Feds charge Evil Corp, Russia-based creators of Dridex malware, in $100 million bank hacking spree

The most on-brand name since “Fraud Guarantee.” Read the rest

2020 Elections: Ransomware attacks on voter registration databases and systems feared by cybersecurity officials

The U.S. government will launch a program about a month from now to help state officials prevent ransomware attacks on voter registration databases and systems, ahead of the 2020 presidential election. Read the rest

FBI says to reboot your router ASAP to avoid Russia malware VPNFilter

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

Joshua Schulte named as suspect in 'Vault 7' leak of CIA tools to Wikileaks, but charged instead over child porn

Federal investigators believe a man who once worked for the U.S. Central Intelligence Agency is responsible for last year's massive leak of Top Secret CIA hacking tools, court documents reveal. Read the rest

Wanna buy a baby's Social Security number? Reports of infants' SSNs for sale on dark web

Dastardly cybercriminals. Is there nothing they won't do? Read the rest

U.S. charges ex-IBM software developer from China with espionage over stolen code

The U.S. Justice Department is charging a Chinese national with economic espionage charges, saying he stole source code from an American company with the intent of transferring it to the Chinese government. He is reported to have been an employee of IBM at the time of the alleged crime. Read the rest

Scammers stole $2.3 billion in "business email compromise" attacks, FBI reports

Businesses around the world have lost billions of dollars over the past few years to an increasingly popular internet scam in which criminals pose as company executives, and send faked emails to their staff ordering subordinates to transfer money into financial accounts controlled by the scammers. That's all according to an FBI alert issued this week. Read the rest

Time Warner Cable says data from 320K customers stolen

Internet and cable TV provider Time Warner Cable Inc. today revealed that up to 320,000 customers may have had their email passwords stolen. Read the rest

Accused Turkish cybercriminal extradited to U.S. to face charges of hacking ATMs worldwide

The so-called unlimited cash out operations used hacked debit cards with withdrawal limits removed to make ATMs spew money.

Ransomware decryptor

If you or someone you love has been hijacked by Coinvault ransomware -- malware that encrypts your data and won't decrypt it unless you transfer Bitcoin to criminals -- Kaspersky may be able to help you (via Hacker News) Read the rest

Brian Krebs's "Spam Nation"

In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.

Cybercrime, patent-theft numbers are total bullshit

In case there was any doubt in your mind, the alleged $1T cost to America from cyberwar and the $250B cost to America from "cyber-theft of Intellectual property" are both total bullshit. Pro Publica breaks it down.

One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.

Spafford was a key contributor to McAfee’s 2009 report, "Unsecured Economies: Protecting Vital Information" (PDF). The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF).

In addition to the three Purdue researchers who were the report’s key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers.

Read the rest

Report: complexity of cyberspying botnets greater than previously known

Brian Krebs interviews Joe Stewart, a security researcher "who’s spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives." Speaking at Defcon in Las Vegas, Stewart says the "complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations. Read the rest

LulzSec disbands, Anonymous dumps, what's next in #Antisec? Xeni on The Madeleine Brand radio show

I joined the Madeleine Brand show this morning for a radio discussion around news that LulzSec has disbanded, and/or re-absorbed by the primordial ooze of Anonymous from whence they came. Listen here. Background in this Boing Boing post from earlier today. Read the rest

Keeping up with the pwnses: CNET's spreadsheet of recent hacking attacks

Elinor Mills at CNET has posted a chronological chart that documents recently publicized hacking events:

By our count, there have been more than 40 computer attacks, network intrusions, or data breaches in the last few months. And they seem to be a daily occurrence.

The chart shows which hackers and groups are identified as being behind each attack, and the methods and motives believed to be involved. As you skim through, remember that the date on which a given hack is made public isn't necessarily the date that target was breached: sometimes, a breach occurs long before the target or the attacker tells the world about it.

Mills adds that CNET will to update the chart as time goes on, and they're soliciting updates.

Here's a link to the article, and here's a direct link to the spreadsheet. Read the rest

Pentagon: Hacking can count as an act of war

The Wall Street Journal broke the news yesterday that the Pentagon has concluded that hacking and other forms of digital sabotage that originate from other countries can be considered an act of war. This means that for the first time, the U.S. is in the position of possibly responding to an online attack with offline "traditional military force." Guns, troops, drones, bombs.

The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military.

In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official.

Read the whole article here. If the paywall locks you out, MSNBC has a related piece. Read the rest

FBI shuts down poker sites in online gambling crackdown

On Friday, the FBI shut down three of the world's most popular online poker sites, replacing their home pages with the message: "This domain name has been seized by the F.B.I. pursuant to an Arrest Warrant."

Former Boing Boing guest-blogger Joe Menn at the Financial Times nails the story first and best, and describes it as "the largest crackdown since Congress banned electronic gambling transactions in 2006." More:

In an indictment unsealed on Friday, the government accused the creators of Full Tilt Poker, PokerStars and Absolute Poker of illegal gambling, money laundering and bank fraud.

The government also filed a $3bn civil suit seeking to recover profit at the companies, which are based in other countries but have the three largest shares of the US market. They seized bank accounts and the website addresses used by all three, replacing the latter with warnings that managing or owning a gambling business is a crime.

None of companies could be reached for comment. The disruption of their sites and the seizure of funds could make it hard for them to do business and might dissuade some people from playing cards online.

Read the full FT story here. The LA Times also has coverage here and here, and here is a response by the owners of Full Tilt Poker. Read the rest

More posts