Search This Blog

Showing posts with label Federal Agency. Show all posts

Missing Cryptoqueen: Leaked Police Files May Have Alerted the OneCoin Fraudster Ruja Ignatova

 

Best known as the “Missing CryptoQueen,” convicted fraudster Ruja Ignatova who was included on the most wanted list by the US Federal Bureau of Investigation (FBI) is assumed to be receiving the information of the investigation before her disappearance. 
 
The 42-year-old fraudster, based in Bulgaria is convicted of her suspected involvement in the $4 billion OneCoin cryptocurrency fraud. The details of the scam were uncovered in a BBC podcast ‘The Missing Cryptoqueen’ devoted to the infamous fraudster. 

The police documents related to the case were apparently shown in the podcast by Frank Schneider, a former spy and trusted adviser to Ignatova. Following the allegations, Schneider is now facing extradition to the US for his role in the OneCoin fraud. 

While the metadata on the files suggests that Ignatova acquired the said documents through her own contacts in Bulgaria, Schneider denies the claims of obtaining the documents himself, which he says were obtained on a USB memory stick by Ignatova. 
 
Ignatova disappeared on October 25th, 2017, after being made aware of the police investigation into her OneCoin cryptocurrency. Following this, in June 2022 she was included in the FBI's most wanted list.
 
In an interview with the BBC, Schneider informed about the police files containing presentations made at a Europol meeting named ‘Operation Satellite.’ The meeting was attended by officials from Dubai, Bulgaria, the UK, Germany, and the Netherlands along with the FBI, the US Department of Justice, and the New York District Attorney five months before the disappearance of Ignatova. 
 
The said documents contained details of US authorities having a “high-placed confidential informant”, bank accounts from OneCoin receiving investor funds, and failed attempts of the UK's City of London to interview Ignatova. 

On being asked about the aforementioned files, Schneider said "When the Bulgarians participated at certain Europol meetings, it only took hours for her to get a complete rundown and get the minutes of what was said in those meetings.” “I can only deduce that it came from the circles that she was in and the she had through a variety of influential personalities.”

DHS Investigators: Stopped Cyberattack on Undersea Internet Cable in Hawaii

 

An apparent cyberattack on an unknown telecommunication company's servers related to an underwater cable responsible for internet, cable service, and cell connections in Hawaii and the region was "disrupted" by federal agents in Honolulu last week, the agency told in a statement on Tuesday. 

Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts that led to the disruption of a major intrusion involving a private company's servers associated with an underwater cable. "An international hacker group" was involved in the attack, according to the probe, and HSI agents and international law enforcement partners in multiple countries were able to make an arrest.

The statement did not specify the sort of cyberattack, the hacking group responsible, other law enforcement agencies involved, or the location of any arrests. According to the statement, no damage or interruption happened, and there is no immediate threat. Investigators discovered that the attackers had gained credentials that permitted access to an unnamed company's systems, according to John Tobon, HSI's special agent in charge in Hawaii, who informed a local news station. 

“It could have been something to just create havoc, in other words, just shut down communications, or it could have been used to target individuals in ransomware-type schemes,” he stated.

According to the National Oceanic and Atmospheric Administration, hundreds of "submarine" internet cables carry up to 95 percent of intercontinental internet data. According to an Atlantic Council report, the cables are owned and operated by a mix of corporate and state-owned enterprises, and they are experiencing increasing threats to their security and resilience. 

Justin Sherman, the report's author, highlights worries about authoritarian governments' intent to restrict internet access by influencing physical infrastructure like submarine lines. The lines are also appealing targets for government or criminal parties attempting to collect sensitive data through covert surveillance. Another issue, according to Sherman, is that more cable operators are employing remote management tools for cable networks. 

He wrote, “Many of these systems have poor security, which exposes cables to new levels of cybersecurity risk. Hackers could break into these internet-connected systems from anywhere in the world and physically manipulate cable signals, causing them to drop off entirely — undermining the flow of internet data to specific parts of the world.” 

Sherman added, “One can even imagine a threat actor (state or non-state) hacking into a cable management system and trying to hold the infrastructure hostage.”

CISA Issues Warning to Federal Agencies Regarding Actively Exploited Windows Flaw

 

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability that allows malicious actors to abuse the Microsoft operating system and secure administrator privileges on a device. The vulnerability affects Windows 10, Windows 11, and Windows Server. 

In a CISA notice published February 4, all Federal Civilian Executive Branch Agencies (FCEB) agencies have two weeks to comply and address their systems to mitigate the threat from this actively exploited Windows vulnerability, tracked as CVE-2022-21882. 

Additionally, CISA recommended all private and public sector firms reduce their exposure to ongoing cyber assaults by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws. 

"CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below," the cybersecurity agency said today. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose a significant risk to the federal enterprise."

According to Microsoft's advisory, the attackers with limited access to exploited devices can use the newly obtained user rights to spread laterally within the network, create new admin users, or execute privileged commands. 

"A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver," researchers explained. This vulnerability affects systems running Windows 7, Windows 8, Windows 10, and Windows 11 as well as Windows Server 2019 and 2022. The bug is also a bypass of another Windows Win32k privilege escalation bug (CVE-2021-1732), a zero-day flaw patched in February 2021 and actively exploited in attacks since at least the summer of 2020.

Security experts at BleepingComputer also examined an exploit targeting this bug and discovered no issues compiling the exploit and using it to open Notepad with SYSTEM privileges on a Windows 10 system (the exploit didn't work on Windows 11). 

In recent months, Windows patches have hit the headlines for the wrong reasons especially after Microsoft botched not one, but two zero-day patches. This led to security researcher Abdelhamid Naceri, who identified one of the failed patches, sarcastically warning users: “you better wait and see how Microsoft will screw the patch again.”