Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Crime (Page 1 of 2)

Auto Added by WPeMatico

6 of the Biggest Crypto-Heists of 2021


Ahh, crypto. We’ve all heard the seductive, utopian platitudes sung by digital currency evangelicals: It’s changing the world (or, as BitConnect guy once put it, “The world is not anymore the way it used to be!”)! It’s revolutionizing finance (no more banks)! It’ll make you fucking rich, you idiot! It’s all good…

Read more…

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Lucas Ropek

2021 was the year cybersecurity became everyone’s problem

This year marked a turning point for malicious attacks on computer systems, fueled by a rise in nation-state attacks and ransomware.

Why it matters: Once a worry mostly for IT leaders, the risk of a cyber intrusion is now a top concern for CEOs and world leaders.

Driving the news:

  • May’s Colonial Pipeline attack helped drive that message home, as did ransomware attacks on cities and hospitals — emphasizing the very real world impact that cyber attacks can have.
  • Meanwhile, the current Log4j flaw shows just how vulnerable our digital systems are. It’s a single piece of open source code, but it is used so broadly and the flaw so fundamental that it potentially opens nearly every business and government to attack.

The big picture: Evidence that cybersecurity has become the big issue abounds. Foreign Affairs devotes the current issue to the topic, while J.P. Morgan International Council identified it as the most significant threat facing businesses and government in a report released Thursday.

Between the lines: One can never permanently “win” the battle against malicious attacks, but it is possible to be losing the fight. 2021 definitely felt like a year in which the attackers had the upper hand.

  • The combination of cryptocurrency and ransomware has proven to be especially tough to fight as it is often in the business interests of a victim to pay up rather than take the risk of data loss or even a business disruption.

The rise in cyberattacks has also made for thorny diplomacy among nation states. With physical attacks, there has been a relatively clear line that acts as a deterrent, even for nations with significant conflicts. But in cyberspace, the division is murkier.

  • “The domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space,” former deputy director of national intelligence Sue Gordon and former Pentagon chief of staff Eric Rosenbach wrote in a Foreign Affairs piece.
  • “In trying to analogize the cyberthreat to the world of physical warfare, policymakers missed the far more insidious danger that cyber-operations pose: how they erode the trust people place in markets, governments and even national power,” argues Hoover Institution’s Jacquelyn Schneider, in another Foreign Affairs article. “Cyberattacks prey on these weak points, sowing distrust in information, creating confusion and anxiety, and exacerbating hatred and misinformation.”

What’s next: Leaders are calling for much tighter cooperation between businesses and governments as the key way to fighting back. Also needed, many say, is an international agreement on what is and isn’t permissible, in much the way the Geneva Convention sets limits on traditional warfare.

Yes, but: The U.S. government is still woefully short of workers with needed cybersecurity skills.

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Ina Fried

Maryland health department hit by cyberattack


Maryland authorities are investigating a cyberattack that took the state Department of Health offline this past weekend, as they determine if any information has been stolen.”The Maryland Security Operations Center…

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Joseph Choi

FBI, others crush REvil using ransomware gang’s favorite tactic against it

FBI, others crush REvil using ransomware gang’s favorite tactic against it

Enlarge (credit: Aurich Lawson)

Four days ago, the REvil ransomware gang’s leak site, known as the “Happy Blog,” went offline. Cybersecurity experts wondered aloud what might have caused the infamous group to go dark once more.

One theory was that it was an inside job pulled by the group’s disaffected former leader. Another was that law enforcement had successfully hacked and dismantled the group. “Normally, I am pretty dismissive of ‘law enforcement’ conspiracy theories, but given that law enforcement was able to pull the keys from the Kaseya attack, it is a real possibility,” Allan Liska, a ransomware expert, told ZDNet at the time.

“Rebranding happens a lot in ransomware after a shutdown,” he said. “But no one brings old infrastructure that was literally being targeted by every law enforcement operation not named Russia in the world back online. That is just dumb.”

Read 9 remaining paragraphs | Comments

index?i=FoAH93ucJrM:LLLJQzBM0Wg:V_sGLiPB index?i=FoAH93ucJrM:LLLJQzBM0Wg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Tim De Chant

Dallas Police Dept Loses 8 Terabytes of Crime Data, Throwing Court Cases Into Chaos


The Dallas Police Department has announced that a city employee accidentally deleted eight terabytes of its data—a fuck-up that has now endangered an unknown amount of court cases that relied upon the data as evidence.

Read more…

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Lucas Ropek

Ransomware attacks ‘are here to stay,’ Commerce secretary says


Commerce Secretary Gina Raimondo said Sunday that ransomware attacks “are here to stay,” and that businesses should plan accordingly.

“The first thing we have to recognize,” she said, “is this is the reality, and we should assume and businesses should assume, that these attacks are here to stay and, if anything, will intensify. And so just last week the White House sent out a letter broadly to the business community urging the business community to do more.”

Speaking on ABC’s “This Week With George Stephanopoulos,” the former governor of Rhode Island declined to blame Vladimir Putin’s Russia outright in answering a question on whether the Biden administration should look to punish Russia, which is believed to be the source of some or all of these attacks.

“We are evaluating all the options and we won’t stand for a nation supporting or turning a blind eye to a criminal enterprise,” she said. “And as the president has said, we’re considering all of our options.”

She added: “This week when the president meets with Putin and other world leaders, this will be at the top of the agenda.”

In a ransomware attack, hackers seize control of a business or organization’s computer system by exploiting weaknesses in the security system, then lock up the entire system until a “ransom” is paid. Raimondo said one way to stymie international hackers is to approve Biden’s proposed infrastructure plan.

“Certain components of the American Jobs Plan provide for investments to shore up the nation’s cyber infrastructure,” she told Stephanopoulos.

Raimondo argued that the good news in all this was that businesses can make relatively simple changes to protect themselves against such attacks.

“Some very simple steps like two-factor authentication, having proper backups and backup technology, can be enormously helpful against a wide variety of these attacks. So it is clear that the private sector needs to be more vigilant, by the way, including small- and medium-sized companies,” she said.

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: David Cohen

Supreme Court narrows scope of sweeping cybercrime law


The Supreme Court has sharply curtailed the scope of the nation’s main cybercrime law, limiting a tool that civil liberties advocates say federal prosecutors have abused by seeking prison time for minor computer misdeeds.

The 6-3 decision handed down Thursday means federal prosecutors can no longer use the 1986 Computer Fraud and Abuse Act to charge people who misused databases they are otherwise entitled to access. The ruling comes six months after justices expressed concern that the government’s sweeping interpretation of the law could place people in jeopardy for activities as mundane as checking social media on their work computers, with Justice Neil Gorsuch saying prosecutors’ view risked “making a federal criminal of us all.”

In an unusual lineup, the court’s three Trump appointees — who are also the newest justices — joined the court’s three liberals to reject the Justice Department’s interpretation of the statute.

The majority ruling, written by Justice Amy Coney Barrett, is largely devoted to a meticulous parsing of the statue’s language. However, she also noted the dangers of the approach prosecutors have advocated.

“The Government’s interpretation of the statute would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Barrett wrote. “If the ‘exceeds authorized access’ clause criminalizes every violation of a computer-use policy, then millions of otherwise law-abiding citizens are criminals.”

While insisting that the court arrived at its ruling based solely on reading the statute, and not considering its potential effects, Barrett concurred with critics who said the broader interpretation would “criminalize everything from embellishing an online-dating profile to using a pseudonym on Facebook.”

In dissent, Justice Clarence Thomas said the majority’s reading was contrived and off-base. He also said there are many areas of law where permission given to do something for one purpose does not imply permission for an unrelated purpose.

“A valet, for example, may take possession of a person’s car to park it, but he cannot take it for a joyride,” Thomas wrote in an opinion joined by Chief Justice John Roberts and Justice Samuel Alito.

Thomas also noted that violations of the law are typically a misdemeanor, and he said the breadth of the statute is no reason to misread it. “Much of the Federal Code criminalizes common activity,” he wrote. “It is understandable to be uncomfortable with so much conduct being criminalized, but that discomfort does not give us authority to alter statutes.”

Past controversies involving the law included a two-year prison sentence for a journalist who helped hackers deface the Los Angeles Times’ website and, most notoriously, a prosecution that led to the suicide of a prominent internet freedom activist who faced the possibility of decades behind bars for downloading millions of scientific journal articles.

The case decided on Thursday, Van Buren v. United States, involved a former police officer convicted of violating the CFAA for searching a license plate database in exchange for a bribe as part of an FBI sting operation. The officer appealed the conviction, arguing that the law did not cover the unauthorized use of a computer system that the user was allowed to access as part of his job.

The Supreme Court agreed, holding that Nathan Van Buren’s conviction was invalid.

A broad coalition of technology experts, civil-society activists and transparency advocates had poured amicus briefs into the high court as it considered its first-ever case involving the law.

The National Whistleblower Center warned that applying the CFAA to any unauthorized use of computer data would invite “retaliation against whistleblowers who provide evidence of criminal fraud and other criminal activity” to authorities. The libertarian Americans for Prosperity Foundation said the government’s interpretation of the law would cover “violations of the fine print in website terms of service, company computer-use policies, and other breaches of contract” and “wrongly criminalize a wide swath of innocent, innocuous conduct.”

Free-press advocates warned that a ruling for the government “would significantly chill First Amendment activity,” while technologists said it would allow prosecutors to go after good-faith security researchers attempting to raise awareness of digital vulnerabilities.

But supporters of the broad use of the CFAA said it was necessary to combat insider threats facing businesses and government agencies’ sensitive computer systems. Narrowing the law “would allow any person who has legitimate access to the data carte blanche to access and use (or indeed in many cases destroy) that data for any manifestly blameworthy reason they choose,” the Federal Law Enforcement Officers Association told the court.

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Eric Geller and Josh Gerstein

A drug dealer sharing a photo of cheese online also shared his fingerprints, leading to arrest

A drug dealer who went online to show off a block of cheese also unwittingly showed off his fingerprints, which led to a prison sentence of 13 years and six months.

Carl Stewart, from Liverpool, England, had purchased a block of Mature Blue Stilton and proudly displayed it on EncroChat, a now defunct service provider for criminals. — Read the rest

Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Carla Sinclair

« Older posts