It’s been a while since we published an update about some of the successes achieved in the battle against cyber theft, cyber espionage, and social engineering. Let’s close the year with some recent legal and partnership efforts on this front as well as some highlights from the latter half of 2015.
This month, British police announced the arrest of a 21-year-old man in connection with the attack on toy maker VTech. The breach was publicly acknowledge in late November and reportedly compromised private data — including images and user passwords — of 6.4 million children and 5 million adults.
Taken into custody near London, the man allegedly told Motherboard that he had no desire to profit from the data he discovered during the hack because he considered that to be “morally wrong.” Details are currently scarce given that the investigation is in its early stages.
Late this month, Alonzo Knowles, a 23-year-old resident of Freeport, Bahamas, was arrested and held without bail after he attempted to sell movie and TV scripts, personal data, and explicit videos he obtained by hacking the email accounts of noted celebrities.
Knowles appear in Manhattan federal court and has been charged with copyright infringement and identity theft. According to a Reuters report, authorities began probing the issue after a famous radio host “received an unsolicited offer from someone selling scripts for the upcoming season of a popular drama on a premium cable television network.”
The report states that a criminal complaint noted that “Knowles kept at least 130 celebrities' emails and phone numbers, and noted his victims included movie and TV actors, a casting director, a popular singer-songwriter and a hip-hop artist.” Prosecutors did not identify the individuals, movies, or TV shows exploited in the attacks.
Interpol recently announced major successes as a result of Operation First Light 2015, a coordinated sting that resulted in more than 500 arrests and the shuttering of 15 call centers tied to multi-million-dollar phone and email scams.
The operation involved 23 countries and included a series of raids across the Asia Pacific region. The most arrests (245) were made in Indonesia, followed by Cambodia (168). During the two-month operation, more than 30 suspicious call centers were identified.
In early December, news broke of arrests made by the Chinese government in connection to this year's massive Office of Personnel Management (OPM) database breaches, which compromised the data of more than 22 million current and former U.S. federal employees.
The arrests reportedly took place in September, shortly ahead of a state visit by China's president, Xi Jinping. U.S. officials believe the arrests were an effort to ease tensions between the two countries.
A Washington Post article stated that U.S. officials (who spoke on the condition of anonymity) said it has "been difficult to confirm whether the people rounded up were connected to the OPM breach." The piece indicated that the U.S. has suspected that China's Ministry of State Security was involved in the attack, either directly or via rogue contractors, but also stated, "Beijing has repeatedly insisted that the government played no role in the intrusions, which compromised sensitive personal, financial and biometric data of the employees, and data on their families."
Earlier this month, SC Magazine reported that a partnership between a host of international law enforcement agencies and technology companies — including Microsoft — resulted in the takedown of more than 1 million computers infected with the Dorkbot botnet. Discovered in April 2011, Dorkbot has been tied to a prominent Skype phishing campaign and DDoS attacks.
According to Interpol, the botnet’s main servers and data channels were taken down as a result of the efforts. Participating agencies included the FBI, Europol, Interpol, and the Royal Canadian Mounted Police.
In early November, U.S. prosecutors unsealed an indictment and revealed charges against three individuals related to several attacks on financial institutions, financial news publishers, and other organizations. It’s estimated that the attacks netted the trio hundreds of millions in profit. JPMorgan confirmed that the indictment was connected to its 2014 breach, but names of the victims are not included in the documentation.
Included in the 23-count indictment are details behind some of the attack techniques, which included Heartbleed exploits and social engineering techniques. According to a CSO Online report, court documents indicated that “between 2012 and 2015, the three pulled off ‘the largest theft of customer data from a U.S. financial institution in history’ by stealing the personal information of more than 100 million people.”
We’ve spoken in prior Cyber Wins segments of Silk Road, the nefarious Darkweb marketplace — and the saga continues. Nearly two years after the arrest of Ross Ulbricht, the convicted mastermind of the drug marketplace, authorities believe they have captured his mentor and trusted advisor.
Known by the code name “Variety Jones,” 54-year-old Canadian Roger Thomas Clark was arrested in Thailand as the result of a joint effort by the FBI, the U.S. Department of Homeland Security, the U.S. Drug Enforcement Administration, and local Thai police.
According to a Wired report, “The figure of the then-still-at-large Variety Jones loomed over the trial of Ross Ulbricht” and that, in his journal, “Ulbricht described Jones, now believed to be Clark, as the most important figure on the drug market’s payroll, a consigliere as much as an employee. Ulbricht credited Jones for his work as a coder, as a security auditor for the site, as a financial adviser, and even as a public relations manager.”
Jones faces extradition to the U.S. and has been charged with money laundering and narcotics trafficking.
In early December, the Chicago division of the FBI announced that Timothy “Orbit” French, a suspected member of the NullCrew hacking group, pleaded guilty to charges related to a number of cyber attacks on large corporations, universities, and government entities.
The 21-year-old Tennessee native admitted to participating in at least seven attacks on worldwide targets between 2012 and 2014 and acknowledged that his actions resulted in at least $792,000 in monetary losses to the victims of the attacks.
Experts from 14 countries gathered at Interpol in late November to discuss techniques and best practices that can be used to combat social engineering fraud. Members of Europol also participated in the event.
The two-day Expert Group Meeting was structured to offer a global overview of the problem and highlight emerging trends. The meeting was a follow-on to a 2014 operation by Interpol that specifically targeted social engineering fraud and resulted in more than 20 arrests and the identification of several syndicate heads.
In late November, UK officials announced a fifth arrest in connection with an October attack on TalkTalk, the London-based telecoms provider. Four individuals, aged 15 to 20, were previously taken into custody and charged for their roles in the hack. The 18-year-old arrested late last month is suspected of blackmail in relation to the breached data.
More than 150,000 users had personal details compromised in the attack, and more than 15,000 full bank account and sort codes were accessed. The day after the attack, TalkTalk CEO Dido Harding shared that she had received an email with a ransom request.
According to a statement by the Metropolitan Police, all five individuals are currently out on bail pending further inquiries.
Ardit Ferizi, a 20-year-old computer science student from Kosovo, was arrested in Malaysia in October after reportedly supplying ISIS with personal details about U.S. officials. He has been charged with stealing data about more than 1,300 U.S. military personnel and federal employees.
Ferizi is suspected of being the leader of an Internet hacking group known as Kosova Hacker’s Security. It’s believed he provided the data to ISIS at some point between April and August 2015. Malaysian police made the arrest at the request of the U.S.
Sharing knowledge is often critical to successful resolution in the aftermath of a breach. Some heavy hitters are taking strides to be more proactive about the challenges organizations are facing in a range of industries.
In September, Google acknowledged partnerships with researchers in an effort to study the underground economy associated with for-profit cyber crime. As SC Magazine reported, Google said its goal is to hit the “bad guys where it hurts most, in the wallet, instead of simply building taller internet security walls around sensitive data.”
Earlier in the year, FireEye announced two new partnerships, one with Visa, and one with Europol’s European Cybercrime Center (EC3). In June, Visa and FireEye indicated that they would be working together to develop tools and services merchants and card issuers could use to guard against sophisticated attacks that target PCI. With regard to its EC3 partnership, Tony Cole, vice president and global government CTO at FireEye, told SC Magazine, “FireEye could be called on at any moment to instantly respond to cyberattacks, as well as to assist in the sharing of information between European and American law enforcement agencies.”
In July, the FBI added more than $4M in rewards to its Cyber’s Most Wanted list, which at this writing included more than 15 individuals who are accused of a range of cyber crimes, including distribution of destructive malware and botnets, economic espionage, theft of trade secrets, and fraud.
Sitting atop Cyber’s Most Wanted — with a $3M bounty — is Evgeny Mikhailovich Bogachev, a cyber criminal who is the suspected mastermind of the Gameover Zeus (GOZ) botnet. The FBI believes GOZ is responsible for more than one million computer infections, resulting in financial losses of more than $100M. Bogachev has reportedly been on the FBI’s radar since 2009.
Commanding a $1M reward is Romanian hacker Nicolae Popescu, who allegedly participated in a wide-ranging international Internet fraud that duped unsuspecting buyers into purchasing non-existent goods. Other posted rewards range from $20,000 to $100,000.
We can help you reduce risks related to cyber security breaches in your organization. Explore the research studies that show how our innovative approach can reduce organizational risk and provide a significant ROI on security awareness training initiatives.
Posted by Gretel Egan on 12.29.15
Posted by Gretel Egan on 12.29.15
Posted by Gretel Egan on 12.29.15