#AceNewsReport – Dec.16: A 27-year-old man and a 23-year-old man, both from Ilford, were arrested for unauthorised computer access (Computer Misuse Act 1990) and conspiracy to commit fraud by misrepresentation (Fraud Act 2006). Searches at a residential property are underway and 11 devices have been seized.
#AceDailyNews MET Report: Staff at a London #NHS trust noticed a suspicious pattern on some online vaccination records and alerted Action Fraud, who passed the information onto the Met’s central #CyberCrime Unit, who have launched an investigation.
14 December 2021 17:30
In an unrelated investigation a 36-year-old man from also Ilford was arrested on suspicion of unauthorised computer access (Computer Misuse Act 1990) and conspiracy to commit fraud by misrepresentation (Fraud Act 2006). Three devices were seized and offered are searching a residential address.
The arrest followed a member of staff from a different NHS trust noticing suspicious vaccination records on their online system. The staff member reported their concerns to Action Fraud who sent the information to the Met.
All three remain in custody while the two separate investigations continue.
Detective Superintendent Helen Rance from the central Cyber Crime Team said:
” It is concerning that individuals may have fraudulently created false COVID-19 vaccination records during a time when levels of the virus are rising.
“The staff at both Trusts did the right thing and reported their concerns which has allowed us to fully investigate the circumstances.
“I want to reassure the public that no systems were hacked into from outside of the NHS networks and the integrity of the NHS systems remains robust.”
#AceNewsReport – Nov.04: A coffee stand in Ramtha District, 80km north of Amman, has suddenly become a mecca for activists and people wishing to show solidarity with its detained owner and his son, who is now running it….
Kameel al-Zoubi was arrested on 24 October for posting on his Facebook page that the wife of Jordan‘s prime minister, Bisher Khasawneh, receives a salary of JD5,000 ($7,000) from an official agency: Khaswaneh had issued a complaint based on the country’s cybercrime law, stating to a court that Zoubi’s post was “hurtful to him morally and psychologically” and that “it also contained fake news”.
Pandora Papers: In Jordan, King Abdullah leaks are met with media blackoutRead More »
On Sunday, political activists staged a sit-in in front of Marka prison to demand Zoubi’s release.
Zoubi is just one of hundreds of political activists, journalists and regular citizens who have found themselves in jail, or in front of a judge, for what they have posted on social media reflecting their political views.
The National Centre for Human Rights, a semi-governmental agency, stated in its annual report for 2020 that “the detention of individuals for what they express is continuing”.
The report, which was issued last week, said that “some of the detentions were carried out because of the right of expression on issues that have a direct bearing on the coronavirus”.
The continued detentions are based on Article 11 of the Cybercrime Law, under which an unprecedented 2,140 cases were brought in 2020, compared to 982 in 2019.
Article 11 of the 2015 law states that “anyone who on purpose posts or reposts statements or information on the internet, that include tort and slander, or the denigration of anyone, faces no less than three months in jail and a fine of no less than JD100 ($140) and not more than JD1,000 ($1,400).
Gagging those who want to speak out
Ahmad Hassan al-Zoubi, a satirical writer and distant relative of Kameel, told MEE: “There is abuse in the way the Cybercrime Law is applied to gag those who want to speak out.
“Before the law, I used to write a lot of criticism of corruption without any problem. Today I have to think: will this lead to my conviction if the case is brought in front of a judge?” says Ahmad, who has 19 cases against him, among them 14 based on the Cybercrime Law.
“Most cases against me are raised by government agencies. In those raised by non-government agencies I was vindicated.”
Zoubi says that Kameel has a right to raise the issue he did. “In Jordan, we have many stories in which sons, wives and other relatives of officials have become rich by using the offices of their relatives,” he said.
“Maybe what Kameel wrote was not backed by documents but was it necessary to use such hard abusive use of power prior to the investigation?
“The barging into their shop by security forces was all done because this person is a political opponent of the prime minister.”
Jordanian laws are full of vague statements on crimes such as “attempting to destroy the regime” or “causing friction between the components of the Jordanian people,” along with les majeste, meaning an offence against the dignity of the king.
The flexibility in their interpretation has also contributed to the imprisonment of political activists, teachers and independent unionist activists, who have been sent to state security courts simply for stating their positions on social media, or carrying out a peaceful demonstration.
Sedition trial: Jordan appeals court upholds jail sentence for ex-royal aideRead More »
Meanwhile, restrictions on freedom of expression have only increased since the beginning of the Covid-19 pandemic.
Defence order No. 8, which was issued in April last year under Jordan’s state of emergency, prohibits “publishing, re-publishing, or circulating any news about the epidemic in order to terrify people or cause panic among them via media, telephone, or social media”.
The order specifies penalties of up to three years in prison, a fine of JD3,000 ($4,200), or both.
Nidal Mansour, the founder of the Centre for the Defence and Protection of Journalists (CDPJ), told MEE: “Defence order number eight has increased punishments, including against whoever is accused of starting a rumour.
“This has created unprecedented pressure on the media and forced many to think long and hard before publishing anything, especially if such information contradicts the official line in terms of the virus, the number of cases, and so on.”
The CDPJ has issued a report entitled “Restricted Media” in which Mansour wrote: “After years of direct intervention, the media has reorganised itself and the editorial teams (chief editors, managing editors, reporters and the newsdesk) are now doing all the heavy lifting work pre-publication, going through what will be published, in order to remove anything that they consider to be in contradiction to the government line and direction.”
There are around 9.4 million internet users in Jordan, including 6.3 million with Facebook accounts.
In July, the government announced it was beginning “online patrols” to keep an eye on what was being published on social media.
The patrols are made up of security personnel who monitor what is being written on social media, and then follow up with the authors if they feel a crime has been committed.
Facebook is used by many political opponents in Jordan, who find its live video stream a perfect tool for criticising the government and sometimes the king.
The continuing deterioration of the economy has resulted in a spike in the use of live streams.
In recent months, the government has moved to cancel such coverage, including streams of protests by the teachers’ union, and demonstrations over the case of Prince Hamzeh and the Pandora documents.
Jordan has also blocked the Clubhouse application.
King Abdullah II last month asked the government to study all convictions brought under the lese majeste code in order to provide a private pardon to many of those who had been convicted under the law.
Last week, the government also promised it would “review the Cybercrime Law” in a statement made by the new minister of media affairs and the government spokesman, Faisal Shboul.
Shboul told journalists on Thursday that “there is an initial government plan to review all the legislation that is regulating the work of the media in cooperation with the Jordan Press Association”. “This includes the cybercrime law,” he added.
Israel demolishes Jordanian graves to build biblical parkRead More »
Khaled Khalifa, a lawyer specialising in cases involving printing and publication, including cybercrimes, told MEE: “There is a need for a full review of the Cybercrime Law.”
Khalifa has called for the replacement of the existing law with another law rather than amending it.
He says that there were many issues that need to be addressed in any new law and many others need a totally new text.
“A review between what exists now in the Cybercrime Law and the telecommunications law is needed so that internet users and the media know what the limitations are of what they can do legally online,” he said.
‘War against journalists’
Nidal Salameh is a journalist who is still waiting for the result of a case brought against him by the government and some of its ministers.
In a tweet he posted in 2020, Salameh called on the minister of interior to stop the heavy-handed treatment of teachers, whose protests had been violently broken up.
Salameh told MEE: “Using the law to suppress freedoms has become a sword against the necks of journalists who want to publish documented criticism.
‘Using the law to suppress freedoms has become a sword against the necks of journalists who want to publish documented criticism’
– Nidal Salameh, journalist
“This is a war against journalists and activists, and it is necessary that all journalists unite and call for the abolishment of this law which is hampering efforts to expose corruption.
“I was in jail for one month and five days on a case that was well documented and I was released thanks to a general amnesty.
“This restriction is contrary to what the king had called for when he requested a joint effort to fight corruption.”
Jordanian parties have called for a demonstration against the government on 12 November after Friday prayers in front of the Husseini Mosque in Amman.
Among their demands are the suspension of the Defence Law, including order No 8.
Meanwhile, Kameel remains in jail and his son Bassam keeps customers happy by providing them with hot coffee at the expense of his education.
Supporters know they can do little to help, but at least they buy the coffee as a token of support for his imprisoned father.Inside JordanAmman, JordanJordanian journalists calling out corruption muzzled by cybercrime lawsNews —-
#AceNewsReport – May.08: According to court documents, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, were founders and/or members of a bulletproof hosting organisation:
‘Four Eastern European nationals have pleaded guilty to conspiring to engage in a Racketeer Influenced Corrupt Organization (RICO) arising from their providing “bulletproof hosting” services between 2008 and 2015, which were used by cybercriminals to distribute malware and attack financial institutions and victims throughout the United States’
The group rented Internet Protocol (IP) addresses, servers, and domains to cybercriminal clients, who used this technical infrastructure to disseminate malware used to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds. Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims. A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities.
“Every day, transnational organized cybercriminals deploy malware that ravages our economy and victimizes our citizens and businesses,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The criminal organizations that purposefully aid these actors — the so-called bulletproof hosters, money launderers, purveyors of stolen identity information, and the like — are no less responsible for the harms these malware campaigns cause, and we are committed to holding them accountable. Prosecutions like this one increase the costs and risks to cybercriminals and ensure that they cannot evade responsibility for the enormous injuries they cause to victims.”
“Fraud over the internet has had a major economic impact on our community, and all over our nation and the world,” stated Acting U.S. Attorney Saima S. Mohsin of the Eastern District of Michigan. “An essential part of reducing the fraud involves vigorously investigating and prosecuting individuals such as these ‘bulletproof hosters’ who enable the fraudsters in victimizing people over the internet.”
“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said Special Agent in Charge Timothy Waters of the FBI’s Detroit Field Office. “This resulted in millions of dollars of losses to U.S. victims. Today’s guilty plea sends a message to cybercriminals across the globe that they are not beyond the reach of the FBI and its international partners, and that anyone who facilitates or profits from criminal cyber activity will be brought to justice.”
According to court filings and statements made in connection with their guilty pleas, Grichishkin and Skvortsov were founding members of the organization and its proprietors. Skvortsov was responsible for marketing the organization’s criminal business and served as a point of contact for important and/or disgruntled clients, and Grichishkin was the organization’s day-to-day leader and oversaw its personnel. Skorodumov was one of the organization’s lead systems administrators, and at some points, its only systems administrator. In this role, he configured and managed the clients’ domains and IP addresses, provided technical assistance to help clients optimize their malware and botnets, and monitored and responded to abuse notices. Stassi undertook various administrative tasks for the organization, including conducting and tracking online marketing to the organization’s criminal clientele and using stolen and/or false personal information to register webhosting and financial accounts used by the organization.
Stassi, Skorodumov, and Grichishkin pleaded guilty in February and March 2021 to one count of RICO conspiracy. Skvortsov pleaded guilty today to the same charge. All four guilty pleas took place before Chief U.S. District Judge Denise Page Hood in the Eastern District of Michigan. Sentencing of Stassi, Skorodumov, Grichishkin, and Skvortsov has been set for June 3, June 29, July 8, and Sept. 16, respectively. Each defendant faces a maximum penalty of 20 years in prison. A federal district court judge will determine each sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
The FBI investigated the case with critical assistance from law enforcement partners in Germany, Estonia, and the United Kingdom.
Senior Counsel Louisa K. Marion of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Patrick E. Corbett of the Eastern District of Michigan prosecuted the case. The Justice Department’s Office of International Affairs provided substantial assistance.
Foreign Nationals Sentenced for Roles in Transnational Cybercrime Enterprise: ‘They were engaged in the mass acquisition and sale of fraud-related goods and services, including stolen identities, compromised credit card data, computer malware, and other contraband & the Infraud Organization victimized millions of people in all 50 states and caused more than $568 million in financial losses’
Sergey Medvedev, aka “Stells,” “segmed,” and “serjbear,” 33, of Russia, pleaded guilty in the District of Nevada to one count of racketeering conspiracy in June 2020 and was sentenced today to 10 years in prison. According to court documents, Medvedev was a co-founder of Infraud along with Syvatoslav Bondarenko of Ukraine. From November 2010 until Infraud was taken down by law enforcement in February 2018, Medvedev was an active participant in the Infraud online forum, operating an “escrow” service to facilitate illegal transactions among Infraud members. For several years, Medvedev served as Infraud’s administrator, handling day-to-day management, deciding membership, and meting out discipline to those who violated the enterprise’s rules.
Marko Leopard, aka “Leopardmk,” 31, of North Macedonia, pleaded guilty in the District of Nevada to one count of racketeering conspiracy in November 2019 and was sentenced today to five years in prison. According to court documents, Leopard joined Infraud in June 2011, offering his services as an “abuse immunity” web hoster to Infraud members who wished to create websites to sell contraband. Unlike a legitimate host, Leopard would knowingly cater to websites offering illegal goods and services, ignoring any abuse reports from internet users. He hosted a number of sites for Infraud members in this fashion, providing the infrastructure that allowed his co-conspirators to profit off of their criminal activities.
“Dismantling a cybercrime organization like Infraud requires aggressive pursuit of not only those who steal, sell, and use personal data, but also those who provide the infrastructure that allows cybercrime organizations to operate,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “Today’s sentences should serve as a warning to any web host who willingly looks the other way for a quick buck — and that the United States will hold these bad actors accountable, even when they operate behind a computer screen halfway across the world.”
“While criminal operators lurk in the deepest corners of the internet, they ultimately do not escape the reach of law enforcement,” said Special Agent in Charge Francisco Burrola of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) Las Vegas. “We will continue to aggressively investigate, disrupt, and dismantle hidden illegal networks that pose a threat in cyberspace. HSI and our partners are at the forefront of combating cyber financial crimes and illicit activities spread by online criminals looking for financial gain.”
Infraud was a criminal enterprise that existed to enrich its members and associates through a myriad of criminal acts of identity theft and financial fraud. Infraud facilitated the sale of contraband by its members, including counterfeit documents, stolen bank account and credit account information, and stolen personal identifying information. Members and associates of Infraud operated throughout the world and the United States, to include Las Vegas. The enterprise, which boasted over 10,000 members at its peak and operated for more than seven years under the slogan “In Fraud We Trust,” is among the largest ever prosecuted by the Department of Justice.
Infraud was responsible for the sale and/or purchase of over 4 million compromised credit and debit card numbers. The actual loss associated with Infraud was in excess of $568 million USD.
HSI Las Vegas and the Police Department of Henderson, Nevada, investigated the case. The Justice Department’s Office of International Affairs provided significant assistance in securing the defendant’s extradition from Croatia.
Deputy Chief Kelly Pearson and Trial Attorneys Chad McHenry and Alexander Gottfried of the Justice Department’s Organized Crime and Gang Section prosecuted the case.
#AceNewsReport – Mar.20: Wounded, ill or injured veterans are being trained and hired as computer forensic analysts to assist HSI in those investigations through the HERO Corps Program:
HSI HERO Corps Program: Hiring veterans to assist in investigations: ‘The HERO, or Human Exploitation Rescue Operative corps is an annual initiative managed by the HSI Cyber Crimes Center in partnership with the Department of Defense (DOD) and the National Association to Protect Children (PROTECT). Wounded vets and transitioning service members can apply through April 9 for the HERO Corps Program internship for fiscal year 2021’
Wounded, ill or injured vets can help rescue victims of child sexual exploitation
HERO interns work in support roles with HSI special agents to help rescue victims, prosecute predators and prevent crimes of child sexual exploitation. The paid federal program enlists veterans to train and work as computer forensic analysts on child exploitation investigations.
“The HERO Corps represents a unique opportunity for America’s veterans to continue their life of service by contributing to HSI’s critical mission of protecting our nation’s children,” said HSI Cyber Crime Center Deputy Assistant Director Stephanie L. Hampton. “The mission focused skillsets veterans bring from military service are particularly suited to HSI’s fight against child exploitation and are an invaluable asset for our agency.”
The intent of the internship program is to recruit, train and potentially hire qualified candidates to full-time permanent positions as computer forensic analysts assisting special agents in locations around the country. However, full-time employment is not guaranteed.
Interested applicants must go to ice.gov/hero to apply. The website also provides information on eligibility requirements, training, benefits, potential job locations, a timeline of events and frequently asked questions.
#AceNewsReport – Mar.09: The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world:
Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China: ‘Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary’
The proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusions on government and corporate systems.
March 7, 2021:
Taken together, the responses will start to define how President Biden fashions his new administration’s response to escalating cyberconflictand whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation’s infrastructure.
The officials said the actions would be combined with some kind of economic sanctions — though there are few truly effective sanctions left to impose — and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm.
The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors.
Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability.
But that touched off a race between those responsible for patching the systems and a raft of new attackers — including multiple other Chinese hacking groups, according to Microsoft — who started using the same exploit this week.
The United States government has not made public any formal determination of who was responsible for the hacking, but at the White House and on Microsoft’s campus in Redmond, Wash., the fear is that espionage and theft may be a prelude to far more destructive activity, such as changing data or wiping it out.
The White House underscored the seriousness of the situation in a statement on Sunday from the National Security Council.
“The White House is undertaking a whole of government response to assess and address the impact” of the Microsoft intrusion, the statement said. It said the response was being led by Anne Neuberger, a former senior National Security Agency official who is the first occupant of a newly created post: deputy national security adviser for cyber and emerging technologies.
The statement said that national security officials were working throughout the weekend to address the hacking and that “this is an active threat still developing, and we urge network operators to take it very seriously.”
Jake Sullivan, Mr. Biden’s national security adviser, said on Twitter on Thursday that the White House was “closely tracking” the reports that the vulnerabilities in Microsoft Exchange were being used in “potential compromises of U.S. think tanks and defense industrial base entities.”
The discovery came as Mr. Biden’s national security team, led by Mr. Sullivan and Ms. Neuberger, has moved to the top of its agenda an effort to deter attacks, whether their intent is theft, altering data or shutting down networks entirely. For the president, who promised that the Russian attack would not “go unanswered,” the administration’s reactions in the coming weeks will be a test of his ability to assert American power in an often unseen but increasingly high-stakes battle among major powers in cyberspace.
A mix of public sanctions and private actions is the most likely combination to force a “broad strategic discussion with the Russians,” Mr. Sullivan said in an interview on Thursday, before the scope of the Chinese attack was clear.
“I actually believe that a set of measures that are understood by the Russians, but may not be visible to the broader world, are actually likely to be the most effective measures in terms of clarifying what the United States believes are in bounds and out of bounds, and what we are prepared to do in response,” he added.
From the first day of the new administration, Mr. Sullivan has been reorganizing the White House to fashion such responses. The same order he issued on Jan. 20, requiring the military to advise the White House before conducting drone strikes outside war zones, contained a paragraph with separate instructions for dealing with major cyberoperations that risk escalating conflict.
The order left in place, however, a still secret document signed by President Donald J. Trump in August 2018 giving the United States Cyber Command broader authorities than it had during the Obama administration to conduct day-to-day, short-of-war skirmishes in cyberspace, often without explicit presidential authorization.
Under the new order, Cyber Command will have to bring operations of significant size and scope to the White House and allow the National Security Council to review or adjust those operations, according to officials briefed on the memo. The forthcoming operation against Russia, and any potential response to China, is likely to fall in this category.
American officials continue to try to better understand the scope and damage done by the Chinese attack, but every day since its revelation has suggested that it is bigger, and potentially more harmful, than first thought.
The initial estimates were that 30,000 or so systems were affected, mostly those operated by businesses or government agencies that use Microsoft software and run their email systems in-house. (Email and others systems run on Microsoft’s cloud were not affected.)
But the breadth of the intrusion and the identities of the victims are still unclear. And while the Chinese deployed the attack widely, they might have sought only to take information from a narrow group of targets in which they have the highest interest.
There is little doubt that the scope of the attack has American officials considering whether they will have to retaliate against China as well. That would put them in the position of engaging in a potentially escalating conflict with two countries that are also its biggest nuclear-armed adversaries.
It has become increasingly clear in recent days that the hacking that Microsoft has attributed to Beijing poses many of the same challenges as the SolarWinds attack conducted by the Russians, although the targets and the methodology are significantly different.
Like the Russians, the Chinese attackers initiated their campaign against Microsoft from computer servers — essentially cloud services — that they rented under assumed identities in the United States. Both countries know that American law prohibits intelligence agencies from looking in systems based in the United States, and they are exploiting that legal restriction.
“The Chinese actor apparently spent the time to research the legal authorities and recognized that if they could operate from inside the United States, it takes some of the government’s best threat-hunters off the field,” Tom Burt, the Microsoft executive overseeing the investigation, said on Friday.
The result was that in both the SolarWinds and the more recent Chinese hacking, American intelligence agencies appeared to have missed the evidence of what was happening until a private company saw it and alerted the authorities.
The debate preoccupying the White House is how to respond. Mr. Sullivan served as Mr. Biden’s national security adviser while he was vice president, as the Obama administration struggled to respond to a series of attacks.
In writings and talks over the past four years, Mr. Sullivan has made clear that he believes traditional sanctions alone do not sufficiently raise the cost to force powers like Russia or China to begin to talk about new rules of the road for cyberspace.
But government officials often fear that too strong a response risks escalation.
That is a particular concern in the Russian and Chinese attacks, where both countries have clearly planted “back doors” to American systems that could be used for more destructive purposes.
American officials say publicly that the current evidence suggests that the Russian intention in the SolarWinds attack was merely data theft. But several senior officials, when speaking not for attribution, said they believed the size, scope and expense of the operation suggested that the Russians might have had much broader motives.
“I’m struck by how many of these attacks undercut trust in our systems,” Mr. Burt said, “just as there are efforts to make the country distrust the voting infrastructure, which is a core component of our democracy.”
Russia broke into the Democratic National Committee and state voter-registration systems in 2016 largely by guessing or obtaining passwords. But they used a far more sophisticated method in the SolarWinds hacking, inserting code into the company’s software updates, which ushered them deep into about 18,000 systems that used the network management software. Once inside, the Russians had high-level access to the systems, with no passwords required.
Similarly, four years ago, a vast majority of Chinese government hacking was conducted via email spear-phishing campaigns. But over the past few years, China’s military hacking divisions have been consolidating into a new strategic support force, similar to the Pentagon’s Cyber Command. Some of the most important hacking operations are run by the stealthier Ministry of State Security, China’s premier intelligence agency, which maintains a satellite network of contractors.
Beijing also started hoarding so-called zero-days, flaws in code unknown to software vendors and for which a patch does not exist.
In August 2019, security researchers got their first glimpse of how these undisclosed zero-day flaws were being used: Security researchers at Google’s Project Zero and Volexity — the same company in Reston, Va., that discovered the Microsoft attack — found that Chinese hackers were using a software vulnerability to spy on anyone who visited a website read by Uighurs, an ethnic minority group whose persecution has drawn international condemnation.
For two years, until the campaign was discovered, anyone who visited the sites unwittingly downloaded Chinese implants onto their smartphones, allowing Beijing to monitor their communications.Kevin Mandia of FireEye, Sudhakar Ramakrishna of SolarWinds and Brad Smith of Microsoft testified last month in a Senate Intelligence Committee hearing on the Russian hacking.Drew Angerer/Agence France-Presse, via Pool/Afp Via Getty Images
The Chinese attack on Microsoft’s servers used four zero-days flaws in the email software. Security experts estimated on Friday that as many as 30,000 organizations were affected by the hacking, a detail first reported by the security writer Brian Krebs. But there is some evidence that the number could be much higher.
#AceNewsReport – Mar.07: Viktor Vorontsov, 39, and Zlata Hanska Muzhuk, 40, were charged in a one-count indictment with conspiracy to launder funds filed in February 2020 in the Northern District of Texas:
Two Ukrainian Nationals Extradited to U.S. on Money Laundering Charges: ‘According to the indictment, Muzhuk and Vorontsov were allegedly members of an international organized network providing cash-out and money laundering services to cyber actors who used stolen bank login credentials to initiate fraudulent electronic funds transfers from victims’ bank accounts to bank accounts (drop accounts) created and controlled by the cash-out actors’
For a fee, Muzhuk and Vorontsov provided a network of drop accounts and money mules to receive, transfer, and conceal money derived from the fraudulent online transfers of funds. The indictment alleges the conspiracy existed for the entirety of 2017 and focused on seven electronic funds transfers in October and November 2017, totaling almost $500,000.
During the FBI’s investigation of Muzhuk and Vorontsov, the Czech National Organized Crime Agency (NCOZ) collaborated to gather information and evidence. In late January 2020, NCOZ informed the FBI that Muzhuk was visiting Vorontsov at his residence in the Czech Republic. A criminal complaint and an arrest warrant were issued by a U.S. Magistrate Judge in Dallas and an FBI special agent from Dallas traveled to the Czech Republic to coordinate with the NCOZ.
In an unprecedentedly prompt response on Feb. 6, 2020, the NCOZ effected the arrests of Muzhuk and Vorontsov at the request of the U.S. and seized valuable evidence from both defendants and from Vorontsov’s residence. Muzhuk and Vorontsov were detained pending the extradition proceedings. On Dec. 4, 2020, and Jan. 21, 2021, respectively, the Ministry of Justice of the Czech Republic granted the extradition of Muzhuk and Vorontsov. The defendants were transferred to FBI custody on March 3, 2021 and were flown from Prague to Dallas.
Vorontsov and Muzhuk appeared before U.S. Magistrate Judge Toliver in the Northern District of Texas and entered not-guilty pleas to the charges. Vorontsov and Muzhuk remain in the custody of the U.S. Marshals Service.
The FBI’s Dallas Field Office conducted the investigation. The Justice Department’s Office of International Affairs provided substantial assistance in securing the defendants’ extradition from the Czech Republic.
Senior Trial Attorney C.S. Heath of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Robert Nichols of the Northern District of Texas are prosecuting the case.
An indictment is merely an accusation. A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
#AceNewsReport – Nov.25: In a report disclosing its involvement in the investigation, security firm Group-IB said the three suspects are members of a cybercrime group they have been tracking since 2019 and which they have been tracking under the codename of TMT. Group-IB said the group primarily operated by sending out mass email spam campaigns containing files laced with malware:
To send their email spam, the group used the Gammadyne Mailer and Turbo-Mailer email automation tools and then relied on MailChimp to track if a recipient victim opened their messages:
The file attachments were laced with various strains of malware that granted hackers access to infected computers from where they focused on stealing credentials from browsers, email, and FTP clients:
#AceNewsDesk report …………………Published on November 25, 2020 at 06:45PM