BT and Europol sign agreement to share cybersecurity intelligence data


The European Union Agency for Law Enforcement Cooperation (Europol) and communications company BT have joined forces in an agreement to exchange threat intelligence data.

A Memorandum of Understanding (MoU) was signed by both parties at Europol’s in The Hague in the Netherlands, which along with the creation of a framework to share knowledge of cybersecurity threats and attacks, will also help in facilitating sharing of information relating to cybersecurity trends, measures, technical expertise, and industry practices to reinforce cybersecurity in Europe.

To this end, BT will work alongside Europol’s European Cybercrime Centre (EC3), helping in identifying cyber threats and strengthening law enforcement response to cyber crimes.

“The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime,” said Steve Wilson, Head of Business at EC3. “Working co-operation of this type between Europol and industry is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise that BT bring will result in a significant benefit to our Europe wide investigations.”

BT became, earlier in the year, the first telecom provider to share information on malicious websites and softwares with other internet service providers (ISPs) via a free online portal, called the Malware Information Sharing Platform (MISP), to help them in tackling cyber threats.

The company will now share that information with Europol to aid in cybercrime investigations.

“We at BT have long held the view that coordinated, cross border collaboration is key to stemming the global cyber-crime epidemic,” Kevin Brown, VP, BT Security Threat Intelligence, said. “We’re working with other law enforcement agencies in a similar vein to better share cybersecurity intelligence, expertise and best practice to help them expose and take action against the organised gangs of cybercriminals lurking in the dark corners of the web.”

BT currently has a team of more than 2,500 cybersecurity experts who have so far helped to identify and share information on more than 200,000 malicious domains.


DDoS-for-Hire website taken down in global collaboration of law enforcement agencies


Webstresser.org, a popular DDoS-for-Hire website service on Wednesday was taken down by authorities from the US, UK, Netherlands, and various other countries in a major international investigation and arrests have been made.

The website is blamed for more than four million cyber attacks globally in the past three years and had over 134,000 registered users at the time of the takedown.

The operation, dubbed “Operation Power OFF,” targeted Webstresser.org, a website service which launched DDoS attacks all over the world at the buyer’s bidding. It involved law enforcement agencies from the Netherlands, United Kingdom, Serbia, Croatia, Spain, Italy, Germany, Australia, Hongkong, Canada, and United States of America, coordinating with Europol.

The domain name was seized by the US Department of Defence.

The website allowed criminals to buy attacks on businesses and was responsible for cyber attacks all over the world, including a British suspect who used the site to attack several high-street banks last year, causing hundreds of thousands of pounds of damage.

“As part of the operational activity, an address was identified and searched in Bradford and a number of items seized. NCA officers believe an individual linked to the address used the webstresser service to target seven of the UK’s biggest banks in attacks in November 2017,” UK’s National Crime Agency said in a statement.

The site was one of the various websites operating openly as a “stresser” service that offered to test a company’s cybersecurity defenses. According to investigators, the gang behind the website sold cyber attacks for as little as $14.99.

Seven suspected administrators have been arrested over the last few days or subjected to searches by authorities. and computers have been seized in UK, Holland, and elsewhere.

Law enforcement also took “further measures” against frequent users of the service, details of which have not yet been disclosed.

“By taking down world’s largest illegal DDOS seller in a worldwide joint law enforcement operation based on NCA intelligence, we have made an unprecedented impact on DDOS cybercrime,” said Gert Ras, Head of the National High Tech Crime Unit at the Dutch National Police. “Not only were the administrators of this illegal service arrested, but also users will now face prosecution and civil liability for caused damage.”


Disclosing Security vulnerabilities in India

 

Security Researchers usually disclose vulnerabilities openly on the internet like full disclosure. But most often the researchers dont realise it is illegal and can be punished by law under IT act and other IPC section and it can have fatal consequences.

When a researcher detects a vulnerability, he often reports to the company but most often the companies dont reply to his message. If the company is not interested to take action, the researcher feels this is in greater interest of national security/public security.

He can send this vulnerability report again to the company and send a copy to CERT-In(central emergency response team). Most often CERT-In responds back to the hacker/researcher and they also contact the company and advise them to fix it. There is no proper format for reporting, it would be nice if government can come up with a frame work which can allow a proper disclosure of vulnerability policy.

If the company does not fix, the researcher can wait for a months time before he can disclose it fully to the community through media(online and offline) also offer proofs that he has communicated enough to the company and to CERT-In before he has released it.

However, does this protect the researcher from prosecution? If the victim company decides to go in legally, the researcher can be prosecuted for publishing this vulnerability.

Some of incidents have seen where hackers work for some company and because of various problems they had with company, they get involved in revenge hacking. If any crime has pre-mediation or pre-planning the crime is considered serious according to any Law. Such actions are totally illegal.

Many companies like FB, Google offer bounty to hackers. These bugs can be reported to these companies. however if the companies dont take these vulnerabilities they can be published to CERT-In and then publically.

Law does not protect the reporter of the vulnerability. It becomes the responsbility of the hacker/researcher to prove that he did it for greater social good (which could mean lot of head ache with law). If government does not come with proper frame work, it s going to drive hackers to report vulnerabilities anonymously fearing prosecution from police(with victim /company complaining).

What happens to hackers who publish the vulnerability openly without going to CERT-In and companies. They do it ofcourse to get fame or they really didnot want to fix it. Most companies will view these hackers as some one who is not reliable due to their poor full disclosure practice and wont hire them for anything important. They lose opportunity.

It is recommended proper reporting is followed first to the company who is victim, followed by reporting to CERT-In. giving them enough time to fix. Only if the vulnerability can affect public at large and no action was taken then other option of full disclosure should be considered.

Author:J Prasanna, Founder, Cyber Security & Privacy Foundation


Scammer who stole financial info arrested by CIB


An alleged scammer who is responsible for stealing personal data of more than 10,000k people through a spam mail pretending to be from the Bureau of National Health Insurance has been arrested in China.

Surnamed Pan, tricks victims into download and open the attachment that contained a malicious software allowing him to steal the personal data from the affected computers.

According to China Post report, he used few techniques to avoid the antivirus detection and tested his malware numerous time before launching the real attack.

Criminal Investigation Bureau (CIB) said he had stolen "vast amounts of classified financial information from location companies".  He then used those details for accessing the online banking accounts and committed credit card fraud.

Liberty Reserve Owner Arrested for money laundering (Updated)

Arthur Budovsky Belanchuk, the owner of  Liberty Reserve, has been arrested in Spain for money laundering.This was revealed by a joint investigation by the Spanish and US police agencies.

Raids were conducted at his home and office's. The investigation had been on since 2011. Also apparently Budobsky's business in Costa Rica was financed by child pornography websites and drug trafficking.

Libirty Reserve's main domain libertyreserve.com is not showing the original site,  its pointing to a sinkhole .

Update on 28/05/2013

The site is now showing a "This Domain Has been seized" message from the United States Global Illicit Financial Team.

Also this press release: http://www.justice.gov/usao/nys/pressreleases/May13/LibertyReservePR.php





As you can see the domain was transferred on May 24,2013 to point to shadowserver.org's name server - a server used by the US Governments to seize a website that has did an online fraud.

One of the EHN's reader, Jonathan Capistrano who contacted LR about the status of  peoples funds was told that they will not be closing down but are taking a break and that LR will be back "new and better" and finally said that funds will stay there , with no reduction or increase in value.  

 Update: This might just be a response said by the LR team so that people do not panic.Legally since LR is not FDIC approved the US government is not responsible for the money people lost.



Hackers stole ₹2.4 crore from Mumbai Bank in 3 hours

 
Cybercriminals hacked into the Mumbai-based current account of the RPG Group of companies and stole Rs 2.4 crore within 3 hours on May 11, Times of India reported.

The TOI report says money has been transferred to 13 different bank accounts in Chennai, Coimbatore,Tirunelveli, Bangalore,Hyderabad and other places.

The bank blocked those accounts but the gang have already managed to withdraw some funds.

The police has arrested three members of the crew who came to withdraw the money in Coimbatore and Hyderabad.

It appears the Company fell victim when the company officials opened the malware attached mail sent by the gang.  The gang then probably harvested the bank login credentials using the malware.

Earlier this year, cyber criminals stole Rs 1 crore in Mulund from the current account of a cosmetics company.

Suspected hacker likely to be charged over Thai PM website hack


An unknown hackers with "Unlimited Hack Team(UHT)" defacement signature recently attacked Thai PM website and posted insulting message about the Prime minister Yingluck Shinawatra.

Narongrit Suksarn, aka Window 98se, 29, from Nakhon Si Thammarat, suspected hacker who met the police last week insisted he didn't hack into the PM's site, nor post insulting messages on it. But he admitted he was one of the member of the Unlimited Hack Team.

The Police said they have gathered information and are confident Narongrit and other suspects from the hacking group will be charged.

Technology Crime Suppression Division (TCSD) commander Pol Maj Gen Pisit Paoin said they believed the Narongrit had hacked into PM site three days before the attack but he didn't change anything.

The police said the suspect will be charged with a violation of Section 5 of the 2007 Computer Act for allegedly sharing the stolen data with the team members, according to Bangkok post report.

It appears the UHT was established by a Cambodian group. The TCSD have requested Cambodian authorities to help in investigating the Cambodian hackers.

5 CyberCriminals arrested for stealing 2 million Euros via e-banking hacks


Slovenian Police performed 12 house searches and arrested five cyber criminals who are believed to be responsible for the malware attacks that steals money from companies bank accounts.

It all started last year when the Slovenian national Computer Emergency Response Team(SI-CERT) started receive reports regarding a malware attacks.

The victims received emails pretending to be coming from a local bank and state tax authority with a Trojan horse attached.

The malware installs the Remote Administration tool that steals victim's e-banking credentials and send it to the cyber criminals.

"With stolen credentials and in the case where the victim did not remove the smart card containing the bank-issued certificate from the reader after use, the doors to the company's bank accounts were left open to the criminal gang." SI-CERT's report reads.

The attackers cleverly planned their attacks to happen on Fridays or the day before national holidays, so that the companies wouldn't immediately notice the theft.

According to the report, the criminal group used 25 money mules to transfer around 2 million Euros.

Cyber Crime gang arrested for hacking Dubai exchange companies accounts


The Dubai Police have arrested a cyber crime gang who were able to transfer more than 2 Million dollars(Dh7 million) from Dubai Exchange companies' accounts. 

The police said that a gang of Asians and Africans work with hackers to hack into websites and systems of companies in Dubai to transfer the money.

The police have found cheques worth more than Dh6 billion with the gang after their arrest.

The police take action after they received complaints about a scam and transfer of $2 million from a company's account. “This was done through hacking the e-mails of this company by someone outside the UAE,”GulfNews quoted Colonel Salem Khalifa Al Rumaithi, deputy director of the General Department of Criminal and Investigation for research.

3 charged for spreading Gozi virus and steal millions of dollars from banks


Three alleged cyber criminals from Russia, Romania and Latvia charged for spreading a computer virus called "Gazi" to more than a million computers worldwide and steal tens of millions of dollars.

Nikita Kuzmin, 25, Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28, are accused of creating "one of the most financially destructive computer viruses in history."

Gozi virus was spread largely via PDF file attached with spam emails. Once user open the attachment, the malware infects the victim system.

The malware steals user names, passwords, and other security information

UGNazi Hacker Cosmo The God take over WBC Twitter account of Fred Phelps Jr.


After gaining access to the twitter account of Shirley Phelps-Roper,The hacker "Cosmo The God", from UGNazi Hacker group, has hacked the twitter account of Fred Phelps Jr., the son of church leader Fred Phelps Sr.

UG Nazi and Anonymous hacker collective have targeted the Westboro Baptist Church as a hateful organization. The church recently sparked controversy for its decision to protest the funerals of those lost in the Newtown, Connecticut elementary school shooting.

The hacker has changed the twitter account name and description of the account. Just as he did with the last account, the hacker started to re-tweet the anti-WBC messages. The latest tweet from the compromis" #PrayForNewtown ".

Though the account says it has been compromised by Cosmo, i am still wondering who is behind the attack. Because, the Cosmo hacker is banned from the internet for six years, back in November.  Also some report says, the hack was not done by cosmo but a hacker goes by the name of Shm00p.


Hacker breached 'Heroes of Newerth' and gained access to user passwords

The S2 Games urges Heroes of Newerth players to change their password , as result of a password security breach.

Hackers managed to gain access to user passwords after they've breached a third-party software that interacts with their account database.

"We’ve been working around the clock with our internal expert security staff to analyze what happened, and it is our mission to be completely transparent." The official forum post reads.

According to the post, only passwords were stolen and No credit card or billing information was compromised, as they do not store this information.


More than 1600 Indians were arrested in 2011 for CyberCrimes

cybercrime and law in india

More than 1,600 Indians were arrested in 2011 for Cyber Crimes registered under the Information Technology (IT) Act (2000) and under sections of Indian Penal Code (IPC), nearly 30% more than previous year.

According to Times of India report, Indian Minister of State for Communications Milind Deora said that a total 1,630 persons arrested in 2011 comprised 1,184 under Information Technology (IT) Act (2000) and 446 under sections of the Indian Penal Code (IPC) related to cybercrimes.

In 2010, the number of arrests for cybercrime under the IT Act (2000) was 799 and 394 under sections of the Indian Penal Code (IPC), making a total of 1,193.

Last year's cybercrime cases pertained to tampering computer source documents, hacking, obscene publication/transmission in electronic form and failure of compliance/order of certifying Authority, among other reasons.

Conservative MP David Morris official website hacked

David Morris, MP for Morecambe & Lunesdale , said his website( morecambelunesdale.com) has been hacked by a hacker group claiming to represent "Freedom for the Mujahideen".

AS the result of the security breach, the site is taken down by the officials. The spokesman said it had been deleted as hackers had posted an offensive video which "we wouldn't want people to see".

"I was shocked to discover that my website has been hacked" Mr. Morris said.

He also added that he alerted the company who host his website as well as Lancashire Police.

mp site hacked and defaced

"My website has been hacked, currently working on the situation please e-mail or telephone until further notice. " The tweet posted by Mr. Morris reads.

A spokeswoman for Lancashire Police said that they have received a report from a complainant relating to a website and an investigation is under way.