Trial Of a Group Accused Of Hacking Transport Card System "Troika" To Resume On September 12



Trial of Russian hackers who are accused of hacking transport card system "Troika" and other transport cards is postponed from 31 August to September 12. The accused are Denis Kazmin, Yury Putin and Pavel Andryushin.

The group bought the details of the Turnstiles (like in metro) for the creation of malicious software. After studying the working process of Turnstiles, they developed a program in Object Pascal Programming language, namely "Terminal.exe" "ATMega128_BackDoorBootLoader.asm".

The program allowed them to get information of the carrier, memory dumps and access keys from the Turnstiles located at one of the Moscow station. The information were used for adding money to transport card and sold the card.

The hackers may receive 3 to 4 years of imprisonment

Experts were surprised, according to them, transport card fraud is a rare, because in this way you can not earn big money. The whole damage amounted to 2 million rubles.

It's interesting to note that in May 2016 another Russian researcher Igor Shevtsov did research and wrote an article(https://habrahabr.ru/post/301832/) about a critical vulnerability of transport card "TROIKA".

He explained how to fake balance of the card and how travel on public transport for free.  It took him 15 days, he used Android smartphone with NFC chip. He also created an android application TroikaDumper to exploit the vulnerability. The Representatives of Moscow metro contacted with the researcher and fixed the vulnerability after few days. The article written by Shevtsov is now removed.

- Christina
 

Yekaterinburg Police arrested a Cybercrime ring for stealing money from Bank cards


In Yekaterinburg, Police caught a group of cyber criminals for stealing money from bank cards, according to the local news report.

The accused sent fake messages to victims that says money is withdrawn from his account. It appears they have given a fake helpline number also. If the victim call that number, the criminals pretending be from Bank will convince the victim to give all information about the card and other bank related information.

The gathered information will be later used by the criminals to steal money from the victims' accounts. The criminals spent the stolen money to buy expensive cars and houses.

The cyber criminals scammed not only normal citizens from different regions of Russia, but also older generation with a small pension. The direct value of losses exceeded 600 thousand Rubles.

During the search at the location of accused, the police seized Computer Equipment, Mobile Phones, more than 50 SIM cards, Bank Cards, money and gun.

The largest bank in Central and Eastern Europe SBERBANK commented on that situation: "Bank personnel are prohibited to disclose personal details of clients and send its to third parties. If you have been contacted by strangers, who are trying to find out information about your Bank card, be careful: it's clear signs of fraud. We recommend you to call the Bank or contact the personnel at the Bank".

Voices and handwriting were examined to find the criminals in this case. Also, law enforcement officers used modern computer technology to track down criminals' place of work. The accused may receive about 5 years imprisonment.

- Christina
 

Two Israeli Teenagers arrested and charged for selling DDOS Service


Two Israeli teenagers from Sharon region were formerly arrested after eighteen months of investigation.

The Israelis are responsible for thousands of cyber attacks around the world, causing damage estimated in more than million dollars.

According to local news report, they have created a Shell company in England and sold Distributed Denial of Service (DD, OS) attack as service.

"In January of 2016, a covert investigation was opened against the suspects who set up and managed a website called vdos-s[dot]com, which sold packages created to cause the servers to crash," police told local news report.

The DDOS attack is used for disrupting access to the victims' websites. Price of the "attack pacakge" offered by them was ranged from 19.99 $ to $ 499,99.

More than two million cyber attacks were conducted in the United States, England, Holland and Sweden, causing multi million-dollar losses. Suspects earned above 613 thousand dollars. The money was seized after Bank accounts were identified and frozen.

- Christina

Ukrainian CyberPolice arrest the Hacker accused of spreading "Petya.A" virus



Ukrainian officers from cyber crime department have arrested a 51-year-old resident of Nikopol (Ukraine, Dnipropetrovsk region), who is suspected of spreading computer virus "Petya.A".

Petya is a ransomware that infects the Master boot Record(MBR). If the malware successfully infectes the MBR, it will encrypt the whole hard drive. Otherwise, it encrypts all files.

According to the local news report, the suspect published an online tutorial video explaining how to use the "Petya.A" malware to infect victim's computers. In the comments section, he also shared a link to social network on which he has uploaded the malware and distributed.

The police have conducted a search at the residence of the suspect. They have seized the computer equipments and found malicious software which is similare to the "Petya.A".

The malware is said to be infected more than 400 computers. Also a number of companies intentionally used this virus to conceal criminal activity and evasion from the payments of penalties to the state.

In June 2017, ESet reported that large number of infections happened in the Ukraine. The affected Ukrainian industries includes financial sector, energy sector.

- Christina

Russian Hacker pleads guilty for role in creating Ebury Malware

The Russians hackers who created the malware Ebury pleaded guilty to the charges brought against them.

Maxim Senach, 41 years old Russian man, inhabitant of Great Novgorod, was arrested in Finland in 2015. In January 2016 he was extradited to the United States. Now the U.S. Department of Justice reports that Senach pleaded guilty, confirming that he was engaged in the development of Ebury malware and controlled the well-known botnet.

Malware Ebury appeared in 2011 and attacked UNIX systems (Linux, FreeBSD, Solaris). Malware was installed on poorly protected servers, and Ebury had the rootkit component, and also a backdoor that allows attackers at any time to get to the server remote access. Additionally, Ebury was used to steal SSH accounting data and private keys. Then attackers also used it to infect new servers.



This malware has become well know after "Ryan Austin" (Unrelated) used it to infect kernel.org servers. It took the administrators months to clear out the infections as kernel.org is the main distribution channel for the linux source code.


Servers affected by Ebury joined in a botnet used by cyber criminals to send spam, clickfraud, traffic-diversion to malicious sites or to sites which paid for "advertising." Ebury totally infected more than 500,000 computers and 25,000 servers. The botnet could send out 35 000 000 spam emails daily, and divert more than 500 000 people to malicious sites. According to law enforcement agents operators of the botnet benefited millions of dollars.

As stated above, Senach pleaded guilty to all charges and now he faces 30 years in prison. The verdict will be announced on 3 August 2017.

Cyber crime goes up by 103.2 percent in UP


Cyber crime has been increasing in Uttar Pradesh, however, the State government seems to have no plan to control it. The number of people arrested on the charges of cyber fraud in 2014 has increased by 103.2 percent comparing to 2013.

A news report published in Times of India (TOI) confirmed that 1,223 computer professionals and hackers were arrested across the state under cyber crime act in 2014, which was more than 103.2% in comparison to 2013. A total of 602 people were arrested in 2013.

TOI published a data of National Crime Record Bureau (NCRB) showed that majority of the people were between 18 to 45 years old. Among them, 15 employees or disgruntled employees and 62 business competitors were also held by police. The statistics revealed that 2013 witnessed a 122.5% jump in cyber offences over 2012.

The NCRB revealed that UP had 18.1% share of cases reported under cyber crime during 2014. Moreover, majority of 898 cases lodged across the state under Section 66 A of IT Act were computer related offences. A total of 1,042 cases were lodged under Sections 66 A to 66 E.

Similarly, it also revealed that 36 cases (under Section 65) were registered on charges of tampering computer source documents. Similarly, 371 cases were reported under Section 67 and 67 A to C on the charges of publication or transmission of obscene/sexually explicit material.

According to the news report, in 2014, cyber crime cases were registered for tampering computer source document, hacking (damage to computer resources utility and hacking cases), obscene/publication/transmission, unauthorized access/attempt to protected computer system, obtaining digital signature by misrepresentation and publishing false digital signature certificate, fraud digital signature and breach of confidentiality and privacy. Under IPC sections, 78 cases of forgery, cheating, data theft, criminal breach of trust and fraud were registered. 

Silk Road case, former US Secret Service agent found guilty

Shaun Bridges, a former US Secret Service agent, has pleaded guilty for stealing $820,000 (£521,000) of bitcoins during the investigation of the Silk Road website.

He was part of the federal task force, which helped in the investigation and shut down of  the Silk Road,  an underground marketplace for drugs.

He was not only pleaded guilty for stealing bitcoins  but also for money laundering and obstruction in justice, during a court hearing on Monday in San Francisco. He will be sentenced in December.

The theft was carried out while the investigation was going on. Bridges used an administrator account of the Silk Road to reset the password and move 20,000 bitcoins to his account. He tried to hide his theft via a series of complex financial manoeuvres.

In May, Ross Ulbricht founder of the Silk Road was sentenced to life in prison for running the site.

He is not the only agent who was pleaded guilty of stealing digital cash in this case.  Bridges is the second agent involved in the case caught stealing digital cash. In early July, former US Drug Enforcement Agency agent Carl Force pleaded guilty to three charges in connection with more than $700,000 in bitcoins he had stolen from Silk Road users.

"There is a bright line between enforcing the law and breaking it," said US assistant attorney general Leslie Caldwell in a statement. "Law enforcement officers who cross that line not only harm their immediate victim but also betray the public trust."

The Silk Road was shut down in October 2013 when raids by the FBI and other federal agents led to the arrest of its founder.

Russian hacker's profit frozen after manipulating Australian stockmarket


The New South Wales Supreme Court has restrained more than $77,000 of a suspected Russian hacker, who manipulated penny stocks on the Australian share market.

The joint operation by the Australian Securities and Investments Commission (ASIC) and Australian Federal Police (AFP) investigated a series of suspicious trades in cheap “penny stocks”.

After the operation, “Operation Emerald”, the investigators targeted the suspected Russian hacker , who manipulated market through an overseas account that traded through Morgan Stanley Australia.

ASIC’s surveillance team  spotted the suspicious trades in between August and October last year.

According to the ASIC,the trades were made through hacked retail clients account, and they targeted 13 penny stocks.

ASIC commissioner Cathie Armour said that they will continue to “help smash” any criminal activity targeting the Australian market.

“[ASIC] staff continue to monitor and detect suspicious trading activity and work with market participants to ensure account hacking is swiftly identified and stopped,” Ms Armour said.

Penalty of up to 10 years in jail for manipulating the market.

Hospital employee busted for leaking patient information

Eight people been indicted in an identity theft case, one of whom is a Montefiore Medical Center employee. Members of the ring used patient information to make thousands of dollars worth of purchases at retailers and department stores in Manhattan.

The case is being heard by Manhattan District Attorney Cyrus R. Vance, Jr. and the defendants are being tried in the New York State Supreme Court on various counts of Grand Larceny in the Second and Third Degrees, Identity Theft in the First Degree, and Criminal Possession of a Forged Instrument in the Second Degree.

Monique Walker, 32, was an employee at Montefiore Medical Center. As an assistant clerk in one of the hospital wings she had access to patients’ names, dates of birth, Social Security numbers, and other personal information. During 2012 and 2013, she supplied information of thousands of patients to her partners in crime at $3 per patient.

The fraud is to the tune of $50,000 and information of as many as 12,000 people who were patients at Montefiore Medical Center could be compromised.

Group of cyber-criminals bases in different countries nabbed in joint international operation


A group of 49 cyber-criminals located in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia were nabbed by the authorities in a joint international investigation.

From a total of 58 properties, authorities recovered and seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents.

The operation was headed by Europol's European Cybercrime Centre (EC3) and Eurojust, and was assisted by the Italian Polizia di Stato (Postal and Communications Police), the Spanish National Police, the Polish Police Central Bureau of Investigation, and supported by UK law enforcement bodies.

The arrested members are suspected of financial fraud to the tune of 6 million Euros. The group targeted medium and large European companies through malware and social engineering techniques.

The joint operation was coordinated from Europol's headquarters in The Hague.

High School students arrested for hacking school network

The principal of San Dimas High School in southern California said that two students studying in the school had been arrested for hacking the school network and changing grades of around 120 people.

The Cyber Crimes bureau of the Los Angeles Sheriff's Department is working closely with the school to investigate how the unauthorized access of the school network could have taken place.

 "We are very confident that we have the ability to restore all of the impacted scores. Teachers have been contacted and will be reviewing their student's grades for accuracy," said Principal Michael Kelly.

This is not the first recent incident in California after a student of Dixon High School in north California was also arrested earlier for unauthorized access to his school network.

Students whose grades were changed were interviewed by the authorities and some of them were suspended while the grades of all are being reverted back.

The teachers will be reviewing the grades again to make sure that the original grade is given to each student.

25-year-old student hacked University’s computers to upgrade his marks

A 25-year-old student, who hacked Birmingham University's computers to upgrade his marks, has been jailed for four years.

Imran Uddin, who was pursuing his final year in bio-science course at the University of Birmingham, increased his marks from 57 per cent to 73 per cent by stealing staffs passwords using a keyboard spying device.

According to the Birmingham Crown Court, in order to steal the staffs passwords, Uddin had attached a hardware keylogger at the back of computers.

The incident came into light on October 7 last year, when two staffs carried out a routine upgrade on a computer in the bio-science building.

The attached devices, which could record the key strokes of anyone, were found at the back of the computers when staff removed protective casing.

After that other computers of the University were checked where they found more such devices attached.

The court sent him to jail after he admitted six charges as per the Computer Misuse Act.

Judge James Burbidge QC told Uddin (The Telegraphreports), "For reasons not entirely clear to me, whether it was monetary, or pride or a desire to out-perform others, you decided to cheat and you formed a settled intention to do that. I consider your actions were planned and persistent.”
He added that this kind of conduct has the potential to undermine public confidence in the degree system, set up by this university.

“I have decided that I cannot pass a suspended sentence because there needs to be an element of deterrence," he said.

Madhu Rai, the prosecuting, said that the one of the devices was attached to a computer of Christine Chapman, a staff, who had access to the University grades.

Police found that Uddin had made ebay searches on his computer for keyboard cheating devices.

Balbir Singh, the defending, said that Uddin, who was the first person from his family to go to University, did so because of the pressure. He could not see clearly.

A spokeswoman for the Birmingham University said that they could not comment on individual cases, however, they took any criminal activity seriously and work closely with West Midlands Police.

Along with the legal sanctions, students, who convicted such crimes, face misconduct investigation and ultimately face permanent exclusion.

18-year-old Miami Student arrested for hacking school computer to change grades


Hacking School's computer network and changing the Grade is not the right way to get good Grades

A 18-year-old Miami High School student was arrested after he allegedly hacking into the Miami-Dade Public Schools database to his grades and grades of four other students.

Jose Bautista, was charged with multiple counts including intellectual property offence and offense against computer users, after he reportedly gave Princiapal a written confession.

He was released on a $20,000 bond.  Judge ordered him to place him under house arrest and wear a GPS tracking device.

"It's not fair to the people that really try," said Mayan Dehry, a senior student at the school."I don't know, if you're just going to be lazy and then change your grades, that's not what learning is about."

4 Cybercriminals from Vietnam arrested for using SMS malware to earn $100,000


Image Credits: Hanoimoi
Vietnam Police have arrested four individuals accused of stealing approximately $100,000 by infecting more than 100,000 mobile devices with a premium-rate SMS sending virus.

The suspects are identified as 23 year old Ha Xuan Tien, 24-year-old Nguyen Duc Luc, 25-year-old Nguyen Van Tu, 29-year-old Tran Ngoc Hai, according to Tuoitrenews.

The malicious applications which was used by suspects to infect users are said to be distributed via websites like "soundfest.com.vn", "clickdi.com". 

Once the malicious application infects a smart phone, the app will automatically send SMS messages to premium rate numbers.  Premium rate numbers allows the owner to earn money from incoming calls and SMS.

The victim will lose 15,000  Vietnamese Dong($0.71 in USD), after each message is sent from their device to these premium rate numbers.

Using this method, the cyber criminals manged to earn more than 2.1 Billion Vietnamese Dong($98,700 in USD) since late 2013.

Cyber criminals convicted of stealing more than £1 million using Fake job ads

Organized criminal network of five men and one woman have been convicted for stealing more than £1million from job hunters using fake job advertisements.

The members of the criminal are Adjibola Akinlabi (aged 26), Damilare Oduwole (26), Michael Awosile (27), Nadine Windley (26) and Temitope Araoye (29) and a malware writer "Tyrone Ellis (27)".

The evidence gathered by authorities including phone and online chat records shows that they made more than £300,000 from their fraud scheme. However, the officers believe it could be much higher , possibly more than £1million ($1.6m).

According to the National Crime Agency report, the fraudsters targeted innocent job hunters with fake job ads. Those who responded to the ads were sent a link via email asking them to complete an application form. Once the user clicks the link , it inadvertently install malware in victim's system.

The malware is capable of recording keystrokes and capturing victim's financial and personal data.

The compromised information is used by the fraudsters to get a new credit and debit cards, pin numbers.

The crooks will remain in custody and expected to be sentenced on Thursday 14 November.

Mumbai Police salary accounts hacked, Money withdrawn in Greece


Cybercriminals have reportedly targeted the Salary accounts of Mumbai Police and managed to withdraw money from their account.

According to NDTV report, cybercriminals have managed to withdraw money from Axis bank accounts of at least 14 Policemen from ATMs in Greece.

It appears hackers in Greece have done this heist by cloning ATM cards of Policemen in Mumbai.

At this time, there is no further information about how much money has been withdrawn and how many policemen have been affected by this heist.

The Mumbai police has formed a team to investigate the hack and bank has been asked to investigate.

Accused SpyEye Virus creator extradited from Thailand to US


An Algerian man who is believed to be the creator of the infamous Banking Trojan "SpyEye" was extradited from Thailand to the United States to face charges.

Hamza Bendelladj, 24-year-old, also known as Bx1, will face charges for allegedly playing a role in developing, marketing ,distributing and controlling the SpyEye virus, according to FBI report.

SpyEye is a Banking Trojan(similar to Zeus virus) that steals confidential personal data and finance information such as online banking credentials , credit card information.

He was arrested at Suvarnabhumi Airport in Bangkok, Thailand, on Jan 5, while he was in transit from Malaysia to Egypt.

If convicted, he will face a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million.

Hackers breached Industrial heating system using backdoor


Earlier this year, Hackers breached the Industrial Control System (ICS) network of a New Jersey air conditioning company by exploiting a backdoor vulnerability in the system, according to an FBI memo(info.publicintelligence.net/FBI-AntisecICS.pdf).

The hackers first breached the company’s ICS network by exploiting the vulnerabilities in Tridium Niagara ICS system , that allowed access to the main control mechanism for the company's internal heating, ventilation, and air conditioning (HVAC) units.

According to the memo, the security breach occurred in February and March 2012 , few weeks after @ntisec posted a tweet indicating that hackers were targeting SCADA, and something had to be done to address SCADA vulnerabilities.

The company used the Niagara system not only for its own HVAC system, but also installed it for customers, which included banking institutions and other commercial entities.

Although the controller for the system was password protected in general, the backdoor through the IP address apparently required no password and allowed direct access to the control system. The link posted by the hacktivist provided the same level of access to the company's control system as the password-protected administrator login.

The logs from controller showed hackers has gained access to the system from multiple unauthorized international and US-based IP addresses.