Tag Archive for: hacker

FTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of people


Data and software services firm Blackbaud’s cybersecurity was criticised as “lax” and “shoddy” by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach.

According to the FTC, Blackbaud’s poor security breach in February 2020 led to a hacker accessing the company’s customer databases and stealing personal information of millions of consumers in the United States, Canada, the UK, and the Netherlands.

Blackbaud’s affected customers are mainly non-profits, such as healthcare agencies, charities, and educational organizations.

Data stolen by the hacker included unencrypted personal information, such as consumers’ and donors’ full names, ages, dates of birth, social security numbers, addresses, phone numbers, email addresses, financial details (bank account information, estimated wealth, and identified assets), medical and health insurance information, gender, religious beliefs, marital status, spouse names, spouses’ donation history, employment details, salaries, education, and account credentials.

The security failure was exacerbated by Blackbaud not enforcing its own data retention policies, causing customer data to be kept for years longer than necessary. Blackbaud also retained data of former and potential customers for years longer than required.

All of which was a treasure trove for the attacker, who demanded a ransom from Blackbaud or threatened to expose the stolen data. The company paid 24 Bitcoin (worth US $235,000) to the hacker, but was not able to verify if the deleted the data.

The poor data retention practices were not the FTC’s only complaints about Blackbaud’s handling of the incident.

The FTC criticized the company for not notifying customers of the breach for two months after detection, saying Blackbaud had “misrepresented the scope and severity of the breach after an exceedingly inaccurate investigation.”

According to Blackbaud’s customer breach notification of July 16, 2020, “The cybercriminal did not access credit card information, bank account information, or social security numbers… No action is required on your end because no personal information about your constituents was…

Source…

Canada’s ‘most prolific hacker’ jailed for two years


A 33-year-old man has been sentenced to two years in prison after admitting his part in a series of ransomware and malware attacks that hit more than one thousand individuals, businesses, and organisations — including three police departments.

Ottawa-based Matthew Philbert, who has been dubbed “Canada’s most prolific hacker,” typically launched attacks by sending malicious emails that posed as job applications, attaching a booby-trapped resume poisoned with malware.

If Philbert’s intended targets made the mistake of opening the attachment their PCs would be infected by a remote access trojan horse that would allow the hacker to infiltrate computer systems and plant further malware,

Hiding his true identity with anonymous email addresses and masking his location with VPNs, Philbert gained full access over infected computers, stealing passwords, and sending emails from victims’ accounts.

According to Ontario Provincial Police, Philbert didn’t care whether the victims of his attacks were big or small, targeting businesses of all sizes including a private elementary school, as well as the Ronald McDonald House in Halifax which provides accommodation for parents of hospitalised children.

Audaciously, the hacker also targeted three police departments – Nishnawbe Aski Police in Thunder Bay, West Vancouver Police Department, and City of Kawartha Lakes Police Department – although none of these are thought to have lost any money.

The Royal Canadian Mounted Police, the US FBI and Europol launched a 23-month-long investigation into the cyber attacks, which culminated with Philbert’s arrest at his home in Ottawa in 2021.

Ontario police discovered Philbert had $46,000 worth of Bitcoin in a cryptocurrency wallet, the apparent proceeds from four different ransomware attacks.

The hacker’s cybercriminal activity is thought to stretch back to the 2000s, when attackers would lock up PCs and display a message claiming to come from the police saying that the computer’s owner had been caught viewing child sexual abuse material.  These rudimentary versions of ransomware would demand a “fine” be paid to unlock the PC and make police turn a blind eye.

Philbert pleaded guilty to fraud, unauthorized use of a…

Source…

Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security


Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles.

Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade.

The allegations against Ermakov mark the first time Australia has sanctioned a cybercriminal. The documents released by the Australian government included multiple photos of Mr. Ermakov, and it was clear they wanted to send a message that this was personal.

It’s not hard to see why. The attackers who broke into Medibank in October 2022 stole 9.7 million records on current and former Medibank customers. When the company refused to pay a $10 million ransom demand, the hackers selectively leaked highly sensitive health records, including those tied to abortions, HIV and alcohol abuse.

The U.S. government says Ermakov and the other actors behind the Medibank hack are believed to be linked to the Russia-backed cybercrime gang REvil.

“REvil was among the most notorious cybercrime gangs in the world until July 2021 when they disappeared. REvil is a ransomware-as-a-service (RaaS) operation and generally motivated by financial gain,” a statement from the U.S. Department of the Treasury reads. “REvil ransomware has been deployed on approximately 175,000 computers worldwide, with at least $200 million paid in ransom.”

The sanctions say Ermakov went by multiple aliases on Russian cybercrime forums, including GustaveDore, JimJones, and Blade Runner. A search on the handle GustaveDore at the cyber intelligence platform Intel 471 shows this user created a ransomware affiliate program in November 2021 called Sugar (a.k.a. Encoded01), which focused on targeting single computers and end-users instead of corporations.

An ad for the ransomware-as-a-service program Sugar posted by…

Source…

Ukrainian Police Arrest Cryptojacking Hacker


The Ukrainian National Police said on Friday that they had arrested a hacker in the southern city of Mykolaiv in connection with a sophisticated scheme to hijack cloud computers to mine cryptocurrencies, a ploy known as “cryptojacking.”

Ukraine HackerUkrainian police seized electronic devices, SIM and bank card from the suspected hacker. (Photo: Національна поліція України, License)Over the last two years, the 29-year-old suspect allegedly managed to mine nearly US$2 million in cryptocurrencies. The authorities did not release either the suspect’s name or the name of the U.S. company whose server was allegedly misused.

The suspect is accused of infecting that server with malware, known as a “miner virus” — malicious software that steals a computer’s resources to generate cryptocurrency, allowing the hacker to steal money and transfer it to controlled electronic wallets.

According to the police, the suspect hacked 1,500 accounts belonging to the unnamed company’s clients, using a technique known as brute force—self-developed software for automatic password selection.

He then used the compromised accounts to gain access to the cloud computing provider, secretly infecting the company’s server with the malicious software.

The suspect used its computational power to mine cryptocurrencies, allowing him to avoid paying for server time and power.

The stolen computer time typically cost more than the profits mined, so that compromised account holders were left with substantial cloud bills.

During the search of the suspect’s home, the police seized “computer equipment, bank and SIM cards, electronic media, and other evidence of illegal activity.”

The investigation into the case continues, with authorities targeting potential accomplices of the suspect and examining his possible connections with a pro-Russian hacker group, according to Ukrainian police.

Europol, the European Union Agency for Law Enforcement Cooperation, which supported the operation, said that the arrest followed “months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the…

Source…