Tag Archive for: Dept.

U.S., partners dismantle Russian hacking ‘botnet,’ Justice Dept says

/in


Law enforcement in the United States, Germany, the Netherlands and Britain dismantled a global network of internet-connected devices that had been hacked by Russian cyber criminals and used for malicious purposes, the U.S. Justice Department said on Thursday.

The network, known as the “RSOCKS” botnet, comprised millions of hacked computers and devices worldwide, including “Internet of Things” gadgets like routers and smart garage openers, the department said in a statement.

RSOCKS users paid a fee of between $30 and $200 per day to route malicious internet activity through compromised devices to mask or hide the true source of the traffic, the department said.

“It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” it said.

Several large public and private entities have been victims of RSOCKS, including a university, a hotel, a television studio and an electronics manufacturer, the department said. It did not name any of them.

Source…

Justice Dept. says ‘good faith researchers’ no longer will face hacking charges

/in


The U.S. Justice Department on Thursday said it would not use the country’s long-standing anti-hacking law to prosecute researchers who are trying to identify security flaws, a move that provides both protection and further validation for a craft still villainized by many officials, companies and the general public.

In a news release and five-page policy statement issued to federal prosecutors, top Justice officials said local U.S. attorneys should not bring charges when “good faith” researchers exceed “authorized access,” a vague phrase from the 1986 Computer Fraud and Abuse Act (CFAA) that has been interpreted to cover such routine practices as automated downloads of Web content.

Subscribe to The Post Most newsletter for the most important and interesting stories from The Washington Post.

The guidance defines good faith to mean research aimed primarily at improving the safety of sites, programs or devices, as opposed to exploration aimed at demanding money in exchange for withholding disclosure or exploitation of a security flaw.

Companies can still sue those who claim to be acting in good faith, and officials could continue to charge hackers under state laws that often echo the CFAA. But most state prosecutors tend to follow federal guidance when their laws are similar.

Well-intentioned hackers in the past were routinely silenced by legal threats. Even in recent years, civil suits and criminal referrals have been used to cancel public talks on dangerous vulnerabilities or cast doubt on research findings.

In 2019, a mobile voting company, Voatz, referred to the FBI a Michigan college student who was researching its app for a course. Twenty years ago, a former employee of email provider Tornado Development served more than a year in prison on federal CFAA charges after the company refused to fix security flaws and he emailed their customers about it.

In a case that drew national attention in October, the governor of Missouri threatened hacking charges against a local newspaper that examined the publicly available source code of a government website and then warned the state that it was exposing the Social Security numbers of 100,000 educators.

The Justice Department did…

Source…

FBI to form digital currency unit, Justice Dept taps new crypto czar

/in


WASHINGTON, Feb 17 (Reuters) – The U.S. Justice Department has tapped a seasoned computer crimes prosecutor to lead its new national cryptocurrency enforcement team and announced on Thursday that the FBI is launching a unit for blockchain analysis and virtual asset seizure.

The creation of the FBI’s “virtual asset exploitation” unit comes after the Justice Department’s largest-ever financial seizure earlier this month. It charged a married New York couple with allegedly laundering bitcoins now valued at over $4.5 billion that were stolen in the 2016 hack of the digital currency exchange Bitfinex.

U.S. regulators under President Joe Biden have been ratcheting up their scrutiny of the crypto industry in the wake of a series of high-profile cyberattacks last year on the largest U.S. fuel pipeline network and the world’s largest beef supplier. Ransomware groups often demand their fees in bitcoin.

Register now for FREE unlimited access to Reuters.com

In some of those cases, the FBI has been able to track down and recover some of the ransom.

Cryptocurrencies rely on blockchain technology, a database shared across a network of computers, in which records are difficult to change once added.

In a speech at the Munich Cyber Security Conference in Germany, Deputy Attorney General Lisa Monaco announced that Eun Young Choi, a prosecutor who led the case against a Russian hacker who helped steal information about more than 80 million JPMorgan & Chase Co customers, will lead the department’s cryptocurrency enforcement team.

Choi, who most recently served as Monaco’s senior counsel, worked for nearly a decade as a cybercrime coordinator and assistant U.S. attorney in New York, according to her LinkedIn profile. the U.S. Attorney’s Office in New York.

“We are issuing a clear warning to criminals who use cryptocurrency to fuel their schemes,” Monaco said.

“We also call on all companies dealing with cryptocurrency – we need you to root out cryptocurrency abuses. To those who do not, we will hold you accountable where we can.”

Monaco also announced the creation of a new international virtual currency initiative, and said the department will be aggressive about disrupting cyber threats, even at the…

Source…

Law Dept. Hack Slows Down Protester Lawsuits Against NYPD

/in


(TNS) — The hack of the city Law Department is causing major delays in high-profile lawsuits over the NYPD’s response to racial protests last summer, a new court filing revealed Wednesday.

Lawyers for protesters and the state attorney general’s office wrote in a letter in Manhattan Federal Court that their adversaries in the Law Department seemed in the dark about the scope of the hack now in its fourth day.

“Defense counsel said that due to the disruption of the Law Department’s computer systems — which the Law Department says has shut down their entire computer system, making even the most basic litigation tasks impossible — she could not say when Defendants will begin producing documents. Counsel had no specific information concerning the technical issues in her office, which appear to be caused by a hacker, nor an expected timeline for resolving them,” lawyer Remy Green wrote, recounting a Tuesday phone call with a city attorney.


Green and other lawyers seek a hearing to address the delays and want a technical expert from the city to attend and answer questions about the hack.

Judge Colleen McMahon is overseeing lawsuits, including one filed by state Attorney General Letitia James, alleging the NYPD violated protesters’ civil rights last summer following the police killing of George Floyd in Minneapolis.

“My sense on the call was that they very much do not have it under control and do not know what’s going on,” said Joshua Moskovitz, another attorney on the protest cases.

Meanwhile, city officials continued to dodge questions about whether the Law Department used multifactor authentication, which is widely considered a cybersecurity best practice.

A policy memo issued by the New York City’s Cyber Command two years ago stated the security measure is a requirement for city workers with “restricted” or “sensitive” information access as of April 23, 2019.

But city officials refused to say whether the Law Department used multifactor authentication at the time of the hack.

A Law Department spokesman declined to comment on the matter aside from saying that discussing it in public is…

Source…