms “personal relevance” could really slant the type of information you receive.

“Web & App Activity makes searches faster and enables customised experiences in Search, Maps, Now, and other Google products,” is how Google explains itself.

It’s worth checking out your search history for another reason, too: As the Electronic Frontier Foundation warned in 2012, this kind of data can tell extremely intimate things about you, from your sexual orientation to your health problems. All of that data can theoretically be subpoened from Google. (Or hacked, if it’s on your hard drive – so be careful.)

You can control how much of this information Google receives: turning off the “save search history” feature is an option through your Google Account History settings. While you’re there, you may also want to stop Google from logging where you go, who your phone contacts are, and what you watch on YouTube. Then again, this is how Google knows to tell you things like the best nearby ice cream. That trade-off’s up to you.

The Washington Post

ooo

Henry Sapiecha

Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately

When the Heartbleed bug was uncovered, many people in the IT security industry were asking whether the code containing the flaw had deliberately been inserted. Dr Robin Seggelmann,image www.intelagencies.com

When the Heartbleed bug was uncovered, many people in the IT security industry were asking whether the code containing the flaw had deliberately been inserted. Dr Robin Seggelmann, who introduced the flaw, said it was “tempting” to assume this, but said “it was a simple programming error”.

ooo

Henry Sapiecha

Ten ways to shut down the internet

cyber-attack-internet shutdown image www.intelagencies.com

There are many ways to break the internet, and they don’t necessarily involve Kim Kardashian.

On Tuesday North Korea was officially offline for nearly 10 hours, in what appears to be a fresh twist to its ongoing cyber-stoush with the US over the Sony Pictures hack.

Analysts are still picking over what may have caused the outage.

Matthew Prince from internet and security company Cloudflare says the more connected a country is, the harder it is to knock it offline.

A country like Australia, while remote, is well connected, so we’re unlikely to be cast adrift completely.

But mass outages do happen from time to time and there are many potential causes.

So how exactly can a country’s internet be disrupted or turned off?

1. Attack it

norse internet shut down chart image www.intelagencies.com

One way to knock a country offline is via a denial-of-service attack. Such an attack typically involves flooding the core routers of a country’s telecommunications infrastructure with more traffic than they can handle. To do this the attacker has to have more network capacity than the target.

“Botnets” — computers infected with malicious software — are typically used in distributed-denial-of-service attacks to increase the hacker’s capacity.

Last year a denial-of-service attack in China knocked all websites registered with a country domain – “.cn” (the Chinese version of “.com.au”) – offline. A similar attack against an Australian betting agency in 2004 knocked out the whole of Telstra’s Alice Springs network, part of Adelaide, and Telstra central in Sydney.

2. Pull the plug on it or order a shutdown

egypt-internet chart image www.intelagencies.com

A graph showing internet traffic to and from Egypt in 2011.

Where connections are few and far between and governments have high degrees of power, it is possible for them to shut down internet access in the country.

This happened during the Arab Spring. In 2011, then Egyptian president Hosni Mubarak cut the cord on his country’s internet and 3G mobile services in an attempt to quash protestors who were communicating with each other online.

A month later, Libya followed suit ahead of planned citizen protests.

Cloudflare’s Mr Prince said the North Korean shutdown was unlikely to be state-sponsored, or it would likely still be “down for the count” (i.e. still out).

If one country relies on a neighbouring country for its connection to the internet and the rest of the world, it will obviously be at the behest of its neighbour. So if one country that connects another pulls the plug on the cable, the other country’s internet will be affected if there is no back-up connection.

North Korea has only one internet connection to the rest of the world, via China’s Unicom.

3. Do something stupid

excavator digging image www.intelagencies.com

It’s not unheard of for cables delivering the internet to be cut accidentally. Last year hundreds of Sydney residents were without their internet for days, supposedly due to some very poorly planned civil works. NBN contractors have also come under fire in the past for cutting connections.

Back in 2009, an EnergyAustralia contractor cut through at least 10 Telstra cables in Sydney, affecting CBD phones, internet and eftpos.

Councils and builders, or dogs looking to bury bones in hard-to-find places, can get advice on where it’s safe to dig at 1100.com.au.

4. Unintentionally dig it up

what's the internet. cable damage image www.intelagencies.com

What’s the internet? … Hayastan Shakarian holds a handsaw near her native village of Armazi.  Photo: AFP

In 2011, a grandmother severed the internet connections of thousands of people in Georgia and neighbouring Armenia while she was digging for scrap copper. The outage lasted five hours.

She was a 75-year-old pensioner and claimed she didn’t even know what the internet was. It wasn’t the first time someone had done this in Georgia.

5. Drown it

flooded internet exchange image www.intelagencies.com

A large number of websites hosted in the US went down during Hurricane Sandy. Photo: merchantcircle.com

Data centres go offline when flooded or without power. Hurricane Sandy knocked out data centres in the US in 2012, taking many popular US websites offline. Floods in Queensland in 2011 also resulted in thousands being disconnected.

6. Set it on fire

phone exchange fire aftermath image www.intelagencies.com

A fire led to Warrnambool Telephone Exchange’s demise. Photo: Telstra

Tens of thousands of phone and internet connections in Victoria were shut off in 2012 after a fire razed the Warrnambool Telephone Exchange. It was thought to be the biggest disruption of its kind in Australia.

7. Vandalise it

CABLE BUNCH CLOSE-UP image www.intelagencies.com

In May, iiNet said vandals damaged a backhaul fibre cable in Traralgon South, Victoria. The disruption was felt all the way down in Tasmania, with impaired connections for “some broadband customers”, iiNet said.

In 2012, a separate rogue individual deliberately cut several Telstra cables in Sydney, causing millions of dollars worth of damage and cutting communications from many homes and suburbs, including the local police station.

8. Let the sharks at it

shark attacking underwater cable image www.intelagencies.com

While undersea cables are typically susceptible to accidental breakage by ship anchors, fish trawlers and natural disasters, sharks are also a threat. Internet giant Google recently revealed how it was using Kevlar-style wrapping material on its cables to prevent against these types of attacks.

Australia has several fibre-optic submarine cables connecting it to the rest of the world, which means that if one goes down traffic can be re-routed.

Other countries are not so lucky: if a fibre cut occurs they can go dark.

In 2005, Pakistan was cut off completely and had to rely on a slow back-up satellite connection.

9. Let its hardware fail all by itself

Kyle internet failure image www.intelagencies.com

Much like in episode six, season 12 of South Park (“The Day the Internet Stood Still“), router malfunctions can sometimes cause outages.

But unlike in South Park, turning it off and on again doesn’t always work.

In 2012, Telstra was cut off from its international data network after one of its resellers, Dodo, was blamed for “a very minor hardware failure” resulting in very major routing issues that affected millions of customers’ internet connections for about 45 minutes. iiNet services were affected too.

Earlier this year Vodafone also suffered data and phone issues when a faulty repeater in WA on a primary fibre link and a back-up cable failed.

“From time to time equipment fails,” a spokesman for the cable said at the time.

large loan application banners image www.money-au (4)

Henry Sapiecha

Shellshock just one tool in hackers’ cyber arsenal

shellshock virus cartoon safe cracker image www.intelagencies.com

Silent thief: The Shellshock vulnerability went unnoticed for more than 20 years.

Online shoppers need to be extra vigilant against malicious links during the holiday shopping season, warns Adam Turner.

Unwitting Australians click on more than 15 million malicious internet links every month, lured by increasingly sophisticated attempts to infect their computers and steal valuable information.

Australians clicked on more than 45.5 million malicious links in the third quarter of 2014, up from 39 million in the three months before, according to security vendor Trend Micro’s third-quarter security roundup report. This ranks Australia fifth in the world for countries with the highest number of visits to malicious sites after the United States, Japan, France and Italy.

The growing threat from malicious links is partly attributed to September’s discovery of the Shellshock security flaw in many web servers. Among other things, the Shellshock flaw lets attackers hijack legitimate web pages and secretly download malicious software on to the computers of people who visit the site, known as a drive-by download.

The Shellshock vulnerability went unnoticed for more than 20 years, suggesting the likelihood of more long-undiscovered vulnerabilities lurking within with operating systems and applications.

Meanwhile, the threat from vulnerabilities in mobile devices and apps is also increasing, with ransomware targeting mobile devices along with desktop computers.

Ransomware encrypts the contents of a device and demands a ransom for precious files, such as photographs, to be returned. One of the latest ransomware threats involved fake emails, purporting to be from Australia Post, with an attachment that claims to contain details of parcel deliveries but in fact encrypts the computer’s hard drive and demands payment.

The latest report is a clear indication that Australian consumers still need to be educated about their online vulnerability, especially as cyber threats become more complex, says Trend Micro’s Australia and New Zealand consumer director, Tim Falinski.

“Consumers need to be extra vigilant heading into the holiday shopping season and new year sales, which is typically a time of year that sees an increase in cyber crime.”

project & construction finance banner image www.money-au.com (2)

Henry Sapiecha

NSA’s Internet monitoring said to be legal

NSA Surveillance-Privacy Report

WASHINGTON (AP) — The first time the bipartisan Privacy and Civil Liberties Oversight Board dissected a National Security Agency surveillance program, it found fundamental flaws, arguing in a January report that the NSA’s collection of domestic calling records “lacked a viable legal foundation” and should be shut down.

But in its latest study, the five-member board takes the opposite view of a different set of NSA programs revealed last year by former NSA systems administrator Edward Snowden.

The new report, which the board was to vote on Wednesday, found that the NSA’s collection of Internet data within the United States passes constitutional muster and employs “reasonable” safeguards designed to protect the rights of Americans.

The board, whose members were appointed by President Barack Obama, largely endorsed a set of NSA surveillance programs that have provoked worldwide controversy since Snowden disclosed them. However, the board’s report said some aspects of the programs raise privacy concerns meriting new internal intelligence agency safeguards.

Under a provision of the 1978 Foreign Intelligence Surveillance Act known as Section 702, the NSA uses court orders and taps on fiber optic lines to target the data of foreigners living abroad when their emails, web chats, text messages and other communications traverse U.S. telecommunications systems.

Section 702, which was added to the act in 2008, includes the so-called PRISM program, under which the NSA collects foreign intelligence from Google, Facebook, Microsoft, Apple and nearly every other major American technology company.

U.S. intelligence officials and skeptical members of Congress have agreed that Section 702 has been responsible for disrupting a series of terrorist plots and achieving other insights.

The board said the programs have “led the government to identify previously unknown individuals who are involved in international terrorism, and it has played a key role in discovering and disrupting specific terrorist plots aimed at the United States and other countries.”

Because worldwide Internet communications are intermingled on fiber optic lines and in cyberspace, known as the cloud, the collection inevitably sweeps in the communications of Americans with no connection to terrorism or foreign intelligence. Activists have expressed concern that a secret intelligence agency is obtaining private American communications without individual warrants. Some have questioned how such a program could be legal under the Fourth Amendment to the Constitution.

The board, including a Democratic federal judge, two privacy experts and two former Republican Justice Department officials, found that the NSA monitoring was legal and reasonable and that the government takes steps to prevent misuse of Americans’ data. Those steps include “minimization” that leaves out the names of Americans from intelligence reports unless they are relevant.

“Overall, the board finds that the protections contained in the Section 702 minimization procedures are reasonably designed and implemented to ward against the exploitation of information acquired under the program for illegitimate purposes,” said the report. “The board has seen no trace of any such illegitimate activity associated with the program.”

That said, the board noted that the rules “potentially allow a great deal of private information about U.S. persons to be acquired by the government.”

The board was troubled by the “unknown and potentially large scope of the incidental collection of U.S. persons’ communications,” and collection of communications about a target, such as a foreign terrorist organization, that could capture two innocent Americans discussing the organization.

The report proposals some rule-tightening. For example, the board recommends that NSA and CIA analysts query Section 702 data using the names or email addresses of Americans “only if the query is based upon a statement of facts showing that it is reasonably likely to return foreign intelligence information.”

Section 702 has its roots in the Terrorist Surveillance Program, a collection program President George W. Bush ordered after the 9/11 attacks without seeking a change in the law. After administration lawyers deemed aspects of it illegal, and after so-called warrantless wiretapping was disclosed in news reports, Congress essentially legalized the program in 2008.

Obama, then a senator running for president, voted in favor of the bill.

Henry Sapiecha