Tag: teenagers | SpinSafe

Two teenagers among 13 arrested over links to Android banking-related malware scams

August 26, 2023/in Computer Security

SINGAPORE: Two teenagers were among 13 people arrested for their suspected involvement in banking-related malware scams targeting Android users.

The 15-year-old individuals were nabbed alongside seven men and four women aged 17 to 25, said the police in a news release on Saturday (Aug 26).

All of them were arrested during an anti-scam enforcement operation conducted by the police between Aug 14 and Aug 25.

Two other women, aged 29 and 39, and another 15-year-old teenager are assisting with investigations.

Preliminary police investigations revealed that the 13 suspects had allegedly facilitated the scam cases by relinquishing their bank accounts. Some of them also relinquished their internet banking credentials or disclosed their Singpass credentials for monetary gain.

Cases of malware being used to compromise Android mobile devices have been on the rise since January, said the police.

This results in unauthorised transactions made from the victims’ bank accounts even though they did not reveal their internet banking credentials, one-time passwords or Singpass credentials to anyone.

In such cases, the victims responded to advertisements on social media platforms and were later instructed by the scammers to download a malicious Android Package Kit from non-official app stores to facilitate the purchases, leading to malware being installed on the victims’ mobile devices.

The scammers then convince the victims via phone calls or text messages to turn on accessibility services on their Android phones. This allows the scammers to take full control of the mobile devices.

“This means that the scammers can log every keystroke and steal banking credentials stored in the phones and allows them to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules,” said the police.

The scammers can further delete SMS and email notifications of the bank transfers to cover their tracks.

The police advised members of the public to not click on suspicious links, scan unknown QR codes or download mobile apps from third-party websites.

“These unverified apps may contain malware, which can severely…

Source…

court finds teenagers carried out hacking spree

August 23, 2023/in Computer Security

A court has found an 18-year-old from Oxford was a part of an international cyber-crime gang responsible for a hacking spree against major tech firms.

Arion Kurtaj was a key member of the Lapsus$ group which hacked the likes of Uber, Nvidia and Rockstar Games.

A court heard Kurtaj leaked clips of the unreleased Grand Theft Auto 6 game while on bail in a Travelodge hotel.

The audacious attacks by Lapsus$ in 2021 and 2022 shocked the cyber security world.

Kurtaj is autistic and psychiatrists deemed him not fit to stand trial so he did not appear in court to give evidence.

The jury were asked to determine whether or not he did the acts alleged – not if he did it with criminal intent.

Another 17-year-old who is also autistic was convicted for his involvement in the activities of the Lapsus$ gang but can not be named because of his age.

The group from the UK, and allegedly Brazil, was described in court as “digital bandits”.

The gang – thought to mostly be teenagers – used con-man like tricks as well as computer hacking to gain access to multinational corporations such as Microsoft, the technology giant and digital banking group Revolut.

During their spree the hackers regularly celebrated their crimes publicly and taunted victims on the social network app Telegram in English and Portuguese.

The trial was held in Southwark Crown Court in London for seven weeks.

Hacking spree one

Jurors heard that the unnamed teenager started hacking with Kurtaj in July 2021 having met online.

Kurtaj aided by Lapsus$ associates, hacked the servers and data files of telecoms company BT and EE, the mobile operator, before demanding a $4m (£3.1m) ransom on 1 August 2021.

Lapsus text message — The hackers sent out threatening text messages to 26,000 EE customers

No ransom was paid but the court heard that the 17-year-old and Kurtaj used stolen SIM details from five victims to steal a total of nearly £100,000 from their crytpocurrency accounts which were secured by their compromised mobile phone SIM identities.

Both defendants were initially arrested on 22nd January 2022, then released under investigation.

Hacking spree two

That did not deter the duo who continued hacking with Lapsus$ and successfully breached Nvidia, a Silicon Valley tech giant…

Source…

The bored teenagers who can disrupt the world

June 24, 2023/in Internet Security

Most of us live a strange double life when it comes to hacking. We read headlines saying that our toaster might spy on us, that Russia is trying to hack into our social media, and that society as a whole could be under threat. At the same time, we install smart speakers in every room of our house, post more than ever to social media, and the worst we see of hacking attempts is the occasional email from a Nigerian ‘prince’. Trying to calibrate whether we should be terrified or unconcerned is a difficult task, so it’s refreshing when Scott Shapiro – a Yale law professor who also serves as the director of the university’s cybersecurity lab – says early in his book that neither is the correct approach.

The Mirai botnet wasn’t the work of a nation state but of three young men hoping to make a few quick bucks

If Fancy Bear Goes Phishing – the title a reference to the ‘Fancy Bear’ codename given to a Russian military hacking team – has any one message, it’s that hacking is not really about code, databases or infrastructure. It’s much more a story at the human level, about bored teenagers, under-employed twentysomethings, badly-drafted liability law and even social norms. As if to emphasise this, it sets out its case by describing five major hacks at different stages of the internet’s development.

The first was largely accidental, the work of the graduate student son of a senior National Security Agency official in the late 1980s.The second carried a tribute to a woman whom the hacker was trying to impress – the respected security researcher Sarah Gordon, who had jokingly asked for a virus to be dedicated to her, and who came to deeply regret that attempt at humour. The third hack, of Paris Hilton’s phone, was by a disaffected American teenager just looking for an outlet. Fancy Bear comes fourth, with Shapiro detailing how Hillary Clinton’s close adviser, John Podesta, and the Democratic National Committee were compromised by Russian state hackers. But it’s the fifth that is perhaps most striking: the creation of the Mirai botnet (named after an anime character) in 2016. This was a force that could have ‘taken down the internet’, which…

Source…

Two teenagers charged in relation to LAPSUS$ hacking group investigation • Graham Cluley

April 2, 2022/in Computer Security

Two teenagers charged in relation to LAPSUS$ hacking group investigation

City of London Police have charged two teenagers in relation to the ongoing investigation into the LAPSUS$ hacking group.

The teenagers, aged 16 and 17, were scheduled to appear at Highbury Corner Magistrates Court in Islington this morning.

The pair have been charged with three counts of unauthorised access to a computer with intent to impair the reliability of data, one count of fraud by false representation, and one count of unauthorised access to a computer with intent to hinder access to data.

Sign up to our newsletter
Security news, advice, and tips.

The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program.

Last week, British police announced that they had arrested seven people between the ages of 16 and 21 in relation to their investigation into the LAPSUS$ group which has stolen and leaked data from the likes of Microsoft, NVIDIA, Ubisoft, Samsung, Globant, and Okta.

The FBI recently requested the public’s assistance in identifying anybody connected with the LAPSUS$ group.

The two charged teenagers cannot be named for legal reasons.

As yet, there has been no comment about the charges against the teenagers on LAPSUS$’s normally garrulous Telegram channel.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Source…

Tag Archive for: teenagers

Hacking spree one

Hacking spree two