Tag Archive for: hacker

Nebraska state senator wants to hire a hacker to break into state systems

/in


One state lawmaker wants Nebraska to take measures to protect it from cyberattacks. His answer? Hire its own hacker.

State Sen. Loren Lippincott presented a bill Thursday to the Legislature’s government committee that would give the Nebraska State Patrol $200,000 to hire “an ethical hacker.” The hacker would spend his or her days trying to break into the state’s computer network, as well as election equipment and software, to find any vulnerabilities in those systems.

Lippincott said he got the idea from a nephew of his who did similar work. The lawmaker’s staff did not find other states that have hired independent hackers, although Missouri has hired a company that employs “white hat hackers” to provide that service.

NEBRASKA LAWMAKER PROPOSES ‘STAND YOUR GROUND’ GUN LAW

“We hope to lead the way,” Lippincott said.

His bill also would allow hiring a security company that provide hackers to find weaknesses in the state’s system.

Security challenges continue to grow for state and local election officials across the country, including potential cyberattacks waged by foreign governments, criminal ransomware gangs and election misinformation that has led to harassment of election officials and undermined public confidence.

Nebraska Sen. Loren Lippincott

Nebraska Sen. Loren Lippincott is pictured here at his desk on the floor of the state Capitol on Jan. 5, 2024, in Lincoln, Nebraska. He introduced a bill to hire “an ethical hacker” to find weaknesses in state computer systems on Jan. 8, 2024. (AP Photo/Margery Beck, File)

Lippincott presented the bill on the heels of FBI Director Christopher Wray’s warning that Chinese government hackers are targeting critical U.S. infrastructure, including water treatment plants, the electrical grid and transportation systems.

The Nebraska bill’s hearing was also held on the same day that the U.S. Cybersecurity and Infrastructure Security Agency launched a program aimed at boosting election security in the states and after a recent cyberattack on government operations in Georgia that has created some elections challenges ahead of that state’s March presidential primary.

CLICK HERE TO GET THE FOX NEWS APP

“This idea is that an ethical hacker can find vulnerabilities that can be fixed…

Source…

Maltese suspected hacker to be extradited to United States for computer malware crimes

/in


A Maltese man is waiting to be extradited to the United States after an operation by the Maltese police assisting the FBI in investigations led to his arrest.

Daniel Joe Meli, who is 27 years old is believed to have worked with people who are not Maltese in connection with the sale of illegal malware on the dark web. The accused, who is from Żabbar, was also said to have been involved in mentoring services on a hack forum, an internet forum for hacker culture and computer security.

The malware, a remote access trojan or RAT, is used by criminals to gain access to computers and servers and control their operation. The police said there were several victims in the United States who had fallen prey to this RAT, with no reported victims in Malta so far.

Meli’s social media profiles suggests that he used to work with Air Malta as a check-in agent, and that he now works with Aviaserve.

The investigations in Malta, overseen by the police cybercrime unit, were initiated following a request for assistance from the United States, which indicated that the prime suspect in the sale of this RAT is Maltese.

Investigations revealed the identification of the Maltese suspect and his association with other criminals who are not Maltese and do not reside in Malta.

The suspect was arrested at his workplace in Gudja on 7 February, and during searches conducted at various locations related to the suspect, numerous items linked to this investigation were seized.

The 27-year-old man appeared in court on Thursday afternoon before Magistrate Dr. Giannella Camilleri Busuttil LL.D, to begin extradition proceedings to the United States, where he will face charges before the American court.

He has consented to extradition and is being held in custody at the Correctional Facility in Kordin.

In connection with this investigation, a Nigerian accomplice, residing in Nigeria, was also arrested.

Operations in various countries related to the same illegal malware trade on the dark web were being coordinated by Europol, involving several other states, including the Australian Federal Police, the Canadian Police, Croatian Police, Finnish Police, Dutch Police, Romanian Police, German Police, and Nigerian…

Source…

FTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of people

/in


Data and software services firm Blackbaud’s cybersecurity was criticised as “lax” and “shoddy” by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach.

According to the FTC, Blackbaud’s poor security breach in February 2020 led to a hacker accessing the company’s customer databases and stealing personal information of millions of consumers in the United States, Canada, the UK, and the Netherlands.

Blackbaud’s affected customers are mainly non-profits, such as healthcare agencies, charities, and educational organizations.

Data stolen by the hacker included unencrypted personal information, such as consumers’ and donors’ full names, ages, dates of birth, social security numbers, addresses, phone numbers, email addresses, financial details (bank account information, estimated wealth, and identified assets), medical and health insurance information, gender, religious beliefs, marital status, spouse names, spouses’ donation history, employment details, salaries, education, and account credentials.

The security failure was exacerbated by Blackbaud not enforcing its own data retention policies, causing customer data to be kept for years longer than necessary. Blackbaud also retained data of former and potential customers for years longer than required.

All of which was a treasure trove for the attacker, who demanded a ransom from Blackbaud or threatened to expose the stolen data. The company paid 24 Bitcoin (worth US $235,000) to the hacker, but was not able to verify if the deleted the data.

The poor data retention practices were not the FTC’s only complaints about Blackbaud’s handling of the incident.

The FTC criticized the company for not notifying customers of the breach for two months after detection, saying Blackbaud had “misrepresented the scope and severity of the breach after an exceedingly inaccurate investigation.”

According to Blackbaud’s customer breach notification of July 16, 2020, “The cybercriminal did not access credit card information, bank account information, or social security numbers… No action is required on your end because no personal information about your constituents was…

Source…

Canada’s ‘most prolific hacker’ jailed for two years

/in


A 33-year-old man has been sentenced to two years in prison after admitting his part in a series of ransomware and malware attacks that hit more than one thousand individuals, businesses, and organisations — including three police departments.

Ottawa-based Matthew Philbert, who has been dubbed “Canada’s most prolific hacker,” typically launched attacks by sending malicious emails that posed as job applications, attaching a booby-trapped resume poisoned with malware.

If Philbert’s intended targets made the mistake of opening the attachment their PCs would be infected by a remote access trojan horse that would allow the hacker to infiltrate computer systems and plant further malware,

Hiding his true identity with anonymous email addresses and masking his location with VPNs, Philbert gained full access over infected computers, stealing passwords, and sending emails from victims’ accounts.

According to Ontario Provincial Police, Philbert didn’t care whether the victims of his attacks were big or small, targeting businesses of all sizes including a private elementary school, as well as the Ronald McDonald House in Halifax which provides accommodation for parents of hospitalised children.

Audaciously, the hacker also targeted three police departments – Nishnawbe Aski Police in Thunder Bay, West Vancouver Police Department, and City of Kawartha Lakes Police Department – although none of these are thought to have lost any money.

The Royal Canadian Mounted Police, the US FBI and Europol launched a 23-month-long investigation into the cyber attacks, which culminated with Philbert’s arrest at his home in Ottawa in 2021.

Ontario police discovered Philbert had $46,000 worth of Bitcoin in a cryptocurrency wallet, the apparent proceeds from four different ransomware attacks.

The hacker’s cybercriminal activity is thought to stretch back to the 2000s, when attackers would lock up PCs and display a message claiming to come from the police saying that the computer’s owner had been caught viewing child sexual abuse material.  These rudimentary versions of ransomware would demand a “fine” be paid to unlock the PC and make police turn a blind eye.

Philbert pleaded guilty to fraud, unauthorized use of a…

Source…