Jump to content

Search the Community

Showing results for tags 'fbi'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. FBI says cybercrime complaints more than doubled in 14 months The FBI's Internet Crime Complaint Center (IC3) has seen a massive 100% in cybercrime complaints over the past 14 months. When the IC3 first began logging complaints in 2000, it took seven years to reach 1 million complaints. Since then, it has taken an average of 29.5 months for each additional million complaints. For the period between March 2020 and May 2021, the IC3 saw a massive increase of 1 million complaints in just 14 months. Internet Crime Complaint Center reports over the years The FBI attributes the rise in complaints to cyber criminals taking advantage of people working from home due to the pandemic and the rise in COVID-19 themed attacks. "In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree," says the IC3's 2020 Internet Crime Report. "These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society - medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others. As part of the report, the FBI says the top three crimes reported in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. However, victims lost the most money to BEC scams ($1.8 billion in losses), romance scams ($600 million in losses), and investment fraud ($336 million). Source: FBI says cybercrime complaints more than doubled in 14 months
  2. FBI shares 4 million email addresses used by Emotet with Have I Been Pwned Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency’s effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database with email addresses stolen by the malware. Over 4 million emails collected Earlier this year, law enforcement took control of Emotet botnet’s infrastructure that involved several hundreds of servers all over the world. Using the communication line to infected computers, law enforcement on April 25 was able to send out an update that uninstalled Emotet malware on all affected systems. Apart from computer systems, Emotet also compromised a large number of email addresses and used them for its operations. The FBI now wants to give the owners of these email addresses a quick way to check if they’ve been affected by Emotet. For this purpose, the agency and the Dutch National High Technical Crimes Unit (NHTCU) shared 4,324,770 email addresses that had been stolen by Emotet with the Have I Been Pwned (HIBP) data breach notification service. Troy Hunt, the creator of the HIBP service says that 39% of these email addresses had already been indexed as part of other data breach incidents. The email addresses belong to users from multiple countries. They came from logins stored on Emotet’s infrastructure for sending out malicious emails or had been harvested from the users’ web browsers. Emotet operation Given its sensitive nature, the Emotet data is not publicly searchable. Subscribers to the service that were impacted by the Emotet breach have already been alerted, says HIBP creator, Troy Hunt. Referring to the verification process, Hunt says that “individuals will either need to verify control of the address via the notification service or perform a domain search to see if they're impacted.” The Dutch National Police, which was part of the Emotet takedown operation, has a similar lookup service, where users can check if Emotet compromised their emails. Individuals can type in an email address, and if the account is part of the seized data from the Emotet botnet, the Dutch police will send it a message with instructions on what to do next. On February 3rd, the Dutch police added 3.6 million email addresses to its checking service. Another service, called Have I Been Emotet from cybersecurity company TG Soft launched on October 1, 2020. It check if Emotet used an email address as a sender or a recipient. However, it was last updated on January 25th, two days before the botnet was taken down. Huge takedown effort Emotet is among this decade’s most prominent botnets causing hundreds of millions of dollars in damage across the world and infecting around 1.6 million computers in about nine months. It played a key role in the distribution chain for several ransomware strains as it often delivered QakBot and Trickbot malware on the compromised network, which further dropped ProLock or Egregor, and Ryuk and Conti, respectively. On January 27th, all three Epochs - subgroups of the botnet with a separate infrastructure - of Emotet fell under the control of law enforcement agencies. The operation was possible with the effort from authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine. source: Europol Source: FBI shares 4 million email addresses used by Emotet with Have I Been Pwned
  3. The FBI will be able to snoop on your free Zoom calls, unless you pay for the company’s premium service, which offers end-to-end encryption. In brief Zoom is building end-to-end encryption for its video calls, but only for its premium users. The decision to keep free calls encrypted was in order to comply with the FBI. Zoom may allow users to verify their ID to get access to such encryption in the future. Communications company Zoom has no intentions of adding end-to-end encryption to Zoom calls for its free users, in order to appease the FBI. Meanwhile, it is developing such end-to-end encryption for its commercial clients, thanks to its acquisition of Keybase last month. "Free users for sure we don't want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose," Zoom CEO Eric Yuan said during a Zoom conference call on Wednesday. Zoom has morphed into an indispensable service amid the coronavirus outbreak. With citizens in lockdown, the typical meetings of the 9-5 grind have migrated online. But while this has been a significant boon for the communications firm, it hasn't been without its pitfalls. In recent months Zoom's security protocols have come under tremendous strain. This global stress test exposed a myriad of security issues and provoked privacy snafus in excess. In April, the company's claimed method of end-to-end encryption was deflated, as it was found that Zoom had access to unencrypted user data. Soon after, reports revealed that hackers could steal passwords from Zoom's vulnerable Windows client. Zooming off This news isn't sitting too well with some. Businesses have already started boycotting Zoom in opposition to the service's lack of privacy controls. Most notable was SpaceX, which banned its employee from using Zoom in April, citing "significant privacy and security concerns." Now, after this latest apparent affront, others are jumping on the bandwagon. "I just cancelled my @zoom_us subscription for my law firm, which I had recently purchased to assist with doing remote consultations with clients during the COVID-19 lockdown," tweeted attorney Joel Alan Gaffney in response to Zoom's announcement. Journalist Adam L. Penenberg also condemned the move. "Because people who can afford to pay for Zoom don't commit crimes?" he quipped. Nevertheless, according to a Zoom spokesperson speaking to The Independent, the company intends to provide end-to-end encryption to users who verify their identity. Whether this will extend to free users is unknown—but there may still be hope yet. Source
  4. FBI Director Christopher Wray today offered the House Homeland Security Committee some sobering news about China: the FBI opens a new China-related counterintelligence case roughly every 10 hours. Wray said of the nearly 5,000 active FBI counterintelligence cases underway across the U.S., almost half are related to China. He said China aims to compromise American health care organizations, pharmaceutical companies and academic institutions conducing important COVID-19 research. “They are going after cost and pricing information, internal strategy documents, personally identifiable information – anything that can give them a competitive advantage,” Wray told House members this morning. Wray also said the FBI has become worried about a “wider-than-ever” range of threat actors – from multinational cyber syndicates to nation-state adversaries. And they are concerned that these threat actors are targeting managed service providers (MSPs) as a way of attacking multiple victims by hacking just one provider. The FBI Director added that China’s Ministry of State Security (MSS) pioneered the MSP attack technique and said in July the FBI indicted two Chinese hackers who worked with the Guangdong State Security Department of the MSS. The Chinese hackers conducted a hacking campaign that lasted more than 10 years, targeting countries with high technology industries. The sectors they hit included solar energy, pharmaceuticals and defense. “Cybercrimes like these, directed by the Chinese government’s intelligence services, threaten not only the United States, but also every other country that supports fair play, international norms, and the rule of law, and they also seriously undermine China’s desire to become a respected leader in world affairs,” Wray said in his written testimony. Kennan Skelly, CEO at shyftED, said there’s really nothing new about the Chinese MSPs, adding that DHS has been picking up activity by Red Apollo (Advanced Persistent Threat 10) since 2014 with the Cloud Hopper campaign. “MSPs are a rich target as they service many companies that fit into the 10 sectors of Chinese interest,” Skelly said. Skelly said while MSPs aim to relieve the strain on organizations that cannot or do not want to manage their security in-house, they are equally at risk. For example, having dedicated teams and tools to protect customer organizations doesn’t mean they can lock everything down at a customer. “Even with the right security detection and mitigation in place it only takes one employee to click on a phishing or spear phishing email to allow threat actors in,” Skelly said. “Red Apollo has had great success using both of those tactics over many years. The most crucial defense we have is still the human line of defense, and sadly that still needs a lot of work. Until organizations begin to take security awareness seriously these threat actors will continue to prevail.” Bob VanKirk, chief revenue officer at SonicWall, added that MSPs also need a single, centralized dashboard to more effectively manage customer networks. “With 62 percent of Americans still working remotely, many MSPs are challenged to manage multiple customer networks from afar,” VanKirk said. “Through a single platform that tracks all its customers at once, MSPs can simplify operations and identify the new types of threat vectors to help their customers be proactive rather than reactive about a cyberattack.” Source
  5. The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas. Adam Rogas, CEO of fraud prevention software startup NS8, was arrested by the FBI . Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million. “Adam Rogas was the proverbial fox guarding the henhouse,” acting Manhattan U.S. Attorney Audrey Strauss said in a press statement. “While raising over $100 million from investors for his fraud prevention company, Rogas himself allegedly was engaging in a brazen fraud.” NS8 launched in 2016 to provide online fraud detection and prevention software for small businesses. More than 200 NS8 employees were laid off last week after executives told them the company was under investigation by the SEC for fraud. The news was startling for many, considering the company had announced a $123 million Series A funding round in June, led by global VC firm Lightspeed Venture Partners. In a statement, NS8 said that its board “has learned that much of the company’s revenue and customer information had been fabricated by Mr. Rogas.” The company added that no other employees or stakeholders had been charged and that it is cooperating with federal investigators. In a previous statement to Forbes, Rogas said that he left the company for family and personal reasons. He then alleged that NS8’s board and current management have used “an SEC investigation that began in November of 2019 to insinuate a more insidious narrative...I did not walk away with the companies [sic] money.” Rogas is facing multiple charges, including securities fraud and wire fraud, in separate complaints filed by the Justice Department and Securities and Exchange Commission Thursday. Charges by the Justice Department carry penalties up to 20 years in prison. Rogas is expected to face a judge in Nevada on Friday. In its complaint, filed in the Southern District of New York, the Justice Department alleged that from January 2019 to February 2020, between 40% and 95% of NS8’s assets were made up. During that period, the agency alleged, Rogas presented doctored bank statements to reflect over $40 million in fictitious revenue. In the SEC’s complaint, the agency alleged that Rogas doctored NS8's bank statements to show millions of dollars in payments from customers, before sending the falsified statements and revenue figures to NS8's finance department. The agency further alleged that in at least two securities offerings, NS8 and Rogas provided investors and prospective investors with the false financial statements. “It seems ironic that the co-founder of a company designed to prevent online fraud would engage in fraudulent activity himself,” said FBI assistant director William F. Sweeney Jr. in a statement. “We’ve seen far too many examples of unscrupulous actors engaging in this type of criminal activity.” Source
  6. The FBI Botched Its DNC Hack Warning in 2016—but Says It Won’t Next Time Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims. By notifying hacking victims sooner and at higher levels, the FBI hopes to avert another high-impact communications breakdown.Drew Angerer On April 28, 2016, an IT tech staffer for the Democratic National Committee named Yared Tamene made a sickening discovery: A notorious Russian hacker group known as Fancy Bear had penetrated a DNC server "at the heart of the network," as he would later tell the US Senate's Select Committee on Intelligence. By this point the intruders already had the ability, he said, to delete, alter, or steal data from the network at will. And somehow this breach had come as a terrible surprise—despite an FBI agent's warning to Tamene of potential Russian hacking over a series of phone calls that had begun fully nine months earlier. The FBI agent's warnings had "never used alarming language," Tamene would tell the Senate committee, and never reached higher than the DNC's IT director, who dismissed them after a cursory search of the network for signs of foul play. That miscommunication would result in the success of the Kremlin-sponsored hack-and-leak operation that would ultimately contribute to the election of Donald Trump. Four years later, the FBI and the community of incident response security professionals who often work with the bureau's agents says the FBI has significantly changed how it communicates with hacking victims—the better to avoid another DNC-style debacle. In interviews with WIRED, FBI officials never explicitly admitted to a failure in the case of the DNC's botched notification. But they and their private sector counterparts nonetheless described a bureau that has revamped its practices to warn hacking targets faster, and at a higher level of the targeted organization—especially in cases that might involve the upcoming election or the scourge of ransomware costing companies millions of dollars across the globe. In December of last year, for instance, the FBI announced a new formal policy of immediately notifying state government officials when the bureau identifies a threat to election infrastructure they control. But the improvements go beyond warnings to state officials, says Mike Herrington, the section chief of the FBI's cyber division. "I see a key change in practice and emphasis, getting our special agents in charge keyed up to gain the full cooperation of potential victims," says Herrington, who says he's personally notified dozens of victims of hacking incidents over his career. Those "special agents in charge" are higher-ranking than the typical field agents who have notified victims in the past, notes Steven Kelly, the FBI's chief of cyber policy. Kelly says that those special agents have also been instructed to aim their warnings further up the victim's org chart. "We want them to be reaching out to the C-suite level, to senior executives," says Kelly. "To make sure they're aware of what's going on and that they're putting the right amount of calories into addressing the issues so that these things don't get ignored or buried." First Alert Unlike practically every other crime the FBI deals with, the bureau is often in the strange position of being the first to tell a person or organization that they're victims of a cyberattack. Often the warnings are based on evidence pulled from ongoing hacking campaigns—sometimes from intelligence agencies or even foreign governments—such as a common command-and-control server across different intrusions. "It is often a very significant event in that person's career or life to have the FBI calling them and saying we believe you may be the victim of a crime," Herrington says. Over the last decade, though, the FBI's role as messenger has shifted, as organizations become more adept at discovering their own intrusions. For the past several years, roughly half of hacker intrusions were discovered by the victims themselves, according to the M-Trends report on data breach responses published by incident response firm Mandiant. That's a drastic change from 2011, when 94 percent of breaches were first detected by an outside organization, usually law enforcement. Even so, the growth in the sheer number of hacking incidents means the FBI is notifying far more victims than in the past, says Jake Williams, a former NSA hacker and founder of the security consultancy Rendition Infosec, which often acts as an incident response firm for hacking victims. Williams says that in the last few years, he's seen a doubling or tripling of the number of calls that his firm gets from hacking victims who were first notified by the FBI. The notifications still often provide just the bare minimum of information about the breach—such as the FBI's observation that a computer on the victim's network connected to a known malicious server—and victims are expected to call in their own incident response consultants to kick the hackers out, with little assistance from the FBI itself. But Williams also says he's found that the bureau now notifies victims sooner after its agents detect a breach; in years past, the FBI would sometimes warn victims only that they had been the victim of an intrusion, often well after the fact. "We're getting more information on the front side," says Williams. "Before it was commonly, 'we can't tell you exactly when and we don't know if it's still going on, but you should know.'" By some accounts, at least, the scandalous failure of communication that allowed Russian hackers run wild in the DNC's networks is far less likely to occur today. One DNC official told WIRED that the organization has had regular meetings with FBI agents since 2016; if another incident occurs, the two organizations would already have relationships between senior officials on both sides. "Basically we've solved this problem and have really good, clear channels of communication," the DNC official wrote in an email. Dmitri Alperovitch, the former CTO of Crowdstrike, which handled the incident response for the DNC's 2016 breach and many other incidents of state-sponsored hacking, agrees that the FBI's practices have changed—specifically that it's taking more care to reach senior executives or officials who will take its warnings seriously. Alperovitch points out that the FBI actually warned the DNC within days of the Russian hackers' first breaching its network. The problem, he says, was that the agents working the case had settled for a warning to a low-level staffer. "They should have reached out to higher ups," Alperovitch wrote in a message to WIRED. "I do see them going higher up the chain these days, so yeah, I think it’s better." Held for Ransom Elections aside, the epidemic of ransomware hitting US companies has also forced the FBI to improve and accelerate its warnings to hacking victims. For some of those cases, says special agent Tyson Fowler, the FBI has developed a so-called "emergency lead notification" process that bypasses the bureau's usual internal consultations and immediately notifies a cybersecurity-focused agent in a field office who can warn a victim, hopefully before the hackers deliver their ransomware payload. "We're leaning forward in terms of notifying victims as soon as possible and skipping all those steps," says Fowler. In one case in February, for instance, Fowler says he learned of a ransomware-focused intrusion into a Georgia-based multinational company's network and, by the end of the day, had reached the CEO of the company to warn about the impending attack. The company took part of its network offline, disrupting the hackers' access to their malware, Fowler says. "You have what could have been an extinction level event for the company, and we were able to avoid the financial impact and the privacy impact just by the quick response," says Kevvie Fowler, an incident responder with Deloitte whom the company brought in to help remediate the breach. None of that renewed urgency in victim notification guarantees that hackers won't outrun defenders anyway. They may, in fact, be learning to operate faster inside of victim networks as the pace of response quickens. But at least in cases where the FBI gets wind of an ongoing intrusion, the period of free rein they enjoy before being hunted by network responders may no longer last for months, as in the DNC hack, but in days or hours. The FBI Botched Its DNC Hack Warning in 2016—but Says It Won’t Next Time
  7. The Federal Bureau of Investigation issued a Public Service Announcement concerning the risks of using hotel Wi-Fi networks while teleworking. Most users don't seem to realize the severity of the risks they're subjecting themselves to while using hotel Wi-Fi networks. Visit our Security Section for the latest developments regarding cyber-security. You can also check out our VPN Hub to learn more about the benefits of using a VPN. The FBI recently issued a PSA to inform teleworkers of the risks of using hotel Wi-Fi networks. Reportedly, the Federal Bureau of Investigation noticed an increasing number of hotel remote workers. While remote working from hotel rooms isn’t inherently bad, connecting to a hotel Wi-Fi network might subject you to certain security risks. Some of the most serious ones include personal data thefts, or compromising work resources. Hotel room teleworking is trending Apparently, more and more US hotels started advertising room reservations during the daytime for those who seek a distraction-free environment. This comes as a blessing for teleworkers who can’t seem to focus on their work environment while at home. On the other hand, the risks may outweigh the benefits in this situation, especially in lieu of appropriate security measures. Unfortunately, when it comes to Wi-Fi networks, hotel management staff caters to the convenience of their customers, at the expense of their security. As a result, not only is the Wi-Fi password available for everyone to see in the hotel lobby, but it also gets replaced quite rarely. The risks of using hotel Wi-Fi networks There are a few quite serious risks you may expose yourself to while using Wi-Fi networks in hotels: Traffic monitoring – Your network activity could be exposed to a malicious third-party Evil Twin attacks – Cloning the hotel network, misleading clients to connect to the fake one instead Man-In-The-Middle attacks – Intercepting and stealing sensitive information from one’s device Compromising work – Facilitating cybercriminals to steal work credentials or other similar resources Digital identity theft Ransomware How do I reduce the risks of using hotel Wi-Fi? 1. Use a trustworthy VPN You can purchase a premium VPN subscription plan to encrypt network traffic. A VPN can easily protect your privacy by encrypting traffic between your device and the VPN gateway. This renders network monitoring tools and Man-In-The-Middle attacks useless. However, you should still keep an eye out for Evil Twin attacks. More often than not, an Evil Twin network won’t be password-protected and will have a weaker signal. 2. Don’t use the hotel’s Wi-Fi If you have a hefty data plan on your mobile device, just use that instead of the hotel’s Wi-Fi. You can either create a hotspot on your phone/tablet or use USB to tether it and share your Internet connection. Also, you may want to avoid using the auto-connect feature on your PC, to avoid it automatically connecting to the hotel’s Wi-Fi network or an unprotected Evil Twin one. 3. Keep it simple If you’re there for work, make sure you stay focused and avoid logging in on too many websites. That goes double for any website where you may input sensitive data, such as your SSN, credit card details, as well as other credentials. Last, but not least, always check the security certificates of the websites you’re visiting. If you don’t see HTTPS, then it’s a no-go. If you follow these steps, you shouldn’t have to worry about the dangers of working using a hotel’s Wi-Fi. Source
  8. It's using counterterrorism tools against civil disobedience. Federal agents tend to focus their phone cracking efforts on terrorists, but they appear to have shifted their attention to civil disobedience. NYR Daily has learned that the FBI sent its “Fly Team” counterterrorism unit to Portland in mid-July to conduct the “initial exploitation” of phones and other devices used by people protesting police racism and violence. The email revealing the plan, from now-retired special agent George Chamberlain, also asked for help with the “investigative follow up.” There’s a concern that the FBI may have been pushing the limits of its device search powers in the process. Fly Team co-creator Raymond Holcomb told NYR that it’s unclear what authority the FBI unit had to search the phones, and whether or not agents had consent or warrants. The Fly Team was formed to tackle counterterrorism with a “different set of tools,” not everyday protesters. Members of the House Committee on Homeland Security have lately worried that federal agents have held on to seized phones for months. The FBI declined to comment on the details of the operation, citing the “ongoing nature” of cases like this. It maintained that the Portland activity met “all of our legal requirements,” and that it had “not been focused on peaceful protests.” Those claims might not be enough to satisfy some critics. Senator Ron Wyden has demanded clarity on FBI and Homeland Security activity in Portland, saying that it would be “outrageous” if Oregon residents faced federal surveillance like phone exploits due solely to their politics. Without transparency, it’s not certain that the FBI or DHS respected protesters’ digital rights. Source
  9. Many of us are still hooked on Windows 7 and that's a huge problem Devices still running on Windows 7 targeted by hackers (Image credit: Future) The US Federal Bureau of Investigation (FBI) has published a warning notice highlighting dangers posed by the continued usage of Windows 7, retired by Microsoft earlier this year. The much-loved operating system reached end of life on January 14, meaning security patches, software updates and technical assistance are no longer available - but many users have remained loyal to the outdated OS regardless. However, according to the FBI notice, Windows 7 is attracting the attention of malicious cyber actors, who are seeking to take advantage of undiscovered security flaws in the no-longer-supported operating system. Windows 7 customers that purchased an Extended Security Update (ESU) plan are the only exception; security support for these users will extend until January 2023. Windows 7 end of life According to the FBI, there is strong precedent for cyberattacks on unsupported Windows operating systems and remote desktop protocols. With the vast majority of Windows 7 customers unable to patch their systems, the intelligence agency believes criminals will continue to look upon the operating system as a “soft target”. “The FBI has observed cybercriminals targeting computer network infrastructure after an operating system achieves end of life status,” reads the FBI notice. “Continuing to use Windows 7 within an enterprise may provide cybercriminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered.” To mitigate against the threat of attack, the FBI advises users adopt a “multilayered approach” to protection. This involves updating operating systems to the latest supported version (i.e. Windows 10), checking antivirus and spam filters are properly configured and isolating computer systems that cannot be updated. “Migrating to a new operating system can pose its own unique challenges, such as cost for new hardware and software and updating existing custom software. However, these challenges do not outweigh the loss of intellectual property and threats to an organization,” added the FBI. Many of us are still hooked on Windows 7 and that's a huge problem
  10. FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked email accounts. In a PIN (Private Industry Notification) alert sent last week and made public today, the FBI says the technique has been seen and abused in recent BEC (Business Email Compromise) attacks reported over the summer. The hackers' technique relies on a feature found in some email services called "auto-forwarding email rules." As its name implies, the feature allows the owner of an email address to set up "rules" that forward (redirect) an incoming email to another address if a certain criteria is met. Threat actors absolutely love email auto-forwarding rules as they allow them to receive copies of all incoming emails without having to log into an account each day -- and be at risk of triggering a security warning for a suspicious login. Recent spike of abuse in BEC attacks Email auto-forwarding rules have been abused since the dawn of email clients; by both nation-state hacking groups, but also regular cybercrime operators. But in a PIN last week, the FBI says it received multiple reports over the summer that the technique is now often abused by gangs engaging in BEC scams -- a form of cybercrime where hackers breach email accounts and then send emails from the hacked account in attempts to convince other employees or business partners into authorizing payments to wrong accounts, controlled by the intruders. The FBI provided two cases as examples were BEC scammers abused email forwarding rules during their attacks: In August 2020, cyber criminals created auto-forwarding email rules on the recently upgraded web client of a US-based medical equipment company. The webmail did not sync to the desktop application and went unnoticed by the victim company, which only observed auto-forwarding rules on the desktop client. RSS was also not enabled on the desktop application. After the BEC actors obtained access to the network, they impersonated a known international vendor. The actors created a domain with similar spelling to the victim and communicated with the vendor using a UK-based IP address to further increase the likelihood of payment. The actors obtained $175,000 from the victim. During another incident in August 2020, the same actor created three forwarding rules within the web-based email used by a company in the manufacturing industry. The first rule auto-forwarded any emails with the search terms "bank," "payment," "invoice," "wire," or "check" to the cyber criminal's email address. The other two rules were based off the sender's domain and again forwarded to the same email address. FBI recommends syncing email account settings FBI officials say that the technique is still making victims in corporate environments because some companies don't forcibly sync email settings for the web-based accounts with desktop clients. This, in turn, limits "the rules' visibility to [a company's] cyber security administrators," and the company's security software, which may be configured and capable of detecting forwarding rules, but may remain blind to new rules until a sync occurs. The FBI PIN -- a copy of which is available here -- contains a series of basic mitigations and solutions for system administrators to address this particular attack vector and prevent future abuse. The FBI PIN comes after the FBI reported earlier this year that BEC scams were, by far, the most popular form of cybercrime in 2019, having accounted for half of the cybercrime losses reported last year. Source
  11. FBI blames intrusions on improperly configured SonarQube source code management tools. The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public this week on its website. The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments. SonarQube apps are installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems. But the FBI says that some companies have left these systems unprotected, running on their default configuration (on port 9000) with default admin credentials (admin/admin). FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications. Officials provided two examples of past incidents: "In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations' networks. "This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository." Forgot problem resurfaces in 2020 The FBI alert touches on a little known issue among software developers and security researchers. While the cyber-security industry has often warned about the dangers of leaving MongoDB or Elasticsearch databases exposed online without passwords, SonarQube has slipped through the cracks. However, some security researchers have been warning about the dangers of leaving SonarQube applications exposed online with default credentials since as far back as May 2018. At the time, data breach hunter Bob Diachenko warned that about 30% to 40% of all the ~3,000 SonarQube instances available online at the time had no password or authentication mechanism enabled. This year, a Swiss security researcher named Till Kottmann has also raised the same issue of misconfigured SonarQube instances. Throughout the year, Kottmann has gathered source code from tens of tech companies in a public portal, and many of these came from SonarQube applications. "Most people seem to change absolutely none of the settings, which are actually properly explained in the setup guide from SonarQube," Kottmann told ZDNet. "I don't know the current number of exposed SonarQube instances, but I doubt it changed much. I would guess it's still far over 1,000 servers (that are indexed by Shodan) which are 'vulnerable' by either requiring no auth or leaving default creds," he said. To prevent leaks like these, the FBI alert lists a series of steps that companies can take to protect their SonarQube servers, starting with altering the app's default configuration and credentials and then using firewalls to prevent unauthorized access to the app from unauthorized users. Source
  12. FBI warns swatting attacks on owners of smart devices The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks. The FBI has recently issued an alert to warn owners of smart home devices with voice and video capabilities of so-called “swatting” attacks. Swatting attacks consist of hoax calls made to emergency services, typically reporting an immediate threat to human life, to trigger an immediate response from law enforcement and the S.W.A.T. team to a specific location. Unfortunately, the risk for the people associated with these operations is high due to the confusion on the part of homeowners or responding officers. In some cases, these actions have resulted in health-related or violent consequences and of course have a significant impact on the work of law enforcement that was not allocated on real emergencies. Motivations behind swatting attacks could be revenge, harassment, or prank. The attackers leverage spoofing technology to anonymize their own phone numbers and make the emergency call as coming from the victim’s phone number. According to the alert issued by the FBI, the swatters have been hijacking smart devices such as video and audio capable home surveillance devices. Threat actors likely take advantage of customers’ bad habit of re-using email passwords for their smart device. The offenders use stolen email passwords to log into the smart devices and take over them, is some cases they hijacked the live-stream camera and device speakers. Swatters then call emergency services to report a crime at the victims’ residence urging the intervention of law enforcement. “Recently, offenders have been using victims’ smart devices, including video and audio capable home surveillance devices, to carry out swatting attacks. To gain access to the smart devices, offenders are likely taking advantage of customers who re-use their email passwords for their smart device. The offenders use stolen email passwords to log into the smart device and hijack features, including the live-stream camera and device speakers.” reads the alert issued by the FBI. “They then call emergency services to report a crime at the victims’ residence. As law enforcement responds to the residence, the offender watches the live stream footage and engages with the responding police through the camera and speakers. In some cases, the offender also live streams the incident on shared online community platforms. The FBI is working with private sector partners who manufacture smart devices to advise customers about the scheme and how to avoid being victimized. The FBI is also working to alert law enforcement first responders to this threat so they may respond accordingly.” The FBI has been working with the manufacturers of the targeted smart devices to warn their customers about the threat of swatting attacks and provide them with recommendations on how to protect their devices hacked. The FBI recommends users to enable two-factor authentication (2FA) for smart devices exposed online. The FBI also recommends customers to don’t use an email account in 2FA for the second factor, instead recommends the use of a mobile device number. “Users of smart home devices with cameras and/or voice capabilities are advised of the following guidance to maximize security.” concludes the alert. Because offenders are using stolen email passwords to access smart devices, users should practice good cyber hygiene by ensuring they have strong, complex passwords or passphrases for their online accounts, and should not duplicate the use of passwords between different online accounts. Users should update their passwords on a regular basis. Users should enable two-factor authentication for their online accounts and on all devices accessible through an internet connection in order to reduce the chance a criminal could access their devices. It is highly recommended that the user’s second factor for two-factor or multi-factor authentication be a mobile device number and not a secondary e-mail account. Source: FBI warns swatting attacks on owners of smart devices
  13. In a rather unprecedented enforcement action, the FBI and Europol have shut down a 'bulletproof' VPN provider that helped cybercriminals to conceal their operations. The service didn't keep logs and routed traffic through a series of VPN connections. While many VPNs strive to keep customers private and secure, this company clearly crossed a line. Millions of Internet users around the world use a VPN to protect their privacy online. Another key benefit is that VPNs hide users’ true IP-addresses, making them more anonymous. This prevents third-party monitoring outfits from carrying out unwanted snooping. While there are good reasons to remain ‘relatively’ anonymous these services can also be abused by criminals. That can present problems, as most good VPN providers keep no identifiable logs, which makes the job of law enforcement agencies harder. Operation Nova This week, the FBI and Europol shut down “Safe-Inet,” a VPN service that went to extreme lengths to keep its customers hidden. The enforcement effort, dubbed “Operation Nova,” was coordinated by the German Reutlingen Police Headquarters with help from many international partners. According to Europol, Safe-Inet was used by some of the biggest cybercriminals including ransomware operators that held hundreds of companies hostage. With help from the VPN service, the criminals were able to avoid detection. “This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections,” Europol notes. “Law enforcement were able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN. These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.” Servers and Domains Seized The operation targeted several servers and domains of the VPN service, which also offered bulletproof hosting. U.S. authorities also seized several servers and have assumed control over three associated domain names: INSORG.ORG, SAFE-INET.COM and SAFE-INET.NET. The domain names all show a seizure banner now complete with the badges of the various enforcement agencies that contributed to the operation. A screenshot copy (via) of the working INSORG site shows that it offered various VPN, proxy and anonymizer options. At first sight, it’s quite an unprecedented move to take down a company that does what every good VPN is supposed to. That is, protecting the privacy of its users. However, it appears that Safe-Inet went further than that. “Designed to Support Crime” Commenting on the matter, the US Department of Justice notes that so-called “bulletproof” services are “intentionally designed” to provide hosting or VPN services to criminals. “These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement. Many of these services are advertised on online forums dedicated to discussing criminal activity. “A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs.” The Justice Department says that by acting in this manner, these companies knowingly aid and support the criminal activities of their customers, which makes them liable as well. Needless to say, this enforcement action and the comments that come with it will create a lot of uncertainty among VPN providers. There are dozens if not hundreds of VPN companies that don’t keep logs, and some of these are undoubtedly used by criminals as well. Advertising in Shady Places While further details about the investigation have not been revealed, we expect that Safe-Inet was not just any regular VPN provider. The Justice Department claims that it was actively helping and advertising to criminals. That changes things. When we searched through a few forums where stolen credit cards are traded, Safe-Inet and associated names indeed showed up to market its services. “We are happy to announce you about our elite level of service for high anonymity in the Internet network from insorg.org company, on advert reads, with another one mentioning that they don’t record logs and never show the real IP-address. Needless to say, Operation Nova comes as a shock to the VPN industry, but regular VPNs don’t advertise in these places. The i2Coalition, which includes several prominent VPN services among its members, says it supports the law enforcement action. While many of its members don’t keep any logs, they do what they can to deter criminal abuse. “Any technology can be misused, and the overwhelming majority of VPN usage is for legal and legitimate purposes, and millions of consumers and businesses rely on VPNs for essential online protection,” i2Coalition notes. VPN services won’t be rendered illegal anytime soon, but those who advertise their services on criminal platforms or knowingly help dodgy customers could be in trouble. The problem is, however, that it’s not entirely clear where the line is drawn. Source: TorrentFreak
  14. Shocking new documents obtained by Property of the People reveal that Reddit co-founder and famed digital activist Aaron Swartz was caught up in warrantless FBI email data collection which would later be used against him in an unrelated case. Swartz is widely recognized as the face of everything wrong with the Computer Fraud and Abuse Act. In 2013, Swartz killed himself after being aggressively prosecuted for downloading academic articles from a subscription-based research website JSTOR – at MIT, his university – with the intention of making them available to the public. He was facing 35 years in prison for his efforts to open access to scientific publications to wider audiences. The newly released documents reveal that in 2008, roughly five years prior to the case that would ultimately lead to him taking his own life, his emails were caught up in an investigation into al Qaeda. Later that year, Swartz came under investigation by the FBI who were seeking to determine if he had violated any laws by downloading millions of court documents from PACER. The government ultimately did not press charges in that case because the documents were public. However, according to the new report by Dell Cameron at Gizmodo, while the FBI was trying to build a case against the popular activist, they “began quietly building a profile of the oft-described technology ‘wunderkind,’ noting, for example, his involvement in the creation of the formatting language Markdown and RSS 1.0, and jotting down the various code frameworks that Swartz had helped to create and organizations that he had helped to found. Eventually, with all open source avenues exhausted, an FBI employee sat down at a computer terminal that, to most people, would appear plucked straight from the 1980s. The employee ran a search using the bureau’s automated case support system, a portal to the motherlode of FBI investigative files.” When the FBI employee searched Swartz’ website domain name, it got a hit, which revealed that his domain was involved in an international terrorism investigation — specifically into al Qaeda. Details of the terrorism case remain unknown, but it has become all too common to hear of innocent Americans having their information swept up in these investigations. It is possible that it was part of the FBI’s efforts to target anti-war activists. The warantless stockpiling of information that would later be used against him should concern everyone. “Just as Aaron Swartz’s email was apparently picked up here, you could, for instance, have a reporter or some source information scooped up and mined later,” attorney Gabe Rottman, director of the Reporters Committee’s technology and press freedom project told Gizmodo. “And that’s a matter of great concern.” Source
  15. In an attempt to identify someone tricking a company into handing over cash, the FBI created a fake FedEx website, as well as deployed booby-trapped Word documents to reveal fraudsters' IP addresses. The FBI has started deploying its own hacking techniques to identify financially-driven cybercriminals, according to court documents unearthed by Motherboard. The news signals an expansion of the FBI’s use of tools usually reserved for cases such as child pornography and bomb threats. But it also ushers in a potential normalization of this technologically-driven approach, as criminal suspects continually cover up their digital trail and law enforcement have to turn to more novel solutions. The two 2017 search warrant applications discovered by Motherboard both deal with a scam where cybercriminals trick a victim company into sending a large amount of funds to the scammers, who are pretending to be someone the company can trust. The search warrants show that, in an attempt to catch these cybercriminals, the FBI set up a fake FedEx website in one case and also created rigged Word documents, both of which were designed reveal the IP address of the fraudsters. The cases were unsealed in October. “What kinds of criminals mask their location, and for what kinds of crimes? Child pornography, yes; violent threats, yes; but also organized-crime rings engaged in cybercrime. A business email compromise scam, like those at issue in these warrants, falls squarely in that camp,” Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, told Motherboard in an online chat after reviewing the documents. The first case centers around Gorbel, a cranes and ergonomic lifting manufacturing company headquartered in Fishers, New York, according to court records. Here, the cybercriminals used a long, potentially confusing and official looking email address to pose as the company’s CEO Brian Reh, and emailed the accounts team asking for payment for a new vendor. The fraudsters provided a W9 form of a particular company, and the finance department mailed a check for over $82,000. Gorbel noticed the fraudulent transaction, and brought in the FBI in July. Shortly after, Gorbel received other emails pretending to be Reh, asking for another transfer. This time, the finance department and FBI were ready. The FBI created a fake FedEx website and sent that to the target, in the hope it would capture the hacker’s IP address, according to court records. The FBI even concocted a fake “Access Denied, This website does not allow proxy connections” page in order to entice the cybercriminal to connect from an identifiable address. (GoDaddy has since repossessed the domain, and the domain did briefly resolve to an IP address in Rochester, New York, where the FBI Special Agent writing the application is based, according to online records). It is not clear if the FBI sought permission from FedEx to digitally impersonate the company. FedEx did not respond to a request for comment, and the FBI did not provide a response to questions around the specific incident. Notably, only one other domain has previously resolved to the same IP address as the fake FedEx page; a domain that eludes to a law firm. The site only existed for a short time, is offline at the time of writing, and seems to have a very small digital fingerprint. It appears this law firm domain may also be connected to the FBI. Caption: A section of one of the warrant applications describing the fake FedEx website. That FedEx unmasking attempt was not successful, it seems—the cybercriminal checked the link from six different IP addresses, some including proxies—and the FBI moved on to use a network investigative technique, or NIT, instead. NIT is an umbrella term the FBI uses for a variety of hacking approaches. Previous cases have used a Tor Browser exploit to break into a target’s computer and force it to connect to an FBI server, revealing the target’s real IP address. Other NITs have been somewhat less technically sophisticated, and included booby-trapped video or Word files that once opened also ‘phone home’ to the FBI. This new NIT falls into that latter category. The FBI attempted to locate the cybercriminals with a Word document containing an image that would connect to the FBI server and reveal the target’s IP address, according to court records. The image was a screenshot of a FedEx tracking portal for a sent payment, the court records add. In the second case found by Motherboard, in August 2017, a business in the Western District of New York received an email claiming to be from Invermar, a Chilean seafood vendor and one of the company’s suppliers, according to court records. This email, posing as a known employee of Invermar, asked the victim to send funds to a new bank account. Whereas the legitimate Invermar domain ends with a .cl suffix, the hackers used one ending in .us. The business the hackers targeted apparently didn't notice the different suffix, and over the course of September and October wire transferred around $1.2 million to the cybercriminals, with the victim eventually able to recover $300,000 (the court documents don’t specify how exactly, although a charge back seems likely). The court documents do not name the victim company, but earlier this year Wegmans Food Market filed a lawsuit against Invermar for a similar scam, claimed similar damages, and the suit was filed in the same district as the FBI office writing the warrant application found by Motherboard. To determine where this criminal was located, the FBI also decided to deploy a NIT. “The FBI will provide an email attachment to the victim which will be used to pose as a form to be filled out by the TARGET USER for future payment from the VICTIM,” one court record reads. The NIT required the target to exit “protected mode,” a setting in Microsoft Word that stops documents from connecting to the internet. The warrant application says the government does not believe it needs a warrant to send a target an embedded image, but out of an abundance of caution, added to the fact that the target will need to deliberately exit protected mode, the FBI applied for one anyway. Caption: A section of one of the warrant applications explaining that the target will need to disable protected mode for the NIT to function. Both NITs were designed to only obtain a target’s IP address and User Agent String, according to the warrant applications. A User Agent String can reveal what operating system a target is using. Although signed by two different FBI Special Agents, both of the NIT warrant applications come out of the Cyber Squad, Buffalo Division, in Rochester, New York. We don't know how successful either of these NITs were in identifying the suspects. In the Gorbel case, the Justice Department asked for multiple extensions to keep the search warrant application sealed, right up to at least March of this year. Both warrants were returned as executed, according to court records. "The use of a Network Investigative Technique is lawful and effective," an FBI spokesperson told Motherboard in an email. "They are only employed when necessary, against some of the worst offenders. The technique is time and resource intensive and is not a viable option for most investigations." Previously, the FBI has deployed NITs on a large, and sometimes indiscriminate scale. When the Bureau targeted dark web hosting provider Freedom Hosting, its NIT also impacted users of a privacy-focused email service not suspected of a crime. In these new warrant applications the FBI emphasises that only the intended target should encounter the NIT. “The FBI anticipates the target user, and only the target user, will receive the email and attachment after logging in and checking emails,” one of the applications reads. “The general public will be protected from any violation of privacy through careful and direct deployment of the NIT to the specific target email,” another document adds. Pfefferkorn, the cybersecurity and surveillance expert, said “This shows that the government has learned from the Freedom Hosting case, where the NIT deployed from a website the government had taken over was not carefully targeted enough and ended up infecting the browsers of innocent people.” This sort of law enforcement hacking is likely to become more common. At the end of 2016, the Justice Department amended Rule 41, one of the rules around search warrants. The change meant that US judges could sign warrants to search computers outside of their district, and in particular, if law enforcement did not know where the suspect was ultimately located—exactly the issue with these two cases. “Now that Rule 41 has been amended, we can expect to see NIT warrants being used in the investigation of a range of crimes, not just the child pornography Tor Hidden Service busts that pre-dated the amendment,” Pfefferkorn said. Source
  16. The FBI opens investigation into Twitter attack over national security concerns Numerous investigations are now probing Twitter’s worst-ever security incident Illustration by Alex Castro The US Federal Bureau of Investigation has opened an investigation into Wednesday’s unprecedented Twitter attack that resulted in numerous takeovers of high-profile accounts belonging to politicians, business leaders, and corporations, according to a report from The Wall Street Journal. The FBI is concerned that the coordinated attack and the vulnerabilities it exposed in Twitter’s systems may pose serious security risks, due to the widespread compromising of sensitive accounts, including those of President Barack Obama and Democratic presidential candidate Joe Biden. President Donald Trump’s account was not affected, White House press secretary Kayleigh McEnany tells the WSJ, but it’s unclear if Trump’s account has special protections. Twitter tells The Verge it is in communication with the FBI regarding its investigation and intends to fully cooperate. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement given to the WSJ. New York Gov. Andrew Cuomo is also having the state’s Department of Financial Services investigate the attack, the report states. “Foreign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can,” Cuomo said, according to the New York Post. New York Attorney General Letitia James also opened an investigation following this morning’s news that lawmakers on both sides of the aisle have begun calling for Twitter to provide more transparency about how the attack was carried out. “Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders,” James said in a statement. “Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.” The attack, which involved hackers taking control of popular accounts with millions of followers to tweet out a bitcoin scam, was the work of a group of unknown individuals. Twitter now says the group used social engineering techniques of some type to gain control of internal company tools. Those tools allowed the hackers to gain access to the accounts, although Twitter has not specified how exactly this happened. In the aftermath of the account takeovers, which lasted for more than two hours, Twitter had to resort to extreme measures to mitigate the fallout, including disabling the ability for verified accounts to send new tweets and locking down all of the affected accounts and even some accounts that were not targeted by the hackers. The company is still working to restore access to locked accounts as of this afternoon. Motherboard reported yesterday that the hackers did not in fact breach any Twitter systems, but instead allegedly paid a Twitter employee to reset the email addresses associated with the affected accounts, thereby giving unauthorized access to the hackers who then tweeted out the cryptocurrency scam tweets. Twitter has not openly disputed this account of the event, but it is currently unclear how much, if any, of the story is an accurate representation of what happened. The company is still investigating and has not yet shared its full findings. The FBI opens investigation into Twitter attack over national security concerns
  17. from the because-why-not dept The Obama Administration was never a fan of leakers and whistleblowers. The Trump Administration isn't either. And it's continuing to ramp up investigations in response to a steady stream of leaks that tend to arrive moments after executive proclamations in order to undermine or contradict whatever has just been proclaimed. Fired company man Jeff Sessions thought the best plan to tackle leaks was prosecuting the recipients: journalists. Not really the best plan of action in a country with enshrined speech rights, but that's the way things are being done in the nation's capital. True to form, the DOJ has gone after leakers with a vengeance, threatening to rewrite all of Obama's personal prosecution records. The FBI is getting in on the action, according to a document obtained by Ken Klippenstein of The Young Turks. The word "espionage" is tossed around, but most of what the Trump Administration has dealt with has been embarrassing, rather than a concerted effort to hand secret documents over to our country's enemies. Nonetheless, hunting leakers is official FBI business. As Klippenstein notes, the obtained document [PDF] indicates Jeff Sessions was a man of words, rather than a man of action. The establishment of the unit -- meaning the point at which it started being funded -- didn't occur until May 2018. Sessions claimed in August 2017 the FBI already had a leak-fighting unit in place and that leak probes had already increased by 800%. Sessions' leak-targeting premature ejaculation may have been meant to scare government employees into keeping the feds' secrets. If so, it wasn't too effective. The rate of leaks has slowed from "daily," but there's no shortage of insiders willing to spill dirt on the chaotic White House to journalists. The government isn't opposed to leaks, per se. It just likes to ensure the narrative it wants to project makes its way to the public before the truth even gets its pants on. That hasn't worked for years, as the Obama Administration discovered prior to its war on leakers and whistleblowers. It's not going to work here either, but it does raise the odds the First Amendment is going to suffer for the sins our government fails to keep covered up. Source
  18. Nearly 13,000 FBI agents are working without pay during the government shutdown, and their advocates say that the resulting financial instability is a national security risk. The FBI Agents Association (FBIAA) wrote an open letter Jan. 10 urging policymakers to end the partial government shutdown, saying that missed debt payments could complicate agents' security clearance status and harm recruiting. The letter states that "financial security is a matter of national security." The bureau is funded under the Commerce, Justice and Science appropriation, and currently all FBI agents are working without pay. Overall, 87 percent of FBI employees are required to work during the shutdown. Like other exempt and essential workers, FBI agents are not being paid. Jan. 11 will mark the end of the first full two-week period in which most federal employees affected by the partial shutdown will miss their regular paycheck. Large debts have traditionally been a red flag for government employees going through background checks or applying for security clearances, because of the possibility that financial need could make those in debt vulnerable to compromise. Holding more than $7,000 in certain kinds of debt, such as credit card debt, would automatically trigger a separate background investigation of an individual by the government, according to comments made last year by William Evanina, director of the National Counterintelligence and Security Center. However, Evanina said the government was revisiting some of those guidelines, citing the increasing prevalence of debt in American life and a backlog of background investigations. "If you ask folks who do this for a living, they say, 'Well, we've never really rejected anybody's security clearance because of bad debt,'" Evanina said. "So why are we spending so much time on it?" Since then, the Office of the Director of National Intelligence confirmed to FCW in September 2018 that certain changes were made to the background investigations process following Evanina's comments but declined to offer more detail or specifics on any modifications. The FBIAA letter also argues that that the shutdown will hurt recruitment efforts at the bureau and push career officials to leave for more stable employment opportunities. "Special Agents are skilled professionals who have a variety of employment options in the private sector," the group writes. "The ongoing financial insecurity caused by the failure to fund the FBI could lead some FBI Agents to consider career options that provide more stability for their families." That statement tracks with broader concerns that some policymakers have expressed about the impact of the shutdown on government's efforts to recruit top IT and cybersecurity talent. Rep. Robin Kelly (D-Ill.) put out a statement Jan. 9 saying the government already "cannot compete on salary when it comes to recruiting [IT] talent" and relies on appeals to serve the public good to attract employees. Prolonged shutdowns greatly harm those efforts, she said. "How can we ever hope to recruit or maintain IT talent when hardworking government workers are told: 'sorry, you aren't getting paid, but you still need to come to work' or 'sorry, but no paycheck this week because of politics?'" said Kelly. "Large private sector companies never say this to their employees and these are our competitors when it comes to IT talent recruitment." Source
  19. A California judge has ruled that American cops can’t force people to unlock a mobile phone with their face or finger. The ruling goes further to protect people’s private lives from government searches than any before and is being hailed as a potentially landmark decision. Previously, U.S. judges had ruled that police were allowed to force unlock devices like Apple’s iPhone with biometrics, such as fingerprints, faces or irises. That was despite the fact feds weren’t permitted to force a suspect to divulge a passcode. But according to a ruling uncovered by Forbes, all logins are equal. The order came from the U.S. District Court for the Northern District of California in the denial of a search warrant for an unspecified property in Oakland. The warrant was filed as part of an investigation into a Facebook extortion crime, in which a victim was asked to pay up or have an “embarassing” video of them publicly released. The cops had some suspects in mind and wanted to raid their property. In doing so, the feds also wanted to open up any phone on the premises via facial recognition, a fingerprint or an iris. While the judge agreed that investigators had shown probable cause to search the property, they didn’t have the right to open all devices inside by forcing unlocks with biometric features. On the one hand, magistrate judge Kandis Westmore ruled the request was “overbroad” as it was “neither limited to a particular person nor a particular device.” But in a more significant part of the ruling, Judge Westmore declared that the government did not have the right, even with a warrant, to force suspects to incriminate themselves by unlocking their devices with their biological features. Previously, courts had decided biometric features, unlike passcodes, were not “testimonial.” That was because a suspect would have to willingly and verbally give up a passcode, which is not the case with biometrics. A password was therefore deemed testimony, but body parts were not, and so not granted Fifth Amendment protections against self-incrimination. That created a paradox: How could a passcode be treated differently to a finger or face, when any of the three could be used to unlock a device and expose a user’s private life? And that’s just what Westmore focused on in her ruling. Declaring that “technology is outpacing the law,” the judge wrote that fingerprints and face scans were not the same as “physical evidence” when considered in a context where those body features would be used to unlock a phone. “If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device,” the judge wrote. “The undersigned finds that a biometric feature is analogous to the 20 nonverbal, physiological responses elicited during a polygraph test, which are used to determine guilt or innocence, and are considered testimonial.” There were other ways the government could get access to relevant data in the Facebook extortion case “that do not trample on the Fifth Amendment,” Westmore added. They could, for instance, ask Facebook to provide Messenger communications, she suggested. Facebook has been willing to hand over such messages in a significant number of previous cases Forbes has reviewed. Law finally catching up with tech? Over recent years, the government has drawn criticism for its smartphone searches. In 2016, Forbes uncovered a search warrant not dissimilar to the one in California. Again in the Golden State, the feds wanted to go onto a premises and force unlock devices with fingerprints, regardless of what phones or who was inside. Andrew Crocker, senior staff attorney at the digital rights nonprofit Electronic Frontier Foundation, said the latest California ruling went a step further than he’d seen other courts go. In particular, Westmore observed alphanumeric passcodes and biometrics served the same purpose in unlocking phones. “While that’s a fairly novel conclusion, it’s important that courts are beginning to look at these issues on their own terms,” Crocker told Forbes. “In its recent decisions, the Supreme Court has made clear that digital searches raise serious privacy concerns that did not exist in the age of physical searches—a full forensic search of a cellphone reveals far more than a patdown of a suspect’s pockets during an arrest for example.” The magistrate judge decision could, of course, be overturned by a district court judge, as happened in Illinois in 2017 with a similar ruling. The best advice for anyone concerned about government overreach into their smartphones: Stick to a strong alphanumeric passcode that you won’t be compelled to disclose. Source
  20. from the making-life-miserable-for-citizens-just-because dept Security researcher Justin Shafer The government isn't done jerking around security researcher Justin Shafer quite yet. Shafer came across a bunch of dental patient information in an improperly secured database. This discovery led to the FTC levying a $250,000 fine against the software provider, Schein, for falsely portraying its faux encryption as actual encryption. After notifying affected parties, Shafer was thanked for his help with a raid by FBI agents. This happened days after the FTC announced its settlement with Schein. FBI agents dragged Shafer outside of his house in his boxers at 6:30 in the morning and took every electronic device in the house except for his wife's phone. His children were awakened by shouting men pointing guns at their parents. This wasn't the only time Shafer was raided. He was raided once more, again for suspicions he was engaged in illegal hacking, this time allegedly in conjunction with TheDarkOverlord. Neither of these two raids resulted in anything more than a bunch of seized electronics and Shafer's family being taught to fear, if not hate, federal agents. No charges were brought as the result of these two raids. This second raid led to Shafer directing his anger at the agent who had secured the search warrant, Special Agent Nathan Hopp. Following this raid, Shafer tracked down Hopp and Hopp's wife via social media, engaging a series of unwise (but not actually threatening) confrontations with the agent's wife. In one message to her, he implored SA Hopp's wife to return video recordings of his children, which had been seized along with everything else. This led to a third raid by FBI agents -- this time in response to Shafer's alleged "threats." Shafer was released on bail, but quickly sent back to jail after he vented about his treatment by the FBI in an ill-advised blog post. Shafer spent eight months in jail before finally being released. The DOJ pursued a superseding indictment, most likely because its original indictment failed to impress the judge presiding over Shafer's case. The situation got even more petty and bizarre when the DOJ demanded Twitter hand over info of all accounts engaged in a conversation about Special Agent Hopp -- one that culminated in Justin Shafer delivering an apparently threatening smiley face emoji. Most of the convo participants were easily identified, making this weird flex by the DOJ a vulgar display of stupidity and vindictiveness. Last March, the cavalcade of petty stupidity finally came to a close. Well, almost. Shafer signed a plea agreement with the DOJ, pleading guilty to a single count of retaliating against a federal official. (The FBI's multiple acts of retaliation against Shafer are apparently within the bounds of the law…) Shafer has finished his probation and done everything he's supposed to, but the government isn't holding up its end of the bargain. According to his plea agreement [PDF], the government could choose to seize one specific set of data. Under "Financial Obligations," the plea agreement specifies: The FBI has so far refused to return anything to Justin Shafer. The hard drives containing leaked patient data also contained more than 250 family videos. The FBI has made no move to forfeit anything else it seized. It has also said it will meet with Shafer to delete the patient information he downloaded during his security research. But ten months after broaching the subject, the FBI hasn't set a date for returning Shafer's personal files that were swept up along with the data the FBI sought. On top of that, the court never ordered the forfeiture of the leaked patient data, so the FBI technically can't even keep that. Understandably, the feds may move for forfeiture of this specific data if Shafer tries to get it back, but for now, it doesn't really have any legal basis to hold onto anything it seized during the May 2016 raid that started the ball rolling on this debacle. The FBI should have returned everything it wasn't authorized to keep once it had a signed plea deal in hand. It has no use for anything found on any of the seized devices, especially since it undoubtedly knows where to find and remove the patient data the court says Shafer shouldn't have back. But ten months later, it has made no move to return the files it seized, which include 250 family videos of no possible interest to the FBI. There's no reason the FBI can't just hand over everything but the patient data without making Shafer and his legal rep jump through a bunch of hopps hoops. But it seems the FBI isn't through with Shafer. Given the history on display here, the lack of forward motion by the agency that raided Shafer's home three times but only managed to walk away with single (bullshit) count of retaliation via threatening a family member (read the law and the indictment to see why this charge is bullshit) can only be seen as vindictive. The entire picture is ugly: reported data breaches were treated as criminal acts by an agent with too much free time and a vivid imagination. When his (repeated) target lashed out, the DOJ expanded past its fantasies of a Shafer-DarkOverlord partnership to punish Shafer for stupid, but not truly threatening, internet activities. Now it's sitting on his personal belongings because it can, not because it needs to. Source
  21. The DOJ, FBI, and US Air Force to contact victims infected with the Joanap malware. The US Department of Justice announced today an effort to take down Joanap, a botnet built and operated by North Korea's elite hacker units. Efforts to disrupt the botnet have been underway for several months already, based on a court order and search warrant that the DOJ obtained in October 2018. Based on these court documents, the FBI's Los Angeles Field Office and the US Air Force Office of Special Investigations (AFOSI) have been operating servers mimicking infected computers part of the botnet, and silently mapping other infected hosts. This was possible because of the way the Joanap botnet was built, relying on a peer-to-peer (P2P) communications system where infected hosts relay commands introduced in the botnet's network from one to another, instead of reporting to one central command-and-control server. Now, after months of mapping fellow infected hosts, the DOJ says it plans to notify victims, directly and through their internet service providers, in an effort to have these systems disinfected, and indirectly disrupt one of North Korea's oldest cyber-weapons. The DOJ's effort today is a natural step in its process of countering the North Korean cyber threat after last fall US authorities charged a man they believed was part of North Korea's hacking units. The Joanap botnet is one of the tools North Korean hackers used many times in the past, which made it a prime target for the DOJ's takedown efforts. According to a Department of Homeland Security alert published in May 2018, and according to reports from cyber-security vendors, the Joanap botnet has been around since 2009, and has been built using a combination of two malware strains. The first is the Brambul malware, a SMB worm that spreads from Windows PC to other Windows PCs by brute-forcing Server Message Block (SMB) services running on remote computers using a list of common passwords. Once on an infected host, the Brambul worm downloads another malware strain, the Joanap backdoor, and then moves on to scan for other computes to infect. The Joanap backdoor trojan can download, upload, or execute files, manage local processes, and start a proxy to relay malicious traffic through the infected host. The Joanap botnet is the network of computers infected with this very potent and feature-rich backdoor. "Through this operation, we are working to eradicate the threat that North Korea state hackers pose to the confidentiality, integrity, and availability of data," said Assistant Attorney General for National Security John Demers. "This operation is another example of the Justice Department's efforts to use every tool at our disposal to disrupt national security threat actors." Source
  22. In recent years, the federal government has significantly ramped up its efforts to monitor people on social media. The FBI, for one, has repeatedly acknowledged that it engages in surveillance of social media posts. So it was surprising when the bureau responded to our Freedom of Information Act request on this kind of surveillance by saying that it “can neither confirm nor deny the existence of records.” The six other federal agencies we submitted the FOIA request to haven’t produced a single document. The request, filed last May, seeks information on how the agencies collect and analyze posts from Facebook, Twitter, and other social media sites. Today we sued the agencies to get some answers, because the public has a right to know about the exact nature of social media surveillance — especially whether agencies are monitoring and retaining social media posts, or using surveillance products that label activists and people of color as threats to public safety based on their First Amendment-protected activities. Based on what little information is publicly available, it’s clear that the federal government routinely tracks domestic social media users, with a particular focus on immigrants. For example, according to official government websites, the FBI has sought to create an application that would enable it to “instantly search and monitor” information on social media platforms. It completed detailed documentation stating that it intended to contract with Dataminr, a data analytics and machine-learning vendor that we previously called out for sharing data with federal “fusion centers,” to obtain “the mission critical social media monitoring needed by the FBI.” And it contracted with Pen-Link, another big data analytics firm, for “software that parses and analyzes social media data.” Meanwhile, the State Department has announced plans to collect usernames from nearly all of the 14.7 million people who annually apply for work or tourist visas. And the Department of Homeland Security and its agencies have repeatedly expanded their manual and automated social media surveillance in efforts that include the misguided “extreme vetting initiative.” Federal law enforcement surveillance of social media associated with Black Lives Matter has already been exposed, continuing a decades-long pattern of government monitoring of minority activists and communities. The government could be using commercial surveillance software to conduct this surveillance: Documents obtained by the ACLU of Northern California in 2016 revealed how companies marketing this software had built products specifically for law enforcement monitoring. The disclosure of the documents resulted in policy changes from Twitter and Facebook. Social media surveillance raises a number of red flags. First, it discourages people from speaking freely — a phenomenon that research and studies bear out. Indeed, in its letter responding to our FOIA request, the FBI said that simply acknowledging its use of social media surveillance would “risk circumvention of the law.” The bureau seems to be saying that if people knew that the government is monitoring what they’re saying on social media, they’d be less likely to say it. That looks like an admission of the chilling effect that the First Amendment aims to prevent. But because almost all online speech is lawful, it doesn’t make sense to argue that social media users are “circumventing” the law if they limit what they say online. Aside from chilling expression, government monitoring of social media raises the risk that innocent people will be wrongly investigated or put on government watchlists based on that speech. It’s clear from already public information that all of the agencies we’re targeting in our FOIA lawsuit engage in manual and automated surveillance of social media users and their speech, and it’s unacceptable for the government to withhold details about this domestic spying. The public needs to know how the government is watching us — and we shouldn’t have to think about self-censoring what we say online. Source
  23. The Federal Bureau of Investigation is refusing to make public any records it has amassed on whistleblower Chelsea Manning, even though the former U.S. Army intelligence analyst waived her rights under the Privacy Act and requested in a letter that her more-than-8,000 page file be released. Photo: Whistle blower and activist Chelsea Manning, in what she said is her first trip outside of the United States since she was released from a U.S. prison, speaks at the annual re:publica conferences on their opening day on May 2, 2018 in Berlin, Germany. In response to a Freedom of Information/Privacy Act request, the FBI stated the records were considered exempt from disclosure because their release could reasonably be expected to interfere with ongoing law enforcement proceedings. While the bureau’s explanation for withholding the records offers no other details about the investigation to which they apparently pertain, it suggests that Manning’s files may be central to the U.S. government investigation of WikiLeaks founder Julian Assange, who has been charged under seal by prosecutors in the Eastern District of Virginia. The Federal Bureau of Investigation is refusing to make public any records it has amassed on whistleblower Chelsea Manning, even though the former U.S. Army intelligence analyst waived her rights under the Privacy Act and requested in a letter that her more-than-8,000 page file be released. In response to a Freedom of Information/Privacy Act request, the FBI stated the records were considered exempt from disclosure because their release could reasonably be expected to interfere with ongoing law enforcement proceedings. While the bureau’s explanation for withholding the records offers no other details about the investigation to which they apparently pertain, it suggests that Manning’s files may be central to the U.S. government investigation of WikiLeaks founder Julian Assange, who has been charged under seal by prosecutors in the Eastern District of Virginia. While agency letters responding to FOIA requests are generally standardized and, internally, aren’t considered “official statements” on behalf of an agency, the FBI’s rejection of the request—and Manning’s appearance last month before a federal grand jury in Virginia—appear to lend credibility to anonymous sources in the Washington Post, who’ve claimed the case against Assange is unrelated to events surrounding the 2016 U.S. presidential election. The fact that the FBI has assessed that releasing Manning’s files would likely interfere with enforcement proceedings could indicate that her 2010 disclosure of classified material to WikiLeaks plays a larger role in the Assange case than previously reported. Manning, who would later apologize for her actions in court, admitted to leaking more than 725,000 classified U.S. government documents to WikiLeaks following her deployment to Iraq in 2009, including diplomatic cables, battlefield reports, and five Guantanamo Bay detainee profiles. Among other reasons, she cited the “seemingly delightful bloodlust” of U.S. aerial weapons teams as a primary motivation for the leak, in addition to the military’s collaboration with Iraqi authorities, which she claimed intelligence reports showed had employed torture against political dissidents. This leak included the now-infamous footage of two Apache helicopters directing cannon fire onto a crowd of 10 men in Baghdad, including two Iraqi war correspondents, whom the gunners can be referring to as “dead bastards.” Manning likened the soliders’ behavior in court to children “torturing ants with a magnifying glass.” Ultimately, Manning was only charged with leaking portions of 227 classified documents, among them 44 diplomatic cables that have since been declassified. A Defense Intelligence Agency review later determined the leak posed only a moderate to low risk to national security. The FOIA request for her FBI file was issued through the MuckRock website by national security reporter Emma Best, a member of the journalistic group Distributed Denial of Secrets, which aims to publish secretive material WikiLeaks declines to host, including, most recently, a large batch of emails from Russian officials. (Best has also contributed reporting on WikiLeaks for Gizmodo.) A Privacy Act waiver signed by Chelsea Manning in September 2018. Manning has been jailed in Virginia since March 8 for refusing to answer a federal grand jury’s questions about her association with WikiLeaks—though not entirely out of loyalty to WikiLeaks or Assange himself. Manning and her supporters say she opposes the use of grand juries on principle, calling them a “secretive and oppressive process” that has been used “historically to entrap and persecute activists for protected political speech.” Manning’s attorneys have asked the Fourth Circuit Court of Appeals to release her from jail pending her appeal, saying the District Court failed to consider her arguments against being forced to testify. After her arrest, she was held in solitary confinement—or what the jailers call administrative segregation—for 28 days. She was placed with the jail’s general population on April 4. Source
  24. Department of Justice report highlights several problems with the FBI's automated breach notifications. The Federal Bureau of Investigations does a poor job at notifying victims of a cyber-attack, a US government report released earlier this week concluded. FBI notifications arrive either too late or contain insufficient information for victims to take action, a report from the Department of Justice's Office of the Inspector General (DOJ-OIG) has concluded. The report analyzed Cyber Guardian, an FBI application for storing information about tips and ongoing investigations. The system also allows agents to enter details about suspected victims, which Cyber Guardian can later notify via automated messages. But the DOJ-OIG report said FBI agents are not using the system as it is intended. FBI agents not using the system as designed For example, interviews with 31 agents revealed that 29 entered victim information in a lead category called "Action," rather than the standard "Victim Notification." Action-labeled leads are treated as active investigations and don't necessarily trigger immediate breach notification emails, as standard entries in the Victim Notification category would do. By the time agents finish an Action-labelled investigation, victims lose crucial time during which they could have learned of the breach and taken protecting actions. Furthermore, the DOJ-OIG audit also found that FBI agents often made mistakes when filling in victim information. Investigators found typos, incorrect dates, and errors in classifying the incident's severity. Breach notifications varied in quality The report also revealed that victims notifications also varied in quality, which investigators attributed to the FBI agent entering the data. Some agents were very descriptive about the incidents they logged in Cyber Guardian, leading to victims receiving useful notifications containing IP addresses linked to the malicious activity, date ranges, and instructions to deal with the attack's aftermath. On the other hand, some agents provided very few details. According to the DOJ-OIG report, many of these incomplete notifications were created by the same agents, an aspect that investigators said could be corrected through better training. Auditors also found that the breach notification process, overall, could also be improved if the FBI cooperated with other agencies and allowed these agencies to enter data in Cyber Guardian as well, which should help enrich the quality of some notifications. As a last observation, the DOJ-OIG also found that the FBI also failed to notify victims of their rights under the Attorney General Guidelines for Victim and Witness Assistance, a document about the rights and legal recourse victims are entitled to. "The FBI is developing a new system called CyNERGY to replace Cyber Guardian and, although we were unable to test the system," the DOJ-OIG said. "We believe that if CyNERGY operates as intended, it could provide improvements to the current system." Source
  25. The Federal Bureau of Investigation is soliciting technology firms to build a tool that can monitor social media for threats. The agency posted a request for proposals on July 8 claiming it wants a “social media early alerting tool,” that will help it track the use of the platforms by terrorists, criminal organizations, and foreign agencies. “With increased use of social media platforms by subjects of current FBI investigations and individuals that pose a threat to the United States, it is critical to obtain a service which will allow the FBI to identify relevant information from Twitter, Facebook, Instagram, and other social media platforms in a timely fashion,” the request reads. “Consequently, the FBI needs near real-time access to a full range of social media exchanges in order to obtain the most current information available in furtherance of its law enforcement and intelligence missions.” The solicitation was first reported on by Defense One. The documents released by the FBI show that the agency plans to have a tool that can be accessed from all FBI headquarters and field offices, or through FBI-issued mobile devices. The tool would allow FBI agents to access people’s email addresses, phone numbers IP addresses, user IDs, and associated accounts. It would also allow agents to create filters and custom alerts, so they can receive notifications when “mission-relevant” activity happens on social media. As CNN points out, in 2016 the FBI announced it was using a Dataminr tool to “search the complete Twitter firehose, in near real-time, using customizable filters.” During a recent speech at the International Conference on Cyber Security—a couple of weeks after the request was posted—Attorney General William Barr told tech companies that they must allow law enforcement to gain access to encrypted messages of criminals and suspected criminals. Later at the same conference, FBI director Christopher Wray said he strongly agreed with Barr on this matter. In the wake of many recent acts of terrorism and mass shootings, the suspects’ social media activity, which sometimes includes online manifestos, have been assessed by law enforcement and the greater public. So it’s no surprise that there is growing interest within government agencies to track this activity in real-time but one of the biggest questions is whether social media companies will offer their help in the FBI’s mission to figuratively plant the biggest wiretap of all time. We’ve reached out to Facebook, Twitter, and Instagram to ask for comment and we’ll update this post when we receive a reply. The FBI’s social media tool solicitation claims the service must ensure “all privacy and civil liberties compliance requirements are met,” but there’s no doubt this push will further erode privacy and put anyone with a social media account at greater risk of data breaches. Source
  • Create New...