Tag Archive for: Enforcement

International Law Enforcement Takes Down Website Selling NetWire Malware

/in


by D. Howard Kass • Mar 13, 2023

International law enforcement has seized an internet domain that cyberattackers were using to sell malware on the dark web capable of stealing credentials from a victim’s computer.

The site, worldwiredlabs.com, was selling the Netwire remote access trojan (RAT), which targets a system’s operating system and creates a backdoor that allows it to spy on and gain control of the computer to execute malicious commands.

Croation National Arrested

In this action, authorities in Croatia on Tuesday arrested a Croatian national who allegedly was the administrator of the website. This defendant will be prosecuted by Croatian authorities. Additionally, law enforcement in Switzerland have seized the computer server hosting the NetWire RAT infrastructure, said U.S. District Attorney’s Office for the Central District of California officials.

The Federal Bureau of Investigation (FBI) in Los Angeles has been investigating the website since 2020. It was the only known distributor of NetWire. In the sting, FBI undercover investigators created an account on the website, paid for a subscription plan, and “constructed a customized instance of the NetWire RAT using the product’s builder tool,” according to the affidavit in support of the seizure warrant, the D.A.’s office said.

NetWire Probe Yields Results

The website marketed NetWire as a legitimate business tool to maintain computer infrastructure and the software was advertised on hacking forums. NetWire is well known to cybersecurity providers and federal law enforcement for its use in cybercrimes.

Commenting on the investigation, Donald Alway, the Assistant Director in Charge of the FBI’s Los Angeles field office, said:

“By removing the Netwire RAT, the FBI has impacted the criminal cyber ecosystem. The global partnership that led to the arrest in Croatia also removed a popular tool used to hijack computers in order to perpetuate global fraud, data breaches and network intrusions by threat groups and cybercriminals.”

International operations to combat cybercrime has become a necessary tactic to slow the propagation of malicious software. Indeed, President Biden’s recently released…

Source…

Hackers steal sensitive law enforcement data in a breach of the U.S. Marshals Service

/in


The oldest U.S. federal law enforcement agency, the U.S. Marshals Service, has revealed it was the victim of a cyberattack last week in which hackers stole sensitive data.

According to a U.S. Marshals spokesperson, the “major incident” impacted a “standalone” computer system which contained records about targets of ongoing investigations, employee personal data and internal processes.

Importantly, according to the spokesperson, the system did not include personal details about people enrolled in the Federal Witness Protection Program, whose lives could be in danger if publicly exposed. The U.S. Marshals claim the system is not connected to the broader network, and was quickly shut down when the breach was discovered before turning the investigation over to the Department of Justice.

The Service said it learned about the attack on Feb. 17, when it discovered what it described as a ransomware attack in which the hackers were actively exfiltrating sensitive files. The breach was first reported by NBC News.

“The Department’s remediation efforts and criminal forensic investigations are ongoing,” a U.S. Marshals Service spokesperson wrote in an email. “We are working swiftly and effectively to mitigate any potential risks as a result of the incident.”

The U.S. Marshals Service did not provide additional information about whether the attackers threatened to release stolen data if a ransom was not paid, or details on how the agency is accessing its records in a workaround following the breach.

If the attackers broke in and encrypted the files in what looked like a ransomware attack, but never demanded payment, it’s possible there was never any financial motivation for stealing the information.

Government agencies are attractive targets for foreign espionage, and the FBI, another federal law enforcement agency, specifically recommends that ransoms not be paid. It is unlikely a savvy criminal ransomware gang would expect payment from the U.S. Marshals. However, some criminal groups seek out targets indiscriminately based on security vulnerabilities or opportunity.

If no ransom was demanded, that could speak to the potential hidden…

Source…

Intelligence website used by law enforcement website defaced in apparent hack

/in


An intelligence website that provides apps and facial recognition technologies used by law enforcement was hacked on Sunday.

ODIN Intelligence took on a completely different look on the home page of its website just before it was taken down. Asterisks spelled out the acronym “ACAB,” known as “all cops are b******s,” according to a screenshot taken by TechCrunch. Below, a caption clarified it was directed at “all (cyber) cops.”

“No nations, no borders!” the caption went on to read. “We are all illegal!”

DEFENSE OFFICIALS EYE ANTI-QUANTUM ENCRYPTION TO SHORE UP PROTECTION OF CLASSIFIED MATERIAL

The hacker’s message went on to claim that “all data and backups have been shredded” among three archive files that totaled more than 16 gigabytes of data.

This comes four days after a report that an app produced by the company SweepWizard had leaked confidential information regarding police raids. The app is used by departments to help organize raids involving large swaths of officers. Over many years, the app had published geographic coordinates of suspects’ homes, the times and locations of raids, demographics, contact information, and occasionally even suspects’ Social Security numbers freely on the internet.

As a result, ODIN founder and chief executive Erik McCauley was quoted as largely dismissing the report in a quotation left on the homepage by the hackers.

“And so, we decided to hack them,” their message read.

ODIN also provides a service called SONAR, or the Sex Offender Notification and Registration system, which helps departments manage their sex offender registries. It also offers facial recognition technology to help officers identify alleged offenders.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

ODIN did not respond to the Washington Examiner’s request for comment.

Source…

Ransomware sentence indicative of cross-border cooperation in enforcement of white-collar crimes

/in


A United States court recently sentenced a Canadian citizen to 20 years in prison for his participation in the NetWalker ransomware attacks. The case displays the coordination of law enforcement units across borders in response to the threat of attacks that similarly transcend borders.

Background

Following a request from the U.S. Federal Bureau of Investigation for assistance identifying a Canadian suspect in their investigation into NetWalker, the RCMP arrested Sebastien Vachon-Desjardins, a former Government of Canada employee, in January 2021. After his arrest, the RCMP searched his home and seized 719 bitcoin (worth approximately $35 million at the time of the seizure) and $790,000 cash. He was charged in Canada with mischief in relation to computer data, unauthorized use of a computer, extortion and participating in a criminal organization. In January 2022, he pleaded guilty to three of the four charges, and was sentenced by an Ontario court to seven years in prison. In addition, he was ordered to forfeit the bitcoin, most of his seized computing devices and all of the cash seized by the RCMP, as well as to pay more than $2.6 million in restitution to the businesses affected by the attacks.

Following his Canadian sentencing, Vachon-Desjardins was extradited to the United States, where he was charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer. Vachon-Desjardins pleaded guilty to all four charges. On October 4, 2022, a U.S. District Judge in Florida sentenced him to 20 years in prison, and ordered him to forfeit US$21.5 million. Restitution will be ordered by the U.S. court at a later date.

Ransomware attacks

As discussed in a previous post, ransomware is a form of malicious software designed to block access to data or a computer system. Ransomware often encrypts data or programs on information technology systems in an effort to extort ransom payments from victims in exchange for decrypting the information and restoring system access. These types of attacks have increased in frequency, severity and sophistication in recent years —…

Source…