On Q Professional Investigations

IN 2016, TIM Cook fought the law—and won.

Late in the afternoon of Tuesday, February 16, 2016, Cook and several lieutenants gathered in the “junior boardroom” on the executive floor at One Infinite Loop, Apple’s old headquarters. The company had just received a writ from a US magistrate ordering it to make specialized software that would allow the FBI to unlock an iPhone used by Syed Farook, a suspect in the San Bernardino shooting in December 2015 that left 14 people dead.

The iPhone was locked with a four-digit passcode that the FBI had been unable to crack. The FBI wanted Apple to create a special version of iOS that would accept an unlimited combination of passwords electronically, until the right one was found. The new iOS could be side-loaded onto the iPhone, leaving the data intact.

But Apple had refused. Cook and his team were convinced that a new unlocked version of iOS would be very, very dangerous. It could be misused, leaked, or stolen, and once in the wild, it could never be retrieved. It could potentially undermine the security of hundreds of millions of Apple users.

In the boardroom, Cook and his team went through the writ line by line. They needed to decide what Apple’s legal position was going to be and figure out how long they had to respond. It was a stressful, high-stakes meeting. Apple was given no warning about the writ, even though Cook, Apple’s top lawyer, Bruce Sewell, and others had been actively speaking about the case to law enforcement for weeks.

The writ “was not a simple request for assistance in a criminal case,” explained Sewell. “It was a forty-two-page pleading by the government that started out with this litany of the horrible things that had been done in San Bernardino. And then this . . . somewhat biased litany of all the times that Apple had said no to what were portrayed as very reasonable requests. So this was what, in the law, we call a speaking complaint. It was meant to from day one tell a story . . . that would get the public against Apple.”

The team came to the conclusion that the judge’s order was a PR move—a very public arm twisting to pressure Apple into complying with the FBI’s demands—and that it could be serious trouble for the company. Apple “is a famous, incredibly powerful consumer brand and we are going to be standing up against the FBI and saying in effect, ‘No, we’re not going to give you the thing that you’re looking for to try to deal with this terrorist threat,’” said Sewell.

They knew that they had to respond immediately. The writ would dominate the next day’s news, and Apple had to have a response. “Tim knew that this was a massive decision on his part,” Sewell said. It was a big moment, “a bet-the-company kind of decision.” Cook and the team stayed up all night—a straight 16 hours—working on their response. Cook already knew his position—Apple would refuse—but he wanted to know all the angles: What was Apple’s legal position? What was its legal obligation? Was this the right response? How should it sound? How should it read? What was the right tone?

Read More

Cybercrime sounds like something done in a dark room by a group of hackers.

But according to the law, using a fraudulent account number to buy something on Amazon is a cybercrime, and the 2nd Judicial District Prosecutor’s Office is making sure people pay for their crimes.

Assistant Prosecutor Grant DeProw told The Jonesboro Sun his office is looking at establishing a circuit court cybercrime fee that could be as much as $500.

“Any offenses that are computer related will have a fee attached to it along with the original punishment,” DeProw said.

DeProw said in 2017 Arkansas legislators passed a bill that allowed them to add a cybercrime fee to almost any felony that requires special electronic investigation.

According to AR Code 5-4-706, a circuit court can assess an additional fee of up to $500 for each applicable felony conviction for an offense that involved the use of a computer, an electronic device or the internet; and the investigation of which expended specialized law enforcement personnel or materials designed to investigate offenses involving a computer, an electronic device or the internet.

Cybercrimes range from possession of child pornography and cyber-attacks to nonpayment or non-delivery scams.

“If it requires someone who received specialized training or special equipment, then it would be eligible for the fee,” DeProw said. “This includes identity theft and the use of stolen debit cards.”

Read More

Not that they knew him personally, but Taylor Huddleston, a 27-year-old from Hot Springs, Arkansas, was for a time very popular among the world’s cyber criminals, thanks to a malicious piece of software he created called NanoCore RAT.

That malware allowed hackers to steal sensitive information from victims’ computers, including account numbers and passwords, and even allowed them to secretly activate the webcams of infected computers to spy on unsuspecting victims.

“Basically, the malicious software compromises victim computers and steals information,” said a special agent from the FBI’s Washington Field Office who investigated the case. “The NanoCore RAT has the ability to control a victim’s computer.”

This type of malware—a Remote Access Trojan (RAT)—is all the more insidious because in most cases victims have no idea their computers have been compromised. According to court documents, NanoCore RAT was used to infect and attempt to infect more than 100,000 computers.

RATs are not only a threat to individual users but to commercial enterprises as well. And if hackers decide to target U.S. infrastructure using this malware, the agent said, “there is a potential for national security implications.”

Huddleston had the skills to develop malicious software. “There are many cyber criminals out in the world,” the agent said. “Many are not sophisticated in terms of developing a new malware. Instead, they would rather purchase malware to carry out their crimes.”

Read More

A recently closed California hacking and identity theft case sadly illustrates the misery that can be visited on unsuspecting victims when their personal information is compromised.

Between 2011 and 2014, four U.S. citizens who resided in San Diego—but carried out their crimes from across the Mexican border in Tijuana—hacked the computer servers of major U.S. mortgage brokers, stealing detailed loan application information from thousands of customers and then using the victims’ Social Security numbers, addresses, dates of birth, and driver’s license numbers to open unauthorized lines of credit and take over and drain victims’ retirement accounts.

“The damage crimes like these have on victims, the economy, and society in general are significant,” said Special Agent Chris Christopherson, who investigated the case from the FBI’s San Diego Division. “Individuals had their finances wrecked and their credit destroyed, through no fault of their own. For many of them,” he added, “the impacts are still being felt.”

One of the fraudsters in the conspiracy, John Baden, was the chief hacker. He infiltrated mortgage companies using a common hacking technique known as “fuzzing,” which works by overloading a web server with massive amounts of data that can lead to the server revealing security loopholes.

Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. Then it was simple for him and his conspirators to wire funds—sometimes up to $30,000 at a time—from the victims’ accounts to accounts they controlled.

Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme, Christopherson said. A second part of the scheme involved extensive credit fraud. The criminals used victims’ detailed personal information to set up bogus lines of credit and retail credit card accounts to which they charged thousands of dollars for goods and services. Most of the proceeds from the sale of items in these crimes were used to buy drugs.

Read More

As the holiday shopping season officially gets underway, the FBI would like to take this opportunity to warn shoppers to be aware of the increasingly aggressive techniques of cyber criminals who want to steal your money and your personal information.

For example, watch out for online shopping scams—criminals often scheme to defraud victims by offering too-good-to-be-true deals, like brand name merchandise at extremely low discounts or gift cards as an incentive to buy a product. Beware of social media scams, including posts on social media sites that offer vouchers or gift cards or that pose as holiday promotions or contests. Always be careful when downloading mobile applications on your smartphone—some apps, disguised as games and offered for free, maybe be designed to steal personal information. And if you’re in need of extra cash this time of year, watch out for websites and online postings offering work you can do from home—you may actually become the victim of an advance fee, counterfeit, or pyramid scheme, or become an unknowing participant in criminal activity.

Here are some additional steps you can take to avoid becoming a victim of cyber fraud this season:

Check your credit card statement routinely, and ensure websites are secure and reputable before providing your credit card number;
Do your research to ensure the legitimacy of the individual or company you are purchasing from;
Beware of providing credit card information when requested through unsolicited e-mails;
Avoid filling out forms contained in e-mail messages that ask for personal information;
Never click on links contained within unsolicited e-mails;
Verify any requests for personal information from any business or financial institution by contacting them directly;
Be cautious of e-mails claiming to contain pictures in attached files, especially unsolicited e-mails—the files may contain viruses; and
Be leery if you are requested to act quickly or told there is an emergency (fraudsters often create a sense of urgency).
If you suspect you have been victimized, contact your financial institution immediately, contact law enforcement, and file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

Read More

The FBI is investigating a cyber intrusion affecting the information technology and data systems of the federal government’s Office of Personnel Management, or OPM.

In a June 4 press release notifying federal employees of the incident, OPM said the agency has partnered with the Department of Homeland Security and the FBI to determine the intrusion’s full impact on federal personnel. OPM said it will send notifications to approximately four million individuals whose personal information may have been compromised.

OPM’s press release included guidance for affected individuals, as well as tips to avoid becoming a victim.

In a June 4 statement confirming its role in the investigation, the FBI said, “We take all potential threats to public and private sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace.”

OPM press release | FBI statement

View Source

As the latest health insurer to be breached, Premera Blue Cross has revealed that it discovered a sophisticated cyber attack that tried to gain unauthorized access to their IT systems on January 29, 2015. The initial attack occurred on May 5, 2014. The company notified the FBI and is working with the cybersecurity firm Mandiant to investigate and repair the damage done by the attack.

Attackers may have gained unauthorized access to applicants and members’ information, which could include member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information, Premera said.

“About 6 million of the people whose accounts were accessed are residents of Washington state, where customers include employees of Amazon.com Inc, Microsoft Corp and Starbucks Corp, according to Premera. The rest are scattered across every U.S. state,” Reuters reports.

ENTRIES OPEN:
Establish your company as a technology leader. For 50 years, the R&D 100 Awards, widely recognized as the “Oscars of Invention,” have showcased products of technological significance. Learn more.

As explained by KrebsOnSecurity, “Mandiant specializes in tracking and blocking attacks from state-sponsored hacking groups, particularly those based in China.”

It goes on, “There are indications that this may be the work of the Chinese espionage group tied to the breach disclosed earlier this year at Anthem, an intrusion that affected some 78 million Americans.”

View Source

NEW YORK — A hacking ring has stolen up to $1 billion from banks around the world in what would be one of the biggest banking breaches known, a cybersecurity firm says in a report scheduled to be delivered Monday.

The hackers have been active since at least the end of 2013 and infiltrated more than 100 banks in 30 countries, according to Russian security company Kaspersky Lab.

After gaining access to banks’ computers through phishing schemes and other methods, they lurk for months to learn the banks’ systems, taking screen shots and even video of employees using their computers, the company says.

Once the hackers become familiar with the banks’ operations, they use that knowledge to steal money without raising suspicions, programming ATMs to dispense money at specific times or setting up fake accounts and transferring money into them, according to Kaspersky. The report is set to be presented Monday at a security conference in Cancun, Mexico. It was first reported by The New York Times.

The hackers seem to limit their theft to about $10 million before moving on to another bank, part of the reason why the fraud was not detected earlier, Kaspersky principal security researcher Vicente Diaz said in a telephone interview with The Associated Press.

The attacks are unusual because they target the banks themselves rather than customers and their account information, Diaz said.

The goal seems to be financial gain rather than espionage, he said.

“In this case they are not interested in information. They’re only interested in the money,” he said. “They’re flexible and quite aggressive and use any tool they find useful for doing whatever they want to do.”

Most of the targets have been in Russia, the U.S., Germany, China and Ukraine, although the attackers may be expanding throughout Asia, the Middle East, Africa and Europe, Kaspersky says. In one case, a bank lost $7.3 million through ATM fraud. In another case, a financial institution lost $10 million by the attackers exploiting its online banking platform.

Kaspersky did not identify the banks and is still working with law-enforcement agencies to investigate the attacks, which the company says are ongoing.

The Financial Services Information Sharing and Analysis Center, a nonprofit that alerts banks about hacking activity, said in a statement that its members received a briefing about the report in January.

“We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimize any effects on their customers,” the organization said in a statement. “The report that Russian banks were the primary victims of these attacks may be a significant change in targeting strategy by Russian-speaking cybercriminals.”

Read More

Most people know not to click on suspicious links from strangers, but suspicious links from friends are more of a marginal case. Malefactors are currently using Steam, Valve’s popular PC gaming platform, to spread malware by hiding a nasty program in a supposedly innocuous screenshot that looks like it is coming from a trusted friend.

Security expert Graham Cluley shared the story, which one of his readers brought to his attention. The malware comes via Steam’s built-in chat client and, in all likelihood, will appear to come from someone you know.

If you receive a message on Steam that reads “WTF?????” and links to a JPEG image called “screenshot,” steer clear and inform your friend that he or she needs to run a virus scan posthaste. The link leads not to a strange picture, but rather to an executable SCR file.

Once clicked, the file will download and install automatically. This particular SCR file targets Steam, meaning it may be able to steal your login and financial information. At the very least, it compromises your Friends list and sends the malware-ridden “WTF” message to all of your contacts.

Worse still, only about half of antivirus programs seem capable of detecting the malware. While AVG, Malwarebytes, Kaspersky, Sophos and Symantec users are in the clear, those who rely on Microsoft, TrendMicro, Kingsoft or AegisLab are out of luck. The best solution for them would be to download the free version of AVG or Malwarebytes and run it with extreme prejudice.

This is not the first time that malware has targeted Steam users, suggesting that the platform is still not perhaps as secure as it could be. PC gamers should double-check with their friends before clicking on links that look out-of-the-ordinary.

Read More

At a cybersecurity convention in Hamburg last week, the “Chaos Computer Club” demonstrated how it can mimic a fingerprint just by analyzing photographs.

Fingerprints have been recreated from smudges on windows and other smooth surfaces. In the past, forgers have used tape, a scanner, some plastic material and glue to build a gummy fingerprint that can fool scanners.

But the Chaos Computer Club says this is the first time fingerprints have been spoofed from afar. The group’s leader, known as “Starbug,” said he was able to recreate the thumbprint of the German Minister of Defense Ursula von der Leyen, from several news photos.

The hack isn’t terribly complicated, but it’s also not something most people would have the patience or ability to pull off. Starbug printed the fingerprint from the photos onto tracing paper, copied it onto a plastic board, covered it in graphite and made a dummy print by coating the plastic in wood glue.

Not easy. Still he made a dummy fingerprint from a photo. Impressive.

In one demonstration, the dummy print was able to trick Apple’s (AAPL, Tech30) TouchID (which controls Apple Pay).

“There will be no need to steal objects carrying the fingerprints anymore,” the group said in a preview of the event. “After this talk, politicians will presumably wear gloves when talking in public.”

The Club said the presentation calls into question the validity of fingerprint security systems. It would be difficult to do anything useful with the German Defense Minister’s fingerprints, but you could use the hacking method to get into your friend’s iPhone.

Read More