Naked Security - Sophos
The domain for xDedic has been seized as well. In a joint operation, the Federal Bureau of Investigation (FBI) and authorities from several European countries have successfully taken down xDedic, a notorious dark web marketplace known for selling stolen digital goods such as login credentials, identity cards, and hacked servers. The operation was carried out on January 24th […]
This is a post from HackRead.com Read the original post: Authorities shut down xDedic marketplace for selling hacked servers
A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week.
Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week.
It is not clear how long data were left exposed online, according to the Shodan search engine, the server had been publicly open since at least November 30, 2018.
The unsecured storage server was discovered by security expert Greg Pollock from UpGuard, it contained 3 terabytes of data including millions of sensitive Government files and years worth of sensitive FBI investigations.
Other documents included social security numbers, names, and addresses
for over a hundred thousand brokers, credentials for remote access to ODS workstations, and communications meant for the Oklahoma Securities Commission.
The server also included email backups from 1999 to 2016, the largest and most recent reaching 16GB in size.
The exposed information includes passwords that could have used by an attacker to remotely access the state agency’s workstations, and credentials to access several internet services.
Digging in the archive it is also possible to find information related to people with
“By the best available measures of the files’ contents and metadata, the data was generated over decades, with the oldest data originating in 1986 and the most recent modified in 2016,” reads a blog post published by UpGuard.
“The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services, allowing any user from any IP address to download all the files stored on the server.”
The Oklahoma Securities Commission published a press release to disclose the data leak, it announced that a forensic team is still investigating the case.
“The Oklahoma Department of Securities (ODS) has initiated a comprehensive review of the circumstances surrounding an incident involving the inadvertent exposure of information during installation of a firewall.” reads the press release.
“An accidental vulnerability of limited duration to a server containing archived data was discovered and immediately secured. The ODS has notified law enforcement and OMES regarding the incident. A forensic team is currently conducting an analysis to determine the type and number of data files that may have been exposed and who may have accessed them.”
The post Unprotected server of Oklahoma Department of Securities exposes millions of government files appeared first on Security Affairs.
Impressive police work:
In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade.
A Dutch article says that it's a BlackBerry system.
El Chapo had his IT person install "...spyware called FlexiSPY on the 'special phones' he had given to his wife, Emma Coronel Aispuro, as well as to two of his lovers, including one who was a former Mexican lawmaker." That same software was used by the FBI when his IT person turned over the keys. Yet again we learn the lesson that a backdoor can be used against you.
And it doesn't have to be with the IT person's permission. A good intelligence agency can use the IT person's authorizations without his knowledge or consent. This is why the NSA hunts sysadmins.
5.3 millions users of "make your own avatar" app Boomoji had their accounts compromised, after the company reportedly didn't secure their internet connected databases properly. "Question and Answer" website Quora also announced the compromise of 100 million of its user accounts following a hack.
A large data breach reported in Brazil is of interest, a massive 120 million Brazilian citizens personal records were compromised due to a poorly secured Amazon S3 bucket. This is not the first mass data breach caused by an insecure S3 bucket we've seen in 2018, the lesson to be learnt in the UK, is to never assume or take cloud security for granted, its essential practice to test and audit cloud services regularly.
Amongst the amazing and intriguing space exploration successes reported by NASA in December, the space agency announced its employee's personal data may had been compromised. Lets hope poor security doesn't jeopardise the great and highly expensive work NASA are undertaking.
It wouldn't be normal for Facebook not to be in the headlines for poor privacy, this time Facebook announced a Photo API bug which exposed 6.8 million user images
Away from the political circus that is Brexit, the European Parliament put into a law a new Cybersecurity Act. Because of the Brexit making all the headlines, this new law may have gone under the radar, but it certainly worth keeping an eye on, even after UK leaves the EU. The EU Parliament has agreed to increase the budget for the ENISA (Network & InfoSec) agency, which will be rebranded as the "EU Agency for Cybersecurity". The Cybersecurity Act will establish an EU wide framework for cyber-security certifications for online services and customer devices to be used within the European Economic Area, and will include IoT devices and critical infrastructure technology. Knowing the EU's love of regulations, I suspect these new best practice framework and associated accreditations to be turned into regulations further down the line, which would impact any tech business operating in European Union.
The UK Parliament enacted the "The Health and Social Care (National Data Guardian) Act", which also went under the radar due to all the Brexit political noise. The act requires the appointment of a data guardian within England and Wales. The data guardian will publish guidance on the processing of health and adult social care data for use by public bodies providing health or social care services, and produce an annual report.
Chinese telecoms giant Huawei had plenty of negative media coverage throughout December, with UK government pressuring BT into not using Huawei kit within BT's new 5G network, due to a perceived threat to UK's future critical national infrastructure posed by the Chinese stated-backed tech giant. The UK Defence Secretary Gavin Williamson said he had "very deep concerns" about Huawei being involved in new UK mobile network.
- BT bars Huawei's 5G kit from core of network
- Huawei's kit removed from emergency services 4G network
- What's going on with Huawei?
- Should we worry about Huawei?
- Why has the UK not blocked Huawei?
- Huawei to invest $2bn in UK security
- FBI swoops on ‘National Threat' ‘Hacks for hire’ websites
- Quora Hacked: 100 Million Users have their Personal Data Exposed
- Huawei: 'Deep concerns' over firm's role in UK 5G upgrade
- Security Firm Hijacks High-Profile Twitter Accounts
- Boomoji App Developer Leaves Customer Data exposed on Open Database
- Exposed S3 Bucket Compromises 120 million Brazilian Citizens
- Save the Children lost £795 thousand to BEC Scam
- PewDiePie Printer Hackers strike Again
- Citrix Forces Users to Change Passwords after Credential Stuffing Attacks
- NASA Servers with Employee PII Potentially Compromised
- Parliament Creates New National Data Guardian to Safeguard Health and Social Care Data
- FCA warns Banks against Over-Reliance on Third-Party Security Providers
- Facebook Photo API bug exposed 6.8 Million Users images
- EU New Cyber-Security Agency and Certification Framework
- Microsoft Patches 40 Vulnerabilities, including 9 Critical for Text-To-Speech, IE, Office Chakra, DNS, and .NET
- Adobe Releases Fixes for an Important Vulnerability for Acrobat and Acrobat Reader
- Microsoft issues out-of-band patch for Exploited Memory Corruption bug in Internet Explorer
- Mozilla Patches Vulnerabilities in Firefox and Firefox ESR
- NCSC Warns of Vulnerabilities in Office 365 being Exploited by Cyber-Criminals
- Apple releases security updates for macOS iOS, iTunes, iCloud, Safari and tvOS
- Logitech Keyboard App Patched to prevent Hackers Injecting Keystrokes
- Major Vulnerabilities found in IoT protocols MQTT and CoAP
- Virgin Media fixes multiple Security Flaws in Super Hub 3
- Second Google+ Bug Hastens Shutdown
On August 1st, the US Attorney for the Western District of Washington, Annette Hayes, and the FBI Seattle Special Agent in Charge, Jay Tabb, along with main Justice's head of the Computer Crimes and Intellectual Property Section (CCIPS), Deputy Attorney General Downing, gave a fascinating press conference about the FIN7 or Carbanak Group case. (The link shows the 31 minute press conference on YouTube, where closed captioning is available.)
As AG Downing explained it, the FIN7 group would use a combination of emails and telephone calls to encourage people involved in catering or group reservations to open their malicious emails. Imagine that your job is booking hotel rooms for group travel, or handling large catering deliveries for business meetings from your restaurant. A new potential customer calls and says "I'd like to book forty hotel rooms for our sports team that is coming to play in a tournament in your town next month. What email should I send the details to?" Or "We're having an event at my office and need to order lunch for sixty people. I know that I could use the online order form, but would you mind if I just sent you an email with the details?" (I've done the latter myself when ordering FIFTY pizzas from Dominos!)
What sales person is NOT GOING TO OPEN THAT ATTACHMENT? Right. Every single one will do so! Here's the flow of the attack that was shared at the Press Conference:
|(Image from FBI Seattle FBI Office)|
|Spear-phishing Email Image from justice.gov|
|Spear-phishing Email Image from justice.gov|
Is This Joker's Stash?
|Trend Micro (click for full article)|
|Sonic Drive-In cards being sold on Joker's Stash (image from krebsonsecurity.com)|
Three Ukrainian mastermind arrested
|The superseding indictment of Fedor Gladyr|
|Dmytro Fedorov Indictment|
|FIN7 Attacked at least 3600 locations of 100+ US businesses|
Rezi recruited Eliot Pereira and Melissa Rios, below, who each in turn recruited others.
Defendant #1: Eliot Pereira, b.1993 - opened "Eliot Products & Arts, Inc." and recruited and managed mules.
Defendant #2: Natalie Armona - opened "Armona Furniture Design Concept & Textile" and recruited and managed multiple mules and recruiters, including defendants #5, #8, #9, #10, and #12.
Defendant #3: Melissa Rios, b. 1996 - opened "Taihan Fiberoptics, Inc." and recruited #2
Defendant #4: Bryant Ortega, b. 1996 - opened "Bryant Tech Deals" and recruited and managed multiple mules, including Defendant #7. (4631 West 9th Court, Hialeah, FL 33012)
Defendant #5: Angelo Santa Cruz, b. 1994 - opened "ASC Worldwide, Inc" and recruited and managed multiple mules, including Defendants #6 & #11.
Defendant #6: Alexis Fernandez Cruz, b. 1992 - opened "Alexis Universal, Inc."
Defendant #7: Roberto Carlos Gracia, b. 1994 - opened RCG Deals, Inc.
Defendant #8: Jose E. Rivera, b. 1989 - opened Rivera Worldwide, Inc.
Defendant #9: Angeles De Jesus Angulo, b. 1996 - opened Angeles Premier Trades, Inc.
Defendant #10: Jennifer Ruiz, b. 1994 - opened Josette Quality, Inc.
Defendant #11: Yirielkys Pacheco Fernandez, b. 1984 - opened YF Nationwide, Inc.
Defendant #12: Sebastian Loayza, b. 1994 - opened Sure Trades, Inc.
This case starts off with a criminal complaint from the Miami office of the United States Secret Service.
It begins with his overview of the case, which is worth quoting here:
"Federal law enforcement agents have been investigating numerous business email compromise and spear phishing scams wherein various fraudsters targeted employees with access to company finances and tricked them into making wire transfers to bank accounts thought to belong to trusted partners -- except in fact, the accounts were shell companies controlled by the fraudsters.
Different people played different roles in the scheme. Some of the co-conspirators hacked into and took control over certain victim companies' business email accounts without the knowledge or consent of the true email account holders, or created email accounts similar to, but slightly different from, real business email accounts. Using the sham or compromised email accounts, the fraudsters then sent emails soliciting payments, claiming that funds were owed, and representing that payments for services rendered by the victim companies should be redirected to different accounts.
Other co-conspirators, known as money mules, opened shell companies and bank accounts into which the funds were fraudulently transferred, and then withdrew the fraud proceeds in cash, or wired the fraud proceeds into their foreign and domestic bank accounts. Several money mules progressed to recruiting and managing other mules."
Natalie Armona may have been a good choice for Melissa to recruit based on her work. Here's a Facebook post of hers from last year! But by the dates, she had been in the money mule business quite a while before landing this job as a Junior Processor at a lending firm.
Armona's TD Bank accountThe complaint begins by telling the story of Natalie ARMONA, who opened a business, Armona Furniture Design Concept & Textile Inc., incorporating the business in Florida using her home address and opening a business checking account at TD Bank. She was the sole signatory, and used her true social security number on the account. The account was opened on December 9, 2106 and received its first wire December 14, 2016, from a scammed medical center (Victim Company A). After taking out her commission in cash ($5,500) using her true Florida drivers license number as identity confirmation, Armona wired the rest of the money to "Flame Land International Limited" in Hong Kong.
On December 21, 2016, Armona's TD Bank account received an ACH for $724,395. Armona again paid herself first, withdrawing $10,508 in person. Three wires went out. $288,301 to "Caplan Sp Zoo" in Warszawa, Poland. $194,110 to the same. $94,218 to "Baolifeng Intl Trading Limited" in Shenzhen, China. Armona paid herself twice more, once for $5,500 and once for $9400. On December 27, 2016, she dipped three more times, for $800, $3800, and $9900.
Armona's SunTrust Bank accountOn December 9, 2016, Armona Furniture opened a SunTrust Bank account. On December 30th she got an inbound ACH of $35,170 from a Pennsylvania sign company. Also on December 30th, she got an incoming wire from Kukutula Development Company LLC in Koloa, Hawaii in the amount of $59,850. On January 3, 2017, Armona withdrew $35,170. On January 13, 2017, SunTrust closed the account for fraud with a balance of $59,850.
ASC WorldWideA collaborating witness told the Miami Electronic Crimes Task Force that he had been recruited by Armona and had opened a shell company in the name ASC WorldWide, with accounts at TD Bank and Suntrust Bank. Among other activities, he used email-based scams to cause $80,000 to be wired.
After a few successful jobs, the suspect said that Armona told him he could earn extra money by recruiting others into the scam. He agreed to allow the USSS to record his emails, phone calls, and any text or WhatsApp communications involving others in the scheme.
The Ortega Case
(Ortega was arrested Jan 25, 2018)
The Pereira CaseThe third case, Feb 23, 2018, has an affidavit from Miami's FBI office from an agent who previously served as a Computer Scientist in the Philadelphia office! Pereira ran several schemes against companies by impersonating their officers, including Fakhoury Law Group (Troy, Michigan), High Tech Lending (San Diego, California), Gaumer Company (Houston, Texas), Park Corporation (Cleveland, Ohio), and Zija International (Lehi, Utah.) Each of those companies received fraudulent emails, claiming to be from an executive of their own company, ordering that wires be sent to accounts controlled by "OS Fly Tech Incorporated." Pereira hired an unnamed middle man to set up additional corporate accounts at Bank of America, Wells Fargo, SunTrust Bank, and Regions Bank. The Middleman says that Pereira was working with an unknown male who he called "Rezi." This would be the same person that Cynthia Rodriguez was working for (see Operation Wire Wire: The South Florida Cases, Part 1) Roda Taher. Pereira and Rezi gave one of their mules an email firstname.lastname@example.org to use.
As shown above, nearly $1M in wires were sent to company accounts at Bank of America, SunTrust Bank, TD Bank, and Wells Fargo Bank in September and October of 2016. Pereira and his middleman communicated through WhatsApp and Email. (954.554.5501 / email@example.com / firstname.lastname@example.org )
The Big PictureRoda Taher, AKA Ressi, AKA Rezi, was the manager and supervisor of a criminal organization in the Southern District of Florida and elsewhere. He recruited all of the defendants in this case, encouraged them to open shell accounts and receive illegally transferred funds, some of which they directly wired to China, Poland, and elsewhere.
The case involves 30 distinct financial transactions:
|2||02SEP2016||Eliot Pereira||$89,630 from OS Fly Tech's Wells Fargo account to China|
|3||30NOV2016||Melissa Rios||$13,844 from Tiahan Fiberoptics Inc's TD Bank account to Huzhou Nanmei Textile|
|4||23DEC2016||Natalie Armona||$288,301 from Armona Furniture's TD Bank account to Caplan Sp Zoo in Warszawa Poland|
|4||23DEC2016||Natalie Armona||$194,110 from Armona Furniture's TD Bank account to Caplan Sp Zoo in Warszawa Poland|
|5||23DEC2016||Natalie Armona||$288,301 from Armona Furniture's TD Bank account to Caplan Sp Zoo in Warszawa Poland|
|6||23DEC2016||Natalie Armona||$94,218 from Armona Furniture's TD Bank account to Baolifeng Intl. Trading Limited in Shenzhen China|
|7||12JAN2017||Natalie Armona||$44,618 from Armona Furniture's TD Bank account to Hangzhou Jieenda Textile Co Ltd in China|
|8||07MAR2017||Bryant Ortega||$94,110 from Bryant Tech Deal's SunTrust account to Huge Elite Limited in Shanghai, China|
|9||08MAR2017||Bryant Ortega||$128,705 from Bryant Tech Deal's SunTrust account to Huge Elite Limited in Shanghai, China|
|10||08MAR2017||Bryant Ortega||$6,200 from Bryant Tech Deal's SunTrust account|
|11||28MAR2017||Bryant Ortega||$179,302 from Bryant Tech Deal's SunTrust account to Lofty Ease Limited in Shanghai, China|
|12||14APR2017||Roberto Carlos Garcia||$3,500 from RCG Deals Inc's Bank of America account|
|13||17APR2017||Roberto Carlos Garcia||$112,000 from RCG Deals Inc's Bank of America account to KT and G Corp|
|14||17APR2017||Roberto Carlos Garcia||$7,000 from RCG Deals Inc's Bank of America account|
|15||17APR2017||Roberto Carlos Garcia||$3,000 from RCG Deals Inc's Bank of America account|
|16||28APR2017||Jennifer Ruiz||$39,841 from Josette Quality Inc's TD Bank account to Huzhou Nanmei Textile Co. Ltd.|
|17||28APR2017||Jennifer Ruiz||$3,400 from Josette Quality Inc's TD Bank account|
|18||04MAY2017||Roberto Carlos Garcia||$100 from RCG Deals Inc's Bank of America account|
|19||26OCT2017||Angelo Santa Cruz||$88,950 from ASC Worldwide's Chase Bank account to Niche Holding Ltd.|
|20||26OCT2017||Angelo Santa Cruz||$7,000 from ASC Worldwide's Chase Bank account|
|21||01NOV2017||Alexis Fernandez Cruz||$8,600 from Alexis Universal Inc's TD Bank account|
|22||07NOV2017||Angelo Santa Cruz||$96,500 from ASC Worldwide's TD Bank account to Zhejiang Oudi Machine Co. Ltd.|
|23||07NOV2017||Angelo Santa Cruz||$8,500 from ASC Worldwide's TD Bank account|
|24||09NOV2017||Alexis Fernandez Cruz||$8,500 from Alexis Universal Inc's SunTrust Bank account|
|25||21NOV2017||Yirielkys Pacheco Fernandez||$34,810 from YF Nationwide Inc's Chase Bank account to Nantong Gomaa International Co. Ltd.|
|26||06DEC2017||Yirielkys Pacheco Fernandez||$88,528 from YF Nationwide Inc's Chase Bank account|
|27||30NOV2017||Jose E. Rivera||$54,210 from Rivera Worldwide Inc's Bank of America account to Zhejiang Senhuang Trading in Zhejiang, China|
|28||30NOV2017||Jose E. Rivera||$6,100 from Rivera Worldwide Inc's Bank of America account|
|29||03JAN2018||Angeles De Jesus Angulo||$79,400 from Angeles Premier Trades Inc's Wells Fargo Bank account to Farstar International Ltd|
|30||03JAN2018||Angeles De Jesus Angulo||$8,600 from Angeles Premier Trades Inc's Wells Fargo Bank account|
Altogether, this group is charged with laundering more than $5,000,000.
The case is scheduled to be heard in Jury Trial beginning on June 25, 2018 before Judge Marcia G. Cooke in Miami, Florida.
Tomorrow (June 13, 2018) two of the defendants are meeting to change their plea. Jennifer Ruiz and Yirielkys Pacheco Fernandez have decided they may not want the 20 year sentence that all of them are facing as part of a conspiracy to commit money laundering at this level!