Tag Archive for: Wins

Google wins court order against Pakistani gang accused of infecting computers with botnet

/in


Google wins court order against Pakistani gang accused of infecting computers with botnet


Representational picture. (Image Credits: Mohammad Faisal x Bing Image Creator)


This court order doesn’t just apply to domain name registrars or hosting providers but covers blocking network traffic

Google has won a court order to force ISPs to filter botnet traffic. A US court recently unsealed a restraining order against a cybercriminal gang operating out of Pakistan that came on the back of a formal legal complaint from Google.

The tech giant reportedly collected evidence about the cybergang and accused it of ripping off Google product names, icons, and trademarks to push their malware distribution service. According to the report, the allegations also include running “pay-per-install” services for alleged software bundles that deliberately injected malware onto victims’ computers and operating a botnet to steal, collect, and collate personal data from hundreds of thousands of victims in the US.

Loosely known as CryptBot, the cybergang is alleged to have plundered browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and other personally identifiable information.

“The Defendants are responsible for distributing a botnet that has infected approximately 672,220 CryptBot victim devices in the US in the last year. At any moment, the botnet’s extraordinary computing power could be harnessed for other criminal schemes,” the court order said.

“Defendants could, for example, enable large ransomware or distributed denial-of-service attacks on legitimate businesses and other targets. Defendants could themselves perpetrate such a harmful attack, or they could sell access to the botnet to a third party for that purpose,” it added.

The defendant group didn’t show up in court to argue their case. The court favoured a temporary restraining order and said that the criminal enterprise is defrauding users and injuring Google. It also authorised Google to identify network providers…

Source…

Google wins court order to force ISPs to filter botnet traffic – Naked Security

/in


A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google.

Google, it seems, decided to use its size, influence and network data to say, “No more!”, based on evidence it had collected about a cybergang known loosely as the CryptBot crew, whom Google claimed were:

  • Ripping off Google product names, icons and trademarks to shill their rogue software distribution services.
  • Running “pay-per-install” services for alleged software bundles that deliberately injected malware onto victims’ computers.
  • Operating a botnet (a robot or zombie network) to steal, collect and collate personal data from hundred of thousands of victims in the US.

You can read a PDF of the court document online.
Thanks to our chums at online pub The Register for posting this.

Plunder at will

Data that these CryptBot criminals are alleged to have plundered includes browser passwords, illicitly-snapped screenshots, cryptocurrency account data, and other PII (personally identifiable information).

As the court order puts it:

The Defendants are responsible for distributing a botnet that has infected approximately 672,220 CryptBot victim devices in the US in the last year. At any moment, the botnet’s extraordinary computing power could be harnessed for other criminal schemes.

Defendants could, for example, enable large ransomware or distributed denial-of-service attacks on legitimate businesses and other targets. Defendants could themselves perpetrate such a harmful attack, or they could sell access to the botnet to a third party for that purpose.

Because the defendants are apparently operating out of Pakistan, and unsurprisingly didn’t show up in court to argue their case, the court decided its outcome without hearing their side of the story.

Nevertheless, the court concluded that Google had shown “a likelihood of success” in respect of charges including violating the Computer Fraud and Abuse Act, trademark rules, and racketeering laws (which deal, loosely speaking, with so-called organised crime – committing crimes as if you were running a business):

[The court favors]…

Source…

Budget wins (and losses) — Vallance’s plan — Donelan’s TikTok twist – POLITICO

/in


— The good, the bad and the indifferent – it’s budget fallout time.

What does the future of tech regulation look like? Sir Patrick Vallance has some answers. 

— The row over the U.K.’s position on TikTok takes an unexpected turn.

Good morning, we hope you survived budget day and are coping with the train/teachers/tube/lecturers/doctors/civil servants/BBC journalists (have we missed any?) strikes. 

Send your news, views and tips to the team: Annabelle Dickson, Mark Scott and me on email. You can also follow us on Twitter @TomSBristow @NewsAnnabelle @markscott82.

FIRST, THE NEWS: A budget that love-bombed tech was promised, and Chancellor Jeremy Hunt delivered, sort of. There was cash for computingregulatory promises on AI and finance … and some hefty tax and investment announcements too.

Right-hand woman: Science and Technology Secretary Michelle Donelan was sitting next to Hunt looking pleased as punch on the front bench. But as the dust settles on the government’s self-styled pro-innovation budget, the all-important detail and reaction is a mixed bag. 

Exascale is coming: The most eye-catching sum of money was the £900 million announced for a so-called “exascale” computer — for the uninitiated, that is a machine several times more powerful than the U.K.’s top supercomputer. The other big headline figure was the £2.5 billion towards a 10-year quantum computing program (more on that further down the email.) 

Prized AI: Hunt also gave the go-ahead to plans to launch an artificial intelligence sandbox — a mechanism to allow companies to test for a limited time before entering the market. That would allow innovators to “trial new, faster approaches to help innovators get cutting edge products to market.” (More on that, and other recommendations made by Chief Scientific Adviser Sir Patrick Vallance further down the email.) There will also be a prize worth £1 million a year which will be awarded to “the person or team that does the most groundbreaking AI research.”

Put your foot down: There was also another £100 million for the Innovation Accelerators programme which is focusing on three clusters:…

Source…

Security done right – infosec wins of 2022

/in


The toasts, triumphs, and biggest security wins of the year

Security done right 2022

As 2022 draws to a close, The Daily Swig is revisiting some of the year’s most notable web security wins and egregious infosec fails.

Yesterday we showcased the year’s biggest fails – the security disasters, industry calamities, and the emergence of vulnerabilities so stupid they’ll make your eyes roll.

Today, we’re celebrating the times that organizations, governments, and the infosec community have shown laudable skill, judgement, and commitment to better securing the cyber sphere in 2022.

CCFA changes

This year saw major progress made in protecting ethical hacking from unfair legal consequences. Current laws worldwide often enable prosecution of security researchers motivated to protect rather than harm users, creating risks for ethical hackers in the course of doing their job.

In the US, the Department of Justice (DoJ) announced it will no longer prosecute security researchers who act in “good faith” under a landmark revision to its policy regarding computer crime laws.

The amendment, announced back in May, laid out changes to prosecution criteria under the Computer Fraud and Abuse Act (CFAA).

Good faith in this case refers to an individual accessing a computer solely for purposes of good-faith testing, investigation, or correction of a security flaw or vulnerability.

RELATED Stupid security 2022 – this year’s infosec fails

Decriminalizing UK ethical hackers

Across the pond, UK legislators proposed an amendment to the Product Security and Telecommunications Infrastructure (PSTI) bill back in June that would give cybersecurity professionals a legal defence for their activities under the Computer Misuse Act (CMA).

Critics argue that the law, which came into effect in 1990, is outdated and unduly prosecutes security researchers, ethical hackers, and pen testers who responsibly hunt for or report vulnerabilities.

Campaigners continue to call for legal clarification of legitimate hacking activities, which they argue include responsible vulnerability research and disclosure, proportionate threat intelligence, best practice internet scanning, enumeration, use of open directory…

Source…