Cybercrime Archives | Page 75 of 91 | Digital Watch Observatory

Hackers fail to cash in after breaching X accounts

A group of crypto scammers appears to have missed out on a major payday after hacking several high-profile social media accounts on 18 September, only to walk away with just a few thousand dollars. The compromised accounts, including Lenovo India, Yahoo News UK, and film director Oliver Stone, were used to promote a Solana-based memecoin called HACKED.

The hackers took an unusual approach by openly admitting the accounts had been breached and encouraging followers to invest in the token, claiming they could all profit together. However, this tactic backfired. Blockchain investigator ZachXBT revealed that top traders made less than $1,000, and the scammers only earned about $8,000 after removing liquidity from the coin.

Despite the initial pump, the HACKED token quickly collapsed, with its market cap falling to just $3,100. ZachXBT speculated that the affected accounts may have granted permissions to the same site or app, reminding users to review their connected apps for security. This is the latest instance of hackers targeting social media accounts to promote dodgy cryptocurrencies.

Australian police arrest alleged crime app mastermind

Australian authorities have charged a Sydney man with creating and managing an encrypted messaging app, Ghost, allegedly used by global crime networks. The man, 32, was arrested in western Sydney and appeared in court on Wednesday, facing multiple charges related to the platform’s role in organised crime. Ghost is said to have been used by syndicates from Australia, the Middle East, and South Korea for drug trafficking and contract killings.

Police, in collaboration with international forces, carried out extensive raids across Australia and beyond, with searches also conducted in Italy, Ireland, Sweden, and Canada. Up to 50 Australians allegedly involved with Ghost are now facing charges, with significant prison terms expected. More arrests are anticipated in both Australia and abroad.

Authorities have made a breakthrough by cracking Ghost’s encryption, preventing the deaths or serious injuries of 50 individuals in Australia. This marks the first time an Australian has been accused of running a global criminal messaging platform, a major milestone in the country’s fight against organised crime.

The Australian Federal Police Deputy Commissioner highlighted the complex nature of dismantling encrypted communication platforms. The success in accessing evidence from Ghost represents a major achievement in efforts to disrupt global criminal activity.

Tanzania embraces AI to tackle rising cybercrime

Tanzanian President Samia Suluhu Hassan has called for the integration of AI into the strategies of the Tanzania Police Force to address the escalating threat of cybercrime. Speaking at the 2024 Annual Senior Police Officers’ Meeting and the 60th Anniversary of the Tanzania Police Force, President Samia emphasised that in today’s digital age, leveraging advanced technology is crucial for effectively combating online threats. She highlighted the necessity for the police to adapt technologically to stay ahead of sophisticated cybercriminals, underlining the importance of embracing these advancements.

In her address, President Samia also drew attention to a troubling surge in cybercrime, with incidents increasing by 36.1% from 2022 to 2023. She noted that crimes such as fraud, false information dissemination, pornography distribution, and harassment have become more prevalent, with offenders frequently operating from outside Tanzania. The President’s remarks underscore the urgency of adopting advanced technological tools to address these growing challenges effectively and to enhance the police’s capability to counteract such threats.

Furthermore, President Samia emphasised the need to maintain peace and stability during the upcoming local government and general elections. She tasked the police with managing election-related challenges, including defamatory statements and misinformation, without resorting to internet shutdowns. President Samia underscored that while elections are temporary, safeguarding a stable environment is essential for ongoing development and progress by stressing the importance of preserving national peace amidst political activities.

FBI takes down another Chinese hacking group ‘Flax Typhoon’

The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.

Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.

The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.

CISA launches FOCAL plan to strengthen federal cybersecurity

The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.

The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.

The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.

Drone technology smuggling: Russian man charged in US

A Russian national has been arrested in Florida on charges of illegally exporting drone-related technology to Russia. Authorities allege that 44-year-old Denis Postovoy, residing in Sarasota, smuggled microelectronic components with military applications to Russia following the 2022 invasion of Ukraine.

Postovoy is accused of violating US law by shipping technology that could enhance Russia’s military capabilities in the conflict. The Department of Justice stated that the exported components are used in drones and have dual-use potential for military purposes.

To conceal his activities, Postovoy allegedly worked through a network of companies in Russia and Hong Kong. He is said to have purchased the components from US distributors and sent them to intermediary locations before reaching Russia.

While the Russian embassy has acknowledged Postovoy’s detention, it noted no official communication from US law enforcement regarding the arrest has been received.

US CISA urges to address vulnerable Ivanti appliance

The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.

Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.

CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.

This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.

Senators call for action to tackle Bitcoin ATM scams

A group of US Senate Democrats has called on the nation’s largest Bitcoin ATM operators to step up efforts in preventing fraud targeting elderly Americans. The Senators, led by Senate Judiciary Committee Chair Dick Durbin, addressed the growing number of scams using Bitcoin ATMs, urging companies to take immediate action to protect vulnerable populations.

Data from the Federal Trade Commission reveals that in the first half of this year alone, Bitcoin ATM-linked fraud amounted to $65 million. Older adults, particularly those aged 60 and over, were disproportionately affected, being three times more likely to report financial losses than younger users. Senators, including Elizabeth Warren, pointed to recent reports showing scammers coercing elderly individuals into sending funds through Bitcoin ATMs.

The Senators have asked major Bitcoin ATM firms to respond by early October, detailing their measures to combat fraud. This comes amid broader concerns over the rise in crypto scams, with the FBI reporting a significant increase in overall crypto-related fraud this year.

Meta bans Russian state media over covert online operations

Meta, the parent company of Facebook, has banned several Russian state media outlets, including RT (Russia Today) and Rossiya Segodnya, from its platforms due to their involvement in covert online influence operations. The censorship decision significantly escalates Meta’s actions against Russian media, as it previously restricted their activities by limiting ad access and post visibility. Meta explained that after reviewing ongoing foreign interference by these outlets, it expanded its enforcement to ban them from all its apps, which include Instagram, WhatsApp, and Threads. The company expects the ban to take full effect in the coming days.

The decision follows recent charges by US authorities against two RT employees accused of money laundering in connection with efforts to influence the 2024 US elections. US Secretary of State Antony Blinken has urged countries to treat RT’s activities as covert intelligence operations rather than legitimate journalism. Despite these developments, RT has criticised the US government’s actions, accusing them of stifling the media outlet’s ability to function as a journalistic organisation.

Meta also shared that Russian state media outlets have attempted to conceal their online activities before, and it anticipates further attempts to evade the newly imposed restrictions. The Russian embassy and the White House have yet to comment on Meta’s decision.

Telegram’s Pavel Durov faces criminal probe in France under LOPMI law

France has taken a bold legal step with its new law, targeting tech executives whose platforms enable illegal activities. The pioneering legislation, enacted in January 2023, puts France at the forefront of efforts to curb cybercrime. The law allows for criminal charges against tech leaders, like Telegram CEO Pavel Durov, for complicity in crimes committed through their platforms. Durov is under formal investigation in France, facing potential charges that could carry a 10-year prison sentence and a €500,000 fine. He denies Telegram’s role in facilitating illegal transactions, stating the platform complies with the EU regulations.

The so-called LOPMI (Loi d’Orientation et de Programmation du Ministère de l’Intérieur) 2023-22 law, unique in its scope, is yet to be tested in court, making France the first country to target tech executives in this way directly. Legal experts point out that no similar laws exist in the US or elsewhere in the Western world.

What is LOPMI?

The LOPMI law for the Ministry of the Interior outlines a €15 billion plan over five years to address future security challenges by enhancing human, legal, and budgetary resources. It aims to modernise operations through digital transformation, with nearly half the budget dedicated to digitising services, modernising investigative tools, and improving cybercrime response. The law plans to create 8,500 new jobs, improve recruitment diversity, and double police and gendarme presence by 2030. It emphasises crisis management, especially for civil security and climate events, and strengthens public order for major international events like the 2024 Olympics. Additionally, it aims to improve border security through advanced technology and cooperation.

While the US has prosecuted individuals like Ross Ulbricht, founder of the Silk Road marketplace, those cases required proof of active involvement in criminal activity. However, French law seeks to hold platform operators accountable for illegal actions facilitated through their sites, even if they were not directly involved.

Prosecutors in Paris, led by Laure Beccuau, have praised the law as a powerful tool in their fight against organised cybercrime, including child exploitation, credit card trafficking, and denial-of-service attacks. The recent high-profile arrest of Durov and the shutdown of other criminal platforms like Coco highlight France’s aggressive stance in combating online crime. The J3 cybercrime unit overseeing Durov’s case has been involved in other relevant investigations, including the notorious case of Dominique Pelicot, who used the anonymous chat forum Coco to orchestrate heinous crimes.

While the law gives French authorities unprecedented power, legal and academic experts caution that its untested nature could lead to challenges in court. Nonetheless, France’s new cybercrime law seriously escalates the global battle against online criminal activity.