Department of Justice and the FBI—has announced a major coordinated law enforcement effort to disrupt international business e-mail compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals.
The FBI is warning of an increase in new scams that try to trick taxpayers and employers into sending employee records, Social Security numbers, dates of birth, and other sensitive information.
The scams are most often directed at human resources departments in an attempt to trick workers into sending records for large numbers of employees. Often, the people perpetrating these crimes impersonate executives inside a targeted company by compromising or spoofing a trusted email account that asks for all W-2 information on record.
EFF filed a lawsuit against the Department of Justice in May 2017 seeking records about the FBI’s training and use of Best Buy Geek Squad employees to conduct warrantless searches of customers’ computers.
A federal prosecution of a doctor in California revealed that the FBI has been working for several years to cultivate informants in Best Buy’s national repair facility in Brooks, Kentucky, including reportedly paying eight Geek Squad employees as informants.
EFF sent a FOIA request to the FBI in February 2017 seeking agency records about the use of informants, training of Best Buy personnel in the detection and location of child pornography on computers, and policy statements about using informants at computer repair facilities.The FBI denied the request, saying it doesn’t confirm or deny that it has records that would reveal whether a person or organization is under investigation. A suit was filed after the Department of Justice failed to respond to our administrative appeal of the FBI’s initial denial.
Top officials from major U.S. intelligence agencies including the CIA, the FBI, and the National Security Agency (NSA) have suggested people should not use phones made by Chinese manufacturers Huawei or ZTE. They have“Deep concerns,” over potential security risks claimed to come from using telecoms devices made by companies, “beholden to foreign governments.
There was a discussion at an annual meeting about various threats to the United States from around the world. A wide range of subjects, including and primarily Russian influence on U.S. politics and North Korea’s nuclear program, right down to drugs entering the U.S. from Mexico. Cyber security and the use of technology in espionage, however, repeatedly permeated talks.
Director of national intelligence, Dan Coats, made the opening remarks. He said the United States is under attack from, “Entities using cyber to penetrate virtually every major action that takes place in the United States,” and called cyber threats one of his greatest concerns and top priorities. Coats singled out Russia, China, Iran, and North Korea as posing the greatest threats.
Huawei’s new flagship phone, the Mate 10 Pro, is available for pre-order in the US despite not having any deals with US carriers — so to get some attention, it seems the company has stooped to having fake reviews for the new phone planted online, as spotted by 9to5Google.
The fake reviews, are hosted on the Best Buy website, probably the result of a contest Huawei ran on Facebook. On January 31st, the company posted to a Facebook group with over 60,000 members, asking for people to leave comments on the Best Buy pre-sale page in exchange for a chance to beta test a Mate 10 Pro. The original post has been deleted, but 9to5Google obtained a screenshot before it went down. “Tell us how to why (sic) you WANT to own the Mate 10 Pro in the review section of our pre-sale Best Buy retail page,” the post states.
Hackers who posted several of HBO’s new episodes and a “Game of Thrones” script online in late July have published a month’s worth of emails from the inbox of one of the entertainment company’s executives. The Hackers also addressed a video letter to HBO CEO Richard Plepler that demands the company demand payment of money, although the figure was redacted, according to the report. The hackers said HBO marked their 17th victim, and only three have failed to pay. HBO said its forensic review of the incident is ongoing and noted that it believed further leaks were forthcoming.
HBO private emails in the hands of hackers, came Monday in an email message to The Hollywood Reporter that also contained nine files with such labels as “Confidential” and “Script GOT7.” The hackers also delivered a video letter to HBO CEO Richard Plepler that says, “We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).”
They say that the frequency of the attacks has overwhelmed the FBI’s Los Angeles field office, which has been unable to properly investigate all of them. The FBI’s surprising advice, according to industry sources: Pay the ransom.
FBI spokesperson in the L.A. office denied that the agency is telling companies to cough up the bitcoins in cases of ransomware. “The FBI does not encourage payment of ransom as it keeps the criminals in business,” says Laura Eimiller. “Of course, the individual victim must weigh their options.”
“The FBI will say it’s easier to pay it than it is to try to fight to get it back,” says Hemanshu Nigam, a former federal prosecutor of online crime in L.A. and onetime chief security officer for News Corp. “And if one company pays the ransom, the entire hacking community knows about it.”
A security researcher Marcus Hutchins, 22, a British national, who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Hutchins was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends have confirmed.
A Justice Department spokesperson has confirmed on the phone that his arrest is in relation to his alleged role “in creating and distributing the Kronos banking Trojan.”
The indictment was dated July 11, about two weeks before he flew to the US to attend the annual security conference. The Justice Department has been after those involved with the notorious Kronos malware for more than two years.
Hutchins, also known as @MalwareTechBlog, stormed to fame after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware. Hutchins registered a domain name that stemmed the infection.
He was hailed as a hero for stopping the attack, which gripped UK hospitals and other major industries around the world.
The FBI say, many toys sporting cloud-backed features such as speech recognition or online content hosting “could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.
“Security safeguards for these toys can be overlooked in the rush to market them and to make them easy to use,” the FBI warns. “Consumers should perform online research of these products for any known issues that have been identified by security researchers or in consumer reports.”
Germany’s Federal Network Agency, or Bundesnetzagentur, has banned Genesis Toys’ Cayla doll as an illegal surveillance device.