Author Archives: Patrick Howell O'Neill

London police seize over $667,000 in bitcoin from convicted hacker

Posted on by

London Metropolitan Police seized more than £500,000 ($667,000) in bitcoin from a hacker convicted of phishing attacks against 100 global companies and possessing stolen financial and personal data from 78 million individuals. Grant West, 26, was sentenced to 10 years and eight months in prison on Friday in London. West’s two-and-a-half-year-long scheme was to phish a wide range of targets, steal sensitive data and then sell the information on dark web markets. More than 47,000 such sales of stolen data were charged against him in court. Police shared the following screenshot of a vastly successful West phishing email: There is still £1.6 million worth of stolen cryptocurrency that remains unaccounted for that the sentencing judge described as “secreted away.” West was known online as Courvoisier, after the popular French cognac. He was a prominent vendor on the dark web market AlphaBay, which was the largest and most profitable of such sites until international police […]

The post London police seize over $667,000 in bitcoin from convicted hacker appeared first on Cyberscoop.

Continue reading London police seize over $667,000 in bitcoin from convicted hacker

Facebook no longer requires phone numbers for multi-factor authentication

Posted on by

Facebook updated its multi-factor authentication options on Tuesday, no longer requiring a phone number to use the service to sign into the company’s platform. Product manager Scott Dickens laid out the changes in a Wednesday blog post saying that “third-party authentication apps like Google Authenticator and Duo Security” are now easier to use. Those apps offer more security than phone numbers, due to the fact that SMS messages tied to phone numbers can be hijacked. Facebook has also long offered security keys like Yubikey as a multi-factor authentication option. The option to remove phone numbers is significant for several reasons. First, SMS messages are considered an insecure authentication method by authorities including the National Institute of Standards and Technology. Facebook has also run into some issues regarding SMS in the past few months. A bug allowed for the platform to spam users with updates via SMS, which drove users to complain on Twitter about the […]

The post Facebook no longer requires phone numbers for multi-factor authentication appeared first on Cyberscoop.

Continue reading Facebook no longer requires phone numbers for multi-factor authentication

No one is updating their Android devices, new data shows

Posted on by

It’s typically good advice to patch early and often. What’s said less often is that most of the time it just isn’t happening. Duo Security has new data to back that up: The company released a study Wednesday finding 90 percent of over 10.7 million Android devices across the U.S. and Western Europe are running outdated versions of the operating system. Additionally, only 8 percent of Android phones ran the latest security patch, according to the report. It’s a significant gap that’s due in large part to Android’s enormous, fractured ecosystem. Users often receive updates haphazardly through their carriers or phone manufacturers, and that’s if they get them at all. Attackers often take advantage of this, with new malware frequently popping up that preys on old Android models. Even as Android’s competitor Apple is doling out patches through its App Store, there is an significant gap in users updating to […]

The post No one is updating their Android devices, new data shows appeared first on Cyberscoop.

Continue reading No one is updating their Android devices, new data shows

Potential Trump deal to ease sanctions on China’s ZTE riles Congress

Posted on by

U.S. lawmakers are preparing to block any attempt by President Donald Trump to significantly soften sanctions against the Chinese telecom giant ZTE. While Trump said Tuesday that a deal has yet to be finalized, members of Congress continued to take a hard line against the company, which the Commerce Department banned from accessing U.S. technology after it sold equipment to Iran and North Korea. Chinese President Xi Jinping has been pushing Trump to relax the U.S. stance while American lawmakers, intelligence agencies and military officials have been emphasizing the longstanding national security grievances against the Chinese firm. The reported deal would lift the American sales ban against ZTE. In light of all the criticism, Trump’s potential solution “is like a wet noodle,” Senate Democratic leader Chuck Schumer of New York said. The latest strike against ZTE — which admitted wrongdoing and blamed internal processes on failing to fire sanctions violators rather than intentional malice — sent shock waves through the […]

The post Potential Trump deal to ease sanctions on China’s ZTE riles Congress appeared first on Cyberscoop.

Continue reading Potential Trump deal to ease sanctions on China’s ZTE riles Congress

YubiKey arrives on iOS

Posted on by

Cybersecurity hardware company Yubico has had a year marked by new investment, new tech and big customers including Google and Facebook. But the most frequent customer question has remained: Can I use this thing with my damn iPhone? The answer is now “yes.” Yubico announced on Tuesday a new YubiKey software development kit for iOS, allowing app developers to integrate the hardware key’s near field communication (NFC) authentication into their apps. That is, the small device doesn’t have to touch the phone to help authenticate a user, as it does with personal computers. The first iOS app to offer YubiKey support is popular multiplatform password manager LastPass. The process works with a YubiKey NEO model, which has NFC built in. CyberScoop used a beta version prior to the company’s announcement and found it to be as straightforward as plugging a YubiKey into a laptop or using it via NFC with an Android device. The company, which is based in both California and […]

The post YubiKey arrives on iOS appeared first on Cyberscoop.

Continue reading YubiKey arrives on iOS

Meet the Israeli company ready to sell citywide surveillance

Posted on by

Large public places, such as airports or shopping malls, have already been turned into surveillance free-for-alls, where people’s every move is catalogued for the sake of profit. Now, one prominent company is ready to help governments spread that same surveillance technology over entire cities. Israeli company Jenovice Cyber Labs is poised to launch new products that monitor everything from prisons to heavily populated areas, depending on what exactly customers want, CyberScoop has learned. It’s a particularly provocative product coming in the wake of DHS detecting Stingray cellphone spying devices across Washington, D.C., but all too easy to fathom based on the way companies make millions off the collection of location-based data. Jenovice’s Metropolink, which is only available for law enforcement and intelligence agencies, is sold as an “autonomous” surveillance system meant to monitor entire metropolitan areas. The capabilities list reads like hacker tech from a Jason Bourne movie: It’s advertised as being able to locate, list, […]

The post Meet the Israeli company ready to sell citywide surveillance appeared first on Cyberscoop.

Continue reading Meet the Israeli company ready to sell citywide surveillance

Latvian national convicted of running ‘VirusTotal-for-criminals’ malware scanner

Posted on by

A Latvian hacker has been convicted of crimes relating to running “Scan4You,” a for-profit website that allowed criminals to test if malware could be detected by security software. Ruslan Bondars, 37, was convicted by a federal jury on three charges including violation of the Computer Fraud and Abuse Act, conspiracy to commit wire fraud and computer intrusion with intent to cause damage. Bondars faces the possibility of 35 years in prison, but sentences for this kind of crime are typically far smaller in practice. He was arrested last year with Jurijs Martisevs, another Latvian accused of running Scan4You. Martisevs plead guilty earlier this year. “Ruslan Bondars designed and operated a service that provided essential aid to some of the world’s most destructive hackers,” Tracy Doherty-McCormick, Acting U.S. Attorney for the Eastern District of Virginia, said in a statement. Bondars was responsible for the technical infrastructure of the service. Scan4You is similar in many ways […]

The post Latvian national convicted of running ‘VirusTotal-for-criminals’ malware scanner appeared first on Cyberscoop.

Continue reading Latvian national convicted of running ‘VirusTotal-for-criminals’ malware scanner

Accused ‘Dark Overlord’ hacker arrested in Serbia

Posted on by

Serbian police announced Wednesday they had arrested a man who is accused of having tied to the hacking syndicate known “The Dark Overlord.” Serbia’s Ministry of the Interior, which is responsible for domestic law enforcement, said a 38-year-old man in Belgrade with initials S.S. was arrested in “international operation conducted by the FBI,” a police statement said. “The aim of the campaign was to uncover a large number of people who, using the name ‘The Dark Overlord’ on the Internet, have been unauthorized access to computer networks and data of at least 50 victims since June 2016 and have been stifling US citizen information and personal data, including data on ownership and intellectual property, health insurance, treatment and others,” Serbian police said. The group is famous for a noisy two-year cybercrime spree including hacking, extorting and then leaking episodes from the Netflix series “Orange is the New Black,” as well as hacking U.S. school systems and sending death threats […]

The post Accused ‘Dark Overlord’ hacker arrested in Serbia appeared first on Cyberscoop.

Continue reading Accused ‘Dark Overlord’ hacker arrested in Serbia

Ex-CIA employee identified as suspect in ‘Vault 7’ leaks

Posted on by

U.S. government officials are looking into a former CIA employee for his possible role in leaking a trove of the agency’s cyber espionage tools to WikiLeaks. Joshua Adam Schulte, who has worked for technical directorates at National Security Agency and the CIA, was charged with child pornography possession in August 2017. However, prosecutors have publicly revealed Schulte to be a key suspect in the Vault 7 leaks after seizing computer equipment, notebooks and handwritten notes from his apartment. The Washington Post first reported on Schulte’s relation to the case. Schulte, 29, has pleaded not guilty to the child pornography charges. His lawyers maintain he had nothing to do with the Vault 7 leaks, and he has not been charged with any crimes related to the case. Starting in March 2017, the Vault 7 leaks gave access to a trove of hacking tools and documentation on electronic surveillance capabilities that was initially […]

The post Ex-CIA employee identified as suspect in ‘Vault 7’ leaks appeared first on Cyberscoop.

Continue reading Ex-CIA employee identified as suspect in ‘Vault 7’ leaks

It only took five hours to close a critical vulnerability in Signal’s desktop client

Posted on by

A critical vulnerability found in the desktop version of secure messaging app Signal was patched less than five hours after disclosure to the developers, a rapid response that’s earned some plaudits from observers. Security researchers detailed a remote code execution flaw in the Signal desktop application across Windows, Mac OSX and Linux operating systems. A hacker could execute code on a targeted system just by sending a message to the victim because Signal’s desktop app failed to sanitize specific HTML tags that can inject HTML code into remote chat windows. “The critical thing here was that it didn’t require any interaction form[sic] the victim, other than simply being in the conversation,” the researchers wrote. “Anyone can initiate a conversation in Signal, so the attacker just needs to send a specially crafted URL to pwn the victim without further action. And it is platform independent!” Joshua Lund, a developer at Signal, commented that “exploiting this requires the attacker […]

The post It only took five hours to close a critical vulnerability in Signal’s desktop client appeared first on Cyberscoop.

Continue reading It only took five hours to close a critical vulnerability in Signal’s desktop client