now browsing by tag


Utah #charity’s #funds #wiped out by #hacker

Source: National Cyber Security – Produced By Gregory Evans

Utah Association for Intellectual Disabilities said Wednesday a hacker had locked them out of most of their systems and drained their bank accounts. This comes right as the group was gearing up for holiday giving season.

UAID gives Christmas gifts to adults who are intellectually disabled, often don’t have family, and stay in assisted living facilities.

The group only meets once a month and was getting together to plan their holiday strategy for buying and distributing gifts. The group serves around 1,200 – 1,400 people ever holiday season. Although Vice President Laura Henderson said they noticed no new email applications for help had come in since October 22nd.

“As we investigating the email issue, I opened the bank statements and started seeing things that just weren’t right,” said Henderson.

After speaking with their bank the group noticed around $5,000 from multiple accounts had been transferred, or stolen from their accounts. According to records the hackers used a series of apps and services to get the money out.

The transfers started small around October 22nd, but went into the thousands by the 25th.

It wasn’t just the money the hackers messed with. They also took over their PayPal, opened new accounts, and locked them out of their email and website. Even when they tried to change the passwords the hackers regained access a short time later.

Co-Founder Katherine Scott said she devastated because so many rely on their gifts, and often don’t get anything else for Christmas. With email accounts compromised they don’t know who needs services this year.

“That’s one of the things that’s making us real sad this year is we don’t know who needs help,” said Scott.

Doug Lind has been a recipient of gifts for the last six years, and said for many it’s the one thing that brightens up their holidays. He couldn’t believe the news.

“You have to be really low to do something like that to people who don’t have that much,” said Lind.

The groups is now scrambling for donations of money and clothes for those they serve. Because their email and website has been compromised they are asking everyone to call their new number at 385-887-4145.

The post Utah #charity’s #funds #wiped out by #hacker appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info

Source: National Cyber Security – Produced By Gregory Evans

Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info

A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD).

The extortion attempt’s victim is the University of Fraser Valley (UFV), a Canadian university located in the town of Abbotsford, south-east of Vancouver.

Based on the currently available information, a hacker or hacker group breached the university’s network from where it gathered information such as names, email addresses, phone numbers, physical addresses, grades information, some instances, limited financial details, and possibly more.

Hacker circulated personal data of 29 UFV students

The time of the intrusion is unknown, but over the last weekend, the hacker sent an email to UFV students with the personal information of 29 UVF students.

The same email also contained a ransom demand of 30,000 CAD (23,000 USD). The hacker gave UFV officials 48 hours to pay, or he’d release more info.

The University came clean on Monday and admitted the breach in series of four security alerts sent over the course of the week.

“The students directly affected have been contacted and UFV is working with them to take steps to secure their privacy and personal information,” a UFV spokesperson said.

University shuts down email system

On Wednesday, UFV shut down its email system until November 6, in an attempt to prevent the proliferation of other emails containing data of other students.

The hacker’s point of entry and the number of compromised systems are currently unknown. The University is still investigating the breach, together with Abbotsford police.

The deadline has passed, but it’s unclear if the University paid the ransom demand.

In mid-September, a hacker group known as TheDarkOverlord (TDO) tried to extort schools in the US state of Montana. The hacker’s extortion attempts failed, even after he made bomb threats against the school and physical violence against students.

Bleeping Computer reached out to the hacker group through an intermediary and TDO denied it was behind this recent extortion attempt.

The post Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Basic #Payment #cash raises #computer #hacker #threat

Source: National Cyber Security – Produced By Gregory Evans

Basic #Payment #cash raises #computer #hacker #threat

EASY access to information about Scottish farmers’ Basic Payments has made them prime targets for cyber crime, the Scottish Business Resilience Centre has warned.

At the end of October, payments worth £254million were issued to farmers and crofters across the country, and SBRC advised farmers to be “extra vigilant” regarding their internet safety, including being aware of suspicious emails or phone calls.

Chief ‘ethical hacker’ with the SBRC, Gerry Grant, said: “I know how vital these payments are to the livelihood of farmers and crofters. This makes it even more important that they’re fully aware that it can make them an easy target for criminals to try and scam them.

“Criminals can easily work out an accurate estimation of what a farmer is likely to receive in CAP payments and armed with this information, they can try and steal the money. They can send various emails to try and get passwords for bank accounts or even try and trick unsuspecting farmers into making payments to the wrong account.”

The types of emails and calls farmers may receive will generally consist of them being asked to take urgent action regarding their finances/bank accounts. SBRC said that any unusual emails or phone calls should be investigated fully, and the contact details should be verified before any action is taken.

Things to look out for include:

• Emails from suppliers asking for funds to be transferred to a different bank account;

• Emails claiming that there is a problem with an account;

• Phone calls from banks saying that there appears to be unusual activity on their account.

The post Basic #Payment #cash raises #computer #hacker #threat appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

Source: National Cyber Security – Produced By Gregory Evans

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

‘The weakest part of security is us’

This was the message from ethical hacker Mike G.

Speaking at the Irish Independent annual Dublin Information Sec cyber-security event taking place in Dublin today, Mike G, who helps organisations in their fight against cyber security and hacking, said that humans are very easily hacked.

Citing the hacking of US actress Jennifer Lawrence’s Apple iCloud, Mike G said that the hacking was done through the actresses’ password for iCloud being her dog’s name, and the fact that Ms Lawrence had posted a picture of her dog on Instagram – the hacker went from there and leaked photos apparently showing her in the nude on the internet.

In addition, bad systems design and/or insecure security policies can leave people and organisations vulnerable to hacking.

Mike G, who describes himself as a pilot, engineer, and ethical hacker,  described the various was in which hackers can gain information about a person or a company, including through social media, certain types of jobs – “sales people often give out everything” – and even job listings.

In a sobering talk, he listed spoofing texts, calls and emails among the ways in which people and companies can get hacked.

In addition he said that anything can get hacked including pins, biometrics, TVs, and even our fitbits.

However when a person’s phone can be taken over, it’s “huge” he said.

In what was a stark message to businesses, Mike G asked those present at the event whether their company would be able to recover if the competition had all of their data?

However, the news from the ethical hacker was not all bad.

Mike G and his team do a lot of forensic planning, providing, among other services, cyber security awareness training, and impact penetrating testing to show companies their weak spots and how these can be overcome.

The post ‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Florida #man gets 16 months over #bitcoin bank #hacker scheme

Source: National Cyber Security – Produced By Gregory Evans

Florida #man gets 16 months over #bitcoin bank #hacker scheme

NEW YORK – A Florida software engineer was sentenced to 16 months in prison for helping run an illegal Bitcoin exchange suspected of laundering money for a group of hackers who targeted financial and publishing firms including JPMorgan Chase & Co. and Dow Jones & Co.

Yuri Lebedev, 39, helped operate Coin.mx, which tricked banks into processing bitcoin transactions by disguising them as restaurant-delivery charges and online purchases of collectible items. He was convicted in March of conspiracy and fraud following a month-long trial in Manhattan.

Lebedev, wearing a black suit, stood before sentencing to tell the judge he regretted his actions. He said he joined Coin.mx to create “cutting edge technology” and build something “that would make me exceptional.”

“I got carried away,” he said, adding he realizes now “there are no shortcuts.”

U.S. District Judge Alison J. Nathan in New York said Lebedev used his “impressive technology skills” to trick banks, making them “unwilling participants in the scheme.”

Prosecutors said the unregistered exchange sold bitcoins that were used in illegal online transactions and as payment in ransomware attacks. To help dodge regulators, Lebedev also conspired with his boss to bribe a New Jersey pastor to let them take over a credit union that was run out of a church and use it to help legitimize the exchange’s corrupt operations.

The operator of Coin.mx, Anthony Murgio, was sentenced to 5½ years in June. He admitted in January that he ran Coin.mx for the hacking scheme’s main Israeli architect, Gery Shalon, the self-described founder of a sprawling criminal enterprise that hacked at least nine companies.

Lebedev was born in Russia and raised in Ukraine before moving in with a host family in the U.S. state of Georgia. His attorney, Eric Creizman, cited the wide-ranging nature of the scheme to portray his client as a husband and doting father of three who was been caught up in something too big for him to recognize. In court papers, he described Lebedev as an “unlikely criminal defendant.”

“This case in which Lebedev was tried and convicted as a defendant involved a far broader scope of criminality than the conduct that Lebedev purposefully involved himself in or even knew about,” Creizman said in a court filing.

Lebedev wasn’t accused of money laundering and wasn’t involved in the hacking scheme. Creizman emphasized his technology role and said he wasn’t involved in the three-way calls with banks in which customers lied about the nature of their transactions.

Family and friends sent letters to the court supporting Lebedev, all of which described him as a man devoted to hard work and to giving his children the kind of opportunities he didn’t have in Ukraine. His host family described how Lebedev tutored their child in math, while a college friend relayed how Lebedev washed dishes to avoid using a credit card for living expenses like others did.

Shalon’s global network allegedly stole information on more than 100 million customers of banks and publishing firms and generated hundreds of millions of dollars in illicit proceeds from pump-and-dump stock scams and online gambling.

Murgio operated the exchange with Lebedev from about 2013 to 2015 through a front company, the Collectables Club Private Member Association, which lists Murgio’s West Palm Beach address, court papers show. At Murgio’s sentencing hearing, he wept and said he’d “screwed up badly.”

The men “knowingly exchanged cash for people whom they believed may be engaging in criminal activity,” the government said in court filings.

As part of the scheme, Lebedev was installed on the board of New Jersey-based HOPE Federal Credit Union to bribe Trevon Gross, a pastor who was convicted in the same case, to gain control of the credit union and use it to process corrupt bank transactions that would appear legitimate, court filings show. Gross hasn’t been sentenced.

“Lebedev was one of the handful of co-conspirators involved in the credit union’s processing of over $60 million in risky” transactions, prosecutors said in court papers.

Lebedev’s role was to set up an array of servers that Coin.mx used to process its transactions, a critical element of the scheme that required constant attention to avoid detection by the banks, the U.S. said.

“One of those critical issues that Lebedev handled was the use of separate servers to mislead banks and payment processors into thinking that Coin.mx bitcoin transactions were actually Collectables Club memorabilia and MyXtremeDelivery food transactions,” the U.S. said in court papers.

Lebedev also attempted to obstruct the case by deleting files from a computer, prosecutors said.

Shalon and his alleged top lieutenant, Ziv Orenstein, were arrested in Israel in July 2015 and extradited to the U.S. last year. They have pleaded not guilty. An American who allegedly conspired with them, Joshua Aaron, who attended Florida State University with Anthony Murgio, was detained by Russian authorities in 2015 and returned to the U.S. to face charges. He denies wrongdoing.

The post Florida #man gets 16 months over #bitcoin bank #hacker scheme appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

EC-Council’s #Hacker Halted #Conference Shines a Light on #Cyber Warfare

Source: National Cyber Security – Produced By Gregory Evans

EC-Council’s #Hacker Halted #Conference Shines a Light on #Cyber Warfare

Hacker Halted, EC-Council’s largest annual information security, attracted over 1,200 attendees to hear from the world’s foremost security experts. The event began with a Kung Fu style dance routine presented by Atlanta Chinese Dance Academy. After the acrobatic dancers, Jay Bavisi, EC-Council’s President, addressed the record-breaking crowd with his keynote entitled “From Hackers to Professionals: The Evolutions of an Industry.” Bavisi’s talk also unveiled the new EC-Council penetration testing certification program, LPT (Master).

Next, the audience was treated to the “Hackers, The Media, Truth, Trust, and Alternative Facts” debate moderated by Winn Shwartau, Founder of The Security Awareness Company with panelists Gregory Carpenter, COO of Pragmatick IO, Inc. and Hollywood Producer Michael Masucci. The debate included lively exchanges on the important issues surrounding the responsibilities of law enforcement, privacy concerns of citizens, corporate security programs, and the hacker perspective on where the nature and importance of truth.

For those hackers looking to test their skills, there was a Capture the Flag game presented by Core Security running throughout the two days of the conference where competitors scored points for penetrating the game’s defenses. Along that same theme, there was also a lock picking exhibition run by Augusta Locksports where attendees’ physical security skills were put to the test.

A special addition to this year’s event was IBM’s sponsorship of women’s entrance fees to attend the conference. The sponsorship covered 460 women’s tickets, leading to improved representation of women at the event.

The two days of speakers included luminaries in the hacking community, including Chris Roberts, Chief Security Architect of Acalvio Technologies, presenting his talk entitled “Leave your zero days at the door, leave your latest hacks behind, AND bring your playbook for the blue team” to a packed room. Another draw was Georgia Weidman, Founder and CTO of Shevirah. Weidman delivered a stellar talk on “Bypassing iOS Security Using Enterprise Provisioning Hooks.”

The first day concluded with a happy hour and hiring fair, sponsored by CyberSec Jobs, which included another appearance by the Atlanta Chinese Dance Academy Dancers.

On the second day, Derl Heiland, Research Lead (IOT) for Rapid7, keynoted with his talk entitled “IoT Security – Executing an Effective Security Testing Process.”

Conference-goers kept track of sessions and interacted with each other using the Hacker Halted app. They also used the app to rate each speaker and ask questions to the group. Over 400 attendees used the app while at the conference, helping make new comers and Hacker Halted veterans alike feel welcome and connected.

The theme for next year’s event, September 13 – 14, 2018 in Atlanta, GA; has already been announced and will be “The Ethical Hacker’s Guide to the Galaxy: Life, the Universe, Everything … Hacked.” Registration is now open for the 2018 event.

About EC-Council  
EC-Council has been the world’s leading information security certification body since the launch of their flagship program, Certified Ethical Hacker (CEH), which created the ethical hacking industry in 2002. Since the launch of CEH, EC-Council has added industry-leading programs to their portfolio to cover all aspects of information security including EC-Council Certified Security Analyst (ECSA), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (CCISO), among others. EC-Council Foundation, the non-profit branch of EC-Council, created Global CyberLympics, the world’s first global hacking competition. EC-Council Foundation also hosts a suite of conferences across the US and around the world including Hacker Halted, Global CISO Forum, TakeDownCon, and CISO Summit. 

The post EC-Council’s #Hacker Halted #Conference Shines a Light on #Cyber Warfare appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The hacker who is adding a different flavour to politics in Taiwan

Source: National Cyber Security – Produced By Gregory Evans

Not many governments would risk inviting a self-confessed anarchist and “civic hacker” to join their ranks. Especially if the person in question was someone who refuses to give commands or obey orders and is a fervent believer in what they call “radical transparency”. But Taiwan is no ordinary place and Audrey Tang, a…

The post The hacker who is adding a different flavour to politics in Taiwan appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian hacker wanted by U.S. tells court he worked for Putin’s party

Source: National Cyber Security – Produced By Gregory Evans

A Russian hacker arrested in Spain on a U.S. warrant said on Thursday he previously worked for President Vladimir Putin’s United Russia party and feared he would be tortured and killed if extradited, RIA news agency reported. Peter Levashov was arrested while on holiday in Barcelona in April. U.S. prosecutors…

The post Russian hacker wanted by U.S. tells court he worked for Putin’s party appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker who Infiltrated American Military Systems gets Sentenced

Source: National Cyber Security – Produced By Gregory Evans

Suttong Coldfield based Sean Caffrey pleaded guilty to a crime within the purview of Computer Misuse Act during June while facing Birmingham Crown Court following which the jury sentenced him with imprisonment for 18 months along with an 18-month suspension. Caffrey, aged 25, a British resident and PC-hacker acquired illegitimate…

The post Hacker who Infiltrated American Military Systems gets Sentenced appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian cyber hacker pleads guilty in identity theft case

Source: National Cyber Security – Produced By Gregory Evans

A Russian cybercriminal identified as a leader of a $50 million identity theft and credit card fraud ring has pleaded guilty in Atlanta to helping to steal millions of debit card numbers and swiftly loot accounts in cities around the world, federal authorities said. Roman Valeryevich Seleznev pleaded guilty Thursday…

The post Russian cyber hacker pleads guilty in identity theft case appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures