Search This Blog

Showing posts with label Russia. Show all posts

Cyber Criminals began to use a new scheme to defraud Russians

The classic scheme to defraud Russian bank clients with the help of malicious emails is experiencing a second birth. Now the scammers, presenting themselves as Yandex.Money operators, demand to transfer funds to a bitcoin wallet under the threat of publishing compromising videos.

They are relying primarily on the fact that the potential victim will react to a familiar brand: the letters are sent from the email address inform@money.yandex.ru. Yandex.Money electronic payment service, which belongs to Sberbank, changed its name to YooMoney last year.

In the letter, the attacker, who calls himself a programmer, claims that he managed to hack into the user's computer and gain full access to it and related devices, including the camera. According to the scammer, he managed to make an intimate video of the victim, and if he doesn't get what he wants, he will send the video to his entire contact list.

"Transfer $650 to my bitcoin wallet. My bitcoin wallet (BTC Wallet): bc1qpg0uv2dcsjvpe9k2y7knxpzfdqu26tvydeu4pf. After receiving payment, I will delete the video and you will never hear from me again. I give you 50 hours (over two days) to pay. I have a notification of reading this email and a timer will go off when you see this email," the scammer intimidates the victim.

YooMoney's press office said they are aware of this technique by the scammers and have already taken appropriate action. "The information is sent from a domain that we no longer own. Yesterday we received information about this and passed it on to the domain owner's security service," the service stated.

Extortion of this kind is quite well known and has a long history, explained the agency executive director of the Association of participants in the market of electronic money and remittances Pavel Shust. Such messages can be sent in the thousands, hoping that someone will believe the threats and transfer money after all. The expert explained that in reality, of course, no one has hacked the computer and has no compromising materials, this letter should simply be deleted and forgotten about it.

Russian intelligence was accused of cyber attacks on Lithuania's top leadership

Last year, hacker groups controlled by Russian secret services conducted cyber attacks on Lithuania's top leadership - This is stated in the annual report on the state of national cybersecurity published by the Ministry of Defense of the Baltic republic

The document claims that Lithuanian foreign policy and national security institutions, as well as energy and education facilities were attacked by Russian intelligence.

"Groups controlled by Russian intelligence services also used the Lithuanian information technology sector infrastructure for cyber attacks against targets in Western countries. For example, in July 2020, there were cyber attacks by the APT29 cyber group against organizations developing a coronavirus vaccine in the West that were carried out using Lithuanian IT infrastructure," the report said.

As noted in the document, some of the cyber incidents registered in the republic last year are associated with "political, geopolitical, strategic events in Lithuania, the region and around the world."

According to the report, "it is assumed that hostile intelligence services seek to illegally obtain information about vulnerabilities in Lithuanian communication and information systems, as well as personal user information (account login data) and use it for other cyber incidents".

As an example, a cyber attack was reported in December 2020, when 24 public sector websites were hacked, three of which published fake news with different content. An investigation into the incident revealed that it had been prepared in advance and was carried out in an orderly manner.

Various cyberattacks are often reported in Lithuanian state institutions. Most often they are attributed to "Russian hackers" or hinted that they were carried out by "unfriendly countries," although no evidence has been found.

Moscow has repeatedly stressed that accusations by Western partners are unfounded.

In addition, the authorities of the Baltic States have consistently obstructed the work of the Russian media. As the Russian Foreign Ministry noted, signs of coordination are clearly visible in the actions of Vilnius, Riga and Tallinn, and the cases of media harassment in the Baltic countries clearly demonstrate that the demagogic statements of these countries about their adherence to the principles of democracy and freedom of speech are worth in practice.

It's interesting to note that the report released by the Lithuanian Ministry of Defense shows that cyber incidents in Lithuania increased by 25 percent in 2020, and the number of incidents involving malware increased by 49 percent.

The data of potential borrowers of Bank Dom.RF are being sold on the Internet

 The data was obtained as a result of a leak. A representative of the bank explained its vulnerability in the remote filing of initial applications for cash loans

Data about people who applied for a loan from Bank Dom.RF were put up for sale on the Internet. The bank confirmed the leak. The Central Bank is conducting a check.

The data of Russians was put up for sale on a specialized website. The announcement was published on April 3. According to the owners, they have more than 100,000 records of those who have applied for a bank loan. The records date back to 2020-2021. They may include information about the loan amount request, phone numbers, email addresses, full names, date of birth, passport information, TIN, SNILS, home and work addresses, job title, income and proxy information. The database sells for 100 thousand rubles ($1,308), individual lines for 7-15 rubles ($0.09 - 0.20).

Bank Dom.RF belongs to the same name financial development institution in the housing sector, which is fully controlled by the state. It is in the top 20 banks in terms of capital and in the top 3 in terms of the mortgage portfolio. It was formed in 2017 on the basis of the bank Rossiyskiy Kapital, which is being reorganized.

Dom.RF reported that the leak was due to a vulnerability in remote initial cash loan applications. The bank notes that the data prevents access to customer accounts. "As part of operational work, it was eliminated in a short time, at the moment all the bank's systems are functioning normally. For preventive purposes, the security service of Dom.RF checked the integrity of all other systems of the bank and found no violations," reported the bank.

Russian media have already checked the data from a database. Six people responded and four of them confirmed that they had applied to the bank for a loan or were already its clients.

Russian Law Requires Smart Devices To Come Pre-Installed With Domestic Software

Russia is taking security measures against technology that can hurt big tech companies in the region. In light of new laws, every smart device such as TVs, computers, smartphones, and tablets that will be purchased in Russia from now it is mandatory for it to come with pre-installed Russian-domestic software in the device. The new law is deciphered as an attempt by the government to shut down online freedom but the government officials are stating that this initiative has been introduced to promote home tech firms and to help Russian home tech companies to compete with foreign counterparts. 

The two Russian tech giants such as Yandex and Mail.ru. will be providing the pre-installed software in smart devices. 

“The law applies from Thursday to all devices and the Company said that it would offer apps from Russian developers to users activating phones but that all apps were checked to make sure they meet Apple's own privacy and security policies", Reuters said. 

In other words, it means that clients will be able to choose Russian-domestic software and apps over multinational companies’ software when setting up their smart devices. Additionally, on Twitter an iOS developer – Tian Zhang has shared a video of the new setup process on Thursday. 

Now a screen in the setup reads, "In compliance with Russian legal requirements, continue to view available apps to download." Tapping "continue" redirect the user to a list of Russian-domestic software and apps, including several from the search giant Yandex. 

Intelligence is saying that Russia is trying to compete with the US tech giants in the country and simultaneously trying to strengthen its reliance on its government-controlled "sovereign internet." 

It is about the last month when the Russian government slowed down Twitter in the response to Twitter's refusal to remove the banned content from the platform, but that ended up blocking several domains, including the Kremlin's website.

Russia has created a new data transmission device with protection against cyber threats

It is the first SD-WAN-class development that supports Russian encryption algorithms and is included in the Russian software registry.

Sberbank's press service reports that the technology can allow state institutions and companies of any industry to build a corporate network in minutes, provide a stable connection to regional branches and home offices and protect the data transmitted between them. A single device replaces multiple types of network equipment and includes automatic use of various information security features.

The development consists of two parts: the hardware, which is installed in the offices of the enterprise, and the cloud, where the hardware is managed. The solution can reduce the cost of deploying and maintaining the network by about 2.5 times, as well as reduce the cost of personnel, local installation and manual configuration of each device separately.

"In fact, we have created a universal platform for organizations that combines many network devices at once, including information security tools. BI.ZONE Secure SD-WAN requires no special skills, any employee can connect it to the company's network in a few minutes, and its cost is almost three times cheaper than traditional solutions. Thanks to the cryptographic protection the development is suitable for government agencies, banks and other organizations that work with confidential and personal data or payment information," said Director of Managed Services Unit at BI.ZONE.

The new development is included in the register of Russian software, so it is suitable for organizations that adhere to the import substitution policy. Also, for some organizations, the opportunity to work on a service model with outsourcing of network security management tasks will be an advantage.

Great Britain named Russia as the main threat in cyberspace

 Lindy Cameron, executive director of Britain's National Cyber Security Center (NCSC), said on Friday that the Russian Federation poses the greatest threat to Britain in cyberspace.

According to her, as in any other area related to security, in cyberspace, Russia poses the most acute and urgent threat to the United Kingdom.

"We need to look carefully at China's ambitions for technological development. China will change the world we live in in a much more fundamental way than Russia," said Cameron.

Against the backdrop of the current world situation, she urged against complacency, complaining that cybersecurity is still not getting the attention it deserves. She also cited incidents involving cyberattacks against IT company SolarWinds and Microsoft Exchange service.

E Hacking News reminds that the NCSC is in charge of the Government Communications Center, the British intelligence agency responsible for conducting electronic reconnaissance and ensuring the protection of government and military information. The NCSC, in turn, works with the public and commercial sectors to respond to cyberattacks and to protect private and public information networks.

In December 2020, U.S. media reported that hackers linked to a foreign government hacked systems belonging to the U.S. Treasury Department, the Department of Homeland Security, the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA), as well as networks at the Pentagon, Department of Energy and NNSA's nuclear safety agencies. A number of U.S. officials said the hacker group APT29 or Cozy Bear, allegedly linked to Russian intelligence, was likely behind the cyberattacks.

Later it became known that the cyberattack targeted SolarWinds, an IT company based in Austin, Texas. The hackers took advantage of the updates released by the company between March and June last year for its Orion software.

In March of this year, Microsoft warned that a hacker group allegedly backed by the Chinese government was exploiting security vulnerabilities in its Exchange Server messaging software, which is popular with U.S. agencies and companies.

Russia's Central Bank has warned of hackers targeting banks' mobile apps

 The Central Bank of Russia has warned of the emergence of a group of hackers investigating vulnerabilities in banks' mobile applications.

The Bank of Russia has detected a shift in hackers' attention from the banking infrastructure to customers' financial mobile applications in order to steal data or money from their accounts. The regulator suggests that a highly skilled hacker group has emerged in the financial market specializing in the deep analysis of mobile applications in order to detect and exploit weaknesses and vulnerabilities.

The survey is based on information exchange between the Central Bank and financial market participants. 818 organizations, including 365 banks, are currently included to it.

"The data available to the Bank of Russia suggests the emergence of at least one group of attackers focused on the skilled hacking of financial mobile applications," the survey said.

The Central Bank cited two examples in which cybercriminals discovered vulnerabilities in mobile apps and used them for hacking. As a result, in the first case, a server containing files with the personal data of a bank's customers - more than 100,000 lines - was published on the Web: Name, gender, mobile phone number, email address, place of work, account and bank card number, account type, currency. In the second case, the hackers managed to steal money by logging into the bank's mobile app and, when making a transfer, substituting their account number with that of another bank customer, who became the victim.

"These two examples are not the only cases of attacks on mobile applications of financial institutions that have occurred recently," the review specifies. In this regard, the Central Bank has recommended banks to strengthen the protection of mobile components of remote service systems.


A Russian IT expert said that home appliances threaten the security

In the last decade, a promising trend - the Internet of Things - has been actively developing in the world. Atypical functionality appears in many devices. Refrigerators are equipped with screens, kettles get Internet connection modules, and TVs get cameras. This is not a complete list of the symbioses that are formed in the modern world of technology, said partner and director of IQReserve Pavel Myasoedov.

According to the expert, this trend is clearly aimed at improving the quality of life, but along with it a number of cyber-threats emerge.

Devices are controlled by voice, receive our images and send all data to remote servers, where calculations take place, for example, to control the brightness of a smart light bulb or display a recipe on the refrigerator screen.

"At that time, there is a risk that the user's information or biometric data will be intercepted in the transmission process, or the server will be attacked by hackers. From this data, an attacker can learn a lot about a person. But this is not the biggest risk that smart home appliances bring to our world," noted Mr. Myasoedov.

Doorbells, cameras and microphones connected to the Internet allow us to monitor our actions from anywhere in the world in real-time. Switching on smart lights in different rooms will inform us about the person's movements in the apartment, while a sensor on the door will tell us when the person has left it. In some cases, the room can even be locked from the outside, creating a serious threat to life and health.

All this can let your partner know how and with whom you spend your time, and the thief will know the most appropriate moment to break into the apartment.

"Progress in terms of protecting devices from unauthorized access, of course, does not stand still. But today the Internet of Things is lagging far behind in terms of security. Neither manufacturers nor third-party companies offer sufficiently reliable anti-viruses and protection systems. So while smart technology is still developing, you have to be careful not to rely entirely on household appliances and not to load too much information into them," warned the expert.

U.S. authorities found no evidence of Russian hackers' influence on the presidential election

U.S. authorities found no evidence that hackers affiliated with foreign governments were able to block voters from voting, alter votes, interfere with the counting or timely transmission of election results, alter technical aspects of the voting process, or otherwise compromise the integrity of voter registration or ballot information submitted during the 2020 federal election.

This is reported in a joint report by the US Department of Justice (including the FBI) ​​and the Department of Homeland Security (including the Cyber ​​and Infrastructure Security Agency).

According to the report, "as part of Russia's and Iran's extensive campaigns against critical infrastructure, the security of several networks to manage some election functions was indeed compromised. But it had no meaningful impact on the integrity of voter data, the ability to vote, the counting of votes, or the timely transmission of election results. Iran's claims to undermine public confidence in the U.S. election infrastructure were false or exaggerated".

However, experts have identified several incidents in which malicious actors linked to the governments of Russia, China and Iran significantly affected the security of networks linked to U.S. political organizations, candidates and campaigns during the 2020 federal election. In most cases, it is unclear whether the attackers sought access to the networks for foreign political interests or for operations related to election interference.

In a number of cases, the attackers collected at least some information that they might have published in order to exert influence. However, no evidence of publishing, modifying or destroying this information was found.

"We found no evidence (either through intelligence gathering on the foreign attackers themselves, through monitoring the physical security and cybersecurity of voting systems across the country, or through post-election audits or any other means) that a foreign government or other parties compromised the election infrastructure to manipulate the election results," the report authors summarized.

The first IPO of a cybersecurity company is being prepared in Russia

Russian cybersecurity company Positive Technologies is about to conduct an initial public offering (IPO) on the Moscow Stock Exchange. In Russia, firms from this segment have not yet been listed on the stock exchange.

Positive Technologies plans to go for an IPO. The company plans to float about 10 percent of its shares on the Moscow Stock Exchange, which may correspond to $200-300 million if the company is valued at $2-4 billion by the end of 2021. Positive Technologies declined to comment.

Apart from Russia, Positive Technologies is also present in Europe, the United States, the CIS and Africa. According to the Telegram channel SecAtor, the company values itself at $1 billion. Forbes has rated Positive Technologies as one of the most valuable Runet companies at $580 million.

The company relies on the active participation of individuals in the IPO. It should be noted that Positive Technologies primarily considers investors in the IT-sphere to be its target audience. 

Yandex, Mail.ru Group and Ozon are present on the Moscow Stock Exchange, but so far there is no cyber security company, said Andrey Konusov, general director of Avanpost. "This is a new move for the Russian market, and it is a very right and timely idea," he believes. 

According to Oleg Zhelezko, the founder and managing partner of Da Vinci Capital Management, any technology company will be in great demand from investors, because it is currently the most promising segment.

Positive Technologies' competitors are still skeptical about the company's decision. "The bureaucratization of public companies often prevents them from making quick decisions, which is a critical condition for the development of innovations in the cybersecurity market," said Eugene Kaspersky, CEO of Kaspersky Lab. According to him, Kaspersky Lab has enough internal resources for financing and does not need to raise additional investments, so it is not planning an IPO.

Russian search engine will be required to be installed in the browser on smartphones

The authorities plan to oblige manufacturers of smartphones and tablets to install domestic search engines by default in the browser. Ministry of Digital Development, Communications and Mass Media, also known as MinTsifry, plans to prepare a corresponding government decree by April.

In the current version of the law on pre-installation of the software, manufacturers can offer certain services to choose from when activating a device. Users can skip their installation. According to the forthcoming decree, the domestic search engine must be installed by default in the browser.

The authorities want to oblige device manufacturers to install domestic search by default in order to level the market between Russian and foreign players. It is primarily a question of supporting Yandex.

Yandex reported that they had not seen the final version of the decree. "We believe that everyone should be able to choose freely and the most optimal solution could be a "window of choice" for a search engine", said the company.

Karen Kazaryan, an analyst at the Russian Association of Electronic Communications, believes that if the initiative of the authorities is implemented, Google's revenues will decrease and the corporation may change its strategy of work in the Russian market, for example, revise agreements with smartphone manufacturers.

On April 1, the rules will come into force obliging manufacturers to pre-install Russian applications on tablets and smartphones. According to the approved rules, 16 services will be obligatory, including browsers, search engines, social networks, messengers, mail services, news aggregators and the State Service application.

According to Yandex's own data, the company's share of the Russian search market was 59.7% in the fourth quarter of 2020. Mobile traffic accounted for 53.3% of ad sales on the search results page. Mobile Research Group analyst Eldar Murtazin predicts that if the Ministry's initiative is implemented, Yandex's share in mobile search may quickly increase because most users will not want to spend time replacing the default search engine.

Experts have found vulnerabilities in thousands of surveillance cameras in Russia

 More than 6,000 surveillance cameras in Russia are open to the public, some of them are located at industrial enterprises and critical infrastructure facilities

According to Avast, an IT security software company, more than 6.3 thousand CCTV cameras in Russia can be accessed by anyone: they have open IP addresses, making them accessible to cybercriminals.

Some of these cameras are located at critical infrastructure facilities and industrial enterprises. "The system of most of these cameras can be accessed without a username and password, or the password is set by default," explained Avast. These cameras can be used to set up an illegal video surveillance system. Another threat is that their IP addresses could be used by cybercriminals to gain access to the networks of companies or businesses. Cameras in banks that are open to the public threaten to leak credit card and passport data.

Experts noted that data from cameras, for example, can be a source of information about a person's movements. For example, an attacker could map a person's movements around the city. In case, of course, that the quality from the cameras allows a specific person to be recognized.

According to them, too little attention is usually paid to the security of the cameras. "Default ports and passwords and the use of the cheapest Chinese devices with insecure firmware are the norm rather than the exception," stated the experts.

Avast cites data from the Internet of Things search engine Shodan.io, which monitors vulnerable IP addresses. According to Shodan.io, Russia has the fifth-highest number of open IP surveillance cameras, behind Vietnam, Taiwan, South Korea and the US.

TelecomDaily analysts estimate that in terms of the total number of installed video surveillance cameras, Russia is in third place in the world with 13.5 million, or 93.2 units for every thousand people. Only China and the US have more cameras.

Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work

Business communication between defense industry employees in WhatsApp, Skype and Zoom has become stricter suppressed by the management

A source in the military-industrial complex (MIC) said that all corporate and working chats of employees of the Rostec State Corporation and its subsidiary holdings and companies are to be transferred from WhatsApp to another messenger in the near future.

According to him, this decision was made due to the fact that the management of the messenger WhatsApp announced changes in the privacy policy and the transfer of additional personal data of users to Facebook. "At the same time, employees of the state corporation and its enterprises will still be allowed to have WhatsApp on their personal phones for personal communication," added the source.

A second source in the military-industrial complex said that the ban on the use of foreign applications for work purposes by employees of the MIC has always existed, but not all employees paid due attention to it. "Both now and before, it was simply impossible to install WhatsApp or Skype on a work computer. But to speed up communication processes and their own convenience, many employees unauthorizedly used Zoom, Skype and so on," explained he.

Rostec confirmed that there are restrictions on the use of foreign applications such as Zoom, Skype, WhatsApp, etc., specifying that these applications are prohibited to be installed on corporate laptops and computers.

Instead, it is proposed to use domestic solutions, including Rostec's own developments. "In particular, throughout the pandemic, online meetings were held on the IVA platform," said Rostec.

The personal equipment of employees are not affected by these restrictions, the press service of the state corporation clarified, assuring that they have nothing to do with the new policy of WhatsApp: "The risks did not arise now, they have always existed, and we were obliged to mitigate them."

Rostec is a major industrial company that operates in the defense sector and develops high-tech civilian areas - in aviation, engine construction, electronics, medicine, pharmaceuticals and other areas. "This dictates very serious requirements to information security", summed up the press service of the state corporation.

Russian authorities slow access to Twitter over banned content

The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)  accused Twitter of numerous violations and failure to remove prohibited information. On March 10, the work of the social network in Russia began to slow down.

Russian parliamentarians supported Roskomnadzor's decision to slow down Twitter.

Earlier, the press service of the department said that they would reduce the speed of the social network on all mobile devices. This decision is due to the reluctance of the Twitter administration to block illegal content, including calls to suicide, child pornography and information about drugs. Roskomnadzor did not rule out a complete blocking of the service if nothing changes.

The Kremlin considered Roskomnadzor's claims to the social network justified and called on the company to comply with the requirements of Russian legislation.

According to the deputy of the State Duma Anton Gorelkin, the state has no other tools left to influence the violator, except for tough measures.

"It is impossible to ignore the fact that Twitter acts in Russia as an instrument of political manipulation of public opinion, blocks the Russian media. At the same time, it continues to earn money in our country," he wrote in his Telegram channel.

The parliamentarian explained that slowing down the service is a way to affect the company's commercial profit, which it prioritizes. Gorelkin expressed hope that the new measures will be more effective than "modest Russian fines."

Head of the State Duma Committee on Information Policy Alexander Khinshtein called the actions of the department adequate. According to him, "it is impossible to look further and put up" with Twitter's policy.

Senator Alexander Bashkin believes that the decision of Roskomnadzor will serve as a "sobering shower" for other social networks that do not comply with the requirements of Russian legislation. In his opinion, Twitter has long been "a weapon that is used not only against Russia but also against freedom of speech, information and democratic foundations."

The first deputy chairman of the Committee of the Federation Council on International Affairs Vladimir Dzhabarov warned that other platforms in the event of serious violations may face retaliatory measures - up to the closure.

Earlier, E Hacking News reported that, according to  the Russian Foreign Ministry, Maria Zakharova, Western Internet giants (such as Facebook, Twitter, and Google) "operate in our environment, but at the same time they often do not obey any Russian laws."

Recall,  Twitch, Twitter, Facebook, YouTube and Instagram previously blocked Trump's accounts for various periods of time due to his statements about the riots in Washington on January 6.


Kremlin concerned about the report of possible US cyber attacks

The New York Times previously reported that the United States plans to carry out cyber attacks on the internal systems of the Russian authorities within the next three weeks

Russian presidential spokesman Dmitry Peskov said that Moscow is concerned about the report of possible cyber attacks by the United States. He also called the accusations of the US State Department of Russia spreading misinformation about foreign vaccines absurd.

Mr. Peskov commented on The New York Times report on the impending cyberattacks on the internal systems of the Russian authorities in response to the attack on SolarWinds. A Kremlin spokesman called it "alarming information" that appeared in a "fairly reputable American publication."

Dmitry Peskov said that "this is nothing but international cybercrime." "Of course, the fact that the publication admits the possibility that the American state may be involved in this cybercrime is a reason for our extreme concern," Mr. Peskov told reporters during a press call.

He also commented on the statement of the official representative of the US State Department, Ned Price, that four Russian online platforms run by the Russian intelligence services spread misinformation about vaccines approved in the United States. "We do not understand the reasons for such statements. We will continue to patiently explain that such reports are completely absurd," said Dmitry Peskov. "We have always been against politicizing any issues related to the vaccine in any way," added the Kremlin spokesman.

Mr. Peskov also said that the Russian vaccine "Sputnik V" is constantly criticized without any serious grounds. “The Russian vaccine is criticized on a daily basis with an attempt to pretend to be objective or without any attempts to pretend to be objective - just sweeping criticism. We've always been against it. The Russian Federation has not participated and is not going to participate in such an information campaign against any other vaccines," stated Dmitry Peskov.

Recall that on Sunday, The New York Times, citing sources in the US administration, reported that the US plans to carry out a series of cyberattacks on the internal systems of the Russian authorities over the next three weeks in response to an attributed hacker attack through SolarWinds software.

Representative of the Russian Foreign Ministry announced the need for universal regulation of the Internet

According to the official representative of the Russian Foreign Ministry, Maria Zakharova, the actions of social networks that block political content should be regulated at the international level

Russian Foreign Ministry spokeswoman Maria Zakharova stated the need for an international legal approach to regulating the Internet against the background of the blocking of publications of Russian media by the social network Facebook. Ms. Zakharova noted that Western Internet giants (such as Facebook, Twitter, and Google) "operate in our environment, but at the same time they often do not obey any Russian laws."

On March 7, Facebook blocked access to information materials about the detention in Voronezh of supporters of the Ukrainian youth radical group "Maniacs. The cult of murderers." Articles of such newspapers as TASS, RBC and Vedomosti were blocked. The materials were written on the basis of the official release of the FSB and the Investigative Committee of Russia.

"All this requires a regulation. Our legislators and the relevant authorities are now engaged in all this. We believe that there should be some common international legal approach to regulating the Internet," said Zakharova.

Maria Zakharova noted that Russia has long-faced blocking of accounts, materials and pages. "For many years, we have been offering an initiative in the field of international information security. And now such an initiative has been announced," added she.

Internet giants, according to Ms. Zakharova, "behave outside the legal framework, if we talk about the jurisdiction of our country, our legal framework". They often do not obey, but "sometimes directly violate, and despite the violation of these laws and regulations, sometimes the fines are completely ignored, which is unacceptable."

Earlier, Roskomnadzor demanded that the social network restore access to information materials. In addition, the speaker of the State Duma Vyacheslav Volodin condemned the blocking of the Russian media materials by the social network Facebook. He said that the deputies intend to "propose legislative solutions that would not allow such a thing," as well as discuss the issue at the international level.

Data from the Russian cybercriminal forum Maza (Mazafaka) leaked to the network

Attackers hacked the Russian-language forum Maza, which was used by the hacker "elite". According to experts, competitors or an anti-hacker group may be behind the hacking

The forum of elite Russian-speaking hackers Maza was hacked in February, as a result of the attack, the data of more than 2 thousand cybercriminals were freely available.

This is a community of cybercriminals and financial fraudsters, many of whom began their criminal activities in the mid-1990s.

According to the US cybersecurity company Flashpoint Intel, the forum was hacked on February 18. As a result, "usernames, passwords, e-mails of users and alternative ways of communicating with them, such as contacts in ICQ, Skype, Yahoo and Msn," leaked to the network.

The message about the hacking of the site appeared on the forum itself, and it was translated into Russian with the help of an online translator. Experts believe that this is either proof that the forum was hacked by non-Russian-speaking criminals, or it may be an attempt by attackers to "send analysts on a wild goose chase."

The experts suggest that anti-hacker groups or so-called white hackers working on behalf of the authorities may be behind the cyberattack on Maza. The forum could also be hacked by competitors.

Mikhail Kondrashin, Technical Director of Trend Micro Russia and the CIS, notes that Maza was already hacked ten years ago.

"But this has not shaken the stronghold of the cybercrime underground," said the expert.

According to him, the data from this forum is "invaluable information" for law enforcement agencies, and with the proper operational application, this information can help reduce the overall level of cyber threats in the world.

According to Ilya Tikhonov, an expert of the information security department of Softline, the data obtained can be very valuable for combating cyber attacks, even if there was no hacker software on the forum.

"The correspondence and user credentials will also be useful," added he.

At the same time, the founder of the DLBI data leak intelligence service, Ashot Hovhannisyan, doubts that such a leak will affect the fate of hackers. In his opinion, the disclosure of email addresses on the forum is not proof that they participated in illegal activities.

At the same time, Hovhannisyan noted that usually hacker forums are hacked by competitors. Hacking Maza, in his opinion, could be a warning to the owners of the forum from competitors.

Other experts suggested that, most likely, the reason for the attack was personal or financial interest. It is possible that some of the participants were insulted or someone has underpaid the money promised from the fraudulent scheme.


Russian Hacking Forum Maza Hijacked, Suffers Data Breach

Cybercriminal forum Maza was recently hit by a data breach that led to the leak of user information. Earlier this week, experts at Flashpoint found the breach suffered by Maza, (earlier called Mazafaka) that has been on the web since 2003. It is a reserved and strictly restricted platform for Russian hackers. The group is involved in carding, which involves the selling of stolen credit card/financial information on the web, besides this, the forum discusses spam, exploits, malware, phishing attacks, money laundering, and much more. The hackers posted a warning message "This forum has been hacked/Your data has been leaked," after the successful breach of the platform.  

The leaked information includes usernames, user IDs, email IDs, links to messenger app that include- MSN, messenger, and login credentials (obfuscated and hashed). ZDNet reports, "In January, Russian forum Verified was taken over without warning. The introduction of new domains, temporary open registration, and the silence of old moderators has raised suspicion among some users as to the intentions of the new owners." According to Flashpoint, around 2000 user accounts were breached. Users discussing the breach said that they'll now have to find another forum, whereas other users believe that the breach is partial or old. 

As of now, the experts are unaware of who hijacked the forum besides the fact that hackers might have used an online translator to post the warning. It implies that the hackers may not be Russian speaking unless they did it intentionally to misguide.  This is not the first time Maza was hacked, back in 2011 by a rival group named DirectConnection, around 2000 user accounts were leaked. Soon, DirectConnection was compromised as a retaliation.  

Aleksei Burkov, known as alias 'Kopa,' is said to be the admin for both the forums. He was sentenced to prison for 9 years by US authorities against the charge of running the Cardplanet carding forum. "Users may be justified in such concerns, especially considering law enforcement is now posting 'friendly' warnings on hacking forums to discourage illegal activities," says ZDNet.As of now, no latest developments have appeared. Stay updated to know more.

FacePay fare payment system to launch in Moscow metro by the end of the year

"In the Moscow metro, by the end of 2021, we plan to launch contactless fare payment for travel through a face recognition system", said deputy head of the metro Andrey Kichigin. This payment method will be available at the turnstiles and at the ticket offices. This feature is currently being tested.

According to him, to pay for the fare, you only need to go to the camera, and it counts the face of the passenger, even in a mask. Similar systems have proven themselves in London, Singapore and Dubai.

"First of all, the facial recognition system ensures the safety of trips. We all want to live and move around in a safe city and provide our passengers with the highest level of security," added Kichigin.

According to the deputy head of the metro, the facial recognition system does not know any surnames, names, or other personal data.

The information is stored in a data center that only law enforcement agencies have access to. The protection is reliable, the system can not be connected from the outside, unauthorized access is impossible. The system records each operation, which allows you to understand who, when and what data was requested.

Information security expert Sergei Vakulin criticized the FacePay fare payment system.

"No system is secure. There is a possibility that the data will leak somewhere, and it may be discovered years later. As for security in general, facial recognition, biometric data, then the situation is 50-50. The fact is that the system will not be fully debugged with our technologies, because the person is changing. Clearly, there will be some mistakes, maybe he will grow a beard, and how will he be recognized?" noted the expert.

Database of 21 million users of popular VPN services leaked

The database contains email addresses, passwords and usernames of Russian users. This information can be used by hackers to obtain bank card data.

A database of 21 million users of free VPN services GeckoVPN, SuperVPN, and ChatVPN for the Android operating system was put up for sale on Darknet.

According to the SuperVPN page in the Google Play Store, the app has been installed more than 100 million times. GeckoVPN has over 10 million installs, and ChatVPN has over 50,000.

The database contains e-mail addresses, passwords and usernames of users. One of the archived samples for sale contains data about VPN users' devices, including serial numbers, phone types, and brands.

SuperVPN users' data was already in the public domain as a result of a large-scale leak last summer. The founder of the company "Internet-search" Igor Bederov, in an interview with the publication, said that the new data leak of free VPN users occurred due to "obvious negligence in handling confidential information." “Service owners have not trite to change the default passwords on their database servers,” he explained.

According to experts, user data can be used by fraudsters for phishing and man-in-the-middle attacks, when a hacker puts malicious tools between the victim and the target resource, thus intercepting the user's web sessions.

Alexei Kubarev, an expert at the Solar Dozor Product Center, told that such attacks endanger confidential data transmitted from devices over the Internet, including passwords and CVV codes of bank cards.

According to Denis Batrankov, an independent information security expert, users of VPN services need to set unique passwords so that in the event of a leak, fraudsters cannot brute force access to other services with the same password.