This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Friday, March 31, 2017

Cifas Report: Identity Fraud Reached Record Levels In 2016

According to a research published on March 15 by fraud prevention organization Cifas, young people are a growing target for identity theft cases, which reached record levels in the year of 2016.

Identity fraud cases started to appear about 13 years ago, however, the number of instances reached record levels in 2016. According to statistics from 277 banks and businesses, almost 173,000 fraud cases were recorded in 2016. Additionally, almost 25,000 fraud victims were aged under 30, and the number of victims under the age of 21 rose by a third.

The 172,919 incidents of identity fraud last year represents 53.3% of all fraud recorded by Cifas, of which 88% occurred online. The number of victims under the age of 21 increased from 1,345 to 1,803 from 2015 to 2016.

According to the fraud prevention organization, people should be “more vigilant” about protecting their own data. Additionally, Mike Haley, deputy chief executive at Cifas, said that better education for fraud and other forms of financial crimes was needed.

“These new figures show that identity fraud continues to be the number one fraud threat. With nine out of ten identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity. There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted on your devices; and avoid using public wi-fi for banking and online shopping,” Haley said.

City of London Police Commander Chris Greany, who is the national coordinator for economic crime, is sharing the same opinion as Haley. According to him, since cybercrime and fraud cases are growing, citizens should make sure to protect their identities.

“We have known for some time that identity fraud has become the engine that drives much of today’s criminality and so it is vitally important that people keep their personal information safe and secure. Identity fraud is the key to unlocking your valuables. Things like weak passwords or not updating your software are the same as leaving a window or door unlocked,” Greany said in a statement.

According to Cifas, the vast majority of identity fraud takes place when a hacker pretends to be an individual, and, for example, buys a product or takes a loan using the victim’s details. Fraudsters acquire the necessary personal information by stealing mail, computer hacking (including phishing emails), obtaining data on dark net marketplaces and forums, and exploiting personal information on social media. Criminals also use social engineering for extorting personal details from victims. They reach the victims on social media websites and pose as somebody from their bank, retailer, or from authorities.

“We all remember to protect our possessions through locking our house or flat or car but we don’t take the same care to protect our most important asset – our identities. We all need to take responsibility to secure our mailboxes, shred our important documents like bank statements and utility bills, and take sensible precautions online – otherwise, we are making ourselves a target for the identity fraudster,” Haley said. In addition to deputy chief executive’s statement, Cifas recommends other safety measures to consumers:

“Set your privacy settings across all the social media channels you use. And just think twice before you share details – in particular, your full date of birth, your address, contacts details – all this information can be useful to fraudsters!”

“Password protect your devices. Keep your passwords complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers, and capitals:R0v3rDuckLemon!.”

“Install anti-virus software on your laptop and any other personal devices and then keep it up to date. MoneySavingExpert have a recommended list of the best free anti-virus software: www.moneysavingexpert.com/shopping/free-anti-virus-software”

“Take care on public wi-fi – fraudsters hack them or mimic them. If you’re using one, avoid accessing sensitive apps such as mobile banking.”

“Download updates to your software when your device prompts you – they often add enhanced security features.”

The fraud prevention organization also warns people about protecting offline information too. According to Cifas, consumers should always redirect mail when they leave their homes and should make sure that their mailboxes are secure.

Headmaster Uploaded Student CP to Darknet Forums

Romain Farina, the director of a school in Villefontaine, France, possessed a massive cache of child pornography, investigators recently discovered. Authorities indicted Farina in 2015 after he sexually abused numerous adolescents who attended his school. Two years later, after a second search of the man’s residence, authorities found hard drives that connected Farina to a darknet identity named “pedo-master.”

Between the 2015 arrest of the headmaster and his later​ suicide in a jail cell, investigators searched the man’s house and came up empty-handed. In mid-March, 2017, authorities conducted another search of his home. They searched his house—fully—upon the realization that they ignored the attic in prior searches. The attic search yielded several storage mediums. The details released failed to fully clarify if the search team also found electronic devices with user interfaces or not. However, the drives contained 500,000 photos and 11,000 videos of child pornography featuring his students. Farina both created the films with his students and uploaded them to darknet forums.

Sébastien Lopez, the father of a child Farina abused, read the report from a forensic laboratory. He explained that the videos featured 26 students—and all of them responded to Farina on a first name basis. Lopez said that officials reported that they identified all 26 victims. They matched previous victim lists, the forensic analysis read. However, Lopez’s lawyer warned that as many as ten of the names featured in the films and uploaded online caused enough concern for a re-analysis.

Jean-Yves Coquillat, the case prosecutor, updated the public once word spread. He explained that authorities identified all 26 names on the list. In the name of utmost caution, he said, the police planned new checks.

“It’s terrible,” Lopez said. “The families of these 26 children are not civil parties in this case, so they have not been informed of these new revelations.” He explained that since many families knew nothing of the incident’s specific details, they lacked the ability to see the information that he saw.

He continued, “they [the families] need to know what their children have suffered for these children to be helped, listened to, and followed. It is up to the state to take care of that matter.The State must take charge of these child victims.”

Lopez credited the investigators but felt saddened by the lack of thoroughness shown the first time around. If authorities checked the attic and “discovered these pieces of evidence, this would have allowed the families involved to lodge a complaint.” He added, “now the investigation will surely end because the main suspect is dead.” Farina ended his own life in his jail cell in 2016. At that time, only Lopez and his child knew any case details. The evidence that the headmaster uploaded pictures of these children to the darknet, however, only recently came to light. The true full extent of the case just surfaced in early 2017.

Maître Rajon, the lawyer for the Collective of Families, formed in Saint-Clair-de-la-Tour, said “I have not been able to read this report. I get calls from anguished families who want to know if their child is part of the victims. It’s horrible.” Rajon, too, applied as a civil party. The court has not yet offered a response however. These recent findings developed over the course of two–three days.

The Prosecutor’s Office of Grenoble received the new evidence and report but made no announcement regarding the next steps. Prosecutors rarely continue with cases once the primary suspect dies, Farina’s attorney explained. He said that the Ministry of National Education “was aware of these new facts and should react during the day.”

Leader of Online Carding Forums Sentenced in Mississippi

In June, 2014, Homeland Security Investigations in Mississippi began an investigation into Milad Kalantari, an Iranian citizen. Throughout the course of the investigation, HSI learned that Kalantari ran an “international fraud organization.” More specifically, they learned that the 32-year-old Iranian ran multiple websites that sold stolen credit card information. After a multi-year provided, the case closed on March 9, 2017, when U.S. District Judge Louis Guirola Jr sentenced Kalantari to 120 months in federal prison.

Judge Louis Guirola Jr of the Southern District of Mississippi convicted Kalantari of crimes that warranted two sentences. For the first charge, access device fraud, the district judge ordered a 120-month sentence. And the second charge(s), conspiracy to commit identity theft and access device fraud, the district judge ordered a 60-month sentence. Both served concurrently. He also ordered Kalantari pay $36.6 million in restitution.

He fell under investigation during a larger investigation into the Yahoo Boys, a West African criminal organization. According to an investigating agent, “the Yahoo Boys use international hackers and underground Iranian, Russian and Vietnamese groups to conduct financial fraud schemes.” In addition to the websites where Kalantari sold financial information, he ran underground carding forums, the agent explained. The U.S. then indicted the Iranian in a 16-count indictment.

On December 21, 2015, Kalantari landed in the United States at the John F. Kennedy International Airport in Queens, New York. He knew nothing of the indictment and entered the country of his free will. Federal agents from three states arrested him at the airport upon touchdown. In a previous Yahoo chat with a co-conspirator, an undercover federal agent learned that Kalantari claimed he won a U.S. visa. The co-conspirator unknowingly told an undercover federal agent that the then-suspect planned to move to the U.S.

Since the 1990s, the U.S. hosted the United States Diversified State Lottery. Non-U.S. citizens “won” visas in the so-called “green card lottery.” The agent, according to the affidavit, checked with the U.S. Embassy in Ankara, Turkey, and learned that Kalantari indeed ”won” a U.S. visa. The embassy, and State Department confirmed Kalantari’s schedule and plans—law enforcement knew when and where the Iranian planned on entering the U.S.

HSI investigators linked Kalantari to the financial crimes after they conducted a search of his electronic devices. The Iranian’s email gave him away. He contacted his sister who attended college in the United States on a student visa. One email he sent to his sister included his bank information in Iran and home address in Sari, Mazandaran. They also discovered evidence that connected Kalantari to several of the online carding websites and stolen credit cards themselves.

On October​ 6, 2016, Kalantari pleaded guilty to conspiracy to commit identity theft and access device fraud. Along with the first two charges, he also pleaded guilty to one count of substantive access device fraud. In this case, substantive access device fraud referred both to the damage he caused the victims and the criminal intent behind the device fraud.

Court documents revealed that federal agents made purchases on Kalantari’s carding forums. In three purchases, agents reported that they received stolen credit card information from 68 victims in Mississippi. Among the thousands of individual victims, Keesler Federal Credit Union and Coastal Bank and Trust also reported great losses. Additionally, “one woman’s card number was used four times for $100 each at a Dunkin Donuts.”

“Kalantari sold approximately 2.5 million stolen credit cards on his websites, with an intended loss amount valued at over $1.2 billion,” the press release announced. “More than $35 million in actual losses have been confirmed with U.S. companies including more than $26 million in losses to Discover Card and almost $5 million in losses to American Express.”

The federal case appeared only in Mississippi. Kalantari will likely serve only 120 months and pay $36.6 million in restitution; some of his crimes allowed other states a chance at prosecution as well. The U.S. cracked down on online financial crimes this year. In February, 2017, a member of an international cybercrime group that caused $71m in damage received a 48-month prison sentence.

US Indicts Four in Connection with 2014 Yahoo Hack

On March 15, 2017, the Department of Justice announced an indictment that charged hackers in connection with the 2014 Yahoo breach. In late 2016, Yahoo announced that unidentified hackers breached 500 million user accounts. With the accounts, the hackers stole login credentials and any information that came with them. Along with the first indictment, the DoJ charged two FSB agents in a second indictment – also allegedly connected to the Yahoo breach.

Milan Patel, a former FBI Cyber Division special agent said the charges “illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways.” the two FSB agents, according to the DoJ, sought data from the Yahoo breach for intelligence purposes.

One of the two hackers in the first indictment, Alexsey Belan, landed on the U.S.’s most-wanted cyber criminal list several years ago. He slipped through the FBI’s fingers several times.

The other man charged in the first indictment—the hacking indictment—held a Canadian citizenship. Canadian authorities arrested Karim Baratov, alleged “hacker-for-hire,” on March 14—a day before the indictment.

U.S. authorities claimed that both men worked as “hackers-for-hire.” The Russian connection, according to the DoJ, landed in the list of contractors that hired the hackers. DoJ officials announced that Russia hired both hackers, potentially more than once. Alexsey Belan, a Russian citizen, avoided incarceration several times, according to the FBI themselves. They stated that between January 2014–December 2016, Alexsey Belan conspired with FSB officers, including both in the second indictment—Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin.

Alexsey Belan, the FBI wrote, worked with the FSB to “gain unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services.” On February 28, 2017, a United States District Court in the Northern District of California issue an arrest warrant for Belan. The indictment charged him for conspiracy to commit computer fraud and abuse; unauthorized computer access for financial gain; causing computer damage by hacking; economic espionage; theft of trade secrets; access device fraud; and wire fraud.

And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft. 

And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft.

“The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” the DoJ announced. “In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.”

Additionally, in December 2016, former President Obama imposed economic sanctions on Russia for suspected election hacking. The government imposed sanctions on two Russian hackers—Belan’s name landed on the sanction list. Obama never mentioned a connection between Belan and the Yahoo hacks.

The FSB officers indicted by the DoJ, Dmitry Dokuchaev and Igor Sushchin, enabled both hackers in connection with the Yahoo hack. Authorities in Moscow arrested Dokuchaev in December. He passed information to the CIA, U.S., authorities claimed. Sushchin worked above Dokuchaev and enabled his actions, according to the indictment.

US Indicts Four in Connection with 2014 Yahoo Hack

On March 15, 2017, the Department of Justice announced an indictment that charged hackers in connection with the 2014 Yahoo breach. In late 2016, Yahoo announced that unidentified hackers breached 500 million user accounts. With the accounts, the hackers stole login credentials and any information that came with them. Along with the first indictment, the DoJ charged two FSB agents in a second indictment – also allegedly connected to the Yahoo breach.

Milan Patel, a former FBI Cyber Division special agent said the charges “illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways.” the two FSB agents, according to the DoJ, sought data from the Yahoo breach for intelligence purposes.

One of the two hackers in the first indictment, Alexsey Belan, landed on the U.S.’s most-wanted cyber criminal list several years ago. He slipped through the FBI’s fingers several times.

The other man charged in the first indictment—the hacking indictment—held a Canadian citizenship. Canadian authorities arrested Karim Baratov, alleged “hacker-for-hire,” on March 14—a day before the indictment.

U.S. authorities claimed that both men worked as “hackers-for-hire.” The Russian connection, according to the DoJ, landed in the list of contractors that hired the hackers. DoJ officials announced that Russia hired both hackers, potentially more than once. Alexsey Belan, a Russian citizen, avoided incarceration several times, according to the FBI themselves. They stated that between January 2014–December 2016, Alexsey Belan conspired with FSB officers, including both in the second indictment—Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin.

Alexsey Belan, the FBI wrote, worked with the FSB to “gain unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services.” On February 28, 2017, a United States District Court in the Northern District of California issue an arrest warrant for Belan. The indictment charged him for conspiracy to commit computer fraud and abuse; unauthorized computer access for financial gain; causing computer damage by hacking; economic espionage; theft of trade secrets; access device fraud; and wire fraud.

And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft. 

And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft.

“The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” the DoJ announced. “In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.”

Additionally, in December 2016, former President Obama imposed economic sanctions on Russia for suspected election hacking. The government imposed sanctions on two Russian hackers—Belan’s name landed on the sanction list. Obama never mentioned a connection between Belan and the Yahoo hacks.

The FSB officers indicted by the DoJ, Dmitry Dokuchaev and Igor Sushchin, enabled both hackers in connection with the Yahoo hack. Authorities in Moscow arrested Dokuchaev in December. He passed information to the CIA, U.S., authorities claimed. Sushchin worked above Dokuchaev and enabled his actions, according to the indictment.

US Indicts Four in Connection with 2014 Yahoo Hack

On March 15, 2017, the Department of Justice announced an indictment that charged hackers in connection with the 2014 Yahoo breach. In late 2016, Yahoo announced that unidentified hackers breached 500 million user accounts. With the accounts, the hackers stole login credentials and any information that came with them. Along with the first indictment, the DoJ charged two FSB agents in a second indictment – also allegedly connected to the Yahoo breach.

Milan Patel, a former FBI Cyber Division special agent said the charges “illustrate the murky world of Russian intel services using criminal hackers in a wide variety of ways.” the two FSB agents, according to the DoJ, sought data from the Yahoo breach for intelligence purposes.

One of the two hackers in the first indictment, Alexsey Belan, landed on the U.S.’s most-wanted cyber criminal list several years ago. He slipped through the FBI’s fingers several times.

The other man charged in the first indictment—the hacking indictment—held a Canadian citizenship. Canadian authorities arrested Karim Baratov, alleged “hacker-for-hire,” on March 14—a day before the indictment.

U.S. authorities claimed that both men worked as “hackers-for-hire.” The Russian connection, according to the DoJ, landed in the list of contractors that hired the hackers. DoJ officials announced that Russia hired both hackers, potentially more than once. Alexsey Belan, a Russian citizen, avoided incarceration several times, according to the FBI themselves. They stated that between January 2014–December 2016, Alexsey Belan conspired with FSB officers, including both in the second indictment—Dmitry Aleksandrovich Dokuchaev, Igor Anatolyevich Sushchin.

Alexsey Belan, the FBI wrote, worked with the FSB to “gain unauthorized access to the computer networks of and user accounts hosted at major companies providing worldwide webmail and internet-related services.” On February 28, 2017, a United States District Court in the Northern District of California issue an arrest warrant for Belan. The indictment charged him for conspiracy to commit computer fraud and abuse; unauthorized computer access for financial gain; causing computer damage by hacking; economic espionage; theft of trade secrets; access device fraud; and wire fraud.

And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft. 

And in 2012–2013, a United States District Court in Nevada indicted Belan after a hacker breached the network of a Nevada-based company. The indictment accused him of data theft from a locked computer; “possession of fifteen or more unauthorized access devices;” and aggravated identity theft. In the same period, the Northern District of California District Court charged him with similar crimes after he allegedly hacked a California company. Their indictment charged him with two counts of computer fraud and two counts of aggravated identity theft.

“The FSB officer defendants, Dmitry Dokuchaev and Igor Sushchin, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the U.S. and elsewhere,” the DoJ announced. “In the present case, they worked with co-defendants Alexsey Belan and Karim Baratov to obtain access to the email accounts of thousands of individuals.”

Additionally, in December 2016, former President Obama imposed economic sanctions on Russia for suspected election hacking. The government imposed sanctions on two Russian hackers—Belan’s name landed on the sanction list. Obama never mentioned a connection between Belan and the Yahoo hacks.

The FSB officers indicted by the DoJ, Dmitry Dokuchaev and Igor Sushchin, enabled both hackers in connection with the Yahoo hack. Authorities in Moscow arrested Dokuchaev in December. He passed information to the CIA, U.S., authorities claimed. Sushchin worked above Dokuchaev and enabled his actions, according to the indictment.

Israeli Teenager Sourced Drugs From the Dark Web, Arrested For Them At School

Law enforcement authorities in Israel arrested a teenager who allegedly sold drugs in the school he studied. He allegedly sourced the drugs from the dark web.

According to police information, officials started an investigation after a case of drug poisoning in the school. The student, who was taken to the hospital, showed the symptoms of a narcotics overdose. When investigators questioned the boy, he admitted that he purchased the substance from a friend in school. He became ill after he used the drugs.

Shortly after, local law enforcement authorities detained the seller. During the police interrogation, the suspect confessed that he was selling narcotics to the students at the school. Additionally, according to the student, he was addicted to marijuana and was looking to make money to finance his addiction. The suspect admitted that he ordered the drugs from the dark net, and resold the substances at the school he studied. The teenager showed full cooperation with the police, he gave up all the customers he sold.

During the search of the suspect’s home, investigators found various kinds of drugs.

Due to the lack of information provided by the local media and police, we do not know what kind of drugs were sold. The city or town of the case, the date, the gender of the teenager, and the suspect’s exact age also remains unknown. The lack of information could be since police firstly want to investigate the case further, and will release more information on the suspect in the near future.

According to a 2016 RAND report, the students are using the dark net to purchase the drugs they use. Some of them just buy them for their own use, but there are other, like the Israeli teenager, who also sold the substances to customers. The pupils take advantage of the anonymity and the quality of the narcotics on the dark net marketplaces. Additionally, according to Adam Winstock, founder of the Global Drug Survey, since the quality of the drugs is much better compared to the ones that are sold by street dealers, purchasing drugs from dark net marketplaces is often safer.

“It’s possible that products purchased on DNMs are safer to use as result of the filtering out of poor quality vendors and products… Could dark-markets help create credible online communities sharing harm reduction advice at point of purchase?” Winstock asked the question theoretically.

In addition to that, dark net users can order narcotics internationally. By doing so, they can get much better prices for substances than domestically. Some students take advantage of this and use the dark web to get the narcotics for cheaper, sell them locally, and make profits from the sales. British news outlet, independent.co.uk, reported that, according to one of the students they interviewed, one can buy ecstasy for £2 ($2.44) a pill (if they purchase it in bulk quantities) and could sell it for at least £10 ($12.2) in the United Kingdom.

Convicted Darknet Buyer Found to be Child of High Profile Murderer

US District Judge Robert Jonker sentenced the son of Arthur Paiva—ringleader in the 1979 murder of Janet Chandler—to 30 months in prison. Michael Carlton Paiva, the son in question, found himself caught up in the Silk Road 2.0 investigation. Between 2013 and 2016 Michael ordered $11,000 worth of drugs and resold them throughout Western Michigan.

During the Silk Road 2.0 investigation, federal investigators flagged Paiva for his online activities. The Homeland Security Investigations recognized the activity and collaborated with The West Michigan Enforcement Team to connect the identities.

With help from the HSI agents in charge of the case, The West Michigan Enforcement Team or WMET connected Paiva to the online profile. In recently leaked court transcripts, the full details of his case emerged. Investigators connected the dots between Michael Paiva and his father, Arthur Paiva. The father died in prison six months ago—and his death, combined with the crimes that put his father in prison initially—triggered Paiva’s darknet activities. This claim came from testimonial statements at Paiva’s hearing.

Paul Mitchell, Paiva’s defense attorney, said Michael and Jamie Paiva suffered a great trauma after learning about their father. Michael and his sister, Jamie, watched their father stand trial in 2007 for a 1979 murder. Their father, Arthur Paiva, participated in the kidnapping and murder of Hope College student Janet Chandler. Along with six other Wackenhut Corp. security guards who stayed at the same hotel, Arthur Paiva abducted, raped, and strangled the woman.

The murder went unsolved and the guards went back to their day-to-day business. Arthur raised his children and never mentioned anything. And then in 2007, their lives changed. “To be told that your father, the person you adore most in the entire world, partook in the kidnapping, rape and murder of a young woman in 1979 is extremely traumatic,” Mitchell said. He noted that Michael Paiva already same in the drug culture but not to the current extreme.

Despite the background as portrayed by Michael Paiva’s attorney, the government believed Paiva received an insufficient sentence. According to the DoJ, the sentencing guidelines of 37 to 46 failed to reflect “the sophistication of his scheme.”

He made 29 orders on the Silk Road 2.0 and additionally ingested since of the drugs, court documents revealed.

Our other article about the Silk Road 2.0 redistributor explained the so-called “sophistication” of his scheme. It reads, “he [Paiva] bought MDMA, mescaline, LSD, AL-LAD, DMT, DOM, 25i-NBOMe, and liquid mushrooms” from the darknet. He sold the above drugs on the streets of Michigan. The district attorney explained that the defendant also sold cocaine, heroin and methamphetamine.

76% of Healthcare Organizations Hacked Info Sold on Darknet

Over the past few years, ransomware and hacking attacks targeted on healthcare organizations saw tremendous success, mostly because healthcare organizations maintained a centralized database composed of sensitive personal and financial information.

Ransomware distributors design software that can encrypt the servers, devices and databases of healthcare institutions and medical centers when they are accessed. If one of the devices or servers download a fraudulent file or are redirected to an uncertified URL, ransomware can be extracted and installed onto the servers of the organization and encrypt the files indefinitely, until the ransom is paid.

The other two popular types of cyber attack that target healthcare organizations are phishing and keylogging. Instead of utilizing ransomware in order to receive ransom directly from the victimized organization, keyloggers and phishing attacks allow hackers to steal valuable data from the database and servers of healthcare companies and sell them in the dark web.

Usually, these data sets are sold in the dark web for bitcoin. The value of these data sets is completely dependant on the type of data acquired by the hacker. If the data sets contain financial information such as credit card details, bank account information and spending habits, they can be sold for significantly higher prices in comparison to basic details such as names, date of birth, social security number, etc.

Often times, hackers also breach into healthcare organizations with an intent to gain information of VIP members or clients that may include CEOs, government officials and industry leaders. Hackers then threaten or blackmail individuals with a direct communication method and extract ransom payments.

Since mid-2015, hackers utilized highly complex and sophisticated hacking tools that made it difficult for healthcare organizations to prevent themselves from being exploited. According to a recent study released by Evolve IP, 68% of healthcare institutions have compromised email credentials and 76% out of those compromised sets of data can be found on darknet marketplaces.

In its research paper entitled “Email vulnerability in healthcare,” Evolve IP researchers wrote:

“Overall, 68% of all analyzed covered entities and their business associates have employees with visibly compromised accounts — 76% of which include actionable password information. Using ID Agent’s proprietary Dark Web ID analysis technology, ID Agent and Evolve IP analyzed 1,000 healthcare companies representing a variety of business types and sizes. On average, more than 68% of the firms reviewed have compromised email credentials visible and available on the Dark Web.”

Kevin Lancaster, the CEO of ID Agent, a data solutions provider which engaged in a joint research initiative with Evolve IP, further noted that despite the increasing vulnerability of security systems and infrastructures, healthcare organizations are struggling to implement necessary solutions and technologies to combat hacking attacks.

Although leading chief information officers (CIO) within the global healthcare industry and ecosystem are actively investing into potential solutions to protect both employee and client data from being exploited, the vast majority of healthcare organizations have failed to demonstrate proper security measures.

Some corporations have formed AI and blockchain technology-focused development teams in order to create unalterable and immutable databases but are unlikely to commercialize the two technologies within this year.

“Organizations are failing to adequately protect customers from online account takeover and data exploit. To combat the growing threat, the need to develop an end-to-end solution to automate the process of identifying stolen credentials and proactively securing customer online accounts, is vital,” Lancaster said.

Darknet Child Pornography Buyer Convicted, Avoids Prison

On March 12, Leigh Williams of Newport, South Wales, was convicted for the possession of child pornography. In consideration of Leigh Williams’ plea and his genuine remorse toward his action, judge Peter Griffiths sentenced Williams to six months in prison, to be effective after two years.

In most child pornography cases, regardless of the intensity of the crime or the category of child pornography files, criminals are immediately sentenced to prison for their unethical behaviour and actions. In the case of Williams, police found 24 images of child pornography on his computer during a raid of his property. Five of the 24 images belonged to category A, and the rest belonged to Category B and C.

When child pornography is seized from buyers and distributors, investigators and local law enforcement agencies categorize different forms of child pornography depending on their intensity or severity. Within this system, category A refers to the most inappropriate type of child pornography and almost at all times, the possession of category A child pornography alone lead to a sentence of multiple years in prison.

During his trial, Williams pleaded guilty to all of the three charges and told the court that he was remorseful for his actions. Williams admitted to his possession of child pornography and revealed that he acquired them on a darknet marketplace, wherein child pornography was being traded regularly.

For his plea and admittance to guilt, judge Griffiths ultimately decided to sentence Williams to six months in prison, to be served after two years of suspension. In addition, Williams was added by the court to the sex offenders’ register in South Wales for five years, required to complete a sexual offender rehabilitation program, pay a victim surcharge of $140 and received a sexual harm prevention order structured for five years.

Stephen Thomas, the defendant and the attorney of Williams told the court:

“He expressed remorse and continues to be sorry. This is a hard-working single man who is considered to be at low risk of offending. Immediate custody in this case is not inevitable.”

Thomas further emphasized that the court should permit Williams to work and achieve a certain level of financial stability before being sentenced to prison, as he has no family members to rely on after being released from prison.

Judge Griffiths complied with the request of Thomas and Williams, granting two years of suspension for Williams. Griffiths added that the court decided to provide Williams a two-year period due to his lack of offense in the past.

“The other feature that plays an important part in my decision is that you have already been in custody (for this case) and your lack of offending in the past,” said Griffiths.

In January, DeepDotWeb reported that two Englishmen including 40-year-old Gabor Papai and a 45-year-old hospital IT employee Martin Richard Shepherd from the UK were sentenced for downloading child pornography from the darknet. The two cases of Papai and Shepherd were almost identical to the case of Williams, in that they both obtained child pornography from the darknet without the intent to distribute.

While Williams received a six-month sentence with a two-year suspension, Papai received a shorter sentence of 60 days of sexual rehabilitation and one year on probation. However, Shepherd, who were found guilty of collecting child pornography over the period of 14 years, was sentenced to 5 years in prison.

Even within the UK, sentencing for child pornography criminals can vary greatly. If charges include the collection of child pornography over a longer period of time, criminals will be asked to serve multi-year prison sentences.

Wednesday, March 29, 2017

Weapon Vendor Who Sold The Gun To The Münich Shooter Formally Charged

The prosecutor’s office in Münich formally charged the man who allegedly sold the firearm to the Münich shooter.

The prosecution accused Philipp K., a 32-year-old German man, of negligent homicide in nine cases, negligent bodily harm in five cases as well as violations of the weapons law, Florian Wienzierl, spokesman for the prosecutor’s office in Münich said in a statement on Monday. The proceedings in the case have not been cleared yet, the trial dates were not yet fixed.

In the Münich massacre on July 22, the 18-year-old shooter, David Ali Sonboly killed nine people and himself in the Olympia-Einkaufszentrum (OEZ). He almost fired his gun 60 times, investigators found 57 cartridges from his Glock on the scene.

The alleged firearm vendor was arrested in Marburg, Germany last year in August. He has been under investigation since then. According to the defendant’s statement, he sold various weapons to customers, including semi-automatic shotguns, which could be considered as weapons of war. The investigation in the Münich shooting case is almost completed, the Bavarian State Criminal Police Office (LKA) along with the prosecutor’s office will present the final report on Friday.

Law enforcement authorities detained Philipp K. using an undercover technique. They identified the suspect’s vendor shop on the dark web, and one of the investigators posed as a potential customer on a dark net marketplace and purchased a Glock 17 handgun from the defendant for $9,021. Shortly after the transaction was made, police arrested the 32-year-old.

After the shooting incident, law enforcement authorities started a massive search for the vendor who allegedly sold the Glock 17 gun to the shooter. However, after they arrested the 32-year-old in August, the investigation was still ongoing. In January, after a new trial started in the case, the Federal Public Prosecutor’s Office of Frankfurt handed the investigation to the Bavarian State Capital.

Soon after his arrest, the weapon vendor showed full cooperation with police. He provided law enforcement his computers, login information for various services, and decryption keys. Officials would not disclose information as to which arrests were linked to the vendor—or if there were any. He bragged, prior to his arrest, about selling to a 62-year-old accountant and a 17-year-old student. Investigators looked into both buyers but no results were made public.

“The arrest warrant was initially issued only because of the violation of the arms laws. The further investigation of the secured communication from the supposed arms dealer on the Darknet – the secret area of the Internet – however, showed indications of negligence. There was no evidence that the 31-year-old Marburger knew what the gunman had in mind,” Georg Ungefuk from the Federal Public Prosecutor’s Office of Frankfurt said in a statement.

On July 27, after the Münich shooting incident, Holger Muench, head of Germany’s Federal Police, announced that law enforcement authorities identified the illegal activities on the dark web, and they will start to turn major focus into investigating such cases.

We [the BKA] see that the darknet is a growing trading place, and therefore we need to prioritize our investigations here,” Muench said.

Since summer last year, the German dark net scene became a battleground between law enforcement and cyber criminals. Before the Münich massacre, there were only a couple of dark net related cases per month in Germany. However, after authorities in the country turned a massive focus on the dark side of the internet, there have been hundreds of arrests. With the help of the 32-year-old Philipp K., law enforcement authorities managed to detain several weapon vendors and customers in the country. However, one interesting thing to note, German police did not only turn focus on dark net firearm sellers, but they were aiming to eliminate all criminal activities concerning the dark web. This war against dark net criminals resulted in the arrest of several narcotics, counterfeit money, weapon, and fraud vendors, as well as in the detention of the customers of the sellers. Currently, numerous dark web criminals are awaiting their trial for the crimes they allegedly committed.

German Who Tried To Blackmail Food Chain With Poisoned Marzipan Sentenced To Jail

A 38-year-old man from Kiel, Germany was sentenced to prison for a blackmail attempt on a supermarket chain.

According to the court documents, Andy S., the defendant, sent more than 20 letters to the Coop food chain trying to extort money from the supermarket. The suspect sent the mail to the company between September 9 and 16, 2016 threatening the food chain that he would poison children with marzipan if Coop did not pay him three million euros in bitcoins.

Four schools received packages of poisoned marzipan last September. Additionally, Andy S., called in a bomb threat to one of the schools driving students, teachers, and parents in fear. The defendant confessed before the court and showed remorse.

“I have committed the crime. But it was never my intention to put children at risk. I am really sorry to have made the population of Kiel unsettled,” the 38-year-old said during his court trial.

However, this was not the case on the first day of the man’s trial, he was calm, smiled from time to time, and kept an eye contact with the people in the courtroom.

According to the German media outlet bild.de, in 2011, Andy S., offered his help for the Federal Criminal Police Office (BKA) and the Federal Intelligence Service regarding cybercrime cases. The 38-year-old wanted to help law enforcement in finding suspected offenders on the dark web. He even developed a software for this purpose, however, the agencies he reached did not react to his enquiry. The defendant allegedly wanted to show law enforcement authorities how easy is to send a threatening letter from the dark net.

“Was this a big advertising campaign for your software”? the prosecutor asked the suspect.

“I wanted to test the software under real conditions,” the defendant answered to the prosecutor’s question. As the suspect continued to tell, he wanted to show that certain information flows in the dark web that can’t be monitored by law enforcement.

A special task unit arrested the suspect at his apartment in Kiel on September 19. The 38-year-old has been held in police custody since then.

When forensic experts examined the poisoned marzipan, they discovered that the marzipan hearts were infected with a natural substance. However, the material is effective against insects, but it is not fatal to humans. According to experts in the case, the substance could cause health problems, but could not cause serious consequences, which would threaten one’s life. The court excluded the defendant from such charges, which had a mitigating effect on the judgment.

Following the prosecutor, Ralph Jacobsen’s application, the presiding judge sentenced Andy S. to four years and nine months in prison. According to Jacobsen, the defendant committed the crime for the purpose to gain money. The prosecutor was concerned for the well-beings of the schoolchildren, who could easily fall victims to the blackmailer.

“The health of many schoolchildren was jeopardized. A city was in exceptional circumstances. With the extorted money, the accused wanted to enrich himself,” Jacobsen said in a statement.

A similar case happened in December 2016 in Germany, when a 74-year-old pensioner threatened Haribo and the supermarket chain Kaufland that he would poison Haribo Gold Bears and Kaufland pizzas with cyanide if the companies would not pay up. According to the court documents, the suspect demanded one million euros from the two firms. He attached signs to different products of the firm’s, reading “careful, poison”. The 74-year-old ordered cyanide from the dark web, however, he never received it, police information said. According to the prosecution, there has been no danger to the public since the man did not receive the poison he threatened the companies with. The pensioner allegedly sent the messages by mail, and then by email. Law enforcement authorities arrested the defendant on Christmas Eve after they saw the footage of a surveillance camera as the 74-year-old tries to send the threatening mail to the companies. In addition to that, police also identified the IP address of the suspect. Shortly after police detained him, the pensioner confessed. He even admitted that he also tried to extort money from the supermarket chain Lidl. The accused person reportedly said that he had financial difficulties, that’s why he threatened companies with poisoned products.

Four Defendants Sentenced In Dutch Vendor Shop Case

Four suspects were sentenced in the Netherlands for charges, including the running of a vendor shop on the dark web selling narcotics, drug trafficking, and money laundering.

According to the court documents, the defendants were running a vendor shop on the dark net selling drugs under the pseudo names “Amsterdam United” and “King Albert Heijn”. The suspects used various marketplaces on the dark web to export narcotics, such as amphetamine, LSD and ecstasy pills. The vendors accepted bitcoins for payments, which they later converted into euros and cashed out. According to law enforcement authorities, the criminals laundered the dirty money.

When cyber criminals seek to swap dirty BTC to clean ones, they can do it easily with bitcoin mixers and tumblers. In addition to the drug-related charges, the prosecution charged all accused persons with money laundering and some of them with tax fraud. Only one defendant, “Suspect K.”, the partner of the accused V., was only convicted of “debt laundering”.

The main suspect, the 27-year-old V. was sentenced to six years in prison. The prosecution recommended a sentence of eight years in jail for the defendant, however, this is the usual punishment given for the accused persons in such cases. The court dismissed the 27-year-old’s lawyer’s argument in the case. The court sees him as the person who conducted the narcotics trade with the vendor account Amsterdam United. The accused claimed that he only helped once in connection with an IT problem around the Private and Public (PGP) key for the account. However, the court found the statement not credible in the view of the findings of the investigation. The court based the decision on the evidence investigators had gathered in the case. Forensic experts have examined the messages the suspect exchanged on his laptop and iPhone and analyzed the NFI report on the drugs that the 27-year-old allegedly supplied to co-defendant P. in December 2014. Additionally, the prosecution charged V. with money laundering. By the law, trading with bitcoins is legal, however, law enforcement authorities discovered that the suspect was using tumblers and mixers for the BTC to clean them. Officials also found out that the defendant earned most of the cryptocurrency with the narcotics trade.

The 57-year-old P. was sentenced to four years and six months of imprisonment. Since he was actively participating in the dark net narcotics trade, the prosecution recommended a six-year sentence for the suspect. However, because the 57-year-old admitted his crimes and had a clean criminal record, the court provided him a 1.5-year “discount”.

The court convicted the 26-year-old Pf. to a prison term of three years. According to the court documents, the defendant acted as the administrator of the King Albert Heijn vendor account and sold narcotics in bulk quantities. Despite the prosecutor’s request for eight years, the judge gave the suspect only three years in prison since the court heard that the 26-year-old was not directly involved in the narcotics trade.

The court sentenced the 35-year-old K. to 240 hours of community service (the prosecutor recommended 240 hours of community service and two months of suspended imprisonment). The court dismissed the money laundering charges against the woman. Although there are indications that she knew that the money and the goods were from the crime, the court ruled that this was not enough for a conviction. However, the court found the 35-year-old guilty of “debt laundering”. She had a lasting relationship with Suspect V. and lived with him for quite some time. According to the court documents, they lived a luxurious life, including going on expensive vacations. The court accused her that she had made too few critical questions about the origin of the cash flows and goods.

According to the investigation, the whole narcotics operation was conducted in a professional manner using different usernames on anonymous marketplaces, including the Silk Road Marketplace, Agora, and Evolution. The defendants planned all steps carefully and exported drugs to various countries. The suspects prioritized personal gain over the safety of the customer’s, court documents claimed. By laundering the criminal assets, the suspects affected the legal economy and also remained hidden from the tax authorities. Additionally, the court seized the income the suspects made with the narcotics trade, and the products they bought with the funds.

Austrian Sentenced For Cocaine Shipment He Never Ordered

A 24-year-old man from Vorarlberg, Austria was sentenced for a package of cocaine addressed to him he never ordered.

Earlier this year, the customs officers in Vienna intercepted a package containing a birthday card and two grams of cocaine from Amsterdam, the Netherlands. The parcel was addressed to the 24-year-old suspect, however, according to him, he never ordered or received the narcotics.

The accused was shocked when he was standing before the Bregenz District Court.

“I have not ordered anything, paid nothing and received nothing!” the 24-year-old told the court furiously. He admitted that the story had a “dubious taste”, and he did not understand how the drugs were shipped to his address. According to the Austrian media outlet, vn.at, a possible explanation for the parcel could be that the suspect had his address “registered” at one of the vendors on the dark net selling counterfeit money. The media source claimed that the defendant had “experimented” with counterfeit bills on the dark web. However, they did not provide more information on the case.

“I do not have anything to do with it”, the suspect said when Judge Christian Röthlin asked about the substance. Law enforcement authorities could not gather any evidence on the order. However, since the 24-year-old has a criminal record from 2015 concerning the use of narcotics, the prosecution charged the defendant with the possession of narcotics.

“You were times in the hospital, where a test carried out with you positively responded to THC and cocaine,” district attorney Stefan Willi said during the court trial.

“So have you ever tasted cocaine?” the judge asked the accused.

“Yes, I’ve already pulled something white through my nose. But I cannot judge whether it was cocaine,” the defendant reacted in a bewildered way.

This statement of the accused was enough for Judge Röthlin to convict the find the man guilty of narcotics addiction. The judge sentenced the defendant to pay 400 euros in fines (within 100 days).

“What would you do if someone in the school got you something?” the defendant reacted to the sentence angrily. He claimed that he was innocent and called the court for considering the sentence.

It is unknown whether the 24-year-old was innocent in the current case. It is not common to receive a narcotics package from a dark net vendor to your address, which you have never ever ordered. Additionally, the package contained two grams of cocaine, one of the most expensive substances sold by drug sellers on dark net marketplaces. However, since the suspect was allegedly involved in the dark net counterfeit business, there could be a possibility that he was also in contact with vendors who sold narcotics. It could be possible that one of the sellers accidentally misaddressed a parcel and sent him cocaine. Although, there could be a chance that one of his enemies tried to frame him. However, the possibility for this is quite low since cocaine is quite expensive, and the ill-wisher could have just purchased a cheaper drug and had it delivered to the defendant.

CIA’s Malware Writing Tips and Tricks Vault7 leak

CIA’s ability to hack phones, computers, routers, TVs and just about anything didn’t surprise me – if NSA is able to do it, why couldn’t they. What impressed me the most is CIA’s witty approach to anti-virus evasion. Allow me to entertain you with world-class solutions to some problems in the field of AV evasion. This topic will be covered in a series of analytical articles as opposed to this relaxed introduction, so stay tuned!
Anti-Sandboxing: Wait for Mouse Click

Many anti-virus programs run the suspicious binary in emulated environment (sandbox) to see what happens. A handy trick, spotted by malware in the wild is to wait for the user to click before proceeding to malicious actions. A sandbox environments don’t mimic mouse actions (probably all of them) and will never execute the malicious behavior. This is probably effective against Kaspersky and others.

AVG Fake Installer Trick

Subtitle is kinda self-explanatory – naming your .exe “setup.exe” causes it to run undetected in many cases. Additional bonus, Windows will add the “shield” icon to the binary. Downside of this trick is a possible pop-up saying “Program didn’t install properly”, but it can be avoided by carefully crafting the manifest file.

Defeating Entropy Analysis

Avira and F-Secure are known for checking the amount of entropy in the binary so if the program contains encrypted shellcode, it won’t pass the test. Unless it has a RAR manifest file – then, of course, entropy is caused by archiving software. Also, CIA suggests adding RAR signature at the end of the file. Sweet!

Comodo Pitfalls

Let’s try with Comodo,a great piece of antivirus software (not sarcasm, really). Quote by CIA employee:

“Comodo is a giant PITA. It can and will catch and show your entire chain of execution and a great deal of your file I/O. If you drop and run, it will show where you drop, what you run, and what you run runs. Yeah, it’s that bad.”

But, there’s an oasis for malware binaries – Recycle Bin. Comodo doesn’t like trash, so it doesn’t dig there. Placing the binary in the root directory of the bin will ensure safe start for the malware, although the battle is not yet over as Comodo will detect some obviously malicious actions after that point.

Comodo takes a lot of computer resources to give malware authors mentioned colossal pain in the posterior. It literally monitors everything, including standard Windows services (!!). At least it did, before versions 6.X. Apparently, they decided that was suboptimal and made a step in the other direction. One big step, I gotta say – anything running with SYSTEM privileges is considered legit. Read that again, because if you got a kernel level exploit, you can play drums on the SYSTEM parts and as long as you run as SYSTEM, you’re fine. By the words of CIA employee: “this is a hole you could drive a very large wheeled freight carrying vehicle through”.

Unfortunately, many tricks are left as empty files and marked as “secret”, but let’s not be greedy here. If you like this topic, you can check CIA’s malware writing instructions that were written with forensic analysis in mind. Also, don’t miss my future series about evading anti-virus if you enjoy studying this as much as I do.

Tuesday, March 28, 2017

German Tried To Pay With Counterfeit Money For Pizza – Got Busted

A family man from Cologne, Germany was sentenced for trying to put counterfeit euro notes into circulation, which he bought from the dark web.

Mike K. (his name was changed for privacy reasons), a 24-year-old family man was sitting in the courtroom for the charge of forgery on March 11. According to official court documents, the defendant ordered four pieces of counterfeit 50 euro notes from a dark net vendor costing him 43.5 euros. After the fake bills were delivered to his address, he tried to use one of the notes to pay for a pizza he ordered. However, the quality of the bills was so bad that the delivery man immediately recognized that the money the 24-year-old tried to pay with is fake, and alerted police.

After they examined the notes, law enforcement authorities found a connection with a Bavarian counterfeit vendor duo. The investigation revealed that the fake bills were coming from already convicted dark net sellers. Officials identified the connection by looking at the serial numbers on the bills.

The 24-year-old admitted his crimes, and said that ordering the notes “was not the smartest decision.”

The father, who has a small daughter at the age of two, was sentenced to six months in prison. The 24-year-old received a harsher sentence since he was already convicted of theft, property damage and unauthorized arms possession.

The Bavarian vendor duo, who sold the counterfeit bills to the 24-year-old, was arrested in 2016. Law enforcement authorities started investigating the case in early 2016 when they received information on a currency counterfeiting operation in Geisenhausen. Later on, police discovered that the 22-year-old Daniel T. and the 24-year-old Arthur K. were running a vendor shop selling fake euro bills to customers from a garage they rented.

According to a local news outlet, the investigation began after law enforcement authorities received an anonymous tip. The tipster, possibly the landlord, claimed that the two men spent an unusual amount of time in the garage, and carried trash bags routinely from inside to a nearby, openly visible location. When investigators searched the bags, they discovered numerous remains of counterfeit 50 euro bills. After law enforcement authorities gathered enough evidence of the duo, they raided the garage of the suspects residence.

Officials seized 2,856 holograms, computers, three inkjet printers, and large quantities of paper designed for printing euros. Cutting tools, chemicals for the treatment of printed notes, and 50 counterfeit euros were also found. Authorities claim that the holograms were purchased from a vendor on the dark web.

Based on the evidence investigators gathered and individual testimonies, law enforcement authorities discovered that the two men were running a seller shop on the dark net selling counterfeit 50 euro bills to customers on an international level. In an initial search, police discovered about 200 postal documents detailing the online transactions of the duo. The documents revealed the country where the sellers shipped the fake euro bills, along with the name and the address of the recipients.

“It is already known that shipments of counterfeits have arrived with respective note numbers. To clarify further Gerechtshof ought and their reach, the investigation will continue for this purpose,” an LKA official said during the hearing.

According to the prosecution, the duo produced about 5,000 pieces of counterfeit 50 euro bills, which would be $276,362 worth of fake currency. The two suspects sold the counterfeit notes for 20 percent of the original price (10 euros for a 50 euro bill), investigators claim.

Authorities from the Netherlands, Switzerland, and Austria reported that they were on a high alert on the counterfeit bills the vendor duo sold. According to the court documents, 1,227 pieces of the fake notes were delivered to customers just in the three European countries.

Both defendants showed cooperation with authorities, which resulted in a mitigated sentence. The 22-year-old Daniel T. was convicted of commercial counterfeiting and possession of stolen goods. He was sentenced to three and a half years in prison. His accomplice, the 24-year-old Arthur K., was charged only with commercial counterfeiting. He was sentenced to three years and two months in prison.

Majority of Web Users Not Willing to Trade Privacy For Discounts & Benefits

University of Pennsylvania’s new research paper entitled “The Tradeoff Fallacy” which looks into the misrepresentation of marketing schemes and online advertising initiatives found that the vast majority of web users are strictly against the collection of their personal and financial information, contrary to how online marketing is demonstrated to the public.

Over the past decade, the emergence of innovative and revolutionary social media platforms such as Facebook, YouTube, Twitter, Instagram and Qzone have led to the creation of aggressive marketing methods and strategies based on the collection and analysis of highly sensitive user data.

Although marketers, social media platforms, search engines and browsers continue to claim that personal information and financial data are released to advertisers with the consent and agreement of users, most web users claim that they are against such collection of data. In fact, a large portion of users aren’t even aware that their data is being surveilled by marketers.

“New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americans give out information about themselves as a tradeoff for benefits they receive. On the contrary, the survey reveals most Americans do not believe that ‘data for discounts’ is a square deal.”

An interesting aspect of the research led by Joseph Turow, professor of Communication at the Annenberg School for Communication, University of Pennsylvania, is that the rest of web users who are aware of the mass collection of information feel completely impuissant toward it. Even if users value their privacy and personal data, they often fail to implement necessary methods in order to protect their online identities.

“Resignation occurs when a person believes an undesirable outcome is inevitable and feels powerless to stop it. Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them. Our study reveals that more than half do not want to lose control over their information but also believe this loss of control has already happened,” wrote Turow.

While innovators and technology developers unanimously agree that a cutback on regulations and policies could significantly benefit the technology and financial industries in terms of growth and expansion, regulators continue to introduce tight regulatory frameworks to ensure each aspect of industry are standardized to the market.

If policymakers choose to regulate an industry, they need to obtain a certain level of knowledge to stay in a position wherein they can evaluate the advantages and limitations of particular technologies and their applications.

With that said, it is already widely known that companies like Google and Facebook offer marketers, advertisers and clients with access to their surveillance intelligence platforms which essentially allow marketers to evaluate the habits and routines of users on their networks. If policymakers are willing to regulate the technology and financial industries, they need to look closely into the practices of information companies like Google and the impact they are having on online marketing.

In a more general sense of data tradeoffs, the paper noted:

“If we use a broader definition of a belief in tradeoffs— the average value of all three statements—even then only 21% of the respondents accept the idea. Yet, when we present a real-life tradeoff case— asking Americans whether they would take discounts in exchange for allowing their supermarket to collect information about their grocery purchases —43%, or more than twice as many as in the broader definition of tradeoff supporters, say yes to tradeoffs.”

Danish Police Make Headway in Darknet Investigations

According to Kim Aarenstrup, head of the National Police’s Cyber ​​Crime Centre (NC3), Danish police developed tools to prevent darknet drug trade. The tools, she explained in a press release, came in the form of new methods of Bitcoin transaction analysis. The engineers at NC3 used “new skills, methods, and technologies” to “to prove and punish rogue trades with bitcoin.”

The new method already proved itself in the form of two darknet-linked convictions. Aarenstrup called the new mixture of skills and technologies a breakthrough—a new era of darknet and Bitcoin investigations. NC3’s method reinforced the notion that darknet marketplace users never had any form of anonymity. “The tracks are there and the criminals can not remove them,” Aarenstrup said.

“Two employees could in an afternoon identify 150 suspected drug dealers in dark web. The cases are now being further developed. The analytical method creates endless opportunities to expose criminals transactions with bitcoins,” she explained. The NC3 collaborated with various forms of law enforcement in several darknet cases, but this outdid any past assistance. Prosecutor Jesper Klyve of the Mid and West Jutland Police said that the EC3 also helped when phones needed wiretapping or computers needed searching.

Two darknet drug cases from April 2016 resulted in convictions because of the the EC3’s new skill set, the head of the National Police’s Cyber ​​Crime Centre explained. In one, the Court of Holstebro convicted a 22-year-old man of drug trafficking. The court sentenced him to four years in prison as the prosecution proved he trafficked 2.3 kilograms of amphetamine.

In the other, the Court in Herning sentenced a 23-year-old man to eight years in prison. He purchased and subsequently received eight kilograms of amphetamine and 100 grams of cocaine via the darknet. Both cases ended in convictions, Aarenstrup added.

“We showed that the accused transferred certain amount of bitcoins to specific marketplaces on the Dark Web,” Prosecutor Jesper Klyve said. “We knew the exact prices in those markets, so we multiplied up. It is similar to when we previously found drug accounts. It opens up new opportunities to investigate and prove serious crime.”

The press release explained that prosecutors, in the past, faced difficulties with Bitcoin. The senders and recipients kept themselves separated and no external link existed. But the NC3’s breakthrough “allowed investigators to document each transaction between criminals and the marketplaces.”

NC3 hosted international cybercrime conferences on the new analytical method used to track darknet criminals. United States law enforcement attended the conferences and other countries displayed their interest. Europol already participated; if we learned anything in 2016, it regarded Europol, Interpol, and member states. Where Europol travels, so will Interpol.

Compromised Email Credentials Behind Most Healthcare Breaches

According to Evolve IP and ID Agent, hackers breached organisations through compromised emails 63% of the time. The security firms conducted a study of the security practices of 1,000 healthcare organizations. Out of those 1,000 organizations, employees at 680 of them already lost control of their email credentials. Whoever hacked the email accounts of those from the 68% of organisation also uploaded credentials to the darknet.

Only 76% of the uploaded passwords contained immediately usable information. And even then, only 23% of the breached emails came with plaintext passwords. Darknet marketplaces and forums routinely hosted breached healthcare data in 2016, but password dumps found their way to the clearnet too. The darknet provided good cover for hackers or credential vendors last year but landed the publicity needed for a healthcare breach. As another advertisement venue many hackers took to the clearnet.

“With 68 percent of healthcare organizations having compromised credentials within the Dark Web, organizations are failing to adequately protect customers from online account takeover and data exploit,” Kevin Lancaster of ID Agen said. “To combat the growing threat, it’s important to develop an end-to-end solution to automate the process of identifying stolen credentials and proactively securing customer on-line accounts.”

The hacker, or at least the vendor of the credentials did not necessarily sell healthcare credentials on the clearnet. Instead, the clearnet’s larger media platform as served as a leveraging piece. In many cases, selling on the darknet was a last resort for the bad actor; they wanted the beach as publicised as possible. Once word spread, they sat and hoped the breached company paid the ransom for their confidential information.

The vendor on a darknet marketplace likely never mentioned the word “ransom” and, often times, may not have known the hacker’s true intentions. Another company that reported additional findings from Evolve IP and ID Agent added the so-called vendor “credential lifecycle.” Vendors noted commonalities between breaches. “Gain access to data from emails exploited by phishing, malware, data breach, social engineering and other attack forms,” the company explained.

The next step in the credential lifecycle, according to the report, fell under an analysis category. “Use obtained data to study a targeted company or individual.” With information obtained from said data, the next steps were: “gain system access,” and “establish a foothold in the system.”

And finally the hacker needed to “gain more privileges” and “move laterally through the organization and its supply chain to extract data or control system access.”

Verizon’s 2016 Data Breach investigations Report revealed that employees opened 30% of phishing emails. Another 12% opened or downloaded the payload.
“While it is virtually impossible to prevent phishing attacks, the right disaster recovery plan and (disaster recovery) services can prevent a healthcare organization from experiencing serious losses or even potentially going out of business,” Evolve IP’s David M. McCrystal said.

Monday, March 27, 2017

Former Silk Road 2.0 Buyer Sentenced to Prison

On March 13, acting U.S. Attorney Andrew Birge announced that Chief U.S. District Judge Robert J. Jonker sentenced a Michigan man to prison for conspiracy to distribute controlled substances. Michael Carlton Paiva, the defendant, bought significant quantities of drugs from vendors on the Silk Road 2.0. The feds watched him until 2017 when they gathered enough evidence to send Paiva to prison for 30 months.

During the “international law enforcement operation” that brought down the second iteration of the Silk Road, police spotted Paiva. He purchased amphetamines, substituted phenethylamines, tryptamines, and lysergamides in quantities too great for personal use. Law enforcement identified the 30-year-old as a distributor in the Western District of Michigan.

Between 2013 and 2016, Paiva converted cash into Bitcoin and purchased the following drugs from various vendors both on and off the Silk Road 2.0. He bought MDMA, mescaline, LSD, AL-LAD, DMT, DOM, 25i-NBOMe, and liquid mushrooms. The U.S. Attorney’s Office of the Western District of Michigan said that Paiva sold heroin, methamphetamine, and cocaine. They distinguished the three aforementioned drugs from the darknet list, but never clarified where he purchased them.

“The federal government has the tools, resources, and commitment to identify and prosecute criminals on the dark web and will continue to do so,” Acting U.S. Attorney Birge said. “Drug traffickers who believe that the dark web and cryptocurrency will provide anonymity and shield them from the rule of law are sorely mistaken.”

Homeland Security Investigations of Grand Rapids and The West Michigan Enforcement Team led the investigation into Paiva.

“Homeland Security Investigations and our partners are at the tip of the spear in the effort against illicit activities and financial crimes associated with virtual currency systems,” Steve Francis, Acting Special Agent in Charge of HSI Detroit said. “Criminals have the false impression that their black markets activity using digital currency like Bitcoin are avoiding scrutiny. The reality is that these activities do not escape the reach of law enforcement.”

Interestingly, federal law enforcement listed AL-LAD as a drug man purchased on the darknet. The LSD analog is unscheduled and technically legal, according to the DEA. The synthesis of AL-LAD requires LSD as a base so the connection between AL-LAD and the US analog law may be an easy one for the prosecution to draw.

“The West Michigan Enforcement Team, HSI Grand Rapids, and the U.S. Attorney’s Office have a long history of collaboration and this case is another great example of that relationship,” said Detective First Lieutenant Andy Fias, WEMET Section Commander. “We value this partnership and it was successful in this investigation and others in the past. The disruption of this drug trafficking organization will have a deep impact on several West Michigan communities.”