Monday, June 27, 2016

New Economics of Cybercrime: One of the World's Largest Botnets Has Vanished

The Cold War river Dniester is ‘the geographic border between free-market capitalism and whatever you want to call the system Vladimir Putin runs’ (it remains unclear why that system shouldn’t also be called ‘free-market capitalism’). To cross into Putinland is to realise that ‘the best of capitalism is over for us’: around 2050 it will all start to collapse, through climate change, ageing, migration and economic dysfunction One MEdia  Dragon Click at a Time LRB. On “post-capitalism.”

Google has announced new settings for its two-step verification (2SV) functionality. If you have Google accounts it is recommended that you add this feature to protect yourself against the theft of personal information.

Digital currency Ethereum nose-dives after $50 million hack MarketWatch

Second Assailant Drains Ethereum Funds From The DAO NewsBTC

Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats – by John P. Carlin, Harvard Law School National Security Journal. Volume 7, Issue 2: “With increasing network intrusions affecting the U.S. government and American companies, and unsecured connectivity creating new vulnerabilities to cyber attacks, the United States is implementing a whole-of-government, all-tools approach to countering cyber threats.
With no warning, one of the world's largest criminal botnets—a massive collection of computers used to launch attacks—has disappeared. Researchers have reported huge drops in traffic for two of the most popular pieces of malware which rely on it. “We can only tell that the Dridex and Locky spam campaigns stopped since June 1 in our observation. We cannot confirm how the botnet was brought down yet”

*Tax convictions falling as technology traps criminals

The news that MEdia Dragon knows who did it is exaggerated ...One of the World's Largest Botnets Has Vanished

This Productivity Commission paper focuses on the role of government in the face of potentially disruptive technological change
Digital Disruption: What do governments need to do?

It’s a good time to be a cybercriminal. There are more victims to target, there is more data to steal, and there is more money to be made from doing so than ever before. It would seem to follow, then, that there’s been very little progress since 2007, when hackers stole at least 45.6 million credit-card numbers from the servers of TJX, the owner of TJ Maxx and Marshalls, catapulting the now-commonplace narrative of the massive data breach to national prominence. But the truth is that the forces of cyber law and order have made lots of headway in the past decade. There are still large-scale data breaches, but credit-card companies are getting better at detecting them early and replacing customers’ cards as needed, payment networks are pushing microchip-enabled cards that render transaction data worthless to criminals, and law enforcement has gotten smarter and savvier. The New Economics of Cybercrime

Intel Analyst at Tax Office on Covert operations against taxpayers exposed

Also in the Unfair Dismissal jurisdiction, the ATO have been criticised by the Fair Work Commission for dismissing someone for being a ‘square peg in a round hole’, in the case of  Ron Shamir v Commonwealth of Australia (Australian Taxation Office) T/A Australian Taxation Office [2016] FWC 1844.  Commissioner Ryan held that despite the difficulties faced by the employee in achieving suitability for a new role that he was given, it was ‘harsh’ to dismiss someone for being a ‘square peg in a round hole’, especially when the employee was specifically hired to be a ‘square peg in a square hole.’  The employee was reinstated.

Corruption and crime syndicates threaten Australia's border security

A frustrated WA auditor general has warned he is seriously considering reversing his policy of not identifying the state government agencies with the weakest IT defences after they failed to improve their dismal cyber security postures. Last year, Murphy said his pentesters were able to break into two sensitive state government networks on their first go using the password ‘password’In this year’s report, the results are even worse   Password: WA Auditor General 

 Hackers Targeting Clinton Aides Struck Across U.S. Politics
Facebook Accused Of Tracking Users’ Internet Activity By Consuella Pachico – “Facebook is facing multidistrict litigation over allegations that the social media site tracked users’ internet activity after they logged off. Facebook is insisting that users cannot sue because they were not harmed by the site’s tracking activities. In response to users’ claim that their privacy rights were violated by post-logoff tracking, Facebook states that nothing in the amended complaint identifies “how the alleged violations caused plaintiffs to suffer real, actually existing injuries that are not abstract, conjectural, or hypothetical.”
  • In re: Facebook Internet Tracking Litigation, case number 5:12-md-02314, in the U.S. District Court for the Northern District of California.

A federal district court in Virginia ruled that a criminal defendant has no “reasonable expectation of privacy” in his personal computer, located inside his home. According to the court, the federal government does not need a warrant to hack into an individual’s computer. This decision is the latest in a series of decisions in prosecutions stemming from the FBI’s investigation of Playpen—a Tor hidden services site hosting child pornography. The FBI seized the server hosting the site in 2014, but continued to operate the site and serve malware to thousands of visitors that logged into the site. The malware located certain identifying information (e.g., MAC address, operating system, the computer’s “Host name”; etc) on the attacked computer and sent that information back to the FBI.  There are hundreds of prosecutions, pending across the country, stemming from this investigation. US V EDWARD JOSEPH MATISH, III

False Flags: The Kremlin’s Hidden Cyber Hand. “The Islamic State’s hacking army doesn’t actually work for ISIS—It’s part of the secret Russian online espionage effort against the West.”

 NAB using Veda to track disloyal business customers going to rival banks

Combating Nuclear Smuggling: NNSA’s Detection and Deterrence Program Is Addressing Challenges but Should Improve Its Program Plan, GAO-16-460

Fast-food chain Wendy's says an attack on credit card systems used by franchisees may be bigger than they initially believed. “[T]he number of franchise restaurants impacted by these cybersecurity attacks is now expected to be considerably higher than the 300 restaurants already implicated,” the company said in a press release Thursday. The company first announced the hack in May, saying at the time that fewer than 300 restaurants were affected. Another 50 were viewed as potential victims.

Intelligence work is often as much about gathering information as it is about disseminating misinformation. To that end, the Intelligence Advanced Research Projects Activity (IARPA) is looking for innovative solutions around deceptive cyber defenses. 

The technology chief at the Federal Trade Commission (FTC) is calling on mobile carriers to boost their customer verification features after the official’s mobile phone account was hijacked in Ohio a few weeks ago. The FTC’s Lorrie Cranor, who took over the job in December, published a blog post about the long back-and-forth with her mobile phone carrier after an identify thief posed as Cranor at a retail store to buy and activate two new iPhones on her account, which ended up cutting off service for Cranor. “Carriers should adopt a multi-level approach to authenticating both existing and new customers and require their own employees as well as third-party retailers to use it for all transactions,” she said in her blog post.

“Whether for emergency management and public health, reliable financial services or trusted access to education programs, the need for users to confirm the validity of official U.S. government digital platforms is critical. A challenge in embracing emerging startup and private sector platforms for public service is ensuring that citizens can trust the app used for official engagement is managed by the legitimate agency and not a unofficial source, phishing scam or malicious entity. The U.S. Digital Registry serves as the authoritative resource for agencies, citizens and developers to confirm the official status of social media and public-facing collaboration accounts, mobile apps and mobile websites. Data fields in the registry include the agency, platform, account, language, points of contact and collaborative tags.”

Morgan Stanley has agreed to pay a $1 million fine to settle U.S. Securities and Exchange Commission civil charges that security lapses at the Wall Street bank enabled a former financial adviser to tap into its computers and take client data home, the regulator said on Wednesday. The settlement resolves allegations related to Galen Marsh's unauthorized transfers from 2011 to 2014 of data from about 730,000 accounts to his home computer in New Jersey, some of which was hacked by third parties and offered for sale online. Marsh was sentenced in December to three years probation and ordered to pay $600,000 in restitution after pleading guilty to one felony count of unauthorized access to a computer. Prosecutors had sought prison time. According to the SEC, Morgan Stanley violated a federal regulation known as the Safeguards Rule by failing to properly protect customer data, allowing Marsh to access names, addresses, phone numbers, and account holdings and balances.

The ranking Democrat on the Senate Homeland Security Committee is expanding an investigation into the SWIFT banking network to include the Department of Homeland Security (DHS). Senator Tom Carper (D-Del.) this week sent letters to the DHS and the Bank for International Settlements (BIS) officials asking how both organizations are reacting to a recent series of digital bank heists and working to prevent new ones. He sent letters to SWIFT — the Society for Worldwide Interbank Financial Telecommunication — and the Federal Reserve Bank of New York last month. The letters are in response to an $81 million burglary of the Bangladeshi central bank and other attacks using the SWIFT network. “Given the importance of SWIFT to the global financial system, these recent attacks raise important questions regarding the security practices of member banks and their ability to prevent future attacks,” Carper wrote in his letter to DHS Secretary Jeh Johnson.

The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses. 

The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong…”
This Public Service Announcement (PSA) is an update to the Business E-mail Compromise (BEC) information provided in Public Service Announcements (PSA) 1-012215-PSA and 1-082715a-PSA.

Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems, GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016. “In GAO’s survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies also noted that attacks delivered through e-mail were the most serious and frequent. During fiscal year 2014, 11 of the 18 agencies reported 2,267 incidents affecting their high-impact systems, with almost 500 of the incidents involving the installation of malicious code.

Kaspersky Lab, June 22, 2016: “Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely used e-currency. This report covers the evolution of the threat over the last two years
Main findings:
  • The total number of users who encountered ransomware between April 2015 and March 2016 rose by 17.7% compared to the previous 12 months (April 2014 to March 2015) – from 1,967,784 to 2,315,931 users around the world;
  • The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware rose 0.7 percentage points, from 3.63% in 2014-2015 to 4.34% in 2015-2016;
  • Among those who encountered ransomware, the proportion who encountered cryptors rose dramatically – up 25 percentage points, from 6.6% in 2014-2015 to 31.6% in 2015-2016;
  • The number of users attacked with cryptors rose 5.5 times, from 131,111 in 2014-2015to 718,536 in 2015-2016;
  • The number of users attacked with Win-lockers decreased 13.03%, from 1,836,673 in 2014-2015 to 1,597,395 in 2015-2016…”