The message describes these online platforms as “worryingly common threats,” detailing how threat actors used these sites for trafficking in stolen personal information: “Using strong relationships with our international partners, we will address crimes like these, which threaten privacy, security, and commerce around the world.”  

WeLeakInfo.to operators claimed to provide their users with a search engine to review and obtain personal information illegally obtained in more than 10,000 data breach incidents, with around 7 billion records indexed, exposing data such as full names, phone numbers, email addresses, and even online account passwords.

On the domains ipstress.in and ovh-booter.com, the report describes them as platforms for launching denial of service (DoS) attacks, commonly known as booting or stressor services. From these websites, threat actors could flood a specific web server with malicious traffic, making them inaccessible to legitimate users. 

As of this operation, the seized domain names, and any related domains, are now in the custody of the federal government, effectively suspending the operation of these malicious services. Visitors to the site will now find a seizure sign, reporting that U.S. federal authorities are responsible for the seizure.

The seizures of these domains were part of coordinated police action with the authorities of Belgium and the Netherlands. These police agencies arrested one of the main operators of these platforms, in addition to collaborating with various raids.

U.S. authorities have asked anyone who has information about other members of this cybercriminal operation to file a complaint immediately, as this is a critical time to act against these groups.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post FBI seizes infrastructure of Weleakinfo and other cyber criminal platforms appeared first on Information Security Newspaper | Hacking News.

A few days ago, investigators were alerted to a group of hackers with access to a username and password to the Law Enforcement Inquiry and Alerts (LEIA) system, which allows the search for information internally and in external database repositories, including data classified as “sensitive to law enforcement.” This report was shared with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ). In total, LEIA enables federated search of 16 federal law enforcement databases in the U.S.

The report received by KerbsOnSecurity includes some screenshots indicating that hackers may have accessed the El Paso Intelligence Center (EPIC), one of the databases accessible from LEIA. In this database, threat actors would have searched for all kinds of records on seized assets, including cars, boats, weapons and even drones.

Strangely, this information was reported to KerbsOnSecurity by “KT”, administrator of an alleged online cybercriminal community known as Doxbin. This same threat actor has been identified as the leader of Lapsus$, a hacking group that recently carried out high-profile attacks against well-known companies such as Microsoft, NVIDIA and Samsung.

This hacker is also blamed for operating a service that offers fake Emergency Data Requests (EDR), using compromised email accounts from law enforcement agencies to ask tech companies for access to their users’ confidential information posing as police officers.  

Although this activity has been linked to some alleged members of Lapsus$, at the moment it is unknown exactly who is behind these attacks, and even the possibility of a hacking group sponsored by national states is still being considered. DEA will continue to investigate the reports, so it only remains to wait for new details to be officially announced.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Threat actors could have hacked the U.S. Drug Enforcement Administration (DEA) and other related law enforcement agencies. Investigation still ongoing appeared first on Information Security Newspaper | Hacking News.

The Austin, Texas, resident pleaded guilty to conspiracy to commit electronic fraud in late 2021. As part of his plea agreement, he will also have to pay a total of $1.4 million in restitution for the harm caused to his victims.

According to prosecutors, between 2015 and 2018 Ponce and his accomplices created user accounts on an illegal dark web platform, specializing in the sale of confidential information such as access credentials to PayPal and other similar services.

Employing social engineering tactics, the suspect tricked third parties into accepting money transfers from the compromised PayPal accounts, in an attempt to remove the trace of their cybercriminal activity to their own accounts.

Kenneth Polite of the DOJ’s Criminal Division believes resolutions like this are important in the fight against organized crime: “The Department remains strongly committed to protecting people from scammers like this. This sentence sends a clear message to would-be thieves: online crime has real-world consequences.”

Access credentials to PayPal accounts are a highly attractive target for cybercriminals. Last August, a group of fraudsters posed as Europol executives to threaten their victims with alleged criminal proceedings in order to access their accounts in PayPal.

Finally, Assistant Director in Charge Steven D’Antuono of the FBI’s Washington Field Office said: “Today’s sentencing sends a message that the FBI will pursue cybercriminals across the globe; hiding behind a computer does not mean you can stay anonymous or out of reach of law enforcement”.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.  

The post Man gets 5 years for buying 38,000 PayPal stolen account credentials from the Internet appeared first on Information Security Newspaper | Hacking News.

In the complaint, a total of 10 charges were filed against Idris Dayo Mustapha, accusing him of employing social engineering tactics, phishing and other means in order to obtain usernames and passwords to access online bank accounts between 2011 and 2018.

Prosecutors mention that Mustapha, originally from Nigeria, began by transferring money from the victims to his own accounts; after the banks identified the fraudulent activity, the defendant and his accomplices decided to conduct unauthorized stock trades in compromised accounts, while also conducting other lucrative operations.

Among the evidence presented by prosecutors is a conversation between the defendant and an alleged accomplice that took place in April 2016: “It is better to make constant transfers, not to make a direct fraud,” Mustapha said.

Breon Peace, the attorney general in Brooklyn, released a statement mentioning that Mustapha was part of a cybercriminal group that caused millions of dollars in losses to hundreds of victims in the U.S., participating in all kinds of cybercrimes.

Mustapha was arrested in the UK at the end of 2021; the DOJ has already requested his extradition. If convicted, Mustapha could face a sentence of up to 20 years in prison for each of the charges against him, including wire fraud, securities fraud, money laundering and aggravated identity theft.

In 2016, the U.S. Securities and Exchange Commission (SEC) successfully requested an asset freeze against Mustapha in a civil lawsuit in Manhattan, an investigation related to a hack against stock market investors.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post British individual accused of hacking email servers and computers in US banks; losses of more than $5 million USD appeared first on Information Security Newspaper | Hacking News.

The defendant learned of his conviction on April 28, when he was found guilty of charges such as conspiracy to commit wire and bank fraud, access to electronic devices to commit fraud, identity theft and false statements to federal agents.

To complete the fraud, Oyuntur and his accomplices deployed a complex phishing campaign against an employee of the fuel supply company, who was responsible for communication between the company and the DOD through a government computer system of the General Services Administration (GSA).

The cybercriminals created several fraudulent email accounts with which they pretended to be employees of the fuel company, in addition to designing websites similar to those of the company. Between June and September 2018, Oyuntur and his accomplices sent multiple emails to the affected employee, successfully redirecting him to phishing websites.

On these websites, threat actors managed to trick the employee into obtaining their login credentials, subsequently employed to break into GSA systems and divert DOD money to their bank accounts.

A key element in the fraudulent operation was an automotive dealership and the creation of a fictitious company run by Hurriyet Arslan, Oyuntur’s accomplice. On October 10, 2018, the DOD transferred $23.5 million USD to the shell company’s bank account; subsequently, a third conspirator sent Arslan an altered government contract awarding the transfer of the money to Arslan’s concessionaire.

The charges of conspiracy and bank fraud for which Oyuntur was convicted could lead to more than 60 years in prison, while charges of unauthorized access to electronic systems are punishable by up to 10 years in prison. For his part, Arslan pleaded guilty in January 2020 to conspiracy, bank fraud and money laundering. His sentence will be known in mid-2022.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How a techie guy scammed the US Department of Defense and stole $23 million using a simple phishing email appeared first on Information Security Newspaper | Hacking News.

The Operation was coordinated internationally by Europol’s European Cybercrime Centre, and is seen as the culmination of a year of dedicated planning between law enforcement agencies in the UK, Portugal, Romania and Sweden, striking a severe blow to cybercrime.

The participating agents identified Diogo Santos Coelho, a 21-year-old Portuguese citizen, as the main operator of RaidForums. Also known by the aliases “Omnipotent” or “Downloading”, Coelho would have been in charge of the forum between 2015 and 2022, when he was arrested in the United Kingdom.

Documents filed by the U.S. Department of Justice (DOJ) mention that Coelho will face charges including conspiracy to commit fraud, wire fraud and aggravated identity theft. Despite the serious accusations against him, Coelho was never concerned about it with other members of RaidForums: “I assume that the forum is being monitored, but in reality we are all monitored,” the defendant said in his messages.

RaidForums was launched in 2015 and grew steadily to reach an estimated 500,000 members. In this illegal platform, all kinds of transactions were carried out, which facilitated the deployment of cyberattacks and hacking campaigns against government organizations, private companies and people of interest.

Coelho personally sold stolen data on the platform, according to the indictment, and facilitated transactions between members who wanted to buy and sell stolen data. In addition, an intermediary service at RaidForums allowed buyers and sellers to verify means and payment before completing transactions.

This is another clear sign of the commitment of law enforcement around the world against cybercrime and black market platforms on the dark web. Just a few days ago, German police confirmed the closure of Hydra Market, considered one of the largest illegal markets on the Internet.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post RaidForums, the world’s biggest hacking forum, is seized by Europol. 21-year-old administrator arrested appeared first on Information Security Newspaper | Hacking News.

In addition to the time he must spend in prison, the accused must return a part of the damages caused by his attacks, accept the seizure of his property and spend a period of supervised release. Vachon-Desjardins would have been involved in at least 17 ransomware attacks, generating losses of about $2.8 million USD.

In 2020, Canadian authorities began receiving reports related to NetWalker’s activity, sent by the Federal Bureau of Investigation (FBI). Authorities in the U.S. believed there was a group affiliated with the ransomware operation working from Quebec. Thanks to the collection of IP addresses, online accounts, aliases, email addresses and logs from Apple, Google, Microsoft and Mega.nz, the researchers were able to identify Vachon-Desjardins.

The defendant was arrested in Florida a couple of months ago, when the U.S. Department of Justice (DOJ) released a report claiming that NetWalker’s unit in Canada managed to raise up to $27.5 million USD, targeting organizations such as Northwest Territories Power Corporation, College of Nurses of Ontario and a large local tire store.

Although the defendant claimed that about 1,200 Bitcoin passed through his electronic wallet, investigators have only been able to seize 720 cryptocurrencies from Vachon-Desjardins’ accounts, since the defendant managed to convert part of these assets into cash. During his arrest, Vachon-Desjardins had more than half a million dollars in cash in his possession.

For the authorities, this arrest and sentence are not minor incidents: “The defendant was not an insignificant actor in these and other crimes, as he played a dominant role and helped NetWalker and other affiliates improve their ability to extort money from their victims and launder their illegal profits,” says G. Paul Renwick, the Canadian judge in charge of the case.

Renwick notes that the defendant already had a criminal record related to drug charges, being sentenced to 3 1/2 years in prison in 2015.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post A member of one of the most dangerous hacking groups has been arrested appeared first on Information Security Newspaper | Hacking News.

The defendant marketed all sorts of tools and software solutions, including WiFi blockers and interceptors, IMSI receivers, spyware and other tools to hack messaging services such as WhatsApp to sell to potential customers in Mexico and the United States. According to the DOJ, many of its clients were politically and financially motivated.

In addition to the sale of these solutions, the defendant himself used some of the tools he purchased to intercept phone calls and spy on the emails of a rival trade consortium from Baja California, Mexico, in a deal costing nearly $25,000 USD.

U.S. Attorney Randy Grossman said, “This guilty plea will help stop the proliferation of digital tools used to compromise the safety of U.S. and Mexican citizens.” The prosecutor also reiterated his commitment to the detection and interruption of any cybercriminal operation in collaboration with the rest of government agencies.

So far it is unknown which companies and government agencies bought the software sold by Guerrero and which are the companies that sold these tools to the defendant. More information could be revealed when the case is closed. Guerrero is still waiting to hear his sentence.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post This Mexican businessman was charged for selling phone interception tools and spyware to companies and government agencies in Latin America appeared first on Information Security Newspaper | Hacking News.

At the beginning of the investigation, Bowser faced 11 serious charges, although he has only pleaded guilty to conspiracy to evade security mechanisms in technological devices and traffic in evasion devices. Team Xecutor developed pirated software and emulators for Switch, Nintendo 3DS, Xbox, PlayStation and NES Classic.

The defendant admitted to working with this group between 2013 and 2020, during which time he managed illegal websites and sold software to hack consoles and devices. In the lawsuit against Team Xecutor, Nintendo claims to have lost more than $65 million USD due to this group.

Nintendo thanked the law enforcement agencies involved in the investigation, which include the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (NHS).

The video game company has always tried to take strict action against the illegal use of its products. Previously, Nintendo won a lawsuit against the RomUniverse platform, forcing the website’s administrators to pay $2.1 million USD compensation, plus they had to destroy all the illegal ROMs developed.

More recently, Nintendo began sending out copyright warnings against the GilvaSunner YouTube channel for its Nintendo soundtrack videos, which will likely lead to the channel’s definitive shutdown. 

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hacker sentenced to 3 years in prison for developing pirated software for Nintendo Switch appeared first on Information Security Newspaper | Hacking News.

As some users may recall, in 2016 Uber concealed an attack that led to the leaking of more than 57 million user records and more than 500,000 drivers. This information was downloaded from a cloud storage bucket by stealing the access credentials associated with a software engineer working for Uber.

The U.S. Department of Justice (DOJ) argues that Sullivan always knew about the attack, so he made a deal with the hackers responsible not to disclose the incident in exchange for a $100,000 USD payment in cryptocurrency. Those responsible for this attack were eventually identified and arrested for an intrusion on LinkedIn.

Trying not to raise suspicions, Sullivan pretended that the payment to the hackers was actually a payment of rewards for vulnerabilities, allegedly received by legitimate researchers. The prosecutors in charge of the case point out that this was a clear attempt to hide malicious activity, using a program to stimulate the investigation and combat the malicious exploitation of vulnerabilities.

Sullivan’s actions violated a California law that states that any business operating in this territory must notify residents of any data security incidents. On the wire fraud charges, the DOJ filed these new allegations because of its attempt to pass off the payment to hackers as part of Uber’s rewards program, plus there is evidence that Sullivan tried to influence the decision-making of the person who replaced him in office.

In total, Sullivan is charged with three counts of wire fraud, obstruction of justice and felony commission; although their final sentence is not yet known, the wire fraud charges could be punishable by a higher incarceration period than the other crimes. Sullivan is still waiting for his first hearing for the new charges.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How former Uber’s cyber security head could face 20 years in prison for scamming customers appeared first on Information Security Newspaper | Hacking News.

Renopharma was created as a front company supposedly dedicated to the research and development of cancer drugs, which was actually used as a repository of information stolen from the affected firm, while receiving subsidies from the government of China.

At the time, Lucy Xi and an accomplice were working as scientists and pharmaceutical developers at a GSK facility in Philadelphia. It should be remembered that this is an industry that requires considerable investments, since the development of a drug could cost more than one billion dollars.

In early 2015, Lucy Xi sent one of her accomplices a GSK document containing confidential data and trade secrets, including a summary of GSK’s sophisticated research on monoclonal antibodies: “It will help you in your future business,” Lucy Xi said in her message to the accomplice, identified as Yan Mei. The authorities do not rule out that this operation was carried out by order of China’s cyber army.

Jennifer Arbittier Williams, the attorney general in charge of the case, said: “The defendant illegally stole trade secrets to benefit the company from her accomplices, who in turn received funding from the Chinese government. When the intellectual property of companies like GSK is stolen, thousands of U.S. jobs are put at risk, as well as compromising the strategic benefits of research and development.”

On the other hand, the special agent of the Federal Bureau of Investigation (FBI) Jaqueline Maguire believes that the US authorities should punish this kind of behavior vigorously, since it has a direct impact on the local economy and is beneficial for the state actors that finance these operations. So far, the sentence that the defendant will receive is ignored.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How Chinese cyber army forced a GlaxoSmithKline employee to steal Cancer drug research data from the company appeared first on Information Security Newspaper | Hacking News.

The defendant was arrested in March as he got off his private jet as he arrived in Sion, Switzerland, where he planned to spend his vacation with his family. A few weeks later the Federal Bureau of Investigation (FBI) asked Switzerland for his extradition, around the same time that the Kremlin had requested that he be sent to his home country.

The Swiss authorities rejected Russia’s request as it conflicted with its laws, while accepting the extradition request shortly thereafter.

This week, the U.S. Department of Justice (DOJ) revealed the charges that have been brought against Klyushin, highlighting conspiracy to commit wire fraud, improper access to protected computer systems and securities fraud. In addition to Klyushin, also spelled “Kliushin,” charges were filed against five alleged accomplices.

The DOJ says the defendant owns M-13, an IT services firm specializing in pentesting. The other defendants are Ivan Ermakov, a former officer in Russia’s Main Intelligence Directorate; Nikolai Rumiantcev; Mikhail Vladimirovich Irzak and Igor Sergeevich Sladkov. Notably, the alleged co-conspirators are still at large.

Regarding Ermakov, the DOJ notes that charges were also filed against him in 2018, when U.S. authorities accused 7 alleged Russian agents of committing wire fraud, controlling identity theft campaigns, and facilitating money laundering operations, in addition to deploying disinformation campaigns about sports and anti-doping agencies.

Between 2018 and 2020, Klyushin and his accomplices allegedly conspired to access the computer networks of two companies in the U.S. authorized to file electronic documents with the Securities and Exchange Commission (SEC) on behalf of various corporate clients.

This group is accused of using stolen login credentials to access insider financial information about hundreds of companies and their listing on the stock exchange prior to the public disclosure of these reports. Using these reports, the defendants initiated a second stage of attack to make a profit by selling this insider information, generating millions of dollars in illicit income.

The defendants also allegedly bought shares of companies that reported positive results and were rushing to dump shares on the downside. This illegal practice affected dozens of companies, including Snap, Cytornx Therapeutics, Horizon Therapeutics, Puma Biotechnology, Synaptics, Capstead Mortgage, SS&C Technologies, Roku, Avnet and Tesla.

If found guilty, Klyushin and his accomplices could be sentenced to up to five years on the charge of conspiracy to gain unauthorized access to a computer and commit wire fraud and securities fraud; five years for unauthorized access to a computer; and 20 years for the fraudulent sale of securities and electronic fraud. Charge penalties also include up to three years of supervised release and fines of up to $250,000 USD. 

Para conocer más sobre riesgos de seguridad informática, malware, vulnerabilidades y tecnologías de la información, no dude en ingresar al sitio web del Instituto Internacional de Seguridad Cibernética (IICS).

The post FBI arrests the “King of stock market”, a famous hacker in underground markets appeared first on Information Security Newspaper | Hacking News.