Brazilian security firm Tempest has investigated recent darkweb auction-rooms of so-called “InfoSec Army.” The data sold was extracted from various Brazilian corporations, financial groups, and small businesses. Tempest estimated a total profit of $320 thousand in bitcoins by the end of August 2018:

“Some databases would have been sold on the InfoSec Army in trading sessions with more than 700 bids and the most valuable base would have been sold for six bitcoins. The forum contained the date and time of the trading sessions and information about each of the items for sale. Already the reverse auction happened Telegram froups.

The InfoSec Army page was taken off the air in August 2018; however, among the data for sale were users and passwords, administrative access to attacked environments, copies of documents, source codes, emails, images, and even complete databases. These archives can be combined with several others and used in different scams like opening accounts, extortion, or performing fraudulent transactions.

Vendors gave detailed descriptions of the ways they used to steal the data. Some evidence and samples were also offered so that buyers could validate the data.

In one case, the attacker says he bought access to a control panel with more than 2000 zombie computers. Investigating these computers, he arrived at the workstation of an employee of one of the companies that had the data stolen. From this station the attacker was able to move around the network, identify outdated systems and obtain administrative access to the domain controller, from where it was possible to access any computer on the network,” declared Tempest.

Although Brazil has been taking significant steps in the right direction in regards to cybersecurity, such attacks persist in Brazil. A 2017 study from Norton Cyber Security indicated that Brazil is the second highest cyberattacked country, affecting 62 million people, and costing $22 billion. Coincidentally, the data auction took place just a few weeks after The Brazilian Army’s Cyber Defense Command executed an unprecedented military and civilian exercise at Fort Marechal Rondon, Brazil, between July the 3rd and 6th, 2018. However, the markets are hopeful that the new president-elect Jair Bolsonaro will maintain his strong anti-corruption beliefs in hopes of cleaning the internet of crime as well.

SOURCE:

https://www.scriptbrasil.com.br/vida-digital/hackers-leiloando-dados-deep-web.html

https://dialogo-americas.com/en/articles/brazilian-army-conducts-unprecedented-cyberdefense-exercise

Back in June of 2017, famous soccer player Lionel Messi wanted a secure wedding where no information could leak out from the party premises. Fernando Villares from the InteliX Ingeniería company was in charge of security at the wedding and succeeded in isolating the perimeter from the outside world by using free software and tools. Most interestingly, the guest were all carrying phones.

During the VoIP2Day 2018, held a few weeks ago in Madrid, there was a conference given by Fernando Villares entitled “Security is not a game, football YES,” where he explained his methodology.

It all started when Fernando found a reward of the equivalent of $12,500 in bitcoin on the dark web for the guest list and other information about Messi’s wedding. He reached out to Messi through the wedding organizer Adrián Pavía, who is also a common friend, and ended up working for Messi as no cybersecurity was in place for the event what so ever.

First of all, the City Center casino hotel in Rosario, Argentina was open to the public the previous days. The venue would have to be prepared for a private party with a large number of athletes, models, employees, suppliers and organizers, and some €1,7 million in insurance money.

Although there was a confidentiality agreement and a prohibition to introduce telephones in the area, another contractual clause prevented the organizers from confiscating any phones. Besides, no enforcement of the rule was viable anyway taking into consideration the VIP-status of each guest. Furthermore, the medium consisted of various signal waves, Bluetooth connections, extensive computer equipment, lighting and sound systems, external threats such as drones, paparazzi etc. So, Fernando had to anticipate all the aforementioned in his security model. The solution, therefore, was to prevent communications without interfering with the event equipment.

The first step of the operation consisted of a physical examination of the area in which a hidden camera was found. Secondly, an Open Source Intelligence study was carried out on the guests, suppliers, and staff. Finally, the team analyzed both the radio spectrum with simple Digital Terrestrial Television cards, encrypt all computer assets, and train key employees with access to sensitive information employees with access to sensitive information.

More precisely, the devices were encrypted with the TLS cryptographic protocol and SRTP profiles, disposable SIM cards were also used, and inside communication was made through Telegram and walkie-talkies encoded on VHF frequencies.

When all of the internal security systems were in place, the team decided to implement an informational “bunker” by asking the authorization of the Ministry of Justice to use equipment capable of blocking the frequencies of GSM 2G, 3G, 4G and WiFi 2.4 and 5.8 GHz frequencies, and as a consequence, Bluetooth and DECT cordless telephones. It was for the first time such efficient security measures were set in motion at a civic event in Argentina.

As post-event precautions, the squad had a global detection system to see in real time if something was leaking, as well as bots on social networks that searched for keywords. They also had established a wired zone for the use of its digital transmitters by the television channels, so that if they left it, they lost the signal.

The mission was a success, and no unwanted photos or videos came out of the event. As a fun fact, some media outlets accused the security experts of working for Israel just because the team used the keyword “Mossad.”

Source:

https://www.xatakamovil.com/seguridad/asi-se-blindaron-comunicaciones-boda-messi

 

Multiple instances of ongoing e-mail phishing to Amazon, Paypal, and Sparkasse clients have been registered in the past days. Currently, the hackers are creating e-mails that ask consumers to enter their data on false claims and pretexts, as reported by the consumer center of North Rhine-Westphalia.

One e-mail falsely claimed that the legislation has changed due to Brexit, therefore requiring the user to relog personal information or credentials. This particular e-mail sent on 6th of December had an overdue deadline for the end of November. More precisely, hackers would also involve a submission deadline in their e-mail in order to induce psychological pressure on the victim. All of which is tied with a false claim o pretext. For example, invoking newly-passed legislation such as the recent EU data protection regulation, or a significant change in company policy, or similar vague excuses.

Internet users should have anti-viruses installed on all devices and should pay attention to fine details that unravel phishing traps. Things to look out for include the absence of the “https,” spelling and grammatical errors, unclickable brand logos, and unnatural link redirections or forms. One must take into account that the creators are getting more and more sophisticated and experienced, so nothing is foolproof. Users should exert caution and skepticism at all times.

The financial group Sparkasse asks everyone to forward any suspicious e-mails to “warnung@sparkasse.de” and then delete them.

Phishing example:

Sources:
https://www.verbraucherzentrale.nrw/wissen/digitale-welt/phishingradar/phishingradar-aktuelle-warnungen-6059

As anticipated by activists claiming to be Anonymous on the internet, 8th of December has been a full day of attacks and hacks on French entities. Mostly a couple of public websites have been down because of DDoS attacks, and more severely, the release of sensitive personal information of 1400 civil servants of the French Republic.

Security expert Damien Bancal has been updating the public through social media about the doxing and continuous cyber attacks.

Around noon of 8th of December 2018, journalist Damien Bancal found traces of a list containing the names, e-mail, and phone numbers of 1400 French public servants, including the Ministry of Justice. The authors, who claim to support the Yellow Vests, are trying to spread the list as widely as possible to further cause instability. It has been indicated that the hacking group might have anarchist beliefs.

When asked about the validity of the list, Damien replied:

“In my opinion, this does not come from a ministry. The data looks credible, but it’s impossible to know at this time whether this list is from last week or a year ago.”

According to the expert, the groups are trying to disseminate as much chaos and fear through the leaking of personal information.

The second part of the day brought about several cyber attacks which resulted in the crashing of several institutional websites. In order of crashing: The Bank of France, The Ministry of Culture, The Cohesion Territories, The National Security Agency of Information Systems, and The Artisanal, Commerce, and Tourism website.

Commercial companies such as Total or Saint-Globe have also taken a hit. Even the DynDNS website went under heavy strokes of DDoS initiatives.

The majority of such attacks were committed using the help of two pieces of software available on the clear net. More precisely, hping3 and Loic. Hping3 is a network program able to send custom TCP/IP packets and to display target replies, while Loic (Low Orbit Ion Cannon) is also an open-source software written in C# capable of generating massive network traffic and analyzing responses. These programs are used by motivated groups to commit cyber attacks and are accessible to anyone online, legally. More software names include HOIC, XOIC, HULK (HTTP Unbearable Load King), R-U-Dead-Yet, DDOSIM—Layer 7 DDOS Simulator, etc.

Many hackers are mobilizing for another wave of attacks on 8th of December against French institutions and companies. A first wave was committed on 3rd and 4th of December.

Activists advertising themselves as Anonymous collective members called for mobilizations on Twitter, Reddit, Telegram, and Internet Relay Chat against Carrefour, Total, EDF, Orange, La Française des Jeux, and especially government sites, the National Police, and media posts like TF1 and BFM.TV. They claim that such entities are worth attacking because they’re acting against the interest of the people.

Anonymous France denies any involvement in a video posted on YouTube:

“This commendable fight has been hijacked by left-wing and right-wing extremists, which we deplore given the violence.”

The cyber-intelligence teams of the American company FireEye observed attacks on at least five French institutional websites: the French social welfare collection agencies, the Ministry of Justice, the Université Paris- South, the University of Lorraine, and the Franco-American Foundation. The primary method used was distributed denial of service (DDoS) attacks which consists of traffic overloading from different sources in the hopes of crashing the website.

David Grout, the FireEye expert who detected the first cyber attacks, said the perpetrators are “classic” hacker groups, formed well before the Yellow Vests movement:

“The cyber attacks were first claimed by anti-Israeli and pro-Erdogan hacktivist groups, and hackers claiming Anonymous, French-speaking hacktivists, then came forward, not ‘yellow vests’ but hackers who have decided to support the ‘Yellow Vests’ by attacking institutional sites.”

When asked about his opinion on the motivations of the hackers, David Grout responded:

“The common thread between hacktivists in general and ‘yellow jackets’ is their anti-establishment. A social movement the size of that of ‘Yellow Vests’ is an opportunity for them to strike a big blow,” believes the cyber analyst.

France is bracing itself for yet another hot day of protests and threats. Most probably, the attacks are going to consist of DoS or DDoS initiatives. Propaganda messages are also to be expected against the French establishment which seems to unite both the Yellow vests and the hackers.

Source: https://www.latribune.fr/technos-medias/internet/des-hackers-soutiennent-les-gilets-jaunes-et-annoncent-le-chaos-le-8-decembre-800353.html

Operation Green Heart, launched on 19th of November 2018,  has come to an end. Mandated raids were executed across 13 European countries in 300 apartments and resulted in the arrest of 235 people. The majority of the interventions were executed between the 3rd and 6th of December 2018.

The EUROPOL-coordinated operation was possible thanks to the arrest in June 2018 of a significant counterfeit money printer from Leoben, Styria, Austria. The 33-year-old man is estimated to have sold over half of million euros over the darknet, especially in Europe and the Alpine countries. Most interestingly, the banknotes displayed a type of Chinese hologram. The tickets were produced in fifty, twenty, and ten euro notes.

“Green Heart” operation was named after the Austrian federal state of Styria located in the central part of the country, similar to that of a heart. As poetic as it may seem, the raids weren’t at all. It involved hundreds of officers, months of intel gathering and sharing across international intelligence agencies, and resulted in the mandated raid of 300 apartments across Europe: 180 searches were carried out in Germany, 28 in France, 20 in Italy, 20 in Austria, as much in Spain, and others in Croatia, Cyprus, Finland, Ireland, and the Netherlands.

In Germany, searches were carried out on more than 160 suspects in all federal states. Just this Wednesday, 5th of December 2018, four suspects were arrested in Offenbach for buying and selling counterfeit notes. More noteworthy is the arrest of three suspects in Unterföhring, Bavaria who had previously purchased the equivalent of 100 thousand euros in fake money from Naples and brought them back to Germany.

Austria also witnesses multiple arrests. One of which involves a 21-year-old worker who bought fake euro notes to purchase marijuana off the streets.

Spain also saw the detention of 18 people throughout the state. The Spanish National police confiscated 15 thousand fake euros. Spanish law enforcement got tips from both EUROPOL and FBI.

France is one of the most affected countries of counterfeit money trafficking. This week in Montpellier, an ex-veteran wanted for robberies in the 90s, alongside two younger drug sellers were arrested with a total of 1 thousand fake tens, twenties, and fifty euro banknotes.

SOURCES:

https://www.europol.europa.eu/newsroom/news/eu-wide-action-against-buyers-of-counterfeit-money-darknet

https://www.op-online.de/offenbach/falschgeldhandel-darknet-vier-offenbacher-verdaechtigt-10827774.html

http://www.nordbayern.de/region/neumarkt/darknet-bluten-lka-findet-falschgeld-in-der-region-1.8384556

https://www.vilaweb.cat/noticies/desmantellada-una-xarxa-de-distribucio-de-bitllets-falsos-adquirits-amb-bitcoins/

https://www.krone.at/1822451

https://www.sueddeutsche.de/muenchen/kriminalitaet-falschgeld-razzia-darknet-1.4243912

https://www.midilibre.fr/2018/12/07/vente-de-faux-euros-sur-le-dark-net-arrestations-a-montpellier-et-dans-les-po,5005215.php

https://www.lavozdeltajo.com/noticia/35589/castilla-la-mancha/detenidas-18-personas-dos-en-clm-por-distribuir-dinero-falso-adquirido-en-la-darknet.html

https://www.aldia.cat/gent/noticia-successos-detingudes-18-persones-per-distribuir-diners-falsos-adquirits-darknet-20181207161555.html

https://www.br.de/nachrichten/bayern/geldfaelscher-durchsuchungen-auch-in-unterfranken,RBYMqC6

A 21-year-old Austrian worker from the district of Scheibbs was convicted of two months in prison, 18 months of house arrest, and three years of drug and gambling counseling over multiple counts of fraud, drug use, and theft.

The Regional Court of St. Pölten gave a somewhat relaxed sentence to the young man upon hearing a full confession from the defendant, represented by attorney Martin Engelbrecht. The case in which the 21-year-old was involved could’ve carried a maximum sentence of 10 years.

Gambling addiction and drugs, predominantly cannabis, would have tempted the young man in 2014 to order 30 banknotes of twenty euros for the low sum of 120 real euros. In 2018 he ordered 20 banknotes of fifty euros and tried to pay a bar bill with some of the fake money. The attentive bartender recognized the counterfeit cash and called the police.

Following his arrest and trial, the defendant decided to admit to every wrongdoing from his past. He confessed to having found and stole the wallet of a guest at his workplace, breaking-and-entering into his employer’s office in June of 2016, buying marijuana with dark web fake euros, paying for products and services with counterfeit money, and commercial fraud against two acquaintances and a computer online retailer for a total of just under 10 thousand euros. The comprehensive and sincere confessions convinced the jury of his remorse and decided to judge him on the forgiving side.

On top of his sentence, the culprit has to pay back 8,450 euros to the two acquaintances that he had tricked into giving him money with the pretext of investing them into an allegedly successful bitcoin business. He also has to pay back 450 euros to an online computer retailer for the unpaid purchase of a computer. A device that was ultimately re-sold by the defendant for the sum of 400 euros. The court added 250 euros to be paid to the shipping company which also incurred expenses.

Source and photos: https://www.meinbezirk.at/scheibbs/c-lokales/scheibbser-bezahlte-hanfblueten-mit-euroblueten_a3085569#gallery=null

 

Shin Bet is Israel’s internal security service which decided to recruit volunteers to fight against the so-called “White September” (WS) deep web terrorist group. The Israeli government fears real-life terrorist attacks and claims that the group is financed by Iran and Hezbollah.

The initiative follows a recent and growing trend among official institutions to seek the help of civilian volunteers. The practice is growing in popularity because of its success in the United Kindom and the Netherlands. Adjacently, a successful trial program “The Xcelerator” developed by the joint Shin Bet-Tel Aviv University Ventures also offered promising results which prompted the Israeli government to move forward with the new strategy.

Its estimated that more than 150,000 people have already accessed the website, but only two have solved the requested challenge. The test verified the candidate’s familiarity with advanced technology, both hardware, and software. Subsequently, the successful candidate will have the possibility of entering an “incubation” program that will transform the initial candidate into a specialized security service. Basically, the incubator is designed for early-stage entrepreneurs with technological potential but who aren’t necessarily experienced in security.

More so, seeking civilian help comes as a natural and rational strategy against terroristic guerilla fighters that operate underground. The population of Israel is highly motivated and internet-savvy and will prove very helpful for law enforcement. However, more counter-intelligence operations mean more arrests, raids, and a general escalation of violence.

More info can be found on Israelneedsu.com:

“Hello Special Agent A from the Technology Unit of the Israeli Security Agency (ISA)

‘White September’ (WS) is a group of arch-terrorists. They are linked to the global jihadist movement and are financed by Iran and Hezbollah. A few weeks ago, they used the darknet to declare their intention to commit a mega-terrorist attack in Israel. They nicknamed the operation “September 11 Israeli”. These people are very sophisticated and ruthless.

We at ISA have received a tip that some terrorists have already infiltrated the country and our agents have launched an operation to stop them before they can carry out their project.

YOUR MISSION – Identify terrorists, locate them and foil their plans. Your missions have been sent to you via the secure system. The State of Israel needs your help! To enter the system, solve the security puzzle.”

 

SOURCE: https://www.jpost.com/Arab-Israeli-Conflict/Want-to-join-the-Shin-Bet-Try-the-intelligence-agencys-new-challenge-573735

Two German men from the Regensburg and Kelheim areas, 25 and 33-years-old, respectively, were arrested on the 1st and 2nd of December 2018. They’re accused of ordering 1.1 kilograms of crystal methamphetamine from the darkweb. One of the men was caught in flagrant trying to open a marked parcel.

The men placed the order for just over one kilo of the potent drug in the summer of 2018. When officers first caught with their online conversations, the two men were expecting 200 grams. The police officers sent a bait package to the two men and the 33-year-old was caught in flagrant trying to open the parcel. Furthermore, just under 200 grams of methamphetamines were discovered at the culprits’ workplace. They face from 2 to 15 years of prison.

At least in one shipment, the drugs were encased in candles and declared as “soy wax and candles.”

Policemen have secured over more than half a million units of crystal meth in Bavaria over the past eight years. Once a phenomenon only associated with the parts alongside the Czech border, today crystal meth affects almost all parts of Germany, especially the Nuremberg area. The deaths associated with methamphetamine have also increased significantly since 2010, adding up to 100. Over the past eight years, police officers in Bavaria have also discovered a total of 48 illegal Crystal laboratories.

Source: https://L2s.Pet/kqxYzuWM

 

Security researcher VriesHd tweeted, on December the 2nd of 2018, findings that indicate that up to 415 thousand MikroTik routers have been infected with a cryptojacking malware since this summer.

Internet security researchers VriesHd and Bad Packets Report have exposed a doubling in cryptocurrency-mining malware incidents since last year. More precisely, the Latvian router producer MikroTik has had its system compromised by over 16 different malware viruses. Main malware names include Coinhive, CoinImp, and Omine.

Although the majority of infections are registered in Brazil, Iran, India, and Indonesia, the attacks are worldwide. Most of the victims had no security protocol in place for their router. Casual internet users should consider using anti-malware software such as Google OnHub.

The attacks are such a common practice that for example, the Coinhive malware is suspected to have mined 5 percent of all Monero cryptocurrency in circulation. Number estimated by security company Palo Alto Networks.

Extensive article on how to secure your router: https://L2s.Pet/KF2Vmdms