Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ransomware
#1
RICHMOND, Va. (AP) — Foreign keyboard criminals with scant fear of repercussions have paralyzed U.S. schools and hospitals, leaked highly sensitive police files, triggered fuel shortages and, most recently, threatened global food supply chains.
The escalating havoc caused by ransomware gangs raises an obvious question: Why has the United States, believed to have the world’s greatest cyber capabilities, looked so powerless to protect its citizens from these kind of criminals operating with near impunity out of Russia and allied countries?

The answer is that there are numerous technological, legal and diplomatic hurdles to going after ransomware gangs. Until recently, it just hasn’t been a high priority for the U.S. government.

That has changed as the problem has grown well beyond an economic nuisance. President Joe Biden intends to confront Russia’s leader, Vladimir Putin, about Moscow’s harboring of ransomware criminals when the two men meet in Europe later this month. The Biden administration has also promised to boost defenses against attacks, improve efforts to prosecute those responsible and build diplomatic alliances to pressure countries that harbor ransomware gangs.

Calls are growing for the administration to direct U.S. intelligence agencies and the military to attack ransomware gangs’ technical infrastructure used for hacking, posting sensitive victim data on the dark web and storing digital currency payouts.
Fighting ransomware requires the nonlethal equivalent of the “global war on terrorism” launched after the Sept. 11 attacks, said John Riggi, a former FBI agent and senior adviser for cybersecurity and risk for the America Hospital Association. Its members have been hard hit by ransomware gangs during the coronavirus pandemic.

“It should include a combination of diplomatic, financial, law enforcement, intelligence operations, of course, and military operations,” Riggi said.

A public-private task force including Microsoft and Amazon made similar suggestions in an 81-page report that called for intelligence agencies and the Pentagon’s U.S. Cyber Command to work with other agencies to “prioritize ransomware disruption operations.”
“Take their infrastructure away, go after their wallets, their ability to cash out,” said Philip Reiner, a lead author of the report. He worked at the National Security Council during the Obama presidency and is now CEO at The Institute for Security and Technology.
But the difficulties of taking down ransomware gangs and other cybercriminals have long been clear. The FBI’s list of most-wanted cyber fugitives has grown at a rapid clip and now has more than 100 entries, many of whom are not exactly hiding. Evgeniy Bogachev, indicted nearly a decade ago for what prosecutors say was a wave of cyber bank thefts, lives in a Russian resort town and “is known to enjoy boating” on the Black Sea, according to the FBI’s wanted listing.

Ransomware gangs can move around, do not need much infrastructure to operate and can shield their identities. They also operate in a decentralized network. For instance, DarkSide, the group responsible for the Colonial Pipeline attack that led to fuel shortages in the South, rents out its ransomware software to partners to carry out attacks.

Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, said identifying and disrupting ransomware criminals takes time and serious effort.

“A lot of people misunderstand that the government can’t just willy-nilly go out and press a button and say, well, nuke that computer,” she said. “Trying to attribute to a person in cyberspace is not an easy task, even for intelligence communities.”
Reiner said those limits do not mean the United States cannot still make progress against defeating ransomware, comparing it with America’s ability to degrade the terrorist group al-Qaida while not capturing its leader, Ayman al-Zawahiri, who took over after U.S. troops killed Osama bin Laden.

“We can fairly easily make the argument that al-Qaida no longer poses a threat to the homeland,” Reiner said. “So short of getting al-Zawahiri, you destroy his ability to actually operate. That’s what you can do to these (ransomware) guys.”
The White House has been vague about whether it plans to use offensive cyber measures against ransomware gangs. Press secretary Jen Psaki said Wednesday that “we’re not going to take options off the table,” but she did not elaborate. Her comments followed a ransomware attack by a Russian gang that caused outages at Brazil’s JBS SA, the second-largest producer of beef, pork and chicken in the United States.

Gen. Paul Nakasone, who leads U.S. Cyber Command and the National Security Agency, said at a recent symposium that he believes the U.S. will be “bringing the weight of our nation,” including the Defense Department, “to take down this (ransomware) infrastructure outside the United States.”

Sen. Angus King, an independent from Maine who is a legislative leader on cybersecurity issues, said the debate in Congress over how aggressive the U.S. needs to be against ransomware gangs, as well as state adversaries, will be “front and center of the next month or two.”

“To be honest, it’s complicated because you’re talking about using government agencies, government capabilities to go after private citizens in another country,” he said.

The U.S. is widely believed to have the best offensive cyber capabilities in the world, though details about such highly classified activities are scant. Documents leaked by former NSA contractor Edward Snowden show the U.S. conducted 231 offensive cyber operations in 2011. More than a decade ago a virus called Stuxnet attacked control units for centrifuges in an underground site in Iran, causing the sensitive devices to spin out of control and destroy themselves. The cyberattack was attributed to America and Israel.

U.S. policy called “persistent engagement” already authorizes cyberwarriors to engage hostile hackers in cyberspace and disrupt their operations with code. U.S. Cyber Command has launched offensive operations related to election security, including against Russian misinformation officials during U.S. midterm elections in 2018.

After the Colonial Pipeline attack, Biden promised that his administration was committed to bringing foreign cybercriminals to justice. Yet even as he was speaking from the White House, a different Russian-linked ransomware gang was leaking thousands of highly sensitive internal files — including deeply personal background checks — belonging to the police department in the nation’s capital. Experts believe it’s the worst ransomware attack against a U.S.-based law enforcement agency.
“We are not afraid of anyone,” the hackers wrote in a follow-up post.
The ideal subject of totalitarian rule is not the convinced Nazi or the dedicated Communist  but instead the people for whom the distinction between fact and fiction, true and false, no longer exists -- Hannah Arendt.


Reply
#2
These password issues can end up being a major headache and a drain on the wallet. Weak passwords easily open you up to expensive cybersecurity disasters that were entirely preventable in the first place.

Without further ado, here are the top three most common passwords found on the Dark Web in 2020:

123456
password
12345678
Most common passwords by category
Security Boulevard, the group behind this list, also looks at common categories used for the passwords found on the Dark Web. In 2020, the main categories used to generate bad passwords included: names, sports, food, places, animals and famous people/characters.

Most of the bad passwords found on the Dark Web originate from these groups. In fact, about 59% of Americans use a person’s name or family birthday in their passwords. Another 33% include a pet’s name and, shockingly, a whopping 22% use their own name to create passwords.


Even more troubling? The average user reuses that bad password about 14 times.

Here are the most common passwords found on the Dark Web by category:

Names: maggie
Sports: baseball
Food: cookie
Places: Newyork
Animals: lemonfish
Famous People/Characters: Tigger
What is a lemonfish? Seriously? Whatever it is, it tops the animals used in password creation.

Related: How to protect yourself from Dark Web data abuse

If you’re curious about the rest of the worst common passwords, here is the complete list:

123456
password
12345678
12341234
1asdasdasdasd
Qwerty123
Password1
123456789
Qwerty1
:12345678secret
Abc123
111111
stratfor
lemonfish
sunshine
123123123
1234567890
Password123
123123
1234567
Tips for good password security
Don’t use any of these passwords or make similar password mistakes. Use good password security instead.

https://www.komando.com/security-privacy...ds/777071/
.....

I recall one story about bad passwords. Garden-variety profanities were horrible.

A hint: if your password passes spell-check, then you might want something else. Hints: "lincoln1809" and "chopin1809" are far too obvious. So is "ohio1803".
The ideal subject of totalitarian rule is not the convinced Nazi or the dedicated Communist  but instead the people for whom the distinction between fact and fiction, true and false, no longer exists -- Hannah Arendt.


Reply
#3
Now for a really stupid person, Congresscritter Mo Brooks, Reprobate-AL. This fellow had his password in plain sight, and someone actually photographed it!
The ideal subject of totalitarian rule is not the convinced Nazi or the dedicated Communist  but instead the people for whom the distinction between fact and fiction, true and false, no longer exists -- Hannah Arendt.


Reply
#4
Law enforcement has turned the trick on organized crime. Great news!

The ANOM (also stylized as AN0M or ΛNØMsting operation (known as Operation Trojan Shield or Operation Ironside) is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafiaAlbanian organised crimeoutlaw motorcycle clubs, drug syndicates and other organised crime groups.

The shutdown of the Canadian secure messaging company Phantom Secure in March 2018 left international criminals in need of an alternative system for secure communication.[1] Around the same time, the San Diego FBI branch had been working with a person who had been developing a "next-generation" encrypted device for use by criminal networks. The person was facing charges and cooperated with the FBI in exchange for a reduced sentence. The person offered to develop ANOM and then distribute it to criminals through their existing networks.[2][3] The first communication devices with ANOM were offered by this informant to three former distributors of Phantom Secure in October 2018.[4]

The FBI also negotiated with an unnamed third country to set up a communication interception, but based on a court order that allowed passing the information back to the FBI. Since October 2019, ANOM communications have been passed on to the FBI from this third country.[1]

The FBI named the operation "Trojan Shield",[5] and the AFP named it "Ironside".[6]



[Image: AnomChat.jpg]




The ANOM devices consisted of a messaging app running on smartphones that had been specially modified to disable normal functions such as 
voice telephonyemail, or location services. After checking that normal functionality was disabled,[7] the messaging apps then communicated with one another via supposedly secure proxy servers, which then copied all sent messages to servers controlled by the FBI. The FBI could then decrypt the messages with a private key associated with the message, without ever needing remote access to the devices.[3][8] The devices also had a fixed identification number assigned to each user, allowing messages from the same user to be connected to each other.[8] According to a since-deleted Reddit post discovered by Motherboard, the ANOM app was "for Android";[9] a WordPress blog post described the app as using a "custom Android OS".[10][better source needed]

About 50 devices were distributed in Australia for beta testing from October 2018. The intercepted communications showed that every device was used for criminal activities, primarily being used by organised criminal gangs.[1][3]

Use of the app spread through word of mouth,[3] and was also encouraged by undercover agents;[11] drug trafficker Hakan Ayik was identified "as someone who was trusted and was going to be able to successfully distribute this platform", and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use.[11][12] After users of the devices requested smaller and newer phones, new devices were designed and sold.[4] The most commonly used languages on the app were Dutch, German and Swedish.[13]

After a slow start, the rate of distribution of ANOM increased from mid-2019. By October 2019, there were several hundred users. By May 2021, there had been 11,800 devices with ANOM installed, of which about 9,000 were in use.[1] New Zealand had 57 users of the ANOM communication system.[14] The Swedish Police had access to conversations from 1,600 users, of which they focused their surveillance on 600 users.[15] Europol stated 27 million messages were collected from ANOM devices across over 100 countries.[16]

Some skepticism of the app did exist; one March 2021 WordPress blog post called the app a scam.[10][17][3]



[Image: 800px-ANOM_Screenshot_-_2021-06-10_-_01.png]


ANOM website screenshot, 10 June 2021



The sting operation culminated in [url=https://en.wikipedia.org/wiki/Search_warrant]search warrants that were executed simultaneously around the globe on 8 June 2021.[14] It is not entirely clear why this date was chosen, but news organisations have speculated it might be related to a warrant for server access expiring on 7 June.[3] The background to the sting operation and its transnational nature was revealed following the execution of the search warrants. Over 800 people were arrested in 16 countries.[18][19][20] Among the arrested people were alleged members of Australian-based Italian mafiaAlbanian organised crimeoutlaw motorcycle gangs, drug syndicates and other crime groups.[18][6][21] In the European Union, arrests were coordinated through Europol.[22] Arrests were also made in the United Kingdom, although the National Crime Agency was unwilling to provide details about the number arrested.[23]

The seized evidence included almost 40 tons of drugs (over eight tons of cocaine, 22 tons of cannabis and cannabis resin, six tons of synthetic drug precursors, two tons of synthetic drugs), 250 guns, 55 luxury cars[20] and more than $48 million in various currencies and cryptocurrencies. In Australia, 224 people were arrested on 526 total charges.[21] In New Zealand, 35 people were arrested and faced a total of 900 charges. Police seized $3.7 million in assets, including 14 vehicles, drugs, firearms and more than $1 million in cash.[24][25]

Over the course of the three years, more than 9,000 police officers across 18 countries were involved in the sting operation. Australian Prime Minister Scott Morrison said that the sting operation had "struck a heavy blow against organised crime". Europol described it as the "biggest ever law enforcement operation against encrypted communication".[18]



About 50 of the devices had been sold in Australia. Police arrested 224 suspects and seized 104 firearms and confiscated cash and possessions valued at more than 45 million AUD.[26]



In Germany, the majority of the police activity was in the state of Hesse where 60 of the 70 nationwide suspects were arrested.[27] Police searched 150 locations and in many cases under suspicion of drug trafficking.[28]



In the Netherlands, 49 people were arrested by Dutch police while they investigated 25 drug production facilities and narcotics caches. Police also seized eight firearms, large supplies of narcotics and more than 2.3 million euros.[13]



In Sweden, 155 people were arrested as part of the operation.[15] According to police in Sweden which received intelligence from the FBI, during an early phase of the operation it was discovered that many of the suspects were in Sweden. Linda Staaf, head of the Swedish police's intelligence activities, said that the suspects in Sweden had a higher rate of violent crime than the other countries.[29]


No arrests were made in the United States because of privacy laws that prevented law enforcement from collecting messages from domestic subjects.[30]
The ideal subject of totalitarian rule is not the convinced Nazi or the dedicated Communist  but instead the people for whom the distinction between fact and fiction, true and false, no longer exists -- Hannah Arendt.


Reply
#5
(06-07-2021, 09:34 AM)pbrower2a Wrote: Most of the bad passwords found on the Dark Web originate from these groups. In fact, about 59% of Americans use a person’s name or family birthday in their passwords. Another 33% include a pet’s name and, shockingly, a whopping 22% use their own name to create passwords.

I'm not sure a family birthday is all that bad if it's just a string of 8 digits.  People have to know something about your family to break that.  The issues these days are mostly from cyber criminals that aren't targeting anyone in particular; they're just looking for vulnerable accounts, so a random date won't be much easier than any other digit string to break.

Names are, of course, a terrible ideal.

I suspect "stratfor" was on that list because they were a site which got its entire subscriber list hacked, and I guess a lot of users used the site's name in their password.

At least the top passwords are no longer women's names, as they were in the days when guys used their girlfriends' names for their password.  I remember when the top password on the internet was "susan".
Reply
#6
(06-19-2021, 12:15 PM)pbrower2a Wrote: Law enforcement has turned the trick on organized crime. Great news!

The ANOM (also stylized as AN0M or ΛNØMsting operation (known as Operation Trojan Shield or Operation Ironside) is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafiaAlbanian organised crimeoutlaw motorcycle clubs, drug syndicates and other organised crime groups.

I don't think this is great news at all:  quite the opposite, in fact.  The government being able to intercept all communications is something that can be abused to much more severe levels than organized crime is likely to get to.

Want some actual great news?  The government was able to reverse the bitcoin ransom transaction for the recent hack of the oil pipeline network, so the hackers never got their money.
Reply
#7
(06-19-2021, 07:33 PM)Warren Dew Wrote:
(06-19-2021, 12:15 PM)pbrower2a Wrote: Law enforcement has turned the trick on organized crime. Great news!

The ANOM (also stylized as AN0M or ΛNØMsting operation (known as Operation Trojan Shield or Operation Ironside) is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafiaAlbanian organised crimeoutlaw motorcycle clubs, drug syndicates and other organised crime groups.

I don't think this is great news at all:  quite the opposite, in fact.  The government being able to intercept all communications is something that can be abused to much more severe levels than organized crime is likely to get to.

Want some actual great news?  The government was able to reverse the bitcoin ransom transaction for the recent hack of the oil pipeline network, so the hackers never got their money.

Certain behaviors are seen as criminal. Some criminal activities, such as drug dealing, human trafficking, child porn, wildlife poaching, and criminal hacking can be lucrative activities. Unlike normal business they do great harm to others. 

Honest people may be secretive about how much they earn, but they will tell you how they make the:

ir money. Crooks must cover for what they do. If you are Jeff Bezos you have nothing to hide. If you are dealing young women from Moldova that you can get them to America where they will get restaurant work and then they end up in a whorehouse that they cannot leave, then you have something to hide.  

This is a disgusting image, but you can imagine what sort of people would do his to a woman or girl:

[Image: dreamstime_xl_31975734.jpg?1454006249]

I'm not saying that human trafficking is one of the crimes stopped with this sting... but the people who do human trafficking usually do other crimes.  I have a particular hatred for human trafficking for its degradation of people. Of course, offenders make money off human suffering and must find ways in which to conceal it.     

Supposedly one can get all sorts of stuff from Jeff Bezos through Amazon.com. Maybe this disgusting image did appear in the Washington Post (which he owns), but he certainly isn't selling the woman.
The ideal subject of totalitarian rule is not the convinced Nazi or the dedicated Communist  but instead the people for whom the distinction between fact and fiction, true and false, no longer exists -- Hannah Arendt.


Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)