Search This Blog

Showing posts with label Cyber Crime. Show all posts

Russian hacker who hacked Dropbox and LinkedIn found guilty


Russian citizen Yevgeny Nikulin, accused of hacking LinkedIn eight years ago, was found guilty by a jury in San Francisco

The verdict in Nikulin's case was announced on Friday after a trial that began in March, which was interrupted due to the coronavirus pandemic and resumed in July.

In 2016, there were a number of large-scale data leaks, and many dumps, including MySpace, LinkedIn, Tumblr and Vkontakte, were eventually put up for sale.
In 2016, one of the hackers, Russian Evgeny Nikulin, was arrested and extradited to the United States in 2017.

Nikulin was accused of a number of articles, and all of them were connected with penetration into other people's networks and data theft. According to court documents, Nikulin hacked Dropbox, Formspring and LinkedIn in the spring and summer of 2012 and stole about 117,000,000 user records, including usernames, passwords and email addresses.

Nikulin then used the data stolen from LinkedIn to send phishing emails to employees of other companies. Authorities said that this way Nikulin managed to collect a lot of information about 68,000,000 Dropbox users, including usernames, email addresses and hashed passwords.
Similarly, Nikulin managed to get into the account of the Formspring engineer. Thus, in June 2012, he gained access to the company's internal user database, which at that time numbered more than 30,000,000 people.

According to data from Radio Free Europe journalists, his activity brought a good income. Nikulin bought expensive cars, watches and traveled a lot. For example, Nikulin admitted that he owns a Lamborghini Huracan, Bentley, Continental GT and Mercedes-Benz G-Class.

The sentence to Nikulin will be announced on September 29. The jury took less than one day to reach a verdict. Nikulin faces up to 32 years in prison and fines exceeding a million dollars.
Lawyer Arkady Bukh said that the defense intends to challenge the verdict. According to him, the psychiatrist who was appointed by the judge previously recognized Nikulin as mentally abnormal.
Nikulin always denied guilt and even called the charges revenge of the United States for providing political asylum in Russia to Edward Snowden.

The Russian Prime Minister spoke about the growth of cybercrime activity in Russia


Russian Prime Minister Mikhail Mishustin said that this spring there was an increase in cybercrime activity. The Prime Minister said this on July 8 in a video message to participants of the international online training on cybersecurity Cyber Polygon-2020

“This spring, we observed an increase in the activity of cybercriminals. More than 90% of successful attacks are carried out using social engineering methods: fraudsters attack us with phishing emails and use the technology of number substitution, trying to take citizens by surprise,” said the prime minister.

According to Mishustin, cyber threats can come from entire states. "Geopolitical differences also extend to the digital environment, thus adding countries to the list of possible sources of threats to digital security," said he.

The Prime Minister drew attention to the fact that security researchers regularly detect complex malware that is specifically designed to disable critical functionality and cause physical damage to industries and infrastructure.

He said that the government, in cooperation with Russian companies in the field of information technology security, is working to inform the population about cyber risks and cyber threats. This makes it possible to solve many problems, but there are still many issues that require attention.
Mishustin pointed out that the national action plan for the recovery of the Russian economy after the crisis is based on the increasing digitalization of the economy and government.

"We will radically increase the number of e-government services provided and create fundamentally new systems to support digital business. In these conditions, one of the most important areas is the protection of cyberspace," added the head of the Cabinet of Ministers.

In addition, the Prime Minister said that the key to a secure digital future for the entire world is cooperation in the field of cybersecurity, and Russia is ready to share its achievements in this field with the world.

He noted that Russia is today one of the leaders in technological progress. According to the Prime Minister, Russian developments in the field of information security successfully compete on the international market.

Hackers hacked Twitter account of the Russian Foreign Ministry and put up for sale data from tourists


Hackers hacked the Twitter account of the situation and crisis center of the Russian Foreign Ministry and put up a database of Russian tourists there for sale. The Foreign Ministry confirmed the hacking but called the message about the sale of data false. The Department said that the account has now been restored and is fully functioning.

Hackers offered to buy the database for June 2020 for 66 bitcoins (about $9000). They claimed that the database contains more than 115 thousand people. A Jabber account was specified for communication.

"Last night, attackers hacked the account of the situation and crisis center of the Russian Foreign Ministry. The information published on the feed in the morning of July 2 is "fake" and has no relation to the Russian Foreign Ministry. The account has been restored and is fully operational,” the Russian Foreign Ministry said on Twitter.

According to Alexey Kubarev, the Development Manager of the DLP Solar Dozor, Rostelecom-Solar, a number of signs in the announcement of the sale of the base cast doubt on its authenticity. First, the phone numbers listed in it are not valid.  At the same time, the base price is surprisingly high — about $5 per line. If we recall similar cases in 2019, then in them the price for one line in the database did not exceed $1.70.

According to the expert, the seller’s goal could not be a deal, but an informational throw about the alleged leak.

Earlier, E Hacking News reported that hackers tried to disrupt the website of the Public Chamber of Russia several times. In the evening of June 30, and then on July 1, they made a series of DDoS attacks on the Internet resource. The attackers also blocked the work of a special website of the chamber dedicated to public monitoring of voting on amendments to the Constitution.

Largest ISP in Austria Hit by a Security Breach



The largest internet service provider in Austria was hit by a security breach this week, in the wake of enduring a malware infection in November 2019, following an informant's report.

A1 Telekom said that their security team identified the malware a month later; however, that expelling the infection was trickier than it was initially envisioned.

From December 2019 to May 2020, its security team had stood up to the malware's operators in endeavors to expel the entirety of their hidden backdoor components and kick out the intruders.

The Austrian ISP told a local blogger that the malware just infected computers on its office network, yet not its whole IT framework, which comprised of approximately more than 15,000 workstations, 12,000 servers, and a large number of applications.

In interviews with the Austrian press [1, 2, 3], A1 said that the multifaceted nature of its internal system kept the attacker from advancing toward various frameworks "because the thousands of databases and their relationships are by no means easy to understand for outsiders."

The attackers evidently assumed manual control for the malware and endeavored to extend this initial foothold on a couple of frameworks to the company's whole system.

A1 said the attacker figured out how to compromise a few databases and even ran database inquiries so as to become familiar with the company's interior system.

A1, which hadn't disclosed the nature of the malware, didn't state if the 'intruders' were 'financially-focused' cybercrime gang or a nation-state hacking group.

While A1 declined to remark on the informant's attribution. Christian Haschek, the Austrian blogger and security researcher who originally broke the story, said the informant asserted the hack was carried out by Gallium, a codename utilized by Microsoft to portray a Chinese nation-state hacking group specializing in hacking telecom providers across the world.


Provider Volia reported to the cyber police about the intense cyberattacks on the server


Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31.

"For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company.

In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize.

"DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, telephony, video conferencing, etc. The attack occurred from tens of thousands of different IP addresses around the world: the United States, Malaysia, Taiwan, Vietnam, etc.", emphasized the press service of the provider.

According to representatives of the company, attacks of this volume are followed by extortion and other attempts to influence the company. Therefore, Volia appealed to the cyber police with a statement about a massive DDoS attack on the infrastructure.

At the same time, Volia stated that they cannot be sure that the attacks will not happen again, but they are doing everything possible to avoid it.
It should be noted that Volia company serves about 2 million cable TV and Internet subscribers in 35 cities of Ukraine.

In Ukraine, a world-famous hacker has been detained


The press center of the Security Service of Ukraine announced the arrest of a world-famous hacker who operated under the nickname Sanix. Last January, Forbes, The Guardian, and Newsweek wrote about the cybercriminal. TV channel Italia 1 dedicated a separate story to it since the database put up for sale by an unknown person was the largest in the history of the stolen database.

The hacker Sanix turned out to be a 20-year-old resident of the small town of Burshtyn. The guy graduated from high school and college, has no higher education.

At the beginning of last year, Sanix attracted the attention of the world's leading cybersecurity experts. On one of the forums, a hacker posted an ad for the sale of a database with 773 million email addresses and 21 million unique passwords. According to the portal Wired, this event should be considered the largest theft of personal data in history.

SBU experts claim that the hacker also sold pin codes for bank cards, electronic wallets with cryptocurrency and PayPal accounts.

During the searches, computer equipment with two terabytes of stolen information, phones with evidence of illegal activity and cash from illegal operations in the amount of $7,000, and more than $3,000 were seized from a hacker.

The National Police of Ukraine added that the 87 GB database proposed by the hacker makes up only a small part of the total amount of data that he possessed. More than 3 TB of such databases, uploaded and broken passwords were found at the hacker. This includes the personal and financial data of EU citizens and the United States.

Sanix himself in private correspondence with a BBC journalist noted that he was only a salesman. Sanix said that poverty in the country and an urgent need for money motivated him to become a cybercriminal.

Hackers who were preparing attacks on hospitals arrested in Romania


Romanian law enforcement officials stopped the activities of the cybercriminal group PentaGuard, which was preparing to carry out attacks on Romanian hospitals using ransomware.

Four hackers were arrested, and searches were conducted at their place of residence (at three addresses in Romania and one address in Moldova). According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), hackers had various malicious programs at their disposal, including Trojans for remote access, ransomware, as well as tools for defacing sites and SQL injections.

In addition, hackers developed malicious computer applications for use in computer attacks, such as rasomware-cryptolocker and RAT (Remote Trojan Access). Such malicious attacks were directed against several state institutions, as in Bucharest.

During the investigation, it became clear that cybercriminals planned to attack hospitals. The attackers intended to send phishing emails on the subject of COVID-19 to medical institutions, and use them to infect networks with ransomware Locky or BadRabbit, encrypt files and demand a ransom for recovery. According to the Romanian media, this is how the cybercriminals wanted to protest against the quarantine measures taken by the Romanian government.

This type of attack makes it possible to block and seriously disrupt the functioning of the IT infrastructure of these hospitals. They are part of the healthcare system, which currently plays a decisive and decisive role in combating the pandemic with the new coronavirus.

The hacker group PentaGuard has existed since about 2000. In January 2001, the group carried out a massive deface of the sites of the British and Australian governments. Over the past few years, PentaGuard has not conducted any deface campaigns but has remained active on hacker forums. In January 2020, the group resumed defacing attacks.

FinCEN Chief Blanco warns of Wide Scale Virtual Currency Scams


Financial Crimes Enforcement Network (FinCEN) is keeping a close watch on financial scams involving virtual currency payments as the COVID-19 pandemic opens new areas of exploitation said, Director Ken Blanco.



As we are stuck in an unfortunate period of emergency, these scammers are exploiting this vulnerability from extortion, ransomware, and the sale of fraudulent medical products, to initial coin offering investment scams.

“This type of cybercrime in the COVID-19 environment is especially despicable, because these criminals leverage altered business operations, decreased mobility, and increased anxiety to prey on those seeking critical healthcare information and supplies, including the elderly and infirm,” the Financial Crimes Enforcement Network chief told the virtual Consensus Blockchain Conference in a video conference.

Blanco stressed on the need for collaborating with other law enforcement agencies and working together to beat this issue by generating much-needed funds to help the recipients and for financial survival.
 “The need for our collaboration is clear and undeniable,” he stated.
He further delved into the cyber crimes occurring because of COVID-19 as much of the population and government employees are working from home these cybercriminals are attacking vulnerabilities in remote applications like VPN (virtual private networks) and remote desktop protocol in order to steal information. Blanco advised companies to pay due diligence and advise the same to the customers.

"Financial institutions should consider the risks of the current environment in their business processes, and the appropriate level of assurance needed for digital identity solutions to mitigate criminal exploitation of your products and platforms.”

FinCEN has also worked with other law enforcement initiatives like the Joint Criminal Opioid Darknet Enforcement (J-CODE) and National Cyber Investigative Joint Task Force (NCIJTF) in cases like criminals exploiting crypto for the purchase of fentanyl.

The virtual currency business has to be very vigilant and properly scrutinized as there are a number of miscreants persistently attacking their onboarding and authentication processes. FinCEN, since 2013 has received nearly 70,000 Suspicious Activity Reports (SARs) of cryptocurrency fraud alone. During COVID-19, this threat becomes ten fold.

Germany has put a Russian "Dmitry Badin" on the international wanted list on suspicion of a cyberattack


The Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015, writes the newspaper Sueddeutsche Zeitung. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.

Mr. Badin is also wanted by US authorities for hacking attacks, including the theft of emails from Hillary Clinton and the Democratic Party on the eve of the 2016 presidential election. US investigators rank him among a group of seven Russians suspected of cyber-hacking. The FBI believes that he is a Russian military intelligence officer from the GRU.

According to German law enforcement agencies, Badin is a member of the hacker group Fancy Bear. The Russian is accused of carrying out secret intelligence activities and illegally extracting computer data. Sources say that the Russian was one of the organizers of the attack on the networks of the German Parliament. Cybercrime was investigated by the Federal Criminal Investigation Agency and the police.

The newspaper reported that investigators are confident that 29-year-old Mr. Badin was also involved in a hacker attack on the German Bundestag Parliament in April 2015.

Recall that in January 2019, Germany experienced the largest leak of personal data of politicians in the history of the country. The German authorities suspected Moscow of the cyberattacks that had occurred before. Then Der Spiegel reported with reference to the country's counterintelligence that the hacker group Snake, linked to the Russian special services, tried to get access to the electronic resources of the Bundestag, the Bundeswehr and the German Foreign Ministry. The German intelligence services previously accused the same group of massed cyberattacks against German government agencies registered at the end of 2017.

Russia repeatedly denied accusations of involvement in hacker attacks. None of the German law enforcement agencies has ever provided any evidence in support of the media version about the connections of cybercriminals with Moscow.

The Dreambot Malware Botnet Appears To Have Gone Silent and Possibly Shut Down


Dreambot's backend servers as per a report published by the CSIS Security Group, a cyber-security firm situated in Copenhagen, seem to have gone quiet and potentially shut down completely.

It started in March around the same time when the cybersecurity community likewise stopped seeing the new Dreambot samples disseminated in the wild. 

Benoit Ancel, the malware analyst at the CSIS Security Group, says, “The lack of new features? The multiplication of new Gozi variants? The huge rise of Zloader? COVID-19? We can't be sure exactly what was the cause of death, but more and more indicators point at the end of Dreambot." 

The Dreambot malware's apparent demise put an end to a six-year-old "career" on the cybercrime landscape. First spotted in 2014, it was created on the leaked source code of the more seasoned Gozi ISFB banking trojan, one of the most reused bits of malware today. 

With time, Dreambot received new highlights, like the Tor-hosted command and control servers, a keylogging capacity, the capacity to steal browser cookies and information from email clients, a screenshot feature, the capacity to record a victim's screen, a bootkit module, and a VNC remote access feature - just to name the most significant.

Typical Dreambot Control Panel

Besides, Dreambot likewise evolved from a private malware botnet into what's known as a Cybercrime-as-a-Service (CaaS). 

 As a CaaS, the Dreambot creators would publicize access to their botnet on hacking and malware forums. Various crooks could gain access to a part of Dreambot's infrastructure and an adaptation of the Dreambot malware, which they'd be answerable for distributing to victims. 

Dreambot "customers" would infect victims, steal funds, and pay the Dreambot gang a week after week, month to month, or at a yearly expense. CSIS says this model seems to have been fruitful. "We counted more than a million [Dreambot] infections worldwide just for 2019," Ancel said. 

In any case, the CSIS researcher additionally said that as of late, Dreambot developed from being only a banking trojan. All the more explicitly, it evolved from a specific banking trojan into a generic trojan. 

Criminals would lease access to the Dreambot cybercrime machine, yet not use it to steal money from bank accounts. Instead, they'd taint countless computers, and afterward review each target, searching for explicit computers. 

Nonetheless, Dreambot operators have not been 'publicly identified' and stay on the loose. The explanation behind this whole cybercrime platform's current disappearance likewise stays a mystery. Be that as it may, with the operators everywhere, Dreambot's return 'remains a possibility'.


Russian authorities arrested cyber criminals who sold billion counterfeit rubles on the dark web


Employees of the Ministry of Internal Affairs in Nizhny Novgorod stopped the activities of a group engaged in the production of counterfeit money. Fakes in denominations of 5000, 2000 and 1000 were of such high quality that not every detector in stores could detect them.

High-quality counterfeit money was made in Nizhny Novgorod, from where it was delivered to almost all regions of Russia through the Hydra Internet resource. The criminal organization included several dozen people, and none of them personally knew each other.

Last year, Tatarstan opened the first criminal case under the article Production, storage, transportation or sale of counterfeit money or securities. The first counterfeit bills were found in the region. Then fake money began to appear in many regions of Russia.

For conspiracy, the attackers communicated exclusively through the periodically blocked by Roskomnadzor mirrors of the Internet resource Hydra. According to police officers, the accomplices knew each other only by nicknames on the Internet. The distribution of fakes was also carried out in a non-contact manner using special hiding places.

Wholesale lots from 500 thousand rubles ($6,750) went for 10-15% of the face value. But the greatest demand in the regions were small parties from 10 thousand to 150 thousand rubles ($135 - $2,000) counterfeiters sold for 30% of the nominal value.

When a buyer made a payment on Hydra using cryptocurrency, a shipment of fake money was sent from Moscow using fake passports through a transport company to accomplices. They left fake money in secret places, and then passed the coordinates to customers.

The identity of the organizers and producers of counterfeit money could be established only in the spring of this year. They were three residents of Nizhny Novgorod region Oleg Efimov, Ivan Averof and Andrey Skvortsov. Two sets of printing equipment for the production of counterfeit money of very high quality, color laser printers, laptops, a laminator, mock-ups of banknotes, threads for gluing into banknotes and blanks of emblem images were seized from the detainees.

It was established that the criminal group existed for about a year and printed and put into circulation about one billion rubles ($13,5 million).

BGP Hijacking Attacks Google, Amazon and Other Famous Networks' Traffic!


As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.

Zoombombing: what is it and how you can prevent your conference calls from being zoombombed


Amid this Covid-19 lockdown, the use of video conferencing software has seen a rapid rise- be it work-related, teaching or just socializing. Our use of video chats has increased and with it, the security concerns have risen diligently.


One such software "Zoom", which is quite popular for video conferencing has been drawing attention from security researchers and journalists recently over privacy and security issues. Even United States investigative agency FBI issued a warning to the citizens to be cautious while using zoom app citing cases of zoombombing where calls were interrupted by "pornographic and/or hate images and threatening language," and the agency also asked the software companies to practice "due diligence and caution" in their security measures.

 Zoombombing is an incident when your video conference calls are interrupted by unwanted/uninvited attendee and disrupts the meet. 

Measures by Zoom to prevent Zoombombing

On Wednesday, Zoom CEO Eric Yuan published a blog post addressing these security concerns. He mentioned that Zoom will freeze feature updates and focus on coming up with security solutions for the next 90 days. Quoting to dedicate these ninety days to "the resources needed to better identify, address and fix issues proactively." He wrote that these initiatives will focus on "conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases," according to the post.

Steps you can take to prevent "Zoombombing" 

There are some simple settings you can change on your Zoom app for your calls from being interrupted by unwanted individuals.

  1. Don't use your personal meeting ID, instead use a pre-meeting ID exclusive for that meeting. There are Zoom tutorials to help you understand how to generate a random meeting ID for a meeting. 
  2.  Enable the "waiting room" feature in Account Management. It will allow you to see who is attempting to join the meeting and give them access. 
  3. Once the meeting begins and everyone is in it, lock the meeting to outsiders. 
  4.  Make sure you don't publish or post the meeting ID on public platforms. 
  5.  If any outsider does barge in- 
You can lock them out by going to Participants List in the navigation sidebar, scroll to more and click to Lock Meeting. You can also shut them up, by clicking on Mute all control in the Participants List.

Russian-Based Online Platform Taken Down By the FBI


The Federal Bureau of Investigation as of late brought down the Russian-based online platform DEER.IO that said to have been facilitating different cybercrime products and services were being sold according to announcements by the Department of Justice.

The Russian-based cyber platform known as DEER.IO has for quite some time been facilitating many online shops where illicit products and services were being sold.

A little while back, there happened the arrest of Kirill Victorovich Firsov as revealed by authorities, he was the supposed main operator behind Deer.io, a Shopify-like stage that has been facilitating many online shops utilized for the sale of hacked accounts and stole user data. Convicts ware paying around $12/month to open their online store on the platform.

When the 'crooks' bought shop access through the DEER.IO platform, a computerized set-up wizard permitted the proprietor to upload the products and services offered through the shop and configure the payment procedure by means of cryptocurrency wallets.

Arrested at the John F. Kennedy Airport, in New York, on Walk 7, Firsov has been arrested for running the Deer.io platform since October 2013 and furthermore publicized the platform on other hacking forums.

“A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.” - the official statement distributed by the DoJ.

While Feds looked into around 250 DEER.IO stores utilized by hackers to offer for sales thousands of compromised accounts, including gamer accounts and PII documents containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses.

A large portion of the casualties is in Europe and the US. The FBI agents effectively bought hacked information from certain stores facilitated on the Deer.io platform, offered data were authentic as indicated by the feds.

When asked to comment for the same FBI Special Agent in Charge Omer Meisel states, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the Internet. The seizure of this criminal website represents a significant step in reducing stolen data used to victimize individuals and businesses in the United States and abroad.”

The Federal security service of Russia stopped the activities of the largest group of hackers


More than 30 members of an interregional criminal group engaged in cloning and selling credit and payment cards of Russian and foreign banks were detained by the Federal security service (FSB). Hackers gained access to data by hacking user accounts and payment systems. The detentions took place immediately in 11 regions of Russia.

The group created more than 90 online stores where it was possible to buy data from other people's bank cards. The cards of both Russian and foreign banks, including credit cards, were compromised.
According to the FSB, the criminal group has been operating for at least the past three years. Criminals obtained the necessary data of real cardholders by accessing user accounts on the Internet and payment systems.

One of the most common ways to get them was to create websites selling various products at below-market prices. Customers interested in these cheap offers paid for the purchase directly on the site with a bank card. At the same time, using a special program, hackers gained access not only to its number but also to the pin code, as well as the CVC code of the cardholder. The seller immediately canceled the transaction itself, referring to the fact that the product is out of stock and the customer will be notified of its appearance by SMS.

After that, cloned Bank cards with a balance, usually, not less than several hundred thousand rubles or several thousand dollars or euros went on sale in one of the 90 online stores organized by members of the group in the Darknet. For example, a copy of the card with a balance of $3 thousand to $25 thousand fraudsters offered to buy for 30% of the face value. They even gave a 30-day guarantee for their product, promising to exchange the card in case of blocking. At the same time, courier delivery of cards with the entire package of documents was offered to any city in the world. Withdraw money was recommended as soon as possible so that its real owner did not have time to suspect anything.
25 detainees were charged under the article on illegal turnover of payment funds. Among the detainees are citizens of Ukraine and Lithuania.

Law enforcement officers seized more than $1 million and 3 million rubles during their detention, as well as weapons, drugs, gold bars and servers hosting fraudulent websites. According to the statement, the site hosting equipment was "liquidated". The FSB added that the seized property included fake documents, including fictitious Russian passports and law enforcement documents.

DDoS Attacks on the Gaming Giant Blizzard Causing Worldwide Service Disruption


In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the hackers have hit gaming giant "Blizzard" with a colossal DDoS attack causing worldwide service disruption.

The attack, as per reports was carried out on March 18th around 2:20 AM (GMT) when Blizzard users took the issue to Twitter and the Customer Support handle for Blizzard on Twitter additionally affirmed enduring the DDoS attacks.

The company further clarified that it is “currently investigating an issue affecting our authentication servers, which may result in failed or slow login attempts.”

As indicated by DownDetector's live map, Blizzard is as yet enduring the result of the attack particularly in the US, Israel, Bahrain, Iraq, China, Singapore, Malaysia, and Denmark and a few other countries.
Image credit: Down Detector’s live map


Furthermore, it is very unclear whether the DDoS attack has halted as there has been no update tweet from the company. It is, however, worth noting that Blizzard is home to probably the most mainstream games including World of Warcraft, Overwatch, Heroes of the Storm and Diablo Immortal, and so on.

The gaming monster has a strong customer base with in excess of 32 million active users across the global. Aside from these EA Sport, a division of Electronic Arts is likewise enduring a worldwide service blackout.

It is indistinct on the off chance that it is an aftereffect of a DDoS attack or the company is confronting technical challenges within however there have been various tweets from EA Sports customers complaining about lagging and connectivity issues.

As indicated by DownDectector's live map, EA Sports is as yet enduring lagging issues in the US, United Kingdom, France, Spain, Denmark, Japan, and Israel, and so forth.

Image credit: Down Detector’s live map


By and by, it is most likely not a smart decision to DDoS Blizzard but rather users are encouraged to remain tuned for any further news with respect to the attack.

In Kiev, a hacker group who used the vulnerability of banks to steal their clients' money was caught


The Security Service of Ukraine (SBU) announced the termination of the acclivities of hackers who stole an average of 1.2 million dollars a year from the accounts of banking institutions.

According to the investigation, the attackers found vulnerabilities in the electronic payment document management system of banks, illegally transferred money of clients to the accounts of fictitious persons or transferred it to cryptocurrency. Hackers created a bot network of infected computers to conduct illegal operations on the Internet. "Thus, the members of the group stole from the accounts of banking institutions on average 30 million hryvnias ($1.2 million) a year," reported the press service of the SBU on Tuesday.

During 10 searches in Kiev and the region, as well as in Lviv, law enforcement officers seized computer equipment and mobile devices that were used by members of the group during illegal activities. Now the seized equipment is sent for examination.

A criminal case has been opened. If the attackers are found guilty, they face up to six years in prison.
It is worth noting that the Security Service of Ukraine recently exposed a large group of hackers associated with the Darknet.

Members of the group and third parties used server hosting equipment to conduct cyberattacks on the authorities and administration of Ukraine, critical infrastructure of Ukraine, as well as Ukrainian and world banks.

During the investigation, operatives detained the organizer of the group, who since 2011 provided its own server equipment for hosting, administering and distributing malware, bot networks and conducting cyberattacks.

In particular, DDoS attacks were carried out on strategic facilities in Ukraine and banking institutions of other states. The specified hosting was known on the Darknet network under the name "ProHoster" and "Bulletproof.space".

The FBI arrested a Russian associated with Deer.io


The Federal Bureau of Investigation arrested a Russian citizen who allegedly supported the sale of hacked accounts and personal data of Internet users. The arrest occurred at the John F. Kennedy Airport.

"We received information from American law enforcement agencies that he was detained on March 7. He is in New York now in a Manhattan detention center," said Alexei Topolsky, a spokesman for the Russian Consulate.

According to him, the initial initiative for the arrest comes from the San Diego FBI. The Russian has not yet contacted the Consulate.

According to the FBI, Mr. Firsov managed the platform Deer.io where online stores engaged in illegal activities were located. The arrest warrant indicates that Firsov took part in the work Deer.io since its launch (October 2013).

According to the prosecution, Firsov is the administrator of this platform, which is located in Russia and provides an opportunity for criminal elements to sell their "products and services". The prosecution claims that the platform is selling the hacked American and international financial and corporate information, personal data, stolen accounts of many American companies.

The prosecution said that a cybercriminal who wants to sell contraband or offer criminal services through the platform can do it for $12 a month. The monthly fee is paid in bitcoins or via a number of Russian payment systems, such as WebMoney. According to Firsov, more than 24 thousand stores worked on the site, which brought in more than $17 million.

American law enforcement officers opened a criminal case, according to which Deer.io almost completely used for cybercrime purposes. FBI found stores on the Firsov site that sell access to hacked accounts, servers and personal data of users.

The Bureau said that Kirill Firsov was aware of who uses his platform, and more than once advertised Deer.io on cybercrime forums.

The United States accused the manager of Group-IB of cybercrime


According to an indictment in a court database, US authorities accuse Nikita Kislitsin, manager of a Russian cybersecurity company Group-IB, of hacking the Formspring social network. Group-IB, which does not appear in the charge, found the charges against its employee unfounded.

Kislitsin was the editor-in-chief of magazine Hacker from 2006 to 2012. In 2012, he worked for some time in the United States, and since 2013, he has been working at Group-IB, where he is engaged in security threat intelligence. The indictment against Kislitsin dates back to 2014 but was declassified and uploaded to the San Francisco court database only this week.

Kislitsin was charged with two counts related to the use of illegal access devices. One article assumes up to 10 years in prison, another - up to 5 years, also Kislitsin faces a fine of 250 thousand dollars.

The indictment states that Kislitsin received the names, email addresses and passwords of Formspring customers from an accomplice-hacker, and then tried to sell them to another accomplice for 5.5 thousand euros. In total, the case involves three accomplices of Kislitsin, not one of them is named.

Group-IB issued a statement on its website linking the charges against Kislitsin to the case of Yevgeny Nikulin, whose trial opens in California next week. Nikulin is accused of illegally accessing data from the social network LinkedIn, Dropbox and Formspring servers.

Group-IB states that it supports its employees. Moreover, the company and its employee Nikita Kislitsin did not receive the official summons, notifications or invitations to the upcoming court hearing in the Nikulin case.

The company said that Group-IB is currently consulting with international lawyers for a legal assessment of the situation and making a decision on further actions.

Cyber Flashing- Another Horrendous Way of Sexual Assault Via The Internet!


Of all the horrible things a pervert could do using the cyber means, Cyber Flashing is by far the most debauching and harassing of all.

For all those who aren’t well aware of this concept, cyber flashing is like every other form, a highly disgusting method of “image-based sexual abuse”.

This technology backed crime doesn’t stand on a particular pedestal as to the legality of it hence, the fact that people don’t know much about it let alone it being a crime.

You may be sitting somewhere in peace and quiet, supposedly on a much-wanted vacation cruising your lazy fingers on your phone and Bam! A stranger’s genitals cover your phone screen via an AirDrop file.

The initial shock, getting grossed out and the eventual sickening feeling you get is all well understood. Because the moment you try to close the file it only gets sent, again and again, a good number of times.

The nastiest part about this is that the person who sent it to you could be sitting close by, watching you see their nether regions and could be taking some sort of nauseating pleasure out of it.

According to several polls and researches, in England, Scotland and Wales combined, 40 percent of the women have, in one form or the other experienced cyber-flashing by having received repulsively uncalled for pictures of male private parts.


Disappointingly enough, notwithstanding the pervasiveness of the situation not many governments have special legal provisions to contend with cyber-flashing. Several countries’ existing laws don’t cover the subject wholly and only in the light of “sexual harassment or communication”.

Nevertheless, Scotland, Singapore and the American state of Texas did get something done for this but only under the pressure of women’s rights campaigns.

In the years that have passed, groups have suggested pretty fervently the need for the introduction of a new law that solely focuses on “image-based sexual abuse” and legally forbids cyber-flashing.
But it never had a toll on the government and the recommendations got rejected.

Contemplating over the severity of the not-at-all trivial crime and the neglect it has undergone in terms of its legal consequences is desperately needed to frighten away any potential partakers.

The degenerates require getting this into their head that sending someone an unsolicited picture of their genitals is simply not okay and that they can be legally punished for it.

Cyber-flashing could seriously distress the receivers and make them think that they are not safe even in public spaces. It also empowers men to accept the anonymous nature of the ill-act and just show off their genitals, without the fear of getting immediately caught.
Women need to be emboldened about fighting back against it.

Moreover, girls and women need to know that these “dick-pics” are definitely not imprudent tries at flirting and the men need to understand that this is not a pathway of getting nudes in return or appallingly enough, some twisted way of showing off.

The current laws need to keep up with the expeditious changes in technology. Also, how people embrace the ill-usages of it especially for harassment and sexual abuse.