Tag Archive for: Man’

Eastern District of California | Carmichael Man Indicted for Sexual Exploitation of a Minor and Child Pornography Offenses

/in


SACRAMENTO, Calif. — A federal grand jury returned a three-count indictment today against Sam Moss Kerfoot, 27, of Carmichael, charging him with sexual exploitation of a minor, distribution of child pornography, and possession of child pornography, U.S. Attorney Phillip A. Talbert announced.

According to court documents, in April and May 2022, Kerfoot sexually abused a minor and produced visual depictions of the minor engaged in sexually explicit conduct. In addition, Kerfoot is alleged to have distributed child pornography in April 2022 and possessed child pornography in June 2023.

This case is the product of an investigation by the Sacramento Valley Hi-Tech Crimes Task Force Internet Crimes Against Children unit including the Sacramento County Sheriff’s Office, with assistance from the Federal Bureau of Investigation and Homeland Security Investigations. Assistant U.S. Attorneys Emily Sauvageau and Alstyn Bennett are prosecuting the case.

If convicted of the charges as alleged, Kerfoot faces a minimum statutory penalty of 25 years in prison, a maximum of 50 years in prison, and a $250,000 fine for sexual exploitation of a minor; a minimum statutory penalty of 15 years in prison, a maximum of 40 years in prison, and a $250,000 fine for distribution of child pornography; and a minimum of 10 years in prison, a maximum of 20 years in prison, and a $250,000 fine for possession of child pornography. Any sentence, however, would be determined at the discretion of the court after consideration of any applicable statutory factors and the Federal Sentencing Guidelines, which take into account a number of variables. The charges are only allegations; the defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute those who sexually…

Source…

Chinese man wanted for data leak

/in


OKE WANTED:
A man surnamed Tong is suspected of listing household registration data for sale, while prosecutors recommended a deferred sentence for the buyer

  • By Jake Chung / Staff writer, with CNA

A Chinese national surnamed Tong (童) has been named the prime suspect in Taiwan’s largest data leak and is now a wanted person, while a Taiwanese surnamed Cheng (鄭) was indicted for contravening the Personal Data Protection Act (個人資料保護法), the Taipei District Prosecutors’ Office said yesterday.

The prosecutors’ office launched an investigation after the Ministry of Justice’s Investigation Bureau forwarded the case to it.

The office said that Tong — who reportedly used OKE as an online persona — is suspected of listing 23.57 million household registration records obtained via hacks for sale on BreachForums in October last year, seeking a cryptocurrency payment of US$5,000.

Photo: AP

The data were primarily from before April 2018, prosecutors said.

Tong was named the primary suspect, as an electronic wallet in his name was designated as the recipient for the cryptocurrency transaction, prosecutors said.

The wallet had been active and Tong could have transferred funds from it into fiat currency in China, they said.

Cheng on Oct. 31 last year allegedly purchased the hacked data, using the ACE Exchange to transfer 4,999.2 Tether tokens to Tong’s wallet, prosecutors said.

At the time of the trade, one Tether token was worth US$1.0003 when the market opened and US$1.0002 at the close of the day.

Cheng told investigators that he had made the purchase because he wanted to know if personal information could be bought, the office said.

Prosecutors recommended that Cheng’s indictment be deferred for one year, as he had shown remorse, had not used the data for illegal activities and had agreed to delete the…

Source…

The most hated man on the internet. Lessons to learn

/in


A while ago I was scouring Netflix and stumbled across the 2022 The most hated man on the internet docuseries.

What’s that all about then?

The show is about Hunter Moore and his isanyoneup.com website (Wikipedia article), where abhorrent people uploaded naked / pornographic images, intended to shame or embarrass the subject. The website was shut down in April 2012. At its height it was getting 350K unique visits daily. Today that number could be monetised into $millions.

While some images were willingly submitted many were not. It was apparent that plenty of people, mainly women, had their intimate images uploaded without consent, and more worryingly those images had never been in the public domain before. They had gone to lengths to keep them private.

It transpired that many of the exploited women’s email accounts had been hacked. The Tactics, Techniques, and Procedures (TTPs) used to hack the accounts weren’t ground-breaking in the 2010s and they still work today. Typically it’s credential stuffing and spoofing of messages to friends in order to bypass 2FA. This isn’t APT territory, but it’s still effective.

Why have I written this post?

Like the TTPs used there, none of what I write is ground-breaking or state of the art. People’s digital lives are fairly easy to look in to as a consequence of social media and our increasingly connected lives.

At PTP we regularly use TTPs (TLAs in full effect!) in various engagements, TTPs that are covered in Netflix shows like The most hated man on the internet and also You. We use them to identify weaknesses in a client’s defences, and a significant part of those defences are human beings.

More and more we’re asked by the Board or Senior Leadership Team to conduct consensual Digital Footprint Reviews of its members, to identify potential angles or leverage a crook could use to bypass the most sophisticated tech a company can buy.

What lessons can we learn?

What we can learn from shows like this and the experiences of the victims:

  • Don’t give your password to anyone. Ever.
  • Double check and verify anyone who wants to connect with you, even if they seem like someone you know. Social media allows people to find out a lot…

Source…

Deforest police seeking man who fled traffic stop

/in


Critical components of U.S. infrastructure, including hospitals and power plants, are increasingly connected to the internet and are at risk of exploitation from cybercriminals lurking in the world’s darkest corners.

And one specific kind of malware attack has leaders in the private and public sectors sounding the alarm over the last two years: ransomware.

Twingate collected data from the FBI’s 2021 Internet Crime Report to show which infrastructure sectors were most often targeted by ransomware attacks. 2021 was the first year in which the FBI’s Internet Crime Complaint Center began tracking ransomware incidents in sectors considered critical infrastructure.

The FBI’s Internet Crime Complaint Center received 649 reports of ransomware incidents targeting critical infrastructure in 2021. In a memo in the latest report, FBI Deputy Director Paul Abbate described the increase in cyberattacks seen last year—not only in infrastructure sectors but overall—as “unprecedented.”

The FBI defines critical infrastructure as assets or systems that “are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on our security, national economy, public health or safety.”

Dozens of attacks last year were leveled at government entities, leading the National Association of State Chief Information Officers to name ransomware its top cybersecurity concern in 2021.

But the frequency of ransomware incidents was even more pronounced in the health care, financial services, and information technology sectors, which saw the most recorded attacks of any other infrastructure sector last year, according to the FBI. The military and defense sector reported the fewest incidents, with just one ransomware attack in 2021.

And these culprits aren’t always lone wolf operations seeking the biggest payout. Most ransomware attacks can be linked to state actors who would harbor more motives than financial gain in sponsoring ransomware attacks. Crypto-tracking company Chainalysis reported that most ransomware payments eventually went to Russian-linked hackers.

The FBI recommends updating operating systems and software, implementing…

Source…