35 Burst results for "Cybercrime"

SolarWinds hackers breached US Treasury officials’ email accounts

Cyber Security Headlines

02:52 min | Last month

SolarWinds hackers breached US Treasury officials’ email accounts

"Attackers stage. A dry run get solar winds in october. Two thousand nineteen. Yahoo news is sources. Say the operators of the attack conducted a test of the campaign five months before the supply chain attack began in earnest. This test sent files without back. Doors through signed updates to orion seemingly detest they would actually be delivered and detected and updated. Faq by solar winds indicates that this was the first modification to its updates. It was aware of in related. News and analysis by the wall street journal farsight security and risk iq identified twenty four organizations that installed solar ones orion platform with militias backdoors installed including cisco intel invidia. Vm-ware belkin kent state university the california department of state hospitals and deloitte nso group spyware reportedly used against journalists a new report from security researchers at citizen lab at the university of toronto details. How government operatives used the pegasus spyware from nso group to attack the phones of thirty-six journalists producers and executives at al jazeera as well as journalist at el arab tv in london the attack was carried out using the click kismet exploit chain and i message that worked against phones running. Iowa's thirteen dot five dot one or earlier. Apple said at pets vulnerabilities seemingly with iowa's fourteen. Cia agents exposed with stolen data. A new report in foreign policy looks at the impact of data stolen by state-backed groups and other ap tease round twenty thirteen. The cia began to notice that undercover operatives in africa and europe began to be rapidly identified by chinese operatives. This marked a period where the us intelligence community noted a general professionalization of china's intelligence operations building infrastructure to process that data. They were already collecting both officially and illicitly as well as general rooting out of corruption that previously led to deep penetration into the chinese government. In the early two thousands china began tracking flights and passenger lists it also when after biometric data at airports like at bangkok this information was correlated with data gathered on an attack at the office of personnel management in two thousand twelve which leaked personal data from twenty one point five million people that data could be analyzed to figure out who was a us agent pair that information with travel data and you could figure out who from china those agents met with and with the background data indicating who might be approached at becoming sa asset europol. The european commission launch a new decryption platform. This platform was lodged in collaboration with the european commission's joint research center designed to aid authorities in decrypt information that is obtained lawfully in criminal investigations and managed by your oppose european cybercrime centre functionally. This platform will use in-house expertise with both software and hardware tools to provide effective assistance to national member. state investigations. National police forces from member states can now send lawfully obtained evidence to europol for decryption.

Belkin Kent State University California Department Of State Citizen Lab Nso Group El Arab Tv NSO CIA The Wall Street Journal University Of Toronto Al Jazeera Yahoo Intel China Cisco Iowa London Office Of Personnel Management Apple Africa
The abrupt shift to remote working has amplified cyber security problems

BTV Simulcast

03:04 min | Last month

The abrupt shift to remote working has amplified cyber security problems

"The world continue to work from home on often less secure networks during the pandemic, the cyber security firm McAfee says it is seeing a large increase in the frequency. And the severity of cyber attacks on businesses. In a new report titled The Hidden Costs of Cyber Crimes, they find that cyber crime now costs the global economy more than a trillion dollars, jumping more than 15% in two years. Joining us out for more McAfee senior vice president and CEO Steve Goldman. So how do you get to that number? $1 trillion Emily. It's really about looking at all of the indirect costs that impact cybercrime everything from opportunity cost brand reputation, impact to employee morale. If you add up all of those costs as well as the cost. To secure environments. That's where the model that C s. I s whom we partnered with on this report Got to that staggering $1 trillion number. So how does the activity you're seeing now compared to let's say last year, this time given that world working from home, so many people are schooling from home, and so much more of work is distributed. There's a few things first off on the working from home. It basically creates soft targets for the cyber criminals. You can think of. Everybody working from home is now being partially their own I T Department They're working on home networks. They're using consumer devices, and that makes it easier for cyber criminals to get into an organization. We're also seeing the cyber criminals attack differently. They used to attack a system or device. Now we see them taking over an organization which makes it a lot more difficulty and more expensive to know when they fully been removed. In cyberspace. The attacks are sometimes coordinated or happening in parallel to things happening at the government or geopolitical level, you know? Is there anything in particular that you believe in new and incoming administration should be on the lookout for Given the state of where we are right now in cyberspace and make pandemic and still no vaccine yet actually on the market. Absolutely so One of the things that the report goes into is many countries failed to enforce cybercrime laws. In some cases, such as North Korea, we actually see that the state itself Is conducting cyber criminal activity to pay for things like their nuclear program as part of the new administration being able to have a discussion where zero tolerance policy for cyber crime occurring within a country is key. And also setting new norms, making it clear that no government should tolerate theft of things like intellectual property, which is really critical to our industry in the tech sector.

Mcafee Steve Goldman Emily C North Korea
Computer Crime Law Scrutinized at Supreme Court

Techmeme Ride Home

03:28 min | Last month

Computer Crime Law Scrutinized at Supreme Court

"Finally today there was an interesting tech related case that was argued before the. Us supreme court yesterday it involves a nineteen eighty-six computer crime law that has been used ever since to prosecute hackers and internet activist than the like people have been arguing strenuously that the law is outdated and indeed as justice gorsuch said in yesterday's court hearing the us government's interpretation of the law risks quote making a federal criminal of us all and quote. And yes if you're wondering this is indeed the so called. Aaron swartz law quoting politico. The supreme court on monday indicated serious reservations about the ambiguity and scope of the nation's only major cybercrime law hinting. It may narrow the law's applicability to avoid criminalising acts such as checking social media at work during arguments in a case involving a georgia police officer convicted of violating the nineteen eighty-six computer fraud and abuse act by accessing a license plate database. The justices pushed a justice department. Lawyer to explain how a ruling in the government's favour wouldn't open the door to prosecutions of innocuous behavior those could include browsing instagram on computer or performing public-spirited security research to test a system for vulnerabilities as the first see. Faa challenge to reach the high court. The van buren case generated amicus briefs from a wide range of technology privacy and cyber security experts. Most of them on van buren side a group of cybersecurity. Experts described the faa a sword hanging over the head of researchers who probe computers for weaknesses with the goal of helping their owners fix the flaws. The most controversial ever see faa case never reached a verdict. In two thousand eleven federal prosecutors indicted the prominent internet freedom activists aaron sorts on hacking charges for downloading millions of journal articles using a subscription provided by mit swertz. Then twenty four face thirty five years in prison. He by suicide in january twenty thirteen while awaiting trial. The justices sounded alarm. Monday about the broader reading of the cfe. A justice neal gorsuch suggested that the van buren case was the latest example of the government. Trying to broaden the scope of criminal laws incontestable ways several justices expressed uncertainty about the definitions of key terms in the law such as authorization and they spent a significant amount of time asking both lawyers about the meaning of the word so in one part of the statute quote. What is this statute talking about. When it speaks of information in the computer justice samuel alito asked finding in at one point. All information that somebody obtains on the web is in the computer in a sense. I have a feeling. That's not what congress was thinking about when adopted this law. I don't really understand the potential scope of the statute without having an idea about exactly what all those terms mean li added. The justices also sought more clarity about the consequences. That fisher argued would result from abroad. Reading of the faa alina. Ask fisher to explain how the would criminalize one of his example scenarios. Wait on dating website. Fisher responded that by receiving interested messages from potential romantic partners based on falsified. Wait the user would be obtaining information from a computer in violation of the websites terms of service and also thus these cf a similarly fisher told justice elena kagan checking instagram at work constituted obtaining words and pictures from ones instagram feed and if a company prohibited social media browsing on computers obtaining that information would also violate the cf a bike contravening the employers policy and quote

FAA Gorsuch Van Buren Supreme Court Aaron Swartz Justice Neal Gorsuch Us Government Justice Department Government Georgia MIT Aaron Samuel Alito Fisher Alina LI Congress Instagram
Two More New 0-Days Revealed in Chrome

Security Now

04:21 min | 2 months ago

Two More New 0-Days Revealed in Chrome

"Two more new zero days revealed in chrome last week. We had three zero days patched in the previous two weeks today. We have five zero days patched in the previous three weeks. She's i know. And i we were just talking about this last week. Saying you know Once upon a time. I e was the favored target. Now it's clear. Chrome has become the majority browser. And you know it's trying to be kind of an every man's application execution environment. It's trying to be a little mini operating system with all the crap that that that the world wide web consortium keeps pouring into our browsers and is bugs so less wednesday. The eleventh chrome announced the stable channel. Update for windows. Mac and lennox. We're now at eighty six point zero point four to forty dot one nine eight and i had commented last week that i was already a dot one nine whatever it was or one six three or something i. I was further along then. Data made any announcement of and i didn't know why maybe this was part of that So this one is already rolled out under security fixes and rewards in their announcement of this stable update. They noted their standard boilerplate that details. Would-be kept restricted until the majority of users would no longer be effected. They indicated that both of those new in the wild zero days were discovered and reported by anonymous unquote the first on the seventh. And the second on the ninth and this thing was released on the eleventh so the update was pushed out to our desktops very quickly after it was reported to google And the bounty rewards for both of those was was dollar sign. T be d so you know to be determined The first flaw was another of those quote inappropriate implementation in eight which is exactly the exact language that was used to describe. The previous week's zero day vulnerability the other flaw was a use after free claw in the site isolation component which of course we depend upon. Because we don't want cross site exploitability and you know. This is the model for the way we need to be doing. Security moving forward researchers spot problems either doing static research or by catching something that they see happening in the wild. They report them privately to the responsible party. Whomever that is that responsible party rewards them for their discovery and for keeping their report private and then quickly updates the affected software pushing it out to all affected parties or devices depending on what it is. I mean that's what we're seeing here. Problems are being found. I mean they're going to exist in something as as crazy complicated as a modern browser not dimension an operating system. There's gonna be problems. There seems to be no end of them. You know we'll be talking about last tuesday's hundred and twelve things that were fixed and remember those are those. Those didn't just appear in the last month. Those have been lurking in windows and all related applications for probably a long time. We know that some of them affect windows seven the end. Those are not getting fixed anymore. So you know what. That's two thousand eight. That's twelve years ago. So we have this problem One thing we know today with absolute certainty is that cyber war and cybercrime either ad hoc organized are very real things

Lennox Google
"cybercrime" Discussed on The CyberWire

The CyberWire

07:59 min | 3 months ago

"cybercrime" Discussed on The CyberWire

"Their biggest claim to fame or what they were known for is their one of the early adapters that really got into leveraging a tax for for what they call it supply chain attacks leveraging victims for tax for a later stage of a of bigger objective So they would get into all these other companies I in order to use them to sort of traverse those trusted relationships into what their actual target was, and you know they were one of the groups that that sort of created that and started doing you know we really didn't see much of that and now it's much more common but these guys. Were doing it. You know starting back in two thousand twelve, but it's also one of the most confusing groups because you know most of the attackers that you see while in the espionage game especially, if they're a group that is involved in espionage generally on cybercrime so that really confused a lot of researchers and so the reason sort of throwing that is you know when we look track activity and you will try identify motivation, it really throws you off when you start to see very different types of of tax rate you're looking for a complete different end result You don't usually see financial gain involved with operation that. Is trying to steal information that's clearly going to be used for political or military purposes. So this group really is interesting because of that. So you have all these pockets of activities. See things you know involving clearly very custom develops a sophisticated espionage malware that steals information, and then you see other attacks where they're leveraging that and and using it for for financial gain in really you know one of the biggest differences you know in that was looking in the times of use of when these types of attacks were doing we can. Talk about that a little bit more in detail. But but yeah, that we've been tracking him since two thousand eleven and they have quite a tool set of their own malware that they used for these attacks we that there were, you know small group They clearly had ties back to the China region and they clearly had the resources to have custom tools, custom malware, and they appear to be very long-term objective oriented attackers meaning they'd have all these different phases of an attack before you could figure out what the actual real true objective was. Can you give us some insights a as a researcher what is the process like for you and your colleagues for sort of connecting the dots for determining as as time goes by what what do you include with this group? Would you exclude how do you? How do you make that that circles smaller and smaller over time to know exactly who you're dealing with an unlikely what they're up to? Yes that's a great question. So the normal process of how we apply that. Any sort of targeted attack is to not just look at the first attack. So usually you again because of one event or one attack. But. What you need to do when it comes to these sophisticated attackers is expand that pivot in identify other infrastructure, other malware, other victims, and then do rear view mirror look to see. Okay. Are there other campaigns? Maybe there's a different vertical. A. Different sector that's been targeting, but you're not seeing, but you can learn about the tactics from that group. So you you really need to pivot and look back rear view mirror, collect all that information we analyze everything that you have in sort of come up with a bigger picture hypothesis of what that attacker is doing, what is their motivation, and what is all these smaller attacks lead up to a this group however made that very difficult and the reason I say that is what alluded to before we looked at the pocket of activity and you have custom malware that you believe is unique to when it's hacker. something that you think is resource back to a nation. That attacker is it's you know it's for those military government purposes. Therefore, you don't usually see that very sophisticated malware used for financial gain attacks and the reason why is you know they spend all this time developing this malware you don't WanNa, take the chance that it's going to get identified and then researchers antivirus and defenders can now right signature is a detective and your advanced operation that you spent all this time and money on is a major component of it is no longer usable. So that's what was so weird about this is you know we were seeing what was clearly espionage operations and then shortly after we began. To. See these financial gain motivated attacks. One of the things that we did as sort of alluded to earlier that really helped us to figure this out was a time time boxing activity. So taking longer range time periods of the activity in plotting the hours of actual human on victim network time. So when he was actually logged in doing things as part of the attack so those high fidelity timestamps if you will of events and then you plot those over time and you sort of look for what would fit in a workday this is really relevant for nation state attacks because usually you're a game, guys are are. Working Day shift That's just trend that we often see you have different teams usually you're eight-game guys will be working during the day I'm. So anyway, you look for that the try to come up with time zones that fit a possible workday, and then you apply that to regions of the world. Well, we noticed when we did that is there were very distinctive patterns between while using the same our tools that were very distinctive patterns between the espionage eared attacks verses, the cybercrime financial gain motivated attacks, and what we saw was those the the financial gain motivated attacks against many of the video game companies that we. Saw were actually taking place between ten PM in one. Am I in the same time zone that that we had, you know leveraged from a a time zone analysis of the of the espionage attacks. So by applying that because we have less data from CYBERCRIME. So applying though that that stained time zone to to those attacks assuming that because the Malheur so unique that the people using it must be at least have a relationship with those who are doing espionage attack allowed us to sort of make that assumption. Okay. These guys are using it at night and what's the first thing you think of as I say this moonlighting? Exactly yeah right right. You're sitting you know. When do you ever see like espionage operators at? A. Few hours here. Tonight, let's go make some money is I mean you just don't see that in that? We saw that back then and that made the so interesting and You know we did some collaboration with some the analysts at a fire I. Wish we talked about this at say this year. Myself and some fire guys are we did a panel we actually did it use taste on on this exact group and the reason we did it is we SYMANTEC on track to different groups We believe just like fire I did the same individuals behind the activity however, the actual buckets of activity what they're doing was different. So we track it by the activity not the people fire fireeye tracks it more by the people not the activity so neither is wrong but we track them very different. So that's one of the things that we discussed point being though that's what makes this interesting is you have these? Operators Moonlighting using the same weapons essentially to come up.

CYBERCRIME SYMANTEC boxing researcher China Malheur
Chinese Espionage Group Charges: Leveraging For A Bigger Objective.

The CyberWire

05:02 min | 3 months ago

Chinese Espionage Group Charges: Leveraging For A Bigger Objective.

"Their biggest claim to fame or what they were known for is their one of the early adapters that really got into leveraging a tax for for what they call it supply chain attacks leveraging victims for tax for a later stage of a of bigger objective So they would get into all these other companies I in order to use them to sort of traverse those trusted relationships into what their actual target was, and you know they were one of the groups that that sort of created that and started doing you know we really didn't see much of that and now it's much more common but these guys. Were doing it. You know starting back in two thousand twelve, but it's also one of the most confusing groups because you know most of the attackers that you see while in the espionage game especially, if they're a group that is involved in espionage generally on cybercrime so that really confused a lot of researchers and so the reason sort of throwing that is you know when we look track activity and you will try identify motivation, it really throws you off when you start to see very different types of of tax rate you're looking for a complete different end result You don't usually see financial gain involved with operation that. Is trying to steal information that's clearly going to be used for political or military purposes. So this group really is interesting because of that. So you have all these pockets of activities. See things you know involving clearly very custom develops a sophisticated espionage malware that steals information, and then you see other attacks where they're leveraging that and and using it for for financial gain in really you know one of the biggest differences you know in that was looking in the times of use of when these types of attacks were doing we can. Talk about that a little bit more in detail. But but yeah, that we've been tracking him since two thousand eleven and they have quite a tool set of their own malware that they used for these attacks we that there were, you know small group They clearly had ties back to the China region and they clearly had the resources to have custom tools, custom malware, and they appear to be very long-term objective oriented attackers meaning they'd have all these different phases of an attack before you could figure out what the actual real true objective was. Can you give us some insights a as a researcher what is the process like for you and your colleagues for sort of connecting the dots for determining as as time goes by what what do you include with this group? Would you exclude how do you? How do you make that that circles smaller and smaller over time to know exactly who you're dealing with an unlikely what they're up to? Yes that's a great question. So the normal process of how we apply that. Any sort of targeted attack is to not just look at the first attack. So usually you again because of one event or one attack. But. What you need to do when it comes to these sophisticated attackers is expand that pivot in identify other infrastructure, other malware, other victims, and then do rear view mirror look to see. Okay. Are there other campaigns? Maybe there's a different vertical. A. Different sector that's been targeting, but you're not seeing, but you can learn about the tactics from that group. So you you really need to pivot and look back rear view mirror, collect all that information we analyze everything that you have in sort of come up with a bigger picture hypothesis of what that attacker is doing, what is their motivation, and what is all these smaller attacks lead up to a this group however made that very difficult and the reason I say that is what alluded to before we looked at the pocket of activity and you have custom malware that you believe is unique to when it's hacker. something that you think is resource back to a nation. That attacker is it's you know it's for those military government purposes. Therefore, you don't usually see that very sophisticated malware used for financial gain attacks and the reason why is you know they spend all this time developing this malware you don't WanNa, take the chance that it's going to get identified and then researchers antivirus and defenders can now right signature is a detective and your advanced operation that you spent all this time and money on is a major component of it is no longer usable. So that's what was so weird about this is you know we were seeing what was clearly espionage operations and then shortly after we began. To. See these financial gain motivated attacks.

China
Ransomware epidemic during the pandemic

The CyberWire

02:32 min | 3 months ago

Ransomware epidemic during the pandemic

"This week's warnings about hospitals in ransomware continued to move organizations to higher levels of alert and to be born out in reported attacks. US public and private organizations. CISA. The FBI and the Department of Health and Human Services on the federal side. and. Fire is Mandy Unit on the private side have warned that organizations in the healthcare and public health sector are under an increasing threat from ransomware strains deployed are usually conti and especially riot. The perpetrators are russophone gangsters not spies. These particular gangsters get even worse press than such gun IFS usually ATTRAC- brazen ars technica calls them others say despicable conscienceless loathesome you get the picture. It's clear why they've attracted so much deserved odium attacks on the availability of healthcare are hateful and the best of times and with the covid nineteen pandemic. These aren't the best of times. It's equally clear why the hoods are interested in hospitals, data availability and privacy are at a premium and the healthcare sector is under unusual pressure to knuckle under extortion. They can't always shrug off a successful attack when patients safety and privacy are at stake. Security Affairs says, the hospitals in new. York Vermont have been the latest riot victims. Both the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont. Health Network have disclosed that they've sustained and are recovering from ransomware attacks. They're not alone wired puts the number of ransomware attack against hospitals in the dozens and the Wall Street Journal quotes Charles Carmichael. Chief Technology Officer at fire is Mandy in cybersecurity firm is saying quote most threat actors. They're explicitly not looking to hit hospitals. This group in particular has explicitly stated that they're going to hit hospitals and they've proven it. He adds this is the most significant cyber threat that I've seen in the United States in my career and quote. While, US hospitals have been notably affected by CYBERCRIME. It's not solely a US problem. The Montreal Gazette reports that various targets in Quebec have been hit including non healthcare targets and the transportation and law enforcement sectors. Montreal's Jewish General Hospital has been hit with cyber attack. The hospital's administrators says wasn't ransomware, but his conclusion was based on the fact that no extortion demand had yet been received.

Ransomware Wyckoff Heights Medical Center Department Of Health And Human Mandy FBI Charles Carmichael United States University Of Vermont Vermont Brooklyn Wall Street Journal The Montreal Gazette York Jewish General Hospital Quebec Montreal
FBI, other agencies warn of 'imminent cybercrime threat' to U.S. hospitals

America's Morning News

00:35 sec | 3 months ago

FBI, other agencies warn of 'imminent cybercrime threat' to U.S. hospitals

"Agencies say cybercriminals are unleashing a major ransomware assault against the health care system. Independent security experts say it's already hobbled at least five hospitals this week and potentially impact hundreds more. In a joint alert. The FBI and to federal agencies say they have credible information of an imminent cybercrime threat to U. S hospitals and health care providers. They say malicious groups are targeting the sector with ransomware that could lead to data theft and disruption of healthcare services. Although the attacks coincide with the election, there's no immediate indication they're motivated by anything but profit.

Data Theft Assault FBI U. S
"cybercrime" Discussed on The Healthcare Policy Podcast

The Healthcare Policy Podcast

06:36 min | 3 months ago

"cybercrime" Discussed on The Healthcare Policy Podcast

"Welcome to the healthcare policy podcast on the host David Intra Cosso. . This podcast discussed cybercrime or ransomware attacks against hospitals and other healthcare providers with Collab- Barlow CEO Synergistic Tech this barlow welcome to the program. . Hey pleasure to be here. . David. . Mr Biles vile is, , of course, , posted on the podcast website. . On background computer or cybercrimes against healthcare providers, , more of a hospitals, , disabled computer networks holding them for ransom. . Frequently for Bitcoin fee, , the tax have been prevalent since at least two, , thousand and ten. . This past month however, , universal health services with over four hundred locations. . Over in the US suffered a cyber attack disabling it's company wide computer network causing some it's hospitals to revert to pen and paper recordkeeping also last month the first known death. . Resulted from a ransomware attack in Germany when a patient did not survive transferred to another hospital. . Though a twenty nineteen hhs report found between twenty, , twelve and sixteen. . Hospital deaths increased after ransomware attacks. . Earlier this month covid nineteen VACs. . A covid nineteen vaccine trial was delayed by more attack or at least one. . Likely. . The most costly ransomware attack was to the UK's national health service in seventeen that amounted to an estimated one, , hundred, , twenty, , million in it costs and lost productivity. . ransomware attacks are on the increase especially amongst small hospitals, , particularly vulnerable to phishing attacks, , lasting upwards of tumor weeks because of their lean or inadequate security support. . As Josephine Wolf noted in October Seventeen New York Times editorial quote Unquote cybersecurity shortcomings in the healthcare sector needs to be addressed now. . More than ever when medical care is increasingly being offered via remote online formats. . In twenty twenty states introduced more than two hundred and eighty cybersecurity related bills enacting several related to task forces or commissions training. . Cybersecurity insurance in criminal. . Penalties. . The US Senate and House passed seven cybersecurity bills whoever not specifically addressed the healthcare industry and none became law. . With me again and discuss healthcare cybersecurity is synergise texts, , CEO. . COLLAB- Barlow so <hes> club with that. . As background LET'S START WITH A. . Primer Info. . I've read these ransomware products. . <hes> in part are. . Titled or named Wannacry Laki Win Plock encrypt locker. . <hes>. . Are some these known ransomware product. . So my question is, , how do these encrypt clinical data and to what effect? ? So. So . basically, , what happening if you look at ransomware incident is a you know a narrow will gets access to a network and that could be as simple as grabbing somebody's credentials. . You know maybe you were on a retail site, , use the same credentials you used at work that retail site was compromised and <hes>. . There are many locations on the dark web that will. . Sell compromised credentials or could have been through a phishing attack once the bad guy is into the network then there's two primary things that they're looking to do first is to move laterally. . They WANNA get as much access across the networks they can, , and there are a variety of tools that they'll deploy. . They will actually help them harvest additional credentials once they've got a beachhead. . On, , the network in addition to harvesting new credentials and kind of moving lateral or what we call lateral movement. . The other thing that are going to do is to try to elevate their privilege. . So going from maybe an administrator or you know a nurse and triage and maybe getting access to their credentials, , they're going to try to work their way up to a network. . Administrator or someone that controls access to the whole domain once they've been able to get in and move their tentacles around the organization, , then they're going to deploy their payroll, , which is one of several of the tools that you mentioned will allow them to then lock things up effectively what these tools, , our cryptographic tools, , and they basically take the entire hard drive at the device. . Scramble it and lock it up with a cryptographic key. . What we've seen of late is the bad guys oftentimes insert a new step just before scrambling data, , locking it all up in that the exfiltrated lot of it, , and they're using that to increase their chances of getting paid by potentially threatening to. . The organization by releasing that data if they don't pay ransom. . Okay. . Thank you so. . I in my reading. . It's uncertain Saul. Asked . you this question? ? What's your understanding? ? How frequently? ? Is this occurring in the healthcare sector? ? Oh, , it's every day I mean literally every single day because you got to remember what you read about in the news is only a very small fraction of what's actually going on even though technically speaking ransomware incident is as far as I'm concerned reportable incident <hes> because you gotta remember if the bad guy had enough access to walk up your data, , they had the same level of access needed to read the data and they actually in many cases had the same level access needed to change the data. . So the problem is you've actually lost control of that system when you've had a ransomware incident. . I. . So that was that was a question I did have. . Other than. . Possibly, , making this data public and you know healthcare data's is is is confidential proprietary, of , course. . What do they typically do this data other than hold it hostage? ? Well remember, this , is a organized crime. . It is a volume organization you're dealing with a human on the other end and that human is organized right. . You're not the only target, , their targeting dozens of organizations at the same time in many cases are teams of thirty individuals and you know there's a breakdown on that team there's a project manager of a boss. . There's people that are responsible for getting access. . There's people that are responsible for moving laterally people responsible for elevating credentials and people are responsible for negotiating. . Once walked up system

Collab- Barlow CEO Synergistic David Cosso David David Intra Cosso policy analyst US Senate Mr Biles CEO US Josephine Wolf New York Times UK Germany House
Caleb Barlow Discusses Healthcare Industry Ransomware Attacks and Measures to Prevent Cybercrimes

The Healthcare Policy Podcast

06:36 min | 3 months ago

Caleb Barlow Discusses Healthcare Industry Ransomware Attacks and Measures to Prevent Cybercrimes

"Welcome to the healthcare policy podcast on the host David Intra Cosso. This podcast discussed cybercrime or ransomware attacks against hospitals and other healthcare providers with Collab- Barlow CEO Synergistic Tech this barlow welcome to the program. Hey pleasure to be here. David. Mr Biles vile is, of course, posted on the podcast website. On background computer or cybercrimes against healthcare providers, more of a hospitals, disabled computer networks holding them for ransom. Frequently for Bitcoin fee, the tax have been prevalent since at least two, thousand and ten. This past month however, universal health services with over four hundred locations. Over in the US suffered a cyber attack disabling it's company wide computer network causing some it's hospitals to revert to pen and paper recordkeeping also last month the first known death. Resulted from a ransomware attack in Germany when a patient did not survive transferred to another hospital. Though a twenty nineteen hhs report found between twenty, twelve and sixteen. Hospital deaths increased after ransomware attacks. Earlier this month covid nineteen VACs. A covid nineteen vaccine trial was delayed by more attack or at least one. Likely. The most costly ransomware attack was to the UK's national health service in seventeen that amounted to an estimated one, hundred, twenty, million in it costs and lost productivity. ransomware attacks are on the increase especially amongst small hospitals, particularly vulnerable to phishing attacks, lasting upwards of tumor weeks because of their lean or inadequate security support. As Josephine Wolf noted in October Seventeen New York Times editorial quote Unquote cybersecurity shortcomings in the healthcare sector needs to be addressed now. More than ever when medical care is increasingly being offered via remote online formats. In twenty twenty states introduced more than two hundred and eighty cybersecurity related bills enacting several related to task forces or commissions training. Cybersecurity insurance in criminal. Penalties. The US Senate and House passed seven cybersecurity bills whoever not specifically addressed the healthcare industry and none became law. With me again and discuss healthcare cybersecurity is synergise texts, CEO. COLLAB- Barlow so club with that. As background LET'S START WITH A. Primer Info. I've read these ransomware products. in part are. Titled or named Wannacry Laki Win Plock encrypt locker. Are some these known ransomware product. So my question is, how do these encrypt clinical data and to what effect? So. So basically, what happening if you look at ransomware incident is a you know a narrow will gets access to a network and that could be as simple as grabbing somebody's credentials. You know maybe you were on a retail site, use the same credentials you used at work that retail site was compromised and There are many locations on the dark web that will. Sell compromised credentials or could have been through a phishing attack once the bad guy is into the network then there's two primary things that they're looking to do first is to move laterally. They WANNA get as much access across the networks they can, and there are a variety of tools that they'll deploy. They will actually help them harvest additional credentials once they've got a beachhead. On, the network in addition to harvesting new credentials and kind of moving lateral or what we call lateral movement. The other thing that are going to do is to try to elevate their privilege. So going from maybe an administrator or you know a nurse and triage and maybe getting access to their credentials, they're going to try to work their way up to a network. Administrator or someone that controls access to the whole domain once they've been able to get in and move their tentacles around the organization, then they're going to deploy their payroll, which is one of several of the tools that you mentioned will allow them to then lock things up effectively what these tools, our cryptographic tools, and they basically take the entire hard drive at the device. Scramble it and lock it up with a cryptographic key. What we've seen of late is the bad guys oftentimes insert a new step just before scrambling data, locking it all up in that the exfiltrated lot of it, and they're using that to increase their chances of getting paid by potentially threatening to. The organization by releasing that data if they don't pay ransom. Okay. Thank you so. I in my reading. It's uncertain Saul. Asked you this question? What's your understanding? How frequently? Is this occurring in the healthcare sector? Oh, it's every day I mean literally every single day because you got to remember what you read about in the news is only a very small fraction of what's actually going on even though technically speaking ransomware incident is as far as I'm concerned reportable incident because you gotta remember if the bad guy had enough access to walk up your data, they had the same level of access needed to read the data and they actually in many cases had the same level access needed to change the data. So the problem is you've actually lost control of that system when you've had a ransomware incident. I. So that was that was a question I did have. Other than. Possibly, making this data public and you know healthcare data's is is is confidential proprietary, of course. What do they typically do this data other than hold it hostage? Well remember, this is a organized crime. It is a volume organization you're dealing with a human on the other end and that human is organized right. You're not the only target, their targeting dozens of organizations at the same time in many cases are teams of thirty individuals and you know there's a breakdown on that team there's a project manager of a boss. There's people that are responsible for getting access. There's people that are responsible for moving laterally people responsible for elevating credentials and people are responsible for negotiating. Once walked up system

Mr Biles Josephine Wolf Seventeen New York Times Wannacry Laki Bitcoin Barlow National Health Service HHS Collab Us Senate Tumor Germany David UK United States House Saul
"cybercrime" Discussed on The Healthcare Policy Podcast

The Healthcare Policy Podcast

04:28 min | 3 months ago

"cybercrime" Discussed on The Healthcare Policy Podcast

"On background computer or cybercrimes against healthcare providers, , more of a hospitals, , disabled computer networks holding them for ransom. . Frequently for Bitcoin fee, , the tax have been prevalent since at least two, , thousand and ten. . This past month however, , universal health services with over four hundred locations. . Over in the US suffered a cyber attack disabling it's company wide computer network causing some it's hospitals to revert to pen and paper recordkeeping also last month the first known death. . Resulted from a ransomware attack in Germany when a patient did not survive transferred to another hospital. . Though a twenty nineteen hhs report found between twenty, , twelve and sixteen. . Hospital deaths increased after ransomware attacks. . Earlier this month covid nineteen VACs. . A covid nineteen vaccine trial was delayed by more attack or at least one. . Likely. . The most costly ransomware attack was to the UK's national health service in seventeen that amounted to an estimated one, , hundred, , twenty, , million in it costs and lost productivity. . ransomware attacks are on the increase especially amongst small hospitals, , particularly vulnerable to phishing attacks, , lasting upwards of tumor weeks because of their lean or inadequate security support. . As Josephine Wolf noted in October Seventeen New York Times editorial quote Unquote cybersecurity shortcomings in the healthcare sector needs to be addressed now. . More than ever when medical care is increasingly being offered via remote online formats. . In twenty twenty states introduced more than two hundred and eighty cybersecurity related bills enacting several related to task forces or commissions training. . Cybersecurity insurance in criminal. . Penalties. . The US Senate and House passed seven cybersecurity bills whoever not specifically addressed the healthcare industry and none became law. . With me again and discuss healthcare cybersecurity is synergise texts, , CEO. . COLLAB- Barlow so <hes> club with that. . As background LET'S START WITH A. . Primer Info. . I've read these ransomware products. . <hes> in part are. . Titled or named Wannacry Laki Win Plock encrypt locker. . <hes>. . Are some these known ransomware product. . So my question is, , how do these encrypt clinical data and to what effect? ? So. So . basically, , what happening if you look at ransomware incident is a you know a narrow will gets access to a network and that could be as simple as grabbing somebody's credentials. . You know maybe you were on a retail site, , use the same credentials you used at work that retail site was compromised and <hes>. . There are many locations on the dark web that will. . Sell compromised credentials or could have been through a phishing attack once the bad guy is into the network then there's two primary things that they're looking to do first is to move laterally. . They WANNA get as much access across the networks they can, , and there are a variety of tools that they'll deploy. . They will actually help them harvest additional credentials once they've got a beachhead. . On, , the network in addition to harvesting new credentials and kind of moving lateral or what we call lateral movement. . The other thing that are going to do is to try to elevate their privilege. . So going from maybe an administrator or you know a nurse and triage and maybe getting access to their credentials, , they're going to try to work their way up to a network. . Administrator or someone that controls access to the whole domain once they've been able to get in and move their tentacles around the organization, , then they're going to deploy their payroll, , which is one of several of the tools that you mentioned will allow them to then lock things up effectively what these tools, , our cryptographic tools, , and they basically take the entire hard drive at the device. . Scramble it and lock it up with a cryptographic key. . What we've seen of late is the bad guys oftentimes insert a new step just before scrambling data, , locking it all up in that the exfiltrated lot of it, , and they're using that to increase their chances of getting paid by potentially threatening to. . The organization by releasing that data if they don't pay ransom. .

Collab- Barlow CEO Synergistic David Cosso David David Intra Cosso policy analyst US Senate Mr Biles CEO US Josephine Wolf New York Times UK Germany House
Caleb Barlow Discusses Healthcare Industry Ransomware Attacks and Measures to Prevent Cybercrimes

The Healthcare Policy Podcast

04:28 min | 3 months ago

Caleb Barlow Discusses Healthcare Industry Ransomware Attacks and Measures to Prevent Cybercrimes

"On background computer or cybercrimes against healthcare providers, more of a hospitals, disabled computer networks holding them for ransom. Frequently for Bitcoin fee, the tax have been prevalent since at least two, thousand and ten. This past month however, universal health services with over four hundred locations. Over in the US suffered a cyber attack disabling it's company wide computer network causing some it's hospitals to revert to pen and paper recordkeeping also last month the first known death. Resulted from a ransomware attack in Germany when a patient did not survive transferred to another hospital. Though a twenty nineteen hhs report found between twenty, twelve and sixteen. Hospital deaths increased after ransomware attacks. Earlier this month covid nineteen VACs. A covid nineteen vaccine trial was delayed by more attack or at least one. Likely. The most costly ransomware attack was to the UK's national health service in seventeen that amounted to an estimated one, hundred, twenty, million in it costs and lost productivity. ransomware attacks are on the increase especially amongst small hospitals, particularly vulnerable to phishing attacks, lasting upwards of tumor weeks because of their lean or inadequate security support. As Josephine Wolf noted in October Seventeen New York Times editorial quote Unquote cybersecurity shortcomings in the healthcare sector needs to be addressed now. More than ever when medical care is increasingly being offered via remote online formats. In twenty twenty states introduced more than two hundred and eighty cybersecurity related bills enacting several related to task forces or commissions training. Cybersecurity insurance in criminal. Penalties. The US Senate and House passed seven cybersecurity bills whoever not specifically addressed the healthcare industry and none became law. With me again and discuss healthcare cybersecurity is synergise texts, CEO. COLLAB- Barlow so club with that. As background LET'S START WITH A. Primer Info. I've read these ransomware products. in part are. Titled or named Wannacry Laki Win Plock encrypt locker. Are some these known ransomware product. So my question is, how do these encrypt clinical data and to what effect? So. So basically, what happening if you look at ransomware incident is a you know a narrow will gets access to a network and that could be as simple as grabbing somebody's credentials. You know maybe you were on a retail site, use the same credentials you used at work that retail site was compromised and There are many locations on the dark web that will. Sell compromised credentials or could have been through a phishing attack once the bad guy is into the network then there's two primary things that they're looking to do first is to move laterally. They WANNA get as much access across the networks they can, and there are a variety of tools that they'll deploy. They will actually help them harvest additional credentials once they've got a beachhead. On, the network in addition to harvesting new credentials and kind of moving lateral or what we call lateral movement. The other thing that are going to do is to try to elevate their privilege. So going from maybe an administrator or you know a nurse and triage and maybe getting access to their credentials, they're going to try to work their way up to a network. Administrator or someone that controls access to the whole domain once they've been able to get in and move their tentacles around the organization, then they're going to deploy their payroll, which is one of several of the tools that you mentioned will allow them to then lock things up effectively what these tools, our cryptographic tools, and they basically take the entire hard drive at the device. Scramble it and lock it up with a cryptographic key. What we've seen of late is the bad guys oftentimes insert a new step just before scrambling data, locking it all up in that the exfiltrated lot of it, and they're using that to increase their chances of getting paid by potentially threatening to. The organization by releasing that data if they don't pay ransom.

Administrator United States Us Senate Wannacry Laki New York Times Josephine Wolf UK Germany CEO House
Microsoft takes action to combat ransomware

Dennis Prager

00:38 sec | 3 months ago

Microsoft takes action to combat ransomware

"Goes to court in a bid to disrupt a major cyber crime network. Microsoft has taken legal action in an attempt to take down a major cybercrime digital network that uses more than one million zombie computers to loot bank accounts and spread. Ransomware. Microsoft says it obtained a federal court order in Virginia last week by arguing the crime network that uses an infrastructure known as Trick pot is abusing its trademark. Microsoft thus hopes to persuade Internet providers to take down the botnet servers on Friday. Washington Post reported. The U. S Military Cyber Command launched direct attacks against trick bought last month, but the effort was unsuccessful. I might

Microsoft U. S Military Cyber Command Washington Post Virginia
Social media censorship in Egypt targets women on TikTok

The Takeaway

06:27 min | 4 months ago

Social media censorship in Egypt targets women on TikTok

"Has its sights on tick talk. It's cracking down on users arresting and charging a group of women with a range of tic tac enabled crimes from harming family values to inciting prostitution. Reporter Jod reporter Dad, Kaleel has our story. At least nine women have been arrested for their tic tac videos. But if you look through their accounts, it's hard to see why. And focus most ofit here. There's Henning has, um, talking about the story of Venus and Adonis and Adela doing what social Media influencers do Giveaway iPhones life living room doing, But mostly the accounts of the Egyptian women who's been arrested and jailed are full of dancing to Arabic pop songs in that tic tac style feet, planted emoting with your eyebrows and gesticulating. What they're doing is basically what everyone as 1000 social media, just singing and dancing and Andi thing and nothing as if you would dance. In Egyptian wedding. For example, some of Husaini is with the International Service for Human Rights based in Geneva, Switzerland. She says. What distinguishes this group of Egyptians is that they're from working class or middle class backgrounds and that their women or girls, you have social media influencers who come for a teeth, backgrounds or upper middle class or rich classes and injured who would post the same type of content. But would not be targeted because that is sort of permitted within their social class. But why these women are working class women they and they have stepped out of what is permitted for them because they were dancing and singing on tech talk. They were charged under a cyber crime law passed in 2018 Yes, Mean Omar, A researcher at the top here Institute for Middle East Policy in Washington, says that the law is vague when it comes to defining what's legal. And what isn't. It was written using very broad terms that could be very widely interpreted and criminalizing a lot of acts that are Originally considered as personal freedom. Looking at it. You would see that anything you might post on social media. Anything that you may use, the Internet could be criminalized under this very wide umbrella. Egypt cybercrime laws, part of a larger effort by the government to increase surveillance of online activities as Tic TAC became more popular during the pandemic. Prosecutors started looking there too, says Omar. The state is simply arresting whoever says anything that criticizes its policy its laws. It's practices, even if it's just joking. It's not even allowed. But this isn't just about political dissent. Yes, mean Omar points. In the case of mental Abdel Aziz, a 17 year old. One day men made a live video on Facebook. She had her face awfully bruised, and she was stating that she was raped. And she was asking for help. The police asked me to come in. When she did, Omar says they looked at her tech talk account and decided she was inciting debauchery and harming family values in Egypt. Over the summer, There was a series of rape and sexual assault accusations by Egyptian women. They got a lot of attention. One case was against a group of well connected men. Women in Egypt were shocked but not surprised by what they were seeing online, says someone who's Amy in Egypt. Sexual violence on violence in this woman is systematic is part ofthe daily life off of women and to be sexually harass women are often discouraged from reporting sexual harassment in Egypt. So when prosecutors started investigating the accused in that high profile case, it looked like a real progress. The state run National Council for Women even encourage victims and witnesses to come forward. Oh, yes mean, Omar says it did not go well. Somehow, the prosecution decided to a charge the witnesses once again. Egyptian authorities looked at women's social media accounts and then investigated the women for promoting homosexuality, drug use, inciting debauchery and publishing false news. Omar says one of the witnesses who was arrested is an American citizen. All these information were used against them and then pro state media how let's wait in. Husseini says that when they profile the women in the TIC tac case, the message was clear. You have the Egyptian me they're basically, you know, really sensational headlines, Putting the photos off the women Not not not blurred using, you know, focus that have sex it Ian, for example, while using their names, publishing the investigations that are supposed to be confidential. Social media has played an important role in Egyptian politics. In 2011 crowds toppled the regime of military dictator Hosni Mubarak. That uprising was in part organized online with Twitter and Facebook. In 2018, the former Army general and current President, Abdel Fattah el Sisi swore he would maintain stability in Egypt must You said whatever happened in 2011 is never going to happen again. Samir Shehadeh of the University of Oklahoma, says Egypt's military backed regime is wary of the implications of anything posted online, even if its just dancing I think there has been heightened paranoia as a result of hysteria, in fact, by subsequent regimes, particularly the current regime, the Sisi regime About the possible political consequences of social media. And there's a tremendous amount of policing a Facebook and other types of social media and now tic tac. Although this is not apparently an overtly political, I think that they certainly have those kinds of concerns in the back of their mind as well. Of the nine women, Four have been convicted and three have appeals in October. Menon Abdelaziz, the 17 year old, who called for help online was just released from detainment Wednesday and is being dismissed with no charges. For the world. I'm Jagga Khalil.

Egypt Tic Tac Omar Facebook National Council For Women Reporter Abdel Aziz Prostitution International Service For Huma Hosni Mubarak Kaleel Institute For Middle East Poli Jagga Khalil Menon Abdelaziz Geneva Switzerland Husaini
Russian Tries to Hack Tesla

Security Now

07:20 min | 5 months ago

Russian Tries to Hack Tesla

"Almost A. state-sponsored spy story we have something that really happened. And I tease this by quoting our friend Marcus hutchins twitter reaction upon learning of it just to remind everyone marcus is the well known security researcher and reformed cybercrime hacker. You know he actually reformed in his teenage years, but the FBI didn't forgive him for that and of course, as we know his future became uncertain when the FBI grabbed him. In Las Vegas is Logan Airport as he was departing or a preparing to depart for from the US for his home in the UK, following the annual black hat and DEFCON conferences. Well last Thursday. Reacting on twitter to the news of this story which had just broken marcus quite correctly observed he tweeted quote one of the benefits of cybercrime. Is Criminals don't have to expose themselves to unnecessary risk by conducting business in person. Flying into the US Jewish diction to have mel wear manually installed on a company's network is absolutely insane. Unquote. Okay. So what was all that about? A TWENTY-SEVEN-YEAR-OLD RUSSIAN NATIONAL By the name of or. Igla, rich. Crutch. Nikolov. Traveled to the US an attempted to subvert and bribe an employee working at Tesla corporations massive Nevada based gigafactory. Eager. Ultimately agreed to pay the employees one million dollars to plant malware inside Tesla's. Internal Network. The. Good news is the employees reported the offer. To his employer Tesla and then worked with the FBI to build an airtight case and to set up a sting which included having him covertly record face to face meetings. Discussing this, Russian the twenty-seven-year-old Russians proposal in their complaint which followed Egos, arrest and arraignment wit last Tuesday the prosecutors wrote. The purpose of the conspiracy was to recruit an employee of a company to Syrup Tissue, transmit malware provided by the CO conspirators into the company's computer system. EXFILTRATION data from the company's network and threatened to disclose the data online unless the company paid the CO conspirators ransom demand. The complaint said that the malware would be custom developed. Propagate through the company's network. For it to work the group said, it needed the employees to provide information about the employers, network authorizations and network procedures. Correct correct Yakubov said, the malware would be transmitted either by inserting a usb drive into a company computer or clicking on an email attachment containing malware. Ebor explained the infecting computer would have to run continuously for six to eight hours for the malware to move fully through the network. To distract network personnel, a first stage of the malware would perform a denial of service attack while a second stage performed the data exfiltration. When the complaint was initially unsealed last Tuesday the identities of all parties was still confidential being identified only as company A, and C H s one which is their abbreviation for confidential human source number one that is the employees. But last Thursday Elon Musk confirmed that yes. Indeed it was his company that was the target of this whole operation. The charging document with was filed in federal court in Nevada detailed and extensive end determined attempt to infect. Tesla's network the defendant again twenty-seven-year-old Eager E- Gore Vich. Crush Cov allegedly traveled from Russia to Nevada and then met with the unnamed employees on multiple occasions. When Eagles initial five hundred thousand dollar bid failed to clinch the deal. The defendant doubled the offer to one million dollars according to the complaint Crutch Kav wined and dined and boozed up the employees and when discussing especially sensitive details conducted conversations in cars. When FBI agents couldn't conduct physical surveillance in restaurants or bars, the employees recorded them. One meeting occurred on August seventh in a car crutch Cov had rented referring to the employees again as C. H. S. One, the prosecutors described that. Seventh meeting as follows they said during this meeting which the FBI had consensually recorded. Crutch Cov reiterated some of the details of the criminal activity previously proposed to. C.. H.. S. One. Credit Yakubov described the malware attack as he did before. Adding that the first part of the attack, a De dos would be successful for the group in quotes but the victim companies security officers would think the attack had failed. Crutch COBB A and here's some news again listed prior companies this group had targeted. Crutch. Cobb stated each of these targeted companies had a person working at those companies who installed malware on behalf of the group. To ease, C.. H. S ones concerns about getting caught. Crutch Cov claimed the oldest project the group had worked on took place three and a half years ago and the group's Co op de still worked for the company.

Crutch Cov FBI Tesla Marcus Hutchins United States Nevada Crutch Kav Yakubov Twitter Las Vegas Logan Airport Elon Musk Researcher UK Cobb Syrup Tissue Ebor
Getting into security architecture: Careers, skills and ransomware

Cyber Work

05:30 min | 5 months ago

Getting into security architecture: Careers, skills and ransomware

"I Wanted to talk to you today about because you know cyber work. The big push here is helping people to get started in cybersecurity and who don't necessarily know where to start or don't know what the next steps are in their career. So for listeners who might think you're fresh out of college I WANNA point out that you've been working insecurity for some time between undergraduate studies in recent master's degree. So I guess what I wanted to know, what are you? What were you specifically trying to achieve getting your? Computer Science from Michigan State you know before returning back to the business. sector. So there's a strong strong analytical competent. That is an integral part of any doctoral degree I began my PhD with the objective of owning my critical thinking skills and exploring the truth death of certain areas insecurity because as we know. So we will looked at the ten domains, of CIS SPN that's it. It's everywhere from physical security to cryptography and everything in between your network and I was doing that for for a long time and. It came to a point where I wanted to really truly understand something in depth to the point where you know I could get a PhD in in that area. So so that that that was definitely a motivation motivating factor for me going in. Do you have a sense of how you know the the addition of a PhD like this has has changed job prospects I mean obviously you're using Motorola but like like what what sort of doors does does a graduate level degree like this open for Cybersecurity I personal? Right, so that's a great. in terms of career prospects, it definitely opens up more research opportunities both in academia and industry. Right. Some research opportunities and industry will explicitly ask for a PhD So so it definitely opens those doors talking about industry in particular There are. There are few opposite like I said, there is a few doors that opened up right away. I could have definitely been. I could have definitely been a security architect without getting a PhD but the benefit is more intangible in that. There's elements of my PhD that prepared me for my role today. And allowed a smooth transition. into security architecture all as. You know. Because I play the role of. A playboy tactical and strategist role during my During my work as a security architect and especially the strategic part of the PSG definitely helps them. Okay. So you you mentioned that this is a pre specifically useful thing if you're going to go into a research capacity, is this something that you're looking to pursue as well? Are you looking to because I? Believe you're your emphasis was on ransomware are you are you doing sort of ransomware SORTA research level study of things ransomware right now? Yeah definitely that's a competent of my work and even at Motorola solutions on preparing I'm pursuing them up and so for example, if you know one thing that comes to mind that a PhD would directly help you in in an industry is like if you contributing to. If. You're if you're making if you're. Generating Patent applications that process is very similar to writing for Scientific Journal. So that's something that comes to mind right away that helps me aware PhD helps me in In the industry. Okay. So when we spoke earlier and I just mentioned it just now you said that that ransomware is probably the main focus of your study I believe. So could you tell me a little bit about what you learned about ransomware in this academic context and you know how deeply gone into this topic and what was your specialized area within ransomware? There's a certain aspect of it that really sort of attracted you. So speaking in the. Context is a lot of new things I learned One of them is actually funny. YOU SPEAK OF ACADEMY CONTEXT IN IN ONE thousand nine hundred thousand academy paper. Out in Tripoli Conference where which talked about where where the authors young young talked about crypto viruses that will deploy cryptographic libraries on on hose to perform unauthorized encryption and demand a ransom. In order to provide you with the decryption key. So they predicted the whole thing, one, thousand six, and this wasn't a ransomware in really start to grow around untold to five thousand six as when it started to. Grow. But so so that's always interesting is when when a academy predict some of these things I hadn't time. Reading about it in the academy context, I, notice that there's papers that have done studies on on large samples of ransomware discovered, for example, that ninety two percent of them are not affected right? Because cryptography is hard and and cybercriminals make mistakes all the time and a lot of the times they're scare where where they lock your screen expect you to pay the. Money when they haven't really done any encryption in the background So if you take away all of that fluff, then the h percent are the truly troubling ones and so there's a lot of noise in the cybercrime underground and you know we we get this. We get into this mode of thinking that Cybercriminals have descended from the heavens in terms of their. Skills but but that's not true. You know they make a lot of mistakes

Ransomware Security Architect Motorola Motorola Solutions Michigan Scientific Journal Playboy Tripoli
CK Goldiing explores 'telephobia'

podnews

03:01 min | 5 months ago

CK Goldiing explores 'telephobia'

"You afraid of having to make a phone call that something called telephone. And a podcast in the UK has exploited by ringing people at random. The worry about it later podcast is hosted by CK golden and we linked to it today American public media and revolve podcast serve announced their to make spanish-language podcasts brains on NS. Spaniel will be their first release press release says it'll be available exclusively on a major podcast platform that will be announced this fall. Wonder if that begins with A. Toast fireside has launched the fireside pro plan, which they described as a plan for podcasters who are becoming serious about their show. The plan includes a number of collaboration features and enhanced analytics. Acosta's launched a feature allowing listeners to rates podcasts in the CAST APP. Since launching this month, people have left more than forty five thousand in-app ratings for nine thousand different shows. podcast down online takes place on October twenty, six virtual version of the popular across Europe podcast event speakers include lawn. Woods from Ear Hassle Julie Shapiro from Radio Topa Steve Pratt from Pacific content and me if you want money off and there's a special code in our show notes newsletter today if you like free promotion to your podcast, International Podcast Day two, thousand twenty is on September Thirtieth Hannah's a gold sponsor podiums wants to showcase your show. During this session, we linked to more honoring the best of the European incident. The lovey awards are still open for entries. If you thought you'd miss. The opportunity to enter their eleven new podcast categories they've a grace period until the twenty fifth of September spotify has announced its latest content deal with quotes, the Internet's longtime favorite comedic personalities and fashion and lifestyle icons. Ricky Thompson and Denzel Dion for an upcoming podcast series influences apparently lemon artem media switching from Westwood one two stitches midriff AD sales westwood one has picked up inside of you a podcast with small actor, Michael Rosenbaum, and the economist posts in this week's issue that podcasting provides a space for free thought in China we linked to that today to from our show notes and Dr. Newsletter. And Cost News pop culture happy hour NPR's entertainments and pop culture round table podcast is to go daily later this year and announced a fourth co host Asia Harris. and. Worldwide we so dependent on our phones, our computers and the Internet. What happens when you don't protect yourself online criminal domain a new podcast from ample talking to victims of cybercrime in podcast con presented by. Norton lifelock

Dr. Newsletter Steve Pratt UK Ck Golden Europe Acosta Spotify Ricky Thompson NPR Michael Rosenbaum Westwood Hannah Artem Woods Denzel Dion Podcasting Asia Harris. Julie Shapiro
Iranian wannabes successfully use Dharma ransomware against soft targets

The CyberWire

01:09 min | 5 months ago

Iranian wannabes successfully use Dharma ransomware against soft targets

"I reports that a new and inexperienced group of hackers from Iran are using Dharma ransomware against easily attack businesses in Russia India China, and Japan. They're groner's in group IB's description and bleeping computer calls them low skilled using commodity tools and well-worn approaches, but they've been successful nonetheless, they use mass scan to look for organizations with Internet, facing RDP and week credentials. Again Group I. be thinks their collection of noobs buying ransomware as a service to grab the easy pickings. Indifferently protected enterprises offer even noobs gifters and skids. The group's emergence is noteworthy group. I thinks because it suggests that Iran like other aggressive cyber powers now harbors and underworld of financially motivated cybercriminals. Russian. Cyber gangs have long operated at the sufferance and under the close scrutiny of the security services Chinese government hackers are widely believed to be allowed to moonlight with some cybercrime after the factory whistle blows but this is a relatively new development for Iran.

Iran Groner Russia India China IB Japan
Cyber Safety, How to keep your identity protected using mindfulness and practical tactics

Core Confidence Life

07:11 min | 6 months ago

Cyber Safety, How to keep your identity protected using mindfulness and practical tactics

"How you doing Sandra? Hi. How are you doing? Thank you for having been your show. So, matty here. Right absolutely. So we're talking today about identity and cyber. Theft here. So give us a little bit idea on what that's about what does identity theft what is cyber theft? What does all that stuff? Of course? Let me start why I started. Niger, any may be. Definitely will get into into whether they cybersecurity are cybercrime or identity out. That okay with you. Sure. So I was returning a many many years ago I was returning from these things. Colombian. So I mean, the plane were landing in Miami and the pound announces that Homeland Security. Were boarding the plane. I course to ask for a handed to the to the agent and at the time I, head out these. It was relocated recently to the US. Ns I had my passport to the agents. then. He's next thing I know I'm the only one that being score of the plane by the two officers. And enthroning to the room you the. Famous rooms. that. Are In airports in I, don't know what's happening. Out. I'm about to connecting fighting my husband's waiting for Chico. So ten hours later and handed back my passport and is revoked. Few weeks later I mean Venezuela my native country and I'm trying to process my. Mom to processing again, you sign I had a lot of support from Maya Turks from my former employer journey. So we are in to again and. It was interesting officials. They kept asking me about China. Why we're doing China. China who is your contact? Like I never been in China. beating know what they were talking about. Some how when? S Model China go to hold of my information and was smuggling women into the US using my identity. Yes. So humid slate, you know everything I convinced, of course, a smuggler I gave my new visa and a back home two weeks later and returning from Euro my job requirement to travel a lot. And as we are going to. Control. I. Give My passport booth. I'm right back into that room. Because I have to. The, real me over and over that for six years. Yeah. So when I going everything was Chinese I. Mean it was really crazy at nobody wanted to travel with me a united in my almost wanted to travel with me. and. Finally. made the citizenship, my aspirin I changed my. Everything Courses Okay and at the time I was working tonight not. Having in the industry for over Twenty Years Community? It non no it was identity. It was not in the news. He was not like every day right now at breach or cyber drive or this or that. Back back in that day in that time, it wasn't so I couldn't make the connection. So few years later, I changed my career and I join cybersecurity cybersecurity? Area. Industry. And I realized what happened to me, and what happened you know when someone takes your identity with Tony, personage you for their gate. and. You know eat my corporate career I did that I? was very passionate about. Training and education awareness and Allison Park job that I enjoy the most. So I wanted to Redo it at a bigger scale as I left my corporate all by did your original question about what is at Know when stolen takes something from you. And wince when they break into your life, and that can be very dramatic experience and it can be for many reasons financial reasons it could be for. Someone inside your company that has. Either made a mistake or by attention. Jober that is you and ninety. Attack you could be for like in my case, there was a vying for for that criminal to have my identity so he can use it for him. So there are many life happens. It's It goes on all the time. We don't always hear about identity theft on the news I might do commercials about it. You know when the advertising different products, but it's something that a lot of us don't even really hear about. So how does that happen? How does someone? Get your information. So you can happen. Through many different things that can happen through your social media, it can happen through your email can happen through when you give out your credit card in a restaurant. It could happen when when when you ride formation with with a doctor. Often, office I mean, there are so many ways. Jury information can be obtained. We share a lot in social media share. Many different things. That are personal and that that is one thing that can use. Of you do that. You know sometimes we don't hear the news a lot about identity issue i. think we should do a because there's a new victim, every two seconds. A new victim I mean someone right now? has just being victim of identity DOPP and there's different decrease appointed. You know sometimes we someone let's say takes your credit car. And data charges in your credit card and probably most have had situation and the bank context you. Just have to get a new credit car. Scare of it. So it's a degree of identity theft is in the financial. Hesitation of identity theft, but it is. Your credit car on and bought things on your behalf. But it wasn't as faithful as many other situations are obviously. More were personnel or or moines more invasive.

China Theft Matty United States Sandra Niger Aspirin Miami Chico Venezuela Allison Park Tony
Top UN official warned of cybercrime spike during pandemic

Larry Elder

00:16 sec | 6 months ago

Top UN official warned of cybercrime spike during pandemic

"United Nations counterterrorism chief says a 350% increase in fishing websites has occurred in the first quarter of the year, many targeting hospitals and health care systems. And hindering responses to the cove it 19 pandemic have a

United Nations
Twitter Hackers Arrested

Security Now

06:45 min | 6 months ago

Twitter Hackers Arrested

"We have learned more about who's behind who is believed to be behind the twitter hack. And you know not some four. Powerful state-sponsored cybercrime gang, just A. we believe a seventeen year. Old Kid His name is all over the tech press. I heard you not wanting to say it on on, Mac. Breglio. So but I do have it in the show notes. To find it I mean. Yeah. You know I come from the School of journalism where you don't say the names of miners were accused of crimes, but apparently nobody else does that. So the AD the local Florida news channel. WFL talks Tim right away. They outed him as Graham Clark from Tampa Bay Florida. We. So they also. Suitably creepy, picture. Of Him. I know in fact in fact before. I reduced in size I. Actually had in the show notes. He looks a little bit like spock at so. got kind of a pointed ear. Is Little bit creepy. And, it's interesting too that his nick is Kirk. So Oh, maybe. Two Years Yeah. So Anyway the the the sad thing is this guy's life is now seriously sparked up. Yeah. He's been charged with felonies relating to computer communications and organized fraud for scamming hundreds of people using compromised account according to a press release from Hillsborough State Attorney. Andrew Warren's office. This guy Grab Clark. Now. Faces Thirty Felony Charges? So we have one count of organized fraud involving more than fifty thousand dollars, seventeen counts of communications, fraud of over three hundred dollars. One count of fraudulent use personal information. For an amount over one, hundred, thousand dollars or thirty or more victims. Ten counts of fraudulent use personal information and one count access to computer or electronic devices without authority and scheming to defraud. So in total thirty counts of felony charges, all of those felonies. So I mean I do feel like unfortunately, there's there's sort of a bit of. overreaction I, I, mean I get it that. This was not good and certainly that the law enforcement wants to send a message like don't do this even if you can Initially, the the initial announcement didn't indicate whether Clark had any partners in crime, but a few hours after the press conference announcement, the world learned that the US. DOJ had also filed charges against two other suspects believed to have helped Clark in this hack. The first of those was identified as Mason Shepherd who who's known as chair Juan nineteen years old living in Bognar Regis in the UK and the other is identified as Nima Fazackerley. Also known as Rolex twenty, two year, old residing in Orlando Florida. The US Attorney Anderson said there is a false belief within the criminal hacker community that attacks like the twitter hack can be perpetrated anonymously and without consequence today's charging announcement demonstrates thus I think an example has been meeting is being made. That, the elation of nefarious hacking into a secure environment for fun or profit will be short lived. Criminal conduct over the Internet may feel stealthy to the people who perpetrated, but there's nothing stealthy about it. In particular. He said, I want to say to would be offenders break the law Ed. We will find you please. So exactly the kind of thing hackers go. knows. That's GonNa, really scare me, I remember when I was a teenager. And in Fact Leo, did this did I? You know I was always a good kid. But oh, to be seventeen and have done Brazi network in front of me. Yeah. Yeah. Twitter early, fairly clever. Because, well, go ahead because it the way did it was kind of kind of interesting. Yeah. So for their part twitter disclosed a bit more about the nature of the attacks. They said that the that the phone based social engineering attack allowed the attackers to obtain the credentials of a limited set of employees, which then made it possible to gain access to twitter's internal. Internal Network and support tools although not all of those employees were who are initially targeted had permissions to use account management tools. The attackers you know apparently, just actually just Graham was able to use their credentials to then access twitter's internal systems and gain information about twitter's processes that expanded knowledge then enabled the attackers to target additional employees who did have access to twitter's privileged account support tools. Reuters also had reported something that I had not seen elsewhere, which was that as of Earlier. This year. More than a thousand twitter employees and contractors had access to twitter's in tools and could change user account settings in hand control over to others a thousand. And this was a key. To former twitter employees. Well as we know such widespread access makes it difficult if not impossible to defend against the sort of hacking that occurred.

Twitter Graham Clark School Of Journalism TIM Florida Andrew Warren Reuters DOJ Spock Brazi Us Attorney Tampa Bay Florida Orlando Florida United States Kirk Hillsborough State Attorney Nima Fazackerley
"cybercrime" Discussed on a16z

a16z

04:12 min | 6 months ago

"cybercrime" Discussed on a16z

"Hi and welcome to the Sixteen Z podcast. I'm Hannah this conversation is all about the business of cybercrime and is a rerun of one of our popular episodes on security from last year. The episode with Jolie Garza Operating Partner of information security at age, sixteen Z and former C. so at box myself and Jonathan Lewis Taus director of the human cybercriminals project at the University of Oxford is all about how these cybercrime organizations function who is behind them? And what changes when we begin to understand cybercrime as an industry for the latest on what's happening insecurity as well as tips for securing yourself, please visit a sixteen.

Jolie Garza Jonathan Lewis Taus Hannah Operating Partner University of Oxford director
"cybercrime" Discussed on Smashing Security

Smashing Security

08:33 min | 1 year ago

"cybercrime" Discussed on Smashing Security

"Dot com forward slash smashing on what the show. And we'll come back you. The favorite part of the show the part of the show that we let cool pick of the week picking the week is the part of the show everyone cheese the same. They like to be a funny story a book they've read a TV show a movie a record a podcast a website or an APP. Whatever they wish doesn't have to be security related not necessarily sure and mine is not security related necessarily There was the other night in the bath thinking how nineteen myself so dull here with my loofah. And oh I I've seen my wife has left the IPAD within reach. I thought I wonder what I could. Prompt could pull that up somewhere and if I can watch electronics again don't worry about it. It's absolutely safe. I'm sure anyway so I propped it up at the end of the ball and I went onto Amazon prime and I went back in time once again because I am quite nostalgie. kyw remembered being a twelve year old boy watching a BBC TV show. Oh from the late nineteen seventies early nineteen ninety one thousand nine hundred eighty s cooled the master game the master game the mouse decay and this. This was a BBC to show. I think it was and there is one series the sixth series which is available to view for free on Amazon prime. You don't and if the pay on some of them you have to pay but on this one you can watch the entire series for free and it stars fifteen year old deep purple Fan Nigel short and if that isn't enough of a clue as to what this TV show is about. It's about chess and yes. It is an innovative TV show. I absolutely loved it at the time because what they would do is they would pit to international masters or two grandmasters against steetch other and as they were playing you would actually get their internal commentary from the play themselves as though they were planet so that go or what to to do interesting. That's a very sensible movie has made the is this like a voiceover or as they watch their moves. It's exactly they watch it afterwards and they. He acted as though they're playing it. I think of how much s live he is in a move and and it's fantastic. I love it because it's so rare to get that kind of insight from people who are actually playing. It was very innovative. It's time because of course they didn't have computer graphics. Excuse because everyone is willing to give commentary every single thing they do yes but this is both parties on a game and it was presented when flee and one of the presenters. The commentator is a chap called Bill Halston. I have to say way when twelve bill. Johnston was a bit of a hero for me. Might me a bit of my dad so softly spoken sort of Nice Chap and like bill cosby right. Well nine nine. Oh Boy Yeah Bill. Hudson is one of the people who occasionally appears on the screen cokes. Coca box is a TV show where basically film people sat in a SOFA watching TV and and responding to TV real. That is what it is that is quite and we're bill. Hudson is one of those people and so he's also and I remember watching Gogo but once and I thought Spill Austin chessmaster fantastic very exciting for me so I would recommend if you have any interesting chess by now I probably lost you. Few aren't interested at all. Then go and check out the master game on Amazon prime and you can also see some clips on Youtube as well and that is why it is my pick of the week. Lisa pretty cool. This is pretty cool. Lisa what is your pick of the week so anyone who knows me will know that this is obviously going to be a little bit dark because starts helical so mine is an APP. It's a game that I've recently become addicted to and it's called plague Yup from this point and basically it's a bit weird but it's game where you have to design a bioweapon virus bacteria that's that's GonNa kill off every single member of the human race and it's really really difficult because the damn humans. He working on Curios US though isolated they close airports. They put shipping ports. And you have to get around it and it's really difficult. You're teaching teaching the machines. How to kill us? Yeah in future. You're all the data crate thanks. Lisa virus will mutate. And it's you know you just go to like sneak in effect. Everyone if you kill him off too soon the infect other peop- I waste so many hours traveling playing killing humans. Basically a is what I do. So did you. Are you playing the same game or you have to start again. Jr they suddenly win and you have to go back to the beginning. Yes like if they win. It's over if they don't then you've got to see how fast you can kill. Everybody off basically. Have you beaten the people. Oh yeah several proteins. Yeah pretty proud of my chievements I can. I love the premise of it. I love how they flipped it on. Its head so you're not protecting humanity but going after them. Yeah it's really annoying when they start using hand sanitizer. Okay okay. I'm actually GONNA I'M GONNA check this out check play and it's available for IOS and android and maybe some of the platforms will actually hunt on their website. Right now. Looks like it's Even board game version of it for those Christmas memories. I think I might do that. Good bomb boom. That's what I'll do a bite from my died. What's your pick so some of you know? I've been trying to get better at art. It yeah and it turns out that more often than not Something comes up particularly badly. Not at all what I had in mind. It's really frustrating. And I don't WanNa do it anymore and in those times. I have taken to watching old art documentaries on the Youtube and there are few wonderful compilations which I will share share in the show notes on. Yes meshing security webpage at. We're talking hundreds of hours. Intelligent thought provoking insightful. Interesting things into artists or art movements or techniques or scandals I was recently watching one called the great contemporary art bubble. It's the BBC documentary twenty seventeen And this is Damien Hirst and how he was at the center of the art bubble because there was this gallery called the White Cube in London and they would occasionally come. We've got a brand new Damien Hirst and it's valued at five hundred million you know and have an auction around that but it turned out that someone had leaked their inventory and price list and they had had hundreds or even thousands of hers in the bathroom and they had all the prices written down so in other words they were controlling the supply and demand of the art works to keep by keeping keeping them scarce and what is Damien Hirst ended up doing he decides to hold his own auction of the works. He still owns right so this could undercut the gallery but one of the gallery supposed to do. If they don't support him then his work might get undervalued. Sell them for a few thousand but if they do support deport him they don't get to see any of the money returned because he owns the whole auction facet nate ting. Check it out. I will have a bunch of show notes of different youtube compilations and few shows I found fantastic and If you're into art or artists or Francis Bacon crazy creasing racing yeah anyway go check it out. That's my pick of the week sounds excellent. Yeah well that just about wraps it up for this show Lisa. I'm sure so. Lots of listeners would love to fully online find out more. What's the best way for folks to do that? yet twitter I'm at least forty. UK check me out and obviously nicotine in as well and then I'm just around. Catch you on the flip side. Yeah tell me how tell me how quickly you an IRA humanity on. And then I can judge. Yeah Okay Okay well and.

"cybercrime" Discussed on Smashing Security

Smashing Security

01:30 min | 1 year ago

"cybercrime" Discussed on Smashing Security

"Crisis is a very good Measure of something someone. You want to invest in now. What's the damage to uber now? Are they being punished. I it's very interesting. So the F. T. C. placed Uber under strict Security Audit K.. The U. K.. Find Uber just just shy of four hundred thousand pounds so at six hundred thousand dollars and the Netherlands Charged six hundred thousand euros and end and there was one hundred forty eight million dollar Fine for a class action lawsuit right. This was a settlement for that so all that together together still for a company reaching three billion in revenue is a tiny tiny tap on the nose rather than a smart slap on the choppers. It's about the same amount it would cost me to get an uber to Edinburgh or something like that. I expect its return trip. It's funny because right all these fines. These these money goes to government agencies. And wouldn't it be great if somehow affected users got that as a tax break if they so they get the money. And you're like oh well. You were a uber user. You can get you know one hundred and forty quid off your this year's taxes that might incur. Yeah Yeah Okay if anyone saw an election Okay.

"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

03:09 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"And this is changed the way that cyber crime occurs. So remain is I've seen the EU. There's a lot more opportunities in terms of the ability of Romanians to move and to work in different places in the u n also feather abroad, and we've also seen I think Bucharest develop is a little bit of tick startup hub. And there's a lot of I think quite. Exciting companies emerging out of Romania and that if you look at the nature vermillion cybercrime. I mentioned earlier they famous for fraud. They're not actually famous for hacking offer Maui, and I think one of the reasons for that is that the talent pool that could be involved in that type of activity is actually legitimately employed. And so I think remain ears. An example that suggests this is something that could work certainly taking the more technical plays out and said not many people doing what you should be doing. What do you think of the strategies being employed, by international law enforcement in the moment? I feel like the number of extradition notices and things it's going out. But we still talking about handfuls, the cybercriminals. It's obviously big challenge. And I mean, I've talked to many many learn agents from all around the world, and they all know it's big challenging and they took in quite similar terms. I think in terms of what the difficulties are. I think it's quite widely known that cooperation on international level is a challenge. But it's actually a challenge for everyone. You know, you talk to some people in say, the US or the UK, and they'll mention cases, they might have in Russia, China some other country and talk about the difficulties in getting corporation. But then you go to talk to people who are in Russia, China, and they'll tell you exactly the same thing relating to another country. And so everyone's gotta cyber criminal problem coming from somewhere else. Even if it's a regional problem. And so that's actually quite interesting in terms of where this is hitting and you get obviously, the geopolitics of the present and the future complicates matters. But there is actually a degree of common ground. I think in terms of this being problem for everyone. And so there's some small optimism maybe this will improve. But other than that. It's a difficult issue in terms of obviously, the transnational nature of it. But also the resources involved to police this across the world fair. Anyone countries is very very challenging. And so as you mentioned, we see I think probably an increasing number of cases of indictments, but it's still relatively small. The question is is there a strategy there that if you talk it certain high level players that does have a very big impact on the overall functioning of the underground rather than sweeping sort of low level offenders. That's something that I think is interesting theoretically that probably needs to be tested appear to be valuated a little bit. But this some signs of hope even though they're big difficulties. Well, I like to leave onto a native some signs of hope. Thank you very much for taking the time to thank you very much. We'd be knocking our listeners to take part in an informal survey. Give us on overrated. Underrated technologies which non tech book gives the best insight into the impact of technology on a world. And we'll stick his threat to the tech industry today, if you'd like to take part, please give us your answers

Romania Russia China EU Bucharest Maui fraud US UK
"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

04:16 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"And the reason is if you not involving yourself in their business directly urine outside of and so I think the risk is much lower. But with states there's a much higher risk. And so for that reason, I never dove directly into these issues while the very interesting you have to draw the line somewhere. I think and that's where I drew the one you talk about how people may be overestimated the involvement of the traditional mafia and cybercrime took instead about a new class of entrepreneurs book can be done to prevent a new class. Entrepreneur seeing such great opportunities. Yeah. Well, I think one of the big findings from this research project as you mentioned. Is who's actually behind this? This is very much an industry, it's very much a business type of Parisian. And so I think the solutions actually business solutions because what I counted in eastern Europe. It also in a number of different places is the people involved in cybercrime are quite intelligent. Some of the more technical people some of the manages very talented, very intelligent and a lot of cases, actually, quite highly educated. And so the problem is really a problem of employment unemployment and underemployment of seeing people who had they grew up in other circumstances would probably be entrepreneurs they would have startups. And in fact, they do have startups criminal startups, and you say the same with programmers lodge pool of program is in eastern Europe. And in some of the places that could quite easily be program is legitimate industry. And sometimes they are and that kind of moonlighting there on both sides. It's a problem of opportunity. And so for me a lot of the solutions while being big picture solutions that are quite difficult and require quite a lot of thought. Planning revolve around ways that we could provide avenues out of this criminal industry into legitimate industry. So it would look like the provision of capital to people in different places that get access to it to give them the opportunities to have genuine steps would look like this hiring choices that people make in different parts of the world to think about should they be looking to high more out of regions that producing a large number of cybercriminals. You know, there's a whole debate around recruiting current foam cybercriminals, that's part of the broader issue, but actually just leaving that to one side. I think just the mere if it to recruit people from some of these hotspots would reduce the overall talent pool in different ways. And so I think that's a very important part of a dressing this driving that capital there. And then also having these opportunities for employment and the final one relates to what we talked about before which is corruption, and this is even bigger picture, which is if you can solve corruption. Quite a simple thing to do if you can solve corruption. Then that's going to remove some of the protection around Siva crown. So that's obviously a very difficult one pretty intractable and lot of different places, but certainly supporting various efforts to reduce corruption around the world would have known effective, reducing cyber-crime. But I think that was probably even more difficult than the first two it taking the first one about providing capital and employment. All there any companies NGOs governments all looking at that as a solution. Yes, I think it is something that has been talked about I think this certainly already examples of some companies that are outsourcing to, cultivate, in Europe, I think it's certainly place where you can get very very high quality program is quite low process. So this certainly some if it going on, and I think in different sectors in eastern Europe. We have seen a little bit of an increase in opportunities in terms of capital. But I think there's a long way to go and certainly. There's still I think a lot of difficulty to get that type of capital. And if you think about particularly in parts of Europe coming out of the Soviet economy. And I think this still some of that sort of heritage in play. It's not an economy set up for a number of small startups. It's an economy built around a small number logic companies and often companies that have connections to the state. And so I think it's much more difficult to operate in that small away and the opportunities FOSS more, but we do see some positive signs. I think I like to think of Romania as an interesting case in terms of somewhere where you've seen similar types of approaches have occurred..

Europe eastern Europe Romania
"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

04:08 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"Go to be organized crime group, they might have this type of funding to help you out. And I came across some cases of that. Although again, it wasn't very very common. But it was the third one is basically these organized crime groups can act as either service providers partners to cyber criminals, and they're going to do this in ways that tap into what they. Traditionally and one of the things that very good at is managing arrangements managing money. Right. So a lot of the cases I encountered involved. Some of these groups working on the caching outside of the business working on the money meal side of the business and really helping to run that and then providing that as a service either something that can just be purchased or as a partner to cybercriminals perations and the fourth one is acting as the guiding hand so actually taking upon themselves to say, look, we want to be involved in this particular enterprise. Let's go out and recruit some technical talent to be able to do this. Let's kind of relate it to the third one really in practice a bit of blurring between those two because it depends is the set of technical talent seeking someone from an organized group to help them with money side, easy, organized, congress seeking the technical talent. And in practice, it sometimes to tell the difference the final on the fifth one which is kind of a little on the edge is what actually found in a number of. Those cases where these organized congress were acting as the guiding hand in in various games, some of these games didn't actually appear to be pure cybercrime. So what instead appeared to be happening was these groups were taking technology and using it to enhance what they were doing. So if they're running prostitution's games or running gambling or drugs. They would use technology to take it online in some way. So they might have websites that are basically advertising the prostitution services running. They might be offering online gambling all they might be using technology to help in drug trafficking. And that was quite commonly seen actually and a lot of the foam cybercriminals that I interviewed who talked to me about being approached by organized crime this often the category that appeared someone to come to them and say, we won't you sometimes it would be cybercrime and other times. It would be more just helping with what they were doing. All ready. Have you linked to any particular actions of tax to particular mafias, you get with inside crime and within crime. Quite a high degree of localization. Right. So they local specialties in terms of what criminals do in different places, and you say this inside Macron as well. So we see parties in year, some of the more technical type of things going on in terms of the male way production and it plays like Romania saying something much more based around online fraud in particular type online auction fraud, which is effectively selling things that don't exist. And I think we know in Nigeria people well acquainted with the old sort of E mail scams in the full one nine scans technically donors advance fee fraud, which is you'll told about some lodge Manta money. If you only pay the advance fee to release it in some way, whether it's an inheritance or something else, and that's a scam and c c localization in terms of organized crime involvement in that obviously with the direct relationship into the kind of local brand of cybercrime. You're gonna see them potentially supporting those operations, but in terms of using technology to enhance what they were doing already. That's again be tied to the local situation. So. We see certain groups that are known for certain types of crime. And so some of the ones mentioning prostitution gambling. You see with the triads in Asia. That's something that's pretty common these services, offering inequality number of countries. And so they using technology a lot to assist in that. And what about relationship with governments which Matheus have relationships with the government? Well, it's. It's. A delicate question, I guess, I shouldn't have to name names. Yeah. Exactly. I mean, so should specify that. In my research, the nation state is being something that I haven't focused on directly, and that's been somewhat intentional the type of work that I do which involves a lot of travel lot of fieldwork to different places organized crime groups when you talking about researches and things like this are actually much less dangerous than states..

prostitution fraud congress partner Nigeria Macron lodge Manta Matheus Asia Romania
"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

02:33 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"Well, it's sort of related to that this two questions as so one is there are ways that organized criminals getting involved in cybercrime is just not protection. So that getting involved Moore's play as more in different ways connected to this money aspects or other sort of roles that they can play in terms of what it is that cybercriminals need in terms of protection. I think you're correct that they're not getting into disputes in the same way that you'd see a lot of traditional criminals getting into disputes because the disputes that probably more likely to have a going to be online and vigil dispute, so where you'd seen need I think for protection and kind of dispute resolution process between cybercriminals would be if they located in the same territory, and they're in the same business so that direct competitors. And in the few cases that I've come across. That's where you tend to see organized criminals becoming involved because they can perform that kind of service inside. Dead in a lot of these instances. We don't have that direct conflict between cybercriminals what they really want and what it's very important to them is protection from arrest. And in that case in some ways, it's much simpler to go directly to the source, which is corrupt officials law enforcement agents politicians, whatever might be who can basically provide that service to you can stop an arrest taking place can tip you off you can do all sorts of different things. And that I think is really the type of protection that's the greatest value cyber cybercriminals getting that law enforcement authorities that are pretty corrupt. Yes. In short in the interviews that I did over the seventy s I did two hundred thirty eight interviews with law enforcement people with with people in private sector with foam cybercriminals and surprising as it was that this organized crime protection didn't come up that often. And it was something that I was pressing looking for and trying to determine whether it was happening. Then what did come up a lot in interviews was the presence of corruption and this being a key feature. Many many cases, and this was something actually in certain instances where people from law enforcement backgrounds in different countries. We're acknowledged this as well as a problem within respective countries. And so it's there, and it's not a small number of isolated cases. I think it's actually quite common, and it's widely known about about the full types of organized crime involvement. Civil there's four main ways and possibly v the first one is this protection, and she that we've been talking about. So when I went delve into that more, deeply the second one is basically acting as an investor within a cyber criminal operation. So that was quite simple. You're running some type of game you need capital..

Moore
"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

03:00 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"But you could have people involved to actually have no interest or technical ability and will often on the money side in terms of what would be known as cashing out the people who really tossed returning these virtual gangs into physical monetary ones. And so in those cases, you can see people recruited into these enterprises who really could be anyone could have no interest or -bility whatsoever. In terms of cyber did. This study was seven years, which is actually a really long time in the world cyber security how did cybercrime change over these years it became much more important than it wasn't much coverage. When I began this finding cases that have been reported there are only small number, and it kind of gave the impression that this was not a big deal. And that actually might have to study it in a way where I could just find over cases. And then study them, but we've seen this massive politicization, I think certainly in the coverage which also suggests a proliferation the actual activity. That's quite hard to say. I'd say. Lee's, increasing. But we don't have a clear idea in terms of really getting a high degree of understanding of that. Obviously there's been a shift in sophistication in automation. It's become increasingly something that is coordinated and terms of industry. My main purchase bane is to be studying. The industrialization of this. And I think that's a trend that has absolutely increased over the time that I have been looking into this. And so what low has the mafia played in this industrialization, then well, it's interesting because I don't think plays an important role. As people think it does wanted to when I was beginning this study, and kind of conceptualizing things I thought it might play a big role in the role that you'd expect it to play in theory Nicholson's really is to protect cybercriminals people from is an organized crime groups, their specialty is toughness violence enforcement. And this is what the very good app. This is what they do in other criminal market. So the expectation was that they could act as protected. Decipher criminals, they could help them out if they're in a dispute with other criminals, they could protect them from being taken advantage of and they could potentially protect them three context. They might have with the state from being arrested. And so that's the sort of role you'd expect them to play and this would allow cybercrime to become much more rooted in local context and therefore allowed to expand as an industry because instead of having solely online groups in organizations that quite fleeting in some ways. Because there's a lot of questions around trust online. It's a lot of difficulties to get broadscale collaboration you'd expect in an offline setting this is organized crime would offer. But actually did not find that many cases with criminals getting protection from organized criminals. In fact, I found only relatively few cases of that. And that to me was quite surprising. So something else was going on there. Instead, that's interesting. I would pass fail like cybercrime seemed to be effective that why wouldn't you move your regular crime online? But I guess maybe the mafia doesn't have as much of a protective role to play. Because people don't need to be protected because they're in countries where the law enforcement isn't interested in cybercrime..

Nicholson Lee seven years
"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

03:09 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"They usually have you to tell the story, and in some cases, they really want to tell their story and to ten. Positive out of ended up being a negative negative outcome for both themselves and also society. So that's one reason why I don't feel too much concern talking to the various people that I talked to because in a lot of cases. Actually, they've been quite polite quite friendly, and very helpful. And it will be sort of reset with people or do you go on the web and look for evidence of people would mating action. That's not an approach. I take actually so one of the reasons is that their research is doing this. So there's really not much need for me to replicate that I can read that work. I can cite that work. I felt for me. There was a contribution to make actually doing things in a much more traditional way. Which is we're seeing in social sciences broadly studying Siva issues a lot of new forms of daughter of new approaches emerging which is quite exciting. But the approach I've taken say, well, okay, we have these new things. But let's not forget about the all things. Let's not forget how we've always studied crime. There's a lot of different approaches, but one of the very popular ones when you're studying what are effectively hidden populations. Quite Qods age groups like in this case is to interviews and field work is the approach that I chose. I felt this ad something to the overall discussion that you don't get from going into marketplaces that you don't get from these other phones. Dada because you really speaking to the people behind sensitive speaking, what would be maybe the persona online or getting that kind of our facing creation. Really? You'll speaking to the real the real people when you're getting a much better understanding of who they are the narratives life stories in the context in which they live and to me, that's a very important aspect of this that I really wanted to bring to the overall discussion, they striking Ramia life. It varies. So some strikingly ordinary. There's a number of incident characters I think I've met over this time, but they don't match a number of the stereotypes that people have paperwork. God a lot of people involved in this as being somewhat moody, and maybe socially awkward, then you encounter some cases of that. But I've also kind of people who actually pretty Matic. There's a range. There's a range of people involved, you get the whole spectrum and do they normally have to be impudent technically savvy, or do you have people who sort of using either off-the-shelf tools, or they're kind of the big boss, and they've got technically savvy people under them here. Again, it's a very large spectrum because one of the things I found in my research is what we're talking about. Here is really an industry, and as part of that you're getting a high degree specializations there really is division of light happening here. And so big part of what I in my work is that you're seeing a lot of different roles that have to be performed by different people. And as a result of that, you see very different skill sets, and therefore very different backgrounds and personalities so on one end, you're gonna get people who are very very highly technical and these people involved in programming various pieces of malware, perhaps in hacking, different ways and the other end of the spectrum, you might get people involved. Absolutely, no ability whatsoever. So I mean, you mentioned people buying tools or buying off the shelf, malware that would be somewhere in the middle where they have some basic interest in this some idea. Of how to how to use technology had actually use this off the shelf software, which is not something everyone is going to do..

Dada Ramia
"cybercrime" Discussed on FT Tech Tonic

FT Tech Tonic

02:33 min | 2 years ago

"cybercrime" Discussed on FT Tech Tonic

"In this episode. We hear from a sociologist who has been studying cybercriminals and their involvement with organized crime. The problem is really a problem of employment unemployment and underemployment of saying people who had they grew up in all the circumstances would probably be entrepreneurs they would have stops. And in fact, they do have startups just criminals dot ups that was Jonathan Lewis Taus a researcher at Oxford University. He spent seven years to decide criminals around the world to uncover the kind of environments where they thrive and acoust- Tim about his book industry of anonymity. Inside the business of cybercrime. What drew you to studying cybercrime? When so much attention has been on nation state actors and fiber security, we speak to a lot of technologists. What was it that, you know, is a sociologist attracted you to this world, the real interest in what got me going, and how it started working on this and became effectively obsessed with it was hidden world. There was this very strong focus on technical aspects of cybercrime. So people were talking about hacking talking about different aspects of Mel wear or programming whatever might be as it related to cyber crime. And I remember very clearly there was a seminar, given by journalist actually, a Michigan. He lives in the UK with no fairly well around the organized crime topic. He happened to come to Oxford to give a talk on book that he was writing the time that since publishable docket. And I remember thinking when he gave that seminar. Wow. There's people involved here. And this is a world hit people trading as marketplace's there's all types of things going on. And I thought actually this is something. That should be studied. And in the department that I work in and at the time studying, and there's a very good and strong concentration on studying organized crime. And so it seemed quite a natural fit to apply some of that sort of approach to this new area and to try and understand the human aspects of this because in a way that was new at the time, and I think to a degree still his. Yeah. And how do you actually do this? What specifically they don't want. You snooping around them will the time my research strategies, tailored that I try to focus on former cybercriminals, and the reason for that is clear that much easier to find in much more likely to talk to you. And when you do talk to them, the going to be much more open, and there's been moments where I've had some interactions with people who are active, and all that has done is really confirmed the approach that I felt was correct in the first place, which is when you find someone who's retired or they've been arrested or how they've left the business..

Jonathan Lewis Taus Oxford Oxford University UK researcher Mel Michigan Tim seven years
"cybercrime" Discussed on NPR News Now

NPR News Now

01:49 min | 3 years ago

"cybercrime" Discussed on NPR News Now

"And when my son was drunk facie made his move on says her son filed a complaint with nantucket police last week though the department is not confirming that citing state confidentiality laws a lawyer for spacey has not yet responded to a request for comment for npr news i'm maria garcia in boston unruh did not identify her son who does not share her family name and pure does not report the names of accusers and sexual assault cases without their consent the former head of yahoo says most companies would fall victim to a databreach as we have all witnessed no company individual or even government agency is immune from these threats the attacks on yahoo demonstrate that strong collaboration between the public and private sectors is essential in the fight against cybercrime melissa meyer told the senate commerce committee today she's sorry that three billion user accounts were compromised in 2013 that breach was it made public until 2016 but she says her company didn't learn about the breach until three years after it happen for eisen was bought by a yoho rather was bought by verizon last june she was joined in testimony by current and former ceos of credit monitoring service akwa facts that company had a breach of more than one hundred forty million americans personal information the white house today issued new rules partially rolling back the obama administration's diplomatic opening with cuba the rules impacting travel and trade make it harder for americans to visit cuba now americans one of his of the country will have to book their travel through us tour group also the state department is published a list of dozens of hotels shops and other businesses that are allegedly tied to cuba's military and are now off limits to americans you're listening to npr news from washington.

verizon assault boston npr nantucket washington cuba obama administration white house facie yoho eisen senate commerce committee melissa meyer yahoo maria garcia spacey three years
"cybercrime" Discussed on Unfilter

Unfilter

01:53 min | 3 years ago

"cybercrime" Discussed on Unfilter

"I i mean i i guess you have to you have to have some sort level of enforcement but this all just sounds like a big money grab to me just just a horrible on fbi task force for connecticut give me a break like the this is this kind of thinking if this is really legitimate like if they're not just try and grab money if they actually think they're going to fight cybercrime this way they are taking a local regional district office approach to a worldwide problem and i must sit here trying to argue that they should have worldwide licensed to enforce oil they are but the idea that if you staff up in connecticut you're going to reduce cybercrime is so mental they either are so off on how are going to fight cybercrime or they are trying to use and established model that has been around that is baked into their bureaucracy to generate revenue it reminds me of npr npr has this huge problem that is fundamentally disrupting the way they raise revenue and so they've had to take on a lot more ads you may have noticed the problem is their podcasts are successful for podcasters successful and so they're screw and over all the affiliates on revenue the affiliates are all hardup for money so npr is being forced to deep ira ties a growing aspect of their business that is digital that is cheaper for them that doesn't require affiliates does who require all the hassle of all these affiliate agreements but they have to deep prioritise it and keep making a secondclass citizen to honor their existing thundering muddle which is all of these affiliates in your local towns.

connecticut npr fbi
"cybercrime" Discussed on The Filmcast

The Filmcast

01:57 min | 3 years ago

"cybercrime" Discussed on The Filmcast

"Several several major like the pyramids were destroyed will wanna lowering what i love about the v actually in in the one nod to continuity is when you see the cybercrime like destroy other asked me lease rates as cybercrime destroys the moon and you see the ship that landed on the moon in dark of the moon said i was pretty cool and then it destroys the pyramids and you see the permits were heavily damaged from revenge of the fallen yes i thought that was like a little cleverer easter egg for those who actually paid attention during the first four films i think the exmovie is all about global climate change because everything's by a every jiang the way the world works is been destroyed or michael based reagan israeli really progressive guy i'm sure the adler was how we have not we have not discussed paul's deep costar tony hale yet to him in in yeah in a in a in a role that is just there to be science guy again and and then it's absurd sequence where they were there is like science guy is just frustrated that nobody is listening to science and and the military decides that the you know it's like all we we don't listen a fantasy and the movie like doesn't really give take race i it on science versus fantasy and what's real what's it for hillary glitz time satisfy yes in his plan to knock over whatever tower that was failed to stop the the whole energy transfer he he looked defeated and then the magic is what saved everything at the end of unity crust the transforming robots who were the magic spear legislative acts it was uh it was beautiful scientists depleting who who we had to try to maryland yeah route who who decides to selflessly run back when she could have easily escaped the plummeting thing that was destroyed the entire planet obviously.

easter egg climate change michael paul tony hale reagan hillary maryland
"cybercrime" Discussed on Tech News Today

Tech News Today

01:39 min | 3 years ago

"cybercrime" Discussed on Tech News Today

"For a cybercrime related offence and quote rosa and inadvertently ended up in a conversation with a government official on facebook his brother told the guardian quote my brother indulged in a secretary and debate on facebook with a person who later came to know was a counterterrorism official and quote it's unclear exactly what was written in these posts but rosza was charged under a law that outlaws insulting the prophet muhammad which is punishable by death um this is this is a first yes and it's a it's definitely definitely um getting a lot of blow back from humans were human rights groups from a you know uh intern online freedom groups uh a lot of different advocacy groups yet amnesty international um uh uh and also human rights watch it's a it's it's a it's disturbing an interesting will you know at the at the truly disturbing from it because i i understand the laws i visited many of these countries where these things happen adam you just i mean you have to be aware of what you can and cannot do yeah that's part of being a visitor to a country what's scary though is the fact that there's this without coaching on social media and as we all know social media is disjointed you very rarely get a full conversation you very rarely can understand the nuances the mac and forth off of an exchange is so if if suddenly you consent and someone to death for a single post the on facebook or twitter without looking at the rest of their post to say oh this was a rhetorical device had he was using to try to make his point.

rosa official facebook secretary rosza muhammad human rights social media intern twitter