Search This Blog

Showing posts with label Identity Theft. Show all posts

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’


Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency. 

During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies. 

The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets. 

Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list. 

Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers. 

It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron. 

ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes Blender.io, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022. 

The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company. 

According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency. 

Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals. 

The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.” 

“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.  

Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore


Ex Employee dupes Uber of Rs 1.17 Crore

A former Uber employee has been charged for duping the company of Rs. 1.17 crore by making 388 fake driver profiles and putting them on the company's server. The money was then transferred to only 18 bank accounts linked with these fake profiles. The accused was working with the company till December 2021 as a contractor. Uber's authorized signatory lodged the complaint in April last year. The accused's job was to look over driver payments and update the information of the authorized drivers in the company's spreadsheet so that the money could be transferred to the respective accounts.

FIR registered

Uber during its inquiry, discovered that out of the 388 fake driver profiles, 191 profiles were made using the same IP addresses associated with the accused man's system. 

"To avoid inconveniencing driver partners, a spreadsheet is automatically uploaded regularly. A large number of transactions were processed by this automated spreadsheet and the accused was responsible for updating the details of the driver-partner accounts to be paid," Uber said in the complaint. The man created and made various fake driver partners’ accounts in the spreadsheet.

According to the police, the accused has been booked under sections 408 (criminal breach of trust by a servant), 420 (cheating), 477-A (falsification of accounts), and 120-B (criminal conspiracy) of the IPC. 

The Uber complaint further read "191 cases out of 388 cases matched with the IP addresses used by Viney Gera to log into his work computer on the same day as the creation of the accounts. In the above manner, a total amount of Rs 1,17,03,033 has been fraudulently paid to these fake driver partners into only 18 bank accounts."

PTI quotes Inspector Deepak Kumar, SHO, Sushant Lok Police Station said "we are investigating the matter and the accused will be arrested as soon as possible," PTI reports.  

Handling of driver partner payments

An Indian Express report explained how Uber handles driver payments when their accounts show a negative balance. A negative balance in an Uber driver's account means payment is overdue. This is removed when the driver pays the amount to the company. After this, a positive payment is credited to the partner's account, and the details of the transaction are updated in a spreadsheet. 

The data (company spreadsheet) is then "uploaded to an Uber Payment Tool through an automated python script." The upload adds a positive balance to the driver partner's account to remove arrears that allow the driver to drive again. 


Here's How a Lost Wallet Becomes a Nightmare for Your Credit and Identity

 

Theft of identity and the establishment of bank accounts in your name can result from losing your wallet. That can result in years of battling false creditors and claims, building up bad credit. Jessica Roy, an assistant editor on the utility journalism team at the Los Angeles Times, experienced this. 

In 2018, she claims that her wallet was stolen from her purse at a pub, but she didn't pay it much attention. 

I actually didn't keep that much in there. My driver's license, some cash, and a few credit cards were all there. The following day, I discovered they had completed a few transactions. I changed the cards and got those backward. I initially believed it to be the conclusion, Roy stated. 

But in the middle of January 2019, she began receiving a tonne of letters. “It was like, ‘Congratulations on your new Bank of America account. Congratulations on your new Wells Fargo account. We're following up on your Target card inquiry.’ And I realized they were using my identity to start opening new accounts.” 

Roy speculates that the hackers might have secured her social security information through the dark web. According to her reporting, that is typical. Many people dismiss the frequent data breaches and online intrusions that result in the theft of personal information like passwords or social security numbers. 

Roy claims that nobody is secure. She discussed the 2017 Equifax hack, which affected 147 million Americans, in her blog. That comes from a credit bureau and is private information. Our every financial move is being tracked by the credit bureaus, who aren't even protecting our data, which is why we need to keep our identity so secure. 

She always believed that because she was a reporter and was being thorough, she would be able to thwart false claims and transactions. 

I never imagined that I would experience this. And when it happened, I said to myself, "You know what, I'm going to start doing something." I'll be in control of this. I'm going to call the banks and demand that they put things right. And that will be the conclusion of it. And they're going to take care of it and shut these accounts in a really friendly manner. And everything will be a closed book. But it persisted. 

In Roy's instance, some arrests eventually took place, which she claims is unusual. “It wasn't because ‘oh, the police dug into my crime and worked night and day to solve this.’ It's because [the suspects] were pulled over and arrested for something else. And incidentally, they happened to have a bunch of my identity material in the car with them.” 

Roy claims that despite their repeated attempts, the criminals were unable to access her bank and email accounts because they were secured. Things like two-factor authentication stopped future problems from getting worse. 

“They called me impersonating my bank and asked me to repeat my password as if it were a security question. And I realized I was like, ‘Oh my God, this is them. They're calling me on Christmas to try and steal my identity some more,” she further added. I really think the conclusion that I came to in experiencing this and reporting this story is that yes, there are steps you can take. Nothing is foolproof, and this is a systemic issue that has to be addressed.” 

Roy advises users to proactively freeze their credit cards and set up two-factor authentication for each account, including email and bank accounts, to lessen the risk of identity theft.

Companies are at Risk From Remote Workers Losing Thier Laptops

 

Data thieves can steal a laptop from a coffee shop table, a lost property bin, an unlocked locker, your desk at work, or even your luggage on a crowded commuter train, and it's far away when you first realize it's gone. They are difficult to identify and trace, and because most individuals carry computers, it is simple to steal without anybody knowing. Many data theft events are simply crimes of opportunity rather than deliberate attacks, and stolen laptops make an excellent target.

Organizations are penalized a total of £26 million, according to data compiled by Cisco Systems, after employees misplaced company-owned laptops and phones.

The Information Commissioner's Office has collected over 3,000 reports of missing devices with user data during the past two years. Businesses are far more prone to be penalized than companies that have been the target of ransomware hackers if employees' misplaced laptops and phones consist of consumer information.

The majority of organizations are putting in place their cyber defenses, yet many do not consider their staff to be a threat to company data. But a major aspect of cyber security preparation is searching within the organization for potential insider threats. It might be challenging to tell whether a staff member has genuinely used company systems or if they are attempting to assault the company.
  
According to data protection legislation, the loss of a device containing or having access to the personal data of customers or suppliers must be reported to the ICO. As per Lindy Cameron, the CEO of the National Cyber Security Centre, ransomware is one of the most severe cybersecurity risks in the UK.

Martin Lee, technical lead for cybersecurity at Cisco, warned that office workers who are unable to resume their usual commute may see an increase in lost or stolen devices that carry important company data. Businesses in the UK have been investing heavily to ensure that their corporate networks are impenetrable because of the increased awareness of cyber threats brought on by rising data breaches. 



KeyBank Suffers Data Breach, Third Party Steals Personal Information


KeyBank hit by data breach 

Hackers stole personal data: addresses and account numbers of home mortgage holders at KeyBank, social security numbers, the bank reports, in the compromise of the third party vendor that serves multiple corporate clients. 

The hackers stole the information on July 5 after hacking into computers at the insurance service provider Overby Seawell Company. 

KeyBank has its operations across 15 states, and has around $200 Billion in assets, the bank hasn't disclosed how many customers were affected or to respond to any other queries related to the breach. 

KeyBank's stand

In statement, KeyBank told that it came to know about the data theft on 4th August, and KeyBank systems and operations weren't compromised. Overby Seawell Company hasn't replied to any phone messages and emails that were sent to executives for comment. 

It sent a statement to the Associated Press, KeyBank mentions Kennesaw, Georgia based Overby Seawell was hit by a cybersecurity incident that breached data of its corporate clients. It refused to comment further. 

Further information 

As per the website, Overby Seawell's customers are banks, credit unions, finance companies and property investors, and mortgage servicers. The products consist a tracking system for real-time insurance monitoring that can be combined with other financial industry software forums. 

In an August 26 letter sent to Associated Press by an impacted mortgage holder, KeyBank said the information included in the Overby-Seawell breach linked to their mortgage consists their name, mortgage account number, address, and the first eight digits of their nine digits social security number. 

That is enough information for identity theft which the hackers can use while carrying out a serious fraud. 

Software Flaw in E-Commerce Sites Abused by Hackers

 

The National Cyber Security Centre (NCSC) of the United Kingdom has notified the administrators of over 4,000 online retailers warning that their sites had been penetrated with Magecart attacks to steal consumers' financial information. 

Malicious actors infuse scripts known as credit card skimmers (aka payment card skimmers or web skimmers) into vulnerable online stores in Magecart attacks (also known as web skimming, digital skimming, or e-Skimming) to extract and rob payment or personal information submitted by patrons at the payment page. 

Eventually, the attackers would exploit this data in different financial and identity theft fraud operations, or they will auction it to the highest bidder on hacking or carding sites. 

"The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities," the UK cybersecurity agency said. 

"The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform." 

Throughout April 2020, NCSC has been monitoring these stores and has sent alerts to site operators and small and medium-sized organizations (SMEs) after finding the infected e-commerce sites through its Active Cyber Defence program. 

During Black Friday and Cyber Monday affected online merchants were reminded to maintain Magento — and any other software they employ — up to date to prevent attackers from breaching their servers and compromising their online shops and customers' data. 

"We want small and medium-sized online retailers to know how to prevent their sites from being exploited by opportunistic cybercriminals over the peak shopping period," said Sarah Lyons, NCSC Deputy Director for Economy and Society. 

"It's important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date." She added.

The organization also advises individuals and families who would like to buy online securely, to only purchase from trusted online retailers, utilize credit cards for online payments, and always be on the lookout for suspicious emails and text messages featuring offers that appear too good to be true. 

The US Cybersecurity and Infrastructure Security Agency (CISA) also issued security guidelines for staying safe while buying online. 

"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps," said Steve Barclay, Chancellor of the Duchy of Lancaster. 

"It's critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium."

Cryptoscams Cost Australians About AU$6.6 Million Every Month

 

From the beginning of the year to the end of August, losses due to cryptocurrency investment scams accounted for over a quarter of all scams reported to the Australian Competition and Consumer Commission (ACCC). The ACCC said that it received 3,007 reports totaling losses of AU$53.2 million in response to a notice from the Senate Select Committee on Australia as a Technology and Financial Centre. This accounted for 55% of all investment fraud losses and 48% of all investment fraud reports. 

New South Wales had 860 reports for losses of AU$20.6 million, Victoria had 563 reports for losses of AU$12.6 million, Queenslanders lost AU$8.2 million and submitted 485 reports, and Western Australia had 268 reports for losses of AU$3.8 million. 

People in the 55-64 age group lost over AU$12.6 million and submitted 365 complaints, while those over 65 lost AU$10.7 million and filed 356 reports, and those in the 44-54 age group filed 352 reports and lost AU$8.7 million. The losses declined with age, with individuals aged 35-44 reporting 627 losses totaling AU$7.6 million. Young people aged 25 to 34 lost AU$7 million and filed 570 reports. 

Between January and July 2021, Australians lost over 70 million AUD (or 50 million USD) as a result of such scams, according to Delia Rickard, ACCC Deputy Chair. The most popular investment frauds included cryptocurrencies, particularly Bitcoin. 

Ms. Rickard went on to say that threat actors frequently entice victims with promises of high earnings and minimal risk. She cautioned that such incidents should draw the attention of investors rather than luring them in carelessly. “Be wary of investment opportunities with low risk and high returns. If something sounds too good to be true, it probably is,” she said. 

"While the proportion of reports involving a financial loss has dropped this year, the people who do lose money are losing bigger amounts. The average loss so far this year is about AU$11,000 compared to AU$7,000 for the same period in 2020," Delia said. 

According to the ACCC, phishing scams have increased by 261%, remote access scams have increased by 144%, and identity theft has increased by 234%. The consumer watchdog said it has been giving scammer phone numbers to Australian carriers and working with banks to "raise awareness with their consumers" who may have been infected with the Android spyware Flubot.

School Childrens' Personal Information on Dark Web: Potential Identity Theft

 

NBC News, an American broadcaster has published a report on the data theft of millions of school children and how it can set up a child for a lifetime of potential identity theft. The data includes medical condition, family financial status, Social Security numbers, and birth dates of school children.

According to the NBC report, threat actors posted the excel sheet titled “Basic student information”, maintained by one of the schools on the dark web after they refused to pay the ransom, as instructed by the FBI.

 “It lists students by name and includes entries for their date of birth, race, Social Security number, and gender, as well as whether they’re an immigrant, homeless, marked as economically disadvantaged, and if they’ve been flagged as potentially dyslexic,” states the NBC report. 

When NBC News contacted some of the targeted schools regarding the data leak, they were unaware of the problem. “I think it’s pretty clear right now they’re not paying enough attention to how to ensure that data is secure, and I think everyone is at wits’ end about what to do when it’s exposed. And I don’t think people have a good handle on how large that exposure is,” said Doug Levin, the director of the K12 Security Information Exchange, a nonprofit organization devoted to helping schools protect against cyberthreats. 

Worsening Situation 

The recent surge in ransomware attacks has aggravated the problem, as those hackers often release victims’ files on their websites if they refuse to pay the ransom. While the average person may not know where to find such sites, criminal hackers can find them easily. In 2021 only, hackers released data from more than 1,200 American K-12 schools, according to a tally provided to NBC News by Brett Callow, a ransomware analyst at the cybersecurity company Emsisoft. 

The situation is complicated by the fact that many schools are unaware of all the information that’s stored on all their computers, and therefore do not realize the extent of what hackers have stolen. When the Dallas-area Lancaster Independent School District was targeted in a ransomware attack in June, it notified parents but told them the school’s investigation “has not confirmed that there has been any impact to employee or student information,” Kimberly Simpson, the district’s chief of communications, said in an email. 

But the NBC News’ investigation uncovered the truth when it discovered the audit from 2018 that listed more than 6,000 students, organized by grade and school, as qualifying for free or reduced-price meals. When contacted for comment on the audit, Simpson did not respond. 

Another tactic employed by the attackers is to target a third party that holds students’ data. In May 2021, attackers published files they had stolen from the Apollo Career Center, a northwestern Ohio vocational school that was in the collaboration with 11 regional high schools. The leaked data included hundreds of high schoolers’ report cards from the last school year, all of which are currently visible on the dark web.

“We are aware of the incident and are investigating it. We are in the process of providing notifications to the students and other individuals whose information was involved and will complete the notifications as soon as possible,” Allison Overholt, a spokesperson for Apollo, said in an email. 

 Taking action 

American parents are quickly releasing that addressing these problems may fall to them. Due to the poor knowledge regarding the data stored on their computers, schools may not even know if they have been hacked or if those hackers have released students’ information on the dark web. Federal and state laws for student information often do not issue clear guidance for what to do if a school is hacked, Levin said. 

Eva Velasquez, the president of the nonprofit Identity Theft Resource Center, which helps victims of data theft, is advising parents to freeze their children’s credit to keep them safe from identity theft. “We should for all intents and purposes believe that for the most part, all of our data’s been compromised. We’ve been dealing with data breaches since 2005, and they are absolutely ubiquitous, and just because you didn’t receive a notice doesn’t mean it didn’t happen,” Velasquez said.

Freezing a child’s credit can often be time-consuming, and doing it effectively requires completing the process with all three major credit monitoring services, Experian, Equifax, and TransUnion. But it has become an essential step for digital safety, Velasquez said. 

“We encourage parents to freeze children’s’ credit. From an identity theft perspective, that is one of the most robust, proactive steps that a consumer can take to minimize the risk. And it applies to kids, and it’s free,” she concluded.

Maryland Officials Found 508,000 “Potentially Fraudulent” Unemployment Claims

 

Over the last six weeks, more than half a million "potentially fraudulent" jobless claims have been made in Maryland, according to state labour officials. Officials say about 508,000 unemployment claims have been flagged as Maryland Governor Larry Hogan joins a group of 25 other GOP governors who have decided to discontinue federal unemployment payments. According to The Washington Post, approximately 1.3 million bogus claims have been made in Maryland since the beginning of the pandemic.

“As the economy recovers and states across the country continue to opt out of the federal benefits program, bad actors are becoming more brazen and aggressive in their attempts to exploit unemployment insurance programs than ever before,” Maryland Labor Secretary Tiffany Robinson told the Post in a statement. 

Fallon Pearre, a spokeswoman for the Labor Department, declined to say how many of the "potentially fraudulent" claims have been proven to be false or whether any will result in legal action, but she did tell the Washington Post that the claims had been submitted to federal law enforcement. 

Marylanders will lose an additional $300 per week in benefits under Hogan's decision, which comes two months ahead of the Biden administration's original deadline, and gig workers will be without benefits entirely, according to the Post. 

According to the Washington Post, Robinson recently stated that the Labor Department had hired LexisNexis Risk Solutions to assist in the identification of possibly false claims. Over 64% of the nearly 200,000 transactions were detected as fraudulent, according to the business. 

According to the Washington Post, Robinson told the Maryland state House Economic Matters Committee, "Fraud is rampant, so we have to remain on top of it." When pushed by a state senator about the types of fraud that had been discovered, Robison stated that the bulk of the cases involved stolen identities. “We know there are foreign actors across the country and across the world that are using the identities that they have obtained,” she said. 

Maryland officials identified an unemployment fraud operation last year that resulted in $501 million in bogus claims, with over 47,000 phoney claims filed using stolen identities and information obtained from earlier data breaches.

WeLeakInfo's Customer Records Leaked

 

WeLeakInfo.com was an information breach notification service that was permitting its clients to check if their credentials have been compromised in information breaches. The service was guaranteeing a database of more than 12 billion records from over 10,000 data breaches. In mid-2020, a joint operation directed by the FBI in coordination with the UK NCA, the Netherlands National uPolice Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. 

The U.S. Department of Justice in January declared that it seized weleakinfo.com, which existed since 2017. The site sold different subscription levels, making it workable for scammers to access and look through the database. Two 22-year old men,, one in the Netherlands and the other in Northern Ireland, were arrested in connection with running the site, as per the Dutch media source Nu.nl. 

The site additionally vowed to alert members if their own data was stolen and uploaded to the database, with a feature called “Asset Monitoring.” “Get notified when your information is detected in a data breach,” the sales pitch said, according to an archived version of the homepage. “Stay one step ahead of hackers.” 

Weleakinfo, and other sites like it, basically work as a noxious variant of HaveIBeenPwned, a database where guests can check if their data has been compromised. HaveIBeenPwned permits clients to decide whether an email address has been included for different information breaches. 

Security specialists from Cyble saw that a member from a hacking forum professed to have registered in one of the domains of WeLeakInfo,, wli.design, which was enlisted again on March 11 2021. At that point, the actor made an email address for the domain and utilized it to get to the account of the cybercrime group registered on the payment service Stripe. The admittance to the Stripe account permitted the actor to get to clients' details, including email, address, partial card details, and purchase history. 

“The WeLeakInfo operators allegedly used the domain’s email address for payments via Stripe, the actor claimed. The actor claimed to have registered the domain and then created an email address on the registered domain used in their Stripe account gaining access to WeLeakInfo customers details.” reads the post published by Cyble.

Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users


Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers.

Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn't disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime.

This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hackers breached around 2.2 million email addresses and 287,000 phone numbers. It mainly contained kids' personal details. However, the recent breach mainly consists of numbers belonging to young women.

According to the reports, the database was circulating secretly since March, it has been put up for sale on dark web forums for thousands of dollars. Later, 'ShinyHunters', a dark web trader who allegedly leaked the data, stated that they will be publishing the data for free after individuals began reselling it.

While commenting on the matter, senior vice president of data security specialists comforte AG, Mark Bower said, “It looks like security and privacy have been an afterthought, not a matter of culture and software development process. If the passwords are hashed with MD5, then the users affected should be immediately making sure their ID’s and passwords aren’t used elsewhere with the same password. MD5 is a goner as far as security is concerned but used by mistaken developers unfamiliar with its security risks or using older code libraries using MD5. Hashed MD5 passwords aren’t difficult to brute force. The bigger issue here is the personal data though – so now attackers have a bunch more data for social engineering.”

Security experts have recommended Wishbone users to update or change their passwords and stay wary of any suspicious activity in their account.

Canada Cybersecurity: Health Care Industry Battles Cyberattacks as Experts Call-in Federal Support


Canada's hospitals and clinics are suffering massive cyber threats as the cyberattacks targeting the Canadian healthcare industry saw a sudden rise in number.

Researchers reported that the health-care sector is the most targeted sector in Canada amounting to a total of 48% of all security breaches in the country. Digital security of hospitals in Canada is being exposed to heavy risk as the growing number of data-breach incidents imply how the healthcare industry has become the new favorite of cybercriminals.

The issue has gained widespread attention that led to calls for imposing national cybersecurity standards on the healthcare industry. In order to tackle the problem effectively and protect the privacy of their patients, the institutions are required to update their cybersecurity arsenal for which the federal government's involvement is deemed necessary by the experts.

While commenting on the matter, Paul-Émile Cloutier, the president and CEO of HealthcareCAN, said: "My biggest disappointment at this moment is that it seems that anything that has to do with the health sector and cybersecurity is falling between the cracks at the federal level."

Cybersecurity experts expressed their concern in regard and put into perspective the current inability of the Canadian health system to cope up with the increasing risk.

Experts believe that information regarding a person's health can potentially be of more value to the cybercrime space than credit card data itself for an individual's health care identity contains data with unique values that remains the same over time such as the individual's health number or DOB, it assists hackers in stealing identities by making the process smooth.

Over the past year, various Canadian health-care institutions became victim of breaches including LifeLabs, one of the country's largest medical laboratory of diagnostic testing for healthcare, which was hit by a massive cyberattack compromising the health data of around 15 million Canadians. The private provider was forced to pay a ransom in order to retrieve the stolen customer data.

In another incident, attackers breached the computer networks of three hospitals in Ontario that led to a temporary shut down of diagnostic clinics and non-emergency cases were told to come back later.

2 New Android Malwares on The Hunt to Gain Control of User’s Account



As per discoveries of competent security software two new Android malware is on the hunt to 'discreetly' access control of the victim's account so as to send different ill-intentioned content. The two malware together steal cookies collected by the browser as well as applications of famous social networking sites and accordingly making things easier for the thieves to do their job. 

While cookies are frequently perceived as quite harmless since they are characterized as small bits of data collected by websites to smoothly track user activity online with an end goal to create customized settings for them in the future however in a wring hands, they represent a serious security hazard. A grave security risk since, when websites store these cookies, they utilize a unique session ID that recognizes the user later on without having them to enter a password or login again. 

Once possessing a user's ID, swindlers can trick the websites into assuming that they are in fact the person in question and thusly take control of the latter's account. What's more, that is actually what these cookie thieves did, as described by computer security software major Kaspersky, creating Trojans with comparable coding constrained by a similar command and control (C&C) server. 

The primary Trojan obtains root rights on the victim's device, which permits the thieves to transfer Facebook's cookies to their own servers. Be that as it may, in many cases, just having the ID number isn't sufficient to assume control for another's account. A few sites have safety measures set up that forestalls suspicious log-in endeavors as well. 

Here is when the second Trojan comes in. This malignant application can run a proxy server on a victim's device to sidestep the security measures, obtaining access without raising any doubt. From that point onwards, the thieves can act as the 'person in question' and assume control for their social media accounts to circulate undesirable content. While a definitive aim of the cookie thieves remains rather obscure, a page revealed on the same C&C server could provide a clue: the page promotes services for distributing spam on social networks and messengers. 

In simpler words, the thieves might be looking for account access as an approach to dispatch widespread spam and phishing attacks. 

Malware analyst Igor Golovin says "By combining two attacks, the cookie thieves have discovered a way to gain control over their victims` account without arising suspicions. While this is a relatively new threat -- so far, only about 1,000 individuals have been targeted -- that number is growing and will most likely continue to do so, particularly since it`s so hard for websites to detect." 

He adds later "Even though we typically don`t pay attention to cookies when we`re surfing the web, they`re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention." 

According to Kaspersky experts all hope’s isn’t lost they made certain recommendations which might help a user to save themselves from becoming a victim of cookie theft : - 
  1. Block third-party cookie access on your phone`s web browser and only let your data be saved until you quit the browser
  2. Periodically clear your cookies
  3. Use a reliable security solution that includes a private browsing feature, which prevents websites from collecting information about your activity online.

Estonian hackers forged electronic identity card


As we all know, the introduction of electronic Identity Card has begun in many developed countries. According to the leaders of the States, this allows citizens to receive a large number of services without long standing in queues, as it only requires the availability of the Internet.

Estonian citizens can use about 600 different online services, and 2.4 thousand more services are offered to businesses. An electronic ID allows you to remotely sign documents, pay for cellular communication, use transport, etc.

Another important advantage of electronic identity cards is that they cannot be faked. This is very important for the security of States. Leading experts on cybersecurity argue that such electronic documents are highly reliable. But, as it turned out, this statement is incorrect.

Recently it became known that Estonian hackers were able to fake an electronic ID. The Estonian socio-political daily newspaper Postimees reported the incident.

In February 2019 some Estonian residents began to receive SMS messages from one of the largest Banks in the country. The message offered to update their personal information by clicking on the link which led to a page visually similar to the home page of the Bank. There, users had to log in using their Mobile Electronic Identity Card (Mobile ID) by entering two codes. These two codes were enough to fake the identity of the victims. The scammers created new accounts in the Smart-ID application, which allows them to connect to services in Estonia.

It’s important to note that Smart-ID application allows people to use various services including managing Bank accounts. In total, 2.2 million people are using this app, including 433 thousand in Estonia. However, the damage caused to Estonians is only 1000 Euros.

It should be noted that the last failure in the Mobile-ID was recorded in May, when users could not make money transfers and use other services for several hours. However, there were no cases of identity forgery before.

The introduction of electronic passports is also planned in Russia. It is known that such innovation may appear in the Russian Federation no earlier than 2021.

US charges Russians for interfering in 2016 Elections, Identity theft in the centre

On Friday, Special Counsel Robert Mueller charged against 13 Russian nationals and three Russian groups for interfering with the 2016 U.S. elections.

The charges included creation of false U.S. identities as well as identity theft of six U.S. residents. The charges of identity theft were brought against four Russian nationals.

According to the indictment, the Russian nationals used stolen Social Security numbers, home addresses, and birth dates of the six persons to open bank and PayPal accounts and obtain fake government documents between June 2016 and May 2017.

“This indictment serves as a reminder that people are not always who they appear to be on the Internet,” Deputy Attorney General Rod J. Rosenstein said at a press briefing announcing the indictments.

The Russians allegedly used the stolen identities to open four accounts at an undisclosed U.S. bank and purchased more than a dozen bank account numbers from online sellers.

The stolen information was also allegedly used to evade PayPal security measures.

“We work closely with law enforcement, and did so in this matter, to identify, investigate and stop improper or potentially illegal activity,” PayPal said in a statement.

The Russians are claimed to have used the accounts to pay for the promotion of politically inflammatory social media posts, IRA expenses, political rallies and political props including banners, buttons and flags, in efforts to boost President Trump’s campaign, and are alleged to have been paid $25 to $50 per post from U.S. persons to promote content on IRA-controlled Facebook and Twitter accounts.