Tag Archive for: Administrator

Administrator of Darkode Hacking Forum Sentenced to Prison


The US Justice Department announced on Wednesday that a man who admitted being an administrator of a now-defunct cybercrime forum named Darkode has been sentenced to prison.

Thomas Kennedy McCormick, aka ‘Fubar’, a 30-year-old from Cambridge, Massachusetts, has been sentenced to 18 years in prison for his role in running Darkode. The sentence also includes three years of supervised release.

McCormick, who joined the site as a member in 2009, ended up being one of multiple administrators. Authorities said he was one the last admins of Darkode, before the cybercrime forum was shut down by law enforcement in 2015. The law enforcement operation resulted in 70 people being arrested, searched, or charged. 

Investigators said Fubar was involved in the distribution of malware, hacking websites, as well as the theft and sale of personally identifiable information, payment cards, and bank account credentials. 

When they searched his residence, law enforcement found the stolen credit card information of nearly 30,000 people in his possession. 

The Justice Department said in 2022 that McCormick had agreed to assist law enforcement in the prosecution of other Darkode members.  

McCormick’s 18-month prison sentence is for RICO conspiracy (12 months) and aggravated identity theft (6 months) charges, to which the man pleaded guilty. He admitted that his involvement in the operation caused financial losses totaling nearly $680,000. 

There have been a few unsuccessful attempts to resurrect Darkode after the takedown. 

Advertisement. Scroll to continue reading.

Related: Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme

Related: Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced

Related: Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

Source…

Third-party administrator hack leads to theft of patient data for over 251K


An Austin, Texas-based third-party administrator began notifying over 250,000 patients that their data was stolen. (U.S. Air Force)

Austin, Texas-based Bay Bridge Administrators, a third-party administrator of insurance products, recently began notifying more than 251,000 patients that their data was stolen after a network hack in September 2022.

The “network disruption” was first detected on Sept. 5, which prompted BAA to secure the network and engage with an outside cybersecurity firm to investigate. Forensics showed that the attacker had gained access more than a week before being discovered, which enabled them to exfiltrate “certain data” from the network on Sept. 3.

BBA appears to explain the lengthy delay in notifying patients to a “thorough investigation” that concluded on Dec. 5. Under the Health Insurance Portability and Accountability Act, covered entities have 60 days without undue delay to inform patients of possible data exposure.

The notice uses language to suggest that the breach was not discovered until months after the initial hack and data theft. The Department of Health and Human Services has warned against this type of notice, urging providers to inform patients of possible privacy violations “even if it is initially unclear whether the incident constitutes a breach as defined in the rule.”

For patients tied to BBA, the compromised data was tied to “individuals enrolled in some employment insurance benefits administered” by the business associate in 2022.

The stolen data varied by individual and could include Social Security numbers, contact details, driver’s licenses or state identification numbers, medical data, health insurance information, and/or dates of birth.

Behavioral health provider reports September hack, data exfiltration

In a similar notice to BBA, Circles of Care in Florida is beginning to notify 61,170 patients that their data was stolen after a network hack detected on Sept. 21, 2022.

An investigation deployed with support from a third-party independent cybersecurity team found the attacker first accessed the network on Sept. 6 and used the access to obtain certain information. The investigation concluded on Nov. 29, 2022.

The…

Source…

United States Leads Seizure of One of the World’s Largest Hacker Forums and Arrests Administrator


The Department of Justice announced Tuesday the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell hacked data, and unsealed criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coelho, 21, of Portugal. Coelho was arrested in the United Kingdom on Jan. 31, at the United States’ request and remains in custody pending the resolution of his extradition proceedings.

Court records unsealed today indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website. These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.” According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers.

“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator.”

“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”

“The seizure of the RaidForums website – which facilitated the sale of…

Source…

Want to secure a Windows PC? Turn off Administrator rights

A new report from the security firm Avecto said the vast majority of critical flaws affecting Windows, Office, and Internet Explorer could be stopped and prevented from spreading just by removing Administrator’s rights from the PC’s user.

The default setting for Windows users on a single-user system is Administrator, which simplifies things for all involved. But just as Administrator rights make it easy to install new software, it also makes it easy for critical vulnerabilities and malware to spread.

The report found:

  • 86% of Critical vulnerabilities affecting Windows could be mitigated by removing admin rights.
  • 99.5% of all vulnerabilities in Internet Explorer could be mitigated by removing admin rights.
  • 82% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights.
  • 85% of Remote Code Execution vulnerabilities could be mitigated by removing admin rights.
  • 82% of Critical vulnerabilities affecting Windows 10 could be mitigated by removing admin rights.
  • 63% of all Microsoft vulnerabilities reported in 2015 could be mitigated by removing admin rights.

The good news for business users is that your IT department has likely set your machine with a lower level of access that limits what can be done, including the installation of software with or without your permission. The bad news is your home PCs are likely all set to Administrator unless you’ve changed them.

To read this article in full or to leave a comment, please click here

Network World Security