close
  • chevron_right

    Hydra, the world’s biggest cybercrime forum, shut down in police sting

    news.movim.eu / ArsTechnica · Tuesday, 5 April - 21:30

A cartoon figure stalks a giant bitcoin logo.

Enlarge / Laundering of stolen cryptocurrency was a key service offered by Hydra. (credit: Getty Images )

Hydra, the world’s biggest cybercrime forum, is no more. Authorities in Germany have seized servers and other infrastructure used by the sprawling, billion-dollar enterprise along with a stash of about $25 million in bitcoin.

Hydra had been operating since at least 2015 and had seen a meteoric rise since then. In 2020, it had annual revenue of more than $1.37 billion, according to a 2021 report jointly published by security firm Flashpoint and blockchain analysis company Chainalysis. In 2016, the companies said Hydra had a revenue of just $9.4 million. German authorities said the site had 17 million customer and over 19,000 seller accounts registered.

Cybercrime bazaar

Available exclusively through the Tor network, Hydra was a bazaar that brokered sales of narcotics, fake documents, cryptocurrency-laundering services, and other digital goods. Flashpoint and Chainalysis identified 11 core operators but said the marketplace was so big that it likely was staffed by “several dozen people, with clearly delineated responsibilities.”

Read 6 remaining paragraphs | Comments

index?i=N5fihP3qZhw:x6QzifaiiVA:V_sGLiPBpWUindex?i=N5fihP3qZhw:x6QzifaiiVA:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Telegram emerges as new dark web for cyber criminals

    news.movim.eu / ArsTechnica · Friday, 17 September, 2021 - 13:39

Telegram emerges as new dark web for cyber criminals

Enlarge (credit: Carl Court / Getty Images )

Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web.

An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks on the popular messaging platform, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.

In many cases, the content resembled that of the marketplaces found on the dark web, a group of hidden websites that are popular among hackers and accessed using specific anonymizing software.

Read 25 remaining paragraphs | Comments

index?i=KjiwVFNL6Xc:Or3zt4YvESY:V_sGLiPBpWUindex?i=KjiwVFNL6Xc:Or3zt4YvESY:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Saudi Aramco confirms data leak after $50 million cyber ransom demand

    news.movim.eu / ArsTechnica · Thursday, 22 July, 2021 - 16:56

The Hawiyah Natural Gas Liquids Recovery Plant, operated by Saudi Aramco, in Hawiyah, Saudi Arabia, on Monday, June 28, 2021.

Enlarge / The Hawiyah Natural Gas Liquids Recovery Plant, operated by Saudi Aramco, in Hawiyah, Saudi Arabia, on Monday, June 28, 2021. (credit: Bloomberg | Getty Images)

Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company files had been leaked via a contractor, after a cyber extortionist claimed to have seized troves of its data last month and demanded a $50 million ransom from the company.

Aramco said in a statement that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” The oil company did not name the supplier or explain how the data were compromised.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cyber security posture,” Aramco added.

Read 13 remaining paragraphs | Comments

index?i=p9Rf6tTuhuA:ZZbM-hd30pQ:V_sGLiPBpWUindex?i=p9Rf6tTuhuA:ZZbM-hd30pQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    ‘We expect them to act’: Biden presses Putin on ransomware groups, hints at retaliation

    news.movim.eu / TheGuardian · Saturday, 10 July, 2021 - 02:59

Joe Biden’s hour-long phone call with the Russian leader suggests growing impatience over attacks disrupting US sectors

Joe Biden has increased pressure on Vladimir Putin to move against ransomware groups operating from Russia, warning the United States is prepared to respond if cyberhacks are not stopped.

The two leaders held an hour-long phone call on Friday, their first since they discussed ransomware attacks at a summit in Geneva on 16 June. Biden’s message to Putin in the call was direct, suggesting a growing impatience over attacks that have disrupted key US sectors.

Continue reading...
  • chevron_right

    Ukraine arrests ransomware gang in global cybercriminal crackdown

    news.movim.eu / ArsTechnica · Friday, 18 June, 2021 - 09:57

A chainlink fence separates us from fossil fuel tanks.

Enlarge / A Colonial Pipeline facility in Woodbridge, New Jersey. Hackers last month disrupted the pipeline supplying petroleum to much of the East Coast. (credit: Michael M. Santiago, Getty Images )

Ukrainian police have arrested members of a notorious ransomware gang that recently targeted American universities, as pressure mounts on global law enforcement to crack down on cybercriminals.

The Ukraine National Police said in a statement on Wednesday that it had worked with Interpol and the US and South Korean authorities to charge six members of the Ukraine-based Cl0p hacker group, which it claimed had inflicted a half-billion dollars in damages on victims based in the US and South Korea.

The move marks the first time that a national law enforcement agency has carried out mass arrests of a ransomware gang, adding to pressure on other countries to follow suit. Russia, a hub for ransomware gangs, has been blamed for harbouring cybercriminals by failing to prosecute or extradite them.

Read 9 remaining paragraphs | Comments

index?i=RUaDRBxNsGs:pq1IF-Kp6Kw:V_sGLiPBpWUindex?i=RUaDRBxNsGs:pq1IF-Kp6Kw:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • chevron_right

    Ireland’s healthcare system taken down after ransomware attack

    news.movim.eu / ArsTechnica · Friday, 14 May, 2021 - 16:17

St. Vincent

Enlarge / St. Vincent's University Hospital in Dublin, Ireland. (credit: Bloomberg | Getty Images)

Ireland has shut down most of the major IT systems running its national healthcare service, leaving doctors unable to access patient records and people unsure of whether they should show up for appointments, following a “very sophisticated” ransomware attack.

Paul Reid, chief executive of Ireland’s Health Service Executive, told a morning radio show that the decision to shut down the systems was a “precautionary” measure after a cyber attack that impacted national and local systems “involved in all of our core services.”

Some elements of the Irish health service remain operational, such as clinical systems and its Covid-19 vaccination program, which is powered by separate infrastructure. Covid tests already booked are also going ahead.

Read 12 remaining paragraphs | Comments

index?i=kIW2dHc6flo:W07g3r73udU:V_sGLiPBpWUindex?i=kIW2dHc6flo:W07g3r73udU:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Sc chevron_right

    On That Dusseldorf Hospital Ransomware Attack and the Resultant Death

    news.movim.eu / Schneier · Monday, 23 November, 2020 - 16:04 · 2 minutes

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. The police wanted to prosecute the ransomware attackers for negligent homicide, but the details were more complicated:

After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to. “The delay was of no relevance to the final outcome,” Hartmann says. “The medical condition was the sole cause of the death, and this is entirely independent from the cyberattack.” He likens it to hitting a dead body while driving: while you might be breaking the speed limit, you’re not responsible for the death.

So while this might not be an example of death by cyberattack, the article correctly notes that it’s only a matter of time:

But it’s only a matter of time, Hartmann believes, before ransomware does directly cause a death. “Where the patient is suffering from a slightly less severe condition, the attack could certainly be a decisive factor,” he says. “This is because the inability to receive treatment can have severe implications for those who require emergency services.” Success at bringing a charge might set an important precedent for future cases, thereby deepening the toolkit of prosecutors beyond the typical cybercrime statutes.

“The main hurdle will be one of proof,” Urban says. “Legal causation will be there as soon as the prosecution can prove that the person died earlier, even if it’s only a few hours, because of the hack, but this is never easy to prove.” With the Düsseldorf attack, it was not possible to establish that the victim could have survived much longer, but in general it’s “absolutely possible” that hackers could be found guilty of manslaughter, Urban argues.

And where causation is established, Hartmann points out that exposure for criminal prosecution stretches beyond the hackers. Instead, anyone who can be shown to have contributed to the hack may also be prosecuted, he says. In the Düsseldorf case, for example, his team was preparing to consider the culpability of the hospital’s IT staff. Could they have better defended the hospital by monitoring the network more closely, for instance?

  • Te chevron_right

    2019 was a hot mess for cybersecurity, but 2020 shows promise

    news.movim.eu / TechCrunch · Saturday, 4 January, 2020 - 18:30 · 2 minutes

It’s no secret that I hate predictions — not least because the security field changes rapidly, making it difficult to know what’s next. But given what we know about the past year, we can make some best-guesses at what’s to come.

Ransomware will get worse, and local governments will feel the heat

File-encrypting malware that demands money for the decryption key, known as ransomware, has plagued local and state governments in the past year. There have been a near-constant stream of attacks in the past year — Pensacola, Florida and Jackson County, Georgia to name a few. Governments and local authorities are particularly vulnerable as they’re often underfunded, unresourced and unable to protect their systems from many major threats. Worse, many are without cybersecurity insurance, which often doesn’t pay out anyway.

Sen. Mark Warner (D-VA), who sits on the Senate Intelligence Committee, said ransomware is designed to “inflict fear and uncertainty, disrupt vital services, and sow distrust in public institutions.”

“While often viewed as basic digital extortion, ransomware has had materially adverse impacts on markets, social services like education, water, and power, and on healthcare delivery, as we have seen in a number of states and municipalities across the United States,” he said earlier this year.

As these kinds of cyberattacks increase and victims feel compelled to pay to get their files back, expect hackers to continue to carry on attacking smaller, less prepared targets.

California’s privacy law will take effect — but its repercussions won’t be immediately known

On January 1, California’s Consumer Privacy Act (CCPA) began protecting the state’s 40 million residents. The law, which has similarities to Europe’s GDPR , aims to put much of a consumer’s data back in their control. The law gives consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.

But many companies are worried — so much so that they’re lobbying for a weaker but overarching federal law to supersede California’s new privacy law. The CCPA’s enforcement provisions will kick in some six months later , starting in July. Many companies are not prepared and it’s unclear exactly what impact the CCPA will have.

One thing is clear: expect penalties. Under GDPR, companies can be fined up to 4% of their global annual revenue. California’s law works on a sliding scale of fines, but the law also allows class action suits that could range into the high millions against infringing companies.

More data exposures to be expected as human error takes control

If you’ve read any of my stories over the past year , you’ll know that data exposures are as bad, if not worse than data breaches. Exposures, where people or companies inadvertently leave unsecured information online rather than an external breach by a hacker, are often caused by human error.

The problem became so bad that Amazon has tried to stem the flow of leaks by providing tools that detect inadvertently public data. Those tools will only go so far. Education and awareness can go far further. Expect more data exposures over the next year, as companies — and staff — continue to make mistakes with their users’ data.

Voter databases and election websites are the next target