BT and Europol sign agreement to share cybersecurity intelligence data


The European Union Agency for Law Enforcement Cooperation (Europol) and communications company BT have joined forces in an agreement to exchange threat intelligence data.

A Memorandum of Understanding (MoU) was signed by both parties at Europol’s in The Hague in the Netherlands, which along with the creation of a framework to share knowledge of cybersecurity threats and attacks, will also help in facilitating sharing of information relating to cybersecurity trends, measures, technical expertise, and industry practices to reinforce cybersecurity in Europe.

To this end, BT will work alongside Europol’s European Cybercrime Centre (EC3), helping in identifying cyber threats and strengthening law enforcement response to cyber crimes.

“The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime,” said Steve Wilson, Head of Business at EC3. “Working co-operation of this type between Europol and industry is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise that BT bring will result in a significant benefit to our Europe wide investigations.”

BT became, earlier in the year, the first telecom provider to share information on malicious websites and softwares with other internet service providers (ISPs) via a free online portal, called the Malware Information Sharing Platform (MISP), to help them in tackling cyber threats.

The company will now share that information with Europol to aid in cybercrime investigations.

“We at BT have long held the view that coordinated, cross border collaboration is key to stemming the global cyber-crime epidemic,” Kevin Brown, VP, BT Security Threat Intelligence, said. “We’re working with other law enforcement agencies in a similar vein to better share cybersecurity intelligence, expertise and best practice to help them expose and take action against the organised gangs of cybercriminals lurking in the dark corners of the web.”

BT currently has a team of more than 2,500 cybersecurity experts who have so far helped to identify and share information on more than 200,000 malicious domains.


Tamil Rockers websites taken down after admins’ arrest

Over 19 websites owned by Tamil Rockers have been blocked by Google after five admins of these domains were taken into custody by Kerala police for piracy. The websites include tamilrockers.in, tamilrockers.me, tamilrockers.is, tamilrockers.ac, tamilrockers.co, and other similar domain names.

The websites were used for uploading new pirated South Indian movies and members made as much as ₹1 crore over the last few months.

The police had taken the five culprits into custody on Thursday after tracking an email sent by an advertisement company to one Akhil, which had reportedly mentioned having a connection with the piracy website.

“This ad company had sent a mail to Akhil, offering to publish ads on the website he was running. In that email, the company happened to mention that they have ties with Tamil Rockers. We got the information about Tamilrockers through this ad company,” said Anti-Piracy Cell SP B.K. Prasanthan Kani.

The Ad company was connected in a similar case back in 2016.

The accused — TNRockers owner Prabhu, DVD Rockers owner Johnson and his accomplice Maria John, and Karthi from Villupuram along with his accomplice, Suresh — were nabbed by the police by tracing their bank accounts.

Their laptops, mobiles, and such hardware were also confiscated.

“All the gang members were technically qualified. It even included M.Sc. and B.Sc. holders in computer science. They used to record movies in pieces from various parts of the world and join it. We are trying to trace more members of the gang including Karthi’s brothers,” Prasanthan told Deccan Chronicle.

CBI busts child pornography racket internationally operating on WhatsApp

The Central Bureau of Investigation (CBI) on Thursday busted an internationally operating WhatsApp-based child pornography racket, which had 199 members from all over the world.

According to CBI, the racket was being operated from Delhi, Noida, and Uttar Pradesh.

The main WhatsApp group admin and kingpin, Nikhil Verma (20), has been arrested and the police have searched the premises of Verma and four other suspects — Satyendra Chauhan, Nafis Raza, Zahid, and Adarsh — in Delhi, Uttar Pradesh, and Maharashtra.

CBI is investigating whether the videos uploaded on the group were recorded by the admins or were sourced from elsewhere, and whether they were charging money for sharing the clips.

The group (called “KidsXXX”) had 199 members and included nationals from India and various other countries including US, Pakistan, Brazil, Afghanistan, Sri Lanka, Kenya, Nigeria, Mexico, and New Zealand.

After receiving intelligence of the group, CBI tracked the IP addresses of the admins and kept a watch for sometime before carrying out the raids.

CBI has registered a case against the admins and members of the group under section 67-B of the IT Act and law enforcement of other countries involved have also been contacted. Identities of the victims are yet to be confirmed.

Police have seized laptops and hardware of the administrators where child pornographic content was found.

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.

Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.

New Intel Security Flaw Detected

F-Secure, a Finnish cybersecurity firm revealed on Friday that it has discovered another security flaw in the Intel hardware. This flaw could enable hackers to access corporate laptops remotely.

Earlier it was revealed that the Intel chip had flaws that made almost every smartphone, laptop, or tablets vulnerable to hackers. This flaw is allegedly unrelated to Spectre and Meltdown but is rather an issue within Intel Active Management Technology (AMT).

According to F-Secure, AMT is commonly found in most corporate laptops and the flaw will allow an attacker to take complete control over a user's device in a matter of seconds.

“The issue potentially affects millions of laptops globally," the cybersecurity firm said.

The hacker would need physical access to the device at first but once they had re-configured the AMT, they would be able to effectively “backdoor” the machine and access the device using a remote server, just by connecting to the same network as the user.

There is also a possibility that the hacker would be able to programme the AMT to their own server, thus bypassing the need to connect to the user’s network.

The hacker will be able to access all information on the device after exploiting the flaw and will be able to make changes, download malware, etc. quite easily. No solutions or security measures have been found as yet, other than choosing a strong AMT password or disabling the AMT completely.

Hackers Target Winter Olympics to be Held in South Korea

Cybersecurity company McAfee has discovered that hackers have targeted organizations connected to the Winter Olympics that will be held in South Korea, and have tried to access sensitive information.

The hacking campaign ran from December 22 and is still under investigation by the firm. McAfee has stated that the attacks point to “a nation-state adversary that speaks Korean.”

The attacks seem to have been carried out via emails sent to various organizations which contained a malicious document that would create a hidden black channel inside the computer if enabled. These emails are disguised as being sent by South Korea’s National Counter-Terrorism Council.

The emails were sent from a Singapore IP address and told receivers to open a text document in Korean.

Among those sent the messages are individuals associated with the ice hockey tournament at the Olympics. A report can be seen on their website by McAfee Labs here.

It has been reported that at least one of the recipient was infected by the document, according to a senior analyst at McAfee.

Android Malware Attacking Over 232 Banking Apps Discovered

A new Android malware is reportedly targeting over 232 banking applications, including a few banks in India. This was discovered by the internet and cybersecurity firm Quick Heal, which identified the Android Banking Trojan imitating banking mobile apps around the world.

It includes major Indian banks apps from SBI, HDFC, ICICI, IDBI, and Axis, among others.

What is the malware?

The Trojan malware, named ‘Android.banker.A9480’, is being used to steal personal data such as login data, messages, contact lists, etc. from users and uploading it to a malicious server.

This malware also targets cryptocurrency apps installed on users’ phones to extract similar sensitive data.

Who has it affected?

According to Quick Heal, the banks affected by the malware include Axis mobile, HDFC Bank Mobile Banking, SBI Anywhere Personal, HDFC Bank Mobile Banking LITE, iMobile by ICICI Bank, IDBI Bank GO Mobile+, Abhay by IDBI Bank Ltd, IDBI Bank GO Mobile, IDBI Bank mPassbook, Baroda mPassbook, Union Bank Mobile Banking, and Union Bank Commercial Clients.

The full list can be found on Quick Heal’s original blog post.

How does the malware work?

The security firm has revealed that the malware is being distributed through a fake Flash Player app on third-party stores.

“This is not surprising given that Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often targeted by attackers,” the firm said in a statement.

Once the malicious app is installed, it will ask the user to activate administrative rights. The app sends continuous pop-ups until the user activates the admin privilege, even if the user denies the request or kills the process. Once activated, the malicious app hides its icon soon after the user taps on it.

They also revealed that if any of the targeted apps are found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password.

Since the malware is able to intercept incoming and outgoing SMS from an infected smartphone, it can bypass the OTP based two-factor authentication on the user’s bank account and can misuse the access.

How can users protect their data?

It should be noted that Adobe Flash player has been discontinued after Android 4.1 version as the player comes integrated with the mobile browser itself. There is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of the browser.

To stay safe from this trojan, users should take care to download only verified apps and avoid third-party apps or links provided in SMS or emails. Users should also keep the “Unknown Sources” option disabled in the settings (Settings > Security > Unknown Sources).

Additionally, users are advised to install a trusted mobile security app that can detect and block fake and malicious apps before they can infect their device.

It is also strongly advised to always keep the device OS and mobile security apps up-to-date as per official instructions.


" Narcos " helping users to potentially curb Cybercrime




The dark web isn't only a market for illicit drugs and stolen Visa or credit card numbers but rising underneath the surface of this already uncertain market place is a growing economy flourishing on stolen identities.

There is a developing interest for favoured user logins on the dark web, and the outcomes could indeed have devastating consequences for organizations and businesses around the world.
It is as comparative as the famous Netflix original series "Narcos" which recounts the story of former drug chieftain Pablo Escobar, who in his prime made as much profit trafficking cocaine in a year than the entire total national output of Colombia. And keeping in mind that there were many components and factors that prompted and later led to the rise of Escobar, the most critical was the developing worldwide demand.

Amidst all this a simple formula is followed from consumer credit card logins to iOS administrator credentials.

The more access someone has to a system, the more valuable their identity is on the dark web.

Experts estimate that stunning revenue of $800,000 a day by AlphaBay, which was taken down in July, demonstrates that the money made on the black market can overshadow what many best and no doubt the top security organizations—who are in charge of protecting these identities—acquire every year.

Today almost 80 per cent of all cyber security breaches involve privileged login credentials according to Forrester Research.

In the wrong hands those privileged logins can wreak destruction and havoc on a business either through an arranged inward attack or by closing a framework (system) down for ransom.
In a current illustration featured in a report from BAE systems and PwC, a group called APT10 focused solely on the privileged credentials of managed IT service co-ops (MSPs) that further permitted the hacker unprecedented potential access to the intellectual property and sensitive information of those MSPs and their customers all around.

The dark web is lucrative to the point that anybody with software engineering abilities and a wayward good compass can endeavour to trade out; therefore one cannot avoid and ward off every 
attempt to break into their system.

Understanding and realising that, we must ensure that no user has full, uncontrolled and unregulated access to our networks and systems. As it turns out to be certain that the most ideal approach to avert hackers, hoping to offer your privileged credentials on the dark web is to debase them however much as could be expected.

To bring this back around to "Narcos," if cocaine clients amid Escobar's rule as a narco-trafficker all of a sudden ended up being noticeably invulnerable to the forces of the  drug, the market demand—and the fortune Pablo Escobar was hoarding—would have long dried up.


 Similarly on the off chance that we could check the straightforwardness or the ease at which culprits can utilize privileged credentials we can possibly control the cybercrime. The same is valid for offering and selling credentials and certifications alike, on the dark web.



Microsoft Sues IP Address for Windows, Office Piracy

Microsoft has filed a lawsuit against an individual IP address that was reportedly attempting to activate a pirated version of Windows and Office. The IP address points to a Comcast office in New Jersey and is accused of trying to activate over 1,000 copies of the software.

It is unclear who the complaint is filed against as the lawsuit mentions “John Does 1-10” and the IP address (73.21.204.220).

The full complaint can be seen below.

“During the software activation process, Defendants contacted Microsoft activation servers in Washington over 2800 times from December 2014 to July 2017, and transmitted detailed information to those servers in order to activate the software,” Microsoft claims in the complaint.

Microsoft is suing for both copyright and trademark infringement and has asked the court to seize all copies of the unlicensed software.


Tatkal Ticket Scam Uncovered, CBI Official Arrested

Ajay Garg, an assistant programmer at the Central Bureau of Investigation (CBI), has been arrested by his own agency for developing a software that exploits the vulnerabilities of the IRCTC railway ticketing system to book over 1000 Tatkal tickets at a time.

Ajay joined CBI in 2012 and had been working with IRCTC previously for five years (2007-2011).

Rather than reporting the vulnerabilities found by him, Garg instead used them for his own gain and amassed a huge wealth by making his software available to travel agents through his accomplice Anil Gupta, who can then easily book Tatkal tickets for clients for a fee using the software.

As seats are limited, by the time the users fill in their details, the Tatkal quota is already booked. So the users turn to travel agents who can book these tickets using the software. These tickets are genuine and the payments of the tickets go to the railways, according to officials.

However, in addition to the cost of the software, there is a charge on every ticket booked using the software, which is paid to Garg using a complex system of Indian and foreign servers, online masking, and cryptocurrencies like bitcoin.

“Use of such software is illegal as per rules and regulations of IRCTC and also under the Railways Act,” Abhishek Dayal, CBI spokesperson, said.

Garg and Gupta, along with 13 others including Garg’s family members and travel agents, have been arrested.

According to Dayal, the CBI has carried out searches at 14 locations in Delhi, Mumbai, and Jaunpur during which it recovered Rs 89.42 lakh in cash, gold jewellery valued at Rs 61.29 lakh, 15 laptops, 15 hard disks, 52 mobile phones, 24 SIM cards, 10 notebooks, 6 routers, 4 dongles, and 19 pen drives.

Both Garg and Gupta have been sent to a five-day CBI custody by a court.


₹79 lakh online fraud to withdraw ₹49 in over 1.5 lakh transactions

A gang from Jharkhand, responsible for fraud of over ₹79 lakh, was busted on Friday for hacking over 2,020 accounts of State Bank of Mysore (SBM) customers last year.

The gang was led by a 19-year-old school dropout. Suraj Mohali, the accused perpetrator, has now been arrested along with three others for hacking and withdrawing ₹49 from the savings bank accounts and Mastercard holders of SBM in Bengaluru, Sringeri, Mangaluru, and Tirthahalli.

The gang made as much as 1.56 lakh transactions, withdrawing over ₹79 lakh in a few hours.

Then they diverted this money into different bank accounts using fake documents and used some of the cash to recharge mobile phones, which led to the cyber police tracking them down and arresting them.

The gang is allegedly a part of a much larger network operating in Jharkhand.

The mastermind behind this network is yet to be identified, but would allegedly give them the details of various bank accounts and instruct them to withdraw only ₹49 from each account.

The Inspector-General of Police, Chandrashekhar said, “We cracked the case after tracking the accused for over a year. We are questioning them to know more about the racket.” The accused and his accomplices have been brought to Bengaluru for questioning.

It has reportedly been found during the investigation that many youths from Jharkhand are trained and involved in online fraud throughout the country.

Yekaterinburg Police arrested a Cybercrime ring for stealing money from Bank cards


In Yekaterinburg, Police caught a group of cyber criminals for stealing money from bank cards, according to the local news report.

The accused sent fake messages to victims that says money is withdrawn from his account. It appears they have given a fake helpline number also. If the victim call that number, the criminals pretending be from Bank will convince the victim to give all information about the card and other bank related information.

The gathered information will be later used by the criminals to steal money from the victims' accounts. The criminals spent the stolen money to buy expensive cars and houses.

The cyber criminals scammed not only normal citizens from different regions of Russia, but also older generation with a small pension. The direct value of losses exceeded 600 thousand Rubles.

During the search at the location of accused, the police seized Computer Equipment, Mobile Phones, more than 50 SIM cards, Bank Cards, money and gun.

The largest bank in Central and Eastern Europe SBERBANK commented on that situation: "Bank personnel are prohibited to disclose personal details of clients and send its to third parties. If you have been contacted by strangers, who are trying to find out information about your Bank card, be careful: it's clear signs of fraud. We recommend you to call the Bank or contact the personnel at the Bank".

Voices and handwriting were examined to find the criminals in this case. Also, law enforcement officers used modern computer technology to track down criminals' place of work. The accused may receive about 5 years imprisonment.

- Christina
 

Suspected Criminal Mastermind detained for laundering money through Bitcoin



In Greece, Russian citizen Alexander Vinnik was detained. It is assumed that 38 year-old-man since 2011 is used Crypto Currency to launder more than 4 billion dollars.

Greek police said that Russian man is a head of a criminal group. It is alleged that Vinnik is one of the owners of the BTC-e.  BTC-e is one of the largest crypto currency exchanges in the world, based in Bulgaria, and its server is located in the Seychelles - It is also said that this is criminals favorite platform.

"He is also charged with identity theft, promotion of drug trafficking, and assistance in laundering proceeds from criminal activities for syndicates from around the world." the local report quotes the head of the crime investigation department at the US Internal Revenue Service.

U.S. authorities are sure that some part of money is money obtained as a result of a cyber attack on the Japanese digital currency exchange Mt.Gox, which is now closed.

Vinnik was detained in Greece on 25 July at the request of the American authorities. On set of charges to he faces up to 25 years in prison.

- Christina



Chinese hackers arrested as per the request of the U.S. govt


It seems that the disturbed relation between China and the U.S. over commercial cyberespionage has shown some sort of improvement.

A report published in Washington Post confirms that the Chinese government has arrested hackers, who had been identified by the U.S. officials as they stole commercial secrets from its firms to be sold or passed along to Chinese state-run companies, as per the request of the U.S. government.

However, the Chinese government did not public the details about those hackers. And the government has also clarified that arrests were not related to a mass sweep launched by the Chinese government in July in which authorities as of early September had arrested about 15,000 people in the charge of hacking, sending spam text messages and online scams.

The news report says that the Chinese government took the step in order to improve its relation with the U.S.

“For years, U.S. firms and officials have said Beijing hasn’t done enough to crack down on digital larceny. Experts estimate that Chinese industrial hacking costs U.S. firms tens of billions of dollars annually,” the report read.

However, White House and intelligence officials have not confirmed the arrests.

According to the news report, a senior administration official provided a statement, “As the president has said, we have repeatedly raised our concerns regarding cybersecurity with the Chinese, and we will continue to use all of our engagements to address our concerns directly with the Chinese.”

On September 25 the U.S.-China cyber-agreement announced under which both countries would cooperate “with requests to investigate cybercrimes” and “collect electronic evidence” and to mitigate malicious cyber-activities coming from their territory.


“Particularly now that we have reached this agreement with the Chinese, we should hold them at their word and see what they’re willing to do,” the U.S. official told Washington Post. “We have maintained all along that what we want to see is actions.”

Gozi Banking Trojan Creator pleads guilty

Creator of Banking Trojan 'Gozi' admitted his crime and is now awaiting sentencing.

Gozi is a trojan seen in action for quite some years now, and was first reported in 2007. It is a genuine threat to bankers and online banking in general as it has been separating people from their fortune.

In 2013, few men were arrested under the charges of operating the Gozi. Finally one of them, Deniss Calovskis, 30, has admitted committing the felon and pleaded guilty. Calovskis was held responsible for writing some of the codes for the trojan, according to a statement put out by the FBI in 2013. The agency said that the Latvian coder user the moniker 'Miami' in the web world, was arrested on suspicion of authorship for the code in his country in November 2012.

It was said and confirmed, that his codes misled people into thinking that they were on official banking sites.The US authorities were quite flabbergasted with the gang and the malware that provided the dark economy with "tens of millions of dollars". The rest of the gang are Russian Nikita Kuzmin and Romanian Mihai Ionut Paunescu. Reuters reported that the former admitted her crime in 2011, and that the latter is subject to extradition attention.

"This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars," said FBI assistant director in charge George Venizelos."Banking trojans are to cyber criminals what safe-cracking or acetylene torches are to traditional bank burglars, but far more effective and less detectable. The investigation put an end to the Gozi virus."


32 people charged in international hacking and insider trading ring

The Securities and Exchange Commission (SEC) of the United States announced on August 11 fraud charges against 32 people, among them two are Ukrainian men, after finding their involvement in an alleged international hacking and insider trading ring.

The SEC issued a press release informing that these people took part in a scheme to profit from stolen nonpublic information about corporate earnings announcements.

“Those charged include two Ukrainian men who allegedly hacked into newswire services to obtain the information and 30 other defendants in and outside the U.S. who allegedly traded on it, generating more than $100 million in illegal profits,” the press release read.

According to the press statement, the complaint against the people was filed under seal on August 10 in U.S. District Court in Newark, N.J.

The crooks used proxy servers to mask their identities and by posing as newswire service employees and customers.  The two allegedly recruited traders with a video showcasing their ability to steal the earnings information before its public release.

“The complaint charges that in return for the information, the traders sometimes paid the hackers a share of their profits, even going so far as to give the hackers access to their brokerage accounts to monitor the trading and ensure that they received the appropriate percentage of the profits,” the statement read.

Similarly, it also charges that the traders sought to conceal their illicit activity by establishing multiple accounts in a variety of names, funneling money to the hackers as supposed payments for construction and building equipment, and trading in products such as contracts for difference (CFDs).                                              

“This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” Mary Jo White, Chairperson of the SEC, said in the press release.

 “These hackers and traders are charged with reaping more than $100 million in illicit profits by stealing nonpublic information and trading based on that information. That deception ends today as we have exposed their fraudulent scheme and frozen their assets,” she added.

The SEC charged that Ivan Turchynov and Oleksandr Ieremenko created a secret web-based location to transmit the stolen data to traders in Russia, Ukraine, Malta, Cyprus, France, and three U.S. states, Georgia, New York, and Pennsylvania.

“This cyber hacking scheme is one of the most intricate and sophisticated trading rings that we have ever seen, spanning the globe and involving dozens of individuals and entities,” said Andrew Ceresney, Director of the SEC’s Division of Enforcement.  “Our use of innovative analytical tools to find suspicious trading patterns and expose misconduct demonstrates that no trading scheme is beyond our ability to unwind.”


Three Estonian men sentenced for internet fraud by US court

Manhattan federal court has sentenced over three years imprisonment to three Estonian men for their involvement in an Internet scheme that infected more than 4 million computers in over 100 countries.

U.S. District Judge Lewis A. Kaplan said that, "It's hard to pick up a newspaper this summer without reading about another one." Justifying his decision he said it was important to impose tough sentence.

Timur Gerassimenko, 35, was sentenced to four years, Dmitri Jegorov, 37, got 3 2/3 years and Konstantin Poltev, 31, received 3 1/3 years for their roles in an internet  fraud.

According to the government, Gerassimenko was the main culprit behind this fraud, he hired programmers, Jegorov as the lead network administrator while Poltev as the public face of the enterprise.

When the men were arrested in Estonia, Gerassimenko was ordered to forfeit $2.5 million while Jegorov and Poltev were each told to forfeit $1 million. All three of them  apologized for their crimes before they were sentenced.

The fraud has affected computers belonging to government agencies such as NASA, along with educational institutions, nonprofit organizations, businesses and individuals.

The malware scheme that was  carried out with co-conspirators in Russia and Ukraine, cost NASA more than $65,000 in repairs.

All three men sentenced Thursday are serving sentences in Estonia for similar crime.

Vietnamese Hacker who stole identities of 200 million American, sentenced to 13 years

After breaking into the computers of several business entities and stealing the personal identification information of over 200 million Americans, a Vietnamese hacker has finally been sentenced for 13 years in prison.

The Department of Justice on Tuesday, released a report announcing that Hieu Minh Ngo, 25, bagged $2 mn from hacking and stealing the personal identification and selling it to other cyber criminals.

A District Court in New Hampshire finally sentenced Ngo on Tuesday for various fradulent charges, as reported by the Financial Times. Ngo was arrested in february 2013, soon as he entered America.

Back in his home in Vietnam, Ngo was active from 2007 till 2013, for breaking into computer systems and stealing identifiable information like Social security numbers, credit card details, bank account, phone numbers, and advertising about the data on his websites, from where the fellow hackers used to buy the information.

A press release by the Justice Department specified that 'Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites'.

The Internal Revenue Service stated that the information sold on Ngo's website to other hackers was used to file income tax returns for more than 13000 people, who saw $65 million returned on their behalf.

'Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,' Assistant Attorney General Leslie Caldwell said a statement.
'Identifying and prosecuting cyber criminals like Ngo is one of the ways we're working to change that cost-benefit analysis.'

The US Office of Personnel Management revealed that the hackers have stolen more than 21.5 mn social security numbers till now, and out of them 1.1 mn include fingerprints.

Sentencing Ngo has finally taken an initiative for stopping cyber crimes that are breaching the personal identity of civilians.