Tag Archive for: He’s

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

/in


“That’s not nice, and it’s not a good norm,” says Schneider. She says that much of the US government’s slow approach to cyberattacks stems from its care to ensure it avoids unintentionally hitting civilians as well as breaking international law or triggering dangerous blowback.

Still, Schneider concedes that Caceres and Angus have a point: The US could be using its cyber forces more, and some of the explanations for why it doesn’t amount to bureaucracy. “There are good reasons, and then there are bad reasons,” says Schneider. “Like, we have complicated organizational politics, we don’t know how to do things differently, we’re bad at using this type of talent, we’ve been doing it this way for 50 years, and it worked well for dropping bombs.”

America’s offensive hacking has, by all appearances, gotten less aggressive and less nimble over the past half decade, Schneider points out. Starting in 2018, for instance, General Paul Nakasone, then the head of Cyber Command, advocated a “defend forward” strategy aimed at taking cyber conflict to the enemy’s network rather than waiting for it to occur on America’s turf. In those years, Cyber Command launched disruptive hacking operations designed to cripple Russia’s disinformation-spouting Internet Research Agency troll farm and take down the infrastructure of the Trickbot ransomware group, which some feared at the time might be used to interfere in the 2020 election. Since then, however, Cyber Command and other US military hackers appear to have gone relatively quiet, often leaving the response to foreign hackers to law enforcement agencies like the FBI, which face far more legal constraints.

Caceres isn’t entirely wrong to criticize that more conservative stance, says Jason Healey, who until February served as a senior cybersecurity strategist at the US Cybersecurity and Infrastructure Security Agency. He responds to Caceres’ cyberhawk arguments by citing the Subversive Trilemma, an idea laid out in a 2021 paper by the researcher Lennart Maschmeyer: Hacking operations have to choose among intensity, speed, and control. Even in earlier, more aggressive years, US Cyber Command has tended to turn up the dial…

Source…

Urgent warning to Facebook users over ‘I can’t believe he’s gone’ scam that tricks you into downloading malware

/in


  • Scammers use fake news articles to trick Facebook users into following links
  • Experts say pay close attention to the link URL to avoid downloading malware  



Cybersecurity experts have issued an urgent warning to Facebook users over a new scam that they’ve coined the ‘I can’t believe his gone scam’. 

This emotionally manipulative scam tricks users into downloading malware, with posts featuring fake BBC branding, and implying that a loved one has died. 

Clicking on the linked post will bring users to a compromised site designed to harvest their personal information.

Marijus Briedis, cybersecurity expert at NordVPN, said: ‘When you come across unexpected or alarming posts, especially those about personal emergencies, take a moment to verify their legitimacy before clicking any links.’ 

Here are the key signs to look out for to make sure you don’t fall victim to the scam. 

Cybersecurity experts have issued an urgent warning to Facebook users over a new scam that they’ve coined the ‘I can’t believe his gone scam’
This emotionally manipulative scam tricks users into downloading malware, with posts featuring fake BBC branding, and implying that a loved one has died (stock image)

READ MORE: Fresh warnings over latest ‘hi mum’ text scams where fraudsters ‘prey on our goodwill with emotive stories’ 

The ‘I can’t believe he’s gone scam’ was first highlighted by cybersecurity researcher Pieter Arntz from Malwarebytes.

As Mr Arntz explained in a blog post, the scam consists of a post containing some variation of ‘I can’t believe he’s gone. I’ll miss him so much’ and a link.

If you follow the link, you will be brought to another Facebook post showing what appears to be a BBC news article about a fatal road accident. 

This post will also contain slightly different text to the original, saying: ‘I can’t believe this, I’m going to miss him so much’.

But while this post might appear legitimate at first glance, this is actually a fake link to a malicious website.

Mr Arntz writes: ‘The BBC news logo in the picture and the BBCNEWS part of the URL are…

Source…

This Hacker Stole Data From 200M Americans. Now He’s Infiltrating Scam Gangs.

/in


Sitting in court, Ngo Minh Hieu knew he had fucked up big time. 

In July 2015, the 25-year-old was sentenced to 13 years in prison for stealing personal information from approximately 200 million Americans—over 60 percent of the U.S. population—and selling it on the dark web. 

That day in court, the judge told him that they had received some 10,000 complaint letters from his victims. Among them was a woman who had lost her house and was struggling to feed her children after her personal information was hijacked by malicious actors, landing her in crippling debt.

It was then that the gravity of what he had done dawned on him. 

“I felt like a serial killer,” he told VICE World News. “When I was still making money and living a good life in Vietnam, I thought that information was just numbers.”

“I couldn’t imagine that stealing U.S. identities would bring so much damage to a person’s life.”

Today, his life is unrecognizable from that of the prolific hacker he was 10 years ago. After a seven-year stint in U.S. federal prison, the 33-year-old today is still trawling the dark web, but now working for the Vietnamese government to hunt cybercriminals like he once was. As part of this grand redemption arc, the past year has also seen him tackling a disturbing new breed of cyber scammer in Cambodia, where thousands of human trafficking victims are trapped and tortured in industrial-scale centers, forced to lure internet users into online frauds. 

Fueling these attempts to make amends is the nagging guilt over his crime spree, described by U.S. authorities as one of the most prolific identity thefts in U.S. history, which he says continues to haunt many of his victims today.

“Every time I have a chance to speak with the media, I always try to apologize to American people as much as possible,” Hieu said. “Because I know the damage is already done and it’s very difficult to recover when your identity gets traded or sold to bad people on the dark web.”

Hieu grew up in Cam Ranh, a city in south Vietnam, where his parents owned a small electronics store. He got his first computer when he was 13, and by age 14, the curious teen was already dipping his toe into the world of hacking,…

Source…

Journalist warns Missouri about security breach. He’s threatened with criminal charges. – East Bay Times

/in


JEFFERSON CITY, Mo. (AP) — Gov. Mike Parson on Thursday condemned the St. Louis Post-Dispatch for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

Parson told reporters outside his Capitol office that the Missouri State Highway Patrol’s digital forensic unit will be conducting an investigation “of all of those involved” and that his administration had spoken to the prosecutor in Cole County.

The governor suggested that the Post-Dispatch journalist who broke the story committed a crime and said the news outlet would be held accountable.

The state’s schools department had earlier referred to the reporter who broke the story as “a hacker.”

The Post-Dispatch broke the news about the security flaw on Wednesday. The newspaper said it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

It notified the Department of Elementary and Secondary Education and gave it time to fix the problem before the story was published.

After removing the pages from its website Tuesday, the agency issued a news release that called the person who discovered the vulnerability a “hacker” — an apparent reference to the reporter — who “took the records of at least three educators.” The agency didn’t elaborate as to what it meant by “took the records” and it declined to discuss the issue further when reached by The Associated Press.

The Post-Dispatch journalist found that the school workers’ Social Security numbers were in the HTML source code of the pages. It estimated that more than 100,000 Social Security numbers were vulnerable.

Source codes are accessible by right-clicking on public webpages.

The newspaper’s president and publisher, Ian Caso, said in a statement that the Post-Dispatch stands by the story and  journalist Josh Renaud, who he said “did everything right.”

“It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to the Department of Elementary…

Source…