International Business E-Mail Compromise Takedown

Today, federal authorities—including the Department of Justice and the FBI—announced a major coordinated law enforcement effort to disrupt international business e-mail compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals.

Operation WireWire—which also included the Department of Homeland Security, the Department of the Treasury, and the U.S. Postal Inspection Service—involved a six-month sweep that culminated in over two weeks of intensified law enforcement activity resulting in 74 arrests in the U.S. and overseas, including 42 in the U.S., 29 in Nigeria, and three in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers.

A number of cases charged in this operation involved international criminal organizations that defrauded small- to large-sized businesses, while others involved individual victims who transferred high-dollar amounts or sensitive records in the course of business. The devastating impacts these cases have on victims and victim companies affect not only the individual business but also the global economy. Since the Internet Crime Complaint Center (IC3) began formally keeping track of BEC and its variant, e-mail account compromise (EAC), there has been a loss of over $3.7 billion reported to the IC3.

BEC, also known as cyber-enabled financial fraud, is a sophisticated scam that often targets employees with access to company finances and trick them—using a variety of methods like social engineering and computer intrusions—into making wire transfers to bank accounts thought to belong to trusted partners but instead belong to accounts controlled by the criminals themselves. And these same criminal organizations that perpetrate BEC schemes also exploit individual victims—often real estate purchasers, the elderly, and others—by convincing them to make wire transfers to bank accounts controlled by the criminals.

Foreign citizens perpetrate many of these schemes, which originated in Nigeria but have spread throughout the world.

During Operation WireWire, U.S. law enforcement agents executed more than 51 domestic actions, including search warrants, asset seizure warrants, and money mule warning letters. And local and state law enforcement partners on FBI task forces across the country, with the assistance of multiple district attorney’s offices, charged 15 alleged money mules for their roles in defrauding victims.

Read More

Palo Alto Turns to Cameras to Keep Watchful Eye on Railroad

Palo Alto is turning to technology in hopes of preventing people from attempting to stand in front of or jump in front of trains traveling through the Peninsula city.

The city has installed thermal imaging-equipped video cameras designed to keep an eye out for people standing or hanging around the tracks at four railroad crossings within city limits.

While the video cameras have already been put in place, the city is still conducting rounds of testing before making the cameras fully operational later this month.

Palo Alto has hired a company to watch the camera feeds from an off-site location and call law enforcement if they spot anything unusual. Those monitoring the camera feeds can also speak via a public address system to alert someone on the tracks that help is on the way.

The Peninsula city has been paying security guards to scan the railroad crossings since about 2009 after a number of teenagers committed suicide on the tracks.

Unlike the human eye, the cameras are able to scan for movement roughly 1,000 feet away from where they are located along the tracks. The cameras can also capture movement when its dark, raining or foggy.

“We’re hoping that not only will this provide better monitoring, the ability to see much better down the tracks than the human eye, but also in the long run to provide faster notification to law enforcement and be more cost effective,” Claudia Keith with the city of Palo Alto said.

Read More

Millions of Dollars at Stake When Bank Heists Go Digital

“Get down, this is a robbery!” That’s something no bank employee or patron wants to hear. In the past, bank robberies have resulted in thousands, even millions of dollars stolen in cash and gold (although the average yield for a bank robbery in the United States is only about $3,500, according to the FBI).

However, as money has become less physical and more digital, with credit cards and cryptocurrency rapidly replacing cash and coins, bank heists too have evolved from criminals physically breaching the walls of a bank with weapons and physical force, to hackers silently infiltrating the cyber infrastructure and funneling millions into their own accounts.

In one recent heist in Mexico, suspected to be a cyberattack, thieves stole as many as 300 million pesos ($15.4 million) through “phantom orders” to fake accounts, according to Reuters. This week, cybersecurity company Positive Technologies released a report describing how gangs execute sophisticated hacking campaigns against banks by taking advantage of social engineering and flawed security systems. The report also reveals the results of the company’s own penetration tests to show where these institutions may be falling short on protecting their networks and ultimately their funds.

This week I spoke with practice lead for governance, risk and compliance at TrustedSec, Alex Hamerstone, who works closely with large financial institutions doing cyber assessments and developing defense methods based on penetration test results, to gain more insight into bank vulnerabilities and security measures.

Read More

Latest Internet Crime Report Released

Beginning in 2015, the Internet Crime Complaint Center (IC3) forwarded multiple complaints to the FBI’s Houston Field Office regarding fraudulent offers of investment opportunities by perpetrators who impersonated U.S. bank officials and financial consultants over the Internet and telephone. Victims in various countries, including the U.S., were deceived into believing they would receive millions of dollars from joint ventures with certain U.S. banks if they paid up-front fees—ranging from tens of thousands to hundreds of thousands of dollars—to participate. According to court documents, victims lost more than $7 million collectively in this scam.

The complaints submitted by victims to the IC3 helped investigators uncover this elaborate international advance fee and money laundering scheme, and in February of this year, six individuals were federally charged in Houston in connection with the scam.

The IC3, which has received more than 4 million victim complaints from 2000 through 2017, routinely analyzes complaints like these and disseminates data to the appropriate law enforcement agencies at all levels for possible investigation. The IC3 also works to identify general trends related to current and emerging Internet-facilitated crimes, and it publicizes those findings through periodic alerts and an annual report.

And today, the IC3 is releasing its latest annual publication—the 2017 Internet Crime Report—which reveals that the center received more than 300,000 complaints last year with reported losses of more than $1.4 billion.

Read More

Cyber attackers target state of Indiana, 144 universities

Nine Iranians were accused Friday of orchestrating years of cyberattacks on U.S. government agencies, the state of Indiana and hundreds of universities and businesses here and abroad in one of the largest state-sponsored hacking cases ever charged by the Justice Department.

A series of federal indictments and financial sanctions against Iranian individuals were announced by Deputy US Attorney General Rod Rosenstein, charging cyber activity against the United States. Federal prosecutors say the Iranians and an Iranian hacker network called the Mabna Institute illegally accessed Indiana state government computers and the computer systems of 144 U.S. universities.

Rosenstein and Justice Dept. officials would not name the 144 universities targeted by hackers in Iran, but numerous Midwestern universities are popular U.S. college destinations for Iranian students, including University of Illinois. At U of I, Iranian enrollment has jumped in recent years.

Federal agents said the hackers gained access to university databases and college library systems by using stolen login credentials belonging to university professors.

A spokesperson for U of I told the I-Team that as far as she knows, Illinois’ flagship university was not among those hacked.

American government officials said they’ve determined that the nine Iranians, in cooperation with the Islamic Revolutionary Guard Corps, were behind the hacking effort.

Investigators found 320 universities around the world were attacked along with several U.S. government entities, including the Department of Labor, United Nations, and the Federal Energy Regulatory Commission, they said. The Iranians allegedly targeted more than 100,000 email accounts of professors around the world. About half of the 8000 compromised accounts belonged to professors at U.S. universities.

Read More

US and UK blame Russia for ‘malicious’ cyber-offensive

The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.

Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.

Rob Joyce, the White House cybersecurity coordinator, set out a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive capabilities. “We are pushing back and we are pushing back hard,” he said.

Joyce stressed the offensive could not be linked to Friday’s raid on Syria. It was not retaliation for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.

Joyce was joined in the call by representatives from the FBI, the US Department of Homeland Security and the UK’s National Cyber Security Centre (NCSC), which is part of the surveillance agency GCHQ.

The US and UK, in a joint statement, said the cyber-attack was aimed not just at the UK and US but globally. “Specifically, these cyber-exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system,” it said.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

Read More

International Criminal Communication Service Dismantled

International organized crime and drug trafficking groups were dealt a blow by the takedown of an encrypted communication service they used to plan and commit their crimes, the FBI and its international partners announced yesterday.

Canada-based Phantom Secure was a criminal enterprise that provided secure communications to high-level drug traffickers and other criminal organization leaders. The group purchased smartphones, removed all of the typical functionality—calling, texting, Internet, and GPS—and installed an encrypted e-mail system, so the phones could only communicate with each other. If a customer was arrested, Phantom Secure destroyed the data on that phone, which is obstruction of justice under U.S. law. In an attempt to thwart law enforcement efforts, the company required new customers to have a reference from an existing user.

Given the limited functionality of the phones and the fact that they only operate within a closed network of criminals, all of Phantom Secure’s customers are believed to be involved in serious criminal activity. Most of Phantom Secure’s 10,000 to 20,000 users are the top-level leaders of nefarious transnational criminal organizations in the U.S. and several other countries, and the products were marketed as impervious to decryption or wiretapping.

“Working with our international partners in Australia and Canada, we learned that these phones have been used to coordinate drug trafficking, murders, assaults, money laundering, and all sorts of other crimes,” said Special Agent Nicholas Cheviron of the FBI’s San Diego Division, who investigated the case along with U.S. and international counterparts. “By shutting down Phantom Secure, criminals worldwide no longer have that platform to conduct their dangerous criminal activities.”

In collaboration with the Australian Federal Police, Royal Canadian Mounted Police, and law enforcement agencies in Panama, Hong Kong, and Thailand, Phantom Secure’s founder and chief executive Vincent Ramos was arrested in Bellingham, Washington, on March 7. Four of Ramos’ associates are fugitives. They are charged with conspiracy to distribute narcotics and Racketeer Influenced and Corrupt Organizations (RICO) Act violations.

Read More

Louisville Plans to Become First U.S. City to Use Drones

Louisville, Ky., is vying to become probably the first city in the country to use autonomous drones to respond to the sound of gunfire.

The city has applied for a special program the Federal Aviation Administration is running, where it will give a handful of cities temporary permission to get around long-standing drone rules in order to run pilot projects. Those rules, which operators typically have to get individual waivers to get around, include flying drones outside the operator’s line of sight, flying at night and flying above people.

All of those rules would make it pretty difficult for a city to do what Louisville wants to do. The city has ShotSpotter sensors spread throughout its urban fabric, listening for gunshots. When such a noise is picked up, and interpreted by ShotSpotter’s analysts to be gunfire and not a similar sound, a notification is sent to police who can respond to the scene.

Louisville wants to try out the concept of sending self-routing drones to fly to the scene first. That could bring about several possible benefits: Since they’re airborne, drones would likely be able to arrive on scene faster than a police officer. With an aerial view, they could capture video evidence to help authorities find the person who fired the weapon. And in the case of a false alarm — there have been reports of sensors interpreting fireworks and backfiring cars as gunshots — the drones might be able to keep an officer from responding to nothing.

It’s an idea that came out of need. According to Chris Seidt, Louisville’s director of information technology, Mayor Greg Fischer tasked the city’s Office of Performance Improvement and Innovation — which Seidt was in before moving to his current position — with finding outside-the-box solutions to some urgent problems.

Gun violence was a big one. According to LouieStat, the city’s statistics portal, Louisville saw shootings more than double from 228 in 2014 to 460 in 2016. They fell in 2017, but around that time the city was installing ShotSpotter. The new system gave officials an indication that there was still a lot of shooting to worry about.

“In its first six months of existence, we had 800 activations of the system,” Seidt said. “In the 400 square miles of Jefferson County, that’s a bit of a problem.”

Another bad statistic for the city: Its clearance rate, or the rate at which homicide cases end in an arrest, is about 50 percent. That’s below the national average.

“We thought, ‘What’s the likelihood of getting a better clearance rate if we get to the site of a gunshot incident quickly?’” Seidt said.

Read More

Online Predator Used Familiar Tactics to Victimize 12-Year-Old Girl

A 32-year-old Georgia man who pretended to be someone else online is behind bars after using familiar predatory tactics to coerce a 12-year-old girl to produce child pornography and send it to him.

The victims of this type of crime—commonly referred to as sextortion—are almost always vulnerable teenagers who are tricked online and then find themselves in a nightmare situation: They are afraid to tell their parents or friends what is happening, and believe complying with their abuser is the only solution.

“The predators typically pretend to be teenagers online and lurk on popular social media sites,” said Special Agent Kevin Orkin, who investigated the case from the FBI’s Atlanta Division. “The victims—striving for attention, maybe having issues with their parents, as teens often do—are easily manipulated.”

The predators establish an online relationship, flirt, and in time convince the victims to send them a sexually provocative picture. “That initial image might not be too incriminating by today’s standards,” Orkin said, but the predators use the image to blackmail the victims. If they don’t send more explicit material, the victims are told, the image will be shared online with their friends and family to humiliate them.

“The victims are too scared to tell anyone what’s going on,” Orkin said, “and before they know it, they are in way over their heads.”

In the case of the Georgia man, Gerardo Uribe, he masqueraded online as a 13-year-old boy, and later as a 25-year-old man. After the young victim sent a partially nude image of herself at his request in 2014, Uribe was eventually able to take over one of her social media accounts by resetting her password and then locking her out.

With access to all her information, including the initial compromising image, Uribe coerced the girl into providing more sexually explicit material—four images that met the federal definition of child pornography.

The girl’s parents discovered the crime and reported it to the local sheriff’s office, which referred the matter to the FBI. Through various investigative methods, Uribe was located in Georgia and charged with child pornography offenses.

He pleaded guilty in August 2017, and in November 2017 was sentenced to 10 years in prison. A Mexican citizen who was living in the United States as a permanent resident, Uribe will be deported after he completes his prison term. Investigators said that Uribe had tried to victimize at least one other girl.

“Sextortion is a growing problem on social media sites,” Orkin said, and although it may be easy to blame the victims of sextortion for the predicament they find themselves in, he explained, “we are talking about children being manipulated by adults. It’s clear that these criminals are preying on their victims and taking advantage of them in the worst way.”

Read More

U.S. bars drones over nuclear sites for security reasons

WASHINGTON (Reuters) - The Federal Aviation Administration said Monday it will bar drone flights over seven major U.S. nuclear sites, including Los Alamos National Laboratory in New Mexico.

The move is the latest in a series of growing restrictions on unmanned aerial vehicles over U.S. sites that have national security implications.

The new restrictions begin Dec. 29 and include the Hanford Site in Washington State, Idaho National Laboratory, Savannah River National Laboratory in South Carolina, Pantex Site in Texas and the Y-12 National Security Site and Oak Ridge National Laboratory in Tennessee.

The FAA said it is considering additional requests from other federal security agencies to bar drones.

Earlier this year, the FAA banned drone flights over 133 U.S. military facilities. The Pentagon said in August that U.S. military bases could shoot down drones that endanger aviation safety or pose other threats.

The FAA also banned drone flights over 10 U.S. landmarks in September, including the Statue of Liberty in New York and Mount Rushmore National Memorial in South Dakota, at the request of national security and law enforcement agencies.

It separately barred drone flights over the USS Constitution in Boston, the Gateway Arch in St. Louis and Independence National Historical Park in Philadelphia. The list also includes Glen Canyon Dam in Arizona, Hoover Dam in Nevada and Grand Coulee Dam in Washington state.

Last week, the National Transportation Safety Board said a September collision between a small civilian drone and a U.S. Army helicopter was caused by the drone operator’s failure to see the helicopter because he was intentionally flying the drone out of visual range.

The incident between a U.S. Army UH-60M Black Hawk helicopter and a DJI Phantom 4 drone near Staten Island, New York occurred as concerns mount over the rising number of unmanned aircraft in U.S. airspace.

Read More