Tag Archive for: crack

US Extradites Ukrainian Man for Using Botnet to Crack Thousands of Passwords

/in


The US has charged a Ukrainian man for using an army of computers to help him crack thousands of login passwords each week. 

On Wednesday, the Justice Department announced it had extradited 28-year-old Glib Oleksandr Ivanov-Tolpintsev for carrying out the hacking crimes. Ivanov-Tolpintsev allegedly operated a botnet, a collection of computers that were secretly taken over through malware. The various machines were then used to guess login passwords belonging to users across the globe.

“During the course of the conspiracy, Ivanov-Tolpintsev stated that his botnet was capable of decrypting the login credentials of at least 2,000 computers every week,” the DOJ says.

The Ukrainian then allegedly sold the cracked passwords to cybercriminals through an unnamed online marketplace on the dark web that specialized in selling stolen login credentials. “Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” the Justice Department adds.

Federal investigators didn’t provide many other details, such as how the suspect was caught. But according to the indictment, Ivanov-Tolpintsev began his scheme around May 2016 when he first began inquiring on the dark web marketplace if he could sell cracked login passwords. 

Recommended by Our Editors

By April 2017, he told admins of marketplace “he had collected the login credentials of 20,000 compromised computers.” The indictment also notes Ivanov-Tolpintsev sold at least a few login credentials belonging to US victims based in California, Florida, and Maryland.

The extradition occurs as the US has been stepping up efforts to crack down on ransomware, which has been increasingly terrorizing businesses, schools, hospitals, and even critical infrastructure. Ivanov-Tolpintsev was originally arrested last October in Poland before he was extradited to the US. He faces a maximum penalty of 17 years in prison.

Like What You’re Reading?

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your…

Source…

BT tries to crack cyber crime, grabs stake in Safe Security • The Register

/in


BT is looking to cash in on ever-growing global concerns over digital crime, and has confirmed making a multi million pound investment in US-based cyber risk management firm Safe Security.

The UK telco wouldn’t say how much it has pumped into the US business, which raised almost $50m from investors since its formation in 2012. As part of the deal, BT plans to combine Safe Security’s “SAFE platform” with its own managed security services to provide added protection for its customers in the UK against cyber threats.

What seems to appeal to BT is that Safe Security’s platform allows organisations to run a series of checks of their defences to help them better understand the likelihood of suffering a major cyber attack. Not only does it help to identify gaps in an organisation’s digital defences, it also helps to calculate the cost of any breach.

Martin Courtney, an analyst at research biz Tech Market View, reckons the deal will “augment the telco’s managed security service (MSS) proposition with a cyber risk assessment tool that can help businesses and consumers measure the effectiveness of their existing defences.

“BT also sees the technology as a potential route to market for cyber insurance and other services that could benefit from an accurate appraisal of organisational and individual cyber risk scores in the future,” he added.

The strategic investment is part of BT’s plans to beef up its cybersecurity offering against a backdrop of a growing ransomware threat that over the past weeks has hit Northern Trains ticketing kit in the UK, real estate, finance, and insurance IT firm CloudStar, and SonicWall.

Earlier this month, US President Joe Biden had a phone call with Russia’s President Putin about the worldwide ransomware epidemic, and afterwards told the press the US was prepared to attack the servers used by ransomware criminals who were targeting American businesses and citizens.

Ransomware gang REvil has had some big hits recently – such as exploiting installations of Kaseya’s IT management software to infect…

Source…

Hackers Crack Pirated Games with Cryptojacking Malware

/in



Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.

Source…

Here’s how hackers are able to crack your passwords

/in


(Photo by Tomohiro Ohsumi/Getty Images)

Q: How can hackers try millions of passwords at a time when I will get locked out after 3 failed attempts?

A: Passwords continue to be the primary target of cybercriminals because they represent the “keys to your kingdom,” especially when it comes to your email account.

Online security tools such as Gibson Research’s Haystack tool show you just how quickly any short password can be cracked, but it’s based on billions and trillions of guesses per second.

Tools like this are showing how fast a ‘brute force’ attack can break shorter passwords, which typically will occur offline.

Offline Password Cracking

Your question is a common one because most people assume that password hacking is done through the same interface as we all use to log into our accounts, but that’s not the typical approach.

All of the websites that require you to enter a password store those passwords using some form of what’s known as ‘hashing’. This means that your password is converted into a random string of characters that looks nothing like your actual password before it gets stored on their servers.

As an example, the common password “monkey” in MD5 Hashing will always be stored as “d0763edaa9d9bd2a9516280e9044d885” which is child’s play for a computer to convert back to the original word.

Most offline cracking activity begins after a breach has occurred and the database of ‘hashed’ passwords are stolen and saved elsewhere to be worked on.

Think of it as a bank robber stealing the vault and cracking it somewhere else vs. trying to crack open the vault at the bank itself.

Brute force attacks are essentially a guessing game that pits computing power against the length of your password, which is why creating a longer password is always better.

It’s simple math as every combination of letters, numbers and special characters can be tried in milliseconds if there is…

Source…