Who Scams The Scammers? Meet the Scambaiters

Police struggle to catch online fraudsters, often operating from overseas, but now a new breed of amateurs are taking matters into their own hands.

Three to four days a week, for one or two hours at a time, Rosie Okumura, 35, telephones thieves and messes with their minds. For the past two years, the LA-based voice actor has run a sort of reverse call centre, deliberately ringing the people most of us hang up on – scammers who pose as tax agencies or tech-support companies or inform you that you’ve recently been in a car accident you somehow don’t recall. When Okumura gets a scammer on the line, she will pretend to be an old lady, or a six-year-old girl, or do an uncanny impression of Apple’s virtual assistant Siri.

Once, she successfully fooled a fake customer service representative into believing that she was Britney Spears. “I waste their time,” she explains, “and now they’re not stealing from someone’s grandma.” Okumura is a “scambaiter” – a type of vigilante who disrupts, exposes or even scams the world’s scammers. While scambaiting has a troubled 20-year online history, with early forum users employing extreme, often racist, humiliation tactics, a new breed of scambaiters are taking over TikTok and YouTube. Okumura has more than 1.5 million followers across both video platforms, where she likes to keep things “funny and light”.

In April, the then junior health minister Lord Bethell tweeted about a “massive sudden increase” in spam calls, while a month earlier the consumer group Which? found that phone and text fraud was up 83% during the pandemic. In May, Ofcom warned that scammers are increasingly able to “spoof” legitimate telephone numbers, meaning they can make it look as though they really are calling from your bank. In this environment, scambaiters seem like superheroes – but is the story that simple? What motivates people like Okumura? How helpful is their vigilantism? And has a scambaiter ever made a scammer have a change of heart?

Batman became Batman to avenge the death of his parents; Okumura became a scambaiter after her mum was scammed out of $500. In her 60s and living alone, her mother saw a strange pop-up on her computer one day in 2019. It was emblazoned with the Windows logo and said she had a virus; there was also a number to call to get the virus removed. “And so she called and they told her, ‘You’ve got this virus, why don’t we connect to your computer and have a look.” Okumura’s mother granted the scammer remote access to her computer, meaning they could see all of her files. She paid them $500 to “remove the virus” and they also stole personal details, including her social security number.

Thankfully, the bank was able to stop the money leaving her mother’s account, but Okumura wanted more than just a refund. She asked her mum to give her the number she’d called and called it herself, spending an hour and 45 minutes wasting the scammer’s time. “My computer’s giving me the worst vibes,” she began in Kim Kardashian’s voice. “Are you in front of your computer right now?” asked the scammer. “Yeah, well it’s in front of me, is that… that’s like the same thing?” Okumura put the video on YouTube and since then has made over 200 more videos, through which she earns regular advertising revenue (she also takes sponsorships directly from companies).

“A lot of it is entertainment – it’s funny, it’s fun to do, it makes people happy,” she says when asked why she scambaits. “But I also get a few emails a day saying, ‘Oh, thank you so much, if it weren’t for that video, I would’ve lost $1,500.’” Okumura isn’t naive – she knows she can’t stop people scamming, but she hopes to stop people falling for scams. “I think just educating people and preventing it from happening in the first place is easier than trying to get all the scammers put in jail.”

She has a point – in October 2020, the UK’s national fraud hotline, run by City of London Police-affiliated Action Fraud, was labelled “not fit for purpose” after a report by Birmingham City University. An earlier undercover investigation by the Times found that as few as one in 50 fraud reports leads to a suspect being caught, with Action Fraud frequently abandoning cases. Throughout the pandemic, there has been a proliferation of text-based scams asking people to pay delivery fees for nonexistent parcels – one victim lost £80,000 after filling in their details to pay for the “delivery”. (To report a spam text, forward it to 7726.)

Asked whether vigilante scambaiters help or hinder the fight against fraud, an Action Fraud spokesperson skirted the issue. “It is important people who are approached by fraudsters use the correct reporting channels to assist police and other law enforcement agencies with gathering vital intelligence,” they said via email. “Word of mouth can be very helpful in terms of protecting people from fraud, so we would always encourage you to tell your friends and family about any scams you know to be circulating.”

Indeed, some scambaiters do report scammers to the police as part of their operation. Jim Browning is the alias of a Northern Irish YouTuber with nearly 3.5 million subscribers who has been posting scambaiting videos for the past seven years. Browning regularly gets access to scammers’ computers and has even managed to hack into the CCTV footage of call centres in order to identify individuals. He then passes this information to the “relevant authorities” including the police, money-processing firms and internet service providers.

“I wouldn’t call myself a vigilante, but I do enough to say, ‘This is who is running the scam,’ and I pass it on to the right authorities.” He adds that there have only been two instances where he’s seen a scammer get arrested. Earlier this year, he worked with BBC’s Panorama to investigate an Indian call centre – as a result, the centre was raided by local police and the owner was taken into custody.

Browning says becoming a YouTuber was “accidental”. He originally started uploading his footage so he could send links to the authorities as evidence, but then viewers came flooding in. “Unfortunately, YouTube tends to attract a younger audience and the people I’d really love to see looking at videos would be older folks,” he says. As only 10% of Browning’s audience are over 60, he collaborates with the American Association of Retired People to raise awareness of scams in its official magazine. “I deliberately work with them so I can get the message a little bit further afield.”

Still, that doesn’t mean Browning isn’t an entertainer. In his most popular upload, with 40m views, he calmly calls scammers by their real names. “You’ve gone very quiet for some strange reason,” Browning says in the middle of a call, “Are you going to report this to Archit?” The spooked scammer hangs up. One comment on the video – with more than 1,800 likes – describes getting “literal chills”.

But while YouTube’s biggest and most boisterous stars earn millions, Browning regularly finds his videos demonetised by the platform – YouTube’s guidelines are broad, with one clause reading “content that may upset, disgust or shock viewers may not be suitable for advertising”. As such, Browning still also has a full-time job.

YouTube isn’t alone in expressing reservations about scambaiting. Jack Whittaker is a PhD candidate in criminology at the University of Surrey who recently wrote a paper on scambaiting. He explains that many scambaiters are looking for community, others are disgruntled at police inaction, while some are simply bored. He is troubled by the “humiliation tactics” employed by some scambaiters, as well as the underlying “eye for an eye” mentality.

“I’m someone who quite firmly believes that we should live in a system where there’s a rule of law,” Whittaker says. For scambaiting to have credibility, he believes baiters must move past unethical and illegal actions, such as hacking into a scammer’s computer and deleting all their files (one YouTube video entitled “Scammer Rages When I Delete His Files!” has more than 14m views). Whittaker is also troubled by racism in the community, as an overcrowded job market has led to a rise in scam call centres in India. Browning says he has to remove racist comments under his videos.

“I think scambaiters have all the right skills to do some real good in the world. However, they’re directionless,” Whittaker says. “I think there has to be some soul- searching in terms of how we can better utilise volunteers within the policing system as a whole.”

At least one former scambaiter agrees with Whittaker. Edward is an American software engineer who engaged in an infamous bait on the world’s largest scambaiting forum in the early 2000s. Together with some online friends, Edward managed to convince a scammer named Omar that he had been offered a lucrative job. Omar paid for a 600-mile flight to Lagos only to end up stranded.

“He was calling us because he had no money. He had no idea how to get back home. He was crying,” Edward explains. “And I mean, I don’t know if I believe him or not, but that was the one where I was like, ‘Ah, maybe I’m taking things a little too far.’” Edward stopped scambaiting after that – he’d taken it up when stationed in a remote location while in the military. He describes spending four or five hours a day scambaiting: it was a “part-time job” that gave him “a sense of community and friendship”.

“I mean, there’s a reason I asked to remain anonymous, right?” Edward says when asked about his actions now. “I’m kind of embarrassed for myself. There’s a moment where it’s like, ‘Oh, was I being the bad guy?’” Now, Edward doesn’t approve of vigilantism and says the onus is on tech platforms to root out scams.

Yet while the public continue to feel powerless in the face of increasingly sophisticated scams (this summer, Browning himself fell for an email scam which resulted in his YouTube channel being temporarily deleted), But scambaiting likely isn’t going anywhere. Cassandra Raposo, 23, from Ontario began scambaiting during the first lockdown in 2020. Since then, one of her TikTok videos has been viewed 1.5m times. She has told scammers her name is Nancy Drew, given them the address of a police station when asked for her personal details, and repeatedly played dumb to frustrate them.

“I believe the police and tech companies need to do more to prevent and stop these scams, but I understand it’s difficult,” says Raposo, who argues that the authorities and scambaiters should work together. She hopes her videos will encourage young people to talk to their grandparents about the tactics scammers employ and, like Browning, has received grateful emails from potential victims who’ve avoided scams thanks to her content. “My videos are making a small but important difference out there,” she says. “As long as they call me, I’ll keep answering.”

For Okumura, education and prevention remain key, but she’s also had a hand in helping a scammer change heart. “I’ve become friends with a student in school. He stopped scamming and explained why he got into it. The country he lives in doesn’t have a lot of jobs, that’s the norm out there.” The scammer told Okumura he was under the impression that, “Americans are all rich and stupid and selfish,” and that stealing from them ultimately didn’t impact their lives. (Browning is more sceptical – while remotely accessing scammers’ computers, he’s seen many of them browsing for the latest iPhone online.)

“At the end of the day, some people are just desperate,” Okumura says. “Some of them really are jerks and don’t care… and that’s why I keep things funny and light. The worst thing I’ve done is waste their time.”

By:

Source: Who scams the scammers? Meet the scambaiters | Cybercrime | The Guardian

.

Related Contents:

Cyberthreats: The Emerging Fault Lines of the Nation State. Oxford University Press.

ISBN9780190452568. Fisher, Bonnie S.; Lab, Steven (2010). Encyclopedia of Victimology and Crime Prevention. Thousand Oaks, CA: SAGE Publications. p. 493.

ISBN9781412960472. “FBI 2017 Internet Crime Report” (PDF). FBI.gov. Federal Bureau of Investigation. May 7, 2018. Retrieved 28 August 2018.

“The Economic Impact of Cybercrime— No Slowing Down” (PDF). McAfee. 2018. Retrieved October 24, 2018. Goel, Rajeev K. (2020).

“Uncharitable Acts in Charity: Socioeconomic Drivers of Charity-Related Fraud”. Social Science Quarterly. 101 (4): 1397–1412. doi:10.1111/ssqu.12794. ISSN1540-6237. Burke, Cathy.

“L.I. charity chief convicted of embezzling nearly $1 million meant for disabled”. nydailynews.com. Retrieved 2021-04-22.

“Charitable Contributions: For use in preparing 2016 Returns” (PDF). “Scam Watch – Nigerian Scams”. Scam Watch – Australian Government. 12 May 2016. Jamie Doward (2008-03-09).

“How boom in rogue ticket websites fleeces Britons”. The Observer. London. Retrieved 9 March 2008.

“USOC and IOC file lawsuit against fraudulent ticket seller”. Sports City. Retrieved 1 August 2008. Jacquelin Magnay (4 August 2008).

“Ticket swindle leaves trail of losers”. The Sydney Morning Herald. Kelly Burke (6 August 2008). “British fraud ran Beijing ticket scam”. The Sydney Morning Herald. Francis, Ryan (2017-05-11).

“What not to get Mom for Mother’s Day”. CSO from IDG. Retrieved 2017-11-28. Hew, Khe Foon (March 2011). “Students’ and teachers’ use of Facebook”. Computers in Human Behavior. 27 (2): 662–676. doi:10.1016/j.chb.2010.11.020. Kugler, Logan (27 October 2014). “Keeping online reviews honest”. Communications of the ACM. 57 (11): 20–23. doi:10.1145/2667111. S2CID11898299. Wilson, Brian (Mar 2017). “Using Social Media to Fight Fraud”. Risk Management. New York. 64 (2): 10–11.

ProQuest1881388527. “Woman loses £320,000 in ‘romance fraud’ scam”. BBC News. Retrieved 20 October 2020. Tom Zeller Jr (April 26, 2005).

“A Common Currency for Online Fraud: Forgers of U.S. Postal Money Orders Grow”. New York Times.

“Counterfeit Money Orders: The Ultimate Guide”. Fraud Guides. 2017-09-07. Retrieved 2021-04-22.

“CyberCops.com – Counterfeit Postal Money Orders”. http://www.cybercops.com. Retrieved 23 May 2017.

“Online Shopping Scams / Scams and Fraud / Consumer Resources / Home – Florida Department of Agriculture & Consumer Services

Scan QR Code Menus With a Side of Caution, Say Privacy Experts

Restaurant patrons who’ve grown accustomed during the pandemic to whipping out their phones to access menus using QR codes should understand the implications for their personal data, say privacy and cyber-security experts.

That’s especially important given some restaurant owners are finding electronic menus efficient and cost effective, and that they may hold onto the practice even after COVID-19 is more contained.

It’s not the QR code itself that collects customer data, said Dustin Moores, a privacy lawyer with nNovation LLP in Ottawa.

“What the QR code does is it sort of acts as a web link to a web page. So when you scan a QR code on your phone, in all likelihood it is going to send you to either the restaurant’s website, or to the website of a service provider that’s being used by the restaurant,” he told Cost of Living producer Jennifer Keene.

“What’s happening is we’re replacing a very sort of innocuous object, a restaurant menu, with a website that comes with all the sort of tracking technologies that you see in modern e-commerce today.”

A marketing device

Bringing up an online menu on your phone doesn’t mean you’re handing data such as your birth date and banking details to bad actors on the internet.

The more immediate implication is that it gives your local pub, or the platform they use, new knowledge of your behaviours and preferences that it can use to better sell to you.

“If you’re a returning customer to to one of these restaurants that use the QR code technology, they might be able to say, ‘Hey, we know that Jennifer ordered the Caesar salad last time; let’s put it at the top of our menu this time because we know that she likes it,'” said Moores.

The restaurant could also use the information it has gathered to upsell customers, such as suggesting the customer add chicken to that salad, he said. Ot it could try to influence your choices by offering a discount on the dish you enjoyed last time.

Moore said it’s also likely that the QR code will take you to a website that uses third-party cookies that can be used to track your web browsing habits. “Let’s say it was a Hungarian restaurant that you visited. Well then other Hungarian restaurants in the area might start advertising to you all of a sudden,” he said.

An issue of consent

Moore said his biggest legal concern about the spike in use of QR code-enabled menus is consent.

“I think what might get lost on a lot of restaurant owners is that, like every other business in Canada, they’re subject to our privacy laws,” he said. “Whenever a business collects, uses or shares personal information in the course of commercial activities, they need to have people’s consent to do that.”

Cyber-security expert Yuan Stevens, policy lead for technology, cyber-security and democracy at Ryerson University’s Leadership Lab, said the security concerns related to QR codes remain “fairly hypothetical.”

“I have not yet found any cases in Canada of QR codes being used for stealing data or violating your privacy,” she said. “But I also think it is useful to keep in mind what concerns we should be aware of as technology becomes ubiquitous.”

Someone who wants to direct you to a malicious website could “fast track” that process using a QR code, said Stevens. “Phishing and scams are already happening. And QR codes would just be another conduit to that.”

She said some restaurants are using QR codes to gather contact tracing information as well as for menus.

With the drive to reduce contact with surfaces and each other, QR codes have increased in popularity during the pandemic, said Stevens, particularly in China, where their use increased six per cent between 2019 and 2020.

Stevens notes that last month a benevolent hacking group already alerted the public that it had been able to hack the Quebec government’s new vaccine passport system, which led to 300,000 QR codes being exposed. The developer resolved the issue within 24 hours, but it’s good to be aware that there are privacy and security tradeoffs that come with using technology, she said.

QR-code enabled vaccination verification systems are now in place in Manitoba and New Brunswick, and will be in Ontario as of Oct. 22.

Jenny Burthwright, owner of Jane Bond BBQ in Calgary, said her business introduced QR code menus in the fall of 2020 when they’d been “ripping through” paper menus while trying to keep COVID-safe.She plans to keep the higher-tech system in place post-pandemic.

“There’s a very obvious cost savings to it,” she said. “With the rising costs of everything, we considered that, and also environmentally just wanted to move away from that paper.

Restaurants are also finding it easier and faster to update an online menu than a printed one, said Olivier Bourbeau, a vice-president of Restaurants Canada, the industry association representing food-service employers.

Being able to quickly add or remove a menu item, or update the price of the dish, is particularly useful given the complexities of running a food-service business during this crisis, including rising food costs and supply-chain problems that delay delivery of ingredients.

Those advantages will likely mean many restaurants will keep the QR-code system in place, Bourbeau said.

Protective measures

To mediate the risks associated with leaving a digital trail every time you order a brisket sandwich or a poke bowl, there are some precautions consumers can take, according to cyber-security expert Stevens.

The same principles that you’d apply to avoiding phishing and other online scams generally also apply to using QR codes, she said.

“Be careful of offers that seem too good to be true. Don’t give sensitive information over email or phone to untrusted sources. Be careful what you click on.”

Treat a QR code with the same care as an email attachment, and keep your eyes peeled for printed QR codes that look like they’ve been duplicated — one stuck on top of another, said Stevens.

It’s worth taking the time to check with your host or server to make sure the QR code you’re about to use is legit, she said.

“You want to be really careful that the QR code you’re scanning is actually the restaurant’s, otherwise you could be misled. And that’s when you’d be scammed.

By Brandie Weikle. Produced by Jennifer Keene.

Source: Scan QR-code menus with a side of caution, say privacy experts | CBC Radio

.

Related Contents:

Cybercriminals Are Coming for Your Business. Here Are 5 Simple Ways to Keep Them Out

Now, more than ever, is a crucial moment to button up cyber security measures at your company. Small businesses were easy prey for cybercriminals during the pandemic. A shift to remote work meant hackers had their pick of unsecured home networks and devices. Now, even though many businesses have moved back to in-office work, it’s likely they’ll still be targeted by hackers. Savvy thieves often see small businesses as a “Trojan Horse” to the larger businesses with which they partner.

Panelists at a Chamber of Commerce event on Thursday shared tips on what businesses need to keep in mind in order to protect their data and assets from cyberattacks.

Ransomware comes in via email and can hide for several days.

Some cyberattacks will do damage instantly, taking down all of your systems and locking you out. But some, such as ransomware emails, require more time to take root.

“So maybe an employee clicks on an email that goes through their device, and they send that email to somebody else that hits another application or device. It can really be in your system for several days before you notice it,” said Tara Holt, senior product marketing manager at Iron Mountain. The delayed timeline is crucial to keep in mind as you work to nail down when and how a breach occurred.

Backup critical data, both on- and off-site.

Holt and other cybersecurity experts encourage businesses to store a backup of your most critical data as a second line of defense. This should be both off-site and online. Your business may still be able to operate during a cyberattack, even in a limited context, if there’s a backup handy.

Make sure payment processors are PCI compliant.

An overlooked area of cybersecurity is your third-party payment processor. Businesses that make hundreds of transactions per day must ensure that security standards are in place to prevent theft. Most merchants that accept credit cards must adhere to the Payment Card Industry Data Security Standard, or PCI.

A few credit card companies allow merchants that are not PCI compliant, but tread carefully with them — you’ll likely be stuck with the bill in the event of a breach. “If you get a breach, and you’re not PCI compliant, it’s a minimum of $80,000 apiece and MasterCard will have to charge you, because they’re going to have to resubmit new cards for those people whose cards may have also been compromised,” said Renee VanHeel, president of Pay It Forward Processing.

You can pay the ransom, but don’t expect to get your data back.

While taking cybercriminals at their word is always a risky undertaking, when it comes to ransomware, few crooks are honest players. Businesses that pay ransoms must deal with the very likely possibility that any data they get back will either be incomplete or corrupt.

An estimated 92 percent of victims who pay the requested ransom don’t get their data back, according to a 2021 Sophos State of Ransomware report.

Use a “zero-trust network” and multi-factor authentication.

Chances are, your team probably needs a refresher on what makes a strong, unique password, which can go a long way toward securing your systems. Best practices include combining three or more unrelated words — proper nouns are good — with numbers or special characters separating them.

Requiring the use of VPNs is also key. Saïd Eastman, CEO of JobsInTheUS, says his company uses both an internal VPN and a third-party VPN for customers. “We do that because we believe it’s important for us to provide a secure environment for our employees to get in to do their jobs, but also a place for our customers,” he said.

Holt also suggests that businesses create what is called a “zero-trust network” that authenticates users every time they log-in. Multi-factor authentication, where users must enter a passcode that is sent to their phone or email, is another good safeguard.

“Adding in as many different layers of security as you can can really be that first step to protect you,” said Holt.

Why Is China Cracking Down on Ride-Hailing Giant Didi?

Just days after Didi Global Inc., China’s version of Uber, pulled off a $4.4 billion initial public offering in New York, the Chinese cyberspace regulator effectively ordered it removed from app stores in its home market, citing security risks. The ruling doesn’t stop the company from operating -– its half-billion or so existing users will still be able to order rides for now. But it adds to the uncertainty surrounding all Chinese internet companies as regulators increasingly assert control over Big Tech.

1. What’s Didi?

It’s China’s biggest ride-hailing company. Didi squeezed Uber out of China five years ago, buying out the American company’s operations after an expensive price war. Its blockbuster IPO on June 30 was the second-biggest in the U.S. by a company based in China, after Alibaba Group Holding Ltd, giving Didi a market value of about $68 billion.

Accounting for stock options and restricted stock units, the company’s diluted value exceeds $71 billion — well below estimates of up to $100 billion as recently as a few months ago. The relatively modest showing reflects both investors’ increasing caution over pricey growth stocks, and China’s recent crackdown on its biggest tech players.

2. What is this investigation about?

The specifics are still very unclear. Two days after the IPO, the Cyberspace Administration of China said it’s starting a cybersecurity review of the company to prevent data security risks, safeguard national security and protect the public interest. Two days after that it said Didi had committed serious violations in the collection and usage of personal information and ordered the app pulled. There are no details on what precisely the investigation centers on, when or where the alleged violations occurred or whether there will be more penalties to come.

3. Are there any hints?

The Global Times, a Communist Party-backed newspaper, wrote in an editorial that Didi undoubtedly has the most detailed travel information on individuals among large internet firms and appears to have the ability to conduct “big data analysis” of individual behaviors and habits. To protect personal data as well as national security, China must be even stricter in its oversight of Didi’s data security, given that it’s listed in the U.S. and its two largest shareholders are foreign companies, it added.

4. Is it just Didi?

No. The Chinese internet regulator has widened its probe to two more U.S.-listed companies, targeting Full Truck Alliance Co. and Kanzhun Ltd. soon after launching the review into Didi.

5. Was this out of the blue?

No. In May, China’s antitrust regulator ordered Didi and nine other leaders in on-demand transport to overhaul practices from arbitrary price hikes to unfair treatment of drivers. More broadly, Beijing is in the process of a sweeping crackdown on the nation’s Big Tech firms designed to curb their growing influence.

In November 2020 the authorities derailed the planned IPO of fintech giant Ant Group Co. and in April hit Alibaba with a record $2.8 billion fine after an antitrust probe found it had abused its market dominance. Didi, however, said on Monday it was unaware of China’s decision to halt registrations and remove the app from app stores before its listing.

6. Why does Didi matter?

You can’t really overstate just how dominant Didi is in ride hailing in China, accounting for 88% of total trips in the fourth quarter of 2020. When Didi bought Uber’s Chinese operations in 2016, Uber took a stake in the company that currently stands at 12%. Didi’s U.S. IPO was shepherded by a who’s who of Wall Street banks. Its largest shareholder is Japan’s SoftBank Group Corp. with more than 20%, and others include Chinese social networking colossus Tencent Holdings Ltd. However, due to Didi’s ownership structure, Chief Executive Officer Cheng Wei and President Jean Liu control more than 50% of the voting power.

7. How’s the company doing?

While Didi had a net loss of $1.6 billion on revenue of $21.6 billion last year, according to its filings with the U.S. Securities and Exchange Commission, its diversity cushioned it against the worst of the pandemic downturn. The company reported net income of $837 million in the first quarter of 2021. With growth in its core market beginning to slow, it has expanded rapidly into fields from car repairs to grocery delivery and has pumped hundreds of millions into researching autonomous driving technology. It’s also said to be planning to expand services into Western Europe.

8. What happens now?

On Didi specifically the critical question is what the review regarding user data finds. But analysts are already looking at the likely wider impact. Key issues are whether the action is likely to discourage other Chinese tech firms from embarking on an overseas listing, and whether the action marks a new direction for the regulatory crackdown. Didi itself said in a statement in would fully cooperate with the review. It warned though that the removal of the app for new users may have an adverse affect on revenue.

Based on the laws cited by the regulators, Didi is probably being investigated over its purchase of certain products and services from other suppliers, which may threaten national data security, according to analysts from Shenzhen-based Ping An Securities. “Didi will inevitably have to check its core network equipment, high-performance computers and servers, large-capacity storage equipment, large databases and application software, network security equipment, and cloud computing services, sort them out and make necessary rectifications to meet regulatory requirements,” the analysts wrote in a note on Monday.

Yang Sirui, chief analyst for the computer industry at Bank of China International, said that Didi went for its public listing in the US hastily, probably due to investor pressure. “Listing Didi as soon as possible meets the demands of the capital,” he said. “But if [Didi] had arbitrarily collected user privacy data, abused it, or monetized it illicitly, it will inevitably be punished by Chinese regulators.” Since its founding in 2012, Didi has undergone a number of private fundraising rounds, raising tens of billions of dollars from venture capital or major tech firms. According to its IPO prospectus, SoftBank Vision Fund is currently the largest shareholder of Didi, with a 21.5% stake. Uber (UBER) and Tencent (TCEHY) followed with a 12.8% and 6.8% stake respectively.

The Reference Shelf

— With assistance by Coco Liu, Molly Schuetz, Abhishek Vishnoi, and Colum Murphy

By:

Source: Why China is Citing Security Risks in Crack Down on $UBER rival $DIDI – Bloomberg

.

Critics:

Didi is a Chinese vehicle for hire company headquartered in Beijing with over 550 million users and tens of millions of drivers. The company provides app-based transportation services, including taxi hailing, private car hailing, social ride-sharing, and bike sharing; on-demand delivery services; and automobile services, including sales, leasing, financing, maintenance, fleet operation, electric vehicle charging, and co-development of vehicles with automakers.

In March 2017, the Wall Street Journal reported that SoftBank Group Corporation approached DiDi with an offer to invest $6 billion in the company to fund the ride-hailing firm’s expansion in self-driving car technologies, with a significant portion of the money to come from SoftBank’s then-planned $100 billion Vision Fund.

DiDi claims that it provides over tens of millions of flexible job opportunities for people, including a considerable number of women, laid-off workers and veteran soldiers. Based on a survey released by DiDi in March 2019, women rideshare drivers in Brazil, China and Mexico account for 16.7%, 7.4% and 5.6% of total rideshare drivers on its platforms, respectively. DiDi supports more than 4,000 innovative SMEs, which provides more than 20,000 jobs additionally.

40% of DiDi’s employees are women. In 2017, DiDi launched a female career development plan and established the “DiDi Women’s Network”. It is reportedly the first female-oriented career development plan in a major Chinese Internet company.

References

The 3 Biggest Mistakes the Board Can Make Around Cyber Security

The role of the Board in relation to cyber security is a topic we have visited several times since 2015, first in the wake of the TalkTalk data breach in the UK, then in 2019 following the WannaCry and NotPeyta outbreaks and data breaches at BA, Marriott and Equifax amongst others. This is also a topic we have been researching with techUK, and that collaboration resulted in the start of their Cyber People series and the production of the “CISO at the C-Suite” report at the end of 2020.

Overall, although the topic of cyber security is now definitely on the board’s agenda in most organisations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident or a near-miss.

All this hides a pattern of recurrent cultural and governance attitudes which could be hindering cyber security more than enabling it. There are 3 big mistakes the Board needs to avoid to promote cyber security and prevent breaches.

1- Downgrading it

“We have bigger fishes to fry…”

Of course, each organisation is different and the COVID crisis is affecting each differently – from those nearing collapse, to those which are booming. But pretending that the protection of the business from cyber threats is not a relevant board topic now borders on negligence and is certainly a matter of poor governance which non-executive directors have a duty to pick up.

Cyber attacks are in the news every week and have been the direct cause of millions in direct losses and hundreds of millions in lost revenues in many large organisations across almost all industry sectors.

Data privacy regulators have suffered setbacks in 2020: They have been forced to adjust down some of their fines (BA, Marriott), and we have also seen a first successful challenge in Austria leading to a multi-million fine being overturned (EUR 18M for Austrian Post). Nevertheless, fines are now reaching the millions or tens of millions regularly; still very far from the 4% of global turnover allowed under the GDPR, but the upwards trend is clear as DLA Piper highlighted in their 2021 GDPR survey, and those number should register on the radar of most boards.

Finally, the COVID crisis has made most businesses heavily dependent on digital services, the stability of which is built on sound cyber security practices, in-house and across the supply chain.

Cyber security has become as pillar of the “new normal” and even more than before, should be a regular board agenda, clearly visible in the portfolio of one member who should have part of their remuneration linked to it (should remuneration practices allow). As stated above, this is fast becoming a plain matter of good governance.

2- Seeing it as an IT problem

“IT is dealing with this…”

This is a dangerous stance at a number of levels.

First, cyber security has never been a purely technological matter. The protection of the business from cyber threats has always required concerted action at people, process and technology level across the organisation.

Reducing it to a tech matter downgrades the subject, and as a result the calibre of talent it attracts. In large organisations – which are intrinsically territorial and political – it has led for decades to an endemic failure to address cross-silo issues, for example around identity or vendor risk management – in spite of the millions spent on those matters with tech vendors and consultants.

So it should not be left to the CIO to deal with, unless their profile is sufficiently elevated within the organisation.

In the past, we have advocated alternative organisational models to address the challenges of the digital transformation and the necessary reinforcement of practices around data privacy in the wake of the GDPR. They remain current, and of course are not meant to replace “three-lines-of-defence” type of models.

But here again, caution should prevail. It is easy – in particular in large firms – to over-engineer the three lines of defence and to build monstrous and inefficient control models. The three lines of defence can only work on trust, and must bring visible value to each part of the control organisation to avoid creating a culture of suspicion and regulatory window-dressing.

3- Throwing money at it

“How much do we need to spend to get this fixed?”

The protection of the business from cyber threats is something you need to grow, not something you can buy – in spite of what countless tech vendors and consultants would like you to believe.

As a matter of fact, most of the breached organisations of the past few years (BA, Marriott, Equifax, Travelex etc… the list is long…) would have spent collectively tens or hundreds of millions on cyber security products over the last decades…

Where cyber security maturity is low and profound transformation is required, simply throwing money at the problem is rarely the answer.

Of course, investments will be required, but the real silver bullets are to be found in corporate culture and governance, and in the true embedding of business protection values in the corporate purpose: Something which needs to start at the top of the organisation through visible and credible board ownership of those issues, and cascade down through middle management, relayed by incentives and remuneration schemes.

This is more challenging than doing ad-hoc pen tests but it is the only way to lasting long-term success.

By: JC Gaillard

Source: The 3 Biggest Mistakes the Board Can Make Around Cyber Security – Business 2 Community

.

Critics:

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak, information leakage and also data spill. Incidents range from concerted attacks by black hats, or individuals who hack for some kind of personal gain, associated with organized crime, political activist or national governments to careless disposal of used computer equipment or data storage media and unhackable source.

Definition: “A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”Data breaches may involve financial information such as credit card & debit card details, bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.

Data breaches can be quite costly to organizations with direct costs (remediation, investigation, etc) and indirect costs (reputational damages, providing cyber security to victims of compromised data, etc.)

According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.

Many jurisdictions have passed data breach notification laws, which requires a company that has been subject to a data breach to inform customers and takes other steps to remediate possible injuries.

A data breach may include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, posting such information on the world wide web or on a computer otherwise accessible from the Internet without proper information security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencrypted e-mail, or transfer of such information to the information systems of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques.

ISO/IEC 27040 defines a data breach as: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed.

See also

The Colonial Pipeline Hackers Are One Of The Savviest Criminal Startups In A $370 Million Ransomware Game

US-IT-OIL-CRIME-PIPELINE-HACKER

When Colonial Pipeline took its gasoline lines down following a successful cyberattack last week, it became the most high-profile victim of a hacking group called DarkSide.

But DarkSide isn’t a single entity. It’s a media-savvy, semiprofessional startup and software supplier for an illicit market of hackers looking for a quick easy way to breach and extort large businesses. In a ransomware game that, according to data from cryptocurrency tracker Chainalysis, has seen $370 million 2020 revenue for the criminals in the form of ransom payments, DarkSide and its partners represent a dangerous new breed of underground businesses that are working together to menace legitimate organizations, across public and private sectors.

The security industry calls DarkSide’s business model “ransomware-as-a-service,” as it mimics the software-as-a-service model. First, provide financially motivated cybercriminals with the best software for stealing data and encrypting victims’ files over the internet via an easily accessible dark website. Second, provide the services around that software, such as tools that allow digital extortionists to communicate directly with their victims or get IT support. Third, share the rewards if a target pays the ransom.

DarkSide takes most of the cut. According to FireEye, the security company whose Mandiant division is helping the Colonial Pipeline recover, DarkSide takes 25% of ransom fees less than $500,000 and 10% of ransom fees above $5 million. Though that’s a sizable cut of the proceeds, the DarkSide operators make ransomware attacks so simple, customers keep coming. “It’s a great way of making quick money,” says Peter Kruse, founder and CEO of CSIS Security Group, which says it has seen various cybercrime actors using the DarkSide ransomware service. In the case of the Colonial Pipeline, DarkSide says a client using its software mounted the attack that shut the pipeline down.

To stand out from the crowd, DarkSide has promised the best encryption speeds to lock up computers faster than anyone else. It also supports attacks on both Microsoft Windows and Linux operating systems. Its marketing is working. Since emerging in August 2020, it’s leaked the data of more than 80 organizations. The identities of those who paid may never be known, notes ransomware tracker Brett Callow. “They’ve hit at least 114 organizations and they’ve published data from 83, so these didn’t pay (the ransom).

Which means at least 31 did,” Callow says. Given DarkSide users’ ransom demands range between $200,000 to $2 million, according to security startup CyberReason, it’s possible they’ve collectively made more than $30 million in just half a year. And, with KrebsOnSecurity reporting that the group negotiated an $11 million ransom with one victim company, it’s likely higher than that estimate. (A message to the DarkSide crew didn’t receive a response.)

Lax security may be helping the hackers. Before DarkSide’s malware can be deployed, its customers first need to have broken into a network, and DarkSide doesn’t provide that service. Kruse says DarkSide’s partners look for vulnerable devices that can be found by scanning the web. Once those systems are found, they can be exploited and leverage gained on a target’s network. They then need to take control of other connected computers and install the DarkSide software, which wraps the victims’ data and locks it with keys targets must pay ransom to use.

Colonial Pipeline hasn’t yet revealed exactly how it was breached, though analyses of the company’s servers from security experts discovered a few avenues hackers could have used to poke holes in its defenses. There were, for instance, a large number of surveillance cameras attached to the company’s IT infrastructure, according to Derek Abdine from security company Censys.

And Bob Maley, a former PayPal security lead and now chief security officer at cyber defense startup Black Kite, says he saw open remote management and file sharing servers, which, if the hackers had somehow acquired logins, could have provided a path onto Colonial’s network.

“If I was going to hack that… I’d simply use a publicly available tool to connect to that port, run a little script and try all the credentials that I have, plus some of the common … default usernames and passwords,” Maley added. That “credential stuffing” attack could then provide enough network access to start finding a way to plant the ransomware.

There’s long been concern that critical infrastructure businesses aren’t well-prepared for the kinds of attack described by Maley, even if they’re far from the most sophisticated attacks the internet sees every day. “Legacy industrial control systems and other similar infrastructures were primarily designed to keep information in and execute their control tasks dependably and consistently.  Unfortunately, there were little or no provisions built in to adequately secure the systems and keep people out,” says Chris Piehota, a former FBI technology director.

Personnel is another issue. Kruse and Maley noted that Colonial didn’t appear to have anyone in charge of cybersecurity. Colonial said its chief information officer, hired in 2017, led cybersecurity efforts, undertaking a review of its defenses and increasing total spending on IT, including cybersecurity, by more than 50% in the past four years.

A spokesperson told Forbes it had “robust protocols and software in place to detect and address threats proactively and reactively,” and that its third-party incident response team determined it was following “best practices” before the breach. Any speculation about the root cause of the incident would be premature and not informed by the facts, they added. They declined to comment on whether or not a ransom had been paid, and wouldn’t say how much the hackers had demanded.

The hack itself is just the first part of a modern-day ransomware swindle. DarkSide and similar groups have realized that they need to control the story, play the press and apply as much pressure to victims as possible to extract a ransom.

The added threat on top of all that data loss is public shaming. DarkSide and other groups’ dark websites aren’t just spaces for them to expose victims’ data. They’re places where they can attract media attention to amplify successes and, possibly, increase the ransoms as companies pay up to avoid reputational damage. The first of this new breed of publicity-friendly ransomware extortionist came in late 2019, with the emergence of Maze, which became infamous for attacks on U.S. schools. According to Callow, from security company Emsisoft, there are now about 30 doing much the same.

Another group, Babuk, has shown in the past month how devastating public shaming can be, after it hacked into the Washington, D.C., Metropolitan Police Department. When the police didn’t pay the $4 million ransom, Babuk started releasing the personal information of officers. In a new batch of data on 22 police officers released this week, the leaked information included psychological assessments, social security numbers, financial data and marriage histories. Babuk even posted conversations between itself and the department, in which the latter apparently tried to lowball the crew with a $100,000 ransom offer. Babuk rejected the offer. The police department has previously acknowledged the attack but hadn’t responded to requests for comment at the time of publication.

DarkSide has used a different tactic to try to improve its public image, presenting itself as a kind of Robinhood hacking organization, giving a small portion of stolen funds to charity, offering short-sellers advance information so they can bet on a victim’s stock tanking, and promising not to attack certain industries: hospitals, funeral services, schools, universities, nonprofits and government organizations. It even claims to only permit attacks on companies it knows can afford to pay, saying, “We do not want to kill your business.”

As the group wrote on its dark web “press center” earlier this week: “Our goal is to make money, and not creating [sic] problems for society.” One victim, Dalton, Georgia-based carpet manufacturer Dixie Group Inc., disclosed a ransomware attempt affecting “portions of its information technology systems” earlier this year.

With the Colonial Pipeline, DarkSide apparently realized too late that one of its partners had targeted an industry that served a huge number of consumers with gasoline and subsequently promised to “introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” Now the world has its eyes on the hacking group. In a “flash notice” to the cybersecurity industry and government agencies this week, the FBI said it has been investigating DarkSide since October, just two months after it emerged.

Its investigators and global partners have had increasing success against malware operators in recent months, the most significant in January, in which the U.S. Justice Department said it had participated in a multinational operation to disrupt and take down infrastructure of the malware and botnet known as Emotet. Described by experts as the most dangerous malware in the world, Emotet offered criminals access to personal and company computers. As with DarkSide, many criminals paid Emotet’s operators to install ransomware. Authorities made arrests of alleged administrators, who face charges in Ukraine, though they’ve yet to go on trial.

Despite that case and the blueprint it laid down for future cyber investigations, the only authorities DarkSide appears to fear are Russian-speaking: Its malware won’t work if it detects its victim is Russian. This has led to accusations that the Kremlin either supports or harbors criminals that target Western businesses, something Putin’s government has staunchly denied.

Dmitri Alperovitch, cofounder of cybersecurity company CrowdStrike and now executive chairman at the Silverado Policy Accelerator nonprofit, says there’s no evidence DarkSide has obvious links to Russian intelligence, adding, “Given their long past history of willful harboring of cybercrime, I don’t think it matters.”

Follow me on Twitter. Check out my website. Send me a secure tip.

I’m associate editor for Forbes, covering security, surveillance and privacy. I’m also the editor of The Wiretap newsletter, which has exclusive stories on real-world surveillance and all the biggest cybersecurity stories of the week. It goes out every Monday and you can sign up here: https://www.forbes.com/newsletter/thewiretap

I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice, Wired and the BBC, amongst many others.

Tip me on Signal / WhatsApp / whatever you like to use at +447782376697. If you use Threema, you can reach me at my ID: S2XY9B9U.

If you want to tip me with something sensitive? Get in contact on Signal or Threema, and we can use OnionShare. It’s a great way to share documents privately. See here: https://onionshare.org/

Source: The Colonial Pipeline Hackers Are One Of The Savviest Criminal Startups In A $370 Million Ransomware Game

.

References

Bomey, Nathan. “Colonial Pipeline looking to ‘substantially restore operations by end of week”. USA TODAY. Archived from the original on May 10, 2021. Retrieved May 10, 2021.

European Banking Authority (EBA) Microsoft Exchange Servers Hacked

Paris Looks to Charm London's Brexiles

The European Banking Authority (EBA) has confirmed it has fallen victim to the ongoing Microsoft Exchange attacks.

With a total of four highly valuable zero-day exploits, previously unreported vulnerabilities that give cybercriminals a head start in any attack campaign, the attacks against on-premises Microsoft Exchange servers were always going to be a big deal. Those initial attacks, which prompted Microsoft to publish an emergency out-of-band security update, were attributed to a nation state-sponsored group identified as HAFNIUM. The nation in question is China. However, Microsoft has now confirmed that it “continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM.”

As I reported on March 6, credible sources were suggesting that the attacks against vulnerable Microsoft Exchange servers were thought to have compromised ‘hundreds of thousands’ of servers, more than 30,000 in the U.S. alone.

One of those attacked outside of the U.S. was the European Union’s banking regulator, the European Banking Authority. On March 7, the EBA issued a statement confirming that it had “been the subject of a cyber-attack against its Microsoft Exchange Servers.”

While stating that a full investigation was underway, the EBA went on to add: “As the vulnerability is related to the EBA’s email servers, access to personal data through emails held on that servers may have been obtained by the attacker. The EBA is working to identify what, if any, data was accessed. Where appropriate, the EBA will provide information on measures that data subjects might take to mitigate possible adverse effects. As a precautionary measure, the EBA has decided to take its email systems offline. Further information will be made available in due course.”

Further information was, indeed, made available by way of an update on March 8. “The EBA investigation is still ongoing and we are deploying additional security measures and close monitoring in view of restoring the full functionality of the email servers,” it read. “At this stage, the EBA email infrastructure has been secured and our analyses suggest that no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers.”

“The exploitation of the 0days in question required some specific conditions and thus raises questions what exactly happened at the EBA,” Ilia Kolochenko, chief architect at ImmuniWeb, said. “Another key question is when exactly the EBA was compromised?” Kolochenko points out that if the intrusion happened after the disclosure but prior to the emergency patch, the vulnerable systems should have been immediately disconnected to prevent exploitation in the wild. “The EBA is likely not the last victim of this hacking campaign,” he warns, “and more public authorities may disclosure incidents stemming from exploitation of the same vulnerabilities.”

I have approached the EBA for further comment.

Meanwhile, Mark Bower, a senior vice-president at comforte AG, said that “the capacity for attackers to extract sensitive data from emails, spreadsheets in mailboxes, insecure credentials in messages, as well as attached servers presents an advanced and persistent threat with multiple dimensions.”

Although it should be reiterated that, at this point in the investigation, the EBA is saying that “no data extraction has been performed and we have no indication to think that the breach has gone beyond our email servers.” Bower, like Kolochenko, warns that more incidents will be reported. “Affected entities and their supply chain partners will see a persistent secondary impact as a result over a long period of time,” he said.

I’ll leave the final word to John Hultquist, vice-president of analysis with Mandiant Threat Intelligence. “Though broad exploitation of the Microsoft Exchange vulnerabilities has already begun, many targeted organizations may have more to lose as this capability spreads to the hands of criminal actors who are willing to extort organizations and disrupt systems.

The cyber espionage operators who have had access to this exploit for some time, aren’t likely to be interested in the vast majority of the small and medium organizations. Though they appear to be exploiting organizations in masses, this effort could allow them to select targets of the greatest intelligence value.”

Update March 9

The EBA has now published a third update, which I reprint here in full:

“The European Banking Authority (EBA) has established that the scope of the event caused by the recently widely notified vulnerabilities was limited and that the confidentiality of the EBA systems and data has not been compromised.

Thanks to the precautionary measures taken, the EBA has managed to remove the existing threat and its email communication services have, therefore, been restored.

Since it became aware of the vulnerabilities, the EBA has taken a proactive approach and carried out a thorough assessment to appropriately and effectively detect any network intrusion that could compromise the confidentiality, integrity and availability of its systems and data.

The analysis was carried out by the EBA in close collaboration with the Computer Emergency Response Team (CERT-EU) for the EU institutions, agencies and bodies, the EBA’s ICT providers, a team of forensic experts and other relevant entities.”

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

Source: European Banking Authority (EBA) Microsoft Exchange Servers Hacked

.

.

More Contents:

Microsoft Email Server Hacked? Cyber Attack Hits 30,000 US Organizations
technostaan.in – March 6
Microsoft Corporation was hit by a cyberattack that affected 30,000 US organizations. Small businesses and the Government were the victims of this attack.
1
MINECRAFT HACK FREE DOWNLOAD UNDETECTED 2021
p2pconnects.us – March 3
[…] to download minecraft client, wurst client, hacking, how to install wurst client, how install mod, server, hacked, wurst client download, how to download wurst client, minecraft griefing, griefing, tutorial […]
0
TwitLonger — When you talk too much for Twitter
http://www.twitlonger.com – February 17
[…] or dignity when being apart of servers including: Putting racial slurs, and pretend-having your server hacked, and a bunch of other annoying mischievous things (see here: https://i […]
0
Pune: NCP accuses PCMC officials, BJP of multi-crore fraud in name of setting Covid care centres | Cities News,
indianexpress.com – February 16
[…] Read |Pune-based private company’s server hacked, duped of Rs 1 […]
4
Quick tutorial CSS tip: How to show source code the easy way – DEV
dev.to – November 24, 2020
[…] I did use this in HTML slidedecks in the past with the result of getting my server hacked […]
N/A
The downfall of firewalls. Leveraging Crowd Power to recreate… | by philippe humeau | Nov, 2020
crowdsecurity.medium.com – November 17, 2020
[…] An IP that was behaving aggressively yesterday was probably used by a server hacked by someone recently […]
N/A
It: Gaiba municipality central server hacked
http://www.databreaches.net – November 11, 2020
The following is a Google translation: The Municipality of Gaiba informs all interested parties (residents and non-residents) that on the night of 6.11.2020 it…
N/A
Trump Campaign Site Hacked – What We Know & Lessons Learned
http://www.wordfence.com – October 28, 2020
[…] IV: Origin server hacked via FTP or SSH – Low Probability This is the least likely scenario since the attackers would nee […]
N/A
U.S. Center for SafeSport server hacked, sensitive documents potentially exposed –
theathletic.com – October 7, 2020
U.S. Center for SafeSport server hacked, sensitive documents potentially exposed
2
UL Foundation server hacked
http://www.katc.com – September 30, 2020
A server containing UL Foundation data has been hacked, officials said in an email sent to members today. The hack, which was of Blackbaud, a data management software vendor, may have compromised “names, addresses and other contact information” of alumni members, the letter states. The email was sent by John Blohm, vice president of university advancement and CEO of the UL Foundation. “Blackbaud has confirmed that your credit card information, bank account information and Social Security numbers were not compromised, since this database does not store such details,” the letter states. “Further, Blackbaud does not believe the information that was possibly exposed in the breach can be used for identity theft or financial fraud.” The email states that “Blackbaud, in conjunction with the FBI and other law enforcement agencies, conducted a full inquiry and found no evidence that the cybercriminals who gained access to the data shared it in any way. Your information was not made public or otherwise disseminated and was not misused.” It does not say when the hack occurred. The email states that “Blackbaud has already implemented several changes to strengthen its data protection and reduce the risk of future incidents.” Anyone affected doesn’t have to do anything, but it’s always a good idea to “remain vigilant,” the email says.
3
Michigan government server hacked #GSH – Pastebin.com
pastebin.com – August 14, 2020
Michigan government server hacked, over 20+ city/town websites hacked […]
1
Ghost Squad Hackers take over Michigan government websites
http://www.onyxmodsllc.com – August 13, 2020
[…] “Michigan government server hacked, over 20+ city/town websites hacked […]
1
Three Idaho State Websites Are Vandalized by Hackers
http://www.govtech.com – July 28, 2020
[…] “Idaho government server hacked with #FreeAssange message,” the tweet said […]
1
‘Free Julian Assange’: Trio of Idaho state websites taken over by hackers
http://www.eastidahonews.com – July 27, 2020
[…] “Idaho government server hacked with #FreeAssange message,” the tweet said. Idaho government server hacked with #FreeAssange message […]
24
State of Idaho server hacked by ‘ghost squad’
idahonews.com – July 27, 2020
A group calling itself Hacked by Ghost Squad Hackers has apparently hacked a State of Idaho server. There’s a message on the screen that reads, “Free Julian Assange. Journalism is not a crime. ” So far, CBS2 News has confirmed the state’s Parks and Recreation page and the Stem Idaho page have been…
272
Nepal Telecom Server Hacker arrested by CIB
http://www.nepalitelecom.com – July 17, 2020
[…] How was the Nepal Telecom server hacked? According to CIB, Deuja used untraceable internet technology to illegally access the company’ […]
1
‘It was as though we were sitting at the table’ – cartel server hacked – Herald.ie
http://www.herald.ie – July 9, 2020
An encrypted communications server that was hacked by European police forces and led to millions of messages between criminals being intercepted was also used by the Kinahan cartel.
12
Alexandre BLANC Cyber Security posted on LinkedIn
http://www.linkedin.com – June 3, 2020
[…] in/eWq6jZe “THE VOLLGAR CAMPAIGN: MS-SQL SERVERS UNDER ATTACK” Is your server hacked? Check this out, another years old attacks, active since May 2018, uncovered only recently […]
1
Cisco server hacked by exploiting SaltStack Vulnerabilities.
vednam.com – May 31, 2020
Cisco Server Hacked is mainly exploited by the two vulnerabilities and that was mainly fixed.The point of how this fall happens on cisco devices.Read…
1
6 tips on how to secure your email server
hostio.solutions – May 30, 2020
[…] Therefore, having your email server hacked has a lot of risks, each having a different impact: When spam lands in your subscribers’ inboxes it […]
2
Mitigating and securing hacked WordPress sites | Alkanyx Software Marketplace
alkanyx.com – April 13, 2020
[…] The reason I’m writing this article is because a couple weeks ago, I got a staging server hacked, that was hosting some old, un-updated wordpress installations […]
11
AMD’s Big Navi and Xbox Series X GPU ‘Arden’ Source Code Stolen and Leaked
http://www.tomshardware.com – March 26, 2020
[…] ” The hacker claims she found the unencrypted information in a computer/server hacked via exploits […]
2
Charlatans, Conspiracists And The Trump Boys Seize On Iowa Debacle
talkingpointsmemo.com – February 4, 2020
[…] A Short History Of @DNC: – Openly rigged elections/delegates against Bernie in ‘16 – Server hacked, *proving* that DNC rigged elections against Bernie – Paid for foreign interference in 2016 wit […]
80
Rolandsmartin: “1.17 TSU names acting prez; GA election server hacked; Poll: Blacks say #45 is racist; Women’s March”
http://www.pscp.tv – January 18, 2020
1.17 TSU names acting prez; GA election server hacked; Poll: Blacks say #45 is racist; Women’s March…
1
It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild • The Register
http://www.theregister.co.uk – January 18, 2020
[…] ” Georgia election server hacked in 2014 A new revelation has emerged in the battle over paperless voting systems in the US state of […]
8
It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild • The Register
http://www.theregister.com – January 18, 2020
[…] ” Georgia election server hacked in 2014 A new revelation has emerged in the battle over paperless voting systems in the US state of […]
N/A
Special Olympics Hacked for Phishing Emails | | IT Security News
http://www.itsecuritynews.info – December 31, 2019
Special Olympics of New York, a nonprofit organization that provides sports training and competition to more than 67,000 children and adults with intellectual disabilities, had its email server hacked and later used to launch a phishing campaign against previous donors. The malicious email was camouflaged as an alert of an impending transaction that purported to […]   Advertise on IT Security News. Read the complete article: Special Olympics Hacked for Phishing Emails
1
Special Olympics New York Hacked to Send Phishing Emails
http://www.bleepingcomputer.com – December 31, 2019
[…] organization focused on competitive athletes with intellectual disabilities, had its email server hacked around this year’s Christmas holiday and later used to launch a phishing campaign against previou […]
1
Hunter Biden Counterfeiting Involved Burisma, Crowdstrike, Filing Claims
pjmedia.com – December 30, 2019
[…] by mainstream media outlets as a conspiracy theory — that when CrowdStrike investigated the DNC server hacked in 2016, the company took them to Ukraine to hide them […]
821
Hunter Biden Accused of $156M Counterfeiting Scheme With Burisma, CrowdStrike, Legal Filing Claims
pjmedia.com – December 30, 2019
[…] by mainstream media outlets as a conspiracy theory — that when CrowdStrike investigated the DNC server hacked in 2016, the company took them to Ukraine to hide them […]
31
Internet Gov Weekly Brief (W1Y20): UN to draft treaty on cybercrime; California’s new data privacy law; Brazil fines Facebook; Microsoft takes down 50 domains; 18 central banks on digital currencies; ECB announces EUROchain | Internet Governance News
internetgov.news – December 27, 2019
[…] organization focused on competitive athletes with intellectual disabilities, had its email server hacked around this year’s Christmas holiday and later used to launch a phishing campaign against previou […]
13
Remember when MSM tried to claim that Trump being spied on was a “conspiracy theory” – Investment Watch
http://www.investmentwatchblog.com – December 21, 2019
[…] Paid $972,000 To Law Firm That Secretly Paid Fusion GPS In 2016 FBI docs: Study found Clinton email server hacked IG report – www […]
8
Virus Bulletin :: Newsletter
http://www.virusbulletin.com – December 19, 2019
[…] 2019: Stalkerware, VB2019 programme, Ryuk and LockerGoga, Emotet and Trickbot, Ocean Lotus, spam server, hacked home routers, etc […]
1
How to Manually Delete a WordPress Plugin Using FTP
seo-gold.com – December 8, 2019
[…] and someone manages to acquire your Filezilla XML file they have all your login details! I had a server hacked a while ago and reasonably confident they got the login details (they logged directly into site […]

 

Cybercrime Joker Retires With A Reported $2.1 Billion In Bitcoin

The most popular stolen payment card marketplace on the dark web is no more. The criminal behind the Joker’s Stash site, which trades in stolen credit and debit card data, has announced that all servers and backups will be wiped, and the site will never open again. That criminal, who unsurprisingly goes by the pseudonym of ‘JokerStash’ or Joker for short, has shut up shop and is going into retirement. A rather comfortable retirement, assuming Interpol and the FBI don’t catch up with them, with a reported $2.1 billion (£1.5 billion) in Bitcoin.

Joker’s Stash was the biggest of the carding sites on the dark web. Carding being the process of not just selling that stolen card data, but also enabling criminals to launder their illicit cryptocurrency balances. The stolen card data is used to buy gift cards or other easily traded items which are then sold on for cash. In 2019, I reported how a single payment card database, of more than a million market fresh cards in total, was being offered for sale at $130 million (£93 million.)

PROMOTED Jumio BrandVoice | Paid Program Why Enterprises Must Adopt Stronger Identity Verification Methods To Combat Rising Fraud In 2021 UNICEF USA BrandVoice | Paid Program UNICEF Reports: Over 39 Billion Meals Missed Since Schools Shut Down Grads of Life BrandVoice | Paid Program How Reimagining Employment Practices Can Advance Racial Justice

In a January dark web blog posting, the Joker warned customers of the infamous carding site that it would shut up shop for good on February 15. However, according to financial crime compliance blockchain analysis specialists Elliptic, the site went down on February 3.

As you might imagine, this will not have pleased those customers who thought they had 12 more days to cash out their crypto balances. Although it hasn’t been possible to determine exactly how much money these cyber-criminals may have lost, the reverse is not true: Elliptic analysts have calculated the size of the Joker’s retirement pot based on incoming crypto payments to the Joker’s Stash wallet. MORE FOR YOU

Why Huawei’s New Update Is Seriously Bad News For Android UsersWhatsApp Users Suddenly Get This Surprise New Boost From FacebookHuawei’s Striking New Billion-Dollar Gamble Targets Apple, Google (And Tesla)

How big a pension has Joker built up through this criminal enterprise since it started operating in 2014? Elliptic said that, in 2018 alone, $139 million (£100 million) in sales went through Joker’s Stash, by way of example. More recently, revenues dropped significantly as payment card fraud detection technology improved. However, more than $400 million (£288 million) flowed through the site between 2015 and 2021.

Joker’s Stash made its money by charging deposit fees for converting Bitcoin to a dollar balance and also through taking a commission on all trading in stolen cards. Although that commission rate cannot be pinned down precisely, Elliptic analysts based their calculations on an average of 20% as seen at other carding operations.

“If we assume an average total commission of 20% on sales,” Elliptic wrote, “then considering bitcoin alone they would have taken a total of at least 60,000 bitcoins.”

Or, to put it another way, around $2.1 billion (£1.5 billion) currently.

Which leaves the departing statement from the Joker with the irony volume turned up to eleven. After telling cyber-gangsters not to “lose themselves in the pursuit of money,” the Joker went on to declare that “all the money in the world will never make you happy and the “most truly valuable things in this life are free.”

That’s easy to say when you have so much cash, regardless of how you came by it.

Maybe the pandemic played a role in both the site closure decision and that display of sentiment. In October 2020, Joker disclosed to customers that he, or she, had been in hospital for a week after contracting Covid-19.

Whatever, Joker’s Stash is no more and that’s a good thing for the law-abiding majority. Unfortunately, the way of the dark web world is that another carding site will soon rise to take over as the crypto kingpin of this illicit trade. Although this particular cybercrime genre has dipped in terms of profitability over the last couple of years, there is still, sadly, plenty of money to be made. Maybe not as much as the Joker’s Stash, but more than enough to make a mockery of the old saying that crime doesn’t pay. Especially as it would seem, based on current intelligence at least, that the site wasn’t busted by law enforcement but closed of its own volition. The last laugh would seem to be with the Joker.

Follow me on Twitter or LinkedIn. Check out my website

Davey Winder

Davey Winder

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

.

Texas Hold Em Poker Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] about: Texas Hold Em Poker In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Kid Friendly Hotels In Las Vegas Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Hotels In Las Vegas In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]0

Who Played In The Movie Casino Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Played In The Movie Casino In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Industry Voice: ESG&D – Why digital ethics matter for the tech sector http://www.investmentweek.co.uk – Today[…] Online welfare cuts across so many industries, from online gambling to social media and video gaming, that it is one of the most crucial issues companies face i […]0

Online Casinos New 2020 Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Online Casinos New 2020 In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

New 2021 Jun Casinos Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] New 2021 Jun Casinos In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Net Worth Of Magic Johnson Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Net Worth Of Magic Johnson In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

ASA Reports Drop in Number of Gambling Ads Breaking Age Restrictions igamingradio.com – Today[…] Standards Authority (ASA) has reported a fall in the number of breaches of age restriction by online gambling ads […]0

Casino Rewards Members+ Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Casino Rewards Members+ In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Lotto Corp Most Reputable Online Casinos Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Reputable Online Casinos In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Online Casinos That Accept Mastercard Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] That Accept Mastercard In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Canadian Casino Bonus Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Canadian Casino Bonus In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Online Gambling Casinos That Are Giving Out Good Promos Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Information about: Online Gambling Casinos That Are Giving Out Good Promos In Canada, there is currently no law that makes it illega […] Are Giving Out Good Promos In Canada, there is currently no law that makes it illegal to operate an online gambling site […]0

Top Best Casino Online Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Top Best Casino Online In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

No-risk Matched Betting Canada Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Matched Betting Canada In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

How To Play Slots Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] about: How To Play Slots In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Casino App Real Money Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Casino App Real Money In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

What Can I Get Eith Caesars Good Casino Card Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Caesars Good Casino Card In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Casino Canada Fast Payout Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Casino Canada Fast Payout In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Real Money Casino Games Bufflalo Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Casino Games Bufflalo In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

PGA championship 2021 betting review | Online Casino | Online Casino Slots | Casino Slots Review | Sports Betting | Sports Betting Review -Jackpotbetonline.com http://www.jackpotbetonline.com – Today[…] Tags: bet, bet online, gambling, golf, sports bettingN/A

Free Slot Games Free Spins Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Free Slot Games Free Spins In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Big Fish Casino How To Win Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Big Fish Casino How To Win In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

New Casino Online Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] about: New Casino Online In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Roulette Strategy That Works Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Strategy That Works In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Good Fortune Casino Game Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Good Fortune Casino Game In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Is 888 Poker Legit Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] about: Is 888 Poker Legit In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Best Casinos Canada List Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Best Casinos Canada List In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Casino In Moncton Is Opening When Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] In Moncton Is Opening When In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]0

Popular Casino Sites Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Popular Casino Sites In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

How To Get Out Of Jury Duty Canada Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Out Of Jury Duty Canada In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Casino Paypal Canada Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Casino Paypal Canada In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Baccarat Casino Online Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Baccarat Casino Online In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Top Payout Casinos Online Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] Top Payout Casinos Online In Canada, there is currently no law that makes it illegal to operate an online gambling site […] to this, there is no current federal law prohibiting Canadian residents from taking part in online gambling at any Canada casino […]N/A

Help For Gambling Addiction Canada – Best Online Casinos Canada http://www.webandluxe.com – Today[…] If a player is willing to put in the time and research the best online gambling sites, then they could find a ton of information on websites such as Unlucky for Some and CaVemate […] For Gambling Addiction In Canada….

Take These Small Steps to Stop Cyber Attacks From Creating Big Problems for You

At a time when remote work and its increased security risks have become the norm, ongoing difficulty in safeguarding corporate networks suggests that the status quo isn’t working. That’s why IT security teams are moving from a passive to an active approach. The MITRE Corporation (a nonprofit that manages federally funded research and development centers) recently introduced its Shield framework, in which it clearly states that active defense is critical in overcoming today’s threats. Business leaders who know the latest strategies and recommendations place their companies in a strong position to remain secure.

Related: The How-To: Protecting Your Intellectual Property As A Small Business

The concept of active defense

Shield is an active defense knowledge base developed from over a decade of enemy engagement. With it, MITRE is trying to gather and organize what it has been learning with respect to active defense and adversary engagement. This information ranges from high-level, CISO-ready considerations of opportunities and objectives to more practitioner-focused conversations of the tactics, techniques and procedures defenders can use. This latest framework is aimed at encouraging discussion about active defense,  how it can be used, and what security teams need to know.

Defining active defense

Active defense covers a swathe of activities, including engaging the adversary, basic cyber defensive capabilities and cyber deception. This entails the use of limited offensive action and counterattacks to prevent an adversary from taking digital territory or assets. Taken together, these activities enable IT teams to stop current attacks as well as get more insight into the perpertrator. Then they can prepare more fully for future attacks.

As MITRE notes, the modern security stack must include deception capabilities to truly deter and manage adversaries. In Shield’s new tactic and technique mapping, deception is prominent across eight active defense tactics—channel, collect, contain, detect, disrupt, facilitate, legitimize and test—along with 33 defensive techniques.

Related: Cybersecurity Implementation And Future Strategies For Enterprises

The truth about deception

Threat actors are targeting enterprise networks nonstop, anyone from nation-state attackers seeing proprietary information to more run-of-the-mill criminals looking to cause chaos and obtain some PII they can exploit. Analysts estimate that critical breaches of enterprise networks have increased by a factor of three to six, depending on the targets.

As leaders consider their security strategy,  they need to not only understand what active defense means but also what deception actually is. A prevailing misconception is that deception is synonymous with honeypots, which have been around for a long time and are no longer effective. And to make them as realistic as possible requires a lot of management so that if attackers engage with a honeypot, they won’t be able to detect that it is not a real system and therefore know they’re in the middle of getting caught.

So, it’s time to clear up that notion. In truth, deception technology and honeypots are not synonymous. That’s how deception began, but it has evolved significantly since then. Today’s deception takes the breadcrumb/deceptive artifact approach that leads attackers on a false trail, which triggers alerts so that defenders can find and stop the attackers in real time. Only unauthorized users know the deceptions exist, as they don’t have any effect on everyday systems, so false positives are dramatically reduced. These aspects of deception technology add financial value to the IT security organization.

In addition, some organizations wrongly perceive that deception is too complex and yields comparatively little ROI. Security organizations could enjoy the benefit of using deception technology – which is lightweight and has a low cost of maintenance – but some are hesitant because they think it’s an overwhelming, complex approach that they won’t get enough value from. However, using technology assists like automation and AI, deception eliminates the complexity it has been previously known for.

Organizations tend to think of deception from a technology standpoint, but that’s wrong; it should be thought about from a use case standpoint. For instance, detection is a fundamental element of any security program. Everyone needs better detection capabilities – part and parcel of what today’s deception tools do.

A stronger defense

As cybercriminals’ tactics and tools continue to change, so must defenders’. An expanded threat landscape and new attack types make this job tougher than ever. Many organizations around the world were thrust into rapid digital transformation this year, which created security gaps for bad actors to exploit. The events of 2020 highlight the need for a better approach to securing critical assets. Active defense is part of that approach, as outlined in the MITRE Shield framework. Deception technology is an agile solution worthy of incorporation into an organization’s security strategy.

Related: 5 Types of Business Data Hackers Can’t Wait to Get Their Hands On

Source: https://www.entrepreneur.com/

.

Global Business

How To Go Global With Your Business

How a brand can prepare to go global and what they should consider before setting foot across the sea. Chris Porteous | 6 min read YouTube

Buy on YouTube? The platform is testing a sales tool

By clicking on the “super bag”, users will be redirected to a purchase page where the products, related videos and sale options will be located. Entrepreneur en Español | 1 min read Blue Origin

Jeff Bezos wants to send passengers into space in April: report

Blue Origin, the Amazon co-founder’s space exploration company, would take people into space on its New Shepard ship. Entrepreneur en Español | 1 min read How to Become a Millionaire

Survey: The Top 9 Books Recommended by Millionaires

So you want to be a millionaire? Start reading like one. Hayden Field | 1 min read Marketing

4 trends that will mark digital marketing in 2021

One of the biggest challenges advertisers and media will face in 2021 is being able to communicate with consumers and transact effectively in a cookie-free world. Entrepreneur en Español | 5 min read Success Stories

Mike Ling Came to America to Study Medicine. Now He Runs a Successful Fitness-Tech Company. It All Came Down to Passion.

The 43-year-old FitTime founder sheds light on how a plant-based diet, meditation and Jiu-Jitsu helped him become sturdier and more successful. Kenny Au | 6 min read News and Trends

Will I Get a Stimulus Check? What You Need to Know About the Second Round of Payments.

Here’s what you need to know about stimulus check payments. Megan Pratz | 6 min read News and Trends

Taco Bell Is Working With Beyond Meat to Create a New Plant-Based Protein

Another kind of not-meat is coming to Taco Bell this year. Igor Bonifacic | 2 min read News and Trends

Instacart Offers Employees $25 to Get COVID-19 Vaccine

Eligible workers won’t have to choose between earning income and getting vaccinated. Stephanie Mlot | 2 min read

.

Ben Lovegrove

How to protect yourself against cyber attacks during an age in which we all have to be educated and vigilant at home and at work. Download your copy of Roboform Password Manager for personal and business use: http://ow.ly/o1A530qhvNa In this video I describe some ways in which you can protect yourself and your assets against cyber attacks. It’s not an exaggeration to state that we are in the midst of an epidemic of cyber crime. Even if you take the reported cases at face value it’s bad enough but there are reasons to suspect that the actual situation is much worse because so much is not reported. The police are under resourced, investigations are complex, and consequently the criminals feel empowered to continue and to step up their attacks.

So the onus is on us as individuals and business to strengthen our defences and to mitigate the risks by taking the essential precautions. Some of these tips may seem obvious and yet it’s amazing how many people fail to act on this type of advice. 1: Use strong and unique passwords. Yes, I know, logging in (and clicking away the cookie notice) is a pain but it can be semi automated with a good password manager. I’ve used Roboform for years (see link below) and it includes a tool that will generate cryptic passwords containing a mix of numbers, symbols, and letters in upper and lower case. These are stored in an encrypted file which is synchronised across all my devices; PC, laptops, mobile phones. You should use long, unique, and cryptic passwords of 12 characters or more for everything that requires you to log in – not just your pension account or favourite shopping site, but also the broadband router on your home network – everything. If the log-in process includes the option to send a passcode to your mobile phone then enable it and use it. 2: Be aware of data breaches and react to them. Even with a strong password your details may be compromised if a company fails to protect their network and thieves hack in and steal data. If you see any such reports in the press check to see if you have an account with the company and if you do, change your passwords immediately. This won’t stop you details being sold on the Dark Web but it will prevent anyone from using your now compromised password. Meanwhile, remain vigilant for any calls, mails, or other signs that your identity is being used by a criminal. Continued in the video…

My recommended products on Amazon.com: https://www.amazon.com/shop/benlovegrove My recommended products on Amazon.co.uk: https://www.amazon.co.uk/shop/benlove… My YouTube Channel Information: Subscribe to my channel: https://goo.gl/FhzGmn My most recent upload: https://goo.gl/ujZ7ms My most popular upload: https://goo.gl/ThKf7y My Playlists: Flight Training, Private & Commercial Pilot: https://goo.gl/EuD7wt Learn To Fly, Get Your Pilot’s Licence: https://goo.gl/6Z6h6P General Aviation: https://goo.gl/p8MLZY Aviation Careers: https://goo.gl/bhZWXL Career Training & Business Tools: https://goo.gl/rh9P46 My Social Media Links: Twitter: https://twitter.com/BensBookmarks Instagram: https://www.instagram.com/ben_lovegro… Facebook: https://www.facebook.com/redspansolut… My Secrets Revealed: I create these videos using Vidnami: http://ow.ly/lu1e30qRlhC I optimise these videos using TubeBuddy: http://ow.ly/x7yH30qRlhU Contact me: Go to my channel homepage and click on the About tab to reveal my email address: https://wwww.youtube.com/c/benlovegrove Show your support: Sponsor more videos like this: https://www.patreon.com/redspan Consider leaving a tip: https://paypal.me/redspan Bespoke videos made for you: https://goo.gl/22u4R6 Acknowledgements: This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images & attributions: https://app.contentsamurai.com/cc/734825 This presentation may also include video clips licensed under the Creative Commons Zero (CC0) license and/or video clips of our own.

%d bloggers like this: