Teenagers arrested for offering Booter Services

rpxubn-a_400x400vDOS is a distributed denial-of-service (DDoS) kit that is allegedly responsible for most of the DDoS attacks in the past four years. Two teenagers have been arrested in Israel for their alleged link to the selling of the kit. The teenagers, Itay Huri and Yarden Bidani, both 18, were arrested on September 8 by Israeli authorities on the request of the FBI and are under house arrest and forbidden to use internet-connected devices for 30 days. The service has been running undercover for four years now until security researcher, Brian Krebs found a hole in another DDoS-for-hire service that enabled access to vDoS’s database leading to the arrest of the teenagers.

The vDoS service was offered for between $20 to $200 per month depending on how long the hackers wanted to operate and payment was preferred through Bitcoin digital currency. The database uncovered by Krebs had tens of thousands of paying customers and over $600,000 has been netted in the past two years by the operators.

Advertisements

Romanian Hacker bags 52 months Prison term

jail-featHacker, Guccifer was sentenced to 52 months in prison for unauthorized access to a protected computer and aggravated identity theft. He will also serve three years of supervised release; give up online storage accounts holding victim information and pay restitution to his victims. Marcel Lehel Lazar, known as Guccifer was responsible for unlawfully gaining access to private accounts of at least 100 Americans and making their private information public on the internet.

Lazar targeted both public figures and private citizens. In some cases, he impersonated his victims online and in many cases released victims’ private records including emails, medical records, financial information and photographs to the public.

Lazer pleaded guilty to the crime on May 25 and admitted to committing the crime while on probation in Romania for a previous computer hacking crime. He admitted using proxies to hide his location and smashing his computers and cellphone with an ax when he discovered his identity had been uncovered.

US based programmer in Court for Hacking Linux Kernel Organization

The Linux Kernel Organization that runs the ‘www.kernel.org’ website that is used for distributing the Linux kernel software was hacked and a South Florida based computer programmer has been arrested on charges of being responsible for the hack.

The programmer, Donald Austin was arrested and is being charged for causing damage to four servers of the Linux Kernel Organization by installing malicious software. Austin is accused of gaining unauthorized access to the four servers using the credentials of an individual associated with the organization and using his access to install rootkit and Trojan and also making changes to the server.

His next court appearance is on Septemer 21, 2016 in San Francisco at 9:30am. If convicted, he could face up to ten years of imprisonment and a fine of $250,000 + restitution for each violation according to helpnetsecurity.

Megaupload now serving Porn & Junk Ads

Megaupload, a file sharing site that was seized by the Department of Justice in an online privacy investigation four years ago is now providing pornographic content and junk ads, The website which is still under the control of the FBI, previously only displayed a banner informing visitors that the domain was seized on its web pages.

According to the TorrentFreak article, the FBI last year failed to renew ownership of “Cirfu.net,” an expired domain name assigned to a nameserver where Megaupload.com visitors were being redirected. The domain’s new owner then used Megaupload.com to deliver malware. U.S. authorities “fixed this by removing the nameservers altogether, but it turns out that they didn’t do this for all seized domains,” the report explains. Once again Cirfu.net expired, allowing the latest owner to apparently abuse more Megaupload domains.

$1 Million Penalty for Morgan Stanley

data-breachGlobal Financial Giant, Morgan Stanley has been fined for $1 million by the US Securities and Exchange commission for failure to protect information of it’s clients. According to the SEC, the bank “failed to adopt written policies and procedures reasonably designed to protect customer data.” This made it possible for an employee to transfer clients’ data to a private server from which the data is believed to have been breached.

The employee at the time, Galen J. Marsh, was criminally convicted for his actions in 2015 and received 36 months of probation and ordered to pay $600,000 in restitution.

Considering the amount of attacks suffered by organizations in recent times, organizations cannot afford to neglect policies and procedures that will enhance the security of their information and information systems any longer.

Morgan Stanley has agreed to pay the fine.

White Hat Researcher Jailed for Exposing SQLi Flaws

jail-featA cybersecurity researcher who exposed vulnerabilities in a Florida elections website was last week arrested and charged on three third-degree felony counts.

Vanguard Cybersecurity boss David Levin handed himself in on Wednesday and spent five hours in the Lee County Jail cells before being released on a $15,000 bond, according to local reports.

He had posted a YouTube video detailing his research, which found simple SQL injection flaws in the website of the Lee County Supervisor of Elections Office, using the popular Havij automated SQLi tool.

Dan Sinclair, one of the candidates currently running for the supervisor of elections position, appears alongside Levin in the video, although he was not involved in the research itself.

“Dave didn’t do anything wrong,” he’s quoted as saying. “This is political corruption.”

However, Troy Hunt, security researcher and owner of the Have I Been Pwned? site, argued that Levin was in the wrong as he could have demonstrated security weaknesses in the site without exposing personal data.

Continue reading

BlackBerry Boss Spills the Beans on ‘Lawful Access’

Image: The BlackBerry logo is pictured at the BlackBerry campus in WaterlooBlackBerry boss John Chen has hinted that his firm may have complied with police access requests for encrypted BBM chats sent via its BlackBerry Internet Service (BIS) during an operation designed to dismantle a Mafia crime syndicate.

In a carefully worded blog post, the CEO and executive chairman of the Canadian mobile firm addressed reports from last week that claimed the Royal Canadian Mounted Police (RCMP) had accessed the global encryption key used to secure all BBM messages.

Court documents in the case – where incriminating messages were used to help to prosecute dozens suspected of involvement in organized crime – revealed that the RCMP ran a “BlackBerry interception and processing system,” and that it had “the correct global key when it decrypted messages during its investigation.”

Continue reading