Jump to content

Search the Community

Showing results for tags 'fbi'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL










Found 15 results

  1. On 29 November 2017, the Federal Bureau of Investigation (FBI), in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust and private-sector partners, dismantled one of the longest running malware families in existence called Andromeda (also known as Gamarue). This widely distributed malware created a network of infected computers called the Andromeda botnet[1] . According to Microsoft, Andromeda’s main goal was to distribute other malware families. Andromeda was associated with 80 malware families and, in the last six months, it was detected on or blocked an average of over 1 million machines every month. Andromeda was also used in the infamous Avalanche network, which was dismantled in a huge international cyber operation in 2016. Steven Wilson, the Head of Europol’s European Cybercrime Centre: “This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us.” One year ago, on 30 November 2016, after more than four years of investigation, the Public Prosecutor’s Office Verden and the Luneburg Police in Germany, the United States Attorney’s Office for the Western District of Pennsylvania, the Department of Justice, the FBI, Europol, Eurojust and global partners, had dismantled the international criminal infrastructure Avalanche. This was used as a delivery platform to launch and manage mass global malware attacks such as Andromeda, and money mule recruitment campaigns. Insights gained during the Avalanche case by the investigating German law enforcement entities were shared, via Europol, with the FBI and supported this year’s investigations to dismantle the Andromeda malware last week. Jointly, the international partners took action against servers and domains, which were used to spread the Andromeda malware. Overall, 1500 domains of the malicious software were subject to sinkholing[2] . According to Microsoft, during 48 hours of sinkholing, approximately 2 million unique Andromeda victim IP addresses from 223 countries were captured. The involved law enforcement authorities also executed the search and arrest of a suspect in Belarus. Simultaneously, the German sinkhole measures of the Avalanche case have been extended by another year. An extension of this measure was necessary, as globally 55 per cent of the computer systems originally infected in Avalanche are still infected today. The measures to combat the malicious Andromeda software as well as the extension of the Avalanche measures involved the following EU Member States: Austria, Belgium, Finland, France, Italy, the Netherlands, Poland, Spain, the United Kingdom, and the following non-EU Member States: Australia, Belarus, Canada, Montenegro, Singapore and Taiwan. The operation was supported by the following private and institutional partners: Shadowserver Foundation, Microsoft, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI). The operation was coordinated from the command post hosted at Europol’s HQ. [1] Botnets are networks of computers infected with malware, which are under the control of a cybercriminal. Botnets allow criminals to harvest sensitive information from infected computers, such as online banking credentials and credit card information. A criminal can also use a botnet to perform cyberattacks on other computer systems, such as denial-of-service attacks. [2] Sinkholing is an action whereby traffic between infected computers and a criminal infrastructure is redirected to servers controlled by law enforcement authorities and/or an IT security company. This may be done by assuming control of the domains used by the criminals or IP addresses. When employed at a 100% scale, infected computers can no longer reach the criminal command-and-control computer systems and criminals can therefore no longer control the infected computers. The sinkholing infrastructure captures victims’ IP addresses, which can subsequently be used for notification and follow-up through dissemination to National CERTs and network owners. Crime areas Source: Cybercrime Forgery of Administrative Documents and Trafficking therein
  2. Daphne Caruana Galizia's Murder and the Security of WhatsApp Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. One journalist reports: Part of Daphne's destroyed smart phone was elevated from the scene. Investigators say that Caruana Galizia had not taken her laptop with her on that particular trip. If she had done so, the forensic experts would have found evidence on the ground. Her mobile phone is also being examined, as can be seen from her WhatsApp profile, which has registered activity since the murder. But it is understood that the data is safe. Sources close to the newsroom said that as part of the investigation her sim card has been cloned. This is done with the help of mobile service providers in similar cases. Asked if her WhatsApp messages or any other messages that were stored in her phone will be retrieved, the source said that since the messaging application is encrypted, the messages cannot be seen. Therefore it is unlikely that any data can be retrieved. I am less optimistic than that reporter. The FBI is providing "specific assistance." The article doesn't explain that, but I would not be surprised if they were helping crack the phone. It will be interesting to see if WhatsApp's security survives this. My guess is that it depends on how much of the phone was recovered from the bombed car. EDITED TO ADD (11/7): The court-appointed IT expert on the case has a criminal record in the UK for theft and forgery. via Bruce Schneier
  3. Biroul Federal pentru Investiga?ii din SUA a pus la dispozi?ie o recompens? de un milion de dolari (890.000 euro) pentru arestarea unui hacker român despre care exist? informa?ii c? s-ar ascunde în România, suspectul fiind pe locul doi în topul persoanelor c?utate de FBI pentru astfel de infrac?iuni Autorit??ile federale americane promit recompense totale de 4,2 milioane de dolari pentru cei mai periculo?i cinci infractori cibernetici. Cel mai c?utat hacker este Evgheni Mihailovici Bogacev, un cet??ean rus pentru care FBI ar oferi trei milioane de dolari. Pe locul doi în topul hackerilor c?uta?i este un român, Nicolae P., relateaz? blogul cotidianului The Washington Post. Românul este acuzat c? a p?c?lit clien?i pe site-uri de vânz?ri auto, unde posta anun?uri cu ma?ini care nici m?car nu existau în realitate. Românul ?i complicii s?i ar fi ob?inut prin aceast? metod? infrac?ional? venituri de trei milioane de dolari. FBI suspecteaz? c? Nicolae P. se ascunde în România, oferind pentru capturarea lui o recompens? de un milion de dolari. Al?i trei hackeri c?uta?i de autorit??ile americane sunt Aleksei Belan, Peteris Sahurovs ?i Shaileshkumar Jain. sursa:FBI promite o recompens? de un milion de dolari pentru arestarea unui hacker român - Mediafax
  4. A New York City Police Department (NYPD) auxiliary deputy inspector was arrested Wednesday morning for allegedly hacking into a restricted NYPD computer and other sensitive law enforcement databases. Yehuda Katz used the databases to collect information on individuals who had been involved in traffic accidents in the New York City area, according to a FBI press release. He then posed as an attorney, among other things, and solicited them for a 14 percent fee. Katz allegedly used multiple electronic devices in the NYPD's 70th Precinct that were capable of streaming video and remotely accessing NYPD computers. He was then able to obtain the login information from uniformed officers to view the databases he didn't have permission to access including one belonging to the FBI database. If convicted. Katz faces up to 10 years in prison. Source
  5. A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him. A Southern District of Texas judge sentenced Salinas earlier this month to six months in prison and a $10,600 fine after he pleaded guilty to a misdemeanor count of computer fraud and abuse. The charge stemmed from his repeatedly scanning the local Hidalgo County website for vulnerabilities in early 2012. But just months before he took that plea, the 28-year-old with ties to the hacktivist group Anonymous instead faced 44 felony hacking and cyberstalking charges, all of which were later dismissed. And now that his case is over, Salinas is willing to say why he believes he faced that overwhelming list of empty charges. As he tells it, two FBI agents asked him to hack targets on the bureau’s behalf, and he refused. Over the course of a six-hour FBI interrogation in May, 2013, months after his arrest, Salinas says two agents from the FBI’s Southern District of Texas office asked him to use his skills to gather information on Mexican drug cartels and local government figures accepting bribes from drug traffickers. “They asked me to gather information on elected officials, cartel members, anyone I could get data from that would help them out,” Salinas told WIRED in a phone interview before his sentencing. “I told them no.” “Fundamentally this represents the FBI trying to recruit by indictment,” says Salinas’ lawyer Tor Ekeland, who took the case pro bono last year. “The message was clear: If he had agreed to help them, they would have dropped the charges in a second.” Salinas, to be clear, has no proof of his claims. He had no lawyer present at the time of the questioning, made no recordings, and his story couldn’t be independently confirmed. The FBI has flatly denied his account, writing in a statement to WIRED that Salinas “was never asked to conduct any investigative activity on behalf of the government.” A Department of Justice spokesperson pointed out in a statement that “at no point during the case did the defense ever present any testimony or evidence to show that any of the defendant’s hacking attempts had been made at the behest of the government or at the request of any alleged victim.” But Ekeland says Salinas didn’t testify about his claims of the FBI’s hacking request because there wasn’t a trial. Ekeland advised Salinas not to tell the story until after his sentencing to avoid scuttling his plea deal. And Ekeland believes that story helps to explain the pile of unsupportable charges Salinas faced soon after. The 44 felony charges against Salinas, Ekeland says, were “an intimidation tactic designed to get him to fold, to get him to take a plea or cooperate.” Salinas’ troubles with the law began when his house was raided in early 2012 as part of the investigation of his alleged hacking. He was arrested and all of his computer equipment seized, then released on bail. In May, 2013, as he tells it, he was called by the FBI and told to come to the local field office to retrieve his confiscated computers. When he arrived at the office with his wife, however, he claims he was instead put in a room and questioned. His wife, who was pregnant at the time, was, he says, left to wait for six hours in the building’s lobby. During those six hours, Salinas says FBI agents showed him evidence that he had logged into Anonymous IRC chatrooms. He says they brought up OpCartel, an aborted Anonymous plan in 2011 to hack Mexico’s Zeta drug cartel. And finally, he claims they asked him to help them gather information on both the cartels and local officials who had accepted money from them. “We think you can help us,” Salinas says he was told. “You can help us stop some of this corruption and stop the cartels.” “I’m not going to snitch,” Salinas says he replied. They insisted that they weren’t asking him to inform on his friends or Anonymous associates. “Think of it like this, you have a superpower,” Salinas says the agents told him. “And you should use your superpower to help us help people.” Salinas says he refused. Four months later, he was hit with a single computer fraud and abuse charge. Six months after that, prosecutors filed a superseding indictment, adding 13 more counts. The next month they added another 30, adding up to a total of 44 charges. Eighteen of those charges were for cyberstalking an unnamed victim, and each charge was based on a single instance of Salinas submitting junk text in a contact form on the victim’s website. As those charges mounted, Salinas says he wasn’t asked again to hack for the FBI or otherwise contacted by agents. But he nonetheless believes the series of superseding indictments was meant to convince him to change his mind. “I think with the first charge they thought I would cop a plea and help them, but I didn’t,” Salinas says. “I do believe they were upping the charges to put pressure on me, out of spite for not helping them out.” When Ekeland took Salinas’ case and began to push back, the charges quickly fell to 28 counts and then a single-misdemeanor plea deal. “As soon as they got caught, they folded,” Ekeland told WIRED in November. “I feel sorry for all the people that don’t have the support that Fidel had … There are a ton of Fidel Salinases out there that aren’t as lucky.” In her statement, Justice Department spokeswoman Angela Dodge emphasized that Salinas had in the end been convicted, and she defended the decision to bring the 44 charge indictment against him. “A federal grand jury found probable cause for each of the charges alleged in the indictment and … it is not uncommon for some charges to be dismissed as part of a plea,” she wrote. “We always consider what will serve as a deterrent to similar crimes and what is in the best interest of justice for all parties involved.” But Ekeland says the overreaching charges fit into a pattern of the FBI and Justice Department threatening hackers with ruinous charges to turn them into informants, and in at least one other prominent case, cooperative hackers. While working as an FBI informant, Anonymous hacker Hector “Sabu” Monsegur led hacking operations against more than 2,000 internet domains, according to the leaked sentencing statement of Jeremy Hammond, another Anonymous hacker who took direction from Monsegur. Those targets included government websites in Iran, Pakistan, Nigeria, Turkey and Brazil. Securing a defendant’s cooperation by threatening him or her with a mountain of charges is nothing new, says Electronic Frontier Foundation attorney Hanni Fakhoury. But that’s usually accomplished by first charging the defendant and then allowing him or her to reduce punishment by working as an informant or offering information. “I’ve represented many defendants who were propositioned by the government to come into a room and cooperate,” says Fakhoury. In this case, Salinas’ claims—if they’re at all true—could represent the opposite: a vindictive indictment after a refusal to cooperate. “To proposition him first and punish him after is much rarer and would be much more problematic,” says Fakhoury. “If this is true, it’s very troubling and very improper.” Source
  6. A former programmer for banking firm Goldman Sachs who has been accused of stealing company secrets has filed suit against the FBI agents who arrested him for allegedly violating his constitutional rights. Sergey Aleynikov, 45, has been battling it out in the courts ever since his 2009 arrest on charges that he absconded with code from Goldman Sachs' proprietary high-speed trading software, in violation of the federal Economic Espionage Act (EEA). He was convicted in 2011 and sentenced to prison time and a fine, but an appeals court later overturned his conviction and ordered his immediate release, saying the EEA didn't apply to the crimes of which he was accused. By that point, Aleynikov had already served 11 months in prison. He wasn't out of the woods yet, though. In 2012, Manhattan District Attorney Cyrus Vance filed new charges against Aleynikov on behalf of the state of New York, accusing him of "unlawful use of scientific material" and "unlawfully duplicating computer-related material." Aleynikov is due to stand trial on those charges on April 1, but in the meantime he has taken the offensive. Reuters reports that he has sued FBI agents Michael McSwain and Eugene Casey and some other, unnamed agents, on grounds that his arrest and prosecution were both prejudicial and illegal. According to the complaint filed in the US District Court of Newark, New Jersey, which was obtained by Bloomberg: The unconstitutional malicious prosecution of Aleynikov was designed not to serve the interests of justice but to curry favor with an influential corporation intent on punishing one of its most talented officers who chose to leave the firm and, in the process, sending a message to other employees and prospective employees that Goldman Sachs is willing and able to use the American criminal justice system as its own private enforcement arm. The suit alleges that not only were Aleynikov's arrest and the subsequent search of his home unlawful because the agents didn't get warrants, but that the FBI violated Aleynikov's civil rights again when they forwarded evidence to the Manhattan DA's office. In December, the judge in Aleynikov's original trial ruled that the property seized during the search of his home – including computers and thumb drives – should have been returned after his conviction was reversed. Instead, it became the basis of the New York State charges. Aleynikov's suit against the FBI agents comes just days after he also sued Goldman Sachs in an effort to have the firm advance him his legal fees to defend against a civil suit it filed against him over his alleged code theft. Reuters reports that Aleynikov has already incurred more than $3m in court costs related to the civil suit, and he has asked that the case be put on hold pending his upcoming criminal trial. ® Sursa
  7. A security consultant has published 10 million passwords along with their corresponding usernames in a move he characterized as both necessary and legally risky given a legal landscape he said increasingly threatens the free flow of hacking-related information. Most of the existing corpus of passwords exposed in hack attacks is stripped of usernames, preventing researchers from studying the possible relationship between the two fields. Mark Burnett, a well-known security consultant who has developed a specialty collecting and researching passwords leaked online, said his sole motivation for releasing the data was to advance what's already known about the way people choose passcodes. At the same time, he said he was worried the list might land him in legal hot water given the recent five-year sentence handed to former Anonymous activist and writer Barrett Brown, in part based on links to hacked authentication data he posted in Internet chat channels. "I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment," he wrote in a post published Monday night on his blog. "I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me." Last March, federal prosecutors dropped criminal charges related to links Brown left in two Internet relay chat channels that were frequented by members of the Anonymous hacker collective. The links led to authentication data taken during the December 2011 hack on Strategic Forecasting by members of Anonymous. Before dropping the charge, prosecutors said the links amounted to the transfer of stolen information. Even though the charge was dropped, however, prosecutors still raised the linking to support their argument Brown deserved a long prison sentence. In Monday night's post, Burnett also raised changes the Obama administration is proposing to federal anti-hacking statutes. Many security professionals have said the revised law would outlaw the publication of links to public password dumps even if the person making the link had no intent to defraud. If the people sharing the information have any reason to believe someone might use it to gain unauthorized computer access, critics have argued, they would be subject to stiff legal penalties under the Computer Fraud and Abuse Act. Including usernames alongside passwords could help advance what's known about passwords in important ways. Researchers, for instance, could use the data to determine how often users include all or part of their usernames in their passwords. Besides citing the benefit to researchers, Burnett also defended the move by noting that most of the leaked passwords were "dead," meaning they had been changed already, and that all of the data was already available online. As password dumps go, 10 million is a large number, but it's still small compared to the seminal 2009 hack of gaming website RockYou, which leaked 32 million passcodes, 14.3 million of which were unique. Last year, The New York Times reported that Russian criminals amassed a database of more than one billion passwords gathered from more than 420,000 websites. As Burnett noted, what sets this latest dump apart is that it was made by a security professional with the goal of advancing the public understanding of password choices. Equally noteworthy will be the reaction it receives from prosecutors. Source
  8. Spoiler alert: Those who haven’t yet seen the film, but plan to, please skip to the summary. Hollywood has tried to depict cyberwarfare and “hacking” many times. Hackers and The Net are just a couple of examples. Blackhat, a Michael Mann directed film, debuted in wide theatrical release on January 16th. Chris Hemsworth plays Nicholas Hathaway, a man who was serving time in prison for some sort of computer related crime. Viola Davis plays FBI Agent Carol Barrett. Leehom Wang plays Captain Dawai Chen, an officer of China’s cyberwarfare unit. Wei Tang plays his sister, Lien Chen. Lien’s character is central to the movie, she helps with the investigation and (spoiler alert!) falls in love with Nicholas. Here’s a quick synopsis. A nuclear power plant in Chai Wan, Hong Kong is attacked with a remote access tool (RAT.) Through the RAT, the plant’s programmable logic controllers are tampered with, causing the coolant pumps to overheat and explode. People within a ten kilometer radius of the plant are evacuated. Captain Dawai Chen has to find the culprit. He discovers, through his sister Lien and FBI Agent Carol Barrett, that the RAT contains code he wrote himself years ago, collaborating with Nicholas Hathaway. Nicholas was in prison, and Agent Barrett helped to release him, because of course, Nick’s help is crucial to the investigation. Coincidentally, the Mercantile Trade Exchange in Chicago is attacked with the same RAT, and soy prices skyrocket. It’s a commodities trading disaster! That incident makes the Chinese and American officials willing to collaborate. Our characters spend time in the US, travel to various locations in China, and eventually they travel to Malaysia and Indonesia as well. There’s lots of explosions, lots of super intense gunfire, one of the main characters is murdered while in his car, and of course, that explodes as well. I went into the movie theater with very low expectations for the film’s technical accuracy. Actually, Hollywood has done much worse when it comes to depicting cyberwarfare and information security attacks in general. There were highlights and lowlights. First, I’ll explain what I think the film got right. Accuracies It was quite correct to state that a RAT can be used to wreak havoc, such as causing a nuclear disaster. And malware has attacked nuclear facilities before, such as when Stuxnet hit Iran. Some of the GNU/Linux BASH shell commands were accurate. I saw a “sudo” here and there. It’s possible for the Chicago Mercantile Exchange to be attacked through a RAT. Yes, IPSes and firewalls are indeed network security devices. Kudos! Correct usage of the right kind of proxy servers can make tracing a blackhat’s activity a lot more difficult. What really impressed me was that at one point, someone filebound a keylogger to a PDF in order to acquire a password. The PDF was for the user to review their organization’s password policy when he was instructed to change his password. This was the very first time in American film and television that I’ve seen filebinding and software keylogging used properly, and the social engineering it may require to be successful. In NCIS and Hackers, they make it seem like “hacking” requires ultra fast typing. Supposedly, the way to “hack” or defend against a “hack” is to type at 327 words per minute! The faster the typing, the more hackerific the hacking! I didn’t see any of that BS in Blackhat. Very good. Now, here’s where Blackhat errs. Inaccuracies In the first scene that Chris Hemsworth’s Nicholas Hathaway appears in, he’s interrogated in prison about something he did. The interrogater says, “You used this to open a command line?” As if opening a command line on a machine is some super impressive, devious feat. Notice that he didn’t say “acquire root access.” Just “open a command line.” Groan… Although this has nothing to do with information security, I noticed that Hong Kong and the Chinese cities in the movie were completely devoid of air pollution. Beijing and other Chinese cities are notorious for having horrific air quality, to the extent that it even interferes with landings and departures at Beijing’s international airport. Absolutely all of the code displayed in the movie was hexidecimal. Or random combinations of letters and numbers, sometimes it was difficult to tell. I highly doubt that the coders in the movie work purely in assembly. Especially when they develop applications like RATs. An NSA information security professional was extremely perplexed that his data center was penetrated, because they have firewalls and IPSes. Those things are bulletproof, don’t ya know? Likewise, checking physical security amounted to verifying that the door to the server room was protected by a fingerprint scanner, and that’s it. A monitoring device was put on Nick for his release. Fair enough. It was controlled by an Android app. One of the settings was for how frequently the app checked the geolocation of Nick’s monitoring device. Nick was able to grab the Android phone at one point and change its settings so that it checked his location a lot less frequently. Why would the backend of a convict’s monitoring device be so insecure, physically and otherwise? Apparently, you can do a “whois” on both usernames and IP addresses. That’s news to me. On a related note, once you’ve found an IP address, you’ve definitely got someone! It’s not like dynamic IP addresses and IP address spoofing exist, or anything like that. Also, that contradicts how the movie shows that proxy server use can make attackers more difficult to find. In one scene, Nick and Lien eat at a Korean restaurant that’s somewhere in the United States. Hangul (Korean) characters can be seen here and there, but for some reason, there are Chinese characters to be seen as well. All that funny Asian writing is all the same, isn’t it? Anyway, at some point, Nick goes to the restaurant’s backroom, where there’s a PC with a couple of monitors. I could tell that Nick didn’t boot an OS from a USB stick or DVD. He didn’t use any external media, so he couldn’t have loaded applications from them either. A restaurant’s PC will typically have standard OS applications, financial software, and some sort of POS backend, without much else. I’d be surprised to find something like Wireshark or Nessus on a restaurant’s PC. Nonetheless, within mere seconds of acquiring physical access to the PC, Nick runs some pretty heavy duty network penetration tools. Black Widow is a fictional Nessus/OpenVAS-like program. Or perhaps it’s something like Kali Linux. It’s a super secret tool that only the FBI is supposed to have access to! As if these sorts of things are only developed by and used by the FBI! At one point, Nick and Lien are in the middle of a rural part of Malaysia. It’s really, really rural. There’s just a very tiny village there, and that’s it. Somehow, Lien is able to whip out her laptop and enjoy instant network connectivity. Maybe she’s using satellite technology, but that’s doubtful. FBI Agent Carol Barrett assures her colleagues that the Chinese can be trusted because “they’ve been cooperative so far.” I’ve written about Chinese cyber attacks on the United States before. Such incidents have been very frequent, and very recent. The movie takes place in March 2015. There was Operation Aurora in late 2009 that targeted Google and Adobe. The Office of the National Counterintelligence Executive reported Chinese cyber attacks on American military servers to Congress in November 2011. Backdoors have been found in devices sold to the United States and manufactured by Huawei and ZTE, both of which are closely tied to the Chinese government. That’s just the tip of the iceberg. The FBI should be well aware that collaborating with the Chinese to investigate cyberwarfare is a bad idea. There are probably intelligence types who laughed while watching this movie. Summary It’s obvious to me that some effort was made to make Blackhat technically accurate. But clearly, there were still blunders. As far as the American and Chinese collaboration in the film is concerned, I think that can be explained with three words: International box office. More and more, major Hollywood studios are relying on it to make movies that cost $70 to 150 million profitable. For instance, by Hollywood blockbuster standards, Pacific Rim didn’t do very well in the United States. But it ended up making a lot of money anyway, largely from Chinese moviegoers. Hollywood looks at China with dollar signs in her eyes. So, it was an absolute must that the Chinese government was depicted positively in the movie. Compared to previous attempts, Blackhat is an improvement in how information security and computer technology is portrayed in fiction. But it’s only a minor improvement. Source
  9. Eleven people were charged in the U.S., India, China and Romania for their suspected involvement with websites offering email hacking services. Mark Anthony Townsend, 45, of Cedarville, Arkansas, and Joshua Alan Tabor, 29, of Prairie Grove, Arkansas, were charged with a felony offense for hacking into nearly 6,000 email accounts, the U.S. Attorney’s Office for the Central District of California announced Friday. Authorities believe Townsend and Tabor operated a website called needapassword.com through which they offered to obtain, for a fee, the passwords to email accounts supplied by other users. The payments were received via PayPal. Three other U.S. residents were charged with misdemeanor offenses for hiring email hackers from foreign countries. John Ross Jesensky, 30, of Northridge, California, is believed to have paid $21,675 to a Chinese website to get email account passwords. Laith Nona, 31, of Troy, Michigan, and Arthur Drake, 55, of Bronx, New York, are suspected to have paid $1,081 and $1,011 respectively for similar services. The five defendants are expected to plead guilty in the coming weeks, the U.S. Attorney’s Office said. The cases are related to an international law enforcement operation in four countries that also resulted in the arrest of six people in India, China and Romania. Prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism, known as DIICOT, charged and detained four people who are believed to have offered email hacking services through several websites: zhackgroup.com, spyhackgroup.com, rajahackers.com, clickhack.com, ghostgroup.org, and email-hackers.com. According to the U.S. Attorney’s Office, the scheme run by the Romanian suspects affected around 1,600 email accounts between Feb. 2011 and Oct. 2012. However, a news release Friday from DIICOT that only mentioned house searches said the suspects hacked into over 2,000 email accounts for fees between $50 and $200. In India, the Central Bureau of Investigation (CBI) arrested a man named Amit Tiwari for running the websites www.hirehacker.net and www.anonymiti.com, the U.S. Attorney’s Office said. Searches have also been executed at his and associates’ residences. India’s Central Bureau of Investigation didn’t name the arrested suspect in its own news release Friday but said that he is from Pune. The suspect and his associates are believed to have gained unauthorized access to over 900 email accounts between February 2011 and February 2013 for fees between $250 to $500, the CBI said. In China, the Ministry of Public Safety arrested Ying Liu, also known as Brent Liu, under the suspicion that he operated a website called hiretohack.net. Liu is believed to have gained access to over 300 email accounts without authorization between January 2012 and March 2013, the U.S. Attorney’s Office said. ”For India’s CBI, China’s MPS, Romania’s DCCO [a division of DIICOT], and the FBI to cooperate together on a single case is without precedence,” Gary Warner, the Director of Research in Computer Forensics at the University of Alabama at Birmingham, said Saturday in a blog post. “A great sign towards a bad future for cyber criminals.” The arrests come after earlier last week DIICOT arrested a person suspected to be the celebrity hacker Guccifer who hacked into the email addresses of many U.S. and foreign public figures including former U.S. Secretary of State Colin Powell and members of the former U.S. President’s George W. Bush family. Source: http://www.pcworld.com/article/2091580/suspected-email-hackers-for-hire-charged-in-four-countries.html Author: Lucian Constantin
  10. It's not surprising that FBI uses malware to track the activities and location of suspects. A New article published by Washington Post covers the story about FBI using malware for surveillance to track suspect's movements. FBI team works much like other hackers, targets suspects with the Spear Phishing technique that will attempt to exploit vulnerability in the target's machine and installs malware. The malware then collects information from the infected machine and send it back to FBI's server. The malware is also capable of covertly activating webcams. In a bank fraud case, Judge Stephen Smith rejected FBI request to install spyware in the suspect's system in April. Smith pointed out that using such kind of technologies ran the risk of accidentally capturing information of others who are not involved in any kind of illegal activity. In another case, another judge approved the FBI's request in December 2012. The malware also successfully gathered enough information from the suspect's system and helped in arresting him. In another case, July 2012, an unknown person who is calling himself "Mo" from unknown location made a series of threats to detonate bombs at various locations. He wanted to release a man who had been arrested for killing 12 people in a movie theater in the Denver suburb of Aurora, Colo. After investigation, they found out Mo was using Google Voice to make calls to Sheriff , he also used proxy for hiding his real IP. After further investigation, FBI found out Mo used IP address located in Tehran when he signed up for the email account in 2009. In December 2012, judge approved FBI's request that allowed the FBI to send email containing surveillance software to the suspect's email id. However, the malware failed to perform as intended. But, Mo's computer sent a request for info to FBI's server from two different IP address. Both suggested that he was still in Tehran. Source: http://www.ehackingnews.com/2013/12/fbi-uses-spear-phishing-technique.html
  11. Microsoft didn’t wait long after unveiling its state-of-the-art cybercrime center to make a calculated strike against online scam artists. The new facility, based on the company campus in Redmond, Wash., is already collaborating with law enforcement agencies worldwide to disrupt the sprawling and insidious ZeroAccess botnet—which not incidentally represents a grave threat to Microsoft customers and the tech giant itself. ZeroAccess, sometimes identified as max++ or Sirefef, has harnessed the processing power of as many as 2.2 million enslaved PCs to carry out Bitcoin mining operations and other moneymaking schemes. Victims are tricked, in a variety of ways, into downloading a Trojan rootkit, which not only allows for further infiltration of a device but cleverly conceals any evidence of a malware attack, ensuring continued access. Security blogger Brian Krebs wrote about how the botnet was recently tweaked so that infected computers would participate in so-called click fraud, “the practice of fraudulently generating clicks on ads without any intention of fruitfully interacting with the advertiser’s site.” That activity costs online advertisers as much as $2.7 million a month—so while the security and privacy of Microsoft Windows users are certainly compromised, ZeroAccess is bad for business across the board. Working closely with the FBI, the cybercrime divisions of Europol and several European countries, and other industry players including A10 Networks—a sure indication of the increasingly cozy relationship between government and private tech, at least where their interests align—Microsoft filed a civil suit against eight individuals believed to be operating the ZeroAccess botnet. The company was also authorized “to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes,” according to Europol. So far, it’s been hard to gauge the impact of these moves, and it’s not as though the infected computers will be suddenly “cured.” As Krebs explained, the damage was done to “servers that deliver a specific component of ZeroAccess that gives infected systems new instructions on how to defraud various online advertisers.” That may significantly slow the spread of malware; stopping it altogether would be a more difficult matter. The problem, according to Dell SecureWorks researcher Brett Stone-Gross, who has studied the resilience of malicious botnets in detail, is that ZeroAccess and similar entities are built to withstand such a blow. With a peer-to-peer network that scraps any point of failure to keep the rest of the botnet active, the operators can release a new plugin “to restart their click fraud and search engine hijacking activities,” he said. Indeed, in response to the disruption the criminals swiftly uploaded a template identified as “zooclicker” to the millions of still-infected PCs and got their click-fraud scheme humming again—but it didn’t last, and the servers went down soon after. The next configuration files to appear carried the text “WHITE FLAG,” though there’s no telling if the surrender is permanent or even a simple feint. One gets the feeling, rather, that this war has just begun. Source: The Daily Dot More details: krebsonsecurity.com
  12. Buna ziua RST, Am o intrebare pentru voi. Algoritmul Gutmann-35 este un algoritm facut de catre Peter Gutmann si Colin. Acest algoritm sterge datele folosind 35 pasi diferiti (mai multe info aici: Gutmann method - Wikipedia, the free encyclopedia). Recent am citit un articol ca metoda Gutmann-35 este total inutila. Caci chiar daca re-scris peste acea zona unde se afla un fisier de 35x, aceasta poate fi totusi recuperata folosind magnetii speciali de care numai CIA sau FBI-ul il detine. Intrebarea mea este, daca intr-adevar exista o astfel de tehnologie care sa ajuta la recuperarea fisierelor chiar daca ai folosit inclusiv metoda Gutmann-35. Inseamna ca nu exista absolut nici o metoda care sa fie datele tale 100% sterse? Totusi, ce am prezentat mai sus am vorbit pentru un simplu Hard-Disk care foloseste platane. Cum ar functiona in cazul unui SSD? Se sterg mai usor si mai sigur datele de pe un SSD decat de pe un HDD? cum sta treaba? Multumesc! EDIT: Am uitat sa precizez, O metoda 100% de a sterge datele asta inseamnand Fara distrugerea fizica a HDD-ului/SSD-ului. Si ca sa fie clar, nu am intentii rele. Nu am de ce sa ma tem, sunt doar curios. Cu bine!
  13. FBI a lansat o atentionare pentru femeile singure care folosesc site-urile de socializare. Anchetatorii americani le spun babelor singure si nelinistite ca pot fi victimele unor escroci sentimentali virtuali. Cititi mai jos textul comunicatului FBI: Millions of Americans visit online dating websites every year, hoping to find a companion or even a soul mate. But today, on Valentine’s Day, we want to warn you that criminals use these sites, too, looking to turn the lonely and vulnerable into fast money through a variety of scams. These criminals—who also troll social media sites and chat rooms in search of romantic victims—usually claim to be Americans traveling or working abroad. In reality, they often live overseas. Their most common targets are women over 40 who are divorced, widowed, and/or disabled, but every age group and demographic is at risk. Here’s how the scam usually works. You’re contacted online by someone who appears interested in you. He or she may have a profile you can read or a picture that is e-mailed to you. For weeks, even months, you may chat back and forth with one another, forming a connection. You may even be sent flowers or other gifts. But ultimately, it’s going to happen—your new-found “friend” is going to ask you for money. So you send money…but rest assured the requests won’t stop there. There will be more hardships that only you can help alleviate with your financial gifts. He may also send you checks to cash since he’s out of the country and can’t cash them himself, or he may ask you to forward him a package. So what really happened? You were targeted by criminals, probably based on personal information you uploaded on dating or social media sites. The pictures you were sent were most likely phony, lifted from other websites. The profiles were fake as well, carefully crafted to match your interests. In addition to losing your money to someone who had no intention of ever visiting you, you may also have unknowingly taken part in a money laundering scheme by cashing phony checks and sending the money overseas and by shipping stolen merchandise (the forwarded package). While the FBI and other federal partners work some of these cases—in particular those with a large number of victims or large dollar losses and/or those involving organized criminal groups—many are investigated by local and state authorities. We strongly recommend, however, that if you think you’ve been victimized by a dating scam or any other online scam, file a complaint with ourInternet Crime Complaint Center. Before forwarding the complaints to the appropriate agencies, IC3 collates and analyzes the data—looking for common threads that could link complaints together and help identify the culprits. Which helps keep everyone safer on the Internet. For specific tips on how to keep from being lured into an online dating scam, see the sidebar above. Awareness is the best tool for preventing crime…and in this case, even from preventing a broken heart. Recognizing an Online Dating Scam Artist Your online “date” may only be interested in your money if he or she: - Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging; - Professes instant feelings of love; - Sends you a photograph of himself or herself that looks like something from a glamour magazine; - Claims to be from the U.S. and is traveling or working overseas; - Makes plans to visit you but is then unable to do so because of a tragic event; or - Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for child or other relative, visas or other official documents, losses from a financial setback or crime victimization). One way to steer clear of these criminals all together is to stick to online dating websites with nationally known reputations.
  14. wvw

    Hunting Anonymous

    The FBI has received logs containing IP addresses that took part in the Denial of Service attacks on various corporations including PayPal and Mastercard. Arrests have been made already. Not many, but you’re talking about a bureaucracy here, where they waste a lot of time. So more may be coming. So, maybe you took part in the attacks and used LOIC from your home computer? What does this mean exactly? I can tell you. This means that with the current version of LOIC, your current IP is sent in each packet header. Meaning your home IP address, meaning the trail does lead back to you. Yeah, I know what you’re thinking. That really does suck. I’ve heard rumors on the interwebs that LOIC is being updated to spoof the origin IP. This will complete the tool but unfortunately (or fortunately… to some investigators) it was not part of the public versions of the tool. Hunting Anonymous | Anti-Forensics
  • Create New...