Tag Archive for: accused

Madison teen, accused in Memorial bomb threats, now charged in New York with hacking a sports betting website

/in


A Madison teen who still faces felony charges over bomb threats made at Memorial High School last year was arrested Thursday and charged by federal authorities in New York City with hacking an online sports betting website, which had user accounts that were then plundered.

The charges filed on Monday against Joseph H. Garrison, 18, in U.S. District Court for the Southern District of New York allege that in November — about three months after Garrison was charged and released for the Memorial threats — he launched what authorities called a “credential stuffing attack” to find username and password combinations, gleaned from sources on the “dark web,” that would work on other websites where users used the same username-password combinations.

People are also reading…

That included the fantasy sports and sports betting website, which was not identified by name in the complaint.

He then sold the working combinations to buyers on the internet, according to a criminal complaint, and provided detailed instructions on how to use them on the betting site. The buyers used them to steal about $600,000 from the site’s user accounts, the complaint states.

In todays world, its high tech versus high crime. Police work like dusting for prints is now supplemented with point and click. 


A credential stuffing attack uses a computer program to rapidly attempt to log into financial accounts using a list of known username-password combinations to search for working logins. 

Buyers took money from about 1,600 of the site’s 60,000 accounts that were accessed using the stolen credentials, the complaint states.

Intruders were able to clear out an individual user account by setting up a new payment method and depositing $5 into the account to verify it, then withdrawing the account’s balance through that new payment method, the complaint states.

Investigators identified Garrison as the person who carried out…

Source…

US sanctions Russian accused of being a ‘central figure’ in major ransomware attacks

/in


The U.S. government has indicted a Russian national for his alleged role in ransomware attacks against U.S. law enforcement and critical infrastructure.

U.S. authorities accuse Mikhail Matveev, also known online as “Wazawaka” and “Boriselcin,” of being a “central figure” in developing and deploying the Hive, LockBit and Babuk ransomware variants.

In 2021, Matveev claimed responsibility for a ransomware attack against the Metropolitan Police Department in Washington, D.C, according to the U.S. Justice Department. The cyberattack saw the Babuk ransomware gang, which Matveev was allegedly a member of since early 2020, infiltrate the police department’s systems to steal the personal details of police officers, along with sensitive information about gangs, suspects of crimes and witnesses.

Matveev and his co-conspirators also deployed LockBit ransomware against a law enforcement agency in New Jersey’s Passaic County in June 2020, according to prosecutors, and deployed Hive ransomware against a nonprofit behavioral healthcare organization headquartered in nearby Mercer County in May 2020.

These three ransomware gangs are believed to have targeted thousands of victims in the United States. According to the Justice Department, the LockBit ransomware gang has carried out over 1,400 attacks, issuing more than $100 million in ransom demands and receiving over $75 million in ransom payments. Babuk has executed over 65 attacks and has received $13 million in ransom payments, while Hive has targeted more than 1,500 victims around the world and received as much as $120 million in ransom payments.

Matveev is also believed to have links to the Russia-backed Conti ransomware gang. The Russian national is believed to have claimed responsibility for the ransomware attack on the government of Costa Rica, which saw Conti hackers demand $20 million in a ransom payment — along with the overthrow of the Costa Rican government.

According to the U.S. Treasury, which announced sanctions against the Russian national on Tuesday, Matveev has also been linked to other ransomware intrusions against numerous U.S. businesses, including a U.S. airline. The Treasury added that…

Source…

Temu accused of data risks amid TikTok, Pinduoduo fears

/in


  • The U.S. has accused Temu of potential data risks after Google suspended its Chinese sister app, but analysts are not too worried.
  • “Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Kevin Reed, chief information security officer at cybersecurity firm Acronis.
  • Temu is taking the U.S. market by storm with discount items from fashion to pet supplies to home goods.
  • “I am less worried about the shopping apps than social media platforms like TikTok and Lemon8,” said Lindsay Gorman, senior fellow for emerging tech, German Marshall Fund.

In just 17 days after launch, Temu surpassed Instagram, WhatsApp, Snapchat and Shein on the Apple App Store in the U.S., according to Apptopia data shared with CNBC.

Stefani Reynolds | Afp | Getty Images

The U.S. has accused discount shopping site Temu of possible data risks after its Chinese sister app was pulled from Google’s app store over “malware” — but analysts say they’re not that worried.

Compared to Pinduoduo, which was suspended by Google in March after versions offered outside Google’s Play store were found to contain malware, Temu is “not as aggressive,” one analyst said.

The malware in Pinduoduo was found to leverage specific vulnerabilities for Android phones, allowing the app to bypass user security permissions, access private messages, modify settings, view data from other apps and prevent uninstallation.

Google called it an “identified malicious app” and urged users to uninstall the Pinduoduo app, but the Chinese online retailer denied those claims.

According to analysis by Kevin Reed, chief information security officer at cybersecurity firm Acronis, Pinduoduo requests for as many as 83 permissions — including access to biometrics, Bluetooth and information about Wi-Fi networks.

“Some of these permissions Pinduoduo is asking seems to be unexpected for an e-commerce app,” said Reed, who shared his analysis of both apps with CNBC.

“But Temu is not as aggressive as Pinduoduo that is requesting all kinds of privileges,” said Reed.

Pinduoduo is a China-based e-commerce app that sells everything from groceries to clothing. It is the flagship product of Nasdaq-listed Chinese company PDD Holdings which also owns…

Source…

Google wins court order against Pakistani gang accused of infecting computers with botnet

/in


Google wins court order against Pakistani gang accused of infecting computers with botnet


Representational picture. (Image Credits: Mohammad Faisal x Bing Image Creator)


This court order doesn’t just apply to domain name registrars or hosting providers but covers blocking network traffic

Google has won a court order to force ISPs to filter botnet traffic. A US court recently unsealed a restraining order against a cybercriminal gang operating out of Pakistan that came on the back of a formal legal complaint from Google.

The tech giant reportedly collected evidence about the cybergang and accused it of ripping off Google product names, icons, and trademarks to push their malware distribution service. According to the report, the allegations also include running “pay-per-install” services for alleged software bundles that deliberately injected malware onto victims’ computers and operating a botnet to steal, collect, and collate personal data from hundreds of thousands of victims in the US.

Loosely known as CryptBot, the cybergang is alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and other personally identifiable information.

“The Defendants are responsible for distributing a botnet that has infected approximately 672,220 CryptBot victim devices in the US in the last year. At any moment, the botnet’s extraordinary computing power could be harnessed for other criminal schemes,” the court order said.

“Defendants could, for example, enable large ransomware or distributed denial-of-service attacks on legitimate businesses and other targets. Defendants could themselves perpetrate such a harmful attack, or they could sell access to the botnet to a third party for that purpose,” it added.

The defendant group didn’t show up in court to argue their case. The court favoured a temporary restraining order and said that the criminal enterprise is defrauding users and injuring Google. It also authorised Google to identify network providers…

Source…