BT and Europol sign agreement to share cybersecurity intelligence data


The European Union Agency for Law Enforcement Cooperation (Europol) and communications company BT have joined forces in an agreement to exchange threat intelligence data.

A Memorandum of Understanding (MoU) was signed by both parties at Europol’s in The Hague in the Netherlands, which along with the creation of a framework to share knowledge of cybersecurity threats and attacks, will also help in facilitating sharing of information relating to cybersecurity trends, measures, technical expertise, and industry practices to reinforce cybersecurity in Europe.

To this end, BT will work alongside Europol’s European Cybercrime Centre (EC3), helping in identifying cyber threats and strengthening law enforcement response to cyber crimes.

“The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime,” said Steve Wilson, Head of Business at EC3. “Working co-operation of this type between Europol and industry is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise that BT bring will result in a significant benefit to our Europe wide investigations.”

BT became, earlier in the year, the first telecom provider to share information on malicious websites and softwares with other internet service providers (ISPs) via a free online portal, called the Malware Information Sharing Platform (MISP), to help them in tackling cyber threats.

The company will now share that information with Europol to aid in cybercrime investigations.

“We at BT have long held the view that coordinated, cross border collaboration is key to stemming the global cyber-crime epidemic,” Kevin Brown, VP, BT Security Threat Intelligence, said. “We’re working with other law enforcement agencies in a similar vein to better share cybersecurity intelligence, expertise and best practice to help them expose and take action against the organised gangs of cybercriminals lurking in the dark corners of the web.”

BT currently has a team of more than 2,500 cybersecurity experts who have so far helped to identify and share information on more than 200,000 malicious domains.


Tamil Rockers websites taken down after admins’ arrest

Over 19 websites owned by Tamil Rockers have been blocked by Google after five admins of these domains were taken into custody by Kerala police for piracy. The websites include tamilrockers.in, tamilrockers.me, tamilrockers.is, tamilrockers.ac, tamilrockers.co, and other similar domain names.

The websites were used for uploading new pirated South Indian movies and members made as much as ₹1 crore over the last few months.

The police had taken the five culprits into custody on Thursday after tracking an email sent by an advertisement company to one Akhil, which had reportedly mentioned having a connection with the piracy website.

“This ad company had sent a mail to Akhil, offering to publish ads on the website he was running. In that email, the company happened to mention that they have ties with Tamil Rockers. We got the information about Tamilrockers through this ad company,” said Anti-Piracy Cell SP B.K. Prasanthan Kani.

The Ad company was connected in a similar case back in 2016.

The accused — TNRockers owner Prabhu, DVD Rockers owner Johnson and his accomplice Maria John, and Karthi from Villupuram along with his accomplice, Suresh — were nabbed by the police by tracing their bank accounts.

Their laptops, mobiles, and such hardware were also confiscated.

“All the gang members were technically qualified. It even included M.Sc. and B.Sc. holders in computer science. They used to record movies in pieces from various parts of the world and join it. We are trying to trace more members of the gang including Karthi’s brothers,” Prasanthan told Deccan Chronicle.

CBI busts child pornography racket internationally operating on WhatsApp

The Central Bureau of Investigation (CBI) on Thursday busted an internationally operating WhatsApp-based child pornography racket, which had 199 members from all over the world.

According to CBI, the racket was being operated from Delhi, Noida, and Uttar Pradesh.

The main WhatsApp group admin and kingpin, Nikhil Verma (20), has been arrested and the police have searched the premises of Verma and four other suspects — Satyendra Chauhan, Nafis Raza, Zahid, and Adarsh — in Delhi, Uttar Pradesh, and Maharashtra.

CBI is investigating whether the videos uploaded on the group were recorded by the admins or were sourced from elsewhere, and whether they were charging money for sharing the clips.

The group (called “KidsXXX”) had 199 members and included nationals from India and various other countries including US, Pakistan, Brazil, Afghanistan, Sri Lanka, Kenya, Nigeria, Mexico, and New Zealand.

After receiving intelligence of the group, CBI tracked the IP addresses of the admins and kept a watch for sometime before carrying out the raids.

CBI has registered a case against the admins and members of the group under section 67-B of the IT Act and law enforcement of other countries involved have also been contacted. Identities of the victims are yet to be confirmed.

Police have seized laptops and hardware of the administrators where child pornographic content was found.

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.

Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.