fbpx

It has already been a record-setting year for hacking scandals, and the headlines show no signs of slowing as we reach the end of 2016. Today's hack of Netflix's Twitter account by hacking collective OurMine is only the latest development in a year that has seen digital security become an issue of national security and election year politics.

OurMine, which is "a self-described white hat security group," said it was just testing Netflix security. The group suggested Netflix contact it to find out more about the hack. OurMine tweeted its message this morning, along with an email address and logo, to the nearly 2.5 million Twitter followers of @netflix, which is Netflix's U.S. account. "At least two more hacked tweets were sent. All of them have since been deleted, presumably by the Netflix social media team," according to CNET.

In previous years, most network intrusions have targeted enterprises and large corporations. But this year we saw a much more diverse field of victims, ranging from celebrities, technology CEOs, political parties, and even the Olympics.

More Political Hacks

Perhaps one of the most disturbing trends in 2016 has been the increased use of hacking to achieve geopolitical goals. Hacking groups linked to either the Kremlin or Russian president Vladimir Putin have been accused of reverting to Cold War tactics to weaken and delegitimize countries seen as political rivals.

A hack of the World Anti-Doping Agency's database, resulting in the publication of private medical records for several U.S. athletes, was attributed to a group of Russian hackers going by the names "Team Tsar" and "Fancy Bear." The group was also accused of hacking the Democratic Party’s network to find embarrassing information about then-presidential candidate Hillary Clinton.

The attack against the Democratic Party and the Clinton campaign appear to have been part of an orchestrated effort by Russia to use cyberwarfare to undermine the U.S. electoral process. While it's impossible to say what, if any, effect the hack had on the election of Donald Trump, the hack has escalated tensions between the two countries and caused no small amount of alarm within the U.S. intelligence community.

And it isn't just national security that was in the spotlight in 2016. The year also saw a big jump in ransomware attacks, with individuals being targeted by hackers who encrypt their data in to extort cash out of them. Perhaps the largest such attack this year featured the San Francisco transit system, which was targeted by a ransomware attack that resulted in travelers receiving free rides over the Thanksgiving weekend.

Individuals in the Crosshairs

Several high-profile individuals in the technology sector have also been targets of attacks this year, including Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai. And Twitter's former CEO Dick Costolo and current CEO Jack Dorsey also suffered from hacks.

Most of these attacks seem to have come from well-known hacking collectives such as OurMine. But an independent hacker going by the handle "Lid" was able to hijack the Twitter account of Oculus CEO Brendan Iribe.

Hacks weren't just about digital defacement and a chance to embarrass political opponents, though. This year also saw the second largest bitcoin hack in history, resulting in the theft of more than $65 million of the cryptocurrency.

But it wasn't just digital currency that was stolen this year. A gang of Russian hackers also managed to break into more than 330,000 point-of-sale machines running software by Micros, an Oracle company. The hack hit cash registers used in food chains, hotels and retail stores.

And speaking of hotels, the U.S. hospitality industry suffered one of its largest hacks ever when 20 hotels owned by HEI Hotels and Resorts discovered malware running on point-of-sale machines used throughout the country. That hack may have resulted in the theft of customer data including account and credit card numbers.

This year there was even information about past traditional hacks involving the theft of users' email addresses and login information. Yahoo reported that in 2013, it suffered the largest breach in history, involving more than 1 billion user accounts. That exceeds the hack of 500 million accounts in 2014 that the company also reported this year.

Author: Jef Cozza
Source: http://www.toptechnews.com/article/index.php?story_id=132004JYDLHC

Categorized in Internet Privacy

RANSOMWARE IS MALWARE that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

TL;DR: Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom—usually demanded in Bitcoin. A popular and more insidious variation of this is ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. Last week news broke of a piece of ransomware in the wild masquerading as a porn app. The so-called Porn Droid app targets Android users and allows attackers to lock the phone and change its PIN numberwhile demanding a $500 ransom from victims to regain access.

Earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they’ve already infected it with a backdoor through which they can enter.

The Ransom Business Is Booming

Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.

Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn’t guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn’t occur.

Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe between 2005 and 2009. Many of these early schemes had a big drawback for perpetrators, though: a reliable way to collect money from victims. In the early days, online payment methods weren’t popular the way they are today, so some victims in Europe and the US were instructed to pay ransoms via SMS messages or with pre-paid cards. But the growth in digital payment methods, particularly Bitcoin, has greatly contributed to ransomware’s proliferation. Bitcoin has become the most popular method for demanding ransom because it helps anonymize the transactions to prevent extortionists from being tracked.

According to Symantec, some of the first versions of ransomware that struck Russia displayed a pornographic image on the victim’s machine and demanded payment to remove it. The victim was instructed to make payments either through an SMS text message or by calling a premium rate phone number that would earn the attacker revenue.

The Evolution of Ransomware

It didn’t take long for the attacks to spread to Europe and the US, and with new targets came new techniques, including posing as local law enforcement agencies. One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in Bitcoin, of course, and sent to an address the attackers control—the government won’t restore access to your system. Apparently the fine for committing a federal offense involving child porn is cheap, however, because Reveton ransoms are just $500 or less. Victims are given 72 hours to pay up and an email address, This email address is being protected from spambots. You need JavaScript enabled to view it., if they have any questions. In some cases they are threatened with arrest if they don’t pay. However improbable the scheme is, victims have paid—probably because the extortionists distributed their malware through advertising networks that operated on porn sites, inducing guilt and fear in victims who had knowingly been perusing pornography, whether it was child porn or not. Symantec determined that some 500,000 people clicked on the malicious ads over a period of 18 days.

In August 2013, the world of ransomware took a big leap with the arrival of CryptoLocker, which used public and private cryptographic keys to lock and unlock a victim’s files. Created by a hacker named Slavik, reportedly the same mind behind the prolific Zeus banking trojan, CryptoLocker was initially distributed to victims via the Gameover ZeuS banking trojan botnet. The attackers would first infect a victim with Gameover Zeus in order to steal banking credentials. But if that didn’t work, they installed the Zeus backdoor on the victim’s machine to simply extort them. Later versions of CryptoLocker spread via an email purporting to come from UPS or FedEx. Victims were warned that if they didn’t pay within four days—a digital doomsday clock in the pop-up message from the attackers counted down the hours—the decryption key would be destroyed and no one would be able to help unlock their files.

In just six months, between September 2013 and May 2014, more than half a million victims were infected with CryptoLocker. The attack was highly effective, even though only about 1.3 percent of victims paid the ransom. The FBI estimated last year that the extortionists had swindled some $27 million from users who did pay.

Among CryptoLocker’s victims? A police computer in Swansea, Massachusetts. The police department decided to pay the ransom of 2 Bitcoins (about $750 at the time) rather than try to figure out how to break the lock.

“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan told the Herald News.

In June 2014, the FBI and partners were able to seize command-and-control servers used for the Gameover Zeus botnet and CryptoLocker. As a result of the seizure, the security firm FireEye was able to develop a tool called DecryptCryptoLocker to unlock victims’ machines. Victims could upload locked files to the FireEye web site and obtain a private key to decrypt them. FireEye was only able to develop the tool after obtaining access to a number of the crypto keys that had been stored on the attack servers.

Prior to the crackdown, CryptoLocker had been so successful that it spawned several copycats. Among them was one called CryptoDefense, which used aggressive tactics to strong-arm victims into paying. If they didn’t fork over the ransom within four days, it doubled. They also had to pay using the Tor network so the transactions were anonymized and not as easily traced. The attackers even provided users with a handy how-to guide for downloading and installing the Tor client. But they made one major mistake—they left the decryption key for unlocking victim files stored on the victim’s machine. The ransomware generated the key on the victim’s machine using the Windows API before sending it to the attackers so they could store it until the victim paid up. But they failed to understand that in using the victim’s own operating system to generate the key, a copy of it remained on the victim’s machine.

The “malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape,” Symantec noted in a blog post.

The business of ransomware has become highly professionalized. In 2012, for example, Symantec identified some 16 different variants of ransomware, which were being used by different criminal gangs. All of the malware programs, however, could be traced back to a single individual who apparently was working full time to program ransomware for customers on request.

The Ransomware to Watch Out for Now

Recently Fox-IT catalogued what they consider to be the top three ransomware families in the wild today, which they identify as CryptoWall, CTB-Locker, and TorrentLocker. CryptoWall is an improved version of CryptoDefense minus its fatal flaw. Now, instead of using the victim’s machine to generate the key, the attackers generate it on their server. In one version of CryptoWall they use strong AES symmetric cryptography to encrypt the victim’s files and an RSA-2048 key to encrypt the AES key. Recent versions of CryptoWall host their command server on the Tor network to better hide them and also communicate with the malware on victim machines through several proxies.

CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000. CryptoWall’s authors have also established an affiliate program, which gives criminals a cut of the profit if they help spread the word about the ransomware to other criminal buyers.

CTB-Locker’s name stands for curve-Tor-Bitcoin because it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.

TorrentLocker harvests email addresses from a victim’s mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.

Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.

Author : KIM ZETTER

Source : https://www.wired.com/2015/09/hacker-lexicon-guide-ransomware-scary-hack-thats-rise/

Categorized in Internet Privacy

A recent report conducted by cybersecurity firm Recorded Future shows that most of the cybercriminals earn between $1,000 and $3,000 a month, however, 20 percent make about $20,000 per month.

According to report author Andrei Barysevich, director of Recorded Future, the data is based on a survey conducted by a closed underground community. He says the security company posted a survey while investigating invitation-only underground internet and dark web hacker forums.

“We actually saw criminals who made way more than that, $50,000 to $200,000 a month,” Barysevich said. “This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars, and nice clothes.”

The researcher said he was quite surprised how many cybercriminals participated in the survey (a couple of hundreds), and revealed details how they worked anonymously. However, the results did not surprise him.

“What we saw actually supported our previous research,” he said. “Recorded Future has been gathering information about cybercriminals for years. Our job involves engaging with cybercriminals and we talk to them all the time. And they share with us quite intimate details, which city they are in if they actually have a regular job if they have families. And we see a lot of weird stuff.”

Barysevich added that most cybercriminals work part time and for some of them, cybercrime is a family business.

“We’ve seen several generations that engaged in cybercriminal activity,” the researcher said. “We’ve seen messages between bad guys, with one guy complaining that today his wife was only able to purchase cheap electronics with stolen credit cards, worth a few hundred dollars, while as his father was doing Internet crime.”

According to Barysevich, the biggest demographic group are individuals with no criminal records, no ties to organized crime, with steady jobs. Many of these hackers got involved in cybercrime while they were in college and continued their operation afterward. However, the director of Recorded Future added, the most dangerous cybercriminals are those who run criminal syndicates.

“Team members tend to have strong ties in real life and often are respected members of their communities, viewed by many as successful businessmen and entrepreneurs,” the report goes by. “The group will often have a diversified investment portfolio and maintain a presence in real estate, hospitality, and auto-related businesses.”

“They are not dilettantes,” Barysevich said. “They are professionals, but in real life, and in cybercrime. They plan their operations very carefully, they have trusted people on the team of different professionals, so they have lawyers and ex-law enforcement officers. They also have professional forgers if they need to establish shell companies and need fake documents. They have people responsible for money laundering. They have real estate developers that help them build a legitimate business empire on the profits they make from illegal activities.”

 

Barysevich added that cybercriminal organizations mirror traditional mafia groups.

Author:  BENJAMIN VITÁRIS

Source:  https://www.deepdotweb.com/2016/12/14/report-cybercriminals-make-1000-3000-per-month

Categorized in Deep Web

Cybercriminals are now targeting entire banking networks instead of individual accounts. Hackers have successfully tricked several ATMs into emptying their stash of currency notes without using any credit or debit card. The FBI has confirmed it is monitoring reports about such synchronized cyber-attacks that might intend to target the U.S. financial sector.

After recent cyber-attacks targeting Automated Teller Machines (ATMs) in Taiwan and Thailand, the Federal Bureau of Investigation (FBI) has cautioned American banks and financial institutions that similar attacks might soon happen on their systems and machines. According to international reports, cybercriminals have so far managed to withdraw millions in foreign currency by tricking the ATMs.

Reports indicate organized gang members merely surround ATMs at a predetermined hour, collect the cash that the machines spew out in one go, and make away with millions of dollars’ worth of currency without even touching the machine or inserting any debit or credit card. It is apparent the criminals are no longer attempting to con unsuspecting citizens and stealing their hard earned cash by making copies of their credit cards.

Instead of attempting to dupe several small accounts, the hackers are now going straight to the source. Reports suggest criminals with knowledge of banking systems, and more specifically, how the ATMs operate, are inserting malicious code within the Operating System (OS) that triggers multiple ATMs to spit out cash at a preset time. Gang members merely stand by in anticipation to collect the bills, reported The Next Web.

How do the cybercriminals operate? The FBI has learned that it was a Russian gang, known as Buhtrap, that developed the software. Cyber security agencies believe these gangs perfected their software by targeting small Russian banks. Once the software was able to compromise the security of the ATMs, the gangs gradually expanded their operations to other countries.

The cybercriminals look for virtual weaknesses in digital systems that process transactions on banking payment networks. However, banks routinely outsource the job of ATM maintenance, including cash handling, to a third party. The hackers have been known to have hit such ATM networks that are managed by third-party agencies.

Banks became aware of the crime after reports started pouring in about loose currency lying unclaimed on the floor. The currency notes lying scattered in cabins that house ATMs raised suspicion, and forced the banks to launch an internal investigation. When the banks complained to the police, the sheer enormity of the crime began to surface. Initially, the police were baffled because “ATMs were abnormally spitting out bills.”

The epicenter of the crimes might have been Russia, but cybercriminals were found to be active in Taiwan and Thailand. Experts believe the cities were primarily targeted because they are always teeming with foreigners on vacation. The bustling cities offer several ways to grab the cash and escape through the many lanes and crowded intersections. According to Taipei’s police, cyber thieves have managed to steal more than $300 million.

So far, the criminals have managed to compromise PC1500 ATMs, built by Wincor Nixdorf AG of Germany, reported The Wall Street Journal. Surprisingly, law enforcement officials believe the cybercriminals managed to compromise the ATMs by sending fraudulent “phishing” emails disguised to look like messages from ATM vendors or other banks, reported Security Newspaper.

While banks and financial institutions in the United States are believed to be better protected, as well as more regularly updated, the ATMs are often run on antiquated software. Since updating the OS and other security measures on the ATMs is a very time consuming and expensive affair, they are usually one of the last devices to undergo a digital overhaul. However, given the rising number of cyber attacks that are targeting the banks directly, the financial institutions could soon expedite the process to better protect their ATMs and backend banking process.

Source : http://www.inquisitr.com

Author : Patrick

Categorized in Internet Technology

If, like me and my clients, you ever receive an email about a domain name expiration, proceed with great suspicion — because many of these "notices" are a sham. They're designed to sell you services you don't need or to trick you into transferring your domain name to another registrar.

Usually, the emails can safely be ignored.

Here's an example:

As shown in the image above, an important-looking email from "Domain Service" refers to a specific domain name in the subject line. The body of the email states that it is an "EXPIRATION NOTICE." However, the finer print states that the expiration is not for the domain name registration itself but instead for "search engine optimization submission" — services that the recipient of the email has never purchased (and probably doesn't want).

Many recipients of these emails likely click the payment link thinking they should do so to ensure that their domain names don't expire.

While this is obviously misleading, it isn't new.

In 2010, the U.S. Federal Trade Commission warned about these frauds in a press release titled "FTC Halts Cross Border Domain Name Registration Scam." The FTC said:

The Federal Trade Commission has permanently halted the operations of Canadian con artists who allegedly posed as domain name registrars and convinced thousands of U.S. consumers, small businesses and non-profit organizations to pay bogus bills by leading them to believe they would lose their Web site addresses unless they paid. Settlement and default judgment orders signed by the court will bar the deceptive practices in the future.
In June 2008, the FTC charged Toronto-based Internet Listing Service with sending fake invoices to small businesses and others, listing the existing domain name of the consumer's Web site or a slight variation on the domain name, such as substituting ".org" for ".com." The invoices appeared to come from the businesses' existing domain name registrar and instructed them to pay for an annual "WEBSITE ADDRESS LISTING." The invoices also claimed to include a search engine optimization service. Most consumers who received the "invoices" were led to believe that they had to pay them to maintain their registrations of domain names. Other consumers were induced to pay based on Internet Listing Service's claims that its "Search Optimization" service would "direct mass traffic" to their sites and that their "proven search engine listing service" would result in "a substantial increase in traffic."The FTC's complaint charged that most consumers who paid the defendants' invoices did not receive any domain name registration services and that the "search optimization" service did not result in increased traffic to the consumers' Web sites.

And, in 2014, ICANN issued a similar warning, "Be Careful What You Click: Alert of New Fraudulent Domain Renewal Emails." In its alert, ICANN said:

Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to "click here" to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN's branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.

Here are some simple steps to avoid falling for these types of scams:

  • Check your domain name registrations to ensure that the email contacts in the "whois” records are accurate and that, in the case of domain names owned and used by companies, only current personnel educated about the domain name system are listed as contacts (because the fraudsters send their notices to contacts in the whois records).
  • Don't click on any links in a suspicious email about a domain name "expiration." These links typically contain tracking technology that enable the sender to identify the simple fact that you have clicked — which could increase the likelihood you will receive further notices or spam.
  • If you are truly concerned that a notice may be legitimate or that your domain name may be at risk of expiring, simply check its expiration date in the whois record. Then, confirm with your current registrar that the domain name is set to auto-renew (if desired) and that your payment information is accurate. If you plan to keep the domain name for a long time, consider renewing it for the longest possible term (often 10 years).
  • Set your domain name's lock status (at your registrar) to help prevent unauthorized transfers. To see whether your domain name is locked, look for a status such as "clientTransferProhibited" in the whois record.
  • And, of course, simply delete any suspicious "expiration" emails.

Author:  Doug Isenberg

Source:  http://www.circleid.com/

Categorized in Internet Privacy

Franchises, resellers, customer service, collaboration tools, and training -- professional hacking organizations are now operating like any other business.

The clichéd image of a cybercriminal is one of a lone hacker, huddled over a computer in their parent's basement. Today, that stereotype couldn't be further from the truth, because -- now more than ever -- cybercrime is carried out by gangs running sophisticated operations.

The most organized criminal groups, such as those active on the dark web, are operating like legitimate businesses, with departmentalized teamwork, collaboration tools, training, and even service agreements between malicious software providers and their hacker customers.

"When you start to see malware kits that have customer service agreements and warranties associated with them, you know that you've moved into a pretty professional space," says Nathaniel J Gleicher, former director for cybersecurity policy for the White House's National Security Council.

 Like the legitimate software market, cybercrime is now a huge economy in its own right, with people with a range of skillsets working together towards one goal: making money with illicit hacking schemes, malware, ransomware, and more. It's essentially an extension of 'real world' crime into cyberspace, and it's come a long way in recent years as groups have become bigger, more specialized, and more professional.

"There's been a substantial amount of improvement and innovation in the way attackers go after networks and, as cybercrime has professionalized, you've seen individuals develop a particular set of skills which fit into a broader network," says Gleicher, now head of cybersecurity strategy at Illumio.

"You have people who are managing and distributing credit card information, people who are cracking bank accounts, people who are managing remote access toolkits, to people who specialize in social engineering. There're very specific skillsets," he adds.

But it's not just gangs of hackers anymore: the cybercriminal ecosystem has evolved to the extent that it supports roles you'd expect to find in any large business.

"Advanced cybercrime groups now mirror legitimate organizations in the way they operate, with networks of partners, associates, resellers, and vendors. Some groups even deploy call center operations to ensure maximum impact for their scamming efforts," says Sian John, chief strategist for EMEA at Symantec.

That overlap with the world of business is also true of the tools cybercriminals use to communicate and collaborate, with different groups -- whether they're responsible for orchestrating phishing campaigns or stealing and cloning card data -- coordinating their actions for maximum effect.

"They're very much acting like a business. We're seeing that they very much collaborate and communicate via encrypted instant messaging systems," says Jens Monrad, senior intelligence analyst at FireEye.

However, such systems aren't open to anyone, as the dark web is still very much a closed space. "They're still using various internet forums, some which are only available if you have enough street credibility or that you have to pay for to demonstrate how you're willing to collaborate on their terms," Monrad says.

Terms and conditions have very much become a part of the increasingly professionalized world of cybercrime, where cybercriminals are now leasing out or franchising their malicious software as a service and making just as much money -- if not more -- than when they were selling it themselves.

"The franchises take that technology, but rather than hosting it in the country where it's being developed, they'll ask the developers if they can take some of their services and host them in places they can't get to and let them take a cut. It's exactly the same as an independent software company: they have their own channel programme," says Bharat Mistry, cybersecurity consultant at Trend Micro, who describes such operations as "full-on enterprises on the underground".

This practice of hosting services to allow foreign cyberattackers to more easily commit cyberattacks against local targets has been observed in China and Russia. It's systemic of what has become a global trade meaning, like the largest enterprises, cybercriminal outfits are able to operate around the clock.

With 24-hour operations in what looks increasingly like a service-based business, cybercriminals are even recruiting people to work as customer service operatives -- although many of these 'employees' will be unaware they're working for a criminal group.

"Some groups deploy call center operations to ensure maximum impact on their scamming efforts and, in some instances, employees of the call center are oblivious to the fact they are working for criminal groups executing low-level campaigns like tech support scams," says Symantec's Sian John.

If traced by the authorities, the people unwittingly aiding these criminal activities might be fined or worse. But while these individuals might be discovered, the gangs they are working for often remain in the shadows.

 Cybercrime credentials

While those at the bottom are unskilled, the professionalization of cybercrime has brought about another initiative you'd expect to see in any legitimate business operation: training courses. These programs are offered on the dark web in exchange for Bitcoin, the preferred currency of organized cybercriminal groups.

"There are online training courses you can pay for which show you how to go about hacking a website and infiltration. Everything which happens in physical enterprises is happening in the cybercriminal underground," says Trend Micro's Mistry, adding "it's only a matter of time" before this becomes a widespread activity within the professional cybercriminal economy.

You can download our full special report as a PDF in magazine format. It's free to registered ZDNet and TechRepublic members.

"We should assume any training techniques which are being used in legitimate organizations are being used in cybercriminal organizations as well," agrees Illumio's Gleicher.

Gleicher investigated and prosecuted cybercriminals during his time at the US Department of Justice and therefore has first-hand experience of just how sophisticated these schemes have become.

"What I found most interesting in the rise of professionalization is, as you're tracking these institutions, you quickly find they're based in multiple countries and they have sophisticated coordination frameworks to work together," he says.

What he took away from the experience was that cybercriminal operations are becoming increasingly niche, with groups conducting every type of cyberfraud using strategic business techniques that rival those used within corporations.

"They're working together in this really clockwork way, they'll specialize. So if you see an organization which runs fraud scams, something as simple as selling fake cars online, they're going to specialize in that and they're going to have teams of people creating legitimate looking websites, and teams of people communicating with prospective buyers who have effective enough English to appear legitimate," Gleicher says.

These trends suggest that hacking and cybercrime are no longer the domain of individuals seeking to make a nuisance of themselves. Cybercrime is now an industry involving major criminal groups, with ecosystems as well-structured as the corporations they're likely attempting to target. Organizations must therefore ensure their own defenses are up to fighting this threat.

Source : zdnet

Categorized in Internet Privacy

Following a cyberattack at a local healthcare facility, Rhode Island Sen. Sheldon Whitehouse introduced legislation to deal with such cybercrime.

According to NBC News, a ransomware attack compromised the personal healthcare information of 14,000 New Englanders. Whitehouse claimed, in an interview with NBC, that the hack happened “just last month.” However, HealthITSecurity wrote that the actual breach occurred between September 23, 2014 to August 28, 2015.

Advertisment

become-an-internet-research-specialist

Whitehouse’s legislation, called the Botnet Prevention Act, was introduced to end this type of cybercrime in America.

During the interview, Whitehouse described botnets as an army of malicious computers, working towards the same goal. “You can do things like have every single one of those computers go hit a website, or go overload traffic to a hospital,” Whitehouse said.

Senator Lindsey Graham, the initial sponsor of the bill, explained the Botnet Prevention Act (BPA) would benefit the Justice Department. The DoJ would have expanded civil injunction authority to tear down these malicious networks, Graham explained at a Senate hearing. New criminal charges would be implemented for those who sell or rent out botnets. Similarly, the penalties for cybercrimes against critical infrastructure would be raised.

The new bill proposes changes that go far beyond the scope of the current Computer Fraud and Abuse Act. Under the Computer Fraud and Abuse Act, the DoJ may only issue civil injunctions for specific botnet crimes. Graham explains that the current law lacks language related to modern botnet infrastructure and usage. Renting or selling botnets currently resides in a legal grey area and the BPA would change this.

Whitehouse claimed that the DoJ knows where these botnets are being built but are legally under-equipped.

“There is no such thing as a good botnet, and so we should be about the business of taking them all down,” Whitehouse said.

“It has a lot of bipartisan support, as far as I’m concerned there’s no such thing as ‘too soon,’” Whitehouse said. The legislation, according to Congress, has one Republican sponsor and two Democrat co-sponsors. Whitehouse believes this support could push the legislation to pass by the end of the year.

In October 2015, Whitehouse pushed another amendment to the Computer Fraud and Abuse Act. The proposed legislation was controversially pulled due to vague and ambiguous phrasing that potentially violated internet privacy. He later spoke angrily about the rejection of his changes.

C-Span has the entire event recorded online with an automated transcription. Referring to the flaws in the current Computer Fraud and Abuse Act, Whitehouse says:

THAT’S A LOOPHOLE THAT HARMS AMERICANS THAT THIS BILL WOULD CLOSE. I CAN’T BELIEVE THERE’S ONE MEMBER OF THIS INSTITUTION WHO WOULD OPPOSE CLOSING A LOOPHOLE THAT ALLOWS FOREIGN CRIMINALS ACCESS TO AMERICANS’ FINANCIAL INFORMATION FOR FRAUDULENT PURPOSES BUT PUTS THEM BEYOND THE REACH OF OUR CRIMINAL LAW. THAT’S ONE PART OF WHAT OUR BILL DOES. THE SECOND IS IT RAISES PENALTIES FOR PEOPLE WHO INTRUDE ON CRITICAL INFRASTRUCTURE.

Privacy advocates have already voiced concerns for the BPA. The EFF and ACLU are among several who publicly signed a letter to Congress regarding the bill.

“What we need is reform that reigns in the CFAA, not a measure that makes things worse,” the letter said.

Source : deepdotweb

Categorized in Internet Ethics
Page 2 of 2

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.