recentpopularlog in


« earlier   
CyberPeace Institute
"Through assistance, accountability, and advancement we enhance the stability of cyberspace. We support vulnerable communities, analyse attacks collaboratively, and advance responsible behavior. The Cyberpeace Institute decreases the harms of escalating cyber conflict to realize the promise of the digital era for people all over the world."
Internet  web  security  social  citizen  community  peace  cybercrime  violence 
2 days ago by kmo
Cyber-Security-Hotline -
Wenn Ihr Unternehmen Opfer einer Cyberattacke, eines Cybercrime Angriffs, von Ransomware oder Verschlüsselungstrojanern wurde, rufen Sie bitte unser Callcenter 0800 888 133 an
wko  cybersecurity  security  cybercrime  crime  notfall  ransomware  trojaner  it-security  viren  antivirus 
8 days ago by ferdinandfuchs
Chinese hacking is alarming. So are data brokers • The New York Times
Charlie Warzel:
<p>Mr. Begor, Equifax’s chief executive, noted that “cybercrime is one of the greatest threats facing our nation today.” But what he ignored was his own company’s role in creating a glaring vulnerability in the system. If we’re to think of cybercrime like an analog counterpart, then Equifax is a bank on Main Street that forgot to lock its vault.

Why rob a bank? Because that’s where the money is. Why hack a data broker? Because that’s where the information is.

The analogy isn’t quite apt, though, because Equifax, like other data brokers, doesn’t fill its vaults with deposits from willing customers. Equifax amasses personal data on millions of Americans whether we want it to or not, creating valuable profiles that can be used to approve or deny loans or insurance claims. That data, which can help dictate the outcome of major events in our lives (where we live, our finances, even potentially our health), then becomes a target.

From this vantage, it’s unclear why data brokers should continue to collect such sensitive information at scale. Setting aside Equifax’s long, sordid history of privacy concerns and its refusal to let Americans opt out of collection, the very existence of such information, stored by private companies with little oversight, is a systemic risk..</p>

It was difficult to pick a section to extract: this is a terrific article. But who's going to rein in the data brokers?
china  privacy  cybercrime 
11 days ago by charlesarthur
Google Jigsaw
« Nous sommes un incubateur de projets au sein d'Alphabet et nous soutenons le développement de technologies destinées à répondre à certains des plus grands défis actuels en termes de sécurité à l'échelle internationale : contrer la censure sur Internet, apporter une protection contre les menaces de cyberattaques, lutter contre les groupes radicaux sur Internet et protéger les personnes contre le harcèlement en ligne font partie de nos priorités. » Also includes Assembler, a tool to analyze images to look for fake photos, alterations, etc. Will not be made available to the public. Source of info:
google  tools  outils  web  Internet  cybercrime  securite  security  harcelement  harassment 
20 days ago by kmo
Formation sur la sensibilisation envers la cybersécurité
Offerte par l'ACEI, l'Autorité canadienne pour les enregistrements
formation  web  Internet  Canada  securite  security  cybercrime 
4 weeks ago by kmo
Frank Abagnale on the death of the con artist and the rise of cybercrime | WIRED UK
WIRED talks to Frank Abagnale – a former conman and the subject of 2002 movie Catch Me If You Can – about fraud, cybercrime and security
conartist  biography  regrets  milleniual  cybercrime 
5 weeks ago by xer0x
RT : This is how countries voted at Russia’s recent resolution athe . Pay attention to the votes from dev…
cybercrime  UN  from twitter
7 weeks ago by mcfadden
Shadow IT Is The Cybersecurity Threat That Keeps Giving All Year Long
"Shadow personal IoT voice assistants, Amazon Kindles, smartphone, and tablet devices are proliferating across enterprise networks today, accelerated by last-minute shopping everyone is trying to get done before the end of December. 82% of organizations have introduced security policies governing the use of these devices but just 24% of employees are aware of them. Meanwhile, the majority of IT senior management, 88%, believe their policies are effective. These and many other fascinating insights are from a recent study completed by Infoblox titled, What is Lurking on Your Network, Exposing the threat of shadow devices (PDF, 7 pp., no opt-in)."
business  featured  posts  technology  software  trends  &  concepts  byod  chief  information  officer  christmas  amazon  shopping  sales  ciso  cybercrime 
8 weeks ago by jonerp
Boîte à outils « Cybersécurité dans le communautaire »
« ... des ressources utiles aux organismes communautaires souhaitant renforcer leurs pratiques ou s’informer sur les enjeux de sécurité et de confidentialité des données. » Contient des fiches thématiques, des cartes de définitions, des capsules d’animation vidéo, et une liste de ressources en ligne pour aller plus loin.
Internet  web  securite  cybercrime  CDEACF  communautaire  privacy  information  outils  video 
10 weeks ago by kmo
L'ONU ha approvato una risoluzione sulla criminalità informatica sostenuta dalla Russia. Pessima notizia per la libertà di Internet...
Il 18 novembre, un comitato delle Nazioni Unite ha approvato una risoluzione contro il #cybercrime sponsorizzata dalla #Russia intitolata "Contrastare l'uso delle tecnologie dell'informazione e delle comunicazioni per scopi criminali".
La risoluzione crea un gruppo di redazione per creare termini di riferimento per un trattato globale sulla "criminalità informatica". Ma i crimini informatici di primaria importanza non sono attacchi di hacking, violazioni della privacy o furti di identità. Invece, questo trattato ha lo scopo di creare un #legge internazionale che renderebbe più facile per i paesi cooperare per reprimere i #dissesi politici.
cybercrime  hacking  rights  done 
11 weeks ago by mgpf
Coalition Against Stalkerware
"The Coalition Against Stalkerware convened in 2019 in order to facilitate communication between those organizations working to combat domestic violence and the security community. The founding organizations have committed to fighting domestic violence, stalking, and harassment by addressing the use of stalkerware and raising public awareness about this issue."
cybercrime  security  securite  violence  women  Internet  web 
12 weeks ago by kmo
A Year Later, Cybercrime Groups Still Rampant on Facebook — Krebs on Security
Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis led to the takedown of 74 cybercrime groups operating openly on Facebook with more than 385,000 members.
Researchers at Cisco Talos discovered the groups using the same sophisticated methods I employed last year — running a search on for terms unambiguously tied to fraud, such as “spam” and “phishing.” Talos said most of the groups were less than a year old, and that Facebook deleted the groups after being notified by Cisco.
Talos also re-confirmed my findings that Facebook still generally ignores individual abuse reports about groups that supposedly violate its ‘community standards,’ which specifically forbid the types of activity espoused by the groups that Talos flagged.
“Talos initially attempted to take down these groups individually through Facebook’s abuse reporting functionality,” the researchers found. “While some groups were removed immediately, other groups only had specific posts removed.”
But Facebook deleted all offending groups after researchers told Facebook’s security team they were going to publish their findings.  This is precisely what I experienced a year ago.
Not long after Facebook deleted most of the 120 cybercrime groups I reported to it back in April 2018, many of the groups began reemerging elsewhere on the social network under similar names with the same members.
facebook  cybercrime  security  privacy  krebs  forum 
november 2019 by rgl7194
Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security
The Russian government has for the past four years been fighting to keep 29-year-old alleged cybercriminal Alexei Burkov from being extradited by Israel to the United States. When Israeli authorities turned down requests to send him back to Russia — supposedly to face separate hacking charges there — the Russians then imprisoned an Israeli woman for seven years on trumped-up drug charges in a bid to trade prisoners. That effort failed as well, and Burkov had his first appearance in a U.S. court last week. What follows are some clues that might explain why the Russians are so eager to reclaim this young man.

On the surface, the charges the U.S. government has leveled against Burkov may seem fairly unremarkable: Prosecutors say he ran a credit card fraud forum called CardPlanet that sold more than 150,000 stolen cards.

However, a deep dive into the various pseudonyms allegedly used by Burkov suggests this individual may be one of the most connected and skilled malicious hackers ever apprehended by U.S. authorities, and that the Russian government is probably concerned that he simply knows too much.

Burkov calls himself a specialist in information security and denies having committed the crimes for which he’s been charged. But according to denizens of several Russian-language cybercrime forums that have been following his case in the Israeli news media, Burkov was by all accounts an elite cybercrook who primarily operated under the hacker alias “K0pa.”

This is the same nickname used by an individual who served as co-administrator of perhaps the most exclusive Russian-language hacking forums ever created, including Mazafaka and DirectConnection.

Since their inception in the mid-aughts, both of these forums have been among the most difficult to join — admitting only native Russian speakers and requiring each applicant to furnish a non-refundable cash deposit and “vouches” or guarantees from at least three existing members. Also, neither forum was accessible or even visible to anyone without a special encryption certificate supplied by forum administrators that allowed the sites to load properly in a Web browser.

(DirectConnection, circa 2011. The identity shown at the bottom of this screenshot — Severa — belonged to Peter Levashov, a prolific spammer who pleaded guilty in the United States last year to operating the Kelihos spam botnet.)

Notably, some of the world’s most-wanted cybercriminals were members of these two highly exclusive forums, and many of those individuals have already been arrested, extradited and tried for various cybercrime charges in the United States over the years. Those include convicted credit card fraudsters Vladislav “Badb” Horohorin and Sergey “zo0mer” Kozerev, as well as the infamous spammer and botnet master Peter “Severa” Levashov.

A user database obtained by KrebsOnSecurity several years back indicates K0pa relied on the same email address he used to register at Mazafaka and DirectConnection to register the user account “Botnet” on Spamdot, which for years was the closely-guarded stomping ground of the world’s most prolific spammers and virus writers, as well as hackers who created services catering to both professions.

As a reporter for The Washington Post in 2008, I wrote about the core offering that K0pa/Botnet advertised on Spamdot and other exclusive forums: A botnet-based anonymity service called FraudCrew. This service sold access to hacked computers, which FraudCrew customers used for the purposes of hiding their real location online while conducting cybercriminal activities.

K0pa also was a top staff member at Verified, among the oldest and most venerated of Russian language cybercrime forums. Specifically, K0pa’s role at Verified was in maintaining its blacklist, a dispute resolution process designed to weed out “dishonest” cybercriminals who seek only to rip off less experienced crooks. From this vantage point, K0pa would have held considerable sway on the forum, and almost certainly played a key role in vetting new applicants to the site.

Prior to his ascendance at these forums, K0pa was perhaps best known for being a founding member of a hacker group calling themselves the CyberLords. Over nearly a decade, the CyberLords team would release dozens of hacking tools and exploits targeting previously unknown security vulnerabilities in Web-based services and computer software.

According to security firm Cybereason, Russia has a history of using contractors — even cybercriminals — to run intelligence operations. These crooks-turned-spies “offer a resource to the state while enjoying a cloak of semi-protected ‘status’ for their extracurricular activities, provided they are directed against foreign targets.”

“Cybercriminals are recruited to Russia’s national cause through a mix of coercion, payments and appeals to patriotic sentiment,” reads a 2017 story from The Register on Cybereason’s analysis of the Russian cybercrime scene. “Russia’s use of private contractors also has other benefits in helping to decrease overall operational costs, mitigating the risk of detection and gaining technical expertise that they cannot recruit directly into the government. Combining a cyber-militia with official state-sponsored hacking teams has created the most technically advanced and bold cybercriminal community in the world.”

It’s probably worth noting that also present on both DirectConnection and Mazafaka were the core members of a prolific gang of online bank robbers called the JabberZeus Crew, who used custom versions of the ZeuS Trojan to steal tens — if not hundreds — of millions of dollars from hacked small businesses across the United States. In 2011, most of that crew was rounded up in an international cybercrime crackdown, although virtually all of them escaped prosecution in their home countries (mainly Russia and Ukraine).

I mention this because K0pa also was in regular communications with — if not a core member of –the JabberZeus crew. This gang worked directly with the author of the ZeuS trojan — Evgeniy “Slavik” Bogachev — a Russian man with a $3 million bounty on his head from the FBI. The cybercriminal organization Bogchev allegedly ran was responsible for the theft of more than $100 million from banks and businesses worldwide that were infected with his ZeuS malware. That organization, dubbed the “Business Club,” had members spanning most of Russia’s 11 time zones.

Fox-IT, a Dutch security firm that infiltrated the Business Club’s back-end operations, found that beginning in late fall 2013 — about the time that conflict between Ukraine and Russia was just beginning to heat up — Slavik retooled his cyberheist botnet to serve as purely a spying machine, and began scouring infected systems in Ukraine for specific keywords in emails and documents that would likely only be found in classified documents.

Likewise, the keyword searches that Slavik used to scour bot-infected systems in Turkey suggested the botmaster was searching for specific files from the Turkish Ministry of Foreign Affairs – a specialized police unit. Fox-IT said it was clear that Slavik was looking to intercept communications about the conflict in Syria on Turkey’s southern border — one that Russia has supported by reportedly shipping arms into the region.

To my knowledge, no one has accused Burkov of being some kind of cybercrime fixer or virtual badguy Rolodex for the Russian government. On the other hand, from his onetime lofty perch atop some of the most exclusive Russian cybercrime forums, K0pa certainly would have fit that role nicely.
russian  government  internet  crime  cybercrime  spam  politics  fail 
november 2019 by some_hren
How Russia Recruited Elite Hackers for Its Cyberwar - The New York Times
MOSCOW — Aleksandr B. Vyarya thought his job was to defend people from cyberattacks — until, he says, his government approached him with a request to do the opposite.
Mr. Vyarya, 33, a bearded, bespectacled computer programmer who thwarted hackers, said he was suddenly being asked to join a sweeping overhaul of the Russian military last year. Under a new doctrine, the nation’s generals were redefining war as more than a contest of steel and gunpowder, making cyberwarfare a central tenet in expanding the Kremlin’s interests.
“Sorry, I can’t,” Mr. Vyarya said he told an executive at a Russian military contracting firm who had offered him the hacking job. But Mr. Vyarya was worried about the consequences of his refusal, so he abruptly fled to Finland last year, he and his former employer said. It was a rare example of a Russian who sought asylum in the face of the country’s push to recruit hackers.
“This is against my principles — and illegal,” he said of the Russian military’s hacking effort.
While much about Russia’s cyberwarfare program is shrouded in secrecy, details of the government’s effort to recruit programmers in recent years — whether professionals like Mr. Vyarya, college students, or even criminals — are shedding some light on the Kremlin’s plan to create elite teams of computer hackers.
security  privacy  hack  russia  cybercrime  nytimes 
november 2019 by rgl7194

Copy this bookmark:

to read