Black Hat hacker Farid Essebar arrested in Thailand


An infamous international computer hacker Farid Essebar has been arrested on Tuesday in Thailand, at the request of Swiss authorities.

Essebar, also known as Diabl0, 27 year old, who has dual Morocco-Russia nationality, was detained in Bangkok, according to the local news report.

He has been arrested on suspicion of taking part in a cyber crime which involves cracking banking systems and hacking online banking websites.  The breach was resulted in damage of $4 billion to customers in Europe in 2011.

Thailand will send the suspect to Switzerland within next 90 days.  Police are reportedly searching for two other gang members who involved in the breach.

This is not the first time he is being arrested.  In 2006, he was sentenced to two years in prison.  He was accused of spreading Zotob computer worm.  CNN, ABC News, United Parcel service, NY Times and US Depart. of Homeland Security were among those affected by this worm.

Two Students hacked Data InfoSys website to recharge mobile phones worth Rs.8 Lakh

Two Information Technology(IT) students have been arrested by Jaipur cyber crime police for hacking Data InfoSys e-processing system and fraudulently recharging BSNL mobile phones.

Kulshrestha Varma and Hardik Sud, both 19-years-old, students of APG University in Shimla, managed to recharge more than 500 mobile phones, causing loss of Rs.8 Lakh for the Data infosys.

According to Times of India, the students have used a public Internet cafe to breach the Data InfoSys' website.  These two kids might have thought that police can't catch them, if they use a cyber cafe.

The company became aware of fraudulent recharges at the end of last year and filed a complaint in cyber police station back in December 3rd.  Police took 75 days to crack the case.

Police has arrested and brought them to Jaipur on a transit remand.  The police suspect involvement of several other people in this cyber crime.   

Russian Hacker Rinat Shabayev admits to be creator of BlackPOS Malware



Last week, cyber security firm IntelCrawler named the 17-year-old Russian "Sergey Taraspov" as creator of the BlackPOS Malware which was used in the Target data breach.

After further investigation, the company update its report saying that 23-year-old Russian hacker named "Rinat Shibaev" is the original author of this malware and Sergey is member of technical support team.

In an interview with Russian news channel LifeNews, Shibaev has admitted that he had developed the BlackPOS(also referred as Kaptoxa) malware.

The hacker says he just took readily available program and developed it with additional features.

He allegedly got help in developing the malware from an unknown person whom he had met online.  However, he said that he doesn't even know in which country the person lives.

The hacker also said that he created it for selling it to others, not to use the application by himself.

17 year old suspected to be creator of BlackPOS malware used in Target data breach


Security firm IntelCrawler has been analyzing the recent massive data breaches of Target and Neiman Marcus.  The company said that it has identified the creator of the malware used in these attacks.

According its report, Sergey Taraspov, a 17-year-old boy from Russia, with Online handle 'ree[4]', allegedly first created the sample of the BlackPos malware in March 2013.

Initially the malware is referred as "Kaptoxa"("potatoe" - in russian slang) which was later referred as "Dump memory grabber" in underground forums by the creator.  "BlackPOS" name came from the title used in C&C communications.

BlackPOS is a RAM scrapping malware totally written on VBScript which is designed to be installed on POS devices and steals all data from cards swiped through the infected system.

Based on its own sources, the organization determined that the first victim of the malware is Point of Sale(PoS) systems in Canada, US and Australia.

He has sold more than 40 builds of his creation to cyber criminals from Eastern Europe and other countries, for $2,000.

The hacker has created several hacking tools including a brute force attack and other malicious tools.  He has also made some money with the training for DDOS attacks and Social network accounts hacking.

However,  the organization said that the real cybercriminals behind the Target data breach were just customers of him.

Update: 
After further investigation, IntelCrawler determined that the original BlackPOS malware is Rinat Shibaev.  Sergey Taraspov is actually one of the technical support members.

Former Natwest Bank clerk jailed for helping fraudsters


A former NatWest Bank clerk has been sentenced to four years in jail for helping fraudsters to gain access to the Bank computers in an attempt to steal over £1 million.

Hans Patterson-Mensah, 24 year old, allowed fraudsters to enter into customer interview room at one of Natwest Branches in Sep. 2012.

The fraudsters managed to install KVM("keyboard, video and mouse) switch into a computer.  The device gave the criminal access to the bank's internal system.

The criminals managed to change some records to make it look like the target person has deposited £1m in their account.  The crooks then withdraw money from that account.

However, Bank staff spotted that something was amiss when they conducted an end-of-day audit.  They managed to recover most of the money(£6,000).

Power Locker - Cybercriminals attempt to sell New Ransomware called Prison Locker

MalwareMustDie(MMD) Team came across an advertisement in an underground forum where an Individual is trying to sell his new Ransomware, called Power Locker also known as Prison Locker.

The Cybercriminal goes by online moniker "gyx" coded the malware in C/C++ and advertizing the ransomware in various underground forums. 

The ransomware in question is said to have many features such as "detecting the Debugger and Virtual Machines in order to avoid being analyzed by security researchers", "Displaying warning window in a new desktop".

At the starting, "gyx" asked others to help him to code the GUI part of the malware and promised to pay them.  Member of MalwareMustDie Team disguised himself as malware coder and had an IRC chat with him. He also managed to get the source code of the malware.  You can find the full conversation here.

MMD Team has doxed the Gyx and collected some interesting info about the identity of the malware author.  The dox leads to a person claimed to be a security researcher who is blogging about security  ("wenhsl.blogspot.in/").  They also identified the twitter account of him(@wenhsl).


The fun fact is that he was also trying to communicate with MalwareMustdie from his twitter account.

Former Purdue University Students plead guilty to hacking computers to change grades


Two Former Purdue University Students who were not smart enough to get good grades in exams chose a wrong way to change their grades.

The students have managed to place the Hardware Keylogger in the professor's computer in order to steal his account password.  The stolen credentials were later used for accessing professor account to change their grades.

Roy C. Sun changed nine F's and one incomplete to straight A's.  Sujay Sharma changed one grade from 'D' to an 'A', The Journal & Courier reports

Sun and Sharma are scheduled to be sentenced at the end of February.

One more student, Mitsutoshi Shirasaki, who is suspected of changing 24 grades between May 2010 and Dec. 2012 is still wanted and said to be in Japan.

Eight more arrested in Spain for role in the $45 million global ATM cyber heist

Six Romanians and Two Moroccans have been arrested in Spain for allegedly  participating in the massive global ATM cyber heist that stole $45 million from two banks.

The eight people are said to have stolen $392,000 in 446 withdrawls using the faked cards at ATMs in Madrid in February.  The Spanish authorities seized around $34,470(€25,000), jewelry, 1000 new cards and computers.

In February, the criminals managed to steal more than $45 million from a number of countries in just a few hours.

An individual said to be the leader of the network was arrested in Germany.  He is allegedly the one who hacked into the Credit card processing companies' database server and disabled security features such as the withdrawal limits.

Eight People were arrested and charged in New York in May and Six further people were arrested in New York last month.

Creator of 'Mariposa botnet' sentenced to 58 months


A Slovenia hacker accused of writing code of one of the largest known botnet "Mariposa botnet" and sentenced to 58 months by Slovenia court, BBC reports.

Mariposa(Spanish word for 'Butterfly') botnet is notorious botnet discovered in 2008 designed to steal sensitive information.

The botnet reportedly infected more than 12 million computers, used for Denial of service attacks, email spamming.

Matjaz Skorjanc, a 27-year-old, known with online name "Iserdo", was arrested in 2010 and found guilty of creating the malicious program and assisting others in wrongdoings and money laundering.

The court also ordered him to pay 3,000 euro($4,100) fine and give up a flat and a car that he bought with money earned by selling malicious program to a Spanish criminals.

His girlfriend "Nusa Coh", known with her IRC nickname "L0La" was also sentenced to 8 months probation for doing money laundering.

Russian President website hacker sentenced to 18 months probation


A Russian hacker from Tomsk city has been sentenced to 18 months probation for hacking the Russian President website last year. 

The unnamed hacker carried out a cyber attack on the official website of the Russian President in May 2012.  The attack led to difficulty in accessing the website resources and information blocking.

"A criminal case was opened against the hacker, who was charged with the creation, use and dissemination of harmful computer programs"

According to the Voice of Russia report, the hacker admitted his guilt.  The court ordered him not to move from the city for next 18 months.

Round Rock Independent School District website hacked using default password


Round Rock Independent School District has shut down its website after hackers break into the website(roundrockisd.org).  Hacker has managed to post vulgar pictures in the site.

While i'm trying to get more information about the incident, i came across a Hackforums Post.  In which, the attacker posted that the school website is using a default & very Weak Login credentials for the admin panel(username is 'admin' and password 'admin1).


At the time of writing, the hacker removed the post.  However, I have managed to take the screen shot of the post(from Google Cache):



Round Rock Police detectives are investigating the incident. The district says it will press charges on the hacker who attacked their website, regardless of age.

District spokeswoman, JoyLynn Occhiuzzi, said no student personal information was compromised in this security breach.

Currently, the Home page of the website displays an error message: "All Round Rock ISD websites are currently unavailable. We apologize for this inconvenience."

US Charges three more in Silk Road Online black market case


US authorities have charged three more people in connection with the operation of Silk Road, the online black market for illicit goods such as drugs, illegal guns and more.

24-year-old a Virginia resident 'Andrew Michael Jones', 25-year-old Irish 'Gary Davis', 40-year-old 'Peter Phillip Nash' from Australia, were charged in a federal indictment unsealed today in New york.

The three men are charged with money laundering, conspiracy to engage in narcotics trafficking and computer hacking, according Reuters.

Jones & Davis is reportedly worked as site admin of Silk Road while Nash worked as primary moderator on their website discussion forums.

The charges followed the arrest in October of Ross Ulbricht, who is allegedly known as "Dread Pirate Roberts" and reportedly the founder of Silk Road. Ulbricht gave the employees a salary ranging from $50,000 to $75,000 a year.

Police seek tutor who helped students to hack school computers

 
A tutor who allegedly helped a number of Corona del Mar High School students to hack the school computer in order to change their grades, is wanted by Newport Beach Police.

The 28-year old private tutor Timothy Lance Lai of Irvine, provided the students with a hardware keylogger device and showed them how to use the device, according to local news report.

Hardware Keylogger is a small device that can be plugged in between the keyboard and CPU, capable of capturing the keystrokes.  Most of time it is hard to detect a hardware key logger, as they are plugged in the back of a computer and no antivirus software detect them.

The students plugged in school computer and leave it there and retrieve it after few days so that it will capture the login credentials of staffs.  At least, 17 teacher's computer has been hacked.

Nigerian man jailed for $1.5 m phishing scam targeting students

A Nigerian man has been sentenced to three years and nine months for taking part in a $1.5 m phishing scam targeting UK students.

Olajide Onikoyi, 29-year-old, from Manchester, was one of the person of a criminal group who targeted students by sending phishing emails inviting them to update student load details.

According to SKY News, he laundered £393,000 from 238 victims in total, including one student who had £19,000 taken from his account.

When Metropolitan police central e-crime unit seized his computers, they found a chat logs that revealed he was conspiring with criminals in Russia, Lithuania and UK.

A number of other people have also been jailed in connection with the scam.

Users are all advised to be extreme caution when clicking links in unsolicited emails, log into the websites directly by entering the url of the site instead of clicking the link.

Hacker sentenced to 18 months for hacking US government systems

A Pennsylvania hacker has been sentenced to 18 months for hacking into and selling the access to various computer networks, also fined $25,000.

According to the Boston Globe, Andrew James Miller, 24 year old, who lives with his parents in Pennsylvania, hacked into the computers of various law enforcement agencies, academic institutions, corporations and government agencies including the Dept. of Energy.

He is said to be part of the part of a underground hacker group called "
Underground Intelligence Agency" with online moniker "Green.

The man asked sorry for his actions and said "wish to do anything I can to correct the situation".

Assistant US Attorney Adam J. Bookbinder highlighted that Miller was fully aware that his actions are illegal. But because of making money, he was willing to do it.

Hacker hijacked webcams to capture naked images of women

A 19 year old Hacker, Jared James Abrahams from Temecula charged with hacking webcams to capture nude photos of Miss teen USA Cassidy Wolf and several other women and then blackmailed them for more.

The hacker used 30 to 40 computers to carry out his crimes. He allegedly forced an Irish girl and a Canadian woman to strip,according to Los Angeles Times report.

He is accused of contacting the victims from two hacked AOL accounts and attempting to blackmail them by threatening to expose their nude photos across the internet.

The report says one of the victims is a minor who responded to his blackmail saying "Please remember I’m 17. Have a heart".

But, Abrahams allegedly responded saying " I'll tell you this right now! I do NOT have a heart. However, I do stick to my deals. Also age doesn’t mean a thing to me!!!"

Four men charged over Santander Bank Cyber Heist

Four men have been charged out of twelve suspects over cyber plot to steal money in Santander bank of London.

Eight men have been released on bail until mid-November pending further inquiries.  The charged suspects are Lanre Mullins-Abudu, 25, Dean Outram, 34, Akash Vaghela, 27, and Asad Ali Qureshi, 35, the Mirror reports.

Scotland Yard representative have reported that this was one of the most sophisticated case ever.

Police found a device fitted to a computer in a branch of the bank in Surrey Quays in London's Canary Wharf financial district.  They have reported that the device might have allowed them to download or access data from the computer.

Santander representative have affirmed that none of their employees are involved in the case.  The bank has also reported that the plot failed and that “no money was ever at risk.”

Hackers convince bank to send $15000 wire transfer with the help of Hacked Gmail account


It is time to enable the Google two-step authentication feature.  If the website is providing you additional security feature, it is always good to use that feature.  This news will help you to understand the risk of ignoring the additional security feature.

Cybercriminals hacked the Gmail account of a Dubai based Indian expatriate Anil Abraham and used the account to convince bank to transfer $15,000 from his bank account in India.

When Anil contacted the Bank, he was told by the Branch Manager that the Money was transferred at his request only via email.  The cybercriminals are reportedly send a signed document with the email to trick the Bank into transfer the money.

According to Emirates247 report, the money was transferred to someone named Garry Albert Frazer to Westpac bank account in New Zealand.

Anil said whoever hacked into his email id had managed to steal fianancial information and managed to use those info to write email to Bank with forged signature.

I'm still wondering how bank allowed the cyber criminal to steal the money, they usually don't allow us to transfer money via email accounts without any personal verification.  As far as i know, Bank always careful when it comes to big amount of transfer - $15,000(nearly 90,0000 Rupees).

Though it is mistake of Bank, It is always good to enable security feature on your side.  Don't wait until your account get hacked, Enable the Two-step authentication : http://www.google.com/landing/2step/

College Student Sentenced for stealing passwords to rig Campus Election

Matthew Weaver, a former Cal State San Marcos student was sentenced one year of prison for stealing almost 750 students password and using 630 of those accounts to cast the ballots.

22 years old Mr. Weaver was a third year business student when he planned to win election as president of the school's student council.

A month before the election Weaver bought three keyloggers.Authorities reports that Weaver installed keyloggers on 19 school computers to steal the passwords.

It has also been reported that he had done a bit of research with computer queries such as “how to rig an election” and “jail time for keylogger.” (utsandiego news reports)

According to a report, Weaver had planned the plot in early 2012. Authorities have found a PowerPoint presentation on his computer about the stipends for the president.

The plot unveiled when in March 2012, the last day of the four voting period, when computer analysts found anomalous activity on one of the college lab computers and they also received an email from a student complaining that the system didn't allow her to vote.

It was then that the technicians called campus police, who found Weaver at the school computer. He had keyloggers with him and was arrested.

After getting caught, Weaver with one of his friend created fake facebook ids for different students and indirectly mentioned a plot against him.
“He’s on fire for this crime, and then he pours gasoline on it to try to cover it up,” the judge reportedly said during Monday’s sentencing hearing.

The school held another election and cleaned security breach at a cost of more than $40,000, which the schools want back.

Meanwhile Mr. Weaver pleaded guilty to three federal charges, including wire fraud and unauthorized access to a computer and is under one year prison sentence.

Hacked email ids of Delhi Export Company helped hackers to trick clients into wiring Money



Delhi cyber cell has recently received complaints from a leading export house in the city.

The complaint was that the criminals got access of the email ids and tricked their clients by sending them mails on their behalf and managed to get $31,000 from one of the client.

On further inspection it has been noticed that the attack is done from two different parts one from Delhi and the other from London.

A case under section of fraud and Information Technology Act has been registered by the crime branch. "Till now, cyber criminals had been targeting individuals. But this shows that an extremely organized gang is committing crimes on an international level," a source said. Times of India Reports.)

Manoj Tuli, the managing director of the company has revealed that at least three email-ids, belonging to him and his staff, were hacked by the criminals.

An officer reported that-'In the fake emails attackers deceived the clients by informing that the company's bank account could not receive payments any more and therefore, further payments must be made on their new account — 304259*** — of Nationwide bank in London.'

One of the emails, as accessed by TOI, reads - "Our bank just informed us about our account reaching its payment-receiving limit. Please use our new account details, attached alongwith, to make payments from now on."  The attackers account was in the name of Naankang Dawan.

Well the officers are at their work and tracing the frauds and the route of money transaction but its time to think is anythng safe out here now.