Jun 252019

Ari Rabinovitch and Tova Cohen report:

Hackers broke into the systems of more than a dozen global telecom firms and stole huge amounts of data in a seven-year spying campaign, researchers from a cyber security company said, identifying links to previous Chinese cyber-espionage activities.

Investigators at U.S.-Israeli cyber firm Cybereason said on Tuesday the attackers compromised companies in more than 30 countries and aimed to gather information on individuals in government, law-enforcement and politics.

Read more on Reuters. And do read Zack Whittaker’s coverage.

Related: Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

Jun 242019

Kartikay Mehrotra and Aoife White report:

Facebook Inc. failed to fend off a lawsuit over a data breach that affected nearly 30 million users, one of several privacy snafus that have put the company under siege. The company’s disclosure in September that hackers exploited several software bugs to obtain login access to accounts was tagged as Facebook’s worst security breach ever. An initial estimate that as many as 50 million accounts were affected was scaled back weeks later.

A federal appeals court in San Francisco on June 21 rejected the company’s request to block the lawsuit, saying claims against Facebook can proceed for negligence and for failing to secure users’ data as promised.

Read more at: Bloomberg Quint.

Jun 242019

Catalin Cimpanu reports:

In a bizarre investigation, Belgium police have identified a member of the Anonymous Belgium hacker collective while investigating an arson case at a local bank.

The perpetrator, a 35-year-old man from the Belgian city of Roeselare, was initially arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, a suburb of Roeselare, back in 2014.

Police tracked down the suspect because he dropped a USB thumb drive on the ground while/after throwing the Molotov cocktail.

Read more on ZDNet.

Jun 242019

Sum Lok-kei and Elizabeth Cheung report:

Patient data at Hong Kong’s public hospitals can be accessed by any user with no need for a password, a leaked video shown to the Post and verified by multiple hospital sources has revealed.

Software developer Wong Ho-wa warned the program used in public accident and emergency (A&E) wards called AEIS carried a huge risk and was built with an “intentional back door”, allowing anyone to access patients’ files while leaving no trace.

South China Morning Post.

Jun 232019

From DOJ:

FRESNO, Calif., June 20  — An indictment was unsealed on June 20, 2019, charging Bryan Connor Herrell, 24, with conspiring to engage in a racketeer influenced corrupt organization, U.S. Attorney McGregor W. Scott for the Eastern District of California and Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division announced.

According to court documents, Herrell was a moderator on the AlphaBay marketplace, an illegal website that operated on the so-called darknet. On AlphaBay, vendors and purchasers engaged in hundreds of thousands of illicit transactions for guns, drugs, stolen identity information, credit card numbers and other illegal items. At the time, AlphaBay was considered to be the world’s largest online drug marketplace.

Allegedly, as a moderator on AlphaBay, Herrell settled disputes between vendors and purchasers. He is also accused of serving as a scam watcher – providing a service dedicated to monitor attempts to defraud AlphaBay users. Herrell went by the monikers “Penissmith” and “Botah” and was paid in Bitcoin for his participation.

On June 1, 2017, a Fresno grand jury indicted the alleged founder of AlphaBay, Alexandre Cazes. On July 5, 2017, the Royal Thai Police, with assistance from the FBI and DEA, executed an arrest warrant for Alexandre Cazes at his residence in Bangkok, in connection with his alleged involvement with AlphaBay. At the time of his arrest, law enforcement discovered Cazes’s laptop open and in an unencrypted state. Agents and officers found several text files that identified the passwords/passkeys for the AlphaBay website, the AlphaBay servers, and other online identities associated with AlphaBay. The indictment against Cazes was dismissed as a result of his death. The investigation of AlphaBay and its former administrators continues.

This case was the product of an investigation by the Sacramento and Philadelphia Field offices of the Federal Bureau of Investigation. Assistant United States Attorneys Paul Hemesath and Grant B. Rabenn, and Senior Counsel Louisa K. Marion of the Department of Justice’s Computer Crime and Intellectual Property Section are prosecuting the case. The Philadelphia United States Attorney’s Office provided substantial assistance.

Herrell is currently in custody.

If convicted, Herrell faces a maximum statutory penalty of 20 years in prison. Any sentence, however, would be determined at the discretion of the court after consideration of any applicable statutory factors and the Federal Sentencing Guidelines, which take into account a number of variables. The charges are only allegations; the defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.

Source: USAO – California, Eastern

Press Release Number:  1:17-CR-00301 DAD BAM