Tag Archives: fbi

Mr. Robot ‘Plugs’ uTorrent and Pirate Release Groups

Post Syndicated from Ernesto original https://torrentfreak.com/mr-robot-plugs-utorrent-and-pirate-release-groups-160729/

fsocEarlier this month the second season of Mr. Robot premiered.

The TV-show, which portrays and appeals to a subculture of nerds, hacktivists, hackers and technology insiders, has become an instant cult hit.

Aside from classic hacker groups, the makers of the show were inspired by The Pirate Bay founders. Last year Mr. Robot creator Sam Esmail admitted that the main character Elliot is in part modeled after the illustrious trio.

In addition, Mr. Robot also includes various nods and easter eggs for the technology inclined. For example, the first episode of the second season included an online trail for people to follow in the real world.

In the most recent episode, pirates were saluted during a short scene. Without giving away any spoilers, the main character Elliot was shown playing a pirated movie via his PLEX media server.

The movie in question, The Careful Massacre of the Bourgeoisie, is “fake” but that’s not true for the other pirate references displayed.

uTorrent / PLEX and pirate groups (large)

robotutorr

As the screenshot above shows, Elliot uses a recent version of the popular BitTorrent client uTorrent, showing a house ad for an upgrade to uTorrent Plus.

In the “movies” folder, which is also shown, we can see various other movies complete with release group tags such as YIFY, PRiSTiNE, DiPSHiT, RARBG and CRiTERiON.

It is safe to say that these were not included by accident but as a nod towards the pirates in the audience. The same can be said for the iconic FBI warning that’s shown when the movie starts playing.

FBI warning (large)

robotfbi

The mention didn’t go unnoticed by the pirate groups in question. We reached out to YIFY, who quit after running into legal trouble last year, and he appreciates the mention.

“Makes me feel like a little bit of a ‘bad ass’, even though it’s a pretty minor thing in the show still a cheeky smile came about,” YIFY told TF.

“I do like the fact that the producers of Mr Robot specifically do try to get an accurate reflection of today’s real world online.”

While the names of the pirate groups are indeed accurate, there may be room for improvement. A member of another release group pictured in the episode, who commented on condition of anonymity, questioned Elliot’s BitTorrent client preference.

“I find it hard to believe that the main character in the show – a pro hacker – is using a non-open source software to download or stream his torrents,” the group member said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The Security of Our Election Systems

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/07/the_security_of_11.html

Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded.

The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation’s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November ­ that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way ­ politically, economically or in cyberspace ­ and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there’s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

Even more important, we need to secure our election systems before autumn. If Putin’s government has already used a cyberattack to attempt to help Trump win, there’s no reason to believe he won’t do it again ­ especially now that Trump is inviting the “help.”

Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.

But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.

We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online.

Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.

There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing ­ publishing personal information and documents about a person or organization ­ and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.

Government interference with foreign elections isn’t new, and in fact, that’s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too ­ most notably in Latin America. Hacking of voting machines isn’t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they’re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

Election security is now a national security issue; federal officials need to take the lead, and they need to do it quickly.

This essay originally appeared in the Washington Post.

Russian Hack of the DNC

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/07/russian_hack_of.html

Amazingly enough, the preponderance of the evidence points to Russia as the source of the DNC leak. I was going to summarize the evidence, but Thomas Rid did a great job here. Much of that is based on June’s forensic analysis by Crowdstrike, which I wrote about here. More analysis here.

Jack Goldsmith discusses the political implications.

The FBI is investigating. It’s not unreasonable to expect the NSA has some additional intelligence on this attack, similarly to what they had on the North Korea attack on Sony.

EDITED TO ADD (7/27): More on the FBI’s investigation. Another summary of the evidence pointing to Russia.

Tracking the Owner of Kickass Torrents

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/07/tracking_the_ow.html

Here’s the story of how it was done. First, a fake ad on torrent listings linked the site to a Latvian bank account, an e-mail address, and a Facebook page.

Using basic website-tracking services, Der-Yeghiayan was able to uncover (via a reverse DNS search) the hosts of seven apparent KAT website domains: kickasstorrents.com, kat.cr, kickass.to, kat.ph, kastatic.com, thekat.tv and kickass.cr. This dug up two Chicago IP addresses, which were used as KAT name servers for more than four years. Agents were then able to legally gain a copy of the server’s access logs (explaining why it was federal authorities in Chicago that eventually charged Vaulin with his alleged crimes).

Using similar tools, Homeland Security investigators also performed something called a WHOIS lookup on a domain that redirected people to the main KAT site. A WHOIS search can provide the name, address, email and phone number of a website registrant. In the case of kickasstorrents.biz, that was Artem Vaulin from Kharkiv, Ukraine.

Der-Yeghiayan was able to link the email address found in the WHOIS lookup to an Apple email address that Vaulin purportedly used to operate KAT. It’s this Apple account that appears to tie all of pieces of Vaulin’s alleged involvement together.

On July 31st 2015, records provided by Apple show that the me.com account was used to purchase something on iTunes. The logs show that the same IP address was used on the same day to access the KAT Facebook page. After KAT began accepting Bitcoin donations in 2012, $72,767 was moved into a Coinbase account in Vaulin’s name. That Bitcoin wallet was registered with the same me.com email address.

Another article.

U.S. Government Sued for Software Piracy, Maker Claims $600m

Post Syndicated from Ernesto original https://torrentfreak.com/u-s-government-sued-for-software-piracy-maker-claims-600m-160720/

usnavyIn recent years the U.S. Government has taken an aggressive stance towards copyright infringement, both at home and abroad.

However, that doesn’t mean that the Government always sticks to the rules, quite the contrary. In a recent lawsuit it stands accused of willful copyright infringement on a massive scale.

The case centers around “BS Contact Geo,” a 3D virtual reality application developed by the German company Bitmanagement. The Navy was enthusiastic about the geographical modeling capabilities of the software and in 2011 and 2012 it agreed to license its use for 38 computers.

“Those individual PC-based licenses authorized the Navy to install BS Contact Geo on a total of just 38 computers for the purposes of testing, trial runs, and integration into Navy systems,” the software vendor states in the federal claims court complaint (pdf).

After testing the application for a while, both parties started negotiating the licensing of additional computers. However, before any deals were made, the software maker learned that the Navy had already installed it on over 100,000 computers.

According to emails Bitmanagement executives received in 2013, the software had been rolled onto at least 558,466 computers on the Navy’s network, without their permission.

“Even as it negotiated with Bitmanagement over the proposed large-scale licensing of its product, the Navy was simultaneously copying and installing that software, without Bitmanagement’s advance knowledge or authorization, on a massive scale,” the complaint reads.

In addition, the Navy allegedly disabled the software that is supposed to track on how many computers the software is being used. This violation of the terms of service prevents the software vendor from stopping the unauthorized copying.

“To make matters worse, starting in 2014, the ‘Flexwrap’ software intended to track the Navy’s use and duplication of BS Contact Geo on Navy computers was disabled,” the complaint explains.

This change made it impossible for Bitmanagement to know the scope of the deployment and use of BS Contact Geo on unlicensed machines or to limit that use,” the company adds.

The software vendor says that the willful copyright infringement has caused injury to its business and rights. As a result, they’re now demanding compensation for the damage that was caused, to a total of nearly $600 million.

Installing BS Contact Geo onto a single PC cost roughly $1067 at the time, so Bitmanagement claims that it is entitled to at least $596,308,103 in unpaid licensing fees.

For comparison, that is more than the damages Kim Dotcom and Megaupload have caused copyright holders, according to the United States. And that case was billed by the FBI as one of the “largest criminal copyright cases” in history.

Interestingly this is not the first time that the U.S. military has been “caught” pirating software. A few years ago it was accused of operating unlicensed logistics software, a case the Obama administration eventually settled for $50 million.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Serial Swatter, Stalker and Doxer Mir Islam Gets Just 1 Year in Jail

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/07/serial-swatter-stalker-and-doxer-mir-islam-gets-just-1-year-in-jail/

Mir Islam, a 21-year-old Brooklyn man who pleaded guilty to an impressive array of cybercrimes including cyberstalking, “doxing” and “swatting” celebrities and public officials (as well as this author), was sentenced in federal court today to two years in prison. Unfortunately, thanks to time served in this and other cases, Islam will only see a year of jail time in connection with some fairly heinous assaults that are becoming all too common.

While Islam’s sentence fell well short of the government’s request for punishment, the case raises novel legal issues as to how federal investigators intend to prosecute ongoing cases involving swatting — an extremely dangerous prank in which police are tricked into responding with deadly force to a phony hostage crisis or bomb scare at a residence or business.

Mir Islam, at his sentencing hearing today. Sketches copyright by Hennessy / CourtroomArt.com

Mir Islam, at his sentencing hearing today. Sketches copyright by Hennessy / CourtroomArt.com. Yours Truly is pictured in the blue shirt behind Islam.

On March 14, 2014, Islam and a group of as-yet-unnamed co-conspirators used a text-to-speech (TTY) service for the deaf to relay a message to our local police department stating that there was an active hostage situation going on at our modest town home in Annandale, Va. Nearly a dozen heavily-armed officers responded to the call, forcing me out of my home at gunpoint and putting me in handcuffs before the officer in charge realized it was all a hoax.

At the time, Islam and his pals were operating a Web site called Exposed[dot]su, which sought to “dox” public officials and celebrities by listing the name, birthday, address, previous address, phone number and Social Security number of at least 50 public figures and celebrities, including First Lady Michelle Obama, then-FBI director Robert Mueller, and then Central Intelligence Agency Director John Brennan.

Exposed.su also documented which of these celebrities and public figures had been swatted, including a raft of California celebrities and public figures, such as former California Governor Arnold Schwartzenegger, actor Ashton Kutcher, and performer Jay Z.

Exposed[dot]su was built with the help of identity information obtained and/or stolen from ssndob[dot]ru.

Exposed[dot]su was built with the help of identity information obtained and/or stolen from ssndob[dot]ru.

At the time, most media outlets covering the sheer amount of celebrity exposure at Exposed[dot]su focused on the apparently starling revelation that “if they can get this sensitive information on these people, they can get it on anyone.” But for my part, I was more interested in how they were obtaining this data in the first place.

On March 13, 2013 KrebsOnSecurity featured a story — Credit Reports Sold for Cheap in the Underweb –which sought to explain how the proprietors of Exposed[dot]su had obtained the records for the public officials and celebrities from a Russian online identity theft service called sssndob[dot]ru.

I noted in that story that sources close to the investigation said the assailants were using data gleaned from the ssndob[dot]ru ID theft service to gather enough information so that they could pull credit reports on targets directly from annualcreditreport.com, a site mandated by Congress to provide consumers a free copy of their credit report annually from each of the three major credit bureaus.

Peeved that I’d outed his methods for doxing public officials, Islam helped orchestrate my swatting the very next day. Within the span of 45 minutes, KrebsOnSecurity.com came under a sustained denial-of-service attack which briefly knocked my site offline.

At the same time, my hosting provider received a phony letter from the FBI stating my site was hosting illegal content and needed to be taken offline. And, then there was the swatting which occurred minutes after that phony communique was sent.

All told, the government alleges that Islam swatted at least 19 other people, although only seven of the victims (or their representatives) showed up in court today to tell similarly harrowing stories (I was asked to but did not testify).

Officers responding to my 2013 swatting incident.

Security camera footage of Fairfax County police officers responding to my 2013 swatting incident.

Going into today’s sentencing hearing, the court advised that under the government’s sentencing guidelines Islam was facing between 37 and 46 months in prison for the crimes to which he’d pleaded guilty. But U.S. District Court Judge Randolph Moss seemed especially curious about the government’s rationale for charging Islam with conspiracy to transmit a threat to kidnap or harm using a deadly weapon.

Judge Moss said the claim raises a somewhat novel legal question: Can the government allege the use of deadly force when the perpetrator of a swatting incident did not actually possess a weapon?

Corbin Weiss, an assistant US attorney and a cybercrime coordinator with the U.S. Department of Justice, argued that in most of the swatting attacks Islam perpetrated he expressed to emergency responders that any responding officers would be shot or blown up. Thus, the government argued, Islam was using police officers as a proxy for assault with a deadly weapon by ensuring that responding officers would be primed to expect a suspect who was armed and openly hostile to police.

Islam’s lawyer argued that his client suffered from multiple psychological disorders, and that he and his co-conspirators orchestrated the swattings and the creation of exposed[dot]su out of a sense of “anarchic libertarianism,” bent on exposing government overreach on consumer privacy and use of force issues.

As if to illustrate his point, a swatting victim identified by the court only as Victim #4 was represented by Fairfax, Va. lawyer Mark Dycio. That particular victim did not wish to be named or show up in court, but follow-up interviews confirmed that Dycio was representing Wayne LaPierre, the executive vice president of the National Rifle Association.

According to Dycio, police responded to reports of a hostage situation at the NRA boss’s home just days after my swatting in March 2013. Impersonating LaPierre, Islam told police he had killed his wife and that he would shoot any officers responding to the scene. Dycio said police initially had difficulty identifying the object in LaPierre’s hand when he answered the door. It turned out to be a cell phone, but Dycio said police assumed it was a weapon and stripped the cell phone from his hands when entering his residence. The police could have easily mistaken the mobile phone for a weapon, Dycio said.

Another victim that spoke at today’s hearing was Stephen P. Heymann, an assistant U.S. attorney in Boston. Heymann was swatted because he helped prosecute the much-maligned case against the late Aaron Swartz, a computer programmer who committed suicide after the government by most estimations overstepped its bounds by charging him with hacking for figuring out an automated way to download academic journals from the Massachusetts Institute of Technology (MIT).

Heymann, whose disability requires him to walk with a cane, recounted the early morning hours of April 1, 2013, when police officers surrounded his home in response to a swatting attack launched by Islam on his residence. Heymann recalled worrying that officers responding to the phony claim might confuse his cane with a deadly weapon.

One of the victims represented by a proxy witness in today’s hearings was the wife of a SWAT team member in Arizona who recounted several tense hours hunkered down at the University of Arizona, while her husband joined a group of heavily-armed police officers who were responding to a phony threat about a shooter on the campus.

Not everyone had nightmare swatting stories that aligned neatly with Islam’s claims. A woman representing an anonymous “Victim #3” of Islam’s was appearing in lieu of a cheerleader at the University of Arizona that Islam admitted to cyberstalking for several months. When the victim stopped responding to Islam’s overtures, he phoned in an active shooter threat to the local police there that a crazed gunman was on the loose at the University of Arizona campus.

According to Robert Sommerfeld, police commander for the University of Arizona, that 2013 swatting incident involved 54 responding officers, all of whom were prevented from responding to a real emergency as they moved from building to building and room to room at the university, searching for a fictitious assailant. Sommerfeld estimates that Islam’s stunt cost local responders almost $40,000, and virtually brought the business district surrounding the university to a standstill for the better part of the day.

Toward the end of today’s sentencing hearing, Islam — bearded, dressed in a blue jumpsuit and admittedly 75 pounds lighter than at the time of his arrest — addressed the court. Those in attendance who were hoping for an apology or some show of remorse from the accused were left wanting as the defendant proceeded to blame his crimes on multiple psychological disorders which he claimed were not being adequately addressed by the U.S. prison system. Not once did Islam offer an apology to his victims, nor did he express remorse for his actions.

“I didn’t expect to go as far as I did, but because of these disorders I felt I was invincible,” Islam told the court. “The mistakes I made before, I have to pay for that. I understand that.”

Sentences that noticeably depart from the government’s sentencing guidelines are grounds for appeal by the defendant, and Judge Moss today seemed reluctant to imprison Islam for the maximum 46 months allowed under the criminals statutes to which Islam had admitted to violating. Judge Moss also seemed to ignore the fact that Islam expressed exactly zero remorse for his crimes.

Central to the judge’s reluctance to sentence Islam to the statutory maximum penalty was Islam’s 2012 arrest in connection with a separate cybercrime sting orchestrated by the FBI called Operation Card Shop, in which federal agents created a fake cybercrime forum dedicated to credit card fraud called CarderProfit[dot]biz.

U.S. law enforcement officials in Washington, D.C. involved in prosecuting Islam for his swatting, doxing and stalking crimes were confident that Islam would be sentenced to at least two years in prison for trying to sell and buy stolen credit cards from federal agents in the New York case, thanks to a law that imposes a mandatory two-year sentence for crimes involving what the government terms as “aggravated identity theft.”

Much to the government’s chagrin, however, the New York judge in that case sentenced Islam to just one day in jail. But by his own admission, even while Islam was cooperating with federal prosecutors in New York he was busy orchestrating his swatting attacks and administering the Exposed[dot]su Web site.

Islam was re-arrested in September 2013 for violating the terms of his parole, and for the swatting and doxing attacks to which he pleaded guilty. But the government didn’t detain Islam in connection with those crimes until July 2015. Since Islam has been in federal detention since then, and Judge Moss seemed eager to ensure that this would count as time served against Islam’s sentence, meaning that Islam will serve just 12 months of his 24-month sentence before being released.

There is absolutely no question that we need to have a serious, national conversation about excessive use of force by police officers, as well as the over-militarization of local police forces nationwide.

However, no one should be excused for perpetrating these potentially deadly swatting hoaxes, regardless of the rationale. Judge Moss, in explaining his brief deliberation on arriving at Islam’s two-year (attenuated) sentence, said he hoped to send a message to others who would endeavor to engage in swatting attacks. In my estimation, today’s sentence sent the wrong message, and missed that mark by a mile.

Romanian Govt. Seizes Leading Pirate Site Domain

Post Syndicated from Andy original https://torrentfreak.com/romanian-govt-seizes-leading-pirate-site-domain-160711/

domainseizedOver the past several years, many countries in mainly Western Europe have responded to pressure from US-based companies to act against Internet piracy.

In some cases, this has involved passing new legislation to make life harder for pirates but largely it has been left to national courts and informal industry-led stakeholders groups to decide how to deal with unauthorized distribution.

In Eastern Europe, anti-piracy activity is much more limited but now it appears that tough measures can be taken when the authorities see fit. According to reports coming out of Romania, the government has seized the domain of one of the country’s most popular streaming portals.

990.ro was among Romania’s top 100 most popular sites overall and looked like this before being shut down by the state.

rom-seized1

A TorrentFreak reader familiar with the site confirmed that 990.ro was one of the most popular locations for streaming video, TV shows in particular.

“Game of Thrones episodes were live within just a few hours after airing, complete with new (local) translations. This site was huge, you could almost watch any TV show on the planet and about 90% of the latest movies,” he explained.

For now, however, the show(s) won’t go on. Following action by the government, 990.ro’s domain is now under the control of the Ministry of Justice and displays the following message.

rom-seized

While no notice was given of this seizure, the action didn’t entirely come out of the blue. In 2012, Romania’s Audiovisual Council (CNA) reported more than 40 ‘pirate’ movie and TV show websites to the police, demanding action to shut them down.

990.ro was among those reported. The list also included Vplay.ro, the largest site of its type at the time. That domain is also under the control of the Ministry of Justice. Many of the others mentioned have since shut down, moved to new domains and/or had old ones seized.

The action against 990.ro follows a similar crackdown carried out in June 2015 which received assistance from the FBI. Three sites were shut down then and several people were arrested.

Thus far there has been no reports of arrests following the latest domain seizure. However, more serious breaches of Romanian copyright law can be punishable by fines and jail sentences of up to four years.

Since 990.ro carried a lot of advertising, it wouldn’t be a surprise to hear that tax evasion and money laundering offenses are being investigated, just as they were following last year’s raids.

Local media initially reported that 990.ro is owned by Romanian news and entertainment portal Romania Online but the company is now denying the allegations.

“The 990.ro site does not belong and has never belonged to the company ROL ONLINE NETWORK SA or any other companies in the group ROL.ro,” the company said in a statement.

“990.ro site was one of the 145,232 customers of the FASTUPLOAD.ro free service that lets you store, transfer and viewing files. FASTUPLOAD.ro site is the largest Romanian storage services and file transfer and operates under Romanian law.”

According to ROL.ro’s Linkedin page, ROL.ro is indeed affiliated with FASTUPLOAD but says that any liability lies with that company, not them.

A direct IP address for 990.ro has since ceased to function and there is no news of any return for the site.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Scientology Seeks Captive Converts Via Google Maps, Drug Rehab Centers

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/06/scientology-seeks-captive-converts-via-google-maps-drug-rehab-centers/

Fake online reviews generated by unscrupulous marketers blanket the Internet these days. Although online review pollution isn’t exactly a hot-button consumer issue, there are plenty of cases in which phony reviews may endanger one’s life or well-being. This is the story about how searching for drug abuse treatment services online could cause concerned loved ones to send their addicted, vulnerable friends or family members straight into the arms of the Church of Scientology.

As explained in last year’s piece, Don’t Be Fooled by Fake Online Reviews Part II, there are countless real-world services that are primed for exploitation online by marketers engaged in false and misleading “search engine optimization” (SEO) techniques. These shady actors specialize in creating hundreds or thousands of phantom companies online, each with different generic-sounding business names, addresses and phone numbers. The phantom firms often cluster around fake listings created in Google Maps — complete with numerous five-star reviews, pictures, phone numbers and Web site links.

The problem is that calls to any of these phony companies are routed back to the same crooked SEO entity that created them. That marketer in turn sells the customer lead to one of several companies that have agreed in advance to buy such business leads. As a result, many consumers think they are dealing with one company when they call, yet end up being serviced by a completely unrelated firm that may not have to worry about maintaining a reputation for quality and fair customer service.

Experts say fake online reviews are most prevalent in labor-intensive services that do not require the customer to come into the company’s offices but instead come to the consumer. These services include but are not limited to locksmiths, windshield replacement services, garage door repair and replacement technicians, carpet cleaning and other services that consumers very often call for immediate service.

As it happens, the problem is widespread in the drug rehabilitation industry as well. That became apparent after I spent just a few hours with Bryan Seely, the guy who literally wrote the definitive book on fake Internet reviews.

Perhaps best known for a stunt in which he used fake Google Maps listings to intercept calls destined for the FBI and U.S. Secret Service, Seely knows a thing or two about this industry: Until 2011, he worked for an SEO firm that helped to develop and spread some of the same fake online reviews that he is now helping to clean up.

More recently, Seely has been tracking a network of hundreds of phony listings and reviews that lead inquiring customers to fewer than a half dozen drug rehab centers, including Narconon International — an organization that promotes the theories of Scientology founder L. Ron Hubbard regarding substance abuse treatment and addiction.

As described in Narconon’s Wikipedia entry, Narconon facilities are known not only for attempting to win over new converts, but also for treating all drug addictions with a rather bizarre cocktail consisting mainly of vitamins and long hours in extremely hot saunas. The Wiki entry documents multiple cases of accidental deaths at Narconon facilities, where some addicts reportedly died from overdoses of vitamins or neglect:

“Narconon has faced considerable controversy over the safety and effectiveness of its rehabilitation methods,” the Wiki entry reads. “Narconon teaches that drugs reside in body fat, and remain there indefinitely, and that to recover from drug abuse, addicts can remove the drugs from their fat through saunas and use of vitamins. Medical experts disagree with this basic understanding of physiology, saying that no significant amount of drugs are stored in fat, and that drugs can’t be ‘sweated out’ as Narconon claims.”

whatshappening

Source: Seely Security.

FOLLOW THE BOUNCING BALL

Seely said he learned that the drug rehab industry was overrun with SEO firms when he began researching rehab centers in Seattle for a family friend who was struggling with substance abuse and addiction issues. A simple search on Google for “drug rehab Seattle” turned up multiple local search results that looked promising.

One of the top three results was for a business calling itself “Drug Rehab Seattle,” and while it lists a toll-free phone number, it does not list a physical address (NB: this is not always the case with fake listings, which just as often claim the street address of another legitimate business). A click on the organization’s listing claims the Web site rehabs.com – a legitimate drug rehab search service. However, the owners of rehabs.com say this listing is unauthorized and unaffiliated with rehabs.com.

As documented in this Youtube video, Seely called the toll-free number in the Drug Rehab Seattle listing, and was transferred to a hotline that took down his name, number and insurance information and promised an immediate call back. Within minutes, Seely said, he received a call from a woman who said she represented a Seattle treatment center but was vague about the background of the organization itself. A little digging showed that the treatment center was run by Narconon.

“You’re supposed to be getting a local drug rehab in Seattle, but instead you get taken to a call center, which can be owned by any number of rehab facilities around the country that pay legitimate vendors for calls,” Seely said. “If you run a rehab facility, you have to get people in the doors to make money. The guy who created these fake listings figured out you can use Google Maps to generate leads, and it’s free.”

TopSeek Inc.'s client list includes Narconon, a Scientology front group that recruits through a network of unorthodox addiction treatment centers.

The phony rehab establishment listed here is the third listing, which includes no physical address and routes the caller to a referral network that sells leads to Narconon, among others.

Here’s the crux of the problem: When you’re at Google.com and you search for something that Google believes to be a local search, Google adds local business results on top of the organic search results — complete with listings and reviews associated with Google Maps. Consumers might not even read them, but reviews left for businesses in this listings heavily influence their search rankings. The more reviews a business has, Seely said, the closer it gets to the coveted Number One spot in the search rankings.

That #1 rank attracts the most calls by a huge margin, and it can mean huge profits: Many rehab facilities will pay hundreds of dollars for leads that may ultimately lead to a new patient. After all, some facilities can then turn around and bill insurance providers for tens of thousands of dollars per patient.

WHO IS JOHN HARVEY?

Curious if he could track down the company or individual behind the phony review that prompted a call from Narconon, Seely began taking a closer look at the reviews for the facility he called. One reviewer in particular stood out — one “John Harvey,” a Google user who clearly has a great deal of experience with rehab centers.

A click on John Harvey’s Google Plus profile showed he reviewed no fewer than 82 phantom drug treatment centers around the country, offering very positive 5-star reviews on all of them. A brief search for John Harvey online shows that the person behind the account is indeed a guy named John Harvey from Sacramento who runs an SEO company in Kailua, Hawaii called TopSeek Inc., which bills itself as a collection of “local marketing experts.”

A visit to the company’s Web site shows that Narconon is among four of TopSeek’s listed clients, all of which either operate drug rehab centers or are in the business of marketing drug rehab centers.

TopSeek Inc's client list includes Narconon, a Scientology front group that seeks to recruit new members via a network of unorthodox drug treatment facilities.

TopSeek Inc’s client list includes Narconon, a Scientology front group that seeks to recruit new members via a network of unorthodox drug treatment facilities.

Calls and emails to Mr. Harvey went unreturned, but it’s clear he quickly figured out that the jig was up: Just hours after KrebsOnSecurity reached out to Mr. Harvey for comment, all of his phony addiction treatment center reviews mysteriously disappeared (some of the reviews are preserved in the screenshot below).

“This guy is sitting in Hawaii saying he’s retired and that he’s not taking any more clients,” Seely said. “Well, maybe he’s going to have to come out of retirement to go into prison, because he’s committed fraud in almost every state.”

While writing fake online reviews may not be strictly illegal or an offense that could send one to jail, several states have begun cracking down on “reputation management” and SEO companies that engage in writing or purchasing fake reviews. However, it’s unclear whether the fines being enforced for violations will act as a deterrent, since those fines are likely a fraction of the revenues that shady SEO companies stand gain by engaging in this deceptive practice.

Some of John Harvey's reviews. All of these have since been deleted.

Some of John Harvey’s reviews. All of these have since been deleted.

WHAT YOU CAN DO ABOUT FAKE ONLINE REVIEWS

Before doing business with a company you found online, don’t just pick the company that comes up tops in the search results on Google. Unfortunately, that generally guarantees little more than the company is good at marketing.

Take the time to research the companies you wish to hire before booking them for jobs or services, especially when it comes to big, expensive, and potentially risky services like drug rehab or moving companies. By the way, if you’re looking for a legitimate rehab facility, you could do worse than to start at the aforementioned rehabs.com, a legitimate rehab search engine.

It’s a good idea to get in the habit of verifying that the organization’s physical address, phone number and Web address shown in the search result match that of the landing page. If the phone numbers are different, use the contact number listed on the linked site.

Take the time to learn about the organization’s reputation online and in social media; if it has none (other than a Google Maps listing with all glowing, 5-star reviews), it’s probably fake. Search the Web for any public records tied to the business’ listed physical address, including articles of incorporation from the local secretary of state office online. A search of the company’s domain name registration records can give you an idea of how long its Web site has been in business, as well as additional details about the company and/or the organization itself.

Seely said one surefire way to avoid these marketing shell games is to ask a simple question of the person who answers the phone in the online listing.

“Ask anyone on the phone what company they’re with,” Seely said. “Have them tell you, take their information and then call them back. If they aren’t forthcoming about who they are, they’re most likely a scam.”

For the record, I requested comment on this story from Google — and specifically from the people at Google who handle Google Maps — but have yet to hear back from them. I’ll update this story in the event that changes.

Update, 7:47 p.m. ET: Google responded with the following statement: “We’re in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system – and who’ve been a thorn in the Internet’s side for over a decade. Millions of businesses regularly make edits to their addresses, hours of operation and more, so we rely heavily on the community to help keep listings up-to-date and flag issues. But this kind of spam is a clear violation of our policies and we want to eradicate it. As spammers change their techniques, we’re continually working on new, better ways to keep them off Google Search and Maps. There’s work to do, and we want to keep doing better.”

FBI Raids Spammer Outed by KrebsOnSecurity

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/06/fbi-raids-spammer-outed-by-krebsonsecurity/

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email artist currently flagged by anti-spam activists as one of the world’s Top 10 Worst Spammers, was reportedly raided by the FBI in connection with a federal spam investigation.

atballAccording to a June 9 story at ABC News, on April 27, 2016 the FBI raided the San Diego home of Persaud, who reportedly has been under federal investigation since at least 2013. The story noted that on June 6, 2016, the FBI asked for and was granted a warrant to search Persaud’s iCloud account, which investigators believe contained “evidence of illegal spamming’ and wire fraud to further [Persaud’s] spamming activities.”

Persaud doesn’t appear to have been charged with a crime in connection with this investigation. He maintains his email marketing business is legitimate and complies with the CAN-SPAM Act, the main anti-spam law in the United States which prohibits the sending of spam that spoofs that sender’s address or does not give recipients an easy way to opt out of receiving future such emails from that sender.

The affidavit that investigators with the FBI used to get a warrant for Persaud’s iCloud account is sealed, but a copy of it was obtained by KrebsOnSecurity. It shows that during the April 2016 FBI search of his home, Persaud told agents that he currently conducts internet marketing from his residence by sending a million emails in under 15 minutes from various domains and Internet addresses.

The affidavit indicates the FBI was very interested in the email address michaelp77x@gmail.com. In my 2014 piece Still Spamming After All These Years, I called attention to this address as the one tied to Persaud’s Facebook account — and to 5,000 or so domains he was advertising in spam. The story was about how the junk email Persaud acknowledged sending was being relayed through broad swaths of Internet address space that had been hijacked from hosting firms and other companies.

persaud-fbFBI Special Agent Timothy J. Wilkins wrote that investigators also subpoenaed and got access to that michaelp77x@gmail.com account, and found emails between Persaud and at least four affiliate programs that hire spammers to send junk email campaigns.

A spam affiliate program is a type of business or online retailer — such as an Internet pharmacy — that pays a third party (known as affiliates or spammers) a percentage of any sales that they generate for the program (for a much deeper dive on how affiliate programs work, check out Spam Nation).

When I wrote about Persaud back in 2014, I noted that his spam generally advertised the types of businesses you might expect to see pimped in junk email: payday loans, debt consolidation services, and various “nutraceutical” products.

Persaud did not respond to requests for comment. But in an email he sent to KrebsOnSecurity in November 2014, he said:

“I can tell you that my company deals with many different ISPs both in the US and overseas and I have seen a few instances where smaller ones will sell space that ends up being hijacked,” Persaud wrote in an email exchange with KrebsOnSecurity. “When purchasing IP space you assume it’s the ISP’s to sell and don’t really think that they are doing anything illegal to obtain it. If we find out IP space has been hijacked we will refuse to use it and demand a refund. As for this email address being listed with domain registrations, it is done so with accordance with the CAN-SPAM guidelines so that recipients may contact us to opt-out of any advertisements they receive.”

Persaud is currently listed as #10 on the World’s 10 Worst Spammers list maintained by Spamhaus, an anti-spam organization. In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers.

ISP Association Nominates Copyright Troll As ‘Internet Villain’

Post Syndicated from Andy original https://torrentfreak.com/isp-association-nominates-copyright-troll-as-internet-villain-160615/

badtrollFounded in 1995, the Internet Services Providers’ Association is the UK’s first trade group for ISPs. In addition to helping to found the anti-child abuse Internet Watch Foundation, ISPA roles include the promotion of competition and innovation, plus self-regulation for the industry.

ISPA is currently headed up by a 10 person council, which includes representatives from some of the country’s largest Internet Service Providers such as BT, Virgin and Sky. More broadly, ISPA has 134 members including telecoms giants AOL, AT&T and EE, plus technology companies Google and Microsoft.

Each year ISPA holds the ISPA Awards, a ceremony during which the group honors entities they believe have contributed to make the Internet a safer and more secure place for consumers.

This year’s nominees have just been announced and in common with previous outings, surveillance and privacy are dominant themes. Apple, for example, is nominated as an ‘Internet Hero’ for its commitment to encryption and privacy. The FBI, on the other hand, is recognized as an Internet Villain for its efforts to undermine it.

Sadly, Villains are thick on the ground this year. Donald Trump has been shortlisted for his calls on the industry to ‘close down parts of the Internet’ while Mossack Fonseca are nominated for their poor cyber-security.

But perhaps of most interest to readers is that ISPA, an influential industry group, has chosen to short-list a notorious copyright troll for the coveted position of Internet Villain of the Year 2016.

The activities of TCYK LLC have been well documented in these pages. The company represents the makers of the Robert Redford movie The Company You Keep and for some time has been sending threatening letters to Internet account holders in the UK demanding cash settlements for alleged file-sharing.

“TCYK LLP are nominated for their ‘speculative invoicing’ campaign aimed at alleged copyright infringers that an MP described as ‘ludicrous’,” ISPA announced this week.

But this isn’t the first time that ISPA has shortlisted a copyright troll for the most corrosive award of the year. In 2011, ACS:Law owner Andrew Crossley was nominated and later went on to win Internet Villain Of the Year.

Crossley was eventually made bankrupt and barred from practicing as a solicitor, but even winning this award probably won’t deter TCYK LLC from its activities. Many believe the company and its allies in the UK were setup with Crossley’s demise in mind, and have hardened themselves from attacks and scrutiny. A flick of a switch and TCYK could be gone from the UK, no matter how rocky things become.

So, while nominating TCYK as Villain of the Year would be nice, it would be much more effective if ISPA actually used its power to stand up to shadowy copyright troll operations in order to protect consumers. Until that happens, customers will continue to be subjected to their unique brand of bullying.

The winners of the ISPA awards will be announced on Thursday 7th July 2016 in The Brewery in the City of London.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Copyright Troll Calls UK Government “Cowards”

Post Syndicated from Andy original https://torrentfreak.com/copyright-troll-calls-uk-government-cowards-160604/

trollWherever there’s a controversy over unauthorized file-sharing it’s almost guaranteed that the copyright trolls at Guardaley won’t be far behind. For many years the company has been central to cases against alleged file-sharers around the world, from the United States through to the UK, Europe, Asia and Australia.

Guardaley is at the heart of what many describe as a “settlement factory”, an industrialized system to track infringements on file-sharing networks, identify Internet subscribers, and leverage cash payments from them, whether they’re guilty or not.

The list of films ‘protected’ by Guardaley is extensive but includes well-known troll fodder such as The Hurt Locker, The Expendables and The Company You Keep.

Chief Operating Officer Patrick Achache largely operates in the background but in recent times has been nurturing his public image. From public declarations of his charitable work to parading in the UK to warn of impending file-sharing doom, Achache paints himself as man on a mission of goodness. His targets, however, feel little but misery.

In a new interview conducted at the Cannes Film Festival and published on FilmFestivals.com (article since disappeared), Achache describes his life and frustrations as one of the world’s most visible copyright trolls.

“The technology to identify IP addresses is very easy – it’s participating in file-sharing networks, the difficult part is the data management and analysis, as well as the traffic. We record 200 million IP addresses per day and that is a lot to process, analyze and store,” he explains.

But while tracking might be the easy part, Achache sees pushing the boundaries of the legal system as a valuable tool to elicit payments from alleged infringers.

“Our lawyers are constantly looking into setting up new precedence cases (e.g. third party liability). In the US we have always worked with the statutory damages, which can be up to $150,000 USD for willful copyright infringement. Let us be serious – there is nothing like clicking on the wrong link and [getting] caught up in our software,” Achache says.

While it’s not difficult to take much of what Achache says with a healthy side portion of salt, he’s certainly not wrong there. Over the years tens, maybe hundreds of thousands of alleged file-sharers have fallen into Guardaley’s global clutches and most regret having done so.

“Our clients have sued infringers in Singapore. There are criminal proceedings in Poland, where people get arrested and their computers get taken away. We have provided data for at least 1,000 lawsuits in Germany. In the US our clients are thriving to take someone to court,” he reveals.

But while Achache and his clients regularly speak of their desire to go to court, their real aim is cash settlements. Achache won’t give the details but he says his lawyers have reached financial agreements with some amazing people – the German equivalent of the FBI, for example.

“We caught their IP address several times. They admitted, but I can’t provide further details as per confidentiality of the settlement. Our lawyers have all type of businesses – gas stations, embassies, army bases, banks, law firms – the list is really long. Some have thousands of illegal files on their hard drives.”

It can’t be denied that plenty fall into the Guardaley trap but it isn’t always plain sailing. According to Achache, ISPs opposing efforts to unmask file-sharers can be quite a challenge.

“In various jurisdictions they fight back hard, as they earn money from the pirating consumers which are signing on high volume bandwidth contracts,” he says.

But there are bigger challenges, ones that involve convincing industry groups and the authorities that the best way to deal with file-sharers is to threaten them with court action until they cough up hard cash.

“What is [an even bigger challenge] is to convince industry bodies and local government that the way we police piracy is the only effective way,” Achache says.

“Let us take the UK as an example: We have sent letters to all the industry bodies, tried to work with the House of Lords, sent a letter to David Cameron. No one ever responded. That’s why we call out the UK government as cowards like Avi Lerner did.”

For those familiar with the work of copyright trolls, the idea that Achache is surprised that no one responded to his overtures is somewhat surprising in itself, not to mention amusing.

While most industry bodies have a huge interest in protecting their copyrights, there is absolutely zero chance that a group like the BPI, for example, would team up with Guardaley to demand money from grandmothers, as the company recently did in the UK.

Furthermore, expecting a response from the Prime Minister is so optimistic as to be laughable and wanting to work with the House of Lords shows a disregard for history.

In 2010 the UK’s Lord Lucas described copyright trolling as “a scam” and “legal blackmail“, Lord Young likened trolls to “rogue wheel-clampers”, and several other members of the House joined them in criticism. This is not a business that lawmakers want to get involved in.

But for Achache and his numerous rightsholder partners, such setbacks are just another day at the office. Guardaley are planning on expansion, including a new case in Australia where the Dallas Buyers Club case just crashed and burned, plus other English speaking territories.

In the meantime, downloaders of the movies ‘London Has Fallen’ and ‘Criminal’ need to take care since Achache has revealed that those titles are being monitored by his company. Expect the threats and cash demands to follow in the not too distant future.

Essential further reading on Guardaley here for those hungry for the details.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Mir Islam – the Guy the Govt Says Swatted My Home – to be Sentenced June 22

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/06/mir-islam-the-guy-the-govt-says-swatted-my-home-to-be-sentenced-june-22/

On March 14, 2013 our humble home in Annandale, Va. was “swatted” — that is to say, surrounded by a heavily-armed police force that was responding to fraudulent reports of a hostage situation at our residence. Later this month the government will sentence 21-year-old hacker named Mir Islam for that stunt and for leading a criminal conspiracy allegedly engaged in a pattern of swatting, identity theft and wire fraud.

Mir Isam

Mir Islam

Mir Islam briefly rose to Internet infamy as one of the core members of UGNazi, an online mischief-making group that claimed credit for hacking and attacking a number of high-profile Web sites.

On June 25, 2012, Islam and nearly two-dozen others were caught up in an FBI dragnet dubbed Operation Card Shop. The government accused Islam of being a founding member of carders[dot]org — a credit card fraud forum — trafficking in stolen credit card information, and possessing information for more than 50,000 credit cards.

Most importantly for the government, however, Islam was active on CarderProfit, a carding forum created and run by FBI agents.

Islam ultimately pleaded guilty to aggravated identity theft and conspiracy to commit computer hacking, among other offenses tied to his activities on CarderProfit. In March 2016 a judge for the Southern District of New York sentenced (PDF) Islam to just one day in jail, a $500 fine, and three years of probation.

Not long after Islam’s plea in New York, I heard from the U.S. Justice Department. The DOJ told me that I was one of several swatting victims of Mir Islam, who was awaiting sentencing after pleading guilty of leading a cybercrime conspiracy. Although that case remains sealed — i.e. there are no documents available to the press or the public about the case — the government granted a waiver that allows the Justice Department to contact victims of the accused and to provide them with an opportunity to attend Islam’s sentencing hearing — and even to address the court.

Corbin Weiss, an assistant US attorney and a cybercrime coordinator with the Department of Justice, said Islam pleaded guilty to one count of conspiracy, and that the objects of that conspiracy were seven:

-identity theft;
-misuse of access devices;
-misuse of Social Security numbers;
-computer fraud;
-wire fraud;
-attempts to interfere with federal officials;
-interstate transmission of threats.

Weiss said my 2013 blog post about my swatting incident — The World Has No Room for Cowards — was part of the government’s “statement of offense” or argument before the court as to why a given suspect should be arrested and charged with a violation of law.

“Your swatting is definitely one of the incidents specifically brought to the attention of the court in this case,” Weiss said. “In part because we didn’t have that many swat victims who were able to describe to us the entire process of their victimization. Your particular swat doesn’t fit neatly within any of those charges, but it was part of the conspiracy to engage in swats and some of the swats are covered by those charges.”

Fairfax County Police outside my home on 3/14/13

Fairfax County Police outside my home on 3/14/13

Weiss said while the Justice Department prosecutors couldn’t stop me from writing about the case before Islam’s sentencing (and the subsequent unsealing of the case), the government would almost certainly prefer it that way. I thanked him and said while I might be a victim this case, I’m a journalist first.

I’m gratified to see the wheels of justice turning, and that swatting is being creatively addressed with federal felony charges in the absence of a federal anti-swatting law.

The Interstate Swatting Hoax Act of 2015, introduced by Rep. Katherine Clark (D-Mass.) and Rep. Patrick Meehan (R-PA), was passed by the House Energy & Commerce Committee in April 2016. It would impose up to a 20-year prison sentence and heavy fines for swatting. According to the FBI, swatting incidents cost local first responders $10,000 on average and divert important services away from real emergencies.

The Swatting Hoax Act targets what proponents call a loophole in current law. “While federal law prohibits using the telecommunications system to falsely report a bomb threat hoax or terrorist attack, falsely reporting other emergency situations is not currently prohibited,” reads a statement by the House co-sponsors.

To address this shortcoming, the bill “would close this loophole by prohibiting the use of the internet telecommunications system to knowingly transmit false information with the intent to cause an emergency law enforcement response.”

Explicitly making swatting a federal crime is a good first step, but unfortunately a great many people launching swatting attacks are minors, and the federal law enforcement system is simply not built to handle minors (with few exceptions).

By way of example, one of Islam/Josh the God’s best buddies — a then-16-year-old hacker named Cosmo the God — also was involved in my swatting as well as the CarderProfit sting. But it’s unclear whether he is tied to the Islam conspiracy. The DOJ’s Weiss said he couldn’t talk about any others associated with the case who were minors.

“Other individuals who may have been involved were juveniles when they committed the offenses, and those [cases] are going to remain under seal,” he said. “Victims have far fewer rights with respect to juveniles.”

Mir Islam is slated to be sentenced in Washington, D.C. on June 22. Weiss said the judge presiding over the case can sentence him to a maximum of five years in prison.

This summer promises to be a good one for closure. Sergey Vovnenko, another convicted cybercriminal who sought to cause trouble for this author (by trying to frame me for heroin possession) is slated to be sentenced in New Jersey in August on unrelated cybercrime charges.

FBI “In Latter Stages” of Prenda Law Copyright Troll Investigation

Post Syndicated from Andy original https://torrentfreak.com/fbi-in-latter-stages-of-prenda-law-copyright-troll-investigation-160526/

fbi-logoIn an effort to turn piracy into profit, more than a decade ago enterprising groups centered around lawfirms decided that file-sharers were ripe for a shakedown. Tracking IP addresses back to their users, companies demanded settlements of hundreds to many thousands of dollars each, to make supposed lawsuits go away.

During the last 10 years many companies have gained infamy with this business model, but few stirred up as much hatred as Prenda Law. Prenda and its principals John Steele, Paul Hansmeier and Paul Duffy grabbed dozens of headlines, mostly surrounding negative court rulings which found the outfit to have engaged in everything from vexatious litigation through to identity theft, misrepresentation and even deception.

Underlying this deviant behavior was the disturbing fact that rather than simply monitoring pirates online, Prenda actually uploaded content itself in order to create pirate honeypots on The Pirate Bay and elsewhere, a practice that pushed the company well over the moral line.

Although now defunct, Prenda is still fresh in the minds of its many victims so news last year that the outfit was under investigation by the FBI was well-received. Speaking with TorrentFreak, Pirate Bay co-founders Peter Sunde and Fredrik Neij confirmed that they had both been interviewed in prison by police acting on behalf of the FBI.

“They wanted to know if I could verify the accuracy of the IP-address logs, how they were stored, and how they could be retrieved,” Neij explained.

But since then another year has passed and memories of Prenda have continued to fade. Will the world’s most hated trolls ever be brought to criminal justice? Well, fresh news from Ken White at Popehat suggests that the FBI still have a keen interest in the case and could be close to their goal.

Operating out of its Minneapolis office, the FBI has continued to seek additional information about Prenda and has reportedly sent out a letter “on a large scale” to attorneys who have represented alleged file-sharers targeted by the law company.

Ken White says he has seen the document and it reveals that the FBI is investigating several entities connected to Prenda including Steele Hansmeier PLLC, LW Systems, Livewire Holdings, AF Holdings, Ingenuity13, and Guava LLC.

“The FBI has devoted substantial resources to soliciting victim impact in a systematic way, and based on its questions about availability to testify is contemplating prosecution,” White explains.

Noting that the letter has gone out in a fairly public fashion, While says he believes that the investigation is probably in its latter stages, with the FBI already in possession of the evidence it needs to prosecute a case of wire and/or mail fraud.

By contacting Prenda’s victims, White believes the FBI is attempting to establish the amount of damages to claim, which could be substantial.

“Bear in mind that under the Federal Sentencing Guidelines, the more money wrongdoers made, the more time they’re facing. Team Prenda needs federal criminal defense attorneys, and needs them right now,” he concludes.

News that the investigation into Prenda’s activities could be in its final stages will be well received by thousands of victims and the possibility of peering behind the curtain of one of the most hated troll outfits is certainly welcome. The cherry on the top would be a successful prosecution but that could be some time away yet.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Companies Not Saving Your Data

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/companies_not_s.html

There’s a new trend in Silicon Valley startups; companies are not collecting and saving data on their customers:

In Silicon Valley, there’s a new emphasis on putting up barriers to government requests for data. The Apple-FBI case and its aftermath have tech firms racing to employ a variety of tools that would place customer information beyond the reach of a government-ordered search.

The trend is a striking reversal of a long-standing article of faith in the data-hungry tech industry, where companies including Google and the latest start-ups have predicated success on the ability to hoover up as much information as possible about consumers.

Now, some large tech firms are increasingly offering services to consumers that rely far less on collecting data. The sea change is even becoming evident among early-stage companies that see holding so much data as more of a liability than an asset, given the risk that cybercriminals or government investigators might come knocking.

Start-ups that once hesitated to invest in security are now repurposing limited resources to build technical systems to shed data, even if it hinders immediate growth.

The article also talks about companies providing customers with end-to-end encryption.

I believe that all this data isn’t nearly as valuable as the big-data people are promising. Now that companies are recognizing that it is also a liability, I think we’re going to see more rational trade-offs about what to keep — and for how long — and what to discard.

More on the Going Dark Debate

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/more_on_the_goi.html

Lawfare is turning out to be the go-to blog for policy wonks about various government debates on cybersecurity. There are two good posts this week on the Going Dark debate.

The first is from those of us who wrote the “Keys Under Doormats” paper last year, criticizing the concept of backdoors and key escrow. We were responding to a half-baked proposal on how to give the government access without causing widespread insecurity, and we pointed out where almost of all of these sorts of proposals fall short:

1. Watch for systems that rely on a single powerful key or a small set of them.

2. Watch for systems using high-value keys over and over and still claiming not to increase risk.

3. Watch for the claim that the abstract algorithm alone is the measure of system security.

4. Watch for the assumption that scaling anything on the global Internet is easy.

5. Watch for the assumption that national borders are not a factor.

6. Watch for the assumption that human rights and the rule of law prevail throughout the world.

The second is by Susan Landau, and is a response to the ODNI’s response to the “Don’t Panic” report. Our original report said basically that the FBI wasn’t going dark and that surveillance information is everywhere. At a Senate hearing, Sen. Wyden requested that the Office of the Director of National Intelligence respond to the report. It did — not very well, honestly — and Landau responded to that response. She pointed out that there really wasn’t much disagreement: that the points it claimed to have issue with were actually points we made and agreed with.

In the end, the ODNI’s response to our report leaves me somewhat confused. The reality is that the only strong disagreement seems to be with an exaggerated view of one finding. It almost appears as if ODNI is using the Harvard report as an opportunity to say, “Widespread use of encryption will make our work life more difficult.” Of course it will. Widespread use of encryption will also help prevent some of the cybersecurity exploits and attacks we have been experiencing over the last decade. The ODNI letter ignored that issue.

Credential Stealing as an Attack Vector

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/05/credential_stea.html

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that software vulnerabilities aren’t the most common attack vector: credential stealing is.

The most common way hackers of all stripes, from criminals to hacktivists to foreign governments, break into networks is by stealing and using a valid credential. Basically, they steal passwords, set up man-in-the-middle attacks to piggy-back on legitimate logins, or engage in cleverer attacks to masquerade as authorized users. It’s a more effective avenue of attack in many ways: it doesn’t involve finding a zero-day or unpatched vulnerability, there’s less chance of discovery, and it gives the attacker more flexibility in technique.

Rob Joyce, the head of the NSA’s Tailored Access Operations (TAO) group — basically the country’s chief hacker — gave a rare public talk at a conference in January. In essence, he said that zero-day vulnerabilities are overrated, and credential stealing is how he gets into networks: “A lot of people think that nation states are running their operations on zero days, but it’s not that common. For big corporate networks, persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive.”

This is true for us, and it’s also true for those attacking us. It’s how the Chinese hackers breached the Office of Personnel Management in 2015. The 2014 criminal attack against Target Corporation started when hackers stole the login credentials of the company’s HVAC vendor. Iranian hackers stole US login credentials. And the hacktivist that broke into the cyber-arms manufacturer Hacking Team and published pretty much every proprietary document from that company used stolen credentials.

As Joyce said, stealing a valid credential and using it to access a network is easier, less risky, and ultimately more productive than using an existing vulnerability, even a zero-day.

Our notions of defense need to adapt to this change. First, organizations need to beef up their authentication systems. There are lots of tricks that help here: two-factor authentication, one-time passwords, physical tokens, smartphone-based authentication, and so on. None of these is foolproof, but they all make credential stealing harder.

Second, organizations need to invest in breach detection and — most importantly — incident response. Credential-stealing attacks tend to bypass traditional IT security software. But attacks are complex and multi-step. Being able to detect them in process, and to respond quickly and effectively enough to kick attackers out and restore security, is essential to resilient network security today.

Vulnerabilities are still critical. Fixing vulnerabilities is still vital for security, and introducing new vulnerabilities into existing systems is still a disaster. But strong authentication and robust incident response are also critical. And an organization that skimps on these will find itself unable to keep its networks secure.

This essay originally appeared on Xconomy.

Android Piracy Group Leaders Plead Guilty to Criminal Copyright Infringement

Post Syndicated from Andy original https://torrentfreak.com/android-piracy-group-leaders-plead-guilty-to-criminal-copyright-infringement-160503/

Assisted by police in France and the Netherlands, in the summer of 2012 the FBI took down three unauthorized Android app stores.

Appbucket, Applanet and SnappzMarket all had their domains seized in a first of its kind operation. Several men were arrested and over the past four years have been slowly pleading guilty to various copyright infringement charges.

According to the Department of Justice, two more can now be added to the list.

Before his 16th birthday Aaron Blake Buckley launched Applanet, a service dedicated to the sharing of Android software. After being raided in 2012, Buckley attempted to crowdfund a defense against the U.S. government in 2014.

Now a 22-year-old, Buckley has just pleaded guilty to one count of conspiracy to commit criminal copyright infringement and to one count of criminal copyright infringement before U.S. District Judge Timothy C. Batten Sr. of the Northern District of Georgia.

Co-conspirator Gary Edwin Sharp II, 29, of Uxbridge, Massachusetts, pleaded guilty to one count of conspiracy to commit criminal copyright infringement in January.

applanet“According to statements made in court, the conspirators identified themselves as members of the Applanet Group,” the DoJ said in a statement.

“From May 2010 through August 2012, they conspired to reproduce and distribute more than four million copies of copyrighted Android apps through the Applanet alternative online market without permission from the victim copyright owners, who would otherwise sell copies of the apps on legitimate online markets for a fee.”

In addition to his role within Applanet, Sharp also pleaded guilty to conspiracy to commit criminal copyright infringement as the leader of SnappzMarket. Sharp admitted that along with two other members the group conspired to distribute more than a million pirate Android apps worth $1.7m.

Overall, the groups are said to have distributed Android apps with a retail value in excess of $17 million.

The guilty pleas come on the heels of several others (1,2) since the raids in 2012. Buckley and Sharp will be sentenced in August.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

SpyEye Makers Get 24 Years in Prison

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/04/spyeye-makers-get-24-years-in-prison/

Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Georgia today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims.

The Justice Department alleges that 24-year-old Aleksander Panin was responsible for SpyEye. Image courtesy: RT.

Aleksander Panin developed and sold SpyEye. Image courtesy: RT.

Atlanta Judge Amy Totenberg handed down a sentence of nine years, six months for Aleksandr Andreevich Panin, a 27-year-old Russian national also known by the hacker aliases “Gribodemon” and “Harderman.”

Convicted of conspiracy to commit wire and bank fraud, Panin was the core developer and distributor of SpyEye, a botnet toolkit that made it easy for relatively unsophisticated cyber thieves to steal millions of dollars from victims.

Sentenced to 15 years in jail was Panin’s business partner —  27-year-old Hamza “Bx1” Bendelladj, an Algerian national who pleaded guilty in June 2015 to helping Panin develop and market the SpyEye kit. Bendelladj also admitting to running his own SpyEye botnet of hacked Windows computers, a crime machine that he used to harvest and steal 200,000 credit card numbers. By the government’s math (an assumed $500 loss per card) Bx1 was potentially responsible for $100 million in losses.

“It is difficult to over state the significance of this case, not only in terms of bringing two prolific computer hackers to justice, but also in disrupting and preventing immeasurable financial losses to individuals and the financial industry around the world,” said John Horn, U.S. Attorney for the Northern District of Georgia.

THE HAPPY HACKER

Bendelladj was arrested in Bangkok in January 2013 while in transit from Malaysia to Egypt. He quickly became known as the “happy hacker” after his arrest, in which he could be seen smiling broadly while in handcuffs and being paraded before the local news media.

Photo: Hamza "BX1" Bendelladj, Bangkok Post

Photo: Hamza “Bx1” Bendelladj, Bangkok Post

In its case against the pair of hackers, the government presented chat logs between Bendelladj and Panin and other hackers. The government says the chat logs reveal that although Bendelladj worked with Panin to fuel the rise of SpyEye by vouching for him on cybercrime forums such as “Darkode,” the two had an antagonistic relationship.

Their business partnership imploded after Bx1 announced that he was publicly releasing the source code for SpyEye.

“Indeed, after Bendelladj ‘cracked’ SpyEye and made it available to others without having to purchase it from Panin, the two had a falling out,” reads the government’s sentencing memo (PDF) to the judge in the case.

The government says that while Bendelladj maintained he was little more than a malware analyzer working for a security company, his own chat logs put the lie to that claim, noting in November 2012 Bx1 bluntly said: “if they pay me the whole money of the world . . . I wont work for security.”

Bx1 had a penchant for marketing to other thieves. He shrewdly cast SpyEye as a lower-cost, more powerful alternative to the Zeus botnet creation kit, plastering cybercrime forums with animated ads pimping SpyEye as the “Zeuskiller” (in part because SpyEye was designed to remove Zeus from host computers before infecting them).

Part of a video ad for SpyEye.

Part of a video ad for SpyEye.

In Oct. 2010, KrebsOnSecurity was the first to report on rumors in the underground that the authors of Zeus and SpyEye were ending their rivalry and merging the two crimeware products into one software stack and support structure for existing clients.

“Panin developed SpyEye as a successor to the notorious Zeus malware that had, since 2009, wreaked havoc on financial institutions around the world,” the Justice Department said in its statement today. “In November 2010, Panin allegedly received the source code and rights to sell Zeus from Evginy Bogachev, a/k/a Slavik, and incorporated many components of Zeus into SpyEye.  Bogachev remains at large and is currently the FBI’s most wanted cybercriminal.”

Bogachev, the alleged Zeus Trojan author, in undated photos.

Bogachev, the alleged Zeus Trojan author, in undated photos.

It’s not clear whether Bendelladj had any intention of honoring the sanctity of the merger agreement with the author of the Zeus Trojan. Not long after the supposed merger, copies of the Zeus source code were available for sale online, and the code went fully public and free not long after that. My money is on Bendelladj for that leak as well.

Apparently Bx1 was not a big fan of KrebsOnSecurity, either. According to the government’s sentencing memo:

“At various points, [Bendelladj] has expressed contempt for Brian Krebs, the author of the “Krebs on Security,” and claims that he has credit cards (‘ccs’) of Mr. Krebs’s family and that Bendelladj will be ‘after him until he die.’ He even suggests inflicting a Distributed Denial of Service attack against Mr. Krebs.”

Maybe that antagonism had something to do with this story, in which I repost chat logs from a conversation I had with Bx1 back in January 2012. In it, Bx1 brags about hacking one of his competitors and to getting the guy arrested.

Defining "Gray Hat"

Post Syndicated from Robert Graham original http://blog.erratasec.com/2016/04/defining-gray-hat.html

WIRED has written an article defining “White Hat”, “Black Hat”, and “Grey Hat”. It’s incomplete and partisan.

Black Hats are the bad guys: cybercriminals (like Russian cybercrime gangs), cyberspies (like the Chinese state-sponsored hackers that broke into OPM), or cyberterrorists (ISIS hackers who want to crash the power grid). They may or may not include cybervandals (like some Anonymous activity) that simply defaces websites. Black Hats are those who want to cause damage or profit at the expense of others.

White Hats do the same thing as Black Hats, but are the good guys. The break into networks (as pentesters), but only with permission, when a company/organization hires them to break into their own network. They research the security art, such vulnerabilities, exploits, and viruses. When they find vulnerabilities, they typically work to fix/patch them. (That you frequently have to apply security updates to your computers/devices is primarily due to White Hats). They develop products and tools for use by good guys (even though they sometimes can be used by the bad guys). The movie “Sneakers” refers to a team of White Hat hackers.

Grey Hat is anything that doesn’t fit nicely within these two categories. There are many objective meanings. It can sometimes refer to those who break the law, but who don’t have criminal intent. It can sometimes include the cybervandals, whose activities are more of a prank rather than a serious enterprise. It can refer to “Search Engine Optimizers” who use unsavory methods to trick search engines like Google to rank certain pages higher in search results, to generate advertising profits.

But, it’s also used subjectively, to simply refer to activities the speaker disagrees with. Our community has many debates over proper behavior. Those on one side of a debate frequently use Gray Hat to refer to those on the other side of the debate.

The biggest recent debate is “0day sales to the NSA”, which blew up after Stuxnet, and in particular, after Snowden. This is when experts look for bugs/vulnerabilities, but instead of reporting them to the vendor to be fixed (as White Hats typically do), they sell the bugs to the NSA, so the vulnerabilities (call “0days” in this context) can be used to hack computers in intelligence and military operations. Partisans who don’t like the NSA use “Grey Hat” to refer to those who sell 0days to the NSA.
WIRED’s definition is this partisan definition. Kim Zetter has done more to report on Stuxnet than any other journalist, which is why her definition is so narrow.

But Google is your friend. If you search for “Gray Hat” on Google and set the time range to pre-Stuxnet, then you’ll find no use of the term that corresponds to Kim’s definition, despite the term being in widespread use for more than a decade by that point. Instead, you’ll find things like this EFF “Gray Hat Guide”. You’ll also find how L0pht used the term to describe themselves when selling their password cracking tool called “L0phtcrack”, from back in 1998.

Fast forward to today, activists from the EFF and ACLU call 0day sellers “merchants of death”. But those on the other side of the debate point out how the 0days in Stuxnet saved thousands of lives. The US government had decided to stop Iran’s nuclear program, and 0days gave them a way to do that without bombs, assassinations, or a shooting war. Those who engage in 0day sales do so with the highest professional ethics. If that WaPo article about Gray Hats unlocking the iPhone is true, then it’s almost certain it’s the FBI side of things who leaked the information, because 0day sellers don’t. It’s the government who is full of people who foreswear their oaths for petty reasons, not those who do 0day research.

The point is, the ethics of 0day sales are a hot debate. Using either White Hat or Gray Hat to refer to 0day sellers prejudices that debate. It reflects your own opinion, not that of the listener, who might choose a different word. The definition by WIRED, or the use of “Gray Hat” in the WaPo article, are obviously biased and partisan.

FBI: $2.3 Billion Lost to CEO Email Scams

Post Syndicated from BrianKrebs original https://krebsonsecurity.com/2016/04/fbi-2-3-billion-lost-to-ceo-email-scams/

The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years.

In an alert posted to its site, the FBI said that since January 2015, the agency has seen a 270 percent increase in identified victims and exposed losses from CEO scams. The alert noted that law enforcement globally has received complaints from victims in every U.S. state, and in at least 79 countries.

A typical CEO fraud attack. Image: Phishme

A typical CEO fraud attack. Image: Phishme

CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “example.com” the thieves might register “examp1e.com” (substituting the letter “L” for the numeral 1) or “example.co,” and send messages from that domain.

Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes rarely set off spam traps because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.

They do this by scraping employee email addresses and other information from the target’s Web site to help make the missives more convincing. In the case where executives or employees have their inboxes compromised by the thieves, the crooks will scour the victim’s email correspondence for certain words that might reveal whether the company routinely deals with wire transfers — searching for messages with key words like “invoice,” “deposit” and “president.”

On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, CEO fraud is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the CEO scam the crooks trick the victim into doing that for them.

The FBI estimates that organizations victimized by CEO fraud attacks lose on average between $25,000 and $75,000. But some CEO fraud incidents over the past year have cost victim companies millions — if not tens of millions — of dollars. 

Last month, the Associated Press wrote that toy maker Mattel lost $3 million in 2015 thanks to a CEO fraud phishing scam. In 2015, tech firm Ubiquiti disclosed in a quarterly financial report that it suffered a whopping $46.7 million hit because of a CEO fraud scam. In February 2015, email con artists made off with $17.2 million from The Scoular Co., an employee-owned commodities trader. More recently, I wrote about a slightly more complex CEO fraud scheme that incorporated a phony phone call from a phisher posing as an accountant at KPMG.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.

For an example of what some of these CEO fraud scams look like, check out this post from security education and awareness firm Phishme about scam artists trying to target the company’s leadership.

I’m always amazed when I hear security professionals I know and respect make comments suggesting that phishing and spam are solved problems. The right mix of blacklisting and email validation regimes like DKIM and SPF can block the vast majority of this junk, these experts argue.

But CEO fraud attacks succeed because they rely almost entirely on tricking employees into ignoring or sidestepping some very basic security precautions. Educating employees so that they are less likely to fall for these scams won’t block all social engineering attacks, but it should help. Remember, the attackers are constantly testing users’ security awareness. Organizations might as well be doing the same, using periodic tests to identify problematic users and to place additional security controls on those individuals.