now browsing by tag
On the dark web, there are plenty of people looking for a free ride. Or at least a very cheap one. A vendor on a dark web marketplace is advertising what they say are accounts for the scooter service Lime.
“This account is used free to locate rental scooters (with a random life),” a listing on a dark web market reads, referring to finding scooters that may be available to use. The vendor says they have accounts for both the European Union and the U.S.
“The accounts sold here are functional and verified. They are unique for sale. Once sold, the accounts are automatically deleted from my database,” the advert continues. The listing offers one account for €13.
Lime, like a wealth of other companies entering this space, lets users quickly rent scooters across major cities. Motherboard recently reported how Los Angeles wants scooter companies like Lime, Bird, and Uber’s JUMP to provide real-time location data of the scooters for city planning purposes, although activists have privacy concerns around the sharing of this data.
Armed with one of these accounts, it seems a customer wouldn’t need to pay Lime for using its scooters. The vendor has some conditions over using the accounts.
A section of the dark web listing offering Lime accounts. Image: Motherboard
“Do not change anything on the account (email/password etc),” they write. “Do not share the account (s).”
A Lime spokesperson said in a statement, “While this is not caused by any Lime security vulnerability, this illegal and dangerous behavior is absolutely against Lime policy and will not be tolerated on the Lime platform. We strongly remind our users that sharing account access information with any third party is against our user agreement and can expose them to significant cybersecurity risk.”
Lime added that it will be migrating iPhone users to Apple ID login in the future, and that the company does not allow people to use any password that has already appeared in HaveIBeenPwned’s leaked password list. The HaveIBeenPwned database, maintained by security researcher Troy Hunt, contains email addresses, usernames, and plaintext and hashed passwords from data breaches.
Motherboard previously discovered Uber accounts for sale on the dark web in 2015. Hackers were able to access these by using previously compromised passwords from other services.
Subscribe to our cybersecurity podcast, CYBER.
This article originally appeared on VICE US.
The post #deepweb | <p> Lime Scooter Accounts Are Being Sold on the Dark Web <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans If you like to watch movies and TV series online then you should know what Disney+ is but for those who don’t, Disney+ is a video-on-demand streaming service owned by Walt Disney. The service was launched last week on November 12th, 2019. However, word on the […] View full post on AmIHackerProof.com
The ransom demand was electronic.
In 2017, Newark’s computer system was hijacked by a group of hackers from halfway across the world, shutting down municipal services. Officials were given just seven days to come up with $30,000 in Bitcoin or they could kiss the city’s encrypted computer files goodbye.
They paid the ransom.
Cybercrime continues to explode nationwide, according to the Federal Bureau of Investigation’s most recent internet crime report. Last year, federal authorities received more than 350,000 complaints involving internet-based fraud, an increase of 16.7 percent over the previous year. Victim losses across the country in 2018 related to cybercrime totaled $2.71 billion.
In New Jersey, more than 8,400 victims across the state — including businesses, individuals, and government agencies — reported overall cybercrime losses last year of $79.7 million, making the state ninth in the nation for such high-tech theft, the FBI reported.
While much of that involved scams against individuals, businesses and Fortune 500 companies, the masters of the dark web have also been targeting your local tax collector’s office. Dozens of municipal government agencies in New Jersey have been victimized by hackers over the past two years, but have been reluctant to make those attacks public, officials say.
John Cohen, a senior expert on global threats for the Argonne National Laboratory and a professor at the Georgetown University Security Studies Program, said local governments remain easy targets for cyber criminals.
“Their systems remain vulnerable due insufficient security and local governments continue to pay the criminals,” Cohen said. “Until localities change their practices in the regard, they will continue to be targeted.”
In New Jersey, the state’s Office of Homeland Security and Preparedness said it has been tracking the threat of ransomware since 2015 and officials said municipal governments have long been in the mix.
“Many cyber-threat actors are just looking for low-risk targets and something they can monetize,” said Jared Maples, who heads the state agency. “The availability of hacking tools and the increasing number of unsecured internet-connected devices reduces the need for extensive technical skills to carry out successful cyberattacks.”
Officials at the Municipal Excess Liability Joint Insurance Fund, which helps insure public entities across the state, said they have seen a 540% increase in cyber attacks on local government agencies since 2013. About 80 events have been reported over that time, but officials with the fund said they were aware of 50 others that were never formally reported.
“Nobody wants to acknowledge they’ve been victimized,” said Marc Pfeiffer, assistant director of the Bloustein Local Government Research Center at Rutgers University, of the radio silence. Nobody is going to call a press conference to announce someone made off with taxpayer funds, he said.
Maples, meanwhile, believes that what is happening is only going to get worse.
“Cyberspace is a complex, diverse, and fluid security environment with real, persistent, and evolving threats,” he said. “The impacts of cyberattacks will increase as we enter into an era of autonomous systems, artificial intelligence, smart cities, hyper-connectivity, and the convergence of cyber-physical systems and devices.”
While many of the high profile cybercrime cases that have come to light in recent years have involved ransomware, where malicious software delivered by a link that should never have been clicked is used to corrupt and encrypt computer files, that is only one of many weapons commonly employed. According to the FBI, the attack tactic most gaining favor these days is known as Business Email Compromise, or BEC, which targets those who use wire transfers.
The BEC scam works by compromising the email of corporate executives — and sometimes of municipal officials involved in finance — and seeks to redirect wire transfers meant for suppliers or financial institutions to fraudulent accounts both here and abroad.
Earlier this year, Lawrence Espaillat, 41, of Clifton pleaded guilty in connection with a BEC scheme to steal more than $1 million from corporate victims and individuals. Authorities said Espaillat and others incorporated sham businesses and created email addresses, which mimicked but differed slightly from legitimate email addresses of supervisory employees at various companies. Emails from those sham accounts were then used to send what appeared to be requests for payment of legitimate invoices or debts owed by the victims.
Last year in New Jersey, according to state municipal finance officials, at least one unnamed municipality was sent wiring instructions by such a compromised email to change its bond anticipation note payments from what appeared to be one reputable banking institution to another. They sent $40,000 to the other account, which was fraudulent.
In August 2018, the FBI said received a complaint filed on behalf of another New Jersey town that fell victim of another BEC scam, transferring more than $1 million into the fraudulent account. Michael Doyle, an FBI supervisory special agent in New Jersey, would not identify the town, but said the money was recovered through a “financial fraud kill chain” that moves to quickly freeze funds and recall a wire transfer if they are alerted without delay.
Noting the explosion in BEC complaints nationally, Doyle said the nature of cybercrime is changing. More than $1.2 billion in losses were attributed last year to just on compromised business email scams.
“It dwarfs everything else,” the FBI agent said — far more than the $362 million lost to victims in confidence or romance fraud.
Yet while ransomware complaints do not top the list of cybercrime complaints, Doyle suspects what happened in Newark may be happening more than is being reported to authorities. How the money is taken has also morphed, he added, with the use of “money mules” in the United States who act — sometimes unwittingly — as a go-between, so that suspicions are not raised by having money directly wired overseas.
“It used to be jumping out of the country immediately,” Doyle said. Now, potential victims might think it suspicious to be told to send money to an account in Hong Kong. These days, money may be wired through a series of destination points before in lands in somebody’s pocket.
Last November, two Iranian men were indicted in connection with an international wave of ransomware attacks that shut down Newark’s computer systems, and led to the city’s payment of $30,000 to regain control of the city’s electronic files. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri where charged with running what officials called “an extreme form of 21st century digital blackmail.”
Both men remain at large.
Doyle said cybercrime is still far more likely to target big companies than town hall. Usually municipalities don’t have that kind of money. There’s no revenue stream.
Still, the problem for local government is growing, officials here say.
David N. Grubb, executive director of the Municipal Excess Liability Joint Insurance Fund in Parsippany, said the impact is not insignificant.
“When a municipality gets hit by one of these things, can’t quantify the disruption that occurs. There are things that can’t happen when you are trying to get the system up and running. There is a reputational cost,” he said. It can get residents quite upset.“
A spokeswoman for Newark said the city has made numerous changes and improvements to defend against similar attacks, including improvements to infrastructure, training as well as following professional recommendations that identified security gaps.
“While no amount of preparation protects any organization 100%, the city is in a much better position to thwart similar events,” said the spokeswoman, Crystal Rosa.
At the same time, she said the city is constantly being being targeted.
“Measures put in place, actions following the prior ransomware event, have identified attempts and been successful to date from any in-depth intrusion,” she said.
With three dozen or more New Jersey municipalities the victims of successful hacker attacks in just the last two years, Pfeiffer said local officials are paying more attention, and like Newark, said that the electronic systems of every municipality in the state are under attack daily. Most municipalities now have cyber insurance, he added.
But technology requires management, and that requires time and money.
“There are two things you cannot be without in managing technology,” he said. “You have to have somebody you trust advising you on technology. And you have to have a sound backup plan.”
Ted Sherman may be reached at email@example.com. Follow him on Twitter @TedShermanSL. Facebook: @TedSherman.reporter. Find NJ.com on Facebook.
Have a tip? Tell us. nj.com/tips
Get the latest updates right in your inbox. Subscribe to NJ.com’s newsletters.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Camden County residents are being warned about a new scam that targets your cellphone
Source: National Cyber Security – Produced By Gregory Evans 0 Camden County residents are being warned about a new scam that targets your cellphone CAMDEN COUNTY, Ga. – We’re always on our smartphones so it’s easy to let our guard down, opening the door for scammers. Now, our cash and identity can be at risk […] View full post on AmIHackerProof.com
Officials from Serbia recently detained a Belgrade resident who’s doubted as belonging to a hacking group named DarkOverlord or The Dark Overlord.
The resident, a man aged 38, uses the initials “S.S” for his name and is a Belgrade citizen.
Except for these, nothing about his identity is known.
The Federal Bureau of Investigation has kept silent giving no remarks about the arrest. However, Serbian officials state they executed the detention when they were conducting an operation for exposing the people using the moniker “The Dark Overlord” online.
Running active from 2016, DarkOverlord has gained notoriety for hacking schools and medical providers to seize their personal files followed with blackmailing the institutions into paying money if they don’t want their information to be sold on the underground world. Earlier, the hackers had apparently seized addresses, phone numbers and Social Security Numbers belonging to innumerable medical patients that could’ve been utilized for committing ID-theft. In.pcmag.com posted this, May 17, 2018.
Beginning from June 2016, The Dark Overlord infiltrated the systems of 50-or-so victims, stealing a variety of data such as intellectual property and crucial health information followed with demanding ransoms in exchange of leaving the filched data safe.
The hackers’ syndicate is well-known with regards to executing one cyber-crime series spanning 2-yrs and comprising extortion along with hacking followed with revealing episodes contained in a Netflix sequence namely “Orange-is-the-New-Black” and also breaking into U.S. school computers as well as threatening the country’s students with murder.
At times the crooks weren’t satisfied with hacking they’d start physical violence threat against the hacked entities. During 2017, an infamous campaign carried out in USA included breach of systems of high schools and then theft of personal data to be followed with holding those data for ransoms. And in case the schools did not pay up, the gang would find out the contact details of staff and students from the filched data and then threaten them.
It’s not clear whether The Dark Overlord group consists of one person or several individuals. However on Twitter, it frequently uses the words “us” and “we” as reference to the gang while blackmailing hacked victims.
View full post on National Cyber Security Ventures
Many of us have heard news about identity theft, along with the warnings on how to avoid it. But, do you know that children, including yours, can fall prey to identity predators, too? According to an FTC report, 6 percent of identity theft victims are people 20 years old and below, and these statistics include young children and infants. When ID thieves effectively obtain an identity, they can take out credit cards, rent a house and even get a mortgage using the child’s name.
As a parent, do you have a good understanding of child identity theft as well as to protect your child from identity theft? Keep in mind that whenever you give out your child’s social security number and other personal identifying information, you should take extra precautionary measures, because the last thing you may want to happen to your child is to become a victim of identity theft.
Why do thieves have to target children?
Basically, a child has a clean credit record, and this is what thieves are aiming for. Since creditors and lenders will favor someone with a clean record rather than someone with bad credit, they will be more likely to accept the thief’s application using the child’s good name. Plus, children are not yet taking fail-safe methods to secure their identity, unlike adults who are more aware of the depth of the crime. They see kids as more lucrative targets, because the only time the problem may come to light is when they reach legal age and started checking their own credit or applying for a line of credit themselves, giving criminals ample time to hide their crime while continuously devastating the child’s identity. Therefore, the earlier the thieves started misusing a child’s identity, the longer they can exploit that victim’s credit.
What signs should warn you that your child is being victimized by id theft?
In order to know if your child’s identity is stolen, you should be vigilant in spotting any of these red flags:
• Pre-approved credit card offers – If your child receives unsolicited offers from credit card companies at a very young age, it may be a sign of identity theft.
• Collection agencies looking for your child – Are there collection agencies calling you for an unpaid bill in your child’s name? Don’t take this simply as a case of mistaken identity, there’s a chance that thieves have actually opened up a line of credit with your child’s identity and left it unpaid.
• Account statements from Social Security – SS account statements are records of annual contributions or benefit claims and these are usually sent to people who have a job. So, unless your kid has a job, receiving a social security account statement in the name of your child is indicative of identity fraud or theft.
Child identity theft protection: four important things to remember
Keep personal identifying information private – never share your child’s identifying information, especially his/her social security number and full name, to someone who has no legal business with you. A child’s social security number, along with the full name and date of birth, are what a thief needs to hijack your child’s identity.
Keep every one of your child’s documents at home safe and locked in a secure place. Ask questions if you must – if you are asked by the school, pediatrician or other organizations for your child’s social security number, don’t hesitate to ask why they need it and how they are going to protect it. Also, try asking if it’s okay if you give them another form of identification apart from your child’s social security information.
Finally, ask who will have access to your child’s information and how they are going to dispose of your child’s information afterwards. Watch out for the red flags – the warning signs mentioned above, such as phone calls or emails, concerning your child’s credit should not be taken lightly. Always watch out for these suspicious activities, because they indicate fraud. Educate children about online safety.
In the modern day we live in, children have become more inclined to use the power of the Internet. But, it’s also a place where identity thieves usually thrive. Emphasize to your kids not to give out their personal information and the passwords and usernames to their online accounts to strangers they met online. They should also avoid visiting unfamiliar sites or clicking strange links to prevent viruses and malware from invading their computer, because this method can be used by criminals to access their private information.
The post How to #Protect #Child #Identity from being #Stolen appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
The Apple TV has long been a wonderful device for consuming media on your big-screen television. From video to music, it is a great experience. Some people weren’t satisfied with the default functionality, however, opting to jailbreak Apple’s media box. In fact, the jailbroken Apple TV 2 was one of the most popular XBMC/Kodi boxes for this reason.
Are you running one of those jailbroken Apple TV 2 devices? You should be worried then. You see, as the folks over at TVAddons warn, the jailbreak process installed OpenSSH by default. This means your network could be compromised by the fairly outdated media box. A hacker only needs your ip address to attack you.
“Under normal circumstances, most people are aware of the need to set a strong password on their computer. However, in this circumstance, most users aren’t aware that their jailbroken Apple TV 2 is a computer that can be programmed for any purpose. Anyone who gains access to your insecured [sic] jailbroken Apple TV 2 device could run code to do things like send spam, DDoS, or even infiltrate your phone and personal computer,” says TVAddons.
The group also says, “Who’s to blame? We hate to say it, but the company behind the popular Seas0npass jailbreak for Apple TV 2 should have known better. For years Firecore distributed what was the only method of jailbreaking the Apple TV 2, and knowingly chose to include OpenSSH with the jailbreak. They should have seen this coming, and given the user the chance to change the SSH password at the time of jailbreak. Instead they likely turned a blind eye in order to make things simple for the average joe, to whom they also tried to upsell other premium apps.”
Before you get too scared, just know that disconnecting the jailbroken Apple TV 2 from your network will take away the threat. In other words, if you don’t use it, just get rid of it — it is outdated anyway. If you are still using it, however, you can just change the default root password to secure yourself — easy peasy.
View full post on National Cyber Security Ventures
Cyber security experts in Abu Dhabi have found a way to create an “unhackable” electronic chip that could potentially be used in phones, cars and computers.
With the evolution of technology and manufacturing process giving way to less safety, researchers at New York University Abu Dhabi have just received a grant to deploy their work into a solution.
“This is the first prototype for a chip that has security features built in at the hardware level,” said Ozgur Sinanoglu, associate dean of engineering and associate professor of electrical and computer engineering at the university. “The purpose of this chip is a proof-of-concept to show that we can take any chip design, apply our software on the design to lock [it], and create trustworthy locked chips that are resilient to hardware-level threats such as counterfeiting, piracy, reverse-engineering and tampering.”
His research at the university’s Centre for Cyber Security on hardware security and trust is being funded by the US National Science Foundation, the US Department of Defence and the UAE-owned semiconductor manufacturing company Global Foundries, as well as Mubadala Technology.
“We take smart devices for granted but can we really trust them?” asked prof Sinanoglu, who is also the director for design at the excellence lab at the university. “When hackers break into certain devices, they want to share that with everyone so they come up with a set of instructions published on a website. It goes viral and it’s a huge revenue loss for the company.
“Up until a decade ago, this is mainly what hardware security was about – chips with secret assets for people to extract or manipulate this secret information.”
Implications of breach are serious as such chips are found in phones, cars, computers, airplanes, nuclear power plants, medical devices and critical safety and security applications. “So once our trust is compromised on these chips, then it’s compromised on pretty much all applications that [almost] control our lives one way or another,” he said. “Everything used to be centralised in one controlled facility under the control of a few people but now, the process on a single chip spans across the globe, various teams and different companies.”
He spoke of Apple, which has headquarters in California but sources design facilities in Europe, China and India, fabricates in South Korea, tests in Taiwan and assembles its packaging in China.
“Because the flow is highly distributed today, people are concerned about a variety of things,” he said. “We’re talking about all sorts of piracy problems to be able to control chips remotely, or disable them, or leak information from them.”
The new chip ensures a secure platform from start to finish in terms of the hardware.
“If the hardware is compromised, you can have the strongest operation system but you can’t talk about a trustworthy system,” Mr Sinanoglu said. “The UAE is investing heavily in this research and we’re more confident that this will be unhackable because we have mathematical definitions and theorems backing [its] security. We were now offered a grant by the [Defence Advanced Research Projects Agency] as part of a four-university team to turn it into an actual solution that can be deployed and we are hoping to have our software solution adopted by chip design companies so they can produce trustworthy chips.”
He has also set up a platform allowing potential hackers to attempt to break in, because “crowd-sourcing is the best way to test your security”.
“Our locks are in there but they don’t know the secret key,” he added. “We give them virtual access to the chip too but the idea is to see whether someone with this information can break it. We expect no one to.”
Experts said hardware is an area sometimes overlooked in terms of cyber security.
“It’s an issue that is forgotten about,” said Dr Fadi Aloul, head of computer science and engineering at the American University of Sharjah. “Hardware also has bugs and today, with the Internet of Things, those are also being targeted, so it is needed with new smart chips.
“The closer the security measures are to the hardware, the harder it is for the hackers to really take advantage of this chip.”
However, Dr Aloul also said that “unhackable” is very hard to say as the general rule of security is that there is no perfectly secure system. “We can say it’s very hard to hack, but nothing is impossible,” he said. “Given the time and resources, a weakness, like a vulnerability, can be found and exploited.”
Matthew Cochran, chairman of the Defence Services Marketing Council, said security must be holistic as “you are only as strong as the weakest link”.
“Chip security and hardening is fundamental to this as everything else above it in the stack is dependent on the chip not being compromised,” he said. “There is no point in having a secure operating system and encryption if the chip control of all these functions is accessible by [criminals].”
The post ‘Unhackable’ #electronic #chip being #developed in #Abu Dhabi appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
This summer’s historic solar eclipse was an amazing sight that reminded us of the beauty of our solar system, as well as the fact that you should never look directly at the sun. The eclipse also reminded us that without being able to see something, understanding it can be very…
The post Cybersecurity’s Solar Eclipse: How We’re Being Blinded By Marketing Buzzwords appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures