Facebook fined $5bn over Cambridge Analytica scandal










US regulators the Federal Trade Commission (FTC) has approved a fine of $5 billion on Facebook to settle an investigation into Cambridge Analytica scandal, reports in US media. 

The commission was investigating the data breach that that affected more than 87 million Facebook users. 

The main focus of the investigation was to find out whether Facebook had violated a 2011 agreement which prohibits companies from obtaining users data without notifying them. 

"With the FTC either unable or unwilling to put in place reasonable guardrails to ensure that user privacy and data are protected, it's time for Congress to act," US Senator Mark Warner said.

The fine of $5bn was sanctioned by the FTC in a 3-2 vote with Republican commissioners in favor and Democrats opposed.

According to the New York Times report the Democrats wanted to take stricter action against the firm,  while other Democrats criticized that the fine is too less. 








US cyber attacks on Iranian targets not successful: Minister

U.S. cyber attacks against Iranian targets have not been successful, Iran's telecoms minister said on Monday, within days of reports that the Pentagon had launched a long-planned cyber attack to disable his country's rocket launch systems.

Tension runs high between longtime foes Iran and the United States after U.S. President Donald Trump on Friday said he called off a military strike to retaliate for the Middle East nation's downing of an unmanned U.S. drone.

U.S. President Donald Trump said on Saturday he would impose fresh sanctions on Iran but that he wanted to make a deal to bolster its flagging economy, an apparent move to defuse tensions following the shooting down of an unmanned U.S. drone this week.

On Thursday, however, the Pentagon launched a long-planned cyber attack, Yahoo News said, citing former intelligence officials. The cyber strike disabled Iranian rocket launch systems, the Washington Post said on Saturday.

"They try hard, but have not carried out a successful attack," Mohammad Javad Azari Jahromi, Iran's minister for information and communications technology, said on social network Twitter.

"Media asked if the claimed cyber attacks against Iran are true," he said. "Last year we neutralised 33 million attacks with the (national) firewall."

Azari Jahromi called attacks on Iranian computer networks "cyber-terrorism", referring to Stuxnet, the first publicly known example of a virus used to attack industrial machinery, which targeted Iran's nuclear facilities in November 2007.

Stuxnet, widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility in the Iranian city of Natanz.

Washington accused Tehran of stepping up cyber attacks.

Officials have detected a rise in "malicious cyber activity" directed at the United States by people tied to the Iranian government, Chris Krebs, director of the Department of Homeland Security's cybersecurity agency, said on Saturday on Twitter.

US Cyber Command launched a digital strike against an Iranian spy group





The United States’s Cyber Command launched a retaliatory digital strike against an Iranian spy group that is believed to be behind a series of attack on commercial ships, according to two former intelligence officials.

The Iranian spy group has ties with the Iranian Revolutionary Guard Corps, a division of Iran’s Armed Force group. For the past several years, they have been digitally targeting the military and civilian ships that are passing through the economically important Strait of Hormuz. 

The exact details of the retaliatory strike are unknown. However, the strike against the group is said to have taken place on the same day when Iran shot down $180million unmanned US surveillance drone. 

A Pentagon spokesperson only told Yahoo News that 'as a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.'



Telegram hit by DDoS attack





A most secure messaging app Telegram has been hit by a "powerful" distributed denial-of-service (DDoS) attack on Wednesday morning.

The app was down for many users across the globe, but people in the United States were most badly affected by this attack, according to DownDetector.

The  company said in a tweet, ‘We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues.’

The app was down for just a little over an hour, and in the meantime, the company tweeted an explanation of how a DDoS attack works.

"Imagine that an army of lemmings just jumped the queue at McDonald's in front of you – and each is ordering a whopper," Telegram tweeted. "The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can't even see you to try and take your order."

The firm described the whole mechanism of how hackers accomplish a DDoS attack.

"To generate these garbage requests, bad guys use 'botnets' made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa," the company said in another tweet.

However, Telegram said that every users’ data was safe, there was no kind of data hack through the whole attack. 

"There's a bright side: All of these lemmings are there just to overload the servers with extra work – they can't take away your Big Mac and Coke," the company tweeted.

Telegram refused to respond to a request for comment. 






3 million dollar was stolen from Investment company through email hacking scam




According to authorities, Two con artists from New Jersey and their team hacked into several corporate accounts stealing almost $3 million which was meant for a Manhattan real state transaction on Thursday.

The fraud took place after two foreigners gained access to the corporate email account of the investment company, they were keeping eye on potential investment deals through the emails. The name of the investment firm has not been revealed.

Before a deal of $2.8 million dollar was done, the foreigners emailed the investment company fraudulent account details that appeared to be coming from intended recipient. According to the prosecutors, the two foreigners who planned and stole the money from investment company are known by the name  Estarlin Reynoso and  Lucy Beswick

According to the court papers, Beswick, 27 instructed  Reynoso, 29, step by step on how to open a business account and how to wire the stolen funds through the whatsapp messaging service.

Manhattan DA Cyrus Vance said “New Yorkers whose jobs include wiring money should pay attention to this case, Business email compromises cause billions in worldwide losses each year, but there are steps that companies large and small can take to avoid becoming a victim.”

Vance has suggested businesses to be careful of the authenticity of the emails. They should be verified through verbal communication if transfer of funds are involved.He also suggested to use anti-phishing tools to authenticate emails.

According to the Prosecutor, Reynoso transferred funds to three different banks in China before the fraud was detected. Both the accused were charged with Larceny,identity theft and criminal possession of stolen funds.
The investment company was able to recover most of the funds. Beswick was freed without bail while Reynoso was released on bail for $10000.


Hackers charged with stealing $ 2.4 million



A group of hackers from the cybercrime group known as “The Community” charged in the U.S for “Sim Hijacking” attack and commit wire fraud along with 3 former employees of mobile phone providers.

All the 6 members of “The community ” group alleged to have participated in thefts of victims’ identities and used the data to steal cryptocurrencies via SIM Hijacking attack also known as SIM Swapping.

“SIM Hijacking” or “SIM Swapping” is an identity theft technique that exploits a common cyber-security weakness – mobile phone numbers.

This special technique used by hackers to gain control of victims’ mobile phone number in order to route the victims mobile traffic such as phone calls and short message service (“SMS”) messages through the devices controlled by “The Community”.

According to the fifteen-count indictment unsealed, SIM Hijacking was accomplished by a member of “The Community” contacting a mobile phone provider’s customer service—posing as the victim—and requesting that the victim’s phone number be swapped to a SIM card (and thus a mobile device) controlled by “The Community”. Later, Hijacked new SIM will be used as a gateway to gain control of online accounts such as a victim’s email, cloud storage, and cryptocurrency exchange accounts.

Here is the list of 6 “The Community” 3 former employee of mobile phone provider.

Conor Freeman, 20, of Dublin, Ireland

Ricky Handschumacher, 25 of Pasco County, Florida

Colton Jurisic, 20 of, Dubuque, Iowa

Reyad Gafar Abbas, 19, of Rochester, New York

Garrett Endicott, 21, of Warrensburg, Missouri

Ryan Stevenson, 26, of West Haven, Connecticut

Charged in the criminal complaint were:

Jarratt White, 22 of Tucson, Arizona

Robert Jack, 22of Tucson, Arizona

Fendley Joseph, 28, of Murrietta, California

Unprotected database exposes data of 80 million US households




Security researchers have uncovered a security breach that exposes the data of more than half of United States households. 

Experts working with a firm named vpnMentor, that expertises in analyzing virtual private network services, discovered a database containing details of about 80 million American households. 

The database was hosted on a Microsoft cloud server, that includes some sensitive information like names, addresses, locations, gender, age, income, home type and marital status, among other data. 

However, social security numbers and credit card details were not enlisted there. 

Researchers Ran Locar and Noam Rotem said it's unclear who owns the 24-gigabyte database.  

'Unlike previous leaks we've discovered, this time, we have no idea who this database belongs to,' the researchers said. 

'It's hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.'  

Meanwhile, the database is still available online, and is not protected by password. 

'This isn’t the first time a huge database has been breached,' the researchers explained. 

'However, we believe that it is the first time a breach of this size has included peoples' names, addresses, and income. 

'This open database is a goldmine for identity thieves and other attackers,' they added.  







WikiLeaks‘ founder Assange arrested after seven years hide out inside Ecuador embassy







British police has finally arrested the WikiLeaks founder Julian Assange from the Ecuadorian embassy in London after Ecuador government withdrew asylum citing his bad behavior. 

The arrest has closed the seven year long dramatic stint which could end up in landing in a United States prison as he is facing  a hacking conspiracy charge.

According to an indictment Assange conspired with former Army intelligence analyst Chelsea Manning to steal, and publish classified documents. 

Soon after his arrest, Assange appeared before Westminster Magistrates’ Court, where District Judge Michael Snow found  him guilty for breaching his bail conditions, flatly rejecting his assertion that he had not had a fair hearing and a reasonable excuse for not appearing.

“Mr. Assange’s behavior is that of a narcissist who cannot get beyond his own selfish interests,” Snow said. “He hasn’t come close to establishing ‘reasonable excuse.’”

While, Assange waved to the public from the gallery as he was taken to the cells. His next appearance would be on May 2 via prison video-link for his extradition case.

Whereas his attorney, Jennifer Robinson, said he will fight any extradition to the U.S.

“This sets a dangerous precedent for all journalist and media organizations in Europe and around the world,” she said. “This precedent means that any journalist can be extradited for prosecution in the United States for having published truthful information about the United States.”


U S disaster relief agency leaks private data of hurricane survivors


The U.S. Agency for International Development (USAID) is activating a Disaster Assistance Response Team (DART) to Mozambique to lead the U.S. Government's response to Cyclone Idai, which has caused catastrophic flooding, killed hundreds of people, and affected hundreds of thousands of others in Mozambique, Zimbabwe, and Malawi.

The US Federal Emergency Management Agency exposed 2.3 million disaster survivors to possible identity theft, according to the new report.

To date, USAID has mobilized $700,000 in total assistance to support emergency water, sanitation, hygiene, and shelter needs in Mozambique, Zimbabwe, and Malawi caused by torrential rain and flooding in early March, followed by Cyclone Idai. Of this, $200,000 is for relief efforts in Mozambique in response to the damage caused by Cyclone Idai, and $500,000 was provided to Mozambique, Zimbabwe, and Malawi in response to the flooding earlier in the month.

Those exposed by the breach included survivors of Hurricane Harvey, which hit Texas in 2017. The report finds Fema unnecessarily shared personal information, including bank details, with the outside contractor while applying for transitional sheltering in hotels, according to a report by the Office of Inspector General. The name of the contractor was not made public.

The USAID DART, an elite team of US disaster experts, will assess damage, identify humanitarian needs, and work closely with local authorities and humanitarian organizations on the ground to provide critical assistance to people affected by the cyclone. The storm, which has destroyed homes, livelihoods, and public infrastructure, follows a week of heavy rains and flooding across Southeast Africa that had already displaced tens of thousands of people.

Fema admitted the leak but said it had found no evidence that the improperly shared data was compromised.

“Since the discovery of this issue, Fema has taken aggressive measures to correct this error,” Fema press secretary Lizzie Litzow said in a statement. “Fema is no longer sharing unnecessary data with the contractor and has conducted a detailed review of the contractor’s information system,” she added.

Pilots still waiting for Software Update of Boeing, which was promised last year






After a deadly crash of the Lion Air 737 MAX 8 in Indonesia in last October, company officials have met pilot union, and said that they are planning to the software for their 737 Max jets, but till now there has not been a single update.

Meanwhile, addressing the issue, the United States regulators said the software update would be ready by April.

“Boeing was going to have a software fix in the next five to six weeks,” said Michael, the top safety official at the American Airlines pilots union. “We told them, ‘Yeah, it can’t drag out.’ And well, here we are.”

The planned software update would let pilots to detect the problem, and will them from recurrence of the same problem.  Boeing officials  believe that pilots doesn't need any special training in order to learn the functioning of the software update, but they just need a small briefing on how the software fix would function.


Marshall Islands to launch digital currency this year

The Marshall Islands' is gearing to release a digital currency this year, although officials acknowledged Friday there is much work still to be done to alleviate concerns of United States financial regulators as well as solve technological and logistical issues. However, the launch date of the currency, known as the "SOV", has yet to be decided.

“We plan to launch SOV this year,” said Barak Ben Ezer, chief executive officer of Neema, the Israel-based company that is partnering with the Marshall Islands government to develop the digital currency.

A primary issue for the launch is that following the boom in 2017 and early 2018, the crypto-currency market value has plummeted.

"We are working days and nights to prepare the foundations of the SOV initial coin offering, with the goal of being ready to launch once positive momentum is back to the markets," Ezer said.

"It will be done once all stakeholders are convinced that SOV is ready, risks have been mitigated, and momentum is building." Neema and the Marshall Islands are working through a multitude of US regulatory concerns as well as the technological and logistical side of issuing the SOV using blockchain technology.

The Marshall Islands, a tiny Pacific atoll nation with a population of just 55,000, passed legislation a year ago to develop digital currency as legal tender.

The plan has since been criticized by the International Monetary Fund, the US Treasury Department and bank officials in the Marshall Islands.

They argue it has the potential for a negative impact on existing banks and for money-laundering, but Ezer believed that once fully developed, the SOV will be one the safest monetary systems in the world.

The US Treasury has concerns about "anonymous digital currencies, such as Bitcoin, (which) are often used for illicit purposes by people who want to conceal their identity," Ezer said.

Cyberattacks can even take human lives

Cyberattacks by nation-states will soon kill people, either deliberately or unintentionally, a senior security researcher told attendees at the RSA Conference this week.

The May 2017 WannaCry attacks by North Korea and the NotPetya attacks by the Russian military in June 2017 shut down hospitals, disrupted shipping and cost hundreds of millions of dollars in losses — much of it in the form of collateral damage.

It is inevitable, she said during her RSA presentation yesterday (March 5), that future nation-state attacks on such scale will cause loss of life.

"I rarely get to stand up in front of groups and tell them that the news is getting better," Joyce told the crowd. "But if you have purely destructive malware backed by a nation-state, then where does that leave us?"

NotPetya, which targeted tax-collection software that every business in Ukraine was obliged to run, masqueraded as ransomware, Joyce explained. But it was impossible to decrypt the affected data even if a ransom was paid. The goal of NotPetya was purely destructive, and the destruction streamed outward from Ukraine to infect companies and other institutions in 65 other countries.
Part of the collateral damage was at U.S. hospitals, Joyce said, where some patients could not be immediately treated as a result.

"A friend of mine who was suffering from throat cancer was turned away and told to come back next week," Joyce said.

"If you have purely destructive malware backed by a nation-state, then where does that leave us?"
—Sandra Joyce, FireEye senior vice president


Had anyone died as a result of NotPetya, that would have been an unintended consequence of a specific attack on Ukraine's economy. But nation-state malware already exists that is designed to deliberately kill people, according to Joyce.

Bomb hoax suspect arrested in US

Multiple charges have been laid thanks to the efforts of multiple departments spanning two countries, stemming from 10 bomb threats, including one in a school, late last week.

The man at the centre of recent bomb threats in Taber, Alta, has made his first appearance in a U.S. courtroom. It's not the first time the 36-year-old suspect has been arrested for allegedly making threats.

Justin Bagley of Elkville, Illinois has been charged with 11 counts of felony disorderly conduct in connection to a series of bomb threats made in the Town of Taber that spanned over three days. Class 3/4 disorderly conduct felonies can carry sentences ranging from one to five years in prison in the state of Illinois on each charge.

Timothy Dalton Vaughn is suspected of being part of the Apophis Squad hacker group that was allegedly behind the pranking spree. LA's airport was one target for the Apophis hacker group.

On Friday, police said three schools in Taber received anonymous bomb threats via phone calls from an unknown individual. Investigations found there was no threat at any of the schools, according to police.

In a news release issued on Monday, the Jackson County state’s attorney in Illinois said Bagley has now been charged with “11 separate disorderly conduct counts of making false bomb threats.”

A joint investigation got underway on Saturday when police in Taber contacted the Jackson County Sheriff’s office in Illinois.

The Taber Police Service, Medicine Hat Police Service, Jackson County police and United States Department of Homeland Security all participated in the investigation.

One member of Apophis, Briton George Duke-Cohan, is serving a three-year jail sentence for aiding the attacks.

Jackson County Sheriff’s office noted investigators were able to track the phone number used to call the targets in Taber, leading to the arrest of Bagley. All told, an international suspect was able to be arrested within a 72-hour time frame from when the first bomb threat was received on Thursday night at Wal-Mart in Taber.