TweakTown NewsRefine News by Category:
The Anonymous hacker collective has taken over control of the Ku Klux Klan, after the KKK and Anonymous engaged in a public war of words. The group began to release documents related to the names, dates of birth, addresses, phone numbers, and email addresses of KKK members in the Ferguson and St. Louis area of Missouri - as the region prepares for possibly violent protests related to the case against Ferguson officer Darren Wilson.
16 NOV 2014 09:11:47November 16, 2014
Before Anonymous gained control of the account, tweets included the following statements: "Why are you trying to kill my freedom of speech @YourAnonCentral? I thought you Anons were all about free speech. Cowards!" and "We are continuing to read Anonymous threats with much amusement. Still no action taken. #Cowards #HoodsON"
The Dickson County Sheriff's Office was compromised by the Cryptowall ransomware, with IT staff forced into paying a $500 ransom to have files unlocked. A streaming radio station was being played by a staff member, when he or she accidentally clicked on an ad that had malicious code - and Cryptowall was installed.
"Every sort of document that you could develop in an investigation was in that folder. There was a total of 72,000 files," said Detective Jeff McCliss, Dickson County Sheriff's Office IT director. "Is it better to take a stand and lose all that information? Or make the payment grit your teeth and just do it? It made me sick to have to do that."
Ransomware continues to plague companies - especially if they don't have recently backed up data - as infection typically begins with a social engineering phishing email. Employees are the first line of defense, and are all too quick to begin clicking file attachments and suspicious links in emails.
A hacker accused of spreading malicious code in the Tor network likely is a state-sponsored hacker being funded by the Russian government, according to security companies. Leviathan Security indicated the hacker had control over a Tor exit node located in Russia, and was able to inject the OnionDuke malware.
Not surprisingly, MiniDuke appears to have traces back to the Russian government - one of the largest state sponsors of organized cyberattacks - typically looking to compromise governments and private companies in the United States, Eastern and Western Europe.
"We have also uncovered strong evidence suggesting that OnionDuke has been used in targeted attacks against European government agencies, although we have so far been unable to identify the infection vector(s)," according to F-Secure.
Police authorities in Beijing have detained three suspects accused of creating the "WireLurker" malware targeting Apple iOS and OS X computers and mobile devices in China. The Chinese security firm Qihoo 360 Technology provided a tip that led to the arrest of three suspects, Chen, Wang and Li, and all three have been charged with the creation and distribution of WireLurker. It appears WireLurker was created to generate monetary profits for the organizers, which wouldn't be a surprising confirmation that cybercriminals are racking up large amounts of profits from cybercrimes.
Apple moved quickly to block the WireLurker malware from spreading any further, and recommended users only download apps from trusted sources.
It's ironic that China, believed to be one of the largest state sponsors of organized cyberattacks against the Western world, moved so quickly to arrest the creators of WireLurker - the malware victimized Chinese users only, and didn't have a widespread presence outside of the country.
A member of the Carder.su cybercrime ring, Cameron Harrison, 28, working under the name "Kilobit," was sentenced to 115 months in prison for his role in the international fraud ring. Harrison previously pleaded guilty to racketeering and trafficking of false identification documents, and must also pay $50.8 million in restitution to victims.
Harrison was found in possession of more than 260 compromised payment cards, and purchased personal data - while also processing credit cards - which he purchased from other Carder.su members. The ring leader of the cybercrime group was sentenced to more than 20 years in prison earlier this year, showing the government wants to hand out stiffer prison sentences to cybercriminals.
"This significant sentence is entirely fitting given that this defendant's actions and those of the larger criminal organization harmed countless innocent Americans and seriously compromised our financial system," said Peter Edge, executive associate director of the Homeland Security Investigations (HSI). "Criminals like this defendant who believe they can elude detection by hiding behind their computer screens here and overseas are discovering that cyberspace affords no refuge from American justice."
Security threats continue to give IT professionals headaches, but hardware failure, lost data, and other potential problems are often overlooked. Even though almost nine out of 10 IT professionals have lost data, half of respondents don't back up data because they forgot to do it, according to a new survey published by the CloudBerry Lab backup and management solutions company.
Furthermore 88 percent of IT professionals suffered lost data due to hardware failure, data corruption, malware or accidental deletion. In a rather surprising finding, 38 percent have never bothered to test recoverability of backed up data, while 47 percent end up waiting up to one month before backing up data.
Depending on the type of business, IT professionals recommend at least weekly data backups - though some industries should have critical information backed up on a daily basis. CloudBerry Lab found 32 percent of IT professionals understood they weren't protected or were unsure if their backups were secured with encryption, password protection, or some other type of security protocol.
A large number of online security threats emerge from Asia, and while many state-sponsored groups aim at committing data breaches, stealing username and passwords also is a popular operation. To counter these threats, SecurEnvoy hopes its tokenless two-factor authentication helps keep passwords on PCs and mobile devices secure, providing a new layer of security for login procedures.
In addition to usernames and password or PINs that must be entered, further authentication is required using a passcode. The smartphone is used as a token, with users requesting passcodes to be sent by voice phone call, email, SMS or soft token apps.
"Users of conventional two-factor authentication will be thrilled by SecurEnvoy's tokenless method," said Desmond Teo, Infinite Data Sdn Bhd Managing Director. "Inflexible and expensive network logins using physical tokens such as smart cards are now a thing of the past. The straightforward two-factor authentication procedure using a smartphone and the additional security provided by the SecurEnvoy solutions make things easy for us as an ICT distributor."
The FBI's Internet Crime Complaint Center (IC3) has received 6,800 complaints of online ad fraud-related activity, costing consumers upwards of $20 million from June 2009 to June 2014. The criminals post fake Internet ads for cars, boats, heavy equipment and other expensive items, with each ad including a fake phone number.
Once a criminal has someone lured in, they respond with a text message and ask for an email address - and the criminal tells the victim a deal needs to be put together rapidly, typically saying they will use eBay as a legitimate means for transaction completion. Unfortunately, instead of using eBay, the victim wires or otherwise transfers money to the perpetrators and no longer receives follow-up contact once the deal is done.
These types of Internet scams are typical - but as cybercriminals continue to evolve their tactics - Internet users need to be extremely careful when making purchases. Try to verify seller information, look into company policies, and if a deal is too good to be true, it probably is. Possible scam victims can report incidents to the IC3 website.
Privacy experts would like to see GCHQ boss Robert Hannigan stop criticizing technology companies and be more open about British government surveillance activities. Hannigan previously said digital privacy is not an "absolute right" for Internet users, and wants tech companies to essentially stop aiding terrorists.
"Given everything we've learned in the past 18 months, he chose not to address at all the very serious things that GCHQ stand accused of: blanket surveillance of the UK population with public knowledge and without parliamentary knowledge, [and] receiving warrantless bulk intercepts from the NSA on US and people around the world," said Annie Machon, former MI5 intelligence officer and whistleblower.
Following former NSA contractor Edward Snowden's disclosures regarding widespread - and organized - NSA and GCHQ spying practices, there has been continued criticism of government agencies.
The Romanian hacker known as "Guccifer," Marcel Lazar Lehel, is serving a seven-year prison sentence for numerous cybercrime-related charges. Prior to his arrest, the hacker became increasingly paranoid, even smashing his PC hard drive and mobile phone, as an international manhunt for the brash self-taught cybercriminal was underway.
"I was expecting them, but the shock was still very big for me," the hacker recently said. "It is hard to be a hacker, but even harder to erase your tracks."
After being sentenced in Romania, the hacker was also indicted in the United States, but extradition still seems unlikely at this point in time. Rather than rely on malware and social engineering attacks, Lazar used patience and trial and error while guessing correct passwords to compromise Romanian politician Corina Cretu, former US President George W. Bush, and Colin Powell.