From Digital Age to Nano Age. WorldWide.

Tag: cybercrime

Atoms Lanka Solutions > cybercrime
Robotic Automations

Ireland privacy watchdog confirms Dell data breach investigation | TechCrunch

May 16, 2024 9:17 PM0


A top European privacy watchdog is investigating following the recent breaches of Dell customers’ personal information, TechCrunch has learned.  Ireland’s Data Protection Commission (DPC) deputy commissioner Graham Doyle confirmed to TechCrunch that the DPC has received “a breach notification on this matter” — referring to Dell — which is “currently under assessment.” Asked to elaborate, […]

© 2024 TechCrunch. All rights reserved. For personal use only.


Software Development in Sri Lanka

Robotic Automations

FBI seizes hacking forum BreachForums — again | TechCrunch

May 16, 2024 1:17 AM0


The FBI along with a coalition of international law enforcement agencies seized the notorious cybercrime forum BreachForums on Wednesday.  For years, BreachForums has been a popular English-language forum for hackers and cybercriminals who wanted to advertise, sell, and trade stolen data. Just recently, a threat actor advertised Dell customers’ personal information and data stolen from […]

© 2024 TechCrunch. All rights reserved. For personal use only.


Software Development in Sri Lanka

Robotic Automations

Threat actor says he scraped 49M Dell customer addresses before the company found out | TechCrunch

May 10, 2024 9:42 PM0


The person who claims to have 49 million Dell customer records told TechCrunch that he brute-forced an online company portal and scraped customer data, including physical addresses, directly from Dell’s servers.  TechCrunch verified that some of the scraped data matches the personal information of Dell customers. On Thursday, Dell sent an email to customers saying […]

© 2024 TechCrunch. All rights reserved. For personal use only.


Software Development in Sri Lanka

Robotic Automations

What we learned from the indictment of LockBit’s mastermind | TechCrunch

May 7, 2024 11:42 PM0


On Tuesday, U.S. and U.K. authorities revealed that the mastermind behind LockBit, one of the most prolific and damaging ransomware groups in history, is a 31-year-old Russian named Dmitry Yuryevich Khoroshev, aka “LockbitSupp.”

As it’s customary in these types of announcements, law enforcement published pictures of Khoroshev, as well as details of his group’s operation. The U.S. Department of Justice charged Khoroshev with several computer crimes, fraud, and extortion. And in the process, the feds also revealed some details about LockBit’s past operations.

Earlier this year, authorities seized LockBit’s infrastructure and the gang’s banks of data, revealing key details of how LockBit worked.

Today, we have more details of what the feds called “a massive criminal organization that has, at times, ranked as the most prolific and destructive ransomware group in the world.”

Here’s what we’ve learned from the Khoroshev indictment.

Khoroshev had a second nickname: putinkrab

LockBit’s leader was publicly known by the not-very-imaginative nickname LockBitSupp. But Khoroshev also had another online identity: putinkrab. The indictment doesn’t include any information about the online handle, though it appears to reference Russian President Vladimir Putin. On the internet, however, several profiles using the same moniker on Flickr, YouTube, and Reddit, though it’s unclear if these accounts were run by Khoroshev.

LockBit hit victims in Russia, too

In the world of Russian cybercrime, according to experts, there’s a sacred, unwritten rule: hack anyone outside of Russia, and the local authorities will leave you alone. Surprisingly, according to the feds, Khoroshev and his co-conspirators “also deployed LockBit against multiple Russian victims.”

It remains to be seen if this means Russian authorities will go after Khoroshev, but at least now they know who he is.

Khoroshev kept a close eye on his affiliates

Ransomware operations like LockBit are known as ransomware-as-a-service. That means there are developers who create the software and the infrastructure, like Khoroshev, and then there are affiliates who operate and deploy the software, infecting victims, and extorting ransoms. Affiliates paid Khoroshev around 20% of their proceedings, the feds claimed.

According to the indictment, this business model allowed Khoroshev to “closely” monitor his affiliates, including having access to victim negotiations and sometimes participating in them. Khoroshev even “demanded identification documents from his affiliate Coconspirators, which he also maintained on his infrastructure.” That’s probably how law enforcement was able to identify some of Lockbit’s affiliates.

Khoroshev also developed a tool called “StealBit” that complemented the main ransomware. This tool allowed affiliates to store data stolen from victims on Khoroshev’s servers, and sometimes publish it on LockBit’s official dark web leak site.

LockBit’s ransomware payments amounted to around $500 million

LockBit launched in 2020, and since then its affiliates have successfully extorted at least approximately $500 million from around 2,500 victims, which included “major multinational corporations to small businesses and individuals, and they included hospitals, schools, nonprofit organizations, critical infrastructure facilities, and government and law-enforcement agencies.”

Apart from the ransom payments, LockBit “caused damage around the world totaling billions in U.S. dollars,” because the gang disrupted victims’ operations and forced many to pay incident response and recovery services, the feds claimed.

Khoroshev got in touch with the authorities to identify some of his affiliates

Probably the most shocking of the latest revelations: In February, after the coalition of global law enforcement agencies took down LockBit’s website and infrastructure, Khoroshev “communicated with law enforcement and offered his services in exchange for information regarding the identity of his [ransomware-as-a-service] competitors.”

According to the indictment, Khoroshev asked law enforcement to “[g]ive me the names of my enemies.”

US, UK police identify and charge Russian leader of LockBit ransomware gang




Software Development in Sri Lanka

Robotic Automations

US, UK police identify and charge Russian leader of LockBit ransomware gang | TechCrunch

May 7, 2024 8:23 PM0


The identity of the leader of one of the most infamous ransomware groups in history has finally been revealed.

On Tuesday, a coalition of law enforcement led by the U.K.’s National Crime Agency announced that Russian national, Dmitry Yuryevich Khoroshev, 31, is the person behind the nickname LockBitSupp, the administrator and developer of the LockBit ransomware. The U.S. Department of Justice also announced the indictment of Khoroshev, accusing him of computer crimes, fraud and extortion.

“Today we are going a step further, charging the individual who we allege developed and administered this malicious cyber scheme, which has targeted over 2,000 victims and stolen more than $100 million in ransomware payments,” Attorney General Merrick B. Garland was quoted as saying in the announcement.

According to the DOJ, Khoroshev is from Voronezh, a city in Russia around 300 miles south of Moscow.

“Dmitry Khoroshev conceived, developed, and administered Lockbit, the most prolific ransomware variant and group in the world, enabling himself and his affiliates to wreak havoc and cause billions of dollars in damage to thousands of victims around the globe,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey, where Khoroshev was indicted.

The law enforcement coalition announced the identity of LockBitSupp in press releases, as well as on LockBit’s original dark web site, which the authorities seized earlier this year. On the site, the U.S. Department of State announced a reward of $10 million for information that could help the authorities to arrest and convict Khoroshev.

The U.S. government also announced sanctions against Khoroshev, which effectively bars anyone from transacting with him, such as victims paying a ransom. Sanctioning the people behind ransomware makes it more difficult for them to profit from cyberattacks. Violating sanctions, including paying a sanctioned hacker, can result in heavy fines and prosecution.

LockBit has been active since 2020, and, according to the U.S. cybersecurity agency CISA, the group’s ransomware variant was “the most deployed” in 2022.

On Sunday, the law enforcement coalition restored LockBit’s seized dark web site to publish a list of posts that were intended to tease the latest revelations. In February, authorities announced that they took control of LockBit’s site and had replaced the hackers’ posts with their own posts, which included a press release and other information related to what the coalition called “Operation Cronos.”

Shortly after, LockBit appeared to make a return with a new site and a new list of alleged victims, which was being updated as of Monday, according to a security researcher who tracks the group.

For weeks, LockBit’s leader, known as LockBitSupp, had been vocal and public in an attempt to dismiss the law enforcement operation, and to show that LockBit is still active and targeting victims. In March, LockBitSupp gave an interview to news outlet The Record in which they claimed that Operation Cronos and law enforcement’s actions don’t “affect business in any way.”

“I take this as additional advertising and an opportunity to show everyone the strength of my character. I cannot be intimidated. What doesn’t kill you makes you stronger,” LockBitSupp told The Record.




Software Development in Sri Lanka

Robotic Automations

Police resurrect Lockbit's site and troll the ransomware gang | TechCrunch

May 6, 2024 9:55 PM0


An international coalition of police agencies have resurrected the dark web site of the notorious LockBit ransomware gang, which they had seized earlier this year, teasing new revelations about the group.

On Sunday, what was once LockBit’s official darknet site reappeared online with new posts that suggest the authorities are planning to release new information about the hackers in the next 24 hours, as of this writing.

The posts have titles such as “Who is LockBitSupp?”, “What have we learnt”, “More LB hackers exposed”, and “What have we been doing?”

In February, a law enforcement coalition that included the U.K.’s National Crime Agency, the U.S. Federal Bureau of Investigation, as well as forces from Germany, Finland, France, Japan and others announced that they had infiltrated LockBit’s official site. The coalition seized the site and replaced information on it with their own press release and other information in a clear attempt to troll and warn the hackers that the authorities were on to them.

The February operation also included the arrests of two alleged LockBit members in Ukraine and Poland, the takedown of 34 servers across Europe, the U.K., and the U.S., as well as the seizure of more than 200 cryptocurrency wallets belonging to the hackers.

The NCA and the FBI did not immediately respond to a request for comment.

LockBit first emerged in 2019, and has since become one of the most prolific ransomware gangs in the world, netting millions of dollars in ransom payments. The group has proven to be very resilient. Even after February’s takedown, the group has re-emerged with a new dark web leak site, which has been actively updated with new alleged victims.

All the new posts on the seized website, except for one, have a countdown that ends at 9 a.m. Eastern Time on Tuesday, May 7, suggesting that’s when law enforcement will announce the new actions against LockBit. Another post says the site will be shut down in four days.

Since the authorities announced what they called “Operation Cronos” against LockBit in February, the group’s leader, known as LockBitSupp has claimed in an interview that law enforcement has exaggerated its access to the criminal organization as well as the effect of its takedown.

On Sunday, the hacking collective vx-underground wrote on X that they had spoken to LockBit’s administrative staff, who had told them the police were lying.

“I don’t understand why they’re putting on this little show. They’re clearly upset we continue to work,” the staff said, according to vx-underground.

The identity of LockBitSupp is still unknown, although that could change soon. One of the new posts on the seized LockBit site promises to reveal the hacker’s identity on Tuesday. It has to be noted, however, that the previous version of the seized site also appeared to promise to reveal the gang leader’s identity, but eventually did not.




Software Development in Sri Lanka

Robotic Automations

Your Android phone could have stalkerware — here's how to remove it | TechCrunch

April 20, 2024 3:15 AM0


Consumer-grade spyware apps that covertly and continually monitor your private messages, photos, phone calls and real-time location are a growing problem for Android users.

This guide can help you identify and remove common surveillance apps from your Android phone, including TheTruthSpy, KidsGuard and other apps.

READ OUR EXCLUSIVE INVESTIGATION

Consumer-grade spyware apps are frequently sold under the guise of child monitoring or family-tracking software, but are referred to as “stalkerware” and “spouseware” for their ability to also track and monitor partners or spouses without their consent. These spyware apps are downloaded from outside of Google Play’s app store, planted on a phone without a person’s permission and often disappear from the home screen to avoid detection.

Stalkerware apps rely on abusing in-built Android features that are typically used by companies to remotely manage their employees’ work phones or use Android’s accessibility mode to snoop on someone’s device.

You may notice your phone acting unusually, running warmer or slower than usual, or using large amounts of network data, even when you are not actively using it.

Checking to see if your Android device is compromised can be done quickly and easily.

Before you start

It’s important to have a safety plan in place and trusted support if you need it. Keep in mind that removing the spyware from your phone will likely alert the person who planted it, which could create an unsafe situation. The Coalition Against Stalkerware offers advice and guidance for victims and survivors of stalkerware.

Note that this guide only helps you to identify and remove spyware apps, it does not delete the data that was already collected and uploaded to its servers. Also, some versions of Android may have slightly different menu options. As is standard with any advice, you follow these steps at your own risk.

Check your Google Play Protect settings

Make sure Google Play Protect, a security feature in Android phones, is enabled. Image Credits: TechCrunch

Google Play Protect is one of the best safeguards to protect against malicious Android apps by screening apps downloaded from Google’s app store and outside sources for signs of potentially malicious activity. Those protections stop working when Play Protect is switched off. It’s important to ensure that Play Protect is switched on to ensure that it’s working and scanning for malicious apps.

You can check that Play Protect is enabled through the Play Store app settings. You also can scan for harmful apps, if a scan hasn’t been done already.

Check if accessibility services have been tampered with

Stalkerware relies on deep access to your device to access the data, and is known to abuse Android’s accessibility mode which, by design, requires broader access to the operating system and your data for screen readers and other accessibility features to work.

Android users who do not use accessibility apps or features should not see any apps in their Android settings.

If you do not recognize a downloaded service in the Accessibility options, you may want to switch it off in the settings and remove the app. Some stalkerware apps are disguised as ordinary looking apps and are often called “Accessibility,” “Device Health,” “System Service” or other innocuous-sounding names.

Android spyware often abuses in-built accessibility features. Image Credits: TechCrunch

Check your notification access

Much like the accessibility features, Android also allows third-party apps to access and read your incoming notifications, such as allowing smart speakers to read alerts out loud or your car to display notifications on its dashboard. Granting notification access to a stalkerware app allows for persistent surveillance of your notifications, which includes message and other alerts.

You can check which apps have access to your notifications by checking your Android notification access settings under Special app access. Some of these apps you may recognize, like Android Auto. You can switch off notification access for any app that you do not recognize.

Spyware taps into notifications access to read user messages and other alerts. Image Credits: TechCrunch

Check if a device admin app has been installed

Other features commonly abused by stalkerware are Android’s device admin options, which have similar but even broader access to Android devices and users’ data.

Device admin options are usually used by companies to remotely manage their employees’ phones, such as wiping the phone in the event of device theft to prevent data loss. But these features also allow stalkerware apps to snoop on the Android display and the device’s data.

An unrecognized item in your device admin app settings is a common indicator of phone compromise. Image Credits: TechCrunch

You can find the device admin app settings in Settings under Security.

Most people won’t have a device admin app on their personal phone, so be aware if you see an app that you don’t recognize, named something similarly obscure and vague like “System Service,” “Device Health” or “Device Admin.”

Check the apps to uninstall

You may not see a home screen icon for any of these stalkerware apps, but they will still appear in your Android device’s app list.

You can view all of the installed apps in Android’s settings. Look for apps and icons that you don’t recognize. These apps may also show as having broad access to your calendar, call logs, camera, contacts and location data.

Spyware apps are designed to blend in with generic-looking names and icons. Image Credits: TechCrunch

Force stopping and uninstalling a stalkerware app will likely alert the person who planted the stalkerware that the app no longer works.

Secure your device

If stalkerware was planted on your phone, there is a good chance that your phone was unlocked, unprotected or that your screen lock was guessed or learned. A stronger lock screen password can help to protect your phone from intruders. You should also protect email and other online accounts using two-factor authentication wherever possible.

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware has resources if you think your phone has been compromised by spyware.

Read more on TechCrunch:


Software Development in Sri Lanka

Back
WhatsApp
Messenger
Viber