Category Archives: INVESTIGATIONS

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.

Bank joins Interpol cyber-crime fighting centre

Barclays Bank is the first bank to have an analyst working alongside cyber-crime experts at Interpol’s research and development facility.

lock-hacked-security-symbol image www.intelagencies.com

Barclays is to become the first bank to have a cybercrime analyst working full-time alongside police at Interpol’s Cyber Fusion Centre to improve information-sharing and response to imminent security threats

OPM data breach’s big question: What’s fingerprint data worth in future cyber attacks?

Federal agencies and the intelligence community will form a working group to examine how fingerprint data can be used in future attacks.

Interpol’s centre in Singapore allows law enforcement, the private sector, and academia to work together, sharing threat information and developing responses.

The Barclays cybercrime analyst will join other experts from Cyber Defense Institute, Kaspersky Lab, LAC, NEC, SECOM, Trend Micro, the University of South Australia, and the University of Waikato in New Zealand who are already based at the Interpol Global Complex for Innovation (IGCI).

“The scale and complexity of today’s cyberthreat landscape means cooperation across all sectors is vital,” said Noboru Nakatani, the IGCI’s executive director.

Interpol said its agreement with Barclays will broaden joint efforts in cybersecurity through intelligence sharing, training, and awareness about cyber threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.

Barclay’s Group Chief Information Security Officer Troels Oerting said: “Preventing cybercrime and keeping our citizens safe from being victims of crime in cyberspace is a global task and cannot be done without the involvement of Interpol.”

Banks are among the businesses most commonly targeted by cyber criminals. Last month HSBC said it had defended itself against a major DDoS (Distributed Denial of Service) attack and was working closely with law enforcement authorities to pursue the criminals responsible.

Beautiful_Russian_4_300_250

Henry Sapiecha

www.crimefiles.net

www.scamsfakes.com

 

Interpol arrests alleged ringleader of $60 million online scam network

Suspected head of an international criminal network, which took $60 million from victims, has been caught — following cooperation between authorities and cybersecurity firms.

interpol-online-fraud-investigation screen image www.intelagencies.com

Interpol worked with Nigerian authorities, Trend Micro and Fortinet on the investigation. (Image: Interpol)

The alleged head of an international network responsible for compromising the email accounts of businesses across the world and then using them to scam victims out of a combined $60 million has been arrested by Interpol.

Known as ‘Mike’, the 40 year-old Nigerian national behind the scams is suspected of deceiving thousands of victims, with one incident of this business email compromise scam resulting in one target being conned out of $15.4 million.

Interpol hopes physical border security will solve virtual borders

Although physical and virtual borders are vastly different, Interpol is already seeing results suggesting that it can apply the concept to online criminal activity.

‘The suspect headed a network of cybercriminals and hackers across Nigeria, Malaysia, and South Africa who used malware to compromise the accounts of small and medium-sized businesses then use the hijacked accounts — including those of executives — to carry out cyber fraud,” Interpol said.

Organisations in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US all had their email accounts compromised by the cybercriminal gang, which then used trust in emails from the hacked business to trick unsuspecting victims into transferring them money for items and services they would never receive.

The man accused of leading the operation was arrested in Port Harcourt, Nigeria, following collaboration between Interpol, the Nigerian Economic, and Financial Crime Commission (EFCC), using intelligence provided by cybersecurity firms Trend Micro and Fortinet.

Working with the Interpol Digital Crime Centre, Trend Micro — which has been sharing threat information with the global police since 2014 — and Fortinet were able to help locate the suspect in Nigeria, which then led to his arrest in June.

Following the arrest, a forensic examination of seized devices showed that he’d been involved in a range of cybercriminal activities, with two main schemes that used the compromised business email accounts, the agency said.

Firstly, the operation engaged in payment diversion fraud where a supplier’s email was compromised and used to send fake messages to the buyer, asking for payments to a bank account under criminal control.

The gang also engaged in CEO fraud, hacking email accounts of executives, and then using their privileges to request money be transferred, with the funds ending up in a bank account operated by the fraudsters.

In total, victims were scammed out of over $60 million, which was laundered through accounts in China, Europe, and the US in order to avoid detection. According to Interpol, business email fraud represents a significant growing threat with tens of thousands of companies having fallen victim in recent years.

“The public, and especially businesses, need to be alert to this type of cyber-enabled fraud,” said Noboru Nakatani, executive director of the Interpol Global Complex for Innovation.

“Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams,” he added.

‘Mike’ and another suspect arrested in Nigeria face charges of hacking, conspiracy, and obtaining money under false pretences. Both are currently on bail as the investigation continues.

Hot_Russian_300_250

Henry Sapiecha

www.crimefiles.net

www.scamsfakes.com

Top secret 9/11 report released into Saudis involvement in September 11 terrorist attacks

UNDER wraps for 13 years, the US has released once-top secret pages from a congressional report into 9/11 that questioned whether Saudis who were in contact with the hijackers after they arrived in the US knew what they were planning.

The newly declassified document, with light redactions, names people the hijackers associated with before they carried out the attacks, killing nearly 3000 people in New York, Washington and on a plane that crashed in Pennsylvania. It identifies individuals who helped the hijackers get apartments, open bank accounts, attend local mosques and get flight lessons. Fifteen of the 19 hijackers were Saudi nationals and several were not fluent in English and had little experience living in the West.

Later investigations found no evidence that the Saudi government or senior Saudi officials knowingly supported those who orchestrated the attacks. But politicians and relatives of victims, who don’t think all Saudi links to the attackers were thoroughly investigated, campaigned for more than 13 years to get the final chapter of the 2002 congressional inquiry released.

top secret pages from a congressional report into 911 image www.intelagencies.com

A section of one of the 28 pages from the once-top secret pages from a congressional report into 9/11 that questioned whether Saudis who were in contact with the hijackers after they arrived in the U.S. Picture: AP

Saudi Arabia has called for the release of the chapter since 2002 so the kingdom could respond to any allegations and punish any Saudis who may have been involved in the attacks.

“Since 2002, the 9/11 Commission and several government agencies, including the CIA and the FBI, have investigated the contents of the ‘28 pages’ and have confirmed that neither the Saudi government, nor senior Saudi officials, nor any person acting on behalf of the Saudi government provided any support or encouragement for these attacks,” Abdullah Al-Saud, Saudi Arabia’s ambassador to the United States, said in a statement. “We hope the release of these pages will clear up, once and for all, any lingering questions or suspicions about Saudi Arabia’s actions, intentions, or long-term friendship with the United States.”

“Saudi Arabia is working closely with the United States and other allies to eradicate terrorism and destroy terrorist organisations,” he said.

Flight 175 closes in on World Trade Center Tower 2 in New York, just before impact image www.intelagencies.com

FAmerican Airlines Flight 175 closes in on World Trade Center Tower 2 in New York, just before impact. Picture: AP

House intelligence committee Chairman Devin Nunes said that while he supported the release, “it’s important to note that this section does not put forward vetted conclusions, but rather unverified leads that were later fully investigated by the intelligence community.”

However, others — including Former Florida Senator Bob Graham, the co-chairman of the congressional inquiry — believe the hijackers had an extensive Saudi support system while they were in the United States.

Mr Graham has said that the pages “point a very strong finger at Saudi Arabia as being the principle financier.”

Former US President George W. Bush classified the chapter to protect intelligence sources and methods, although he also probably did not want to upset US relations with Saudi Arabia, a close US ally.

Two years ago, under pressure from the families of those killed or injured on September 11, and others, US President Barack Obama ordered a declassification review of the chapter.

Director of National Intelligence James Clapper conducted that declassification review and transmitted the document to Congress, which released the pages online a day after Congress recessed ahead of the national political conventions.

Several investigations into 9/11 followed the congressional inquiry, which released its report — minus the secret chapter — in December 2002. The most well-known investigation was done by the 9/11 Commission, led by Republican. Tom Kean and Democrat Lee Hamilton.

Smoke billows from World Trade Center Tower 1 and flames explode from Tower 2 as it is struck by American Airlines Flight 175, in New York image www.intelagencies.com

Smoke billows from World Trade Center Tower 1 and flames explode from Tower 2 as it is struck by American Airlines Flight 175, in New York. Picture: AP

Mr Kean and Mr Hamilton said the 28 pages were based almost entirely on raw, unvetted material that came to the FBI. They said the material was then written up in FBI files as possible leads for further investigation.

They said the commission and its staff spent 18 months investigating “all the leads contained in the 28 pages, and many more.”

The commission’s 567-page report, released in July 2004, stated that it found “no evidence that the Saudi government as an institution or senior Saudi officials individually funded” al-Qaeda. “This conclusion does not exclude the likelihood that charities with significant Saudi government sponsorship diverted funds to al-Qaeda.”

Some critics of the commission’s work say the commission failed to run down every Saudi lead and say various agencies obstructed its work. Mr Kean and Mr Hamilton also complained that various government agencies withheld relevant information.

Saudi minister says 9/11 report exonerates kingdom

RTJYT

Henry Sapiecha

DEFCON 20: Anti-Forensics and Anti-Anti-Forensics Attacks VIDEO PRESENTATION

A video presentation on digital forensics & investigations

1dft

Henry Sapiecha

FBI probes ‘mr.grey’ and 1.2 billion stolen web credentials

hacker image on dark screen www.intelagencies.com

That hacker was identified based on data from a cybersecurity firm. Photo: Rob Young

A hacker who once advertised having access to user account information for websites like Facebook and Twitter has been linked through a Russian email address to the theft of a record 1.2 billion internet credentials, the FBI said in court documents.

That hacker, known as “mr.grey”, was identified based on data from a cybersecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said.

The papers, made public last week by a federal court in Wisconsin in the US, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen user names and passwords.

The court papers were filed in support of a search warrant the FBI sought in December 2014 and that was executed a month later related to email records

The FBI investigation was prompted by last year’s announcement by Milwaukee-based cybersecurity firm Hold Security that it obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

The FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam, the documents said.

The FBI also discovered an email address registered in 2010 contained in the spam utilities for a “mistergrey”, documents show.

A search of Russian hacking forums by the FBI found posts by a “mr.grey”, who in November 2011 wrote that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.

Alex Holden, Hold Security’s chief information security officer, said this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.

Facebook and Twitter declined comment. The FBI declined to comment, and US Justice Department had no immediate comment.

The probe appears to be distinct from another investigation linked to Hold Security’s reported discovery that 420,000 websites, including one for a JPMorgan Chase & Co corporate event, were targeted by the Russian hackers.

In a case spilling out of the discovery of the JPMorgan breach, US prosecutors this month charged three men with engaging in a cyber criminal enterprise that stole personal information from more than 100 million people.

Prosecutors accused two Israelis, Gery Shalon and Ziv Orenstein, and one American, Joshua Samuel Aaron, of being involved in a variety of schemes fueled by hacking JPMorgan and 11 other companies.

An indictment in Atlanta federal court against Shalon and Aaron names as a defendant an unidentified hacker believed to be in Russia.

Reuters

OOO

Henry Sapiecha

Intelligence Chief: Little Penalty for Cyberattacks

Director of National Intelligence James Clapper testifies on Capitol Hill in Washington, Thursday, Sept. 10, 2015, before the House Intelligence Committee hearing on cyber threats. (AP Photo/Pablo Martinez Monsivais)

Director of National Intelligence James Clapper testifies on Capitol Hill in Washington, Thursday, Sept. 10, 2015, before the House Intelligence Committee hearing on cyber threats. (AP Photo/Pablo Martinez Monsivais)

Cyberattacks against American interests are likely to continue and grow more damaging, in part because hackers face a low risk of consequences, the director of national intelligence told Congress Thursday.

James Clapper, the nation’s top intelligence official, told the House intelligence committee that a muted response to most cyberattacks has created a permissive environment in which hacking can be used as a tool short of war to benefit adversaries and inflict damage on the United States.

“Until such time as we do create both the substance and the mindset of deterrence, this sort of thing is going to continue,” Clapper said, speaking specifically about the recently revealed hack of federal personnel information linked to China in which personal data on some 22 million current and former U.S. government employees, contractors, job applicants and relatives was stolen. “We will continue to see this until we create both the substance and the psychology of deterrence.”

The administration has yet to act in response to the OPM hack.

Last May, the Justice Department issued criminal indictments against five Chinese military hackers it accused of cyberespionage against U.S. corporations for economic advantage. FBI director James Comey said at the time the spying was to benefit Chinese companies, but he neither named the companies nor took formal action against them.

Clapper said Thursday he is deeply worried that the data will be used to expose or blackmail American intelligence operatives, but he said the U.S. has yet to see any evidence of the data being used in that way.

Clapper discussed cyber threats alongside with CIA director John Brennan, Comey, National Security Agency director Admiral Mike Rogers, and Defense Intelligence Agency chief Lt. Gen. Vincent Stewart.

Russia, China, Iran and North Korea pose the top cyber threats, the officials said. Foreign intelligence services are increasingly gaining access to critical US infrastructure that would allow them to inflict damage, Clapper added.

Source: Associated Press

ooo

Henry Sapiecha

Showdown looms as Ombudsman claims immunity to avoid answering questions into massive police inquiry

Standing by top cops: Premier Mike Baird.

Standing by top cops: Premier Mike Baird.

A showdown between the NSW Ombudsman Bruce Barbour and a parliamentary committee is set for Tuesday, with Mr Barbour claiming public interest immunity to avoid answering questions on secret details of his massive inquiry into police.

A test of wills is likely, with politicans insisting they have the right to demand answers from Mr Barbour, who was issued a summons to appear.

“The upper house has had consistent and repeated advice that claims for public interest immunity do not defeat the powers of Parliament,” said the committee’s deputy chairman, Greens MP David Shoebridge.

“Clearly these are matters that are appropriate to consider, but they do not limit the committees powers to seek answers

Police Commissioner Andrew Scipione’s appearance has meanwhile been delayed until Wednesday, to allow him to view allegations made in a confidential submission by former commander of internal affairs Malcolm Brammer.

Mr Barbour wrote to the committee last week, warning any evidence he gave “has significant potential to be corrosive of confidence in my report”.

Operation Prospect had generated 1 million pages of information, 70 hearing days, examined 2322 pages of affadavits paragraph by paragraph, and would provide a final report to parliament in June, Mr Barbour said.

“I have reached no conclusions and made no findings about the alleged conduct,” he wrote.

The parliamentary inquiry could tip off people who are yet to be approached, he claimed.

His letter revealed Commissioner Scipione’s conduct has come under investigation, and has been the subject of private hearings, after allegations he improperly interfered in an investigation, and had made misleading media statements.

Mr Barbour said he wanted to clear up public misconceptions, and said a mistake on an affidavit wasn’t of itself a criminal act, it needed to be wilfully false. He flagged he is considering whether “criminal charges of this nature will be made”.

Right to silence: NSW Ombudsman Bruce Barbour.

Right to silence: NSW Ombudsman Bruce Barbour.

On Friday, Deputy Commissioner Catherine Burn denied she was responsible, as team leader, for incorrect affidavits being used to obtain warrants for listening devices without evidence.

Mr Barbour’s letter acknowledged the harrowing mental health toll among police caused by the bugging operation and prolonged investigations.

Some witnesses suffer “severe mental health problems” and became “very distressed by having to give evidence”.

At least eight witnesses had a mental health condition. Four witnesses provided medical reports indicating they were too unwell to give evidence, of whom two were excused.

Of the two forced to give evidence, one was excused mid-hearing when they began “experiencing difficulties”, while the other was later excused from further attendance.

Mr Barbour said it was legitimate for his office to investigate the leaking of 20,000 pages of confidential police material, including 61 separate documents, some of which were given to the media.

He wrote that unlike whistleblowers who approached his office directly, these persons wouldn’t be protected by the Public Interest Disclosure Act.

Premier Mike Baird said on Saturday “some of the events we have seen are disturbing” but he would “wait until we get all the facts on the table”.

Police minister Stuart Ayres said: “There’s no doubt that having the senior echelons of the NSW police force play out disputes on TV screens is not comfortable for anyone.”

ooo

Henry Sapiecha

Family day care operators put on notice after investigators uncover suspected fraud worth $300 million

Investigation finds evidence of child swapping & phantom claims kids playing  image www.intelagencies.com

A crackdown on childcare payments rorts has found “phantom claims” and “child swapping” are contributing to suspected fraud worth $300 million, the Federal Government says.

Assistant Education Minister Sussan Ley said the vast majority of suspected improper claims were coming from family day care operations.

“The common thing is that there’s a claim made for childcare benefit or childcare rebate for care that hasn’t taken place,” Ms Ley said.

The Government’s compliance investigation has identified cases of “phantom claims” where taxpayer funds were claimed for non-existent children.

It also found evidence of “child swapping”, cases where groups of parents become accredited as childcare providers and fraudulently claim to have looked after each others’ children in order to receive benefits.

Ms Ley said parents could check for evidence of rorting themselves.

“I also stress the importance of families checking their childcare statements for any irregularities,” she said.

The Government said there were prosecutions under consideration and about $4 million had been recovered so far.

About 50 childcare services have faced compliance action since the Coalition was elected last year, including suspensions, cancelled accreditation and fines of more than $2.5 million.

The number of family daycare centres has doubled over the past four years.

Henry Sapiecha

Ex-Labor powerbroker Graham Richardson caught up in the latest ICAC inquiry

Graham Richardson outside his Dover Heights house this week image www.intelagencies.com

Person of interest: Graham Richardson outside his Dover Heights house this week.

Graham Richardson, one of the Labor Party’s most enduringly controversial figures, is embroiled in a potentially explosive investigation being conducted by the Independent Commission Against Corruption.

Fairfax Media can reveal that the man once known as Senator for Kneecaps is a “person of interest” to the anti-corruption body.

In recent weeks ICAC investigators have been taking statements over a particular property deal in which Mr Richardson was engaged as a lobbyist.

It is understood that the planned public hearing into allegations of corruption involving former independent State MP Richard Torbay has been delayed due to the new avenues of inquiry.

In a separate development, the NSW state branch of the ALP has handed to ICAC a vast amount of emails covering the period 2004 to 2010.

Fairfax Media has been told that the two inquiries have some common features, including a link to Robert Fiszman, whose late father Sam was one described in the NSW Parliament as “a bagman for the Labor Party”.

Mr Torbay, 53, was sensationally referred to the ICAC and dumped as a federal National Party candidate in March 2013.

Part of the long-running investigation into Mr Torbay involves allegations that the then Armidale-based MP was being secretly bankrolled by the Labor Party from funds obtained from developer donations.

Mr Torbay is alleged to have received a suitcase containing $50,000 in cash provided by corrupt former powerbroker Eddie Obeid, a claim which Mr Obeid has denied.

As general secretary of the NSW ALP branch in the late 1970s, Mr Richardson’s legendary skills as a political bagman were honed. His prodigious ability to extract donations from developers and entrepreneurs continued throughout his years as senator.

A series of scandals saw him retire from federal politics in 1994. He worked for a number of years for the late media tycoon Kerry Packer. In recent years he has worked as a lobbyist for a string of developers. Fairfax Media does not suggest any wrongdoing on behalf of Mr Richardson’s clients.

With regard to his lobbying activities, Mr Richardson has previously told Fairfax Media that he didn’t need to lobby planning ministers: “I don’t have to talk to ministers; I can get things done through other means… I have known people in the bureaucracy for years. I have lots of contacts, lots of ways to press for things.”

Mr Richardson is presently listed on the lobbyist register as having one client, property developer Lang Walker’s company Walker Corporation. According to Australian Electoral Commission records, since 1998 Walker Corp has donated $2,253,480 to political parties, mostly to the ALP.

The former powerbroker suffered a financial setback after a prolonged legal battle with the Australian Tax Office over a $2.3 million tax assessment from profits in a Swiss bank account.

Mr Richardson claimed that the funds in the Swiss accounts were a gift from his close friend, the late disgraced stockbroker Rene Rivkin.

He reached a confidential settlement with the ATO in 2010. A few weeks later it was revealed that in 1994 Mr Richardson had sent $1 million from his Swiss account to a bank in Beirut. The Beirut account was operated by a close associate of Mr Richardson’s friend Eddie Obeid. Mr Richardson told the authors of He Who Must Be Obeid that he didn’t recall the transaction but if he did transfer the money, “It was under the instructions of Rivkin”.

In July this year Mr Richardson and his friend Danny Meares, of Danny’s Seafood fame, bought the Watermark Restaurant on The Strand in Townsville for $3.6 million.

Mr Richardson, who introduced Mr Meares to the deal, owns 10 per cent of the purchasing company, Farnorth Properties.

In September Mr Richardson, who works as a political commentator for News Corp and Sky News, used Twitter to post a photo of himself celebrating his 65th birthday at his new restaurant with the Mayor of Townsville, Jenny Hill.

Mr Richardson did not return Fairfax Media’s call.

Henry Sapiecha