Tag Archive for: accounts

I’m a security expert – Android, iPhone users warned they ‘can’t trust their ears’ as eerie AI call raids bank accounts

/in


CYBERSECURITY experts have warned billions of Android and iPhone users that they might not be able to trust their own ears from scammers looking to raid their banks. 

As artificial intelligence continues to develop, cybersecurity and anti-virus software provider Kaspersky Lab is warning people of scammers using deep-fake technology in phone calls. 

Cybersecurity experts are warning smartphone users of scammers using voice deepfakesCredit: Getty
The scams use fake audio recordings in an attempt to steal money and personal dataCredit: Getty
The technology compresses two recordings togetherCredit: Niral Shah/Stanford/K. Qian, Y. Zhang, S. Chang, et al

Also known as voice cloning or voice conversion, the cyber security company highlighted voice deep fakes in a recent blog post. 

According to the company, this technology is based on autoencoders, which compresses input data into a compact internal representation before learning to decompress it back, restoring the original data. 

In other words, the AI program will first be given data such as two audio recordings – one with the original audio and words, and the other with the voice it wants to use instead. 

Next, the system determines what was said in the first recording and how the voice in the second recording speaks – such as various inflections or accents. 

Read More on Artificial Intelligence

Then, the system will combine these two compressed representations together to then generate the voice in the second recording saying the words from the first. 

While this technology might seem harmless to some – or the foundations of a good prank – it can be very dangerous when put in the wrong hands. 

Kaspersky Lab detailed that scammers have been using this technology for years to target companies and individuals worldwide. 

In 2019, for example, criminals used AI software to create fraudulent money transfer requests supposedly from the chief executive officers of an energy firm in the United Kingdom. 

Not only did the scammers use the technology to make the initial request over the phone, they also falsified two additional phone calls to confirm the first transfer and request a second. 

Because the AI program had used a…

Source…

18-Year-Old Charged With Hacking 60,000 DraftKings User Accounts

/in


Federal officials have charged an 18-year-old Wisconsin resident for a hack that ensnared 60,000 user accounts at sports betting site DraftKings last year.

Joseph Garrison has been charged with conspiring to drain funds from DraftKings user accounts via a “credential stuffing attack.” This involves taking usernames and passwords exposed in past data breaches and using computer programs to plug the stolen credentials into other sites in an attempt to break into accounts that used the same username/password combinations. 

Federal officials didn’t name the sports betting site. But DraftKings told PCMag it worked with law enforcement to catch the “bad actor(s)” behind the assault. (In December, the company also warned users about the incident.)

Garrison allegedly launched the credential stuffing attack with the help of others on DraftKings in November, successfully comprising about 60,000 accounts. “Garrison then sold access to those victim accounts through various websites that marketed and sold illegal account credentials,” the FBI says in a criminal complaint.  

Garrison sold the hijacked DraftKings accounts with instructions on how to drain the funds, which involved adding a new payment method to a hijacked account. “Using this method, the hackers stole approximately $600,000 from approximately 1,600 victim accounts,” the FBI says.

The instructions

Federal investigators connected Garrison to the crimes by looking at the IP address “that uploaded the instructions to use those stolen credentials to steal money from the victim accounts.” That IP address was tied to a Wisconsin residence belonging to Garrison’s parents. Law enforcement then searched his home, including his home computer and smartphone. 

“On the Garrison computer, law enforcement located at least 69 wordlists which contained at least 38,484,088 individual username and password combinations,” the FBI’s complaint says. Investigators also uncovered messages Garrison sent to his associates about pulling off the hacks, and selling access to hijacked DraftKings accounts. 

“In one particular conversation, Garrison discussed, in substance and in part, how successful he was at credential stuffing attacks, how…

Source…

Man known as ‘PlugwalkJoe’ admits to Twitter hack that hijacked celebrity accounts

/in


By Margi Murphy | Bloomberg

A British man has admitted to his involvement in one of the most high-profile social media hacks, a plot that included the hijacking of top US political and business leaders’ Twitter accounts.

Joseph James O’Connor pleaded guilty in New York on Tuesday to hacking into the social network, a move that led to the impersonation of Barack Obama, Joe Biden, Jeff Bezos, Warren Buffett and others to advertise a Bitcoin scheme.

The 23-year-old, also known as “PlugwalkJoe,” was extradited from Spain on April 26, according to the Department of Justice. The crimes involved SIM swaps — a process in which a phone number is transferred to a new device in order to bypass security measures — but went far beyond that, prosecutors said.

“O’Connor used his sophisticated technological abilities for malicious purposes — conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor,” said US Attorney Damian Williams for the Southern District of New York.

“O’Connor’s guilty plea today is a testament to the importance of law enforcement cooperation, and I thank our law enforcement partners for helping to bring to justice to those who victimize others through cyberattacks,” he said.

The Department of Justice alleges that O’Connor plotted with others to hijack Twitter accounts to promote a scheme to defraud the public, with O’Connor paying $10,000 for just one of the accounts he requested. The co-conspirators used social engineering techniques to convince a Twitter employee into giving them access to administrative tools to the platform. Those tools were used to take control of the high-profile accounts.

According to the charge sheet, O’Connor pleaded guilty to a variety of cybercrimes, including the exploitation of social media accounts, online extortion and cyberstalking.

Source…

Detroit man sentenced to prison for hacking into bank accounts, stealing $300K

/in


A Detroit man was sentenced to prison for stealing more than $300,000 from the bank accounts in a criminal enterprise, Michigan Attorney General Dana Nessel said Wednesday.

Johnny Richardson, 28, was sentenced to three to 20 years behind bars for conducting a criminal enterprise that included gaining cellphone data of victims and hacking into their bank accounts for money or to take out loans, according to Nessel’s office. Richardson will be required to pay for court costs, crime victim fees and $309,210 in restitution.

Richardson already is serving eight years in prison for operating an unemployment fraud scheme during the COVID-19 pandemic. He pleaded guilty in July 2021 to stealing $138,000 in COVID aid.

Source…