By Waqas Mirai has been known as one of the most powerful botnets comprised of millions of hacked Internet of Things (IoT) devices including routers, digital video recorders (DVRs) and security cameras. Mirai was also used by hackers to carry out one of the largest DDoS attacks on the servers of DynDNS which ultimately disrupted high profile websites like […] This is a post from HackRead.com Read the original post: Hackers behind Mirai botnet to avoid jail for working with the FBI
By Waqas At the moment, it is unclear how many Newegg customers have been impacted. The IT security researchers at RiskIQ and Volexity have announced that Newegg Inc., an online retailer of items including computer hardware and consumer electronics has become a victim of a cyber attack in which hackers have stolen credit card details of its customers. According to […] This is a post from HackRead.com Read the original post: Hackers target Newegg with “sophisticated malware”; steal credit card data
Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “Mirai,” a potent malware strain used in countless attacks designed to knock Web sites offline — including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.
The men — 22-year-old Paras Jha Fanwood, New Jersey, Josiah White, 21 of Washington, Pa., and Dalton Norman from Metairie, La. — were each sentenced to five years probation, 2,500 hours of community service, and ordered to pay $127,000 in restitution for the damage caused by their malware.
Mirai enslaves poorly secured “Internet of Things” (IoT) devices like security cameras, digital video recorders (DVRs) and routers for use in large-scale online attacks.
Not long after Mirai first surfaced online in August 2016, White and Jha were questioned by the FBI about their suspected role in developing the malware. At the time, the men were renting out slices of their botnet to other cybercriminals.
Weeks later, the defendants sought to distance themselves from their creation by releasing the Mirai source code online. That action quickly spawned dozens of copycat Mirai botnets, some of which were used in extremely powerful denial-of-service attacks that often caused widespread collateral damage beyond their intended targets.
The source code release also marked a period in which the three men began using their botnet for far more subtle and less noisy criminal moneymaking schemes, including click fraud — a form of online advertising fraud that costs advertisers billions of dollars each year.
In September 2016, KrebsOnSecurity was hit with a record-breaking denial-of-service attack from tens of thousands of Mirai-infected devices, forcing this site offline for several days. Using the pseudonym “Anna_Senpai,” Jha admitted to a friend at the time that the attack on this site was paid for by a customer who rented tens of thousands of Mirai-infected systems from the trio.
In January 2017, KrebsOnSecurity published the results of a four-month investigation into Mirai which named both Jha and White as the likely co-authors of the malware. Eleven months later, the U.S. Justice Department announced guilty pleas by Jha, White and Norman.
Prior to Tuesday’s sentencing, the Justice Department issued a sentencing memorandum that recommended lenient punishments for the three men. FBI investigators argued the defendants deserved light sentences because they had provided the government “extraordinary cooperation” in identifying other cybercriminals engaged in related activity and helping to thwart massive cyberattacks on several companies.
The government said Jha was especially helpful, devoting hundreds of hours of work in helping investigators. According to the sentencing memo, Jha has since landed a part-time job at at a cybersecurity firm, although the government declined to name his employer.
However, Jha is not quite out of the woods yet: He has also admitted to using Mirai to launch a series of punishing cyberattacks against Rutgers University, where he was enrolled as a computer science student at the time. Jha is slated to be sentenced next week in New Jersey for those crimes.
The Mirai case was prosecuted out of Alaska because the lead FBI agent in the investigation, 36-year-old Special Agent Elliott Peterson, is stationed there. Peterson was able to secure jurisdiction for the case after finding multiple DVRs in Alaska infected with Mirai. Last week, Peterson traveled to Washington, D.C. to join several colleagues in accepting the FBI’s Director Award — the bureau’s highest honor — for the Mirai investigation.
By Carolina It is quite unlikely that somebody would be naïve enough to upload a copy of a newly released movie on his Facebook page with his real name since this would lead the law enforcement straight to the person, that too, in no time. However, it seems that there is one such person and his name […] This is a post from HackRead.com Read the original post: California man may get 6 months in prison for uploading Deadpool on Facebook
By Carolina AlphaBay was one of the largest dark web marketplaces – In 2017, its admin Alexandre Cazes committed suicide in a Thai prison. The Fresno Division of the U.S. District Court for the Eastern District of California has finally concluded a 14-month long civil forfeiture case and allowed seizure of property and assets of a Canadian national Alexandre Cazes […] This is a post from HackRead.com Read the original post: Dark Web: US court seizes assets and properties of deceased AlphaBay operator
By Waqas Xbash is an “all in one” malware. Palo Alto Networks’ Unit 42 researchers have come to the conclusion that the notorious Xbash malware that has been attacking Linux and Windows servers is being operated by the Iron Group which is an infamous hacker collective previously involved in a number of cyber crimes involving the use […] This is a post from HackRead.com Read the original post: Linux & Windows hit with disk wiper, ransomware & cryptomining Xbash malware
By Uzair Amir The ransomware attack disrupted the screens for two days. In a nasty ransomware attack, flight information screens at the United Kingdom’s Bristol airport were taken over and hijacked by malicious hackers on September 15th Friday morning. The ransomware attack forced the airport staff to go manual by using whiteboards and hand-written information to assist passengers regarding their […] This is a post from HackRead.com Read the original post: Hackers disrupt UK’s Bristol Airport flight info screens after ransomware attack
Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.
Indianapolis-based GovPayNet, doing business online as GovPayNow.com, serves approximately 2,300 government agencies in 35 states. GovPayNow.com displays an online receipt when citizens use it to settle state and local government fees and fines via the site. Until this past weekend it was possible to view millions of customer records simply by altering digits in the Web address displayed by each receipt.
On Friday, Sept. 14, KrebsOnSecurity alerted GovPayNet that its site was exposing at least 14 million customer receipts dating back to 2012. Two days later, the company said it had addressed “a potential issue.”
“GovPayNet has addressed a potential issue with our online system that allows users to access copies of their receipts, but did not adequately restrict access only to authorized recipients,” the company said in a statement provided to KrebsOnSecurity.
The statement continues:
“The company has no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction. Additionally, most information in the receipts is a matter of public record that may be accessed through other means. Nonetheless, out of an abundance of caution and to maximize security for users, GovPayNet has updated this system to ensure that only authorized users will be able to view their individual receipts. We will continue to evaluate security and access to all systems and customer records.”
In January 2018, GovPayNet was acquired by Securus Technologies, a Carrollton, Texas- based company that provides telecommunications services to prisons and helps law enforcement personnel keep tabs on mobile devices used by former inmates.
Although its name may suggest otherwise, Securus does not have a great track record in securing data. In May 2018, the New York Times broke the news that Securus’ service for tracking the cell phones of convicted felons was being abused by law enforcement agencies to track the real-time location of mobile devices used by people who had only been suspected of committing a crime. The story observed that authorities could use the service to track the real-time location of nearly any mobile phone in North America.
Just weeks later, Motherboard reported that hackers had broken into Securus’ systems and stolen the online credentials for multiple law enforcement officials who used the company’s systems to track the location of suspects via their mobile phone number.
A story here on May 22 illustrated how Securus’ site appeared to allow anyone to reset the password of an authorized Securus user simply by guessing the answer to one of three pre-selected “security questions,” including “what is your pet name,” “what is your favorite color,” and “what town were you born in”. Much like GovPayNet, the Securus Web site seemed to have been erected sometime in the aughts and left to age ungracefully for years.
Data exposures like these are some of the most common but easily preventable forms of information leaks online. In this case, it was trivial to enumerate how many records were exposed because each record was sequential.
E-commerce sites can mitigate such leaks by using something other than easily-guessed or sequential record numbers, and/or encrypting unique portions of the URL displayed to customers upon payment.
Although fixing these information disclosure vulnerabilities is quite simple, it’s remarkable how many organizations that should know better don’t invest the resources needed to find and fix them. In August, KrebsOnSecurity disclosed a similar flaw at work across hundreds of small bank Web sites run by Fiserv, a major provider of technology services to financial institutions.
In July, identity theft protection service LifeLock fixed an information disclosure flaw that needlessly exposed the email address of millions of subscribers. And in April 2018, PaneraBread.com remedied a weakness that exposed millions of customer names, email and physical addresses, birthdays and partial credit card numbers.
Got a tip about a security vulnerability similar to those detailed above, or perhaps something more serious? Please drop me a note at krebsonsecurity @ gmail.com.
By Carolina Another day, another trove of medical records leaked online, thanks to a misconfigured AWS S3 bucket. Medical records are considered to be sensitive documents and when a malicious third party has access to them it is a bad news as these records can be used for fraud, blackmailing and marketing purposes against patients’ will. However, […] This is a post from HackRead.com Read the original post: Medical records & patient-doctor recordings of thousands of people exposed
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com