On Q Professional Investigations

Nine Iranians were accused Friday of orchestrating years of cyberattacks on U.S. government agencies, the state of Indiana and hundreds of universities and businesses here and abroad in one of the largest state-sponsored hacking cases ever charged by the Justice Department.

A series of federal indictments and financial sanctions against Iranian individuals were announced by Deputy US Attorney General Rod Rosenstein, charging cyber activity against the United States. Federal prosecutors say the Iranians and an Iranian hacker network called the Mabna Institute illegally accessed Indiana state government computers and the computer systems of 144 U.S. universities.

Rosenstein and Justice Dept. officials would not name the 144 universities targeted by hackers in Iran, but numerous Midwestern universities are popular U.S. college destinations for Iranian students, including University of Illinois. At U of I, Iranian enrollment has jumped in recent years.

Federal agents said the hackers gained access to university databases and college library systems by using stolen login credentials belonging to university professors.

A spokesperson for U of I told the I-Team that as far as she knows, Illinois’ flagship university was not among those hacked.

American government officials said they’ve determined that the nine Iranians, in cooperation with the Islamic Revolutionary Guard Corps, were behind the hacking effort.

Investigators found 320 universities around the world were attacked along with several U.S. government entities, including the Department of Labor, United Nations, and the Federal Energy Regulatory Commission, they said. The Iranians allegedly targeted more than 100,000 email accounts of professors around the world. About half of the 8000 compromised accounts belonged to professors at U.S. universities.

Read More

The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.

Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.

Rob Joyce, the White House cybersecurity coordinator, set out a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive capabilities. “We are pushing back and we are pushing back hard,” he said.

Joyce stressed the offensive could not be linked to Friday’s raid on Syria. It was not retaliation for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.

Joyce was joined in the call by representatives from the FBI, the US Department of Homeland Security and the UK’s National Cyber Security Centre (NCSC), which is part of the surveillance agency GCHQ.

The US and UK, in a joint statement, said the cyber-attack was aimed not just at the UK and US but globally. “Specifically, these cyber-exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system,” it said.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

Read More

International organized crime and drug trafficking groups were dealt a blow by the takedown of an encrypted communication service they used to plan and commit their crimes, the FBI and its international partners announced yesterday.

Canada-based Phantom Secure was a criminal enterprise that provided secure communications to high-level drug traffickers and other criminal organization leaders. The group purchased smartphones, removed all of the typical functionality—calling, texting, Internet, and GPS—and installed an encrypted e-mail system, so the phones could only communicate with each other. If a customer was arrested, Phantom Secure destroyed the data on that phone, which is obstruction of justice under U.S. law. In an attempt to thwart law enforcement efforts, the company required new customers to have a reference from an existing user.

Given the limited functionality of the phones and the fact that they only operate within a closed network of criminals, all of Phantom Secure’s customers are believed to be involved in serious criminal activity. Most of Phantom Secure’s 10,000 to 20,000 users are the top-level leaders of nefarious transnational criminal organizations in the U.S. and several other countries, and the products were marketed as impervious to decryption or wiretapping.

“Working with our international partners in Australia and Canada, we learned that these phones have been used to coordinate drug trafficking, murders, assaults, money laundering, and all sorts of other crimes,” said Special Agent Nicholas Cheviron of the FBI’s San Diego Division, who investigated the case along with U.S. and international counterparts. “By shutting down Phantom Secure, criminals worldwide no longer have that platform to conduct their dangerous criminal activities.”

In collaboration with the Australian Federal Police, Royal Canadian Mounted Police, and law enforcement agencies in Panama, Hong Kong, and Thailand, Phantom Secure’s founder and chief executive Vincent Ramos was arrested in Bellingham, Washington, on March 7. Four of Ramos’ associates are fugitives. They are charged with conspiracy to distribute narcotics and Racketeer Influenced and Corrupt Organizations (RICO) Act violations.

Read More

Louisville, Ky., is vying to become probably the first city in the country to use autonomous drones to respond to the sound of gunfire.

The city has applied for a special program the Federal Aviation Administration is running, where it will give a handful of cities temporary permission to get around long-standing drone rules in order to run pilot projects. Those rules, which operators typically have to get individual waivers to get around, include flying drones outside the operator’s line of sight, flying at night and flying above people.

All of those rules would make it pretty difficult for a city to do what Louisville wants to do. The city has ShotSpotter sensors spread throughout its urban fabric, listening for gunshots. When such a noise is picked up, and interpreted by ShotSpotter’s analysts to be gunfire and not a similar sound, a notification is sent to police who can respond to the scene.

Louisville wants to try out the concept of sending self-routing drones to fly to the scene first. That could bring about several possible benefits: Since they’re airborne, drones would likely be able to arrive on scene faster than a police officer. With an aerial view, they could capture video evidence to help authorities find the person who fired the weapon. And in the case of a false alarm — there have been reports of sensors interpreting fireworks and backfiring cars as gunshots — the drones might be able to keep an officer from responding to nothing.

It’s an idea that came out of need. According to Chris Seidt, Louisville’s director of information technology, Mayor Greg Fischer tasked the city’s Office of Performance Improvement and Innovation — which Seidt was in before moving to his current position — with finding outside-the-box solutions to some urgent problems.

Gun violence was a big one. According to LouieStat, the city’s statistics portal, Louisville saw shootings more than double from 228 in 2014 to 460 in 2016. They fell in 2017, but around that time the city was installing ShotSpotter. The new system gave officials an indication that there was still a lot of shooting to worry about.

“In its first six months of existence, we had 800 activations of the system,” Seidt said. “In the 400 square miles of Jefferson County, that’s a bit of a problem.”

Another bad statistic for the city: Its clearance rate, or the rate at which homicide cases end in an arrest, is about 50 percent. That’s below the national average.

“We thought, ‘What’s the likelihood of getting a better clearance rate if we get to the site of a gunshot incident quickly?’” Seidt said.

Read More

A 32-year-old Georgia man who pretended to be someone else online is behind bars after using familiar predatory tactics to coerce a 12-year-old girl to produce child pornography and send it to him.

The victims of this type of crime—commonly referred to as sextortion—are almost always vulnerable teenagers who are tricked online and then find themselves in a nightmare situation: They are afraid to tell their parents or friends what is happening, and believe complying with their abuser is the only solution.

“The predators typically pretend to be teenagers online and lurk on popular social media sites,” said Special Agent Kevin Orkin, who investigated the case from the FBI’s Atlanta Division. “The victims—striving for attention, maybe having issues with their parents, as teens often do—are easily manipulated.”

The predators establish an online relationship, flirt, and in time convince the victims to send them a sexually provocative picture. “That initial image might not be too incriminating by today’s standards,” Orkin said, but the predators use the image to blackmail the victims. If they don’t send more explicit material, the victims are told, the image will be shared online with their friends and family to humiliate them.

“The victims are too scared to tell anyone what’s going on,” Orkin said, “and before they know it, they are in way over their heads.”

In the case of the Georgia man, Gerardo Uribe, he masqueraded online as a 13-year-old boy, and later as a 25-year-old man. After the young victim sent a partially nude image of herself at his request in 2014, Uribe was eventually able to take over one of her social media accounts by resetting her password and then locking her out.

With access to all her information, including the initial compromising image, Uribe coerced the girl into providing more sexually explicit material—four images that met the federal definition of child pornography.

The girl’s parents discovered the crime and reported it to the local sheriff’s office, which referred the matter to the FBI. Through various investigative methods, Uribe was located in Georgia and charged with child pornography offenses.

He pleaded guilty in August 2017, and in November 2017 was sentenced to 10 years in prison. A Mexican citizen who was living in the United States as a permanent resident, Uribe will be deported after he completes his prison term. Investigators said that Uribe had tried to victimize at least one other girl.

“Sextortion is a growing problem on social media sites,” Orkin said, and although it may be easy to blame the victims of sextortion for the predicament they find themselves in, he explained, “we are talking about children being manipulated by adults. It’s clear that these criminals are preying on their victims and taking advantage of them in the worst way.”

Read More

WASHINGTON (Reuters) - The Federal Aviation Administration said Monday it will bar drone flights over seven major U.S. nuclear sites, including Los Alamos National Laboratory in New Mexico.

The move is the latest in a series of growing restrictions on unmanned aerial vehicles over U.S. sites that have national security implications.

The new restrictions begin Dec. 29 and include the Hanford Site in Washington State, Idaho National Laboratory, Savannah River National Laboratory in South Carolina, Pantex Site in Texas and the Y-12 National Security Site and Oak Ridge National Laboratory in Tennessee.

The FAA said it is considering additional requests from other federal security agencies to bar drones.

Earlier this year, the FAA banned drone flights over 133 U.S. military facilities. The Pentagon said in August that U.S. military bases could shoot down drones that endanger aviation safety or pose other threats.

The FAA also banned drone flights over 10 U.S. landmarks in September, including the Statue of Liberty in New York and Mount Rushmore National Memorial in South Dakota, at the request of national security and law enforcement agencies.

It separately barred drone flights over the USS Constitution in Boston, the Gateway Arch in St. Louis and Independence National Historical Park in Philadelphia. The list also includes Glen Canyon Dam in Arizona, Hoover Dam in Nevada and Grand Coulee Dam in Washington state.

Last week, the National Transportation Safety Board said a September collision between a small civilian drone and a U.S. Army helicopter was caused by the drone operator’s failure to see the helicopter because he was intentionally flying the drone out of visual range.

The incident between a U.S. Army UH-60M Black Hawk helicopter and a DJI Phantom 4 drone near Staten Island, New York occurred as concerns mount over the rising number of unmanned aircraft in U.S. airspace.

Read More

Virginia Credit Union is offering another layer of security for its mobile banking users.

EyeVerify is a biometric authentication based on a person’s eye print. The feature uses a phone camera and eye print to confirm the user’s identity when opening the credit union’s mobile banking app.

EyeVerify is an option for members who do not want to manually enter a password or for those do not have a phone that accepts fingerprint identification. Unlike other biometric technologies, it doesn’t depend on a particular model of smartphone.

 
“Since not all phones are enabled for fingerprint authentication but most offer a camera, we wanted to provide an additional layer of security for their mobile banking information,” said Frank Macrina, senior vice president of products and channels for Virginia Credit Union.

The optional technology can provide users with a fast and secure way to use the mobile banking app, Macrina said. Also, if a phone is lost, EyeVerify locks down access to the member’s accounts.

It can be used as well for people who have joint accounts, with eye prints recorded for both users and verified upon opening the app.

The eye biometric offers a stronger option than a thumbprint, Macrina said. However, it is a new technology, and the thumbprint is still the most popular method of biometric security.

The credit union began offering the technology in the spring ahead of many of its banking competitors.

Read More

A California man was arrested Sunday for flying a drone over two NFL stadiums and attempting to drop anti-media pamphlets into the crowd.

Tracy Mapes, a 55-year-old Sacramento resident, was cited and released by Santa Clara police for flying the drone in violation of a local municipal code, department spokesperson Dan Moreno told USA TODAY Sports on Monday.

The drone appeared at Levi’s Stadium during the second quarter of the San Francisco 49ers’ 24-13 loss to the Seattle Seahawks and was later seen over Oakland Coliseum, where the Oakland Raiders were playing the Denver Broncos.

Moreno said the message on the leaflets was “anti-local news media, and TV news stations specifically.” The charge was a misdemeanor, he said.

There is also an ongoing federal investigation and Mapes may face additional charges, according to Moreno, because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi’s Stadium and Oakland Coliseum are within that range.

The San Francisco Chronicle added that the drone was a relatively ineffective messenger because “most of the drone-dropped leaflets were carried away by the win.

View Source

RICHMOND, Va. (WRIC) — 8News investigates to see how Richmond Public Schools bus camera system is keeping students safe.

RPS is the only district in Central Virginia that has installed a stop-arm camera system on their school buses. The second district in the state.

The camera system is designed to catch reckless drivers illegally passing school buses.

“We’re averaging 30 violations a day,” Interim Superintendent Tommy Kranz says, “So that indicates to me that yes, it is working.”

100 school buses are equipped with a total of 13 cameras, nine on the outside and four on the inside.

From the first day of Fall to October 24, 1,021 citations were issued to drivers who illegally pass a school bus when the stop-arm is out or red lights are flashing.

8News obtained video through Richmond Public Schools in which cameras caught drivers nearly hitting students when the school bus was stopped.

Michelle Kitts is a RPS parent and admits she even goes a different route in the mornings to avoid the bus stops.

“If they have kids they know how it feels to see somebody speed passed the buses when there are kids,” Kitts says, “even at the stop with no buses around so everyone should slow down and take it easy.”

Kevin Hunter, another RPS parent says he wasn’t surprised by the number of tickets that were issued in the first seven weeks this Fall. He says he believes drivers need to put down their cell phones and pay more attention to the road before a child is hurt.

“As a foster dad I don’t want to see any of my kids go you know shot across the street then you got some driver coming and don’t pay attention,” Hunter said.

In a press release sent to 8News this summer, Richmond Public Schools said they wanted to have all school buses equipped with the camera system by the start of the semester. However, the company that installs the camera paid to install cameras on the first 50 buses and have been working in phases to install the rest. This revenue is generated from the citations that are issued.

Read More

“In the first Minnesota case to address a new and growing form of cybercrime, federal prosecutors have charged a former state resident with employing “hackers-for-hire” to sabotage the website of a local business.

The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.

Prosecutors say John Kelsey Gammell, 46, paid hacking services to inflict a year’s worth of “distributed denial of service” (DDoS) attacks to bring down websites affiliated with Washburn Computer Group, a Monticello business where he used to work.

DDoS attacks overwhelm a network with data, blocking access for legitimate users and even knocking web services offline. Washburn, a point-of-sale system repair company, told prosecutors that Gammell’s attacks cost it about $15,000.

Authorities say Gammell didn’t stop there: He is accused of paying $19.99 to $199.99 in monthly payments to try to bring down web networks that included those of the Minnesota Judicial Branch, Hennepin County and several banks.

“As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Acting U.S. Attorney Gregory Brooker in Minneapolis said, speaking generally about the new forms of crime.

The FBI’s Internet Crime Complaint Center reported more than $11 million in losses to victims of DDoS attacks last year.

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS,” said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis.

Devices such as digital video recorders and home appliances recently have been marshaled by cyber criminals to carry out massive operations like last year’s flooding of a prominent web infrastructure company that affected sites like Amazon and Netflix. In a separate attack, in June 2016, the Minnesota Judicial Branch’s website went down for 10 days, alarming local officials because so many government services have at least some nexus to the web.

“A lot of people think it’s just a nuisance,” said Chris Buse, Minnesota’s chief information security officer. “But it’s not. If you look at what government does — basic critical services — if those services don’t continue, people can literally die.”

Minnesota IT Services, which administers the state’s computer systems, said state networks field an average of more than 3 million attempted cyberattacks daily. Officials say the state still hasn’t experienced a major attack on par with a 2012 South Carolina breach that exposed personal data for 3.7 million residents and cost the state $20 million.

But with hackers able to take over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse said.

‘We will do much business’

The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.

One of his preferred hacking-for-hire services was called vDOS, which was shuttered last year after the arrests of two alleged operators in Israel. The FBI obtained files from vDOS that included records of Gammell’s purchases, attacks and communications with vDOS administrators and customers.

One day in 2015, according to a criminal complaint, Gammell eagerly wrote the company boasting of his success in blowing past a “DDoS mitigation” program to kick an unnamed network offline for at least two days. “We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell sought out seven sites offering DDoS-for-hire services and paid monthly fees to three to carry out web attacks from July 2015 to September 2016.

Charges are also expected out of Colorado and New Mexico for firearms offenses stemming from searches in the case.

Appearing in a Minneapolis courtroom last week, Gammell confirmed that he rejected a plea offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. A federal magistrate is reviewing motions filed by Gammell’s attorney, Rachel Paulose, to dismiss the case or suppress evidence.

On Monday, Paulose told U.S. Magistrate Judge David Schultz that evidence the FBI obtained from an unnamed researcher should be thrown out and suggested the data could itself have been retrieved by hacking.

Paulose, who did not respond to messages seeking comment for this story, also argued in pretrial motions that Gammell didn’t personally attack Washburn.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Addressing Schultz last week, Paulose described the attacks on Washburn as “essentially a prank on a dormant site not doing business.”

“Even if Mr. Gammell thinks it’s a prank,” Assistant U.S. Attorney Timothy Rank replied, “it’s a criminal prank.”

View Source