Jump to content

Search the Community

Showing results for tags 'feds'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 14 results

  1. The Department of Justice has brought charges against the president of a Silicon Valley-based pharmaceutical firm, Arrayit, alleging a scheme to profiteer off the coronavirus pandemic with a shoddy covid-19 test it tried to bundle with an expensive, unrelated allergen finger stick test. The DOJ said the charges are its first securities fraud case brought in relation to the pandemic, though elements of the alleged wrongdoing call to mind the Theranos debacle. Per the Washington Post, prosecutors allege that Mark Schena committed securities fraud and conspiracy to commit health-care fraud, charges that potentially carry a combined sentence of up to 30 years in prison and fines of over $5 million. A criminal complaint filed with the U.S. District Court of the Northern District of California and signed by U.S. Postal Service inspector Anna Hallstrom claims that Schena used “kickbacks and bribes to recruiters and doctors” to bill Medicare providers and private insurers for its “expensive and medically unnecessary” allergen tests, as well as made false claims about its coronavirus testing capabilities to pump Arrayit stock. Schena also allegedly sent investors massively inflated figures on the financial health of the company in order to “justify hundreds of millions of dollars in production.” The complaint alleges that in March 2020, Schena began emailing clinics saying that Arrayit had developed a test for the novel coronavirus based on “advanced Silicon Valley technology and finger stick blood collection,” sparking increases in its stock price. It goes on to say that “In reality, Arrayit had not developed, validated, or produced a test at that time,” and the Food and Drug Administration informed the company in April that the test it did eventually produce fell short of standards necessary to secure an emergency use authorization. Arrayit also launched an extensive online promotional campaign on social networks like Facebook to promote the bundling of the covid-19 test with the allergen one, according to the complaint, falsely claiming that the nation’s top medical officials had endorsed using finger pinprick tests to separate symptoms of the coronavirus from those of allergies. In March, before the FDA declined to approve Arrayit’s test, the value of the company’s stock doubled from two cents to four cents. (According to previous reporting, the Securities and Exchange Commission halted trading in Arrayit stock for two weeks on April 13, saying the company hadn’t filed financial reports since 2015.) In total, prosecutors say that Schena and others affiliated with the company submitted nearly $69 million in false and fraudulent claims, the San Francisco Chronicle reported. Of that, some $5.9 million was billed to Medicare. Schena wasn’t very lucky in collecting, however, allegedly netting over $2 million from private insurers and around $290,000 from Medicare. The coronavirus test never actually made it to market, despite Schena allegedly claiming that bundling it with the allergen tests would be as easy as “a pastry chef” moving from “strawberry pies” to “rhubarb and strawberry pies.” The complaint says that after lying to investors about demand for the coronavirus tests, Schena never actually told them of the failure to reach “viability or availability.” Evidence of Arrayit’s promotional campaigns remain online; a Twitter account associated with the company claimed in 2019 their allergen test was “endorsed by top television and Internet celebrity” Jake Paul, complete with a photo of him jewelry-clad and grasping another YouTuber’s buttocks. (Paul has since moved on to, err, other endeavors.) Theranos, another company that claimed to have developed next-generation finger pinprick blood tests, famously imploded after it was revealed that their blood testing machines didn’t work and the company was diluting samples to keep up the appearance of a functional company. Theranos, however, achieved a peak valuation of $10 billion on some $700 million in funding. Founder Elizabeth Holmes and former president Ramesh “Sunny” Balwani have managed to have some charges dismissed but are still facing nine counts of wire fraud. Arrayit actually referred to Theranos in a 2015 Facebook post, claiming its own technology was far better. Facebook The Post said several attempts to reach Arrayit or Schena for comment were “unsuccessful.” “Investigating COVID-19 fraud scams billed to federal health programs—such as those charged here—are a top priority for our agency,” Steven Ryan, the special agent in charge at the Department of Health and Human Services inspector general’s office, told the Mercury News in a statement. “The ongoing public health crisis has spawned a rash of fraudulent schemes; therefore, we will continue working with law enforcement partners to protect beneficiaries, programs and taxpayers.” As of Tuesday evening, a tracker on the Johns Hopkins University School of Medicine website listed nearly two million confirmed cases of the coronavirus in the U.S., with nearly 112,000 deaths. The tracker listed over 7.2 million cases confirmed globally, resulting in over 411,000 deaths. Source
  2. James Baugh, David Harville hit with several new counts Two senior eBay executives who have refused to join their colleagues and plead guilty to charges of cyberstalking have been hit with a string of fresh charges. James Baugh, 45, was eBay senior director of safety and security, and David Harville, 48, was its director of global resiliency when they were arrested back in June, along with four other eBay employees accused of stalking and intimidating a married couple who published a newsletter for the ecommerce industry that was critical of eBay. Both Baugh and Harville were charged with conspiracy to commit cyberstalking and conspiracy to tamper with witnesses. But despite their colleagues admitting waging a campaign against the couple – which included sending disturbing items such as a preserved fetal pig, a bloody pig Halloween mask and a book on surviving the loss of a spouse to their home address – both execs maintain they are innocent. his week, American prosecutors hit the duo a series of new counts: five new cyberstalking counts; two counts of witness tampering for Baugh and one for Harville; and two new counts of destruction, alteration, and falsification of records in a federal investigation for Baugh, one for Harville. The pair are accused of carrying out the worst part of the campaign against the couple, including driving to their home in Massachusetts and planning to break into their garage in order to place a GPS tracking device on their car. Prosecutors also allege that they bought tools to break into the garage and carried with them false documents stating that they were investigating the couple for threatening eBay executives in case they were apprehended by the cops while breaking in. Enter the cops The couple said they spotted the two eBay staffers watching their house, and called the police, who opened an investigation. The harassment campaign against the couple also included sending public and private messages over social media that attacked their newsletter and threatened to turn up at their house. The latest indictment alleges Baugh ran meetings to plan the campaign, and led the effort to create a cover story that the couple had threatened eBay’s CEO. It's also claimed Baugh posed as the husband of another eBay employee involved in the pressure campaign when they met a police detective in the lobby of Boston’s Ritz Carlton hotel as part of the cops' probe into the stalking. With the police on their tail, Baugh and Harville tried to hide their involvement by lying to an eBay investigator and deleting evidence on their company cell phones, it is alleged. If found guilty, the pair face a hefty jail sentence: the charges of conspiracy to commit stalking and stalking each carry a sentence of up to five years in prison, three years of supervised release, a fine of up to $250,000, and restitution. The charges of witness tampering and destruction, alteration and fabrication of records in a federal investigation each carry a sentence of up to 20 years in prison, three years of supervised release, a fine of up to $250,000, and restitution. Source
  3. Federal investigators are looking into whether the mass submission of millions of fraudulent letters on net neutrality to the Federal Communications Commission’s digital comment system was a crime as part of a Department of Justice investigation, BuzzFeed News reported on Saturday. FCC chair Ajit Pai. Federal investigators are looking into whether the mass submission of millions of fraudulent letters on net neutrality to the Federal Communications Commission’s digital comment system was a crime as part of a Department of Justice investigation, BuzzFeed News reported on Saturday. According to BuzzFeed’s report, two organizations who had previously received subpoenas stemming from a separate New York attorney general’s office investigation confirmed that they had received new subpoenas from the FBI: At issue are millions of public comments that were submitted to the FCC—as mandated by law—regarding what was at the time the agency’s proposal to roll back Barack Obama-era net neutrality rules. Over 22 million comments were submitted; while estimates of how many were either fakes (widely reported to have involved mass identity fraud using real names), duplicates, or bulk-submitted form letters vary, there is general agreement that the vast majority were not uniquely written letters. One study by a Stanford University researcher, Ryan Singel, found that there were only 800,000 unique comments, of which 99.7 percent were opposed to rolling back the rules. For months, the FCC also insisted that the commenting system had been subjected to a cyber attack, with chairman and Donald Trump appointee Ajit Pai only later admitting that one never occurred—leading to speculation Pai had deliberately spread a fake story to downplay the volume of comments in support of net neutrality. Despite polls showing massive public opposition to the regulatory rollback and outcry from numerous tech companies, telecoms that potentially stand to make a lot of money from less regulation were very much in favor of it. FCC commissioners voted last year to eliminate the rules in a 3-2 vote that fell squarely along party lines (with three Republicans in support and two Democrats in opposition), though attorneys general in 22 states and Washington, DC, as well as consumer groups and web company Mozilla, are suing to reverse the decision. The fiasco surrounding the comment system has similarly not gone away. In October, the New York Times reported that New York state officials had subpoenaed “more than a dozen telecommunications trade groups, lobbying contractors and Washington advocacy organizations” as part of the attorney general’s investigation. That number included groups both in support of and opposed to the rollback, though most of the subpoenas were directed at groups in favor of Pai’s agenda. According to the BuzzFeed report, the offices of the Massachusetts and Washington, DC attorneys general have also issued subpoenas and are supporting the New York inquiry: Earlier this week, the FCC refused to release server logs related to the incident to BuzzFeed News and the New York Times, both of which had submitted Freedom of Information Act (FOIA) requests for the records. A separate legal battle between the FCC and journalist Jason Prechtel ended several months ago with a judge ruling the agency must meet with him to release emails used to submit the bulk comments. However, Prechtel did not get the court to order the release of server logs or unredacted versions of emails between FCC officials and “advocacy services” firm CQ Roll Call that appear to show the FCC assisting in the upload of bulk comments on behalf of unidentified CQ Roll Call clients. (As Prechtel noted on Medium, the firm asked the FCC for assistance “before [the FCC order repealing net neutrality] was even formally announced.”) “What is the Federal Communications Commission hiding?” FCC Commissioner Jessica Rosenworcel wrote in a March 2018 op-ed. “While millions of Americans sought to inform the FCC process by filing comments and sharing their deeply-held opinions about internet openness, millions of other filings in the net neutrality docket appear to be the product of fraud. As many as nine and a half million people had their identities stolen and used to file fake comments, which is a crime under both federal and state laws.” Source
  4. With signs that the New York trial of notorious Mexican drug lord and alleged mass murderer Joaquín “El Chapo” Guzmán is entering its end phase, prosecutors on Tuesday played copies of what they said were audio recordings of Guzmán the FBI obtained “after they infiltrated his encrypted messaging system” with the help of Colombian and former cartel systems engineer Cristian Rodriguez, Reuters reported. As has been previously reported by Vice, Colombian drug lord Jorge Cifuentes testified that Rodriguez had forgot to renew a license key critical to the communications network of Guzmán’s Sinaloa Cartel in September 2010, forcing cartel leaders to temporarily rely on conventional cell phones. Cifuentes told the court he considered Rodriguez “an irresponsible person” who had compromised their security, with a terse phone call played by prosecutors showing Cifuentes warned the subordinate he was in “charge of the system always working.” But on Tuesday it was revealed that the FBI had lured Rodriguez into a meeting with an agent posing as a potential customer much earlier, in February 2010, according to a report in the New York Times. Later, they flipped Rodriguez, having him transfer servers from Canada to the Netherlands in a move masked as an upgrade. During that process, Rodriguez slipped investigators the network’s encryption keys. The communications system ran over Voice over Internet Protocol (VoIP), with only cartel members able to access it. Getting through its encryption gave authorities access to roughly 1,500 of Guzmán’s and other cartel members’ calls from April 2011 to January 2012, the Times wrote, with FBI agents able to identify ones placed by the drug lord by “comparing the high-pitched, nasal voice on the calls with other recordings of the kingpin, including a video interview he gave to Rolling Stone in October 2015.” Reuters wrote that one of the calls involved a discussion between Guzmán and an associate where he cautioned against angering the police: Other parts of the calls Times reporter Alan Feuer detailed on Twitter included recordings of Guzmán discussing how a subordinate could avoid murdering “innocent people,” ordering around an allegedly bribed Federal Ministerial Police commander, and referring to other government officials under his influence including an unknown “governor.” (Feuer added that Rodriguez is expected to testify at the trial, with court docs describing a witness matching his description who suffered “a nervous breakdown” from stress.) Amid the accounts of corruption, murder, and drug smuggling, Vice News’ Keegan Hamilton wrote on Twitter, there was a brief moment of levity when lights in the courtroom went out. When the electricity returned, someone shouted “He’s gone!”, referring to Guzmán’s habit of escaping from prison. “Everybody laughed, except maybe the U.S. Marshals,” Hamilton wrote. More At:[Reuters/New York Times/Rolling Stone] Source
  5. Own a rifle? Got a scope to go with it? The government might soon know who you are, where you live and how to reach you. That’s because Apple and Google have been ordered by the U.S. government to hand over names, phone numbers and other identifying data of at least 10,000 users of a single gun scope app, Forbes has discovered. It's an unprecedented move: never before has a case been disclosed in which American investigators demanded personal data of users of a single app from Apple and Google. And never has an order been made public where the feds have asked the Silicon Valley giants for info on so many thousands of people in one go. According to a court order filed by the Department of Justice (DOJ) on 5 September, investigators want information on users of Obsidian 4, a tool used to control rifle scopes made by night vision specialist American Technologies Network Corp. The app allows gun owners to get a live stream, take video and calibrate their gun scope from an Android or iPhone device. According to the Google Play page for Obsidian 4, it has more than 10,000 downloads. Apple doesn't provide download numbers, so it's unclear how many iPhone owners have been swept up in this latest government data grab. If Apple and Google decide to hand over the information, it could include data on thousands of innocent people who have nothing to do with the crimes being investigated, privacy activists warned. Edin Omanovic, lead on Privacy International's State Surveillance programme, said the order would set a dangerous precedent and scoop up “huge amounts of innocent people’s personal data.” “Such orders need to be based on suspicion and be particularized - this is neither,” Omanovic added Neither Apple nor Google had responded to a request for comment at the time of publication. ATN, the scope maker, also hadn't responded. Why the data grab? The Immigration and Customs Enforcement (ICE) department is seeking information as part of a broad investigation into possible breaches of weapons export regulations. It's looking into illegal exports of ATN's scope, though the company itself isn't under investigation, according to the order. As part of that, investigators are looking for a quick way to find out where the app is in use, as that will likely indicate where the hardware has been shipped. ICE has repeatedly intercepted illegal shipments of the scope, which is controlled under the International Traffic in Arms Regulation (ITAR), according to the government court filing. They included shipments to Canada, the Netherlands and Hong Kong where the necessary licenses hadn't been obtained. "This pattern of unlawful, attempted exports of this rifle scope in combination with the manner in which the ATN Obsidian 4 application is paired with this scope manufactured by Company A supports the conclusion that the information requested herein will assist the government in identifying networks engaged in the unlawful export of this rifle scope through identifying end users located in countries to which export of this item is restricted," the government order reads. (The order was supposed to have been sealed, but Forbes obtained it before the document was hidden from public view). It's unclear just whom ICE is investigating. No public charges have been filed related to the company or resellers of its weapons tools. Reports online have claimed ATN scopes were being used by the Taliban. Apple and Google have been told to hand over not just the names of anyone who downloaded the scope app from August 1 2017 to the current date, but their telephone numbers and IP addresses too, which could be used to determine the location of the user. The government also wants to know when users were operating the app. Innocents ensnared The request is undeniably broad and would likely include all users of the app within America, not just users abroad who might indicate illegal shipments of the gun appendage. Tor Ekeland, a privacy focused lawyer, said it amounted to a "fishing expedition." (The DOJ hadn’t responded to a request for comment at the time of publication). "The danger is the government will go on this fishing expedition and they'll see information unrelated to what they weren't looking for adn go after someone for something else," Ekeland said. He said there's a long history of that kind of behavior from the U.S. government. And he warned that the government could apply this demand to other types of app, such as dating or health apps. "There's a more profound issue here with the government able to vacuum up a vast amount of data on people they have no reason to suspect have committed any crime. They don't have any probable cause to investigate but they're getting access to data on them," Ekeland added. Even those who've worked in government surveillance were stunned by the order. "The idea that this data will only be used for pursuing ITAR violations is almost laughable," warned Jake Williams, a former NSA analyst and now a cybersecurity consultant at Rendition Infosec. "Google and Apple should definitely fight these requests as they represent a very slippery slope. This type of bulk data grab is seriously concerning for a number of reasons, not the least of which is that the download of an application does not automatically imply the 'intended use' of the application. For instance, researchers often bulk download applications looking for interesting vulnerabilities." He said that if the request was granted it may also have a "serious chilling effect on how people use the Google and Android app stores." "The idea that Google could be compelled to turn over, in secret, all of my identifiers and session data in its possession because I downloaded an application for research is such a broad overreach it's ridiculous." Source
  6. Another reverse location search warrant On October 13th, 2018, two men walked into a Great Midwest Bank in a suburban strip mall outside Milwaukee. They were the first two customers when the bank opened, barely recognizable behind sunglasses and heavy beards — but it soon became clear what they were after. One man jumped onto the teller counter and pulled out a handgun, throwing down a garbage bag for the tellers to fill with money. They left the bank at 9:09AM, just seven minutes after they entered, carrying the bag full of cash, three drawers from the vault and teller station, and the keys to the bank vault itself. In the months since, police and federal agents have struggled to track down the bank robbers. Local media sent out pictures from the bank’s security cameras, but it produced no leads. Finally, police hit on a more aggressive strategy: ask Google to track down the bank robbers’ phones. A still from security camera footage of the robbers In November, agents served Google with a search warrant, asking for data that would identify any Google user who had been within 100 feet of the bank during a half-hour block of time around the robbery. They were looking for the two men who had gone into the bank, as well as the driver who dropped off and picked up the crew, and would potentially be caught up in the same dragnet. It was an aggressive technique, scooping up every Android phone in the area and trusting police to find the right suspects in the mess of resulting data. But the court found it entirely legal, and it was returned as executed shortly after. That kind of warrant, known as a reverse location search, has become increasingly common in recent years. More than 20 such warrants have been served in Minnesota, and at least one similar case came to light in North Carolina. Most controversially, the technique was used to identify suspects after a Proud Boy rally-turned-riot in midtown Manhattan last year. In each case, police weren’t tracking the location of a specific suspect — where normal standards of reasonable suspicion would apply — but instead pulling the names of every individual who had been in the vicinity when a crime took place. For civil liberties groups, it’s a dangerous and potentially unconstitutional overreach of police power. But those concerns haven’t been enough to keep police from filing reverse location search warrants when a case runs dry, or to convince judges to reject them. In the Wisconsin case, it’s not clear how useful that technique actually was. When The Verge reached out to the FBI’s Milwaukee division to ask if any charges had been brought, officers said the case was ongoing and they could not provide any additional information as a result. With nearly a year elapsed since the warrant was served, that suggests this particular reverse location search may not have been as fruitful as investigators hoped. Groups like EFF have a lot of problems with this kind of search, particularly that it cuts against a Supreme Court precedent that treats location data as “an intimate window into a person’s life.” But the biggest gripe is the simple success rate: in the Wisconsin case, police asked for a dragnet that could produce that sensitive location data for dozens of people — but if the bank robbers weren’t using Google Maps or just left their phones at home, they wouldn’t show up in that search. For civil libertarians, that looks like a whole lot of suspicionless searches and nothing to show for it. Source
  7. from the get-what-you-can-instead-of-dreaming-about-an-all-access-pass dept CSIS (Center for Strategic and International Studies) has just released another report [PDF] on device encryption. But there's a difference: this one isn't so much about encryption but what law enforcement isn't doing to access the wealth of digital data available to it. (h/t Robyn Greene) What CSIS found is there are plenty of powerful tools and options available. The problem -- especially at the local level -- is law enforcement appears to be unsure of how to proceed when seeking digital data. This results in a couple of problems, the latter of which has definite civil liberties implications. Following closely after that is the difficulty of obtaining data and evidence from service providers if agencies do manage to narrow down where it's located. While there are a variety of federal resources available to train and educate law enforcement investigators about seeking digital evidence, they're underfunded and underutilized. This lack of education and overall uncertainty is leading to unfortunate results -- both in terms of targeted citizens and the law enforcement agencies hoping to hold onto whatever evidence they may obtain. Overbroad warrants are routine and it's not always the result of a "collect it all" philosophy. These broad requests result in pushback from tech company recipients (who, unfortunately, likely understand the law better), which further strains the relationship between service providers and law enforcement agencies. The problem with the law enforcement side is the numbers don't support this perception. The increase in requests has led to an increase in rejected requests as a whole -- which fuels the perception service providers are giving lawmen the figurative finger -- but the percentage of rejected requests (around 20%) has remained constant. It's not just law enforcement personnel needing more training and info. The lack of training leads to broad warrant requests and subpoenas from law enforcement. These requests should be receiving pushback before they're delivered to service providers. But far too often, they're not receiving enough scrutiny at the judicial level. This is also an education/information problem. The broad requests that do make it through post additional issues that are rarely discussed. While FISA court orders authorizing surveillance (including domestic surveillance) stress minimization of non-target info, demands for data from service providers aren't subject to these restrictions. Data/communication dumps can expose a lot of info about non-targets and there's almost zero recourse for non-targets whose privacy has been violated. "Incidental" collection isn't just something the NSA does. It's the inevitable byproduct of overbroad requests and few, if any, rules governing the collection and use of this info. The report details a large number of deficiencies in the process which has made law enforcement's job far more difficult than it needs to be. Tech advances don't solely benefit crafty criminals. They also aid law enforcement, but there's been no cohesive effort made by the federal government to ensure local agencies can make the most of the tools available. Until this is nailed down, worrying about defeating or bypassing encryption is a waste of time. That the FBI's director has decided that's how he's going to use his time and energy, suggests the agency -- the most frequent contact for local agencies seeking tech help -- isn't going to prioritize sharing knowledge over seeking legislative mandates. The FBI is hurting itself and others by limiting their ability to do everything they can right now in hopes of getting a law enforcement-sized hole drilled in encryption at some point in the next few decades. Source
  8. A consortium of U.S. federal agencies released a notification on Hoplight, a new data collector malware being used by the North Korean cyberespionage group Hidden Cobra (aka Lazuras). The Department of Homeland Security, FBI, and Department of Defense in its malware analysis report on Hoplight noted it obfuscation plays a large role in the malware’s behavior containing 20 malicious executable files, 16 of which are designed to mask activity between the malware and the operator. “When executed the malware will collect system information about the victim machine including OS Version, Volume Information, and System Time, as well as enumerate the system drives and partitions,” the report states. The malware is extremely sophisticated and uses proxies to generate fake TLS handshake sessions using valid public SSL certificates, so the network connection is effectively disguised. Two versions of Hoplight exist “So if the opcode for Keepalive in version 1 is 0xB6C1, the opcode in version 2 will be 0xB6C2,” the report stated. Hidden Cobra is one of the most prolific state sponsored hacking groups attacking a wide variety of targets. While the group primarily focuses on South Korean, U.S and Japanese targets, the nation’s North Korea considers its primary foes, with an occasional smattering of others like Russia. Source
  9. Prosecutors for the Justice Department and state attorney general offices are discussing ways of curbing the search giant's market power as they prepare to sue the company. Justice Department and state prosecutors investigating Google for alleged antitrust violations are considering whether to force the company to sell its dominant Chrome browser and parts of its lucrative advertising business, three people with knowledge of the discussions said Friday. The conversations — amid preparations for an antitrust legal battle that DOJ is expected to begin in the coming weeks — could pave the way for the first court-ordered break-up of a U.S. company in decades. The forced sales would also represent major setbacks for Google, which uses its control of the world’s most popular web browser to aid the search engine that is the key to its fortunes. Discussions about how to resolve Google’s control over the $162.3 billion global market for digital advertising remain ongoing, and no final decisions have been made, the people cautioned, speaking anonymously to discuss confidential discussions. But prosecutors have asked advertising technology experts, industry rivals and media publishers for potential steps to weaken Google’s grip. DOJ is separately preparing an antitrust suit accusing Google of abusing its control on the online search market, which the department could file as soon as next week. Targets of that complaint are expected to include the ways Google uses its Android mobile operating system to help entrench its search engine, POLITICO reported last week. Spokespeople for Google and the Justice Department declined to comment Friday. The expected litigation comes as Google and fellow tech industry heavyweights Facebook, Amazon and Apple are facing growing scrutiny from both Republicans and Democrats in Washington for issues such as their squashing of competitors, treatment of users’ private data and handling of disinformation in the presidential race. One major question facing the prosecutors in both suits: What fixes should they seek to curb Google’s power? In the advertising investigation, DOJ and state attorneys general have asked rivals and other third parties for their views on which businesses Google should have to sell. They have also asked whether any existing competitors should be off-limits as potential buyers, the people said. The lawyers have also asked whether any of Google’s properties outside of the advertising technology market should be targeted for potential sale — leading some to single out Google’s Chrome browser, they said. The browser, which Google introduced in 2008 and has the largest market share in the U.S., has been at the center of rivals’ accusations that the search giant uses its access to users’ web histories to aid its advertising business. That criticism escalated in January, when Google said it would phase out the use of third-party cookies in its Chrome browser within two years to enhance consumer privacy. But cookies — small files a browser uses to track visits to websites — are also a key tool for publishers to demonstrate the effectiveness of advertising campaigns to ad buyers. Google’s own estimates show that eliminating those cookies will reduce advertising revenue to news outlets that show online ads by as much as 62 percent. While other browsers such as Apple’s Safari and the Mozilla Foundation’s Firefox already block cookies, the move by Google’s Chrome is likely to have broader reach as it’s used by nearly 60 percent of desktop computers and 37 percent of mobile devices in the U.S., according to analytics firm StatCounter. A major antitrust report that the House Judiciary Committee released this week found that Chrome’s market share allows Google to “effectively set standards for the industry,” an issue of particular relevance as Chrome phases out cookies. “Google’s ad-based business model can prompt questions about whether the standards Google chooses to introduce are ultimately designed primarily to serve Google’s interests,” the House report said. “Market participants are concerned that while Google phases out third-party cookies needed by other digital advertising companies, Google can still rely on data collected throughout its ecosystem.” Google has said it is working with the advertising industry and others to develop alternatives to cookies. For example, the search giant has proposed a new system, nicknamed Turtledove, in which advertising auctions would take place within the browser instead of sending data to outside servers. Google argues this would better protect user privacy because a person’s data never leaves her computer or phone. Advertising industry representatives, though, are wary of giving over that much control without oversight to browsers — and, in effect, Google. Short of demanding that Google sell the browser, prosecutors could also consider asking a court to limit how Google uses the data derived from Chrome to aid its other products, one of the individuals and a fourth person involved in the ad technology market said. Google’s control over the technology that underlies advertising across the open web traces back to the search giant’s 2007 purchase of DoubleClick, a company that helped websites and advertisers serve online ads. The Federal Trade Commission reviewed the acquisition at the time and voted, 4-1, to let it move forward, despite concerns that the deal would enable Google to strong-arm website publishers into using its other advertising services. At least one of the commissioners who voted in favor of the deal, William Kovacic, a Republican, told the New York Times he would have supported challenging the merger if he knew then what he knows now. Since the DoubleClick buy, Google has also scooped up other ad tech properties including Admob, a mobile advertising company; ad auctioneer Invite Media; and AdMeld, a platform for ad buyers. Those deals helped Google create a suite of technologies that cover every stage of the process for both buying and selling online display ads. Requiring Google to either unwind some of those acquisitions or sell off its business on either the buyer or seller side of the market are among the possibilities being discussed, the people involved in the conversations said. Source
  10. Also, Brazilian teen spots odd Instagram bug and nets $25K In Brief Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public. This is according to an alert issued by the FBI and Department of Homeland Security this week. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results - a process that could take weeks. Unlike the 2016 election, when most of the disinformation was sprayed out in the run-up to the vote, this cycle will aim to even make people question whether the results of the vote are valid, the alert states. People are urged to check their facts carefully with multiple sources and on official government websites. "The increased use of mail-in ballots due to COVID-19 protocols could leave officials with incomplete results on election night," the agencies warned. "Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy." ATM skimming crew busted The DOJ has indicted nine people it says operated a string of ATM skimmer operations netting more than $100,000 in theft. The crew, it is said, placed "skimmer" devices over the card readers of ATMs and collected the card information of people who used the kiosks. They would then yank the skimmers and encode the data onto blank cards which they could use or sell to others. This was done between March 2019 and June 2020 across a string of states in the southeastern US: Florida, Louisiana, Georgia, and Mississippi, as well as in New York state. Each of the nine have now been indicted on one federal count of conspiracy to commit device fraud. Police have also reportedly arrested other suspected members of the gang. You're never going to believe this, but Cisco has patched some bugs The latest patch bundle from Switchzilla is a hefty one, containing a total of 42 CVE-listed vulnerabilities across various networking gear. Fortunately, none of the fixes are for issues deemed to be critical problems, but 29 are considered high risk and should be patched as soon as possible.p> These include a firewall denial of service bug, a code execution flaw, and an arbitrary file overwrite in IOS XE appliances, two denial of service bugs in Aironet Access Points, and denial of service in the Catalyst 9200 series switches. Teen hacker bags $25K payout for Instagram bug find A 14 year-old Brazilian developer has netted himself a nice payday from Facebook, thanks to a critical bug find in Instagram. Andres Alonso says that he stumbled upon the cross-site scripting flaw by accident while he was working on his own mobile app. While wading through some integration code with Instagram's AR filter creator, he figured out that someone could redirect the URL a filter links to without the user getting any notification. At the time, though, he couldn't quite get a proof-of-concept to work and show it was a complete XSS vulnerability. Stil, Alonso reported the issue to Facebook, whose security team confirmed that it was indeed a bug that would allow for dangerous cross-site-scripting and decided to award the teen a tidy $25,000 bounty. Facebook's crew said the dodgy code could be used in an XSS attack against Instagram but reckoned it hadn't been used in the wild. "I have to thank Facebook for making a little push in my report escalating to an XSS," he said. It's 2020, and we're still trying Silk Road cases It has been more than five years since Silk Road boss Ross Ulbricht was sent to prison for a double life sentence plus 40 years without the possibility of parole, and US authorities are still trying people tied to the notorious drugs market. This time, it's programmer Michael Weigand, who pled guilty to lying to federal investigators about his role in the market. Specifically, Weigand admitted that he was actually involved in helping suss out potential security holes in the site and that he worked with both Ulbricht and Silk Road advisor Roger Thomas Clark. Additionally, Weigand admitted to flying to London to meet one of Clark's friends under the guise of starting a marijuana seed business, but instead going to Clark's London residence to destroy evidence. "When Weigand was questioned by law enforcement in 2019, he falsely claimed not to have done anything at all for Silk Road," US Attorney Audrey Strauss. "For his various false statements, Weigand now faces potential prison time." Source
  11. Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a Monday advisory. CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security. “CISA and the FBI also recommend that organizations routinely audit their configuration and patch management programs to ensure they can track and mitigate emerging threats,” according to a Monday CISA advisory. “Implementing a rigorous configuration and patch management program will hamper sophisticated cyber threat actors’ operations and protect organizations’ resources and information systems.” No further details on the specific hacked entities were made public. The threat actors have been spotted successfully exploiting two common vulnerabilities – allowing them to compromise federal government and commercial entities, according to CISA. The first is a vulnerability (CVE-2020-5902) in F5’s Big-IP Traffic Management User Interface, which allows cyber threat actors to execute arbitrary system commands, create or delete files, disable services, and/or execute Java code. As of July, about 8,000 users of F5 Networks’ BIG-IP family of networking devices were still vulnerable to the critical flaw. Feds also observed the attackers exploiting an arbitrary file reading vulnerability affecting Pulse Secure VPN appliances (CVE-2019-11510). This flaw – speculated to be the cause of the Travelex breach earlier this year – allows bad actors to gain access to victim networks. “Although Pulse Secure released patches for CVE-2019-11510 in April 2019, CISA observed incidents where compromised Active Directory credentials were used months after the victim organization patched their VPN appliance,” according to the advisory. Threat actors were also observed hunting for Citrix VPN Appliances vulnerable to CVE-2019-19781, which is a flaw that enables attackers to execute directory traversal attacks. And, they have also been observed attempting to exploit a Microsoft Exchange server remote code execution flaw (CVE-2020-0688) that allows attackers to collect emails of targeted networks. As part of its advisory, CISA also identified common TTPs utilized by the threat actors. For instance, threat actors have been spotted using the Cobalt Strike commercial penetration testing tool to target commercial and federal government networks; they have also seen the actors successfully deploying the open-source China Chopper tool against organization networks and using open-source tool Mimikatz. The initial access vector for these cyberattacks vary. CISA said it has observed threat actors utilize malicious links in spearphishing emails, as well as exploit public facing applications. In one case, CISA observed the threat actors scanning a federal government agency for vulnerable web servers, as well as scanning for known vulnerabilities in network appliances (CVE-2019-11510). CISA also observed threat actors scanning and performing reconnaissance of federal government internet-facing systems shortly after the disclosure of “significant CVEs.” CISA said, maintaining a rigorous patching cycle continues to be the best defense against these attacks. “If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network,” according to the advisory. Terence Jackson, CISO at Thycotic, echoed this recommendation, saying the advisory sheds light on the fact that organizations need to keep up with patch management. In fact, he said, according to a recent Check Point report, 80 percent of observed ransomware attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier – and more than 20 percent of the attacks used vulnerabilities that are at least seven years old. “Patch management is one of the fundamentals of security, however, it is difficult and we are still receiving a failing grade. Patch management, enforcing MFA and least privilege are key to preventing cyber-attacks in both the public and private sectors,” he told Threatpost. Source
  12. On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies on the conference call, which included the U.S. Department of Health and Human Services (HHS), warned participants about “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.” The agencies said they were sharing the information “to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.” The warning came less than 24 hours after this author received a tip from Alex Holden, founder of Milwaukee-based cyber intelligence firm Hold Security. Holden said he saw online communications this week between cybercriminals affiliated with a Russian-speaking ransomware group known as Ryuk in which group members discussed plans to deploy ransomware at more than 400 healthcare facilities in the U.S. One participant on the government conference call today said the agencies offered few concrete details of how healthcare organizations might better protect themselves against this threat actor or purported malware campaign. “They didn’t share any IoCs [indicators of compromise], so it’s just been ‘patch your systems and report anything suspicious’,” said a healthcare industry veteran who sat in on the discussion. However, others on the call said IoCs may be of little help for hospitals that have already been infiltrated by Ryuk. That’s because the malware infrastructure used by the Ryuk gang is often unique to each victim, including everything from the Microsoft Windows executable files that get dropped on the infected hosts to the so-called “command and control” servers used to transmit data between and among compromised systems. Nevertheless, cybersecurity incident response firm Mandiant today released a list of domains and Internet addresses used by Ryuk in previous attacks throughout 2020 and up to the present day. Mandiant refers to the group by the threat actor classification “UNC1878,” and aired a webcast today detailing some of Ryuk’s latest exploitation tactics. Charles Carmakal, senior vice president for Mandiant, told Reuters that UNC1878 is one of most brazen, heartless, and disruptive threat actors he’s observed over the course of his career. “Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline,” Carmakal said. One health industry veteran who participated in the call today and who spoke with KrebsOnSecurity on condition of anonymity said if there truly are hundreds of medical facilities at imminent risk here, that would seem to go beyond the scope of any one hospital group and may implicate some kind of electronic health record provider that integrates with many care facilities. So far, however, nothing like hundreds of facilities have publicly reported ransomware incidents. But there have been a handful of hospitals dealing with ransomware attacks in the past few days. –Becker’s Hospital Review reported today that a ransomware attack hit Klamath Falls, Ore.-based Sky Lakes Medical Center’s computer systems. –WWNY’s Channel 7 News in New York reported yesterday that a Ryuk ransomware attack on St. Lawrence Health System led to computer infections at Caton-Potsdam, Messena and Gouverneur hospitals. –SWNewsMedia.com on Monday reported on “unidentified network activity” that caused disruption to certain operations at Ridgeview Medical Center in Waconia, Minn. SWNews says Ridgeview’s system includes Chaska’s Two Twelve Medical Center, three hospitals, clinics and other emergency and long-term care sites around the metro area. This is a developing story. Stay tuned for further updates. Source
  13. Three men have been indicted in the US for trying to steal at least $15m by hacking into the Department of Defence's payroll service and customer accounts at 14 different financial institutions. The US Attorney's office in New Jersey has charged two men from Kiev in Ukraine, Oleksiy Sharapka and Leonid Yanovitsky, and a third man from New York, Richard Gundersen, with conspiracy to commit wire fraud, conspiracy to commit access device fraud and identity theft and aggravated identity theft. According to prosecutors, Sharapka led the conspiracy with the help of Yanovitsky, while Gundersen allegedly facilitated the movement of the proceeds from the hacks. The New Yorker is in custody, but both Ukrainians are currently fugitives.The hackers were able to gain access to bank accounts of over a dozen financial institutions and businesses, including Citibank, JP Morgan Chase, PayPal, Nordstrom Bank and Veracity Payment Solutions. Once they were in, they diverted cash from the accounts to their own bank accounts or on to pre-paid debit cards. After that, they allegedly hired crews of individuals to "cash out" the stolen money. These "cashers" withdrew the funds from ATMs and by shopping for fraudulent purchases in the US. To help do this, the men stole US identities, which could be used to file fraudulent tax returns and to transfer money to. The men are facing a maximum potential sentence of 27 years for the charges against them as well as a maximum fine of $250,000 or twice the gross amount of the gains they made from their offences and another $500,000 for laundering the money through international wire transfers and other means. Source
  14. Two dead dogs and more than $50,000 in damaged property were just some of the casualties of arsons carried out across Milwaukee, Wisconsin, throughout 2018 and 2019. Google keeps historical locations of users, and police are taking advantage to find all kinds of criminals. To find the perpetrators, officers from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) demanded Google supply records of user devices in the respective locations at the times the arsons took place, Forbes has learned. Though federal agents had used the technique before, they’d never received such a data haul back from Google. The requests, outlined in two search warrants obtained by Forbes, demanded to know which specific Google customers were located in areas covering 29,387 square meters (or 3 hectares) during a total of nine hours for the four separate incidents. Unbeknownst to many Google users, if they have a “location history” is turned on, their whereabouts are stored by the tech giant in a database called SensorVault. In this case, Google found 1,494 device identifiers in SensorVault, sending them to the ATF to comb through. In terms of numbers, that’s unprecedented for this form of search. It illustrates how Google can pinpoint a large number of mobile phones in a brief period of time and hand over that information to the government. Previous Forbes reporting has shown searches across far wider areas. To investigators, this kind of “geofence” demand is useful, allowing them to go through the data trove provided by Google, look for devices of interest such as a known suspect’s phone and ask for more personal information on the user of that mobile. Privacy concerns But it's also the kind of search that's been making pro-privacy folk anxious over the last year. Such data grabs, also referred to as “reverse location searches,” see the police give Google a timeframe and an area on Google Maps within which to find every Google user within. Google then looks through its SensorVault database of user locations, taken from devices running the tech giant’s services like Google Maps or anything that requires the “location history” feature be turned on. The police then look through the list, decide which devices are of interest to the investigation and ask for subscriber information that includes more detailed data such as name, email address, when they signed up to Google services and which ones they used. Google supplies the government with "anonymized" user data on users within and around a bank at the time of a robbery. In this case, investigators asked for identifying information on all six users and Google provided it. It’s unclear whether or not Google handed over any identifying information, but to Jerome Greco, a public defender in the Digital Forensics Unit of the Legal Aid Society, it’s a sign that geofence warrants are overly broad and endanger user privacy. “The number of phones identified in that area shows two key points,” he tells Forbes. “One, it demonstrates a sample of how many people’s minute-by-minute movements Google is precisely tracking. “Two, it shows the unconstitutional nature of reverse location search warrants because they inherently invade the privacy of numerous people, who everyone agrees are unconnected to the crime being investigated, for the mere possibility that it may help identify a suspect.” The ATF, which filed the search warrants in Wisconsin, said it couldn’t comment on ongoing investigations. Neither of the two suspects named in the warrants have been charged in federal court at the time of publication. As for its use of Google geofence searches, a spokesperson said: “To ensure the safety of our special agents and other law enforcement partners with whom we work, ATF does not release information regarding certain law enforcement techniques to the public.” Richard Salgado, Google director of law enforcement and information security, said the company had processes to look through government requests and ensure customer privacy was protected. “We only produce information that identifies specific users when we are legally required to do so,” said Salgado. A bank heist investigation Forbes obtained another search warrant that indicates Google is trying to fight back against overly broad government requests, but still appears to be handing over innocent people’s information as well as legitimate suspect data. In another a previously unknown geofence search, federal officers wanted Google to share information on devices in the vicinity of a bank robbery in Allenton, Wisconsin, in April this year. Initially, Google deemed the area the government wanted it to search too wide. By pushing back, Google convinced investigators to reduce the search area from a 400 meter radius, to 50 meters. Google then returned phone identifiers for six devices. The government asked for personal details of the individual users for all six, which the tech giant duly provided, including name, email and other Google account use data. Only two suspects, who are currently awaiting trial for that robbery and two others in the state, have been named, indicating innocents’ personal data was disclosed. Guilty until proven innocent? That geofence warrants scoop up innocents’ data has now been proven beyond doubt. In one previous case detailed by the New York Times an innocent man was falsely imprisoned for a week, in part because of the data provided by Google. But Orin Kerr, a professor at Berkeley Law, says that use of innocents’ information is going to be inherent in investigations. Video footage of bank robberies, for instance, will contain images of innocents there at the time, Kerr adds. “Presumably, most people who are on that video are innocent.” If you’re concerned about being caught up in any dragnet, it’s possible to opt out of Google’s historic location database. To do this, users can go to their My Activity page in their Google account and click on Activity Controls. From there, you can toggle the location history feature off. Source
  • Create New...