TweakTown NewsRefine News by Category:
Following an international manhunt dating back two-and-a-half years, the FBI's most wanted cybercriminal was captured in Pakistan earlier this year. Noor Aziz Uddin, a 52-year-old responsible for spearheading a global phone fraud ring, was one of the FBI's most wanted cybercriminals.
Despite traveling between the United Arab Emirates, Malaysia, Pakistan, Italy and New Jersey, Uddin's ability to hide began to unravel after federal Pakistani authorities received a phone number reportedly linked to him. The Federal Investigation Agency in Pakistan was able to use the phone's GPS coordinates, with help from Uddin's wireless service carrier, to pinpoint his exact location.
The arrest occurred successfully without any violence.
Employees infected with ransomware often panic and paying a ransom to the cybercriminals typically is easier than trying to restore files. The problem is a tad bit more complicated, because criminals are hacking files and forcing companies to choose between paying or suffering a data breach. Thirty percent of organizations would pay or negotiate a release of encrypted data, according to ThreatTrack.
Interestingly, that number goes up to 55 percent for companies that have suffered a similar incident in the past - revealing the need for proper employee education.
It's unknown how many companies actually suffer an extortion scheme, with many companies likely not reporting issues to the public or to law enforcement, said Stuart Itkin, SVP of ThreatTrack. Cyber extortionists are becoming better skilled, so trying to figure out how to negotiate with them is a struggle.
The Obama Administration wants to hit individuals and groups located outside the United States with financial sanctions if they launch cyberattacks taking aim at US economic stability, national security or the country's foreign policy.
The United States has a lot more to lose when compared to other countries in the current cyberwar landscape, and trying to find adequate defensive strategies has been difficult. However, Obama hopes its latest executive order, giving the US Treasury Department the ability to freeze assets, will make some cybercriminals think twice.
Anything from attacking critical infrastructure and using trade secrets for an advantage in the cyber landscape to disrupting computer networks and causing mass data breaches could lead to sanctions.
The GreatFire free-speech group says the Chinese government is using its incredible Internet infrastructure to launch cyberattacks. Many national governments are modernizing their cyberattack capabilities, and China is notorious for targeting political opponents.
GreatFire itself suffered a major distributed denial-of-service (DDoS) attack, and now GitHub and other companies are facing sophisticated cyberattacks. Not surprisingly, the Chinese government didn't respond to GreatFire accusations, though officials previously accused the group of being "anti-China."
If true, this is a new strategy from the Chinese government, which has been long suspected of organized cyberespionage. "The last couple months, we've seen a real sea change in Chinese Internet policy, where they've become more assertive about blocking Western sites and pushing back on their citizens' ability to access information from outside the country," said James Lewis, senior fellow of the Center for Strategic and International Studies.
Researchers from Check Point Software Technologies in Israel have found a surprising computer spying operation that "likely" originated from a government agency or political group operating inside of Lebanon.
The spy software, once installed via hijacked public websites, could steal personal and corporate information from victims.
"They are not 'script kiddies,'" said Shahar Tal, a researcher at Check Point Software Technologies, in a statement published by Reuters. "But we have to say in terms of technical advancement, this is not NSA-grade. They are not replacing hard drive firmware."
It's getting more difficult to identify and track terror groups online, with the Dark Web and file encryption proving effective.
It's up to tech companies to think about the supposed damage facing police agencies and federal investigators, said Rob Wainwright, director of Europol, while speaking to 5 Live Investigates. Using forms of encrypted communications helps terrorists avoid detection while corresponding with one another.
"With the right resources and cooperation between the security agencies and technology companies, alongside a clear legal framework for that cooperation, we can ensure both national security and economic security are upheld," said a spokesperson with TechUK, a UK technology trade organization.
Two former agents have been charged with stealing money while conducting an undercover investigation against Silk Road.
Carl Mark Force IV was a Drug Enforcement Administration (DEA) agent and Shaun Bridges worked for the US Secret Service - accused of taking bitcoins and converting them into cash, and then depositing it into their own accounts. Bridges allegedly ended up stealing more than $800,000 in bitcoins.
Force has been charged with wire fraud, money laundering and theft of government property, while Bridges has been charged with wire fraud and money laundering. Both men were part of a task force in Baltimore assigned with investigating Silk Road - and both men have resigned from their respective agencies, with additional details expected in the future.
Cybercriminals were able to gain access to thousands of British Airways Executive Club frequent-flyer accounts. It doesn't appear any personal information was viewed or taken during the breach, and British Airways has frozen accounts while an investigation is underway.
"British Airways has become aware of some unauthorized activity in relation to a small number of frequent-flyer executive club accounts," a British Airways spokesperson confirmed to The Guardian.
It remains unknown who is responsible for the Executive Club system intrusion.
The GitHub coding website has suffered from a distributed denial-of-service (DDoS) cyberattack onslaught that lasted more than four days. It appears China could be behind the attack, as search traffic for Baidu, the top search engine in China, was rerouted and meant to take aim at GitHub.
Specifically, all of the Baidu traffic went to GitHub pages that had copies of websites currently banned in China. Baidu noted that its networks weren't compromised in the attack, and claims it wasn't involved in the DDoS siege of GitHub, though cybersecurity researchers say Chinese government officials have to be involved.
Since the attackers were able to direct high volumes of traffic tied to the Chinese Internet infrastructure to GitHub, "it had to be someone who had the ability to tamper with all the Internet traffic coming into China," F-Secure chief research officer Mikko Hyponen told the Wall Street Journal.
A single Command and Control server could be responsible for running a botnet using a number of different malware programs to infect users. It appears the cybercriminals are infecting as many machines as possible, and the botnet can be sold or rented to clients - spreading via manipulated Word documents attached to emails.
Security firm G DATA found a fake rail card invoice is one tactic criminals are using to help infect new victims. Instead of being an actual rail card invoice, however, the installed malware builds up a botnet, as criminals are able to remotely hijack infected PCs.
"The malware behaves like a matryoshka doll on the system," said Ralf Benzmuller, head of G DATA SecurityLabs. "It gradually reveals its potential and actual aim. We suspect that the infected systems are intended for use as zombie PCs in the Andromeda/Gamarue botnet."