A security researcher Marcus Hutchins, 22, a British national, who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Hutchins was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends have confirmed.
A Justice Department spokesperson has confirmed on the phone that his arrest is in relation to his alleged role “in creating and distributing the Kronos banking Trojan.”
The indictment was dated July 11, about two weeks before he flew to the US to attend the annual security conference. The Justice Department has been after those involved with the notorious Kronos malware for more than two years.
Hutchins, also known as @MalwareTechBlog, stormed to fame after he found a kill switch in the malware, known as WannaCry, amid a global epidemic of ransomware. Hutchins registered a domain name that stemmed the infection.
He was hailed as a hero for stopping the attack, which gripped UK hospitals and other major industries around the world.
Researchers at Newcastle University in the UK claims that Visa’s credit-card payment system can be compromised online in “as little as six seconds.” The security flaw was possibly the point of entry for the cyber-attack on the UK’s Tesco Bank that lost £2.5 million.This isn’t some high-level hacking going on here either — all it takes for a determined thief to grab card data and a laptop with an internet connection with some basic guesswork, the paper says.
The team of researchers, led by PhD student Mohammed Ali, call the method “the Distributed Guessing Attack.” The approach: a thief generates random numbers to guess combinations of card numbers, expiration dates and CVV codes (that three-digit number typically found on the back of the card). The video below demonstrates just how easy it is to generate all of these fields quickly: According to the paper, there are three levels of data fields used by web merchants: Card Number + Expiry date; Card Number + Expiry date + CVV; Card Number + Expiry date + CVV + Address.
It takes just a few attempts to guess the data once the hack is put into motion with an active card number. Most cards are valid for 60 months, so guessing the expiration date takes at most 60 attempts.
The CVV is a bit more difficult to find, but not by much: the team estimates about 1,000 attempts at most. “Spread this out over 1,000 websites and one will come back verified within a couple of seconds,” Ali said.
The research paper, whose lead author is a 26-year-old PhD student, said the good news for people with MasterCard debit and credit cards was that this form of hacking did not work on MasterCards, because its systems were able to detect the attacks. It added that the minority of online retailers that used so-called 3D Secure technology to provide extra protection – such as the Verified by Visa, Mastercard SecureCode and American Express SafeKey systems – were also “safe” from this type of attack.
Did anyone see a bridemaid of color?
Five-year-old Lydia Port-Burke has self-published a fairy tale now available in the UK…July 7, 2014 Lydia Port-Burke has written her first book “Fairy Mission to Find Stripe” at the age of five. Her book, which unfortunately is not available in the US at this time, will support the British charity Children in Need. A portion of each sale of Lydia’s book on iTunes will go to the organization.
According to the BBC Children in Need website, the organization provides grants to projects in the United Kingdom which have a “focus on children and young people who are disadvantaged.
Police officers will not always have to attend court to give evidence because of Live Link, a live video link from police stations to magistrates’ courts, allows officers to give evidence from the station rather than have to go to court and wait to be called to the witness stand.
A court clerk can dial in and connect the officer live into court when the magistrate is ready for them to give evidence, allowing officers to carry on with their work in the event of a delay.
Live Link forms part of the Criminal Justice Efficiency Programm, a national initiative aimed at modernizing and reforming the Criminal Justice System by providing a swifter and more transparent system to meet the needs of victims and witnesses.