records

now browsing by tag

 
 

#sextrafficking | Ghislaine Maxwell seeks to keep Jeffrey Epstein court records under seal – NewsRadio 560 KPQ | #tinder | #pof | #match | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

Attorneys for Ghislaine Maxwell, the former companion of deceased sex-offender Jeffrey Epstein, are asking a federal judge to keep a batch of court records under seal, arguing that public interest in the documents is outweighed by privacy considerations and the potential impact a release of the documents could have on an ongoing criminal investigation into alleged accomplices of Epstein.

“Ms. Maxwell … is aware that investigations surrounding the alleged conduct of Mr. Epstein survive his death. It is unclear who are witnesses or targets of any investigation,” Maxwell’s attorney, Jeffrey Pagliuca, wrote Wednesday in a filing objecting to unsealing certain documents. “The sealed testimony or summaries may inappropriately influence potential witnesses or alleged victims.”

The sealed court filings in the case — a now-settled civil defamation lawsuit filed against Maxwell in 2015 by Virginia Roberts Giuffre — are said to contain the names of hundreds of people, some famous and some not, who socialized, traveled or worked with Epstein over the span of more than a decade. The late financier has previously been linked to a coterie of high-profile business leaders, scientists, royalty and politicians.

Epstein, a convicted sex offender, was found dead in an apparent suicide in prison while awaiting trial on sex trafficking charges that he denied.

Among the records now being considered for release is a 418-page transcript of one of Maxwell’s multi-hour depositions in the case, which Maxwell’s attorneys argue were given under an expectation of confidentiality that had been agreed to by both sides in the dispute, according to Maxwell’s court filing.

“This series of pleadings concerns [Giuffre’s] attempt to compel Ms. Maxwell to answer intrusive questions about her sex life,” Pagliuca wrote. “The subject matter of these [documents] is extremely personal, confidential, and subject to considerable abuse by the media.”

The collection of documents now being reviewed for potential release by Senior U.S. District Court Judge Loretta Preska represents just a small subset of the thousands of pages of documents that must be reviewed for potential release, a process that could drag on for many months.

Giuffre has accused Maxwell of facilitating and participating in Epstein’s abuse of minor girls. Maxwell has denied Giuffre’s allegations. When the defamation case was settled in 2017, a substantial portion of the court docket remained sealed or redacted. The sealed records include the identities of people who provided information in the case under an expectation of confidentiality, plus the names of alleged victims and individuals accused of enabling Epstein or participating in the abuse.

Maxwell attorneys argue that the bulk of the sealed documents and exhibits should stay sealed, contending that they “were gratuitous and served no legitimate purpose” when they were submitted by Giuffre’s attorneys and because many of the documents contain the names of dozens of non-parties who have yet to receive notice that the records could be made public.

An attorney for Giuffre did not respond to a request for comment on Maxwell’s court filing.

Giuffre, now a 36-year-old mother living in Australia, alleges she was sexually abused as a teenager by Epstein and Maxwell between 2000 and 2002. She also claims to have been directed to have sex with some of their prominent friends, including Britain’s Prince Andrew. She filed the action against Maxwell in September 2015, alleging that the former British socialite defamed her when her publicist issued a statement referring to Giuffre’s allegations as “obvious lies.”

For the next year and a half, attorneys for the two women engaged in an acrimonious duel of pre-trial arguments, much of which took shape in heavily redacted or sealed court filings. The case settled just before a trial was set to begin in May 2017. A year later, the Miami Herald newspaper filed an ultimately successful motion to unseal at least some portions of the undisclosed record of the case.

Lawyers representing Giuffre, Maxwell, the Herald, and an anonymous individual who intervened to assert privacy interests, have been haggling for the last several months over their favored approaches to unsealing the records. The arguments over the protocols alone amounted to more than 50 additional entries on the court docket before Judge Preska arrived at the final procedure.

Earlier this month, notification letters were sent to two “John Does,” anonymous individuals whose names are among several dozen that appear in just the first batch of sealed and redacted documents currently under review by Preska, according to court records. Neither of those individuals responded to the letters, according to Maxwell’s court filing.

Giuffre has advocated for near-total disclosure of the records, while Maxwell and attorneys for the intervening individual have urged Preska to carefully balance the intense public interest in the case against potentially “life-changing” reputational damage that could befall those whose names are made public. Because the parties reached a confidential settlement, the allegations leveled in the dispute are unproven, having never been tested by an independent trier of fact.

Previously unsealed records from the case have already generated headlines around the world after a federal appeals court released more than 2,000 pages of documents last August, a month after Epstein’s arrest by federal authorities in New York.

Included in that collection were excerpts from Giuffre’s depositions naming several prominent men she alleges Epstein and Maxwell directed her to have sex with, including Prince Andrew, attorney Alan Dershowitz, former U.S. Senator George Mitchell and former New Mexico governor Bill Richardson. All of those men, and others accused by Giuffre, have denied the allegations.

“The documents and exhibits should be carefully examined for the vivid, detailed and tragic story they tell in the face of cursory, bumper sticker-like statements by those accused,” Giuffre’s attorney, Sigrid McCawley, wrote in a statement on the day of the documents’ release. “Virginia Roberts Giuffre is a survivor and a woman to be believed. She believes a reckoning of inevitable accountability has begun.”

The morning after that first set of documents was made public, Epstein was found unresponsive in his jail cell in Manhattan, where he was being held pending trial on charges of child sex-trafficking and conspiracy.

Maxwell, 58, is the daughter of the late British publishing magnate Robert Maxwell, who died in 1991 in what was ruled an accidental drowning off the coast of the Canary Islands. She met Epstein in New York following her father’s death, and the two were closely linked for more than a decade. Sources tell ABC News that Maxwell remains under criminal investigation by federal authorities in New York, who have vowed to hold responsible any alleged co-conspirators in Epstein’s sex trafficking conspiracy.

In previously unsealed excerpts from her depositions in the case, Maxwell derided Giuffre as an “absolute liar.” She has also denied allegations from Giuffre and other women who contend in court filings that Maxwell recruited and trained girls and young women for Epstein and facilitated their abuse.

“She absolutely denies that she participated in this or any other sexual abuse or trafficking or assault, and no court, judge or jury has ever determined that she has,” an attorney for Maxwell wrote last month in a related case.

.  .  .  .  .  .  . .  .  .  .  .  .  .  .  .  .   .   .   .    .    .   .   .   .   .   .  .   .   .   .  .  .   .  .

Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post #sextrafficking | Ghislaine Maxwell seeks to keep Jeffrey Epstein court records under seal – NewsRadio 560 KPQ | #tinder | #pof | #match | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web

Source: National Cyber Security – Produced By Gregory Evans

Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibaba’s Security Research Lab posted on Weibo that millions of Weibo users’ data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on “phone number search.”

In the comment section, netizens claimed that they found 538 million user records including user IDs, number of Weibo posts, number of followers, gender and geographic location available for purchase on the dark web. Among all the user records, 172 million had basic account information, all of which was available for sale for 0.177 Bitcoin.

Luo Shiyao, Weibo’s Security Director responded on Weibo that the Internet security community was merely “overreacting.” “Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet,” adding that “When we found the security vulnerability we took measures to fix it.” Luo stated that this is likely another “dictionary attack” instead of a direct drag from Weibo’s database.

Both Wei’s thread and Luo’s Weibo post have been deleted.

Flow chart of the information purchase process (Source: Phala Network)

Weibo responded to media admitting that the data leak is true, while no users’ passwords or ID numbers were under threat. Weibo also claimed that its security policy has since been strengthened and is under continuous optimization. The company also stated that the leak traced back to an attack on Weibo in late 2018, when hackers used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment. Weibo concluded that no other information besides users’ IDs was leaked and its normal services would not be affected.

However, according to Phala Network‘s research, users’ ID numbers, emails, real names, phone numbers and related QQ numbers can all be obtained through the Weibo information leak on the dark net. One search costs approximately 10 RMB. According to TMT Post, a source had purchased their own personal information including name, email, home address, mobile phone number, Weibo account number and password on the dark web and confirmed it to be accurate. Another source revealed to TMT Post that even some user’s license plate numbers and previous passwords could be found. Chat app Telegram is a major platform where transactions for the leaked data are conducted.

Source link
——————————————————————————————————

The post #deepweb | <p> Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

“INDIA-BIG-MIX” (full name: [CC] INDIA-BIG-MIX (FRESH SNIFFED CVV) INDIA/EU/WORLD MIX, HIGH VALID 80-85%, uploaded 2020-02-05 (NON-REFUNDABLE BASE)”

If you’re wondering what this seemingly random set of words mean, that is how a fresh database of 461,976 payment card records currently on sale on Joker’s Stash, a popular underground cardshop in the dark web has been listed.

Group-IB, a Singapore based cybersecurity company specialising in preventing cyber attacks which detected the database, says that over 98% of this database on sale were cards issued by Indian banks.

At the moment, the source of this new breach is unknown. The card records were uploaded on the 5th of February and that the total estimated value of the database according to Group-IB, is USD4.2 million, at around USD 9 apiece. Till yesterday morning 16 cards details were found to have been sold. Those who buy these cards do so with the intention of committing payment card fraud.

The company says that they have already alerted India’s Computer Emergency Response Team (CERT-In). The Economic Times will update this story as and when we hear from CERT-In on the steps they have taken.

With the sharp rise in digital payments in India and a lack of corresponding rise in awareness of the best practices to use payment cards safely online and offline, the country has become an attractive destination for nefarious elements online.

This newest breach has, according to Group-IB, “exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.”

This is the second major database of Indian payment card details that Group-IB has detected since October when 1.3 million credit and debit card records of mostly Indian banks’ customers uploaded to Joker’s Stash with and estimated underground market value of USD130 million was detected in what became “the biggest card database encapsulated in a single file ever uploaded on underground markets at once.”

According to Dmitry Shestakov, the head of Group-IB cybercrime research unit, “In the current case, we are dealing with so-called fullz — they have info on card number, expiration date, CVV/CVC, cardholder name as well as some extra personal info.”

They also say that unlike earlier breaches what “distinguishes the new database from its predecessor is the fact that the cards were likely compromised online, this assumption is supported by the set of data offered for sale.”

Shestakov adds “such type of data is likely to have been compromised online — with the use of phishing, malware, or JS-sniffers — while in the previous case, we dealt with card dumps (the information contained in the card magnetic stripe), which can be stolen through the compromise of offline POS terminals, for example.”

Source link
——————————————————————————————————

The post #deepweb | <p> Joker’s laughing: Fresh database of half a million Indian payment card records on sale in the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Big Microsoft data breach – 250 million records exposed – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Microsoft has today announced a data breach that affected one of its customer databases.

The blog article, entitled Access Misconfiguration for Customer Support Databases, admits that between 05 December 2019 and 31 December 2019, a database used for “support case analytics” was effectively visible from the cloud to the world.

Microsoft didn’t give details of how big the database was. However, consumer website Comparitech, which says it discovered the unsecured data online, claims it was to the order of 250 million records containing:

…logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019.

According to Comparitech, that same data was accessible on five Elasticsearch servers.

The company informed Microsoft, and Microsoft quickly secured the data.

Microsoft’s official statement states that “the vast majority of records were cleared of personal information,” meaning that it used automated tools to look for and remove private data.

However, some private data that was supposed to be redacted was missed and remained visible in the exposed information.

Microsoft didn’t say what type of personal information was involved, or which data fields ended up un-anonymised.

It did, however, give one example of data that would have been left behind: email addresses with spaces added by mistake were not recognised as personal data and therefore escaped anonymisation.

So if your email address were recorded as “name@example.com” your data would have been converted into a harmless form, whereas “name[space]@example.com” (an easy mistake for a support staffer to make when capturing data) would have been left alone.

Microsoft has promised to notify anyone whose data was inadvertently exposed in this way, but didn’t say what percentage of all records were affected.

What to do?

We don’t know how many people were affected or exactly what personal data was opened up for those users.

We also don’t know who else, besides Comparitech, may have noticed in the three weeks it was exposed, although Microsoft says that it “found no malicious use”.

We assume that if you don’t hear from Microsoft, even if you did contact support during the 2005 to 2019 period, then either your data wasn’t in the exposed database, or there wasn’t actually enough in the leaked database to allow anyone, including Microsoft itself, to identify you.

It’s nevertheless possible that crooks will contact you claiming that you *were* in the breach.

They might urge you to take steps to “fix” the problem, such as clicking on a link and logging in “for security reasons”, or to “confirm your account”, or on some other pretext.

Remember: if ever you receive a security alert email, whether you think it is legitimate or not, avoid clicking on any links, calling any numbers or taking any online actions demanded in the email.

Find your own way to the site where you would usually log in, and stay one step ahead of phishing emails!

Source link

The post Big Microsoft data breach – 250 million records exposed – Naked Security appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Richard Frank: LifeLabs hackers could still hold health records of 15 million Canadians

Source: National Cyber Security – Produced By Gregory Evans

LifeLabs announced this past week that hackers had invaded its computer system and put the records of 15 million Canadians at risk

Veronica Henri / Veronica Henri/Toronto Sun

OPINION: If the cybercriminals already have a copy, then retrieving data by paying ransom will not suddenly disallow the attackers from further using that data

LifeLabs — Canada’s major provider of lab diagnostics and testing services — announced on Dec. 17 that hackers had potentially accessed computer systems with data from “approximately 15 million customers” that “could include name, address, email, login, passwords, date of birth, health card number and lab test results.”

As a Canadian citizen whose data and whose family’s data is probably among the 15 million records stolen, my first thought is about the implications of this breach.

At the International Cybercrime Research Centre in the School of Criminology at Simon Fraser University, we’ve been studying online hacker communities for about seven years and the Dark Web for the past four years. The Dark Web, with its large number of marketplaces (called cryptomarkets, think eBay for drugs and stolen data), is a fascinating place where all sorts of products, data and services are made available for purchase. Payments are made using anonymous (mostly) untraceable digital currencies. I would expect parts of LifeLabs’s database to eventually end up in a marketplace like that.

So how did this happen? Details of the hack have not been revealed due to the ongoing investigation, but hopefully we will eventually learn the specifics. According to the Office of the Information and Privacy Commissioner of Ontario (IPC) and the Office of the Information and Privacy Commissioner for British Columbia (OIPC), “cyber criminals penetrated the company’s systems, extracting data and demanding a ransom,” which LifeLabs paid.

This points to a likely ransomware attack, where the attacker encrypts the data on a computer system and makes it inaccessible. Unless a backup of the data exists, the only way to recover the data is by paying the attacker a ransom, who sends the victim the decryption keys to unlock the data. Most of these ransomware attacks use encryption so strong that even security firms cannot unlock the files, which has led to a new type of business where consultants help ransomware victims negotiate and pay the ransom.

In most ransomware cases the data remains on the victim’s computer, but its access is revoked through strong encryption. This implies that the attackers do not actually have a copy of the data and thus the chances for future revictimization remain low. However, the language of the OIPC indicates that in this case, the data were “extracted.” This puts a new twist on the story.

Ransomware attackers sometimes do use ransomware — software that threatens to block access or publish data — that not only locks files, preventing the victim from doing anything, but also leaks the files back to the attackers. This allows the attackers to potentially extort more money from the victim, as happened a few weeks ago to Allied Universal, a security firm in California. That seems to be the case with LifeLabs.

If this is true, then our data is out there, in the hands of cybercriminals, and will remain out there. LifeLabs has stated that they have “retrieved the data by making a payment,” but if the cybercriminals already have a copy, then retrieving it will not suddenly stop the attackers from further using that data.

Did LifeLabs not have a proper backup and recovery procedures in place so it could recover from this failure without having to resort to paying a ransom?

The likely scenario is that LifeLabs fell victim to a ransomware attack, possibly sparked by a phishing email with a malicious link or attachment, which resulted in up to 15 million customers’ information (our information, not LifeLabs’) being extracted to the attackers. LifeLabs paid the ransom to regain access to the data and continue business.

What can we, as customers, do? Unfortunately, not much.

The data theft is beyond our control. Periodically we must do business with third-parties that require our personal information and we have no choice but to hand it over. Implicit in this transaction is that the other party (LifeLabs, for example) will protect that data. The only available option we have as customers is to be vigilant of our personal information, including financial and health details; but this is after the data theft.

We must check our credit card statements, our credit histories, our insurance claims. We must not use the same password in multiple places and should use two-factor authentication whenever possible.

Potentially the best way to prevent future breaches would be to incentivize organizations that collect our personal details to secure them properly. This could be done by changes to the legislation, like in the European Union and its new General Data Protection Regulation (GDPR) introduced in 2018.

In August 2018, the British Airways website was breached and 500,000 customer details stolen. The United Kingdom’s Information Commissioner’s Office handed down a fine of £183 million (approximately $321 million), based on a new U.K. law designed to mirror the EU’s GDPR. With penalties like that, third-party organizations would have no choice but to take data security seriously, rather than as an operational cost.

Richard Frank is assistant professor of criminology at Simon Fraser University.


Letters to the editor should be sent to provletters@theprovince.com.

CLICK HERE to report a typo.

Is there more to this story? We’d like to hear from you about this or any other stories you think we should know about. Email vantips@postmedia.com.

Source link
——————————————————————————————————

The post #deepweb | <p> Richard Frank: LifeLabs hackers could still hold health records of 15 million Canadians <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Ransomware attack freezes health records access at 110 nursing homes – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Happy Thanksgiving: your elder loved one’s life may be at risk.

About 110 nursing homes and acute-care facilities have been crippled by a ransomware attack on their IT provider, Virtual Care Provider Inc. (VCPI), which is based in the US state of Wisconsin and which serves up data hosting, security and access management to nursing homes across the country.

The attack was still ongoing on Monday, when cybersecurity writer Brian Krebs first reported the assault.

Krebs says it involves a ransomware strain called Ryuk, known for being used by a hacking group that calculates how much ransom victimized organizations can pay based on their size and perceived value.

Whoever it was who launched the attack, they got it wrong in this case. VCPI chief executive and owner Karen Christianson told Krebs that her company can’t afford to pay the roughly $14 million Bitcoin ransom that the attackers are demanding. Employees have been asking when they’ll get paid, but the top priority is to wrestle back access to electronic medical records.

The attack affected virtually all of the firm’s core offerings: internet service, email, access to patient records, client billing and phone systems, and even the internal payroll operations that VCPI uses to pay its workforce of nearly 150. Regaining access to electronic health records (EHR) is the top priority because without that access, the lives of the seniors and others who reside in critical-care facilities are at stake.

This is dire, Christianson said:

We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time. In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.

As Krebs notes, recent research suggests that death rates from heart attacks spike in the months and years following data breaches or ransomware attacks at healthcare facilities. A report from Vanderbilt University Owen Graduate School of Management posits that it’s not the attacks themselves that lead to the death rate rise, but rather the corrective actions taken by the victimized facilities, which might include penalties, new IT systems, staff training, and revision of policies and procedures.

#cybersecurity | #hackerspace | 110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Source: National Cyber Security – Produced By Gregory Evans A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT […] View full post on AmIHackerProof.com

#hacking | Open database leaked 179GB in customer, US government, and military records

Source: National Cyber Security – Produced By Gregory Evans

Govt officials confirm Trump can block US companies from operating in China
The US president has not made an order as yet, only requesting for US companies to move out of China.

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. 

On Monday, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. 

Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. 

In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor’s web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. 

The team says that “thousands” of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. 

Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. 

See also: Citizen Lab: WeChat’s real-time censorship system uses hash indexes to filter content

Data breaches are a common occurrence and can end up compromising information belonging to thousands or millions of us in single cases of a successful cyberattack. 

What is more uncommon, however, is that the US government and military figures have also been involved in this security incident. 
It appears that one of the platforms connected to Autoclerk exposed in the breach is a contractor of the US government that deals with travel arrangements. 

vpnMentor was able to view records relating to the travel arrangements of government and military personnel — both past and future — who are connected to the US government, military, and Department of Homeland Security (DHS).

Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.

CNET: California proposes regulations to enforce new privacy law

Autoclerk facilitates communication between different hospitality platforms, and it appears that a substantial portion of the data originated from external platforms. In total, the database — hosted by AWS — contained over 179GB of data.

At the time of writing it has not been possible to track the overall owner of the database due to the “number of external origin points and sheer size of the data exposed,” the team says.  

The United States Computer Emergency Readiness Team (CERT) was informed of the leak on September 13 but did not respond to the researcher’s findings. 

vpnMentor then reached out to the US Embassy in Tel Aviv, and seven days later, the team contacted a representative of the Pentagon who promised swift action. Access to the database was revoked on October 2. 

TechRepublic: Financial industry spends millions to deal with breaches

“The greatest risk posed by this leak is to the US government and military,” the team says. “Significant amounts of sensitive employee and military personnel data could now be in the public domain. This gives invaluable insight into the operations and activities of the US government and military personnel. The national security implications for the US government and military are wide-ranging and serious.”

ZDNet has reached out to US-CERT and affected parties and will update when we hear back.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Source link

The post #hacking | Open database leaked 179GB in customer, US government, and military records appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers #steal 19M #California voter #records after #holding #database for #ransom

Source: National Cyber Security – Produced By Gregory Evans

In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.

Database Was Left Exposed

The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.

Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.

Cybercriminals Held Voters Database For Ransom

Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.

The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.

Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.

What Data The Database Had

In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:

City: 
Zip: 
StreetType: 
LastName: 
HouseFractionNumber
RegistrationMethodCode 
State: CA 
Phone4Exchng: 
MailingState: CA
Email: 
Phone3Area: 
Phone3NumPart: 
Status: A 
Phone4Area: 
StreetName: 
FirstName:
StreetDirSuffix: 
RegistrantId:
Phone1NumPart: 
UnitType: 
Phone2NumPart: 
VoterStatusReasonCodeDesc: Voter Requested 
Precinct: 
PrecinctNumber: 
PlaceOfBirth: 
Phone1Exchng:
AddressNumberSuffix: 
ExtractDate: 2017-05-31
Language: ENG 
Dob: 
Gender: 
MailingCountry:
AssistanceRequestFlag 
MailingCity: 
MiddleName:
AddressNumber: 
StreetDirPrefix: 
RegistrationDate: 
PartyCode: 
Phone1Area: 
Suffix:
NonStandardAddress: 
Phone4NumPart: 
CountyCode: 
MailingAdd3: 
MailingAdd2: 
MailingAdd1:
UnitNumber: 
Phone2Exchng: 
NamePrefix: 
_id: ObjectId 
MailingZip5: 
Phone2Area:

Moreover, researchers also found a 22GB file that contained a massive 409,449,416 records of complete California voter registration records. It is believed that the database was created back on May 31st, 2017.

ExtractDate: '2017-05-31',
'District': 
'RegistrantId': 
'CountyCode':, 
'DistrictName':
'_id': ObjectId

MongoDB And Ransom

Since 2016, there have been a number of incidents where MongoDB database have been found exposed on the Internet or held for ransom. In January this year, several unsecured MongoDB databases were hijacked by a hacker, who not only wiped out those databases but also stored copies of them and asked for a ransom of 0.2 bitcoins (roughly US$ 211 at that time).

Researchers also found 13 MillionMacKeeper’ credentials and 58 million business firm accounts exposed online due to misconfigured MongoDB database last year. Last week, AI.Type keyboard app had 31 million customers records exposed online due to misconfigured MongoDB database. In that case, it was discovered that the keyboard app has been spying on users and collecting everything a user does on their smartphone.

Voters Database And Dark Web

A dark web marketplace is a perfect place for hackers and cybercriminals to sell what they steal from others. A year ago, entire US voters’ registration records were being sold on now seized Hansa marketplace, therefore, Californians should not be surprised if their data goes on the dark web for sale.

The post Hackers #steal 19M #California voter #records after #holding #database for #ransom appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Black #Friday #cyberattacks to #break #records as #hackers enlist #bots

Source: National Cyber Security – Produced By Gregory Evans

Identity is central to this increasing problem, and it is available in abundance due to the massive data breaches that have rocked the world in 2017.

We are in the midst of a week predicted to be record breaking in terms of cyberattack volumes, with malicious activity set to spike aggressively on Black Friday and Cyber Monday.

A colossal 50 million attacks globally are expected to hit throughout the prime shopping period, meaning that potentially billions of pounds are hanging in the balance in the UK alone.

In the run up to what may prove to be the worst week of cyberattacks on record, it is also important to note that 171 million attacks have been logged in just the last quarter. This tremendous figure is a 100 per cent increase compared to the same time span in 2015.

Hackers are thought to be prepared for capitalising on the season of spending, with ThreatMetrix recognising an increase in bot activity in the run up to the booming retail period. Fear surrounding the potentially crippling power of bots has peaked recently upon the discovery of the Reaper botnet.

In the past 90 days, 450 million bot attacks have been recorded, with a focus found to be on automated attacks and identity testing.

The massive data breaches of 2017 have brought personal credentials to centre stage, masses of data is available to purchase and use, making the Black Friday even more appealing to fraudsters.

Vanita Pandey, vice president of product marketing and strategy at ThreatMetrix comments, “Cybercrime continues to grow, with organisations being attacked more than ever before, fueled in large part by the proliferation of data breaches that continue to provide fresh identity data to exploit. Fraudsters are acting with haste, before data breaches are disclosed publicly, to test stolen credentials with a view to perpetrate large-volume attacks on digital businesses.

The value of identity data has now surpassed the value of card data, and the cybercrime statistics for EMEA are significantly more troubling than those in North America. In EMEA you are 63 per cent more likely to face an attack via a transaction.

“We predict that the top retailers will sustain heightened attacks from bot operators, looking to test personal accounts. Over the next week, we are expecting approximately 5 to 8 million daily identity testing attacks… By analyzing our most recent data, we can see that the scale of eCommerce attacks in the final quarter of 2017 is likely to surpass the entire attack number for all industries – including banking and media – during Q4 2016,” Pandey said.

Putting into perspective the ease with which identity data can be accessed by malicious actors, Tim Ayling, EMEA Director of Fraud and Risk Intelligence at RSA Security has outlined the paltry cost of personal information.

“With hundreds of thousands of UK card credentials available to buy on the dark web for less than £10, you can bet that cybercriminals and fraudsters will be on their own shopping spree. Major sales events like Black Friday have historically seen a huge number of compromised accounts being sold by hackers, used to make illegitimate purchases and siphon funds from virtual wallets. In the past, there has even been a dialing-down of proactive fraud detection on big shopping days like these. Merchants and card issuers were so insistent on allowing their transactions to flow through, they would often choose to allow more risky transactions to continue.”

While the scene may seem bleak, you are not powerless to improve your chances of keeping your information safe. Being mindful of where and how you submit your personal information is a solid start, while also improving passwords, ensuring that the goals of hackers are not made more achievable still.

“This is slowly changing and anecdotal evidence suggests that both maturity in fraud prevention tools, as well as the scale of the fraud problem, are allowing the financial institutions to become more stringent on these days. However, shoppers must remain vigilant. Fraudsters are opportunists by their very nature, and many will see Black Friday as a golden opportunity, hiding amongst the spike in legitimate purchases,” the EMEA Director of Fraud and Risk Intelligence at RSA Security said.

The post Black #Friday #cyberattacks to #break #records as #hackers enlist #bots appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures