Category Archives: SCAMS

Thousands of security threats happen every five minutes

hooded-hacker-with-laptop image www.intelagencies.com

The pace at which businesses now find themselves operating has allowed for the files on a network to be encrypted and beyond an organisation’s reach in just five minutes.

In just five minutes, files on a company’s network can be encrypted and beyond its reach, according to Rik Ferguson, vice president of Security Research at Trend Micro.

Trend Micro has seen a lot of development around ransomware capabilities targeting businesses rather than consumers, Ferguson said during his keynote speech at Cloudsec Australia 2016 in Sydney on Thursday, with 1,800 new threats released out into the wild every five minutes.

Additionally, he said that more than 800,000 people are exposed to malicious URLs, exploit kits, phishing websites, malware, spam, and threats every five minutes, with almost 7,000 records on average being exposed in the same timeframe.

“Just so we can measure the speed of things, the fastest trains today … can reach top speed of about 450km/h. That means in five minutes, you can travel close to 40 kilometres. That’s an incredible distance to be able to go in a very, very short period of time,” Ferguson pointed out.

“It gives you an idea of really how short that time is. In five minutes, [aside from] propelling you across the surface of the earth, it can also result in a number of other things.

“If you were hit by a crypto ransomware attack, within five minutes, all of the files on your computer or the files, god forbid, on all of the computers on your network … can be encrypted and beyond your reach unless you paid criminals some money.”

Ferguson said that universities, corporations, individuals, and healthcare organisations are all being targeted by ransomware that is being developed with specific capabilities to target enterprise.

“Ransomware used to be a consumer thing that would go after your computer, your things, and encrypt all that knowing that if you wanted to get all the files back, you were going to pay the ransom,” he said.

Meet_Russian_728_90

“Over the course of the last calendar year, we saw 29 new families of ransomware, which was already a huge jump on the 13 in the year before that. In the first half of this year, we’ve already seen 79 new families of ransomware, which is a massive increase.”

He said that criminals are investing time, money, and expertise into creating new tools, tool kits, and delivery mechanisms to get ransomware out there, because “this stuff pays dividends”.

“One of the Trend Micro competitors out there, a startup, is offering a ransomware guarantee — but their guarantee is not you’ll never get hit by it; it’s that if you do get hit by it, they’ll pay the ransom for you. That’s a cybersecurity company offering to give money to criminals,” he said.

Over the last few years, Trend Micro has also seen an uptake in what Ferguson called business email compromise, or CEO fraud, which he said is a basic scam that pays criminals a lot of money.

“It’s really simple. It’s a criminal doing the research upfront, identifying the target organisation, looking at who fulfills which role, and then sending a fake email into that company or compromising a mailbox that belongs to an employee of that company,” he said.

“[The criminals] target an email of the right victim, quite often the CFO or someone responsible in the finance department of the business, with requests from a known colleague to pay outstanding money or wire transfer money to a third-party supplier, often abroad, who is fictitious.”

Russian_Girl_2_728_90

He said this practice has been hugely successful, with $2.3 billion lost to CEO compromise or fraud between 2013 and 2015, with an estimated 79 different countries being affected.

“A certain Australian government department, local council, lost over AU$200,000 to this scam by paying fake invoices. That’s AU$200,000 of your money, I guess, at the end of the day,” he said.

“Australia is not immune. You have the — I don’t know if it’s the good fortune or the misfortune — to speak one of the most simplest and widespread languages on the planet, and it’s the most-targeted language when it comes to cybercrime globally.”

Aside from being a VP with Trend Micro, Ferguson is also special adviser to Europol, project lead with the International Cyber Security Prevention Alliance, vice chair of the Centre for Strategic Cyber Security and Security Science, and an advisor to various UK government technology forums.

Also speaking at Cloudsec Australia 2016, Timothy Wallach, Supervisory Special Agent Cyber Taskforce with the FBI, said the two most significant increases the FBI has seen over the last couple of years has been ransonware or extortion, and business email compromise.

“This is probably the reason why we are seeing a decrease in the number of records stolen, because these schemes are much easier to monetise than compromising a network, stealing information, getting it to the dark web, and eventually on an online market,” he said.

When it comes to consumer ransomware, Wallach said the requested amount is somewhat affordable, at around $450 to $500. However, this is a lot different in an enterprise environment, as the ransom is usually based on the number of endpoints or the servers that are compromised.

“If an organisation has 30,000 endpoints in its network and potentially that many endpoints have been struck with ransomware, it’s generally 30,000 times one bitcoin,” he said.

“The FBI does not recommend paying your ransom. That’s a business decision an organisation has to make.

“When organisations pay ransom, they’re involved in the criminal activity. It’s encouraging the scheme to continue.”

Additionally, Wallach highlighted that paying a ransom does not always mean that you are left with a clean system, or that everything an organisation had initially lost has been recovered.

“Whatever infected your organisation in the first place is still there,” he said. “What we do recommend is prevention, business continuity, and remediation.

www.scamsfakes.com

www.crimefiles.net

Date_Hottest_Girls_300_250

Henry Sapiecha

Interpol arrests alleged ringleader of $60 million online scam network

Suspected head of an international criminal network, which took $60 million from victims, has been caught — following cooperation between authorities and cybersecurity firms.

interpol-online-fraud-investigation screen image www.intelagencies.com

Interpol worked with Nigerian authorities, Trend Micro and Fortinet on the investigation. (Image: Interpol)

The alleged head of an international network responsible for compromising the email accounts of businesses across the world and then using them to scam victims out of a combined $60 million has been arrested by Interpol.

Known as ‘Mike’, the 40 year-old Nigerian national behind the scams is suspected of deceiving thousands of victims, with one incident of this business email compromise scam resulting in one target being conned out of $15.4 million.

Interpol hopes physical border security will solve virtual borders

Although physical and virtual borders are vastly different, Interpol is already seeing results suggesting that it can apply the concept to online criminal activity.

‘The suspect headed a network of cybercriminals and hackers across Nigeria, Malaysia, and South Africa who used malware to compromise the accounts of small and medium-sized businesses then use the hijacked accounts — including those of executives — to carry out cyber fraud,” Interpol said.

Organisations in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US all had their email accounts compromised by the cybercriminal gang, which then used trust in emails from the hacked business to trick unsuspecting victims into transferring them money for items and services they would never receive.

The man accused of leading the operation was arrested in Port Harcourt, Nigeria, following collaboration between Interpol, the Nigerian Economic, and Financial Crime Commission (EFCC), using intelligence provided by cybersecurity firms Trend Micro and Fortinet.

Working with the Interpol Digital Crime Centre, Trend Micro — which has been sharing threat information with the global police since 2014 — and Fortinet were able to help locate the suspect in Nigeria, which then led to his arrest in June.

Following the arrest, a forensic examination of seized devices showed that he’d been involved in a range of cybercriminal activities, with two main schemes that used the compromised business email accounts, the agency said.

Firstly, the operation engaged in payment diversion fraud where a supplier’s email was compromised and used to send fake messages to the buyer, asking for payments to a bank account under criminal control.

The gang also engaged in CEO fraud, hacking email accounts of executives, and then using their privileges to request money be transferred, with the funds ending up in a bank account operated by the fraudsters.

In total, victims were scammed out of over $60 million, which was laundered through accounts in China, Europe, and the US in order to avoid detection. According to Interpol, business email fraud represents a significant growing threat with tens of thousands of companies having fallen victim in recent years.

“The public, and especially businesses, need to be alert to this type of cyber-enabled fraud,” said Noboru Nakatani, executive director of the Interpol Global Complex for Innovation.

“Basic security protocols such as two-factor authentication and verification by other means before making a money transfer are essential to reduce the risk of falling victim to these scams,” he added.

‘Mike’ and another suspect arrested in Nigeria face charges of hacking, conspiracy, and obtaining money under false pretences. Both are currently on bail as the investigation continues.

Hot_Russian_300_250

Henry Sapiecha

www.crimefiles.net

www.scamsfakes.com

Clinton Private Account Targeted in Russia-Linked Email Scam

This portion of an email from Hillary Rodham Clinton's private email account when she was secretary of state and released by the State Department on Sept. 30, 2015, shows an email Clinton received early in the morning on Aug. 3, 2011. The newly released emails show Russia-linked hackers tried at least five times to pry into Clinton's private email account while she was secretary of state. It is unclear if she clicked on any attachment and exposed her account. Clinton received the infected emails, disguised as speeding tickets, over four hours early the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets, which would have allowed hackers to take control of their computers. Security researchers who analyzed the malicious software have said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. (AP Photo/Jon Elswick)

This portion of an email from Hillary Rodham Clinton’s private email account when she was secretary of state and released by the State Department on Sept. 30, 2015, shows an email Clinton received early in the morning on Aug. 3, 2011. The newly released emails show Russia-linked hackers tried at least five times to pry into Clinton’s private email account while she was secretary of state. It is unclear if she clicked on any attachment and exposed her account. Clinton received the infected emails, disguised as speeding tickets, over four hours early the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets, which would have allowed hackers to take control of their computers. Security researchers who analyzed the malicious software have said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. (AP Photo/Jon Elswick)

Russia-linked hackers tried at least five times to trick Hillary Rodham Clinton into infecting her computer systems while she was secretary of state, newly released emails show. It is unclear whether she was fooled into clicking any attachments to expose her account.

Clinton received the virus-riddled emails, disguised as speeding tickets from New York, over four hours early on the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets – and opening them would have allowed hackers to take over control of a victim’s computer.

Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn’t necessarily mean Russian intelligence or citizens were responsible.

Nick Merrill, a spokesman for Clinton’s Democratic presidential campaign, said: “We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.”

Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton’s email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.

The phishing attempts highlight the risk of Clinton’s unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a “Ticket.zip” file that would have been a red flag.

Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves – many redacted heavily before public release – have provided no shocking disclosures thus far and Clinton has insisted the server was secure.

During Clinton’s tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.

Republican presidential candidate Marco Rubio told Fox News Channel on Wednesday, “The exposure of sensitive information to foreign intelligence agencies by communicating in an insecure manner is incompetent, it is malpractice, it’s inexcusable.”

The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to “telegraph” how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton’s own usage of a private email account and server.

The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department’s technology is “so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.” She said more funds were needed and that an opinion piece might make the point to legislators.

Clinton said the idea “makes good sense,” but her chief of staff, Cheryl Mills, disagreed: “As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail b/c it may encourage others who are out there.”

The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.

New York State police warned as early as July 2011 about emails containing warnings of traffic tickets that actually contained computer viruses.

Clinton received five copies between 1:44 am and 5:26 am on Aug. 3, 2011. They appeared to come from “New York State — Department of Motor Vehicles,” warning that a car registered to Clinton was caught speeding “over 55 zone” on July 5. Clinton had no public events in Washington that day, following the July 4 holiday. The email instructed the recipient to “print out the enclosed ticker and send it to town court, Chatam Hall, PO Box 117.”

The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing “top secret” information. Clinton had insisted that all of her work emails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-Gen. David Petraeus dating to her first days in office that she did not send to the State Department.

As part of Wednesday’s release, officials upgraded the classification level of portions of 215 emails, State Department spokesman John Kirby said. Almost all were “confidential,” the lowest level of classification. Three emails were declared “secret,” a mid-tier level for information that could still cause serious damage to national security, if made public.

“The information we upgraded today was not marked classified at the time the emails were sent,” Kirby stressed.

Source: Associated Press

ooo

Henry Sapiecha

Sex scam: Politicians and teachers targeted online

Fairfield mayor Frank Carbone has told of being targeted in an attempted scam image www.intelagencies.com

Fairfield mayor Frank Carbone has told of being targeted in an attempted scam. Photo: Wesley Lonergan

Politicians, teachers and others of “high standing” in NSW are being targeted in a “sexploitation” scam aimed at tricking them into compromising positions and forcing them to pay to protect their reputations.

A day after it emerged Deputy Premier Andrew Stoner reported a blackmail attempt to police, it can be revealed that Fairfield mayor Frank Carbone was also targeted in June in a strikingly similar case.

Cr Carbone believes his experience, during which he was asked to “connect” with a woman calling herself Pearl Wilson on the networking site LinkedIn, is an indication blackmailers are targeting Australian politicians.

A police source said the scam was “quite an extensive fraud” attempt that specifically sought out people of high standing in the community.

Police were aware of politicians, councillors and teachers among those targeted.

On Tuesday night, Channel Ten reported the extortionists also targeted a senior executive at Liverpool council, the general manager of a Central Coast council and a member of the military.

Asked to confirm this, a Liverpool council spokesman told Fairfax Media: “I don’t believe I can assist you with your inquiries.”

Channel Ten revealed on Monday night that Mr Stoner was the subject of a blackmail attempt via LinkedIn and reported the matter to police.

However, he has denied there were “images” involved.

In June, Cr Carbone received the connection request on LinkedIn from the person calling herself Pearl Wilson, who claimed to be an anti-child-trafficking advocate.

“Pearl” told Cr Carbone she was based in the United States and was “coming to Australia”. She encouraged him to download the Whatsapp Messenger mobile phone application, which he already had.

“She started sending ‘sexy’ photos,” Cr Carbone told Fairfax Media.

“I worked out what it was. She started to message me and I just ignored it, because I knew what she was trying to do. She said, ‘Why don’t you activate your camera and we can talk?'”

Through the application, Cr Carbone soon began receiving telephone calls from a mobile number based in Ghana, none of which he answered.

“The reason I’m on social media is because, as the mayor, people want to talk to me about all sorts of local issues,” Cr Carbone said.

“But I thought, ‘Who is this person? She’s trying to have a conversation with me from the USA. Why would I do that? What am I going to do, fix her garbage problem in America?'”

Cr Carbone believes “100 per cent” that he was targeted because of his job as mayor.

“You’ve got to be pretty stupid to fall for it,” he said. “I’m happily married. What you do is just ignore them.”

Mr Stoner alerted police in November 2014, shortly after he quit cabinet in anticipation of his retirement from politics at the March election.

Mr Stoner has said police told him not to discuss the matter.

On Tuesday, Premier Mike Baird said Mr Stoner’s experience was “a personal matter”, which Mr Stoner had never discussed with him.

“There’s nothing to suggest that what has taken place has in any way impacted his ministerial responsibilities,” Mr Baird said.

The police sources said the number of victims and the amount of money paid to scammers was unknown.

NSW police’s Robbery and Serious Crime Squad has investigated the scam but nobody has been charged.

A NSW Police spokesman said it would be “inappropriate to comment” about the investigation.
ooo

Henry Sapiecha

Cyber security firm says ‘hire us or else’ to clients….

keyboard hands image www.intelagencies.com

A cyber security firm allegedly used its relationship with a regulator to tell prospective clients they needed to hire them “or face the music”. Photo: Damian Dovarganes

A former employee of a cyber security firm says he lied about a data breach that ultimately cost a company its life.

Companies that experience a data breach can face hefty costs, from loss of reputation to regulatory action, higher insurance bills and civil lawsuits. The other hidden cost comes from security firms promising to mop up the mess.

Richard Wallace, a former investigator at security firm Tiversa​, told a federal court in the United States last week the company “doctored up” data breach information and used its relationship with a regulator to tell prospective customers “they need to hire us or face the music”.

Wallace testified in a case brought by the Federal Trade Commission against LabMD, a now defunct cancer-testing centre, which is facing charges that lax security led to the exposure of 10,000 records on a file-sharing network.

Tiversa’s technology scours file-sharing networks for evidence of leaked private information. It supplies that to customers in financial services, health and other sectors.

However, Wallace said Tiversa also gave “lists” to the FTC that were “scrubbed” of paying clients, which the regulator could then use to pursue enforcement action.

He also claimed the firm manipulated breach information to “make it look like data had spread to multiple places”.

Fairfax has seen a transcript of Wallace’s testimony, which calls into question an industry that promises to shield companies from security threats but also outlines incentives to deceive them.

“I have never before heard of such an unethical company that would actually shakedown another using cyber threats,” Ty Miller, chief executive officer of Australian security firm Threat Intelligence, told Fairfax.

“The only technique that appears to be generally accepted is when a security breach has already occurred and the victims of the attack are approached to inform them.”

But offering services under those circumstances is “questionable”, said Miller. “It still raises suspicion as to whether the security company performed the initial breach.”

LabMD’s chief executive officer Michael Daugherty​ told CNNMoney that the FTC’s lawsuit killed the business.

Daugherty hasn’t responded to questions by Fairfax, but he recently testified that the FTC used “extortionate” tactics to force a settlement that would have placed LabMD in a “hall of shame” that would doom the business.

Tiversa’s chief executive officer, Robert Boback, has a different take, telling Fairfax that Wallace embellished claims that it exaggerated breach information. He said Tiversa was compelled by the FTC to provide the lists and that its reports had nothing to do with LabMD’s demise.

“LabMD lost its business because of LabMD, and no one else. Every other company in the list that we were required to provide to the FTC is still in operation with no problems. That’s 83 of 84 companies.”

“Also, contrary to Wallace’s testimony, several companies on the list were in fact our customers. That demonstrable fact completely destroys LabMD’s and Wallace’s suggestion that we put companies on the list for not paying,” said Boback.

ooo

Henry Sapiecha

Crime and Corruption Commission (CCC) raids home of ex-detective Mick Featherstone who has alleged links to gambling scams

Crime and Corruption Commission (CCC) raids home of ex-detective Mick Featherstone who has alleged links to gambling scams image www.intelagencies.com

Investigators have raided the home of a former Queensland police detective alleged to have been involved in gambling scams worth millions of dollars.

The ABC’s 7:30 revealed last month that Mick Featherstone, a former Gold Coast detective turned private investigator, is being investigated by Queensland’s Crime and Corruption Commission (CCC) as part of a major probe into a network of Gold Coast-based sports betting syndicates.

The program detailed evidence obtained by the ABC showing Mr Featherstone’s close involvement in the setting up and running of online gambling companies alleged to have defrauded people across Australia of millions of dollars.

Officers from the CCC have since raided the Upper Coomera home of Mr Featherstone and his wife Zoei, removing phones and computer equipment.

Similar action was taken at the home of Mr Featherstone’s son Zach, who works for Phoenix Global, Mr Featherstone’s Southport-based private investigation company.

Henry Sapiecha