Archive for the ‘Cybercrime’ Category

http://blog.whitehatsec.com/interview-with-a-blackhat-part-1/

http://blog.whitehatsec.com/interview-with-a-blackhat-part-2/

http://krebsonsecurity.com/2013/05/nc-fuel-distributor-hit-by-800000-cyberheist/

http://www.nytimes.com/2013/05/23/world/asia/in-china-hacking-has-widespread-acceptance.html

http://www.pcworld.com/article/2039480/us-power-companies-under-frequent-cyberattack.html

http://www.fbi.gov/newyork/press-releases/2013/manhattan-u.s.-attorney-and-fbi-assistant-director-in-charge-announce-arrest-of-new-york-police-department-detective-for-computer-hacking

This Cyber Security Lab has been optimally designed to tackle the challenges of Cyber Security in a comprehensive and multidisciplinary way. TNO’s CSL offers highly promising cyber-innovation projects not only its existing expertise but also the technical facilities and a safe working environment.

More:
http://www.tno.nl/content.cfm?context=overtno&content=persbericht&laag1=37&item_id=201305170019&Taal=2

Dutch language news article:
http://webwereld.nl/beveiliging/77804-banken-gaan-rekeningen-internetcriminelen-sneller-blokkeren

Previously:

Dutch Judge: ING Bank Cannot Be Forced To Hand Over Personal Details Of Pirate Site Operator To BREIN
http://vrritti.com/2013/05/17/dutch-judge-ing-bank-cannot-be-forced-to-hand-over-personal-details-of-pirate-site-operator-to-brein/

BREIN Threat Of Criminal Prosecution Meaningless Because Dutch Government Issued Guideline Never To Criminally Prosecute Online Piracy
http://vrritti.com/2012/06/28/brein-threat-of-criminal-prosecution-meaningless-because-dutch-government-issued-guideline-never-to-criminally-prosecute-online-piracy/

Dutch ING Bank has agreed to pay a $619 million penalty for moving billions of dollars through the U.S. financial system at the behest of Cuba, Iran, Myanmar, Libya and Sudan, falsifying the records of New York financial institutions
http://vrritti.com/2012/06/13/dutch-ing-bank-has-agreed-to-pay-a-619-million-penalty-for-moving-billions-of-dollars-through-the-u-s-financial-system-at-the-behest-of-cuba-iran-myanmar-libya-and-sudan-falsifying-the-records-o/

Pirates and black hats both cowards when AFK. 4 Italian Anonymous members have been arrested after 10 homes were raided. 6 others under investigation

Dutch language news article:
http://webwereld.nl/beveiliging/77806-opgepakte-italiaanse-anonymous-leden-leidden-dubbel-leven

http://www.theregister.co.uk/2013/05/17/lulzsec_analysis/

Security researchers from Trend Micro have uncovered an active cyberespionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organizations from more than 100 countries.

The operation, which Trend Micro has dubbed SafeNet, targets potential victims using spear phishing emails with malicious attachments. The company’s researchers have investigated the operation and published a research paper with their findings Friday.

More:
http://www.pcworld.com/article/2039011/researchers-uncover-new-global-cyberespionage-operation-dubbed-safenet.html

http://www.infowars.com/cia-connected-saic-awarded-government-cyber-security-contract/

Dutch anti-piracy organization BREIN wanted to learn who is operating pirate platform FTD World. The organization tried to have a judge force ING Bank to hand over personal details related to an FTD bank account.

The Netherlands is widely regarded as a safe haven for the likes of pirates, hackers and other (cyber)criminals due to:

  • the availability of cheap and high quality hosting facilities without a need for (proper) identification of customers;
  • anonymous payment services;
  • lack of government intervention or pro-active measures;
  • non-deterrent legal sanctions;
  • low or non-existing fines.

Dutch language news article:

http://www.nu.nl/tech/3476631/ing-hoeft-persoonsgegevens-ftd-niet-brein-geven.html

See also:
http://vrritti.com/?s=ftd+brein

and

BREIN Threat Of Criminal Prosecution Meaningless Because Dutch Government Issued Guideline Never To Criminally Prosecute Online Piracy
http://vrritti.com/2012/06/28/brein-threat-of-criminal-prosecution-meaningless-because-dutch-government-issued-guideline-never-to-criminally-prosecute-online-piracy/

Convicts: Ryan Cleary, Jake Davis, Mustafa al-Bassam and Ryan Ackroyd

Targets included the CIA, the U.S. Air Force, Sony Pictures, games maker EA, News International and the UK’s Serious Organised Crime Agency

  • hacking into the US Air Force’s computers and possession of indecent images of babies and children;
  • possession of images showing child abuse;
  • stealing emails, credit card details and passwords from their targets’ computer servers and crashing victims’ websites with distributed denial of service (DDoS) attacks;
  • providing the software to carry out attacks and posting stolen data online;
  • stealing data from Sony;
  • redirecting visitors trying to visit the Sun newspaper’s site to a fake story about News Corp chairman Rupert Murdoch committing suicide;
  • an unauthorised act to impair the operation of a computer;
  • hacking and launching cyber-attacks against organisations including the CIA and Soca.

More:
http://www.bbc.co.uk/news/technology-22552753

http://www.theregister.co.uk/2013/05/16/apprenticeship_cyber_security/

http://www.reuters.com/article/2013/05/15/britain-hackers-lulzsec-idUSL6N0DW3N320130515

http://www.fbi.gov/newark/press-releases/2013/organizer-of-international-securities-fraud-ring-sentenced-to-prison-for-using-hackers-to-falsely-inflate-stock-prices

http://www.dailydot.com/news/andrew-weev-auernheimer-prison-letter/

http://rt.com/news/bloomberg-spying-scandal-bernanke-geithner-180/

Bloomberg has blocked its journalists from eavesdropping on users of its financial data terminals after it emerged that reporters were obtaining stories through their snooping.

Financial services firms, including merchant banks, pay about $20,000 a year to rent each Bloomberg terminal. Thousands of traders in stock exchanges around the world use the terminals to obtain real-time data from multiple financial markets, as well as access to news and instant messaging features.

CNN reports that a Bloomberg reporter asked a Goldman executive if a partner at the bank had recently left, after noting that the partner hadn’t logged into his Bloomberg terminal in some time. Goldman insiders later discovered that journalists at Bloomberg could access login records for Bloomberg’s proprietary terminals, as well as seeing how many times individual users had used particular functions.

Surreptitious access to the terminals had been possible for years, as a hangover from the 1990s when Bloomberg’s reporters also formed part of its sales operation.

More:

http://www.theregister.co.uk/2013/05/13/bloomberg_customer_data_access_snooping_blocked/

http://analysisintelligence.com/cyber-defense/temporal-signatures-of-hacker-organizations/

A West Side man suspected of helping crash Sony’s online game servers worldwide in 2008 will spend a year on house arrest. But not for the hacking.

Instead, Todd M. Miller, 23, was sentenced yesterday in federal court for obstructing a federal investigation because he smashed his computers, halting an FBI investigation into his hacking. U.S. District Judge Peter C. Economus said Miller was part of the KCUF clan, a group of hackers who organized an attack on Sony’s computer servers in San Diego in 2008 and beyond. After the FBI interviewed Miller in 2011, they returned with a search warrant and found that his hard drives were missing and he had smashed his computers.

Without the computers, the FBI did not have enough evidence to pursue hacking charges against Miller and another unnamed Columbus man, according to court records. Miller, who has a ninth-grade education, told the judge that he was “immature and ignorant and caught up with the wrong people at the wrong time” when he destroyed the computers. He said he has learned his lesson.

“You will not see me again,” he told Economus.

The judge also sentenced him to three years probation and ordered him to get his high-school equivalence certificate. Miller could have been sentenced to 20 years in prison and fined $250,000. Economus told Miller he could “see no purpose in sentencing you to prison” because Miller has a full-time job and some stability in his life after a tumultuous childhood.

http://www.dispatch.com/content/stories/local/2013/05/09/suspected-hacker-sentenced-sony-game-servers.html

http://www.perthnow.com.au/technology/teenage-hackers-in-australian-federal-polices-sights/story-fnhod56e-1226640627727

http://www.infowars.com/germany-arrests-two-dutch-citizens-in-cyber-bank-heist/

http://www.infowars.com/the-us-government-might-be-the-biggest-hacker-in-the-world/

The gang first struck December 22 when hackers targeted a credit card processor in India that handled transactions for prepaid MasterCard debit cards issued to customers of the National Bank of Ras Al-Khaimah PSC, or RAKBANK, in the United Arab Emirates. They handed off the stolen data for five accounts to cashers in 20 countries who withdrew $5 million in cash in more than 4,500 ATM withdrawals.

Lajud-Pena’s gang in New York was responsible for more than half of that, allegedly siphoning $2.8 million from more than 750 Manhattan ATMs in a coordinated heist that lasted 2.5 hours.

The gang struck again on February 19, beginning around 3pm and continuing until 1:30 the next morning. The hackers targeted a different bank card processor this time, based in the U.S., that handled transactions for the Bank of Muscat in Oman. They handed off data for just 12 card prepaid card accounts to cashers in 24 countries who, within 10 hours, made off with about $40 million in a coordinated operation involving 36,000 ATM withdrawals.

Lajud-Pena’s gang was allegedly responsible for about $2.4 million of that booty.

More:
http://www.wired.com/threatlevel/2013/05/bank-cashing-suspect-killed/

http://www.zdnet.com/revenge-hack-put-5-5-million-domain-names-allegedly-at-risk-7000015107/

http://gawker.com/sex-and-the-city-creator-hacked-new-book-leaked-493801177

http://arstechnica.com/security/2013/05/no-joke-the-onion-tells-how-syrian-electronic-army-hacked-its-twitter/

  • The Dutch government does NOT take cyber security risks seriously;
  • Politicians and officials are denying and ignoring the problems;

Professor Van Till states:

“It’s incredible that there are still so many people in high places that have absolutely no clue about networks”

“People don’t need to have knowledge about everything. But they do need more knowledge than they currently have. And otherwise they should go and play golf or something.”

In addition to those embarrassing observations, CEO Ronald Prins of Fox-IT stated: “The Netherlands is lacking direction on a high level. People are only learning on the basis of security incidents.”

He also argued that the Dutch government will only take action after the fact. The country is lacking a mechanism for proactive and preventative action…

Dutch language news article:
http://www.telegraaf.nl/digitaal/21549331/__Gevaren_internet_ontkend__.html

People and businesses are more and more doing the exact opposite of what they have promised or are supposed to be doing…

  • fake academics, doctors and psychologists;
  • fixed football matches;
  • corrupt politicians;
  • corrupt judges;
  • priests and youth care workers engaging in sexual abuse of children;
  • product manufacturers intentionally selling products that do not live up to promises or are completely fraudulent;

Showing one’s vulnerability is no longer being tolerated. Ideals are no longer being appreciated.

Dutch language news article:
http://www.elsevier.nl/Nederland/blogs/2013/5/De-roep-om-een-eerlijke-samenleving-wordt-steeds-groter-1248314W/

 

  • one digital market will benefit all;
  • copyright law needs to be simplified;
  • more online business models equals less piracy;
  • her adviser Prince Constantijn: too many successful start-ups are being bought by non-European companies;
  • start-ups will be offered more tax benefits and investing in start-ups will become more attractive;
  • the battle against cybercrime has to be won through better cooperation;
  • businesses need to notify authorities about security breaches;

Dutch language news article:
http://www.nu.nl/internet/3417424/kroes-wil-legaal-media-aanbod-stimuleren-piraterij.html

http://cylance.com/techblog/Googles-Buildings-Hackable.shtml

Holder will be in New Zealand to join the Quintet meeting with his four counterpart Attorneys General from Australia, Canada, New Zealand and England, Wales and Northern Ireland.

But Kim Dotcom — the notorious Auckland-based, German-born internet entrepreneur and founder of the massive global file-sharing websites Megaupload and Mega — is working hard to ensure that Holder’s fleeting visit is neither unnoticed nor routine. Kim Dotcom is offering $500 to anyone who can capture footage of Holder in Auckland and set it to music — specifically Dotcom’s own Megaupload song.

Dotcom has a gripe with Eric Holder. It is the United States Attorney General who is leading the effort to extradite Kim Dotcom to the United States to face copyright, racketeering, money-laundering and other charges, laid out in a 72-page indictmentfiled by the United States government last year.

More:
http://www.theglobalmail.org/feature/dirty-tricks-dotcom/610/

See also:
http://in.reuters.com/article/2013/05/03/usa-courts-holder-megaupload-idINDEE94200920130503

People with computer skills can engage in all sorts of legal and illegal activities on behalf of all sorts of “friends”. Cyber criminals are always looking for a variety of opportunities while enforcement authorities leave it to the “illegal act” and related section(s) in the national penal code to decide whether or not they will act against cyber criminals (and their “associates”)…

In November “MG” was interrogated again but refused to have a lawyer present. After being shown chatlogs he told his interrogators that “tLt” was Gottfrid Svartholm.

Evidence also gathered from MG included forensics on his cellphone which revealed tools for cracking WiFi networks. Text documents within them contained the exact same login credentials used to access Logica’s servers. The same data was found on his Ubuntu One cloud storage account. MG later went on to admit that he had used the name “diROX” online.

MG denied that he’d downloaded any data through the tax intrusions but admitted carrying out queries on his friends. The interrogator asked ‘MG’ if those friends are members of the “Hells Angels” – MG said that was possible.

What followed next was an exchange where MG implied he was scared for his safety so couldn’t say anything more. His interrogators suggested things were still going to look bad for him with his ‘friends’ whether he cooperated or not. MG’s lawyer stepped in and put an end to the approach.

(…)

Gottfrid also admitted to owning two computers, a desktop and a Macbook, that were found in his Cambodia apartment. He said the computers were used as servers, not by him personally, and were accessed via the Internet by individuals he admitted knowing and meeting.

“These people then, who have accessed [the servers]. Do you want to say something about them?” the interrogator asked.

Gottfrid responded “No…[..] because I fear for my own life.”

Much more:
http://torrentfreak.com/mpaa-lawyers-computer-account-used-in-pirate-bay-founder-hacking-case-130504/

See also:
http://vrritti.com/?s=svartholm

http://www.wired.com/threatlevel/2013/05/spyeye-zeus-botmaster-indicted/