Hackers Infiltrated Mortgage Company

A recently closed California hacking and identity theft case sadly illustrates the misery that can be visited on unsuspecting victims when their personal information is compromised.

Between 2011 and 2014, four U.S. citizens who resided in San Diego—but carried out their crimes from across the Mexican border in Tijuana—hacked the computer servers of major U.S. mortgage brokers, stealing detailed loan application information from thousands of customers and then using the victims’ Social Security numbers, addresses, dates of birth, and driver’s license numbers to open unauthorized lines of credit and take over and drain victims’ retirement accounts.

“The damage crimes like these have on victims, the economy, and society in general are significant,” said Special Agent Chris Christopherson, who investigated the case from the FBI’s San Diego Division. “Individuals had their finances wrecked and their credit destroyed, through no fault of their own. For many of them,” he added, “the impacts are still being felt.”

One of the fraudsters in the conspiracy, John Baden, was the chief hacker. He infiltrated mortgage companies using a common hacking technique known as “fuzzing,” which works by overloading a web server with massive amounts of data that can lead to the server revealing security loopholes.

Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. Then it was simple for him and his conspirators to wire funds—sometimes up to $30,000 at a time—from the victims’ accounts to accounts they controlled.

Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme, Christopherson said. A second part of the scheme involved extensive credit fraud. The criminals used victims’ detailed personal information to set up bogus lines of credit and retail credit card accounts to which they charged thousands of dollars for goods and services. Most of the proceeds from the sale of items in these crimes were used to buy drugs.

Read More

Protect Your Wallet and Your Information This Holiday Season

As the holiday shopping season officially gets underway, the FBI would like to take this opportunity to warn shoppers to be aware of the increasingly aggressive techniques of cyber criminals who want to steal your money and your personal information.

For example, watch out for online shopping scams—criminals often scheme to defraud victims by offering too-good-to-be-true deals, like brand name merchandise at extremely low discounts or gift cards as an incentive to buy a product. Beware of social media scams, including posts on social media sites that offer vouchers or gift cards or that pose as holiday promotions or contests. Always be careful when downloading mobile applications on your smartphone—some apps, disguised as games and offered for free, maybe be designed to steal personal information. And if you’re in need of extra cash this time of year, watch out for websites and online postings offering work you can do from home—you may actually become the victim of an advance fee, counterfeit, or pyramid scheme, or become an unknowing participant in criminal activity.

Here are some additional steps you can take to avoid becoming a victim of cyber fraud this season:

Check your credit card statement routinely, and ensure websites are secure and reputable before providing your credit card number;
Do your research to ensure the legitimacy of the individual or company you are purchasing from;
Beware of providing credit card information when requested through unsolicited e-mails;
Avoid filling out forms contained in e-mail messages that ask for personal information;
Never click on links contained within unsolicited e-mails;
Verify any requests for personal information from any business or financial institution by contacting them directly;
Be cautious of e-mails claiming to contain pictures in attached files, especially unsolicited e-mails—the files may contain viruses; and
Be leery if you are requested to act quickly or told there is an emergency (fraudsters often create a sense of urgency).
If you suspect you have been victimized, contact your financial institution immediately, contact law enforcement, and file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

Read More

FBI Investigating OPM Cyber Intrusion

The FBI is investigating a cyber intrusion affecting the information technology and data systems of the federal government’s Office of Personnel Management, or OPM.

In a June 4 press release notifying federal employees of the incident, OPM said the agency has partnered with the Department of Homeland Security and the FBI to determine the intrusion’s full impact on federal personnel. OPM said it will send notifications to approximately four million individuals whose personal information may have been compromised.

OPM’s press release included guidance for affected individuals, as well as tips to avoid becoming a victim.

In a June 4 statement confirming its role in the investigation, the FBI said, “We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace.”

OPM press release | FBI statement

View Source

Medical, Personal Information Exposed at Premera Blue Cross

As the latest health insurer to be breached, Premera Blue Cross has revealed that it discovered a sophisticated cyber attack that tried to gain unauthorized access to their IT systems on January 29, 2015. The initial attack occurred on May 5, 2014. The company notified the FBI and is working with the cybersecurity firm Mandiant to investigate and repair the damage done by the attack.

Attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information, Premera said.

“About 6 million of the people whose accounts were accessed are residents of Washington state, where customers include employees of Amazon.com Inc, Microsoft Corp and Starbucks Corp, according to Premera. The rest are scattered across every U.S. state,” Reuters reports.

Establish your company as a technology leader. For 50 years, the R&D 100 Awards, widely recognized as the “Oscars of Invention,” have showcased products of technological significance. Learn more.

As explained by KrebsOnSecurity, “Mandiant specializes in tracking and blocking attacks from state-sponsored hacking groups, particularly those based in China.”

It goes on, “There are indications that this may be the work of the Chinese espionage group tied to the breach disclosed earlier this year at Anthem, an intrusion that affected some 78 million Americans.”

View Source

Hackers Steal Up to $1 Billion From Banks, Security Co. Says

NEW YORK — A hacking ring has stolen up to $1 billion from banks around the world in what would be one of the biggest banking breaches known, a cybersecurity firm says in a report scheduled to be delivered Monday.

The hackers have been active since at least the end of 2013 and infiltrated more than 100 banks in 30 countries, according to Russian security company Kaspersky Lab.

After gaining access to banks’ computers through phishing schemes and other methods, they lurk for months to learn the banks’ systems, taking screen shots and even video of employees using their computers, the company says.

Once the hackers become familiar with the banks’ operations, they use that knowledge to steal money without raising suspicions, programming ATMs to dispense money at specific times or setting up fake accounts and transferring money into them, according to Kaspersky. The report is set to be presented Monday at a security conference in Cancun, Mexico. It was first reported by The New York Times.

The hackers seem to limit their theft to about $10 million before moving on to another bank, part of the reason why the fraud was not detected earlier, Kaspersky principal security researcher Vicente Diaz said in a telephone interview with The Associated Press.

The attacks are unusual because they target the banks themselves rather than customers and their account information, Diaz said.

The goal seems to be financial gain rather than espionage, he said.

“In this case they are not interested in information. They’re only interested in the money,” he said. “They’re flexible and quite aggressive and use any tool they find useful for doing whatever they want to do.”

Most of the targets have been in Russia, the U.S., Germany, China and Ukraine, although the attackers may be expanding throughout Asia, the Middle East, Africa and Europe, Kaspersky says. In one case, a bank lost $7.3 million through ATM fraud. In another case, a financial institution lost $10 million by the attackers exploiting its online banking platform.

Kaspersky did not identify the banks and is still working with law-enforcement agencies to investigate the attacks, which the company says are ongoing.

The Financial Services Information Sharing and Analysis Center, a nonprofit that alerts banks about hacking activity, said in a statement that its members received a briefing about the report in January.

“We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimize any effects on their customers,” the organization said in a statement. “The report that Russian banks were the primary victims of these attacks may be a significant change in targeting strategy by Russian-speaking cybercriminals.”

Read More

Steam chat spreading dangerous malware

Most people know not to click on suspicious links from strangers, but suspicious links from friends are more of a marginal case. Malefactors are currently using Steam, Valve’s popular PC gaming platform, to spread malware by hiding a nasty program in a supposedly innocuous screenshot that looks like it is coming from a trusted friend.

Security expert Graham Cluley shared the story, which one of his readers brought to his attention. The malware comes via Steam’s built-in chat client and, in all likelihood, will appear to come from someone you know.

If you receive a message on Steam that reads “WTF?????” and links to a JPEG image called “screenshot,” steer clear and inform your friend that he or she needs to run a virus scan posthaste. The link leads not to a strange picture, but rather to an executable SCR file.

Once clicked, the file will download and install automatically. This particular SCR file targets Steam, meaning it may be able to steal your login and financial information. At the very least, it compromises your Friends list and sends the malware-ridden “WTF” message to all of your contacts.

Worse still, only about half of antivirus programs seem capable of detecting the malware. While AVG, Malwarebytes, Kaspersky, Sophos and Symantec users are in the clear, those who rely on Microsoft, TrendMicro, Kingsoft or AegisLab are out of luck. The best solution for them would be to download the free version of AVG or Malwarebytes and run it with extreme prejudice.

This is not the first time that malware has targeted Steam users, suggesting that the platform is still not perhaps as secure as it could be. PC gamers should double-check with their friends before clicking on links that look out-of-the-ordinary.

Read More

Hackers recreate fingerprints using public photos

At a cybersecurity convention in Hamburg last week, the “Chaos Computer Club” demonstrated how it can mimic a fingerprint just by analyzing photographs.

Fingerprints have been recreated from smudges on windows and other smooth surfaces. In the past, forgers have used tape, a scanner, some plastic material and glue to build a gummy fingerprint that can fool scanners.

But the Chaos Computer Club says this is the first time fingerprints have been spoofed from afar. The group’s leader, known as “Starbug,” said he was able to recreate the thumbprint of the German Minister of Defense Ursula von der Leyen, from several news photos.

The hack isn’t terribly complicated, but it’s also not something most people would have the patience or ability to pull off. Starbug printed the fingerprint from the photos onto tracing paper, copied it onto a plastic board, covered it in graphite and made a dummy print by coating the plastic in wood glue.

Not easy. Still he made a dummy fingerprint from a photo. Impressive.

In one demonstration, the dummy print was able to trick Apple’s (AAPL, Tech30) TouchID (which controls Apple Pay).

“There will be no need to steal objects carrying the fingerprints anymore,” the group said in a preview of the event. “After this talk, politicians will presumably wear gloves when talking in public.”

The Club said the presentation calls into question the validity of fingerprint security systems. It would be difficult to do anything useful with the German Defense Minister’s fingerprints, but you could use the hacking method to get into your friend’s iPhone.

Read More

FBI warns of ‘destructive’ malware

(Reuters) - The Federal Bureau of Investigation warned U.S. businesses that hackers have used malicious software to launch a destructive cyberattack in the United States, following a devastating breach last week at Sony Pictures Entertainment.

Cybersecurity experts said the malicious software described in the alert appeared to describe the one that affected Sony, which would mark first major destructive cyber attack waged against a company on U.S. soil. Such attacks have been launched in Asia and the Middle East, but none have been reported in the United States. The FBI report did not say how many companies had been victims of destructive attacks.

“I believe the coordinated cyberattack with destructive payloads against a corporation in the U.S. represents a watershed event,” said Tom Kellermann, chief cybersecurity officer with security software maker Trend Micro Inc. “Geopolitics now serve as harbingers for destructive cyberattacks.”

The five-page, confidential “flash” FBI warning issued to businesses late on Monday provided some technical details about the malicious software used in the attack. It provided advice on how to respond to the malware and asked businesses to contact the FBI if they identified similar malware.

The report said the malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up.

“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the report said.

The document was sent to security staff at some U.S. companies in an email that asked them not to share the information.

The FBI released the document in the wake of last Monday’s unprecedented attack on Sony Pictures Entertainment, which brought corporate email down for a week and crippled other systems as the company prepares to release several highly anticipated films during the crucial holiday film season.

A Sony spokeswoman said the company had “restored a number of important services” and was “working closely with law enforcement officials to investigate the matter.”

Read More

This is how your Gmail account got hacked

It’s rare. On an average day, only nine in 1 million accounts gets stolen. But when it happens, the operation is swift. These are professional criminals at work, looking through your email to steal your bank account information.

The criminals are concentrated in five countries. Most of them live in China, Ivory Coast, Malaysia, Nigeria and South Africa. But they attack people worldwide, duping them into handing over Gmail usernames and passwords.

Google has effective scans to block them and emergency options to get your account back. But criminals still manage to pull off the attacks.
Here’s some more of what Google found in its three-year study.

In the mind of a hacker

Effective scams work 45% of the time. This number sounds huge, but well-crafted scams can be convincing. They send official-looking emails requesting your login credentials. And sometimes they redirect you to a page that looks like a Google login, but it’s not.

Safety tip: Don’t ever email your username or password — anywhere. And always check the Internet address in the URL above to ensure you’re at the actual Gmail site.

They usually steal your account in less than a day. Once they have your login credentials, the average criminal hijacks your account within seven hours. For an unlucky 20%, the bad guys do it in just 30 minutes. Then they change your password to lock you out.

Read More

Hackers Ran Loose Inside JPMorgan For 2 Months Before Getting Caught

It’s as if a robber were to break into a bank today and stay there until Christmas before someone noticed.

That’s how long hackers had access to JPMorgan Chase’s computer system, The New York Times reported this week. If two months seems like an eternity for cyberthieves to wander through the computers of the country’s largest bank, consider that hackers have had free rein for even longer at several major retailers this past year.

Hackers resided on the computers of Neiman Marcus for five months, Home Depot for five months, arts and crafts store Michaels for eight months and Goodwill, the thrift store, for a year and a half.

That hackers were able to roam through JPMorgan’s computer network for two months is another sign that companies are struggling not only with keeping cybercriminals out, but with spotting them once they get in.

A spokesman for JPMorgan did not respond to a request for comment. The bank said earlier this month that hackers had compromised the data of 76 million households, but that no money or Social Security numbers were stolen and the bank hadn’t seen any unusual customer fraud.

The length of time that hackers reside on a computer system doesn’t always correlate to the number of people affected. The size of the company’s customer base also makes a difference. Target, for example, said 40 million customers had their payment card data compromised during an attack last fall that lasted just two weeks, while Michaels said that a much smaller number — 3 million people — were affected during its eight-month attack.

Still, the length of time of a data breach matters. Unlike real-life bank robbers who escape in minutes, digital bank robbers can take weeks or months before they gain access to the data they’re after.

“A lot of people think hacking happens overnight and the the bad guys break into the network and they’re done,” said Aleksandr Yampolskiy, chief executive officer of SecurityScorecard, a cybersecurity firm. “The reality is it takes a long time.”

Hackers are able to go undetected for so long because they use numerous techniques to disguise their activities. For one, they often attack computers using malicious software that doesn’t set off alarms with anti-virus programs. And once inside, they route the data they steal through a series of intermediary computers, for example at a church or a public school, according to Yampolskiy. Such computers seem innocent to security teams and avoid raising red flags by communicating directly with computers in Russia, where many hackers are based, he said.

Read More