cyber crime
Latest
Russian hacker behind an elite crime forum pleads guilty to multiple charges
Last week, a well-connected Russian cybercrime boss, Aleksei Burkov, pleaded guilty to running an online criminal marketplace and a site that sold stolen credit and debit card data. What's even more intriguing, than the $20 million in fraudulent purchases that Burkov's site facilitated and the exclusive cybercrime ring he ran, is how badly Russia wanted to prevent Burkov from being extradited to the US.
DOJ charges two Russians with using malware to steal millions
Officials are offering a $5 million reward for information that leads to the capture of Maksim Yakubets of Moscow. Yakubets is one of two Russian nationals charged with cybercrimes that resulted in tens of millions in losses. The $5 million reward is the largest amount offered for a cyber criminal's capture to date.
US Treasury has 'serious concerns' Libra could be used for terrorism
The US government views cryptocurrencies, including Facebook-backed Libra, as a national security issue. In a press conference today, Treasury Secretary Steven Mnuchin said the Treasury Department has "very serious concerns" that Libra could be misused by money launderers, terrorist financiers and other bad players. While the concerns are not entirely surprising, they do make the US government's stance on cryptocurrency more than clear.
UK police arrest 57 people as part of 'cyber crime strike week'
What's the most effective way to discourage cyber crime across Britain? There's no definitive answer, but the latest tactic seems to be co-ordinating and publicising a concentrated blast of arrests. The UK's National Crime Agency (NCA) revealed today that 57 people have been taken into custody for suspected cyber crime offences this week, including distributed denial of service (DDoS) attacks, network breaches and data theft. The arrests were split into 25 separate operations across England, Scotland and Wales, involving local forces and officers from the NCA's National Cyber Crime Unit.
Google searches for criminals in bid to reduce global crime
Google's pretty much aced searching for your latest whim, so now it's turning its efforts to criminals. Working with the Council on Foreign Relations, the internet giant has been exploring ways of using its technology for the greater good. Yahoo reports that Google Ideas will meet with the CFR (and other groups) this week to develop global crime fighting strategies. Other attendees include Juan Pablo Escobar (son of Pablo,) assistant US defense secretary Andrew Weber and the DEA director of counter-terrorism Brian Dodd. Look out for the Google+ most wanted hangouts coming soon.
Hacker spites Symantec, puts pcAnywhere's source code out in the open
Symantec said that folks running its pcAnywhere utility were at an "increased risk" when it revealed that the company had been hacked and its source codes pilfered, and advised customers to stop using pcAnywhere for the time being. Sage advice, as a hacker with the handle YamaTough -- who's affiliated with Anonymous -- helped do the deed and has now published the code for all the world to see. Apparently, the hacker and hackee had attempted to broker a deal for $50,000 to keep the code private, but neither side negotiated in good faith -- YamaTough always intended to release the code, and law enforcement was doing the talking for Symantec to catch him and his hacking cohorts. The good news is, Symantec has released several patches to protect pcAnywhere users going forward. As for the stolen code for Norton Antivirus, Internet Security and other Symantec software? Well, the company's expecting it to be disclosed, too, but because the code is from 2006, customers with current versions can rest easy.
Water pump reportedly destroyed by SCADA hackers
The FBI and DHS are investigating damage to a public water system in Springfield, Illinois, which may have been the target of a foreign cyber attack. There's no threat to public safety and criminal interference has not been officially confirmed, but a security researcher called Joe Weiss has reported evidence that hackers based in Russia are to blame. He claims they accessed the water plant's SCADA online control system and used it to repeatedly switch a pump on and off, eventually causing it to burn out. Coincidentally, a water treatment facility was publicly hacked at the Black Hat conference back in August, precisely to highlight this type of vulnerability. If there are any SCADA administrators out there who haven't already replaced their '1234' and 'admin' passwords, then they might consider this a reminder.
Perfect Citizen: secret NSA surveillance program revealed by WSJ
Do you trust your government? Do you just support it like an obedient Britney Spears, steadfast to your faith that it will do the right thing? Your answer to those questions will almost certainly predict your response to a Wall Street Journal exposé of a classified US government program provocatively dubbed, "Perfect Citizen." Why not just call it "Big Brother," for crissake! Oh wait, according to an internal Raytheon email seen by the WSJ, "Perfect Citizen is Big Brother," adding, "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security." Histrionics aside, according to the WSJ, the "expansive" program is meant to detect assaults on private companies and government agencies deemed critical to the national infrastructure. In other words, utilities like the electricity grid, air-traffic control networks, subway systems, nuclear power plants, and presumably MTV. A set of sensors deployed in computer networks will alert the NSA of a possible cyber attack, with Raytheon winning a classified, $100 million early stage contract for the surveillance effort. Now, before you start getting overly political, keep in mind that the program is being expanded under Obama with funding from the Bush-era Comprehensive National Cybersecurity Initiative. The WSJ also notes that companies won't be forced to install the sensors. Instead, companies might choose to opt-in because they find the additional monitoring helpful in the event of cyber attack -- think of Google's recent run-in with Chinese hackers as a potent example. Like most citizens, we have mixed emotions about this. On one hand, we cherish our civil liberties and prefer to keep the government out of our personal affairs. On the other, we can barely function when Twitter goes down, let alone the national power grid.
EU Written Declaration 29 wants you to think of the children, hand over all your search results
Oh boy, the EU's back on the crusade path again. This time, the Brussels brain trust has decided it will end pedophilia, child pornography, and other miscreant activities by simply and easily recording everyone's search results. Because, as we all know, Google searches are the central cog by which the seedy underworld operates. Here's how Declaration 29 sees it: Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively. Directive 2006/24/EC is also known as the Data Retention Directive, and permits (nay, compels) states to keep track of all electronic communications, including phone calls, emails and browsing sessions. Describing the stupefying invasion of privacy that its expansion represents as an "early warning system," the European Parliament is currently collecting signatures from MEPs and is nearing the majority it requires to adopt the Declaration. Guess when Google does it, it's a horrible infraction of human rights, but when the EU does it, it's some noble life-saving endeavor. Unsurprisingly, not everyone is convinced that sifting through people's search results will produce concrete crime-reducing results, and Swedish Pirate Party MEP Christian Engstrom puts together a very good explanation of what Written Declaration 29 entails and why it's such a bad idea. Give it a read, won't ya?
Microsoft gives cops COFEE: free computer forensic tools
Cops doing computer forensic work already have a ton of tools to choose from, but Microsoft is doing its part to help out as well -- the company just revealed that it's been distributing a special thumb drive to cops in 15 countries to help them identify and extract information from suspects' computers. The drive, called COFEE for Computer Online Forensic Evidence Extractor, is in use by more than 2,000 officers, including some in the States, and Microsoft is giving it away for free, saying that its doing it not for profit but to "help make ensure the Internet stays safe." COFEE contains more than 150 commands that can be used to collect information, decrypt passwords, and poke through network activity, which helps alleviate the problem of having to remove and transport a suspect's computer for evidence purposes -- officers can just plug in the drive. There's no word on when Microsoft will start widely distributing the drives, but we'd assume it'll be soon.[Thanks, Yoshi]
