Tag: helped | Page 3

ExpressVPN CIO Helped United Arab of Emirates Hack Into Phones, Computers

September 15, 2021/in Internet Security

The chief information officer for ExpressVPN once helped the United Arab of Emirates orchestrate a massive cyberspying campaign on computers across the globe.

According to the Justice Department, ExpressVPN CIO Daniel Gericke and two others worked as hackers for hire for the UAE to develop “zero-click” attacks capable of breaking into internet accounts and devices, including those in the US.

All three formerly worked for the US intelligence community. However, by offering their hacking expertise to a foreign country from 2016 to 2019, the trio broke US export controls, which required them to obtain a license from the State Department to provide such services. Reuters originally reported on the hire-for-hacking scheme with the UAE, and said the spying ensnared iPhones and internet accounts belonging to activists, political rivals, and even Americans.

The cyberspying naturally raises questions about the security around ExpressVPN. However, the VPN service is sticking with Gericke, who ceased his work with the UAE once he joined ExpressVPN in December 2019.

“We’ve known the key facts relating to Daniel’s employment history since before we hired him, as he disclosed them proactively and transparently with us from the start,” ExpressVPN wrote in a blog post on Wednesday. “In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users’ privacy and security.”

Despite breaking US laws with the hacking, the Justice Department is refraining from charging Gericke with a crime. Instead, he’s entered into an agreement that forbids him from ever conducting “computer network exploitation” operations on behalf of an employer ever again. He also agreed to pay a $335,000 fine.

ExpressVPN adds that it constantly vets its VPN service for security. “Of course, we do not rely on trust in our employees alone to protect our users,” it wrote in Wednesday’s blog post. “We have robust systems and security controls in place in all our systems or products. We also engage and provide significant access to many independent third parties to conduct audits, security assessments, and penetration tests on our systems and…

Source…

Nigerian Instagram star helped North Korean hackers in $1.3B scheme: Feds

February 21, 2021/in Computer Security

A Nigerian Instagram star conspired with North Korean hackers to steal more than $1.3 billion from companies and banks in the U.S. and other countries, federal prosecutors said.

Ramon Olorunwa Abbas, 37, also known as “Ray Hushpuppi,” is being accused of helping three North Korean computer hackers steal the funds from companies and banks, including one in Malta, in February 2019, according to the Justice Department.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John Demers of the Justice Department’s National Security Division said in a statement on Feb. 17.

Abbas — who has 2.5 million followers on Instagram, where he would post photos of his luxury cars — somehow found time for still more banking-related crimes, the feds say.

He worked with Ghaleb Alaumary, 37, a Canadian who was charged with laundering millions of dollars from ATMs in the U.S. and Pakistan and a bank in India, prosecutors say.

Last July, the Nigerian national was arrested in still another, separate case.

He was extradited from Dubai to the U.S. where he was charged with “laundering hundreds of millions of dollars from business email compromise (BEC) frauds and other scams, including schemes targeting a US law firm, a foreign bank and an English Premier League soccer club,” according to the Justice Department.

Source…

Instagram photo flaw could have helped hackers spy via users’ cameras and microphones

September 27, 2020/in Computer Security

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. Read more in my article on the Tripwire State of Security blog.
Graham Cluley

Twitter says a “phone spear phishing” attack helped hackers – what’s that?

July 31, 2020/in Computer Security

What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.

Graham Cluley

Tag Archive for: helped