Search This Blog

Showing posts with label Interpol. Show all posts

Metaverse Opens Up New World of Cybercrime, Says Interpol

 

Global police agency, Interpol says that it is preparing for the risks that online immersive environments, the “metaverse" could create in form of new kinds of cybercrime while bolstering the already existing forms of cybercrime. 
 
Countries that are a member of Interpol have since been raising concerns on how to prepare for potential metaverse crime. Interpol's executive director for technology and innovation, Madan Oberoi told Reuters that, “some of the crimes may be new to this medium, some of the existing crimes will be enabled by the medium and taken to a new level." 
 
According to Oberoi, augmented reality and virtual reality could affect how phishing and scams operate. Additionally, he stated that concerns over child safety were also present.  
 
Virtual reality, as per Oberoi could aid crime in the physical world, “If terror group wants to attack a physical space they may use this space to plan and simulate and launch their exercises before attacking” he added.  
 
Earlier this October, Europol, the European Union’s law enforcement agency stated in a report that threat groups in the future may use virtual worlds for propaganda, recruitment, and training. The report added that users may as well create virtual worlds with “extremist rules.” 
 
According to Europol, if the metaverse environment detects users' interactions on a blockchain, “this might make it possible to follow everything someone does based on one interaction with them- providing valuable information for stalkers or extortionists.” 
 
Since 2021, Metaverse has been a tech buzzword, with company giants and investors claiming that the virtual world environments will advance in popularity, marking a new stage in the internet’s development. Marking its shift towards the idea, Facebook, in October 2021 announced renaming the giant to “Meta.” 
 
But thus far, there are few indications that this vision will come true. As the stock price of Meta fell on Thursday, investors expressed skepticism about making bets in the metaverse. 
 
Sales of blockchain-based assets, that represent virtual land and other digital possessions have also witnessed a plunge after a period of frenetic growth last year.

Interpol Arrests 12 Suspects for Running Sextortion Racket


A joint operation to crack down sex racket

Interpol announced the arrest of 12 individuals under suspicion of core members of transnational sextortion ring. 

The arrests happened in July and August because of a joint investigation done by Interpol's cybercrime division and police in Singapore and Hongkong. 

Under the Banner #YouMayBeNext, supported by 75 INTERPOL member countries and 21 private and public entities, the campaign focuses specifically on sextortion, Distributed Denial of Service (DDoS), and ransomware attacks. 

In an example of the challenges these cyber attacks represent, international police operations supported by INTERPOL has found and tracked down transnational sextortion ring that was able to extract around USD 47,000 from targets. 

As of now, the investigation has tracked 34 back to the syndicate. 

What is sextortion?

Sextortion is considered a criminal act and is a form of sexual exploitation that includes harrassing an individual, either via threat or manipulation, into making sexually explicit content and sending it over the internet. 

The suspects reached out to potential victims through online dating and sex platforms, then lure them into downloading a malicious mobile app and trick them into "naked chats." 

The suspects used this app to hack victim's phone contact lists, then threaten victims by blackmailing to leak their nude videos to their relatives and friends. 

The victims of the sextortion racket are mostly from Hongkong and Singapore. 

Raymond Lam Cheuk Ho, Acting Head of the Hong Kong Police’s Cyber Security and Technology Crime Bureau said:

"We conducted a proactive investigation and in-depth analysis of a zombie command and control server hosting the malicious application, which – along with the joint efforts by our counterparts – allowed us to identify and locate individuals linked to the criminal syndicate.”

INTERPOL's warning 

Besides this, Interpol has warned about a surge in sextortion incident in the recent years, the rise has been aggravated due to the Covid-19 pandemic. 

It mentions the risks of the sextortion, just a click away on a malicious link or an intimate video/picture to someone can expose users to sextortion threats. 

Last year, the FBI Internet Crime Complaint Center (IC3) alarmed about a sudden rise in sextortion complaints since the start of 2021. As per the experts, the attack has caused   financial losses of more than $8 Million until July 2021. 

The FBI got more than 16,000 sextortion complaints until July 2021, most of the victims fall between the age of 20 and 39. 

How to be safe from sextortion?

Security affairs reports the following measures to stay safe from sextortion threats: 

  • NEVER send compromising images of yourself to anyone, no matter who they are or who they say they are.
  • Do not open attachments from people you do not know. Links can secretly hack your electronic devices using malware to gain access to your private data, photos, and contacts, or control your web camera and microphone without your knowledge.
  • Turn off your electronic devices and web cameras when not in use.


INTERPOL Arrests Three Nigerians in Relation with a Global Scam 

 

Three Nigerian men were arrested and convicted as a result of an Interpol-led operation code-named Killer Bee. They were accused of using a remote access trojan (RAT) to reroute bank transactions and steal business credentials. Two possible accomplices were also apprehended. 

The trio, aged 31 to 38, was apprehended as part of an 11-country sting operation involving law enforcement agencies from Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, the Philippines, Singapore, Thailand, and Vietnam. 

Agent Tesla is a prominent "malware-as-a-service" Remote Access Trojan (RAT) tool used by malicious attackers to collect information like credentials, keystrokes, and clipboard data from the victims. It was initially identified in late 2014. 

Due to Agent Tesla's stability, flexibility, and functionality, which allows for the sampling of sensitive data and exfiltration from the victim, it is used by both cybercriminal groups and actors involved in espionage operations. 

While the authorities did not say how much money the hackers allegedly took, the companies targeted included oil and gas enterprises in Southeast Asia, the Middle East, and North Africa. As per INTERPOL arrested three Nigerians in relation with a global scam The other two men are still facing charges. As per Interpol, one of the scammers, Hendrix Omorume, was prosecuted and convicted of three counts of significant financial fraud and now risks a sentence of 12 months in prison. The other two men are still facing charges.

Interpol and the Nigerian Police Force, with the help of various cybersecurity firms (Group-IB, Palo Alto Networks Unit 42, and Trend Micro), identified a 37-year-old Nigerian man as one of the SilverTerrier cybercrime group's commanders last week.

"Cybercrime is growing at a rapid pace, with new trends continuously appearing," stated Abdulkarim Chukkol, Director of Operations at the EFCC. INTERPOL and the EFCC collaborate on operations like Killer Bee to keep up with emerging technologies, understand the opportunities they provide for criminals, and how they may be used to combat cybercrime.

Interpol Arrests Moroccan Hacker Engaged in Phishing Attacks

 

As part of a global phishing and credit card fraud scheme, law enforcement authorities with Interpol apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France. According to a report published on 6th July by cybersecurity firm Group-IB, the two-year investigation, called Operation Lyrebird by the international, intergovernmental group, resulted in the arrest of a Moroccan citizen nicknamed Dr HeX.

According to the cybersecurity firm, Dr HeX has been "active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims." The cyber-attacks included the use of a phishing kit that included online pages that spoofed banking firms in the country, as well as mass emails that imitated the targeted companies and asked users to enter login credentials on the rogue website. 

The credentials submitted by unwitting victims on the phoney web page were then forwarded to the perpetrator's email address. At least three separate phishing kits were discovered, all of which were apparently created by the threat actor. The phishing kits were also "sold to other individuals through online forums to allow them to facilitate similar malicious campaigns against victims," Interpol said in a statement. "These were then used to impersonate online banking facilities, allowing the suspect and others to steal sensitive information and defraud trusting individuals for financial gain, with the losses of individuals and companies published online in order to advertise these malicious services." 

The name Dr HeX and the individual's contact email address were included in the phishing kit scripts, which allowed the cybercriminal to be identified and deanonymized, revealing a YouTube channel as well as another name used by the adversary to register at least two fraudulent domains used in the attacks. Furthermore, Group-IB claimed it was able to link the email address to the accused's malicious infrastructure, which includes up to five email addresses, six nicknames, and accounts on Skype, Facebook, Instagram, and YouTube. 

Dr Hex's digital footprint left a tell-tale trail of malicious activities between 2009 and 2018, during which the threat actor defaced 134 web pages, as well as posts created by the attacker on various underground forums devoted to malware trading and evidence suggesting his involvement in attacks on French corporations to steal financial information.

Interpol Seize $83 Million in Operation Against Online Financial Fraud

 

More than 500 suspects were arrested in the Interpol-coordinated Operation ‘HAECHI-I’ and $83 million were seized which belonged to the victims of online financial crime. Over 40 law enforcement officers across the Asia Pacific region took part in the Interpol-coordinated Operation HAECHI-I and intercepted $83 million from being transferred to the accounts of their perpetrators.

Law enforcement agencies were specifically focused on five types of online financial crime: investment fraud, romance scams, money laundering associated with illegal online gambling, online sextortion, and voice phishing.

A total of 585 individuals were arrested, and more than 1,600 bank accounts belonging to perpetrators of the cyber-enabled financial crime were frozen. The stolen funds were blocked from getting into the scammers' accounts following multiple joint operations and months of collecting intelligence on the attackers' operations.

More than 1,400 investigations were opened during HAECHI-I’s six-month operational phase targeting cybercrime in the Asia Pacific region (i.e., Cambodia, China, Indonesia, Korea, Laos, The Philippines, Singapore, Thailand, and Vietnam), with 892 cases having already been solved and the rest still being investigated. 

“Online fraudsters often attempt to exploit the borderless nature of the Internet by targeting victims in other countries or transferring their illicit funds abroad. The results of Operation HAECHI-I demonstrate that online financial crime is fundamentally global and that only through close international cooperation can we effectively combat these criminals," said Ilana de Wild, Interpol's Director of Organized and Emerging Crime. 

Last year, Interpol also advised victims of online financial scams to immediately take action to intercept stolen funds before their money reached the scammers' bank accounts. In January 2021, Interpol warned all 194 member states of fraudsters targeting dating app users and trying to trick them into investing through fake trading apps. 

“The key factors in intercepting illicit money transfers are speed and international cooperation. The faster victims notify law enforcement, the faster we can liaise with INTERPOL and law enforcement in the relevant countries to recover their funds and put these criminals behind bars,” Amur Chandra, Brigadier General of the Indonesian National Police and Secretary of Indonesia’s INTERPOL National Central Bureau, stated.

Joker's Stash, the Largest Carding Forum Shutting Down

 

Joker's Stash opened in 2014 and was perhaps the most well-known underground carding site which gave new stolen credit card data and a guarantee of card validity. The activity gas has undergone a decline since mid-2020. The normally active administrator, Joker's Stash, had several gaps in communication. Joker's Stash, announced on January 15, 2021, that it is expected to shut down in a month - the stipulated date being February 15, 2021. The news was announced by the site's administrator through messages posted on different underground cybercrime forums where the site normally publicized its services.

Threat intelligence firm Intel 471 posted a blog expressing that Joker's Stash's fall comes after an extremely tempestuous close to 2020, documenting the website's end. In October, the individual who purportedly runs the site declared that he had contracted COVID-19, going through seven days in the hospital. The condition has influenced the site's forums, inventory replenishments, and different tasks. Intel 471 likewise found that the customers of the site were complaining that the shop's payment card data quality was progressively poor. 

The FBI and Interpol held onto four domains operated by the marketplace. During that time, the site's administrators said the law enforcement crackdown left just restricted effect on the site, the domains were just utilized as proxies to reroute clients from landing pages to the genuine marketplace, and that authorities didn't hold onto any servers containing card or client information. Despite the fact that the seizure didn't have a lot of effects, it chiefly influenced the site's reputation and made clients feel that the once-untouchable Joker's Stash was presently an open book for law enforcement agencies. 

The Joker's Stash admin didn't give more insights about the choice to close down the site. They may have chosen to stop as opposed to being taken down by the law enforcement agencies. Nonetheless, that doesn't infer that the site's administrator is now immune to prosecution. Prior to its declaration of closing down, the Joker's Stash was viewed as perhaps the most profitable cybercrime operations today.

As indicated by Christopher Thomas, Intelligence Production Analyst at Gemini Advisory, the shop is assessed to have made countless dollars in illicit profits, despite the fact that this cash also goes to the vendors themselves. Joker's Stash has been working since October 7, 2014. Last year alone, the site had posted more than 35 million CP (card present) records and in excess of 8 million CNP (card not present) records.

The site's administrator intends to wipe all servers and backups when they shut their operations next month.