(NEVADA) Justice Dept Report – Two foreign nationals — one Russian, the other North Macedonian national — were sentenced today for their role in the Infraud Organization, a transnational cybercrime enterprise #AceNewsDesk report

Foreign Nationals Sentenced for Roles in Transnational Cybercrime Enterprise: ‘They were engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, computer malware, and other contraband & the Infraud Organization victimized millions of people in all 50 states and caused more than $568 million in financial losses’

Sergey Medvedev, aka “Stells,” “segmed,” and “serjbear,” 33, of Russia, pleaded guilty in the District of Nevada to one count of racketeering conspiracy in June 2020 and was sentenced today to 10 years in prison. According to court documents, Medvedev was a co-founder of Infraud along with Syvatoslav Bondarenko of Ukraine. From November 2010 until Infraud was taken down by law enforcement in February 2018, Medvedev was an active participant in the Infraud online forum, operating an “escrow” service to facilitate illegal transactions among Infraud members. For several years, Medvedev served as Infraud’s administrator, handling day-to-day management, deciding membership, and meting out discipline to those who violated the enterprise’s rules.

Marko Leopard, aka “Leopardmk,” 31, of North Macedonia, pleaded guilty in the District of Nevada to one count of racketeering conspiracy in November 2019 and was sentenced today to five years in prison. According to court documents, Leopard joined Infraud in June 2011, offering his services as an “abuse immunity” web hoster to Infraud members who wished to create websites to sell contraband. Unlike a legitimate host, Leopard would knowingly cater to websites offering illegal goods and services, ignoring any abuse reports from internet users. He hosted a number of sites for Infraud members in this fashion, providing the infrastructure that allowed his co-conspirators to profit off of their criminal activities.

“Dismantling a cybercrime organization like Infraud requires aggressive pursuit of not only those who steal, sell, and use personal data, but also those who provide the infrastructure that allows cybercrime organizations to operate,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “Today’s sentences should serve as a warning to any web host who willingly looks the other way for a quick buck — and that the United States will hold these bad actors accountable, even when they operate behind a computer screen halfway across the world.”

“While criminal operators lurk in the deepest corners of the internet, they ultimately do not escape the reach of law enforcement,” said Special Agent in Charge Francisco Burrola of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) Las Vegas. “We will continue to aggressively investigate, disrupt, and dismantle hidden illegal networks that pose a threat in cyberspace. HSI and our partners are at the forefront of combating cyber financial crimes and illicit activities spread by online criminals looking for financial gain.”

Infraud was a criminal enterprise that existed to enrich its members and associates through a myriad of criminal acts of identity theft and financial fraud. Infraud facilitated the sale of contraband by its members, including counterfeit documents, stolen bank account and credit account information, and stolen personal identifying information. Members and associates of Infraud operated throughout the world and the United States, to include Las Vegas. The enterprise, which boasted over 10,000 members at its peak and operated for more than seven years under the slogan “In Fraud We Trust,” is among the largest ever prosecuted by the Department of Justice.

Infraud was responsible for the sale and/or purchase of over 4 million compromised credit and debit card numbers. The actual loss associated with Infraud was in excess of $568 million USD.

HSI Las Vegas and the Police Department of Henderson, Nevada, investigated the case. The Justice Department’s Office of International Affairs provided significant assistance in securing the defendant’s extradition from Croatia.  

Deputy Chief Kelly Pearson and Trial Attorneys Chad McHenry and Alexander Gottfried of the Justice Department’s Organized Crime and Gang Section prosecuted the case.

#AceNewsDesk report ……….Published: Mar.20: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cybercrime, #doj, #fraud, #macedonian, #malware, #russian

(WASHINGTON) ICE REPORT: Last year, Homeland Security Investigations (HSI) identified and rescued more than 1,000 child exploitation victims from predators involved in the production, distribution and possession of child pornography #AceNewsDesk report

#AceNewsReport – Mar.20: Wounded, ill or injured veterans are being trained and hired as computer forensic analysts to assist HSI in those investigations through the HERO Corps Program:

HSI HERO Corps Program: Hiring veterans to assist in investigations: ‘The HERO, or Human Exploitation Rescue Operative corps is an annual initiative managed by the HSI Cyber Crimes Center in partnership with the Department of Defense (DOD) and the National Association to Protect Children (PROTECT). Wounded vets and transitioning service members can apply through April 9 for the HERO Corps Program internship for fiscal year 2021’

Wounded, ill or injured vets can help rescue victims of child sexual exploitation

HERO interns work in support roles with HSI special agents to help rescue victims, prosecute predators and prevent crimes of child sexual exploitation. The paid federal program enlists veterans to train and work as computer forensic analysts on child exploitation investigations.

“The HERO Corps represents a unique opportunity for America’s veterans to continue their life of service by contributing to HSI’s critical mission of protecting our nation’s children,” said HSI Cyber Crime Center Deputy Assistant Director Stephanie L. Hampton. “The mission focused skillsets veterans bring from military service are particularly suited to HSI’s fight against child exploitation and are an invaluable asset for our agency.”

The intent of the internship program is to recruit, train and potentially hire qualified candidates to full-time permanent positions as computer forensic analysts assisting special agents in locations around the country. However, full-time employment is not guaranteed.

Interested applicants must go to ice.gov/hero to apply. The website also provides information on eligibility requirements, training, benefits, potential job locations, a timeline of events and frequently asked questions.

For additional questions about the program applicants can email hsiheroprogram@ice.dhs.gov.

#AceNewsDesk report ……….Published: Mar.20: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cybercrime, #dod, #heros-corp-program, #hsi, #ice, #washington

(WASHINGTON) #Cybercrime Report: Biden administration plans ‘Action Against Russian Networks’ and is planning wether it should be looking at another serious adversary China after the latest Microsoft attack #AceNewsDesk report

#AceNewsReport – Mar.09: The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world:

Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China: ‘Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary’

The proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusions on government and corporate systems.

March 7, 2021:

Jake Sullivan, President Biden’s national security adviser, last month. He said on Thursday that the White House was “closely tracking” reports that the vulnerabilities exploited in the Microsoft hacking were being used in “potential compromises of U.S. think tanks and defense industrial base entities.”
Jake Sullivan, President Biden’s national security adviser, last month. He said on Thursday that the White House was “closely tracking” reports that the vulnerabilities exploited in the Microsoft hacking were being used in “potential compromises of U.S. think tanks and defense industrial base entities.”Stefani Reynolds for The New York Times

Taken together, the responses will start to define how President Biden fashions his new administration’s response to escalating cyberconflictand whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation’s infrastructure.

The officials said the actions would be combined with some kind of economic sanctions — though there are few truly effective sanctions left to impose — and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm.

The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors.

Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability.

But that touched off a race between those responsible for patching the systems and a raft of new attackers — including multiple other Chinese hacking groups, according to Microsoft — who started using the same exploit this week.

The United States government has not made public any formal determination of who was responsible for the hacking, but at the White House and on Microsoft’s campus in Redmond, Wash., the fear is that espionage and theft may be a prelude to far more destructive activity, such as changing data or wiping it out.

The White House underscored the seriousness of the situation in a statement on Sunday from the National Security Council.

“The White House is undertaking a whole of government response to assess and address the impact” of the Microsoft intrusion, the statement said. It said the response was being led by Anne Neuberger, a former senior National Security Agency official who is the first occupant of a newly created post: deputy national security adviser for cyber and emerging technologies.

The statement said that national security officials were working throughout the weekend to address the hacking and that “this is an active threat still developing, and we urge network operators to take it very seriously.”

Jake Sullivan, Mr. Biden’s national security adviser, said on Twitter on Thursday that the White House was “closely tracking” the reports that the vulnerabilities in Microsoft Exchange were being used in “potential compromises of U.S. think tanks and defense industrial base entities.”

The discovery came as Mr. Biden’s national security team, led by Mr. Sullivan and Ms. Neuberger, has moved to the top of its agenda an effort to deter attacks, whether their intent is theft, altering data or shutting down networks entirely. For the president, who promised that the Russian attack would not “go unanswered,” the administration’s reactions in the coming weeks will be a test of his ability to assert American power in an often unseen but increasingly high-stakes battle among major powers in cyberspace.

A mix of public sanctions and private actions is the most likely combination to force a “broad strategic discussion with the Russians,” Mr. Sullivan said in an interview on Thursday, before the scope of the Chinese attack was clear.

“I actually believe that a set of measures that are understood by the Russians, but may not be visible to the broader world, are actually likely to be the most effective measures in terms of clarifying what the United States believes are in bounds and out of bounds, and what we are prepared to do in response,” he added.

From the first day of the new administration, Mr. Sullivan has been reorganizing the White House to fashion such responses. The same order he issued on Jan. 20, requiring the military to advise the White House before conducting drone strikes outside war zones, contained a paragraph with separate instructions for dealing with major cyberoperations that risk escalating conflict.

The order left in place, however, a still secret document signed by President Donald J. Trump in August 2018 giving the United States Cyber Command broader authorities than it had during the Obama administration to conduct day-to-day, short-of-war skirmishes in cyberspace, often without explicit presidential authorization.

Under the new order, Cyber Command will have to bring operations of significant size and scope to the White House and allow the National Security Council to review or adjust those operations, according to officials briefed on the memo. The forthcoming operation against Russia, and any potential response to China, is likely to fall in this category.

The hacking that Microsoft has attributed to China poses many of the same challenges as the SolarWinds attack by the Russians that was discovered late last year.
The hacking that Microsoft has attributed to China poses many of the same challenges as the SolarWinds attack by the Russians that was discovered late last year.Swayne B. Hall/Associated Press

American officials continue to try to better understand the scope and damage done by the Chinese attack, but every day since its revelation has suggested that it is bigger, and potentially more harmful, than first thought.

“This is a crazy huge hack,” Christopher C. Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, wrote on Twitteron Friday.

The initial estimates were that 30,000 or so systems were affected, mostly those operated by businesses or government agencies that use Microsoft software and run their email systems in-house. (Email and others systems run on Microsoft’s cloud were not affected.)

But the breadth of the intrusion and the identities of the victims are still unclear. And while the Chinese deployed the attack widely, they might have sought only to take information from a narrow group of targets in which they have the highest interest.

There is little doubt that the scope of the attack has American officials considering whether they will have to retaliate against China as well. That would put them in the position of engaging in a potentially escalating conflict with two countries that are also its biggest nuclear-armed adversaries.

It has become increasingly clear in recent days that the hacking that Microsoft has attributed to Beijing poses many of the same challenges as the SolarWinds attack conducted by the Russians, although the targets and the methodology are significantly different.

Like the Russians, the Chinese attackers initiated their campaign against Microsoft from computer servers — essentially cloud services — that they rented under assumed identities in the United States. Both countries know that American law prohibits intelligence agencies from looking in systems based in the United States, and they are exploiting that legal restriction.

“The Chinese actor apparently spent the time to research the legal authorities and recognized that if they could operate from inside the United States, it takes some of the government’s best threat-hunters off the field,” Tom Burt, the Microsoft executive overseeing the investigation, said on Friday.

The result was that in both the SolarWinds and the more recent Chinese hacking, American intelligence agencies appeared to have missed the evidence of what was happening until a private company saw it and alerted the authorities.

The debate preoccupying the White House is how to respond. Mr. Sullivan served as Mr. Biden’s national security adviser while he was vice president, as the Obama administration struggled to respond to a series of attacks.

Those included the Chinese effort that stole 22.5 million security-clearance records from the Office of Personnel Management in 2014 and the Russian attack on the 2016 presidential election.

In writings and talks over the past four years, Mr. Sullivan has made clear that he believes traditional sanctions alone do not sufficiently raise the cost to force powers like Russia or China to begin to talk about new rules of the road for cyberspace.

But government officials often fear that too strong a response risks escalation.

That is a particular concern in the Russian and Chinese attacks, where both countries have clearly planted “back doors” to American systems that could be used for more destructive purposes.

American officials say publicly that the current evidence suggests that the Russian intention in the SolarWinds attack was merely data theft. But several senior officials, when speaking not for attribution, said they believed the size, scope and expense of the operation suggested that the Russians might have had much broader motives.

“I’m struck by how many of these attacks undercut trust in our systems,” Mr. Burt said, “just as there are efforts to make the country distrust the voting infrastructure, which is a core component of our democracy.”

Russia broke into the Democratic National Committee and state voter-registration systems in 2016 largely by guessing or obtaining passwords. But they used a far more sophisticated method in the SolarWinds hacking, inserting code into the company’s software updates, which ushered them deep into about 18,000 systems that used the network management software. Once inside, the Russians had high-level access to the systems, with no passwords required.

Similarly, four years ago, a vast majority of Chinese government hacking was conducted via email spear-phishing campaigns. But over the past few years, China’s military hacking divisions have been consolidating into a new strategic support force, similar to the Pentagon’s Cyber Command. Some of the most important hacking operations are run by the stealthier Ministry of State Security, China’s premier intelligence agency, which maintains a satellite network of contractors.

Beijing also started hoarding so-called zero-days, flaws in code unknown to software vendors and for which a patch does not exist.

In August 2019, security researchers got their first glimpse of how these undisclosed zero-day flaws were being used: Security researchers at Google’s Project Zero and Volexity — the same company in Reston, Va., that discovered the Microsoft attack — found that Chinese hackers were using a software vulnerability to spy on anyone who visited a website read by Uighurs, an ethnic minority group whose persecution has drawn international condemnation.

For two years, until the campaign was discovered, anyone who visited the sites unwittingly downloaded Chinese implants onto their smartphones, allowing Beijing to monitor their communications.Kevin Mandia of FireEye, Sudhakar Ramakrishna of SolarWinds and Brad Smith of Microsoft testified last month in a Senate Intelligence Committee hearing on the Russian hacking.Drew Angerer/Agence France-Presse, via Pool/Afp Via Getty Images

The Chinese attack on Microsoft’s servers used four zero-days flaws in the email software. Security experts estimated on Friday that as many as 30,000 organizations were affected by the hacking, a detail first reported by the security writer Brian Krebs. But there is some evidence that the number could be much higher.

#AceNewsDesk report ………..Published: Mar.09: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#russia, #blinken, #china, #cybercrime, #microsoft, #united-states

(DALLAS, Tx.) Justice Dept Report: Two members of an international organized network that provided cash-out and money laundering services to cyber actors were extradited from the Czech Republic to Dallas #AceNewsDesk report

#AceNewsReport – Mar.07: Viktor Vorontsov, 39, and Zlata Hanska Muzhuk, 40, were charged in a one-count indictment with conspiracy to launder funds filed in February 2020 in the Northern District of Texas:

Two Ukrainian Nationals Extradited to U.S. on Money Laundering Charges: ‘According to the indictment, Muzhuk and Vorontsov were allegedly members of an international organized network providing cash-out and money laundering services to cyber actors who used stolen bank login credentials to initiate fraudulent electronic funds transfers from victims’ bank accounts to bank accounts (drop accounts) created and controlled by the cash-out actors’

For a fee, Muzhuk and Vorontsov provided a network of drop accounts and money mules to receive, transfer, and conceal money derived from the fraudulent online transfers of funds. The indictment alleges the conspiracy existed for the entirety of 2017 and focused on seven electronic funds transfers in October and November 2017, totaling almost $500,000.

During the FBI’s investigation of Muzhuk and Vorontsov, the Czech National Organized Crime Agency (NCOZ) collaborated to gather information and evidence. In late January 2020, NCOZ informed the FBI that Muzhuk was visiting Vorontsov at his residence in the Czech Republic. A criminal complaint and an arrest warrant were issued by a U.S. Magistrate Judge in Dallas and an FBI special agent from Dallas traveled to the Czech Republic to coordinate with the NCOZ.

In an unprecedentedly prompt response on Feb. 6, 2020, the NCOZ effected the arrests of Muzhuk and Vorontsov at the request of the U.S. and seized valuable evidence from both defendants and from Vorontsov’s residence. Muzhuk and Vorontsov were detained pending the extradition proceedings. On Dec. 4, 2020, and Jan. 21, 2021, respectively, the Ministry of Justice of the Czech Republic granted the extradition of Muzhuk and Vorontsov. The defendants were transferred to FBI custody on March 3, 2021 and were flown from Prague to Dallas.

Vorontsov and Muzhuk appeared before U.S. Magistrate Judge Toliver in the Northern District of Texas and entered not-guilty pleas to the charges. Vorontsov and Muzhuk remain in the custody of the U.S. Marshals Service.

The FBI’s Dallas Field Office conducted the investigation. The Justice Department’s Office of International Affairs provided substantial assistance in securing the defendants’ extradition from the Czech Republic.

Senior Trial Attorney C.S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Robert Nichols of the Northern District of Texas are prosecuting the case. 

An indictment is merely an accusation. A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

#AceNewsDesk report ………Published: Mar.07: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cybercrime, #doj, #ukrainian

(LAGOS, Nigeria.) JUST IN: Three Nigerians suspected of being part of a the cybercrime group (TMT) that targeted tens of thousands of victims around the world have been arrested today in the capital, according to Interpol #AceNewsDesk report

#AceNewsReport – Nov.25: In a report disclosing its involvement in the investigation, security firm Group-IB said the three suspects are members of a cybercrime group they have been tracking since 2019 and which they have been tracking under the codename of TMT. Group-IB said the group primarily operated by sending out mass email spam campaigns containing files laced with malware:

To send their email spam, the group used the Gammadyne Mailer and Turbo-Mailer email automation tools and then relied on MailChimp to track if a recipient victim opened their messages:

The file attachments were laced with various strains of malware that granted hackers access to infected computers from where they focused on stealing credentials from browsers, email, and FTP clients:

#AceNewsDesk report …………………Published on November 25, 2020 at 06:45PM

#ans2020, #cybercrime, #lagos, #nigeria, #security