CBI busts child pornography racket internationally operating on WhatsApp

The Central Bureau of Investigation (CBI) on Thursday busted an internationally operating WhatsApp-based child pornography racket, which had 199 members from all over the world.

According to CBI, the racket was being operated from Delhi, Noida, and Uttar Pradesh.

The main WhatsApp group admin and kingpin, Nikhil Verma (20), has been arrested and the police have searched the premises of Verma and four other suspects — Satyendra Chauhan, Nafis Raza, Zahid, and Adarsh — in Delhi, Uttar Pradesh, and Maharashtra.

CBI is investigating whether the videos uploaded on the group were recorded by the admins or were sourced from elsewhere, and whether they were charging money for sharing the clips.

The group (called “KidsXXX”) had 199 members and included nationals from India and various other countries including US, Pakistan, Brazil, Afghanistan, Sri Lanka, Kenya, Nigeria, Mexico, and New Zealand.

After receiving intelligence of the group, CBI tracked the IP addresses of the admins and kept a watch for sometime before carrying out the raids.

CBI has registered a case against the admins and members of the group under section 67-B of the IT Act and law enforcement of other countries involved have also been contacted. Identities of the victims are yet to be confirmed.

Police have seized laptops and hardware of the administrators where child pornographic content was found.

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.

Play Store Gaming Apps Infected with Malware

An android malware named “AdultSwine” has attacked children-friendly gaming apps in the play store. Over 60 apps have been pulled by Google after recognizing the malware.

The malware causes pornographic content to show on the devices while the infected app is running, aside from trying to get users to install fake security apps and charging for unregistered premium services. The malware reportedly has the ability to steal user credentials.

The malware was discovered by researchers at Checkpoint and the affected apps have since been pulled by Google, and the developers’ accounts banned.

The affected apps have been downloaded as much as 3 to 7 million times, according to Play Store data.

A comprehensive list of affected apps and related research can be found on Checkpoint’s research blog. Google will continue to send notifications to phones that have the affected apps installed.

New Intel Security Flaw Detected

F-Secure, a Finnish cybersecurity firm revealed on Friday that it has discovered another security flaw in the Intel hardware. This flaw could enable hackers to access corporate laptops remotely.

Earlier it was revealed that the Intel chip had flaws that made almost every smartphone, laptop, or tablets vulnerable to hackers. This flaw is allegedly unrelated to Spectre and Meltdown but is rather an issue within Intel Active Management Technology (AMT).

According to F-Secure, AMT is commonly found in most corporate laptops and the flaw will allow an attacker to take complete control over a user's device in a matter of seconds.

“The issue potentially affects millions of laptops globally," the cybersecurity firm said.

The hacker would need physical access to the device at first but once they had re-configured the AMT, they would be able to effectively “backdoor” the machine and access the device using a remote server, just by connecting to the same network as the user.

There is also a possibility that the hacker would be able to programme the AMT to their own server, thus bypassing the need to connect to the user’s network.

The hacker will be able to access all information on the device after exploiting the flaw and will be able to make changes, download malware, etc. quite easily. No solutions or security measures have been found as yet, other than choosing a strong AMT password or disabling the AMT completely.

Hackers Target Winter Olympics to be Held in South Korea

Cybersecurity company McAfee has discovered that hackers have targeted organizations connected to the Winter Olympics that will be held in South Korea, and have tried to access sensitive information.

The hacking campaign ran from December 22 and is still under investigation by the firm. McAfee has stated that the attacks point to “a nation-state adversary that speaks Korean.”

The attacks seem to have been carried out via emails sent to various organizations which contained a malicious document that would create a hidden black channel inside the computer if enabled. These emails are disguised as being sent by South Korea’s National Counter-Terrorism Council.

The emails were sent from a Singapore IP address and told receivers to open a text document in Korean.

Among those sent the messages are individuals associated with the ice hockey tournament at the Olympics. A report can be seen on their website by McAfee Labs here.

It has been reported that at least one of the recipient was infected by the document, according to a senior analyst at McAfee.