Collaborate Disseminate
If you, a friend or loved one lost money in a scam involving Western Union, some or all of those funds may be recoverable thanks to a more than half-billion dollar program set up by the U.S. Federal Trade Commission. Continue reading Fund Targets Victims Scammed Via Western Union
American companies that are victims of a data breach ought to report the crimes and work with law enforcement because doing so could change the unfriendly public narrative that the government will look to start charging companies with crimes, federal officials told business executives this week. Acting Assistant Attorney General Dana Boente, the current head of the Justice Department’s national security division, pitched industry leaders in Washington on what he called “the business case” for cooperation with law enforcement in the wake of an online intrusion. “I recognize that your decision to call the FBI, to work with the Justice Department, is often your decision: It’s a choice,” Boente said in a keynote address to the U.S. Chamber of Commerce’s Sixth Annual Cybersecurity Summit. “And what I want to do today is lay out that there are real benefits to making that choice and the risks shouldn’t be overstated.” He argued that — for companies victimized by […]
The post Feds continue to call for private companies come forward after breaches appeared first on Cyberscoop.
Continue reading Feds continue to call for private companies come forward after breaches
If U.S.-based tech companies don’t find a way to allow cops with a warrant to access to encrypted communications — a move derided as a crypto backdoor by critics — the Trump administration may propose legislation to force them, according to Deputy Attorney General Rod Rosenstein. Addressing law enforcement officials at an anti-terrorism conference in Utah, Rosenstein went further than other officials have this year in threatening the tech sector with legislative action that would compel them to provide technical means for court-ordered wiretaps or device searches. “I hope that technology companies will work with us to stop criminals from defeating law enforcement. Otherwise, legislation may be necessary,” he warned. He recalled the aftermath of the San Bernardino terror attack, when Apple successfully fought off court orders aimed at forcing it to create a backdoor into the iPhone used by the shooter. “Unfortunately, some companies are unwilling to help enforce court orders to […]
The post Justice Department waves legislative stick at tech sector over encryption appeared first on Cyberscoop.
Continue reading Justice Department waves legislative stick at tech sector over encryption
A Canadian man charged with hacking into Yahoo! under the order of Russian intelligence officers waived his right to an extradition hearing and will now be transported to U.S. custody. Karim Baratov, 22, was arrested in March by Toronto police for allegedly breaching personal accounts tied to Yahoo! and other email providers between 2014 and 2016. Authorities said Beratov served as a contractor for Russia’s Federal Security Services (FSB). He faces 10 counts, including wire fraud and computer hacking. Baratov’s lawyer has said he may consider a plea deal in return for less chargers. The Justice Department has said that Baratov conducted cyber-espionage under the order of two FSB officers, Dmitry Dokuchaev and Igor Sushchin. Federal prosecutors estimate that the scheme led to upwards 500 million compromised Yahoo! accounts. CBC first reported the extradition agreement. When “a target of interest had accounts at webmail providers other than Yahoo, including through […]
The post Canadian allegedly paid by FSB officers to breach Yahoo will be extradited to U.S. appeared first on Cyberscoop.
Continue reading Canadian allegedly paid by FSB officers to breach Yahoo will be extradited to U.S.
The Justice Department quietly released guidelines last week to help interested parties design their own software vulnerability disclosure programs in a manner that avoids legal issues traditionally caused when a hacker remotely accesses a computer system without prior consent. These vulnerability disclosure programs, typically known as bug bounties, are typically created to allow participating parties to receive confidential information from independent researchers about software and hardware bugs that are affecting a company’s own systems or products. But the practice can sometimes run up against legal complications tied to the Computer Fraud and Abuse Act, or CFAA, which has been applied in different court cases in a variety of conflicting ways. Critics of CFAA have said the law is often vague and outdated, stunting researchers’ ability to find vulnerabilities without running afoul of the law. In short, the guidance underlines an effort by the federal government to apparently quell concerns held by […]
The post The Justice Department wants to help you run a vulnerability disclosure program appeared first on Cyberscoop.
Continue reading The Justice Department wants to help you run a vulnerability disclosure program
A group of Iranian hackers broke into multiple U.S. defense contractors between 2007 and 2013 in order to steal intellectual property, software and other proprietary information that they then sold to foreign enterprises and governments, including the Iranian government, according to a newly unsealed indictment by the Department of Justice. The indictment, published Monday, effectively shows how the Iranian government may have been able to circumvent previous export sanctions tied to the sale and purchase of U.S. defense technology by employing a group of contracted freelance hackers who would steal software products through a network of compromised computers based in the United States. The hackers allegedly stole software from Vermont-based engineering consulting and software design company Arrow Tech Associates and sold it to Iranian clients. The product, PRODAS, is a software platform designed for aerodynamics analysis and design for projectiles. It sells for $40,000 to $800,000, and customers receive a dongle to download a software license from […]
The post Iranian hackers heisted U.S. defense software for clients blocked by sanctions, indictment says appeared first on Cyberscoop.
A top Justice Department official says there is a “silver lining” in the fact that Russia’s Federal Security Service was reliant on a pair of alleged cybercriminals to hack into Yahoo and collect information. Two contractors with cybercrime connections were among four individuals indicted in March by the Justice Department in a massive data breach that occurred at Yahoo in 2014. The other two were officers from FSB, which is one of Russia’s top intelligence agencies. Such a “blended threat” can create openings for investigators, said Adam Hickey, deputy assistant attorney general for the National Security Division. “It’s an advantage to us because those are individuals that are more willing to travel, they are more likely to be less op-sec savvy in certain respects compared to an intelligence officer and that matters because apprehending them can … give us that human intelligence into the state-sponsored hacking,” Hickey said. “That can be very, very valuable in […]
The post Russia’s reliance on cybercriminals has a ‘silver lining,’ says top DOJ lawyer appeared first on Cyberscoop.
Continue reading Russia’s reliance on cybercriminals has a ‘silver lining,’ says top DOJ lawyer
Notorious spammer Peter Levashov was arrested over the weekend; Levashov is the alleged botmaster behind the Kelihos botnet. Continue reading Spammer’s Arrest Puts End to Kelihos Botnet
“He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.”
The above snippet is the subhead of a story published last month by the Daily Beast titled “FBI Arrests Hacker Who Hacked No One.” The subject of that piece — a 26-year-old American named Taylor Huddleston — faces felony hacking charges connected to two computer programs he authored and sold: An anti-piracy product called Net Seal, and a Remote Administration Tool (RAT) called NanoCore that he says was a benign program designed to help users remotely administer their computers.
The author of the Daily Beast story, former black hat hacker and Wired.com editor Kevin Poulsen, argues that Huddelston’s case “raises a novel question: When is a programmer criminally responsible for the actions of his users? Some experts say [the case] could have far reaching implications for developers, particularly those working on new technologies that criminals might adopt in unforeseeable ways.”
But a closer look at the government’s side of the story — as well as public postings left behind by the accused and his alleged accomplices — paints a more complex and nuanced picture that suggests this may not be the case to raise that legal question in a meaningful way. Continue reading Dual-Use Software Criminal Case Not So Novel
“He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.”
The above snippet is the subhead of a story published last month by the Daily Beast titled “FBI Arrests Hacker Who Hacked No One.” The subject of that piece — a 26-year-old American named Taylor Huddleston — faces felony hacking charges connected to two computer programs he authored and sold: An anti-piracy product called Net Seal, and a Remote Administration Tool (RAT) called NanoCore that he says was a benign program designed to help users remotely administer their computers.
The author of the Daily Beast story, former black hat hacker and Wired.com editor Kevin Poulsen, argues that Huddelston’s case “raises a novel question: When is a programmer criminally responsible for the actions of his users? Some experts say [the case] could have far reaching implications for developers, particularly those working on new technologies that criminals might adopt in unforeseeable ways.”
But a closer look at the government’s side of the story — as well as public postings left behind by the accused and his alleged accomplices — paints a more complex and nuanced picture that suggests this may not be the case to raise that legal question in a meaningful way. Continue reading Dual-Use Software Criminal Case Not So Novel