Entries with tag cybercrimes.

European ATM Vulnerability Lets Crooks Cash Out

Interpol has discovered a vulnerability in cash machines that criminals can leverage to steal money. The international law-enforcement agency says it is investigating the matter and alerting countries in Europe, Latin America, and Asia that hackers have targeted. Security vendor Kaspersky Lab, which discovered the hack, says infected ATMs can be prompted to dispense 40 banknotes without a card simply by entering a series of digits on the keypad. Hackers infect machines with Tyupkin malware via a boot CD. They can then selectively unlock compromised machines and let hired thieves withdraw specified amounts of money. The cash is taken from the ATM’s store of money and not from a customer’s account. ATM security is notoriously weak and badly needs upgrading, according to Kaspersky. (BBC)(Kaspersky Lab SecureList)


Worldwide Law-Enforcement Operation Targets Malware Ring

The creators, users, and sellers of Blackshades malware in about 20 countries were the target of a two-day, multinational operation initiated by the US Federal Bureau of Investigation; coordinated by Eurojust, the European Union agency dealing with judicial cooperation in criminal matters; and supported by the European Cybercrime Center at Europol, the EU’s law-enforcement-intelligence agency. About 90 people were arrested in connection with the investigation, conducted by police in countries such as Austria, Belgium, Canada, Denmark, Estonia, Finland, France, Germany, Italy, the UK, and the US. Investigators seized about 1,100 data storage devices—including computers, routers, external hard drives, and USB memory sticks—as well as cash, firearms, and drugs. Attackers used the Blackshades remote access tool to infect about 700,000 computers in about 100 countries. It is inexpensive malware that lets hackers remotely control a computer, access documents, monitor keystrokes, download files, and turn on webcams. (Telegraph)(Help Net Security)(The Associated Press)(National Crime Agency)

Spanish Police Arrest Eight in Connection with Global Cyberheists

Spanish law-enforcement officials have announced that they arrested eight people suspected to have helped steal about $60 million from banks worldwide. The six Romanians and two Moroccans who were arrested on the outskirts of Madrid are alleged to have been part of a network that hacked into credit card processing firms, stole information, and used it to withdraw money from ATMs. Police reported they seized €25,000 ($34,450) in cash as well as roughly 1,000 blank credit cards, computer equipment, jewelry, and other goods. These suspects allegedly made 446 withdrawals totaling €285,000 ($392,700) in February using cloned payment cards at ATMs throughout Madrid plus another €68,000 ($93,700) in December 2012, according to the Spanish Interior Ministry. The hackers were reportedly controlled by a single person, an IT expert who was arrested in Germany. The Spanish police stated they were assisted by an unnamed US security agency. “The arrests are one of the biggest breakthroughs yet outside the United States in connection with a series of global bank heists, coordinated across numerous countries by cells which withdrew millions of dollars in a matter of hours,” according to Reuters. (PC World)(Reuters)

British Citizen Charged in Numerous US Hacking Incidents

US officials have charged a UK computer hacker with breaching thousands of computer systems, including US military and government networks, and stealing confidential data. They charged Lauri Love, 28, with one count of accessing a federal agency’s computer without permission and one count of conspiracy. US attorneys filed their case in New Jersey, the location of one of the servers that Love allegedly used. Love was arrested on 25 October in the UK. Between October 2012 and October 2013, Love and others allegedly placed back doors in networks they breached, which allowed them to re-enter and take data. They reportedly hacked networks including those run by the US Department of Defense’s Missile Defense Agency, the US Army Corps of Engineers, NASA, and the Environmental Protection Agency and allegedly took budget information and personal data on military and government personnel. Love faces US and UK charges related to other incidents. (Reuters)(Associated Press @ Washington Post)

Digital Cash Exchange Takedown Hurting Criminals Worldwide

The takedown of a Costa Rican-based digital cash exchange has caused “pain” to the criminals who used the virtual currency service to launder money, according to the US District Court for the Southern District of New York, which named its founder, Arthur Budovsky, and five co-conspirators in the allegation. Users of the service could anonymously exchange funds without requiring their identity to be verified. In addition to seizing the operation and its domains, law enforcement officials seized or restricted the activity of 45 bank accounts. Brian Krebs, a security expert who publishes Krebs on Security, told the BBC he had seen comments posted on crime-linked restricted access forums suggesting many criminal enterprises had suffered “steep losses” as a result. Liberty Reserve, as described  in the unsealed indictment published Tuesday, was “a financial hub of the cyber-crime world, facilitating a broad range of online criminal activity, including credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking.”  The federal indictment also stated “Because virtually all of liberty reserve’s business derived from suspected criminal activity, the scope of the defendants’ unlawful conduct is staggering.” Prosecutors estimate that between 2006 and May 2013 the organization laundered more than $6 billion in criminal proceeds, making it “the bank of choice for the criminal underworld.” Of the seven individuals charged in the case, Budovsky was arrested in Madrid, Spain; four others named have been arrested and two more individuals are being sought by law enforcement in Costa Rica. The charges against them, in addition to conspiracy to commit money laundering, include conspiracy to operate an unlicensed money-transmitting business, and operating an unlicensed money-transmitting business. The money laundering count carries a maximum sentence of 20 years in prison; the other two charges have a maximum sentence of five years each. The federal attorneys note Liberty Reserve did have legitimate users, primarily outside the US, who used it as a PayPal alternative for transactions. (BBC)(The New York Times)(Krebs on Security)

Hacker Network Steals Millions from ATMs

A sophisticated, global hacking network committed a series of thefts from ATMs in two dozen different countries -- including the United States, Japan, Russia, Romania, Egypt, Colombia, Britain, Sri Lanka, and Canada -- that netted the criminals $45 million. Officials arrested seven people in the US in connection with the thefts, which a dozen law-enforcement agencies worldwide have been investigating. Law-enforcement officials said the network’s leaders deployed operatives operating in cells in 27 countries, including this group in the US. According to authorities, the hackers infiltrated the databases of two Middle Eastern banks. They then reportedly eliminated withdrawal limits on prepaid debit cards and created passwords for the accounts. They then allegedly loaded the stolen account information onto plastic cards—including even old hotel key cards or expired credit cards—with a magnetic stripe. The hackers then reportedly coordinated the use of these cards with the different cells or groups of “cashers” they set up to quickly withdraw funds from various ATMs. Those cells retrieving the cash took their cut, laundered the money, and sent it in the form of goods or cash to the network’s leaders. In the first operation, the hackers took $5 million. In the second operation, officials claim that within 10 hours, the hackers took $40 million in a series of 36,000 transactions. They made 40,500 withdrawals overall in the two different operations. Security experts say the problem is that many banks and merchants in the United States use cards with magnetic strips rather than those with chips that are difficult to duplicate. Investigators say the suspects from the US cell are US citizens originally from the Dominican Republic living in Yonkers, New York, and face charges of conspiracy and money laundering after allegedly stealing $2.8 million. (CNBC)(The Associated Press @ The Telegraph)(Reuters @ NBCNews)(The New York Times -- 1) (The New York Times -- 2)(The Los Angeles Times)

Showing 6 results.