Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for September 2019

German Police Bust Dark Web Hosting Cyber-Bunker Business

German Police Bust Dark Web Hosting Cyber-Bunker Business

Hundreds of servers used to support child pornography, cybercrime, and the sale of illegal drugs have been seized in a police raid on a former NATO bunker in Germany.

German authorities arrested thirteen people between the ages of 20 and 59 on Friday after busting up a dark web hosting operation being run from a heavily fortified five-floor military bunker in the peaceful riverside town of Traben-Trarbach. 

After breaking through an iron door to gain access to the temperature-controlled bunker, 600 police searched the 1.3-acre premises and found around 200 servers stored in stacks together with disks, mobile phones, documents, and a large sum of cash. 

A 59-year-old Dutchman, who purchased the bunker in 2013, is thought to be the owner and operator of the business, which offered secured "bulletproof" website hosting to illegal businesses and concealed their activities from authorities. Sites linked to the bunker include illegal online drug stores Cannabis Road, Orange Chemicals, and Wall Street Market, formerly the second-largest global marketplace for drugs, where users could also buy hacking tools and financial-theft ware.

Suspects arrested in connection with the raid are thought to have links to organized crime and are likely to be named as accessories to over 250,000 offenses involving money counterfeiting, drugs, data mining, forged documents, and the distribution of child pornography.

Seven of the people arrested are being held in custody, with two thought to hold previous convictions for running a similar business out of a former military bunker in the Netherlands, which was sold as CyberBunker. 

Regional criminal police chief Johannes Kunz said, "I think it’s a huge success . . . that we were able at all to get police forces into the bunker complex, which is still secured at the highest military level. We had to overcome not only real, or analog, protections; we also cracked the digital protections of the data center."

Since the operation of the bunker hosting service isn't illegal per se, German authorities must prove the suspects arrested were aware of the illegal behavior of the hosted businesses to secure a conviction. Evaluating the stored data to determine this could take anywhere from months to years. 

Commenting on the raid, Vectra's head of security, Chris Morales, said: "We need to see more collaboration like this which involves the coordination between digital forensics and investigation and physical police enforcement. I applaud all of the German law enforcement agencies involved on a job well done."

Source: Information Security Magazine

Hiding a Data Breach Can Derail an Acquisition

Hiding a Data Breach Can Derail an Acquisition

Companies can drive down their value by hiding or mishandling data breaches, according to research by the world's largest nonprofit association of certified cybersecurity professionals, (ISC)².

Researchers questioned 250 mergers and acquisitions (M&A) experts based in the US to determine how important a company's cybersecurity program and breach history is in deciding its value ahead of a potential purchase. 

Findings shared in the Cybersecurity Assessments in Mergers and Acquisitions report, released today, revealed that 49% of M&A experts have seen deals derailed after due diligence brought an undisclosed breach to light. 

Researchers also found that 86% of respondents said if a company publicly reported a breach of customer or other critical data in its past, it would detract from the acquisition price assigned. However, if that breach was satisfactorily addressed and fixed, and any potential fines were already paid, 88% said it would minimize the negative impact to the overall valuation.

"While every company needs to make their own decisions regarding proper data breach disclosure policies, the research clearly shows that in the context of a possible sale, not being transparent about past breaches can literally kill a potential deal, or can seriously affect the ultimate sale price," John McCumber, director of cybersecurity advocacy, North America, for (ISC)², told Infosecurity Magazine.

Having strong cybersecurity can give a company the edge over a competitor. Researchers found that 77% of experts had recommended a particular company be acquired over another because of the strength of its cybersecurity program.

The report is a reality check for companies who think a lackluster approach to cybersecurity won't diminish their stock. All respondents stated that cybersecurity audits are now a standard practice in arriving at a dollars and cents valuation, and 96% said that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target.

"While most companies would rather not experience a breach in the first place, the study shows that those who deal with one, handle it well, and make adjustments to policies in order to limit their chances of a recurrence are looked at more favorably by potential buyers than those who seem doomed to repeat their mistakes," McCumber told Infosecurity Magazine.

"Each deal is different. But what our report indicates is that in order to maximize the value of a deal, the acquisition target should ideally self-audit their cybersecurity program and readiness level in advance."

Source: Information Security Magazine

Pennsylvania Might Be Second State to Criminalize Cyber-Flashing

Pennsylvania Might Be Second State to Criminalize Cyber-Flashing

Pennsylvania could follow Texas to become the second US state to make cyber-flashing illegal. 

Philadelphia County state representative Mary Isaacson told Infosecurity Magazine that she plans to introduce a bill to ban the unsolicited electronic transmission of sexually explicit and obscene images in the Keystone State at the end of October.

Isaacson sent a memorandum to all 203 members of the Pennsylvania House of Representatives on September 20, calling for them to co-sponsor her proposed legislation. 

"Despite the success of the #MeToo movement, sexual harassment remains a serious problem in our society, particularly due to online forms of sexual harassment. 20% of women and 10% of men ages 18 to 29 report having been sexually harassed online," wrote Isaacson in the memorandum, before calling on members to "please join me in combatting online sexual harassment and ensuring the dignity of all Pennsylvanians."

Speaking to Infosecurity Magazine, Isaacson said that although she hadn't personally received any unsolicited sexually explicit images, she had heard stories from her children about cyber-flashing experienced by their peers. 

"I represent a lot of millennials, and I am a parent of two teens. I worry for my son and my daughter," said Isaacson. "With Air Dropping technology, if a group of teens are at a concert, someone there can send them obscene images that the teens will see whether they have given permission or not. Their privacy is being invaded when they are just trying to have a good time."

Asked what she thought drove people to become cyber-flashers, Isaacson said: "I think that it's their psychology, that they do it to bully and intimidate people and invade their privacy. It's a very serious societal problem that affects everyone, men as well as women."

Isaacson's proposed legislation follows the passage of House Bill 2789 into law in Texas on August 31 this year. Under the new law, the electronic transmission of sexually explicit material without the recipient's consent became a Class C misdemeanor, punishable by a fine of up to $500.

Describing how her bill will differ from what was passed in the Lone Star State, Isaacson said: "Right now, it's modeled after what was done in Texas, but it could possibly change."

Isaacson, who was on the road when speaking to Infosecurity Magazine, was unable to state exactly how many members had answered her co-sponsorship call. However, the state representative was able to confirm that her proposed legislation has secured bipartisan support.

Source: Information Security Magazine

BlackBerry Launches New Cybersecurity Development Labs

BlackBerry Launches New Cybersecurity Development Labs

Security software and services company BlackBerry Limited has announced the launch BlackBerry Advanced Technology Development Labs (BlackBerry Labs), a new business unit operating at the forefront of research and development in the cybersecurity space.

The Labs will be led by CTO Charles Eagan and will include a team of over 120 software developers, architects, researchers, product leads and security experts working to identify, explore and create new technologies to ensure BlackBerry is on the cutting edge of security innovation.

The company stated that initial projects from BlackBerry Labs will focus on machine learning approaches to security in partnership with BlackBerry’s existing Cylance, Enterprise and QNX business units.

“The establishment of BlackBerry Labs is the latest in a series of strategic moves we’ve taken to ensure our customers are protected across all endpoints and verticals in the new IoT,” said Charles Eagan, BlackBerry CTO. “Today’s cybersecurity industry is rapidly advancing and BlackBerry Labs will operate as its own business unit solely focused on innovating and developing the technologies of tomorrow that will be necessary for our sustained competitive success, from A to Z; artificial intelligence to zero trust environments.”

Source: Information Security Magazine

Senate Passes Ransomware Law

Senate Passes Ransomware Law

A new law has passed the US senate which will demand the federal government ramp up its support for organizations hit by ransomware.

The DHS Cyber Hunt and Incident Response Teams Act would require the Department of Homeland Security (DHS) to build dedicated teams tasked with providing advice to organizations on how best to protect their systems from attack, as well as other technical support, including incident response assistance.

Although the new capabilities would be available to all public and private organizations on request — including businesses, police departments, hospitals, and banks — senate minority leader Chuck Schumer focused on protection for New York state schools in his comments on the legislation.

“The Senate passing the DHS Cyber Hunt and Incident Response Teams Act is an important step in protecting upstate New York school districts from the swaths of ransomware attacks that take hostage the personal information and vital data of our students, school employees and local governments,” he said in a statement.

“It’s critical that we use all available resources to protect New York students from cyber crooks, and enhance and increase our resiliency to these attacks. I’m proud of the role I played in pushing this sorely-needed legislation through the senate and won’t stop working until it’s signed into law.”

One security vendor calculated last week that ransomware attacks have disrupted operations at 49 US school districts and educational institutions in the first nine months of the year, compromising potentially 500 K-12 schools versus just 11 last year.

This makes the sector the second most popular for ransomware attackers after local municipalities.

These have been battered by attacks over the past few months, with one campaign in Texas hitting 23 local government entities simultaneously.

A similar piece of legislation to the DHS Cyber Hunt and Incident Response Teams Act has already passed in the House of Representatives, so the two will now begin the reconciliation process.

Source: Information Security Magazine

Cyber-Harassment Expert Wins MacArthur Genius Grant

Cyber-Harassment Expert Wins MacArthur Genius Grant

Lawyer, law professor, and civil rights advocate Danielle Keats Citron has been awarded a MacArthur grant for her efforts to address the scourge of cyber-harassment. 

Citron, a professor at Boston University Law School, is one of 26 individuals this year to receive a so-called genius grant from the John D. and Catherine T. MacArthur Foundation. Citron was awarded $625,000 to support her ongoing mission to study and write about online abuse and invasions of sexual privacy, the harm that they inflict, and how law and society should respond to them.

Through her work, Citron has found that cyber-harassment can have a devastating and long-lasting effect on victims, making it difficult for them to go about their daily lives. 

"Cyber-harassment is the targeting of specific individuals with a course of conduct that causes severe emotional distress and often the fear of physical harm, and it impacts them in a way that takes away what we consider crucial ability to make the most out of their lives in the 21st century; to get employment, keep a job, engage with other people, and go to school free from the fear of online abuse," said Citron.

She continued: "We wouldn’t accept people walking down the street and being screeched at and threatened and humiliated and hurt, and we shouldn’t find it an acceptable part of online life."

Citron has been studying and writing about online abuse for 15 years. During that period, she has worked with tech companies to update safety and privacy policies. She has also advised US legislators and state attorneys general on how to combat the most extreme forms of cyber-abuse, including cyber-stalking and revenge porn—the posting of intimate photos or videos without consent. 

The situation is improving, with the number of states to pass cyber-stalking laws rising from 4 in 2009 to 46 today.

Currently, Citron is focused on studying and writing about deep fake technology, which is machine learning technology that lets you manipulate or fabricate audio and video to show people doing and saying things that they’ve never done or said. 

She said: "The technology is advancing so rapidly that soon—within months—technologists expect that the state of the art will become so sophisticated that it will become impossible to distinguish fakery from what’s real. The impact that it has is not just on individuals; it has an impact on the truth and more broadly on our trust in democratic institutions."

Source: Information Security Magazine

New Spyware Threatens Telegram's 200 Million Users

New Spyware Threatens Telegram's 200 Million Users

A new piece of spyware, designed to steal sensitive information from users of the messaging app Telegram, is for sale on the black market.  

Trojan-delivered Masad Stealer and Clipper was clocked by researchers at Juniper Threat Labs. The spyware uses Telegram as a command and control (CnC) channel to cloak itself in a veil of anonymity. 

After installing itself on the computer of a Telegram user, Masad Stealer busies itself collecting information stored on the system, such as browser passwords, autofill browser field data, and desktop files. The spyware also automatically replaces cryptocurrency wallets from the clipboard with its own.

Other information vulnerable to an attack perpetrated through Masad Stealer includes credit card browser data, FileZilla files, steam files, browser cookies, PC and system information, and installed software and processes. 

Masad Stealer is being advertised for sale in several hack forums, making it an active and ongoing threat. Buyers can pick up a variety of versions, ranging from a free one to a premium package costing $85, with each tier of the malware offering different features.

Researchers at Juniper said: "Masad Stealer sends all of the information it collects—and receives commands from—a Telegram bot controlled by the threat actor deploying that instance of Masad. Because Masad is being sold as off-the-shelf malware, it will be deployed by multiple threat actors who may or may not be the original malware writers."

Masad Stealer is written using Autoit scripts and then compiled into an executable Windows file. Most of the samples discovered by Juniper were 1.5 MiB in size; however, the spyware has also been strutting around in larger executables and has been spotted bundled into other software.

Telegram, which celebrated its sixth birthday in August, has over 200 million monthly active users. While its platform may have been breached, the app is fully confident in its ability to protect the privacy of messages sent by its users. 

The app claims on its website to be "more secure than mass market messengers like WhatsApp and Line" and offers anyone who can decipher a Telegram message up to $300,000 in prize money. 

Source: Information Security Magazine

Dunkin' Sued for Keeping Data Breach Secret

Dunkin' Sued for Keeping Data Breach Secret

New York is suing Dunkin' for allegedly failing to inform its customers of multiple cyber-attacks that compromised customer accounts.

According to the lawsuit, filed in state Supreme Court in Manhattan, money was stolen by cyber-criminals, who hacked into the online accounts of 20,000 Dunkin' customers in 2015. New York further alleges that Dunkin' didn't disclose to its customers full details of a cyber-attack that affected 300,000 customer accounts in 2018.

The lawsuit states: "In 2015, Dunkin’s customer accounts were targeted in a series of online attacks. During this period, attackers made millions of automated attempts to access customer accounts. Tens of thousands of customer accounts were compromised. Tens of thousands of dollars on customers’ stored value cards were stolen."

During the summer of 2015, Dunkin's app developer repeatedly alerted Dunkin' to ongoing attempts by hackers to log in to customer accounts and provided the company with a list of 19,715 accounts that had been compromised over just a sample five-day period, but the donut-seller failed to tell customers, according to the lawsuit.   

Dunkin’ chief communications officer Karen Raskopf told Infosecurity Magazine that there was no credence to the claims being made in the lawsuit.

In an emailed statement to Infosecurity Magazine, Raskopf said: "There is absolutely no basis for these claims by the New York Attorney General’s Office. For more than two years, we have fully cooperated with the AG’s investigation into this matter, and we are shocked and disappointed that they chose to move ahead with this lawsuit given the lack of merit to their case. 

"The investigation centered on a credential stuffing incident that occurred in 2015, in which third parties unsuccessfully tried to access approximately 20,000 Dunkin’ app accounts. The database in question did not contain any customer payment card information. 

"The incident was brought to our attention by our then-firewall vendor, and we immediately conducted a thorough investigation. This investigation showed that no customer’s account was wrongfully accessed, and, therefore, there was no reason to notify our customers."  

Dunkin' Brands, Inc. has 8,000 Dunkin' restaurants across America, a thousand of which are in New York.  

"We take the security of our customers’ data seriously and have robust data protection safeguards in place. We look forward to proving our case in court," said Raskopf.

Source: Information Security Magazine

Global Consumers Reject Government-Mandated Encryption Backdoors

Global Consumers Reject Government-Mandated Encryption Backdoors

Global consumers overwhelmingly reject government arguments that encryption backdoors will make them safer from terrorists, according to new research from Venafi.

The security vendor polled over 4100 consumers in the US, UK, France and Germany to better understand their attitudes to government and social media when it comes to data protection.

Law enforcers and governments on both sides of the Atlantic have consistently argued that encrypted services and devices provide a safe space for terrorists and criminals to operate.

In July, US attorney general, William Barr, added his voice to the calls for government-mandated backdoor access to such data in specific circumstances, saying it “can and must be done.”

However, 64% of respondents told Venafi that they don’t believe government access to private data would make society any safer from terrorists. In fact, just 30% said they thought governments can be trusted to protect their personal data, falling to 24% in the US and climbing slightly (to 40%) in the UK.

“Many politicians and law enforcement officials wish to use surveillance tools and backdoors that most consumers associate with authoritarian regimes, not democracies,” argued Venafi VP of security strategy and threat intelligence, Kevin Bocek.

“If we can’t trust governments to protect sensitive personal data, it’s difficult to imagine how they will be able to regulate the private sector effectively.”

The poll’s respondents are joined by IT security professionals and cryptography experts in their views on mandated backdoors.

Nearly three-quarters (73%) of IT security pros told Venafi in March that laws effectively forcing tech companies to insert backdoors in their products would make their nation less secure.

As if that weren’t enough, a group of world-leading cryptography experts last year backed senator Ron Wyden’s demands that the FBI explain the technical basis for its claim that backdoors can be engineered without impacting user security. The Bureau has so far chosen not to respond.

The Venafi poll also revealed that, perhaps unsurprisingly, just 22% of consumers believe social media companies can be trusted to protect their personal and private data.

Source: Information Security Magazine

Banks Add to Confusion as Scammers Target Thomas Cook Customers

Banks Add to Confusion as Scammers Target Thomas Cook Customers

Experts are urging Thomas Cook customers not to respond to unsolicited messages in the wake of the UK travel company’s bankruptcy, as scammers are trying to harvest their bank details.

The 178-year-old firm collapsed on Monday, leaving a £3bn black hole in its balance sheet and 150,000 holidaymakers stranded abroad.

However, like any high-profile incident, scammers have been jumping on the news to try and part consumers with their cash.

Reports soon emerged of customers being cold called by individuals claiming to work for a company ‘refund agent’ and requesting their bank or card details to reimburse them.

Adding to the confusion, UK banks have been sending unsolicited text messages about the bankruptcy to customers, some of which contain links and a phone number.

According to tweets cited by consumer rights group Which? some of the messages were sent to individuals who hadn’t even booked holidays with Thomas Cook, adding to the sense that they may be a scam.

“We’ve heard worrying stories of criminals trying to scam people affected by the collapse of Thomas Cook, so while the messages being sent by some banks might be well-meaning, this flawed approach will only be adding to the confusion customers are facing,” said Which? consumer rights expert, Adam French.

“Our advice is to ignore unsolicited calls and texts, and avoid sharing your card or bank details. Anyone looking to claim back the cost of their flight through their debit or credit card provider should contact their bank directly themselves.”

In the wake of the travel agent’s collapse, Action Fraud urged consumers to be vigilant about potential scams and to not click on links in unexpected messages.

“Legitimate organizations will never contact you out of the blue and ask for your PIN, card details, or full banking passwords. If you get a call or message asking for these, it’s a scam,” the UK’s national fraud reporting center added.

“Remember, your bank or the police will never ask you to transfer money out of your account, or ask you to hand over cash for safe-keeping.”

Source: Information Security Magazine