Latest Internet Crime Report Released

Beginning in 2015, the Internet Crime Complaint Center (IC3) forwarded multiple complaints to the FBI’s Houston Field Office regarding fraudulent offers of investment opportunities by perpetrators who impersonated U.S. bank officials and financial consultants over the Internet and telephone. Victims in various countries, including the U.S., were deceived into believing they would receive millions of dollars from joint ventures with certain U.S. banks if they paid up-front fees—ranging from tens of thousands to hundreds of thousands of dollars—to participate. According to court documents, victims lost more than $7 million collectively in this scam.

The complaints submitted by victims to the IC3 helped investigators uncover this elaborate international advance fee and money laundering scheme, and in February of this year, six individuals were federally charged in Houston in connection with the scam.

The IC3, which has received more than 4 million victim complaints from 2000 through 2017, routinely analyzes complaints like these and disseminates data to the appropriate law enforcement agencies at all levels for possible investigation. The IC3 also works to identify general trends related to current and emerging Internet-facilitated crimes, and it publicizes those findings through periodic alerts and an annual report.

And today, the IC3 is releasing its latest annual publication—the 2017 Internet Crime Report—which reveals that the center received more than 300,000 complaints last year with reported losses of more than $1.4 billion.

Read More

Cyber attackers target state of Indiana, 144 universities

Nine Iranians were accused Friday of orchestrating years of cyberattacks on U.S. government agencies, the state of Indiana and hundreds of universities and businesses here and abroad in one of the largest state-sponsored hacking cases ever charged by the Justice Department.

A series of federal indictments and financial sanctions against Iranian individuals were announced by Deputy US Attorney General Rod Rosenstein, charging cyber activity against the United States. Federal prosecutors say the Iranians and an Iranian hacker network called the Mabna Institute illegally accessed Indiana state government computers and the computer systems of 144 U.S. universities.

Rosenstein and Justice Dept. officials would not name the 144 universities targeted by hackers in Iran, but numerous Midwestern universities are popular U.S. college destinations for Iranian students, including University of Illinois. At U of I, Iranian enrollment has jumped in recent years.

Federal agents said the hackers gained access to university databases and college library systems by using stolen login credentials belonging to university professors.

A spokesperson for U of I told the I-Team that as far as she knows, Illinois’ flagship university was not among those hacked.

American government officials said they’ve determined that the nine Iranians, in cooperation with the Islamic Revolutionary Guard Corps, were behind the hacking effort.

Investigators found 320 universities around the world were attacked along with several U.S. government entities, including the Department of Labor, United Nations, and the Federal Energy Regulatory Commission, they said. The Iranians allegedly targeted more than 100,000 email accounts of professors around the world. About half of the 8000 compromised accounts belonged to professors at U.S. universities.

Read More

US and UK blame Russia for ‘malicious’ cyber-offensive

The cyberwar between the west and Russia has escalated after the UK and the US issued a joint alert accusing Moscow of mounting a “malicious” internet offensive that appeared to be aimed at espionage, stealing intellectual property and laying the foundation for an attack on infrastructure.

Senior security officials in the US and UK held a rare joint conference call to directly blame the Kremlin for targeting government institutions, private sector organisations and infrastructure, and internet providers supporting these sectors.

Rob Joyce, the White House cybersecurity coordinator, set out a range of actions the US could take such as fresh sanctions and indictments as well as retaliating with its own cyber-offensive capabilities. “We are pushing back and we are pushing back hard,” he said.

Joyce stressed the offensive could not be linked to Friday’s raid on Syria. It was not retaliation for the US, UK and French attack as the US and UK had been investigating the cyber-offensive for months. Nor, he said, should the decision to make public the cyber-attack be seen as a response to events in Syria.

Joyce was joined in the call by representatives from the FBI, the US Department of Homeland Security and the UK’s National Cyber Security Centre (NCSC), which is part of the surveillance agency GCHQ.

The US and UK, in a joint statement, said the cyber-attack was aimed not just at the UK and US but globally. “Specifically, these cyber-exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, network intrusion detection system,” it said.

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

Read More

Nationwide Law Enforcement Action Targets Online Drug Trafficking

A nationwide law enforcement action aimed at shining a light on those who use the dark web to buy and sell illegal opiates has resulted in hundreds of interactions and arrests of individuals who may have considered their seemingly anonymous online transactions beyond the reach of authorities.

The FBI-led enforcement action last week, named Operation Disarray, is part of a recently launched Department of Justice initiative to disrupt the sale of opioids online and was the first operation of its kind to occur simultaneously in all 50 states.

“The point of Operation Disarray,” said Special Agent Chris Brest, who helped organize the effort from FBI Headquarters, “is to put drug traffickers on notice: Law enforcement is watching when people buy and sell drugs online. For those who think the Darknet provides anonymity,” he explained, “you are mistaken.”

Darknet marketplaces resemble legitimate e-commerce sites, complete with shopping carts, thousands of products, sales promotions, and customer reviews. But the Darknet sites’ drop-down menus direct customers to cocaine, heroin, fentanyl, and other illegal drugs.

The marketplaces are accessed through a type of software that claims to make the buyer and seller anonymous. Drug users anywhere in the world can sit in front of a computer screen and, with a click of the mouse, buy narcotics without having to risk a face-to-face interaction. “Drug trafficking is changing,” Brest said. “The environment is moving from real-world to the virtual realm, and it’s on the rise.”

Such unfettered access to illegal drugs, said Special Agent Eric Yingling, who specializes in Darknet investigations from the FBI’s Pittsburgh Division, “can accelerate someone’s addiction because the drugs are so easy to obtain. It also facilitates a low barrier of entry to becoming a trafficker,” he explained. “We see a number of individuals go from consuming to becoming distributors because they’ve become comfortable using the marketplaces. Anyone who owns a computer could potentially be involved in this type of activity.”

Read More

State-Sponsored Cyber Theft

Nine Iranian citizens—working at the behest of the government of Iran—have been charged in a massive computer hacking campaign that compromised U.S. and foreign universities, private companies, and U.S. government entities, including the Department of Labor and the Federal Energy Regulatory Commission.

The hackers were affiliated with the Mabna Institute, an Iran-based company created in 2013 for the express purpose of illegally gaining access to non-Iranian scientific resources through computer intrusions. Members of the institute were contracted by the Islamic Revolutionary Guard Corps—one of several entities within the Iranian government responsible for gathering intelligence—as well as other Iranian government clients.

During a more than four-year campaign, these state-sponsored hackers “compromised approximately 144 U.S.-based universities and 176 foreign universities in 21 countries,” said FBI Deputy Director David Bowdich during a press conference today at the Department of Justice in Washington to announce the indictments. When the FBI learned of the attacks, he said, “we notified the victims so they could take action to minimize the impact. And then we took action to find and stop these hackers.”

Initially, the cyber criminals used an elaborate spearphishing campaign to target the e-mail accounts and computer systems of their victims, which in addition to the universities included nearly 50 domestic and foreign private-sector companies, the states of Hawaii and Indiana, and the United Nations.

According to the indictments unsealed today in a Manhattan federal court, the hackers stole more than 30 terabytes of academic data and intellectual property—roughly three times the amount of data contained in the print collection of the Library of Congress.

“Their primary goal was to obtain user names and passwords for the accounts of professors so they could gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on,” said a special agent who investigated the case from the FBI’s New York Division. “That information included access to library databases, white papers, journals, research, and electronic books. All that information and intellectual property was provided to the Iranian government,” he added.

Read More

International Criminal Communication Service Dismantled

International organized crime and drug trafficking groups were dealt a blow by the takedown of an encrypted communication service they used to plan and commit their crimes, the FBI and its international partners announced yesterday.

Canada-based Phantom Secure was a criminal enterprise that provided secure communications to high-level drug traffickers and other criminal organization leaders. The group purchased smartphones, removed all of the typical functionality—calling, texting, Internet, and GPS—and installed an encrypted e-mail system, so the phones could only communicate with each other. If a customer was arrested, Phantom Secure destroyed the data on that phone, which is obstruction of justice under U.S. law. In an attempt to thwart law enforcement efforts, the company required new customers to have a reference from an existing user.

Given the limited functionality of the phones and the fact that they only operate within a closed network of criminals, all of Phantom Secure’s customers are believed to be involved in serious criminal activity. Most of Phantom Secure’s 10,000 to 20,000 users are the top-level leaders of nefarious transnational criminal organizations in the U.S. and several other countries, and the products were marketed as impervious to decryption or wiretapping.

“Working with our international partners in Australia and Canada, we learned that these phones have been used to coordinate drug trafficking, murders, assaults, money laundering, and all sorts of other crimes,” said Special Agent Nicholas Cheviron of the FBI’s San Diego Division, who investigated the case along with U.S. and international counterparts. “By shutting down Phantom Secure, criminals worldwide no longer have that platform to conduct their dangerous criminal activities.”

In collaboration with the Australian Federal Police, Royal Canadian Mounted Police, and law enforcement agencies in Panama, Hong Kong, and Thailand, Phantom Secure’s founder and chief executive Vincent Ramos was arrested in Bellingham, Washington, on March 7. Four of Ramos’ associates are fugitives. They are charged with conspiracy to distribute narcotics and Racketeer Influenced and Corrupt Organizations (RICO) Act violations.

Read More

The cybersecurity skills shortage acts as a root cause for security events

“ESG recently published a new research report titled, The Life and Times of Cybersecurity Professionals, with its research partner, the Information Systems Security Association (ISSA).

The research looks closely at the ramifications of the cybersecurity skills shortage — beyond the obvious conclusion that there are more cybersecurity jobs than people with the right skills and background to fill these jobs.

As part of this research project, ESG and ISSA wanted to understand whether the cybersecurity skills shortage is a contributing factor to the constant wave of security events experienced by large and small organizations.

To that end, 343 cybersecurity professionals (and mostly ISSA members) were asked if their organizations had experienced a security incident over the past two years (i.e. system compromise, malware incident, DDoS attack, targeted attack, data breach, etc.). More than half (53 percent) admitted that their organization had experienced at least one security incident since 2015. It is also noteworthy that 34 percent responded with “don’t know/prefer not to say,” so the percentage of organizations experiencing a security incident is likely much higher.

4 factors contributing to cybersecurity incidents

Those survey respondents confessing to a security incident were then asked to identify the factors that contributed to these events. The data reveals that:

-31 percent say a lack of training for non-technical employees. This indicates that employees are probably opening rogue attachments, clicking on malicious links, and falling for social engineering scams, leading to system compromises and data breaches. Clearly, firms are not dedicating the people or financial resources necessary to provide ample cybersecurity training and are suffering the consequences.

-22 percent say the cybersecurity team is not large enough for the size of their organization. Boom, direct hit. In an earlier blog post, I revealed some data about the implications of the cybersecurity skills shortage, including an increasing workload on staffers and a myopic focus on emergency response at the expense of planning and strategy. The data also exposes that the skills shortage leads directly to more security incidents, which lead to business disruption, negative publicity and data breaches.

-20 percent say business and executive management tend to treat cybersecurity as a low priority. The lack of suitable business oversight on cybersecurity was a consistent theme throughout the ESG/ISSA research. It remains true that business executives are overlooking their fiduciary (and moral) cybersecurity responsibilities. Based upon this data, we can anticipate some massive GDPR fines in the second half of 2018.

-18 percent say the existing cybersecurity team can’t keep up with the workload. Another direct hit — the workload is too big, and the staff is too small.

Breach detection, proactive threat hunting, and incident response tend to be people-intensive processes dependent upon advanced skills, so it’s logical to assume the cybersecurity skills shortage would have a profound impact here. The ESG/ISSA research proves there is a strong correlation here, so it’s safe to say that organizations with lots of open cybersecurity requisitions can expect a lot of malicious activity on the network.”

Read More

‘Hacker-for-hire’ cases going federal in Minnesota

“In the first Minnesota case to address a new and growing form of cybercrime, federal prosecutors have charged a former state resident with employing “hackers-for-hire” to sabotage the website of a local business.

The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.

Prosecutors say John Kelsey Gammell, 46, paid hacking services to inflict a year’s worth of “distributed denial of service” (DDoS) attacks to bring down websites affiliated with Washburn Computer Group, a Monticello business where he used to work.

DDoS attacks overwhelm a network with data, blocking access for legitimate users and even knocking web services offline. Washburn, a point-of-sale system repair company, told prosecutors that Gammell’s attacks cost it about $15,000.

Authorities say Gammell didn’t stop there: He is accused of paying $19.99 to $199.99 in monthly payments to try to bring down web networks that included those of the Minnesota Judicial Branch, Hennepin County and several banks.

“As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Acting U.S. Attorney Gregory Brooker in Minneapolis said, speaking generally about the new forms of crime.

The FBI’s Internet Crime Complaint Center reported more than $11 million in losses to victims of DDoS attacks last year.

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS,” said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis.

Devices such as digital video recorders and home appliances recently have been marshaled by cyber criminals to carry out massive operations like last year’s flooding of a prominent web infrastructure company that affected sites like Amazon and Netflix. In a separate attack, in June 2016, the Minnesota Judicial Branch’s website went down for 10 days, alarming local officials because so many government services have at least some nexus to the web.

“A lot of people think it’s just a nuisance,” said Chris Buse, Minnesota’s chief information security officer. “But it’s not. If you look at what government does — basic critical services — if those services don’t continue, people can literally die.”

Minnesota IT Services, which administers the state’s computer systems, said state networks field an average of more than 3 million attempted cyberattacks daily. Officials say the state still hasn’t experienced a major attack on par with a 2012 South Carolina breach that exposed personal data for 3.7 million residents and cost the state $20 million.

But with hackers able to take over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse said.

‘We will do much business’

The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.

One of his preferred hacking-for-hire services was called vDOS, which was shuttered last year after the arrests of two alleged operators in Israel. The FBI obtained files from vDOS that included records of Gammell’s purchases, attacks and communications with vDOS administrators and customers.

One day in 2015, according to a criminal complaint, Gammell eagerly wrote the company boasting of his success in blowing past a “DDoS mitigation” program to kick an unnamed network offline for at least two days. “We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell sought out seven sites offering DDoS-for-hire services and paid monthly fees to three to carry out web attacks from July 2015 to September 2016.

Charges are also expected out of Colorado and New Mexico for firearms offenses stemming from searches in the case.

Appearing in a Minneapolis courtroom last week, Gammell confirmed that he rejected a plea offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. A federal magistrate is reviewing motions filed by Gammell’s attorney, Rachel Paulose, to dismiss the case or suppress evidence.

On Monday, Paulose told U.S. Magistrate Judge David Schultz that evidence the FBI obtained from an unnamed researcher should be thrown out and suggested the data could itself have been retrieved by hacking.

Paulose, who did not respond to messages seeking comment for this story, also argued in pretrial motions that Gammell didn’t personally attack Washburn.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Addressing Schultz last week, Paulose described the attacks on Washburn as “essentially a prank on a dormant site not doing business.”

“Even if Mr. Gammell thinks it’s a prank,” Assistant U.S. Attorney Timothy Rank replied, “it’s a criminal prank.”

View Source

Va State Police warns of automated traffic ticket email scam

RICHMOND, Va. — Virginia State Police is warning citizens about an “automated traffic ticket email scam” being used by scammers to demand money for unpaid traffic tickets.

“The email scam is just one of numerous tactics used by scammers to harass individuals under the guise of being the Virginia State Police,” a VSP spokesperson wrote.

State Police said they do not use or issue digital/automated traffic tickets or summonses.

The department is warning anyone who receives the email to not click on any links provided and delete it immediately.

This scam notice comes one month after the department warned citizens about state police phone numbers being cloned by scammers demanding money and/or threatening individuals with arrest warrants.

State Police advised residents who received the calls to hang up immediately.

Here are some tips from VSP to protect you from similar scams:

Never open or click on a link in an email from an unknown email address, individual or organization.

To check the validity of an email, locate the entity’s website and call to determine if it is a legitimate email. The same goes for an individual.

Never give out personal information, credit card numbers, bank account information, etc. to an unknown individuals or entities via the phone or email.

View Source

Equifax says 143m Americans’ social security numbers exposed in hack

Credit monitoring company Equifax says a breach exposed the social security numbers and other data of about 143 million Americans.

After discovering the breach, but before notifying the public, three Equifax senior executives sold shares in the company worth almost $1.8m. Since the public announcement, the company’s share price has tumbled.

The Atlanta-based company said Thursday that “criminals” exploited a US website application to access files between mid-May and July of this year.

It said consumers’ names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers were exposed. Credit card numbers for about 209,000 US consumers were also accessed.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said the company’s chairman and CEO Richard Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

The company said hackers also accessed some “limited personal information” from British and Canadian residents.

Equifax said it doesn’t believe that any consumers from other countries were affected.

Such sensitive information can be enough for crooks to hijack people’s identities, potentially wreaking havoc on the victims’ lives.

Financial institutions, landlords and other businesses draw on data from credit monitoring companies like Equifax to verify people’s identity and ensure they are suitable for leases and loans. This breach has given cybercriminals a treasure trove of data to assume the identities of those affected and carry out fraudulent transactions in their name.

“On a scale of one to 10, this is a 10 in terms of potential identity theft,” said Gartner security analyst Avivah Litan. “Credit bureaus keep so much data about us that affects almost everything we do.”

Ryan Kalember, from cybersecurity company Proofpoint said: “This has really called into question the entire model of how we authenticate ourselves to financial institutions. The fact that we still use things like mother’s maiden name, social security number and date of birth is ridiculous.”

The breach could also undermine the integrity of the information stockpiled by two other major credit bureaus, Experian and TransUnion, since they hold virtually all the data that Equifax does, Litan said.

Equifax discovered the hack 29 July, but waited until Thursday to warn consumers. In the interim, as first reported by Bloomberg, chief financial officer John Gamble sold shares worth $946,374 and president of US information solutions Joseph Loughran exercised options to sell stock worth $584,099. President of workforce solutions Rodolfo Ploder also sold stock worth $250,458.

Ines Gutzmer, head of corporate communications for Equifax, said: “The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.”

Read More