Tag: Exploitation | Page 3

Eastern District of California | Carmichael Man Indicted for Sexual Exploitation of a Minor and Child Pornography Offenses

October 20, 2023/in Internet Security

SACRAMENTO, Calif. — A federal grand jury returned a three-count indictment today against Sam Moss Kerfoot, 27, of Carmichael, charging him with sexual exploitation of a minor, distribution of child pornography, and possession of child pornography, U.S. Attorney Phillip A. Talbert announced.

According to court documents, in April and May 2022, Kerfoot sexually abused a minor and produced visual depictions of the minor engaged in sexually explicit conduct. In addition, Kerfoot is alleged to have distributed child pornography in April 2022 and possessed child pornography in June 2023.

This case is the product of an investigation by the Sacramento Valley Hi-Tech Crimes Task Force Internet Crimes Against Children unit including the Sacramento County Sheriff’s Office, with assistance from the Federal Bureau of Investigation and Homeland Security Investigations. Assistant U.S. Attorneys Emily Sauvageau and Alstyn Bennett are prosecuting the case.

If convicted of the charges as alleged, Kerfoot faces a minimum statutory penalty of 25 years in prison, a maximum of 50 years in prison, and a $250,000 fine for sexual exploitation of a minor; a minimum statutory penalty of 15 years in prison, a maximum of 40 years in prison, and a $250,000 fine for distribution of child pornography; and a minimum of 10 years in prison, a maximum of 20 years in prison, and a $250,000 fine for possession of child pornography. Any sentence, however, would be determined at the discretion of the court after consideration of any applicable statutory factors and the Federal Sentencing Guidelines, which take into account a number of variables. The charges are only allegations; the defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute those who sexually…

Source…

CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation

August 16, 2023/in Internet Security

A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.

RMM software is typically used by the IT departments of most large organizations around the world as a way to get remote access to a computer to help with software installations or other services needed by employees.

In recent years hackers have increasingly exploited these tools – particularly in government networks – as an easy way to circumvent security systems and establish longstanding access to victim networks. In January, for example, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency said at least two federal civilian agencies were exploited by cybercriminals as part of a refund scam campaign perpetrated through the use of RMM software.

In an announcement Wednesday, CISA said it worked with industry partners as part of the Joint Cyber Defense Collaborative (JCDC) to create a “clear roadmap to advance security and resilience of the RMM ecosystem.”

Eric Goldstein, CISA executive assistant director for cybersecurity, said the organization worked with other U.S. agencies as well as RMM companies to develop a plan focusing on four main tasks: vulnerability information sharing, industry coordination, end-user education and advisory amplification.

“The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem,” Goldstein said in a statement. “As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

RMM software allows hackers to establish local user access without the need for higher administrative privileges, “effectively bypassing common software controls and risk management assumptions,” CISA and the NSA said in their January announcement.

The agencies warned that threat actors could sell access to an exploited victim to government-backed hacking groups – noting that both cybercriminals and nation-states use RMM…

Source…

Homeland Security identifies 311 child victims of sexual exploitation in ‘cold cases’

August 9, 2023/in Internet Security

More than a dozen international law enforcement organizations worked together under U.S. leadership to identify and locate victims of child sexual exploitation in a just-completed operation that officials say is likely the most successful of its kind.

In the three-week “surge” known as Operation Renewed Hope, which began July 17, investigators combing through sexually graphic internet material involving children, much of it on the dark web and some of it decades old, made probable identifications of 311 child victims and confirmed the rescue of several victims from active abuse.

Homeland Security Investigations (HSI), part of Immigration and Customs Enforcement, took the lead in the operation, which included representatives from the Justice Department, the FBI, the U.S. Marshals, Interpol and Europol, as well as 13 law enforcement agencies from Australia, Canada and countries in Europe and South America.

In many of the cases in which victims have been identified, HSI officials told NBC News that the material had existed for many years, but investigators were previously unable to identify the child victims or the adult abusers. Thanks to new facial recognition and artificial intelligence technology, there are now fresh leads in these formerly cold cases.

After they narrowed down a location or tentatively identified a victim, the investigators sent their new leads to the appropriate local law enforcement agency. The operation sent more than 100 leads to HSI field offices and 25 partnering countries. Some suspects in Canada and the United States have already been arrested.

The announcement comes a week after the FBI revealed it had identified dozens of victims of child sex trafficking and more than 100 suspects in a separate sweep called Operation Cross Country.

Mike Prado, deputy assistant director of the HSI Cyber Crimes Center, said the results of Operation Renewed Hope “exceeded our wildest expectations in the sense of being able to identify children who have been abused for, in many cases, years.”

He gave NBC News a tour of the operation while it was in progress, being careful to avoid showing any of the highly graphic material under review.

In one room, more than 20…

Source…

Mass exploitation of critical MOVEit flaw is ransacking orgs big and small

June 8, 2023/in Computer Security

Organizations big and small are falling prey to the mass exploitation of a critical vulnerability in a widely used file-transfer program. The exploitation started over the Memorial Day holiday—while the critical vulnerability was still a zeroday—and continues now, some nine days later.

As of Monday evening, payroll service Zellis, the Canadian province of Nova Scotia, British Airways, the BBC, and UK retailer Boots were all known to have had data stolen through the attacks, which are fueled by a recently patched vulnerability in MOVEit, a file-transfer provider that offers both cloud and on-premises services. Both Nova Scotia and Zellis had their own instances or cloud services breached. British Airways, the BBC, and Boots were customers of Zellis. All of the hacking activity has been attributed to the Russian-speaking Clop crime syndicate.

Widespread and rather substantial

Despite the relatively small number of confirmed breaches, researchers monitoring the ongoing attacks are describing the exploitation as widespread. They liken the hacks to smash-and-grab robberies, in which a window is broken and thieves grab whatever they can, and warned that the quick-moving heists are hitting banks, government agencies, and other targets in alarmingly high numbers.

“We have a handful of customers that were running MOVEit Transfer open to the Internet, and they were all compromised,” Steven Adair, president of security firm Volexity, wrote in an email. “Other folks we have talked to have seen similar.”

Adair continued:

I do not want to categorize our customers at this point since I do not know what all is out there in terms of who is running the software and give them away. With that said, though—it’s both massive and small organizations that have been hit. The cases we have looked into have all involved some level of data exfiltration. The attackers typically grabbed files from the MOVEit servers less than two hours after exploitation and shell access. We believe this was likely widespread and a rather substantial number of MOVEit Transfer servers that were running Internet-facing web services were…

Source…

Tag Archive for: Exploitation

Widespread and rather substantial