TweakTown NewsRefine News by Category:
Following years of burying their heads in the sand, lawmakers in the United States are finally taking cybercrimes seriously. As noted in the "Gangs Beyond Borders: California and the Fight Against Transnational Organized Crime" report released by California Attorney General Kamala Harris.
The state of California led all states in organized attacks, with computer systems under threat from malware.
"With the rise of a global society connected by the Internet, criminal rings organized to commit hacking, fraud, pirating and other high-tech crimes across borders have rapidly profilerated," the report notes. "These rings operate frequently from Eastern Europe, but also from places as diverse as West Africa and China, and specifically target the citizens, computer networks, and companies of prosperous countries like the U.S."
The report notes both cybercrime and cyber-based threats such as phishing compromise users in the United States and across the world. For example, "Operation Phish Phry" stole more than $1 million, but once the group was busted, 100 hackers faced charges.
aThe NSA wants to be engaged in the continued global discussion of security and secrecy in the digital age, forced to the table following countless complaints of violating user privacy, according to NSA deputy director Richard Ledgett.
The NSA continues to face pressure from Internet users, foreign citizens, political leaders and tech companies, forcing the intelligence agency to go on the defensive. To help try and appear more transparent, there is a current proposal for the NSA to release transparency reports helping give insight into NSA operations.
Ironically, Ledgett said the NSA wanted to share a public point of view during TED to help counter the "half-truths and distortions" made public by Snowden. Ledgett also said Snowden put lives at risk, showing "the bad guys" some of the NSA's cybersecurity and snooping methods.
"If our adversaries see our methods they will move away from using them," Ledgett said. "We have evidence that terrorists, smugglers and nation states have moved away. We are losing visibility into what our adversaries are doing."
Google plans to roll out necessary encrypted HTTPS connection so user emails are encrypted when data is transferred over Google networks.
The 100 percent mandatory e-mail change will prevent outsiders from accessing email messages as all sent and received messages are encrypted while they bounce around servers and data centers.
"Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email," said Nicolas Lidzborski, Gmail Security Engineering lead, in a blog post. "Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers - no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet."
Following revelations of widespread and organized NSA spying, Internet users have increased pressure on Internet companies to offer better protection.
Compromised web servers infected with Linux-based malware have been used to target visitors by spreading Windows malware, with up to 25,000 suspected cases in the past two years, researchers note.
Network operators and IT specialists have been informed to look out for select Linux malware, to ensure they haven't been caught up in the Operation Windigo cybercrime effort. The server takeover campaign still is running up to 10,000 hacked servers, which are used to distribute malware, send spam, and infect users with sophisticated rootkit exploits.
"There are two kinds of victims here: Windows end-users visiting legitimate websites hosted on compromised servers, and Linux/Unix server operators whose servers were compromised through that large server-side credential stealing network," researchers note.
Four European research groups helped compile the information, as the cybercriminals behind these threats are clever and don't leave behind a big electronic signature for investigators to follow.
At the request of Swiss authorities, Farid Essebar, working under the codename "Diabl0" was arrested in Thailand by the Department of Special Investigation (DSI), Office of the Attorney General, and the Immigration Bureau.
The Russian-born hacker from Morocco allegedly broke into bank computer networks and hacked bank websites in Switzerland, racking up more than $4 billion in damages to banks and customers in 2011.
"We arrested the suspect at a condominium on Rama IV Road," authorities said in a statement. "Next Thailand will send him to Switzerland within 90 days in accordance with the extradition agreement.
This isn't Diabl0's first run-in with law enforcement, after the hacker was arrested in 2005 for his role in helping create the Zotob computer worm - a nasty cyber effort that targeted Microsoft Windows 2000 and XP users across the world.
Convicted teenage hacker Jared James Abrahams has been sentenced to 18 months in federal prison following two years of compromising online accounts of women he later blackmailed. The 19 year old pleaded guilty last November to one count of unauthorized access of a computer and three counts of extortion, and reportedly broke into around 150 online accounts.
Abrahams grabbed headlines after he compromised Miss Teen USA 2013 winner Cassidy Wolf, in which he accessed her computer and used their webcams to photograph them.
"As digital devices, email accounts, and social media accounts now contain the most intimate details of the public's daily lives, the impact of this type of hacking and extortion becomes more pronounced, troubling, and far-reaching," the U.S. Department of Justice noted. "In some cases, this type of criminal behavior can be life-changing for the victims - especially for vulnerable victims who may feel it is impossible to rebuild their tarnished reputations."
Users need to be more diligent in the type of images, videos, and other personal information they share online - and ensure they keep accounts password-protected with hard-to-guess passwords - and have updated anti-virus and anti-malware software. As Abrahams showed, it's not a bad idea to keep webcams covered when not in use, as well.
Malware tormented users at record levels in 2013, with 20 percent of all malware ever created just last year alone, averaging 82,000 new threats per year, according to Panda Security.
Cybercriminals are targeting both PCs and mobile devices, and custom pieces of malware such as ransomware also are increasing in popularity. Seven of 10 new security threats were customized Trojans, with 21 million new variants created and released into the wild in 2013.
"It seems that cybercriminals managed to infect more computers with Trojans in 2013 than in previous years," according to Panda Labs. "In 2011, Trojans accounted for 66 percent of all computer infections, whereas this percentage rose to 76 percent in 2012. The growing trend was confirmed in 2013."
Although malware is a global problem, China, Turkey and Ecuador face the highest number of infections, according to Panda Labs, with nine of the 10 least infected countries found in Europe.
Network hardware and cloud company Barracuda Networks announced the Threatglass website, an online tool designed for security specialists to browse, share and analyze website malware.
The website is designed to help show visitors detailed information of activities on malicious websites, and also includeds screenshots of the browser, e-mails sent, and number of domains and objects requested.
"'Good sites gone bad' is a daily problem for popular websites targeted by attackers and used to serve malware to their unsuspecting visitors," said Dr. Paul Judge, Barracuda Networks chief research officer, in a press statement. "Threatglass was designed for both casual users and the research community to provide a way to document and better understand this ongoing problem."
In a time of continued cyber threats, the Barracuda Threatglass resource will prove to be an interesting place to view infection incident reports. Visitors have the ability to view the most recent group of compromised sites, and screenshots are hidden until users choose to view them - because quite a few compromised websites have pornography or other adult content.
Australian Foreign Minister Julie Bishop's official Twitter account was recently hacked, with Bishop confirming the breach. The fake tweets:
Bishop responded by saying ,"Yes my Twitter account has been hacked/compromised." Not surprisingly, the fake tweets were quickly deleted, passwords reset, and Bishop will be able to continue her job normally.
Typically just an annoyance when a high-profile figure is publicly hacked, though the fake links posted on Bishop's page led to a replicated Twitter login page. The links are no longer active, but it's unknown how many users mistakenly entered username and password information.
Creative cybercriminals use hacked accounts to try and phish followers, or steal personal information, which is easier to do when a Twitter user is high-profile - and has a large number of followers - which means users must always keep vigilant.
Cybercriminals plague regular consumers and businesses, impacting millions of users and costing companies billions, but even they aren't immune from attack.
One of the Rescator websites, which was one of two websites used to help sell bulk credit cards from the Target breach, had the following message to greet potential customers: "Hi subhumans and miscreants, your fraud site is gone now. Go away."
The websites are now back online.
Rescator has been responsible as a clearinghouse to sell stolen credit and debit card information from Target, Sally Beauty Supply, Neiman Marcus, and other compromised retailers. The website domains point towards websites based in the former Soviet Union, Colombia, and Cocos Islands.