The MoneyTaker group removed overdraft limits on debit cards and took money from cash machines, according to a report by cybersecurity firm Group-IB.

It also stole documentation for technology used by more than 200 banks in the US and Latin America.

The documents could be used in future attacks by the hackers, according to the report.

Group-IB has worked with both Europol and the Russian government to investigate cybercrime.

Kevin Curran, an independent expert and professor of cybersecurity at Ulster University, said the attacks were “as sophisticated as it gets at this moment in time”.

“It really is perfect in some ways,” he told the BBC. “They’re able to compromise systems and then extract all the documents for how a banking system works so that they have the intelligence needed to produce fraudulent payments.”

MoneyTaker – named by Group-IB after the group’s custom malware – has reportedly netted an average of $500,000 in 16 attacks against US companies and $1.2m in three attacks against Russian banks since May 2016.

It also targeted a UK-based software and service provider in December 2016, according to the report.

The Financial Conduct Authority and UK Finance declined to comment when contacted by the BBC.

‘Eliminating their traces’

MoneyTaker avoided detection “by constantly changing their tools and tactics” and “eliminating their traces after completing their operations”, according to a statement from Group-IB.

In its earliest-known attack, the group compromised First Data’s Star network – a debit card processing system used by more than 5,000 banks.

The attackers then removed or increased cash withdrawal and overdraft limits on legally opened credit and debit cards. “Money mules” were sent to withdraw funds from cash machines.

The group used a combination of publicly available tools and custom-written malware to access banking systems – including “file-less” software that is stored in a computer’s memory rather than its hard drive, where it can be more easily detected, according to Group-IB.

In at least one instance, the group used the home computer of a Russian bank’s system administrator to access its internal network, according to the report.

“If someone is targeted by experts, that’s very hard to protect against,” Prof Curran said. “They’re going to persist until they get into the computer.”

Other tactics included changing the servers used to infect banking systems’ networks and using secure sockets layer (SSL) certificates – data files that verify a web browser’s authenticity – that appeared to be issued by big names such as the Federal Reserve Bank.

‘The next targets’

In addition to money, the hackers were also after internal banking system documentation, such as administrator guides, internal instructions and transaction logs, according to the report.

Documentation was stolen during MoneyTaker’s attacks on the Russian Interbank payment system, which operates similarly to Swift. That documentation could be used “to prepare further attacks” on banks using the technology, according to Group-IB.

OceanSystems’ FedLink card-processing system, a wire transfer product used by more than 200 banks in the US and Latin America, was also compromised.

“Banks are increasingly spending more on security, but the hackers only have to find one way in and they have to protect all the ways in,” said Prof Curran.

–

Source: BBC

The post MoneyTaker hackers reportedly steal £7.5m from ATMs appeared first on Citi 97.3 FM - Relevant Radio. Always.

The value of Bitcoin is currently extremely volatile, but at the time of writing, the amount stolen was worth approximately $80m.

The hacked service was NiceHash, a Slovenia-based mining exchange.

It said it was working hard to recover the Bitcoin for its users, adding: “Someone really wanted to bring us down.”

The attack happened early on Wednesday, said NiceHash’s chief executive Marko Kobal. Attackers accessed the company’s systems at 01:18 CET (00:18 GMT). By 03:37 the hackers, whom the company believes were based outside the European Union, had begun stealing Bitcoin.

The theft comes as the price of Bitcoin continues to surge, dumbfounding experts and stoking concerns of a bubble.

High-stakes attacks like this are not uncommon, with several large breaches and thefts hitting Bitcoin and other related services over the past year.

NiceHash is a mining service, a company that pairs up people with spare computing power with those willing to pay to use it to mine for new Bitcoin.

‘Forensic analysis’

Mr Kobal appeared on Facebook Live to address concerns about the hack.

“We have not abandoned you guys,” he said.

He explained that an employee’s computer was compromised in the attack. He added that “forensic analysis” involving local and international authorities was taking place, but did not expand on which specific agencies were involved when asked by the BBC.

The company was heavily criticised by its users who commented in droves on Facebook. Communications were complicated further when a spoof Facebook page for the company was set up and spreading disinformation about the breach.

Security issues involving Bitcoin and other related services are a frequent cause for concern for virtual currency traders.

Other recent controversies involving digital currencies include:

• the firm behind digital currency Tether said that close to $31m (£23.4m) worth of its tokens were stolen
• a “code bug” in Ethereum’s digital wallets being blamed last month for freezing more than $150m worth of Ether, preventing investors from being able to cash out
• a South Korean exchange, Bithumb, saying that one of its employee’s PCs had been hacked in June. Several of its customers reported follow-up scam calls
• another South Korean exchange, Yapizon, being breached in April. Reports have said North Korean hackers are suspected of stealing about $5m worth of funds
• an Israeli crypto-currency trading company, CoinDash, reporting that $7m was stolen from investors in July after its website was breached and an initial coin offering’s contact address altered

–

Source: BBC

The post Millions ‘stolen’ in NiceHash Bitcoin heist appeared first on Citi 97.3 FM - Relevant Radio. Always.

He said most of the attacker’s still rely on poor security habits of the public to succeed in their operations.

Mr Etchi told the GNA in an interview on the side-lines of the Cyber Security Awareness Workshop in Accra that attackers use various exploits to gain access to a computer or an organisation’s network.

He said social media is a great way to connect with people, share ideas and exchange information but the public needed to be aware of the risk factors.

[contextly_sidebar id=”t0gRXPMdnJZLiRTLKIRaUUWcmFWKfA5I”]He said the potential risk of social networking are your personal information may be easily available to others, exposing sensitive company information, losing control of your pictures once they were on the internet and sites may be used to spread malware and malicious applications.

“Social networking is great but consider the impact of posting information, do not post confidential company data or personal sensitive information such as your date or birth or home address,” he said.

He urged companies to get in touch with their Information Technology Company or department once they suspect malware.

On mobile protection, Mr Etchi said the most powerful ways to secure the device was by enabling biometrics.

He urged mobile phone users to only download software from providers they trust, calling on them not to disable the built-in security features and they should avoid sensitive data on their mobile devices.

He said with the growing population and digitisation comes with new risks and vulnerabilities that could undermine progress.

“As the African continent’s economy moves online, citizens and their infrastructure becomes targets for an increasingly professional cadre of cyber criminals,” he added.

Mr Dele Aden, the Managing Director of Delta3 International, said the workshop was to enable participants to learn how to safely protect themselves and their organisations from security risks and possible cyber-attacks.

He said the awareness on the menace is increasing to ensure that everybody would have an idea about the activities of hackers in the system

He said attempts are been made to educate the public to report if they fall victim to hackers, because in the developed world, it was an offence not to report, when you are hacked.

“Hackers share information and ideas on new tactics outsmarting their victims and it was just appropriate to speak about it so others could also learn from it.

The Managing Director said the focus of next year’s workshop would be expanded activities such as how to recover from an attack by hackers, before, during and after.

He said there were several current attacks and hacks, so the workshop would equip participants with the necessary knowledge on how best to enhance cyber security and protect corporate data within their various organisations.

Mr Aden, therefore, called on business owners and individuals to seek knowledge and engage experts on issues concerning cyber security and empower their staff.

Participants were taken through topics like; Introduction to Data and Information Security, Cyber Security Fundamentals, Cyber Security Breaches, Types of Cyber Attacks, Mobile Protection, Social Network Security, Email Security and Critical Cyber Threats.

–

Source: GNA

The post African hackers now using sophisticated approaches – Consultant  appeared first on Citi 97.3 FM - Relevant Radio. Always.

The hackers used the computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices.

The company, Crookservers, had claimed to be based in Oldham for a time.

It says it acted swiftly to eject the hacking team – dubbed Fancy Bear – as soon as it learned of the problem.

Technical and financial records from Crookservers seen by the BBC suggest Fancy Bear had access to significant funds and made use of online financial services, some of which were later closed in anti-money laundering operations.

Fancy Bear – also known as APT28, Sofacy, Iron Twilight and Pawn Storm – has been linked to Russian intelligence.

The group played a key role in 2016’s attack on the US’s Democratic National Committee (DNC), according to security experts.

Indeed an internet protocol (IP) address that once belonged to a dedicated server hired via Crookservers was discovered in malicious code used in the breach

The spies who came in for milk

Early in 2012, Crookservers claimed to be based at the same address as a newsagent’s on an unassuming terraced road in Oldham, according to historical website registration records.

But after a short period, the listing switched to Pakistan. The BBC has seen no evidence the shop or its employees knew how the address was being used or that Crookservers had any real connection to the newsagent’s.

Crookservers was what is known as a server reseller. It was an entirely online business. The computers it effectively sublet were owned by another company based in France and Canada.

The BBC identified Crookservers’s operator as Usman Ashraf.

Social media and other online accounts suggest he was present in the Oldham area between 2010 and mid-2014. He now seems to be based in Pakistan.

Mr Ashraf declined to record an interview, but provided detailed answers to questions via email.

Despite his company’s name, he denied knowing he had had hackers as customers.

“We never know how a client is using the server,” he wrote.

When in 2015 he had been alerted to the hackers, he said, he had acted swiftly to close their accounts.

He said he had also carried out a “verification” process, culling 60-70% of the company’s accounts he had suspected of being misused.

“There is 0% compromise on abusive usage,” he said.

Joining the dots

Over three years, Fancy Bear rented computers through Crookservers, covering its tracks using bogus identities, virtual private networks and hard-to-trace payment systems.

Researchers at cyber-threat intelligence company Secureworks, who analysed information from Crookservers for the BBC, said it had helped them connect several Fancy Bear operations.

Senior security researcher Mike McLellan said the hackers had exhibited poor “tradecraft”.

One communication shows one hacker, using the pseudonym Roman Brecesku, had complained that his server had been “cracked”.

The server used to control the malware was hired through Crookservers by a hacker using the pseudonym Nikolay Mladenov who paid using Bitcoin and Perfect Money, according to records seen by the BBC.

The hacker used the server until June 2015, when it was deleted at Crookservers’s request following media reports of the attack.

This server’s IP address also appears in malware used to target some attendees at the Farnborough air show in 2014.

Fancy Bear malware used to attack a UK TV station and the DNC also contained this IP address, although the server was no longer in Fancy Bear’s control when these attacks occurred.

A financial account used by Mladenov was also used by another hacker, operating under the pseudonym Klaus Werner, to hire more computers through Crookservers.

One server hired by Werner received “redirected” traffic from a legitimate Nigerian government website, according to Secureworks analysis.

Apple attack

The financial account used by Mladenov and Werner was used by Fancy Bear hackers – including two using the names Bruno Labrousse and Roman Brecesku – to hire other servers from Crookservers.

One server and the email address used to hire it seem to have links to “advanced espionage” malware used to target iOS devices.

The malware was capable of turning on voice recording and stealing text messages.

Another email used to hire servers can be linked to an attack against Bulgaria’s State Agency for National Security.

But there are eight dedicated servers tied to the same financial information, whose use is unknown – suggesting there may be other Fancy Bear attacks that have not been publicly disclosed.

Follow the money

Fancy Bear spent at least $6,000 (£4,534) with Crookservers via a variety of services that offered an extra level of anonymity.

They included Bitcoin, Liberty Reserve and Perfect Money. Liberty Reserve was later closed after an international money laundering investigation.

The BBC asked a UK company called Elliptic, which specialises in identifying Bitcoin-related “illicit activity”, to analyse Fancy Bear’s Bitcoin payments.

Lead investigator Tom Robinson said his team had identified the wallet that had been the source of these funds. He said the bitcoins it contained were “worth around $100,000”.

Elliptic traced the source of some of the funds in that wallet to the digital currency exchange BTC-e.

In July, BTC-e was closed by the US authorities and its Russian alleged founder arrested in Greece accused of money laundering.

Although BTC-e is alleged to have been popular with Russian cyber-criminals, the BBC has no evidence its management was aware its clients included Fancy Bear.

Continuing operation

The financial and technical records link together several attacks previously tied to Fancy Bear.

And it is possible that following the financial trail further may yield additional revelations.

Crookservers closed on 10 October. Fancy Bear’s operations, however, have not.

–

Source: BBC

The post Russian Fancy Bear hackers’ UK link revealed appeared first on Citi 97.3 FM - Relevant Radio. Always.

London Bridge Plastic Surgery (LBPS) said its IT experts and police found evidence of the breach.

A group claiming to be behind the breach said it had “terabytes” of data, the Daily Beast news site reported.

The Metropolitan Police is investigating the attack.

The alleged hackers, using the pseudonym The Dark Overlord, said they had obtained photos showing various body parts of clients, including genitals.

Some of these images have been sent to the Daily Beast.

The hackers also claimed that the data contained information on “royal families” and added that they planned to distribute the patient list and corresponding photos online.

“We are still working to establish exactly what data has been compromised,” LBPS said in a statement.

“We are horrified that they have now targeted our patients.”

A spokeswoman for the Metropolitan Police said it was notified of a suspected breach on 17 October.

She added that there had been no arrests and that enquiries by the Organised Crime Command were continuing.

LBPS is known to have high-profile clients, including model and TV presenter Katie Price, who recently used her Instagram account to thank the clinic for her facelift.

The Information Commissioner’s Office said, “We are aware of this incident and are looking into the details.

“All organisations are required under data protection law to keep people’s personal data safe and secure.”

The Dark Overlord has claimed to be behind high-profile data breaches before, including one at US media firm Netflix earlier this year.

In April, 10 episodes of the new series of TV show Orange is the New Black were released online after Netflix refused to pay a ransom.

–

Source: BBC

The post Hackers breach top plastic surgery clinic appeared first on Citi 97.3 FM - Relevant Radio. Always.

The students were found to have paid an individual to hack into the university’s database, to manipulate their grades for the 2015/2016 academic year.

The dismissed students reportedly paid between to GHc 2,000 to GHc 4,000, to have their grades changed, and were set to graduate later in 2017.

News of the dismissals follows the arrest of some 20 persons by the Bureau of National Investigations (BNI), for attempting to hack the University of Ghana website to change the grades of students.

The University of Professional Studies, has assured that the decision to expel the 22 students was taken without prejudice to any criminal investigation.

In a Citi News interview, the Registrar of the University, Dr. Seidu Mohammed Mustapha, said the integrity of the university was at stake, hence the need to “take these measures in order that they serve as a deterrent. So the Academic Board met and took a decision and decided that all of them should be expelled.”

Seven of the 22 dismissed students had their pictures published on the school’s website as a further sanction, because they did not aid investigations into the matter, according to Dr. Mustapha.

In the meantime, police are investigating the matter, whiles the alleged hacker has been granted bail.

The registrar noted that, the alleged hacker “reported himself to the police and was given bail, and it was through that we requested to interact with him. He has since cooperated with the committee and showed remorse.”

–

By: Caleb Kudah/citifmonline.com/Ghana

The post 22 UPSA students expelled for manipulating grades appeared first on Citi 97.3 FM - Relevant Radio. Always.

Mark Vartanyan, 29, developed and distributed the Citadel Trojan, which lets criminals steal bank account details and hold files to ransom.

US prosecutors said it had infected about 11 million computers worldwide.

He pleaded guilty to one count of computer fraud, in a court in Atlanta, after being extradited from Norway.

Launched in 2011, Citadel was marketed on invitation-only, Russian-language internet forums used by cybercriminals.

Its users had targeted the computer networks of major financial and government institutions around the world, prosecutors said.

‘Illicit functionality’

Vartanyan admitted to the “development, improvement, maintenance and distribution” of Citadel between 2012 and 2014 while living in Ukraine and Norway.

Operating under the alias Kolypto, he uploaded “numerous electronic files” that consisted of Citadel malware, components, updates and patches, as well as customer information.

Earlier in March, David LeValley, special agent at the FBI Atlanta Office, said Vartanyan’s arrest removed “a significant player” from the resources available to cybercriminals.

“We must continue to impose real costs on criminals who believe they are protected by geographic boundaries and can prey on the American people,” he said.

Vartanyan agreed to cooperate with prosecutors in exchange for a reduced prison term. He will be sentenced in June.

In September 2015, a US court sentenced Russian citizen Dimitry Belorossov to four years and six months in prison after he admitted distributing and installing Citadel on to computers.

The Department of Justice said its investigation into the creator of Citadel continued.

–

Source: BBC

The post Russian man pleads guilty over $500m malware scam appeared first on Citi 97.3 FM - Relevant Radio. Always.

It is hoped 5,700 pupils aged 14 and over will spend up to four hours a week on the subject in a five-year pilot.

Classroom and online teaching, “real-world challenges” and work experience will be made available from September.

A Commons committee last week warned that a skills shortage was undermining confidence in the UK’s cyber defences.
The risk that criminals or foreign powers might hack into critical UK computer systems is now ranked as one of the top four threats to national security.

‘Cutting-edge skills’
Russia in particular is suspected of planning sustained attacks on Western targets.

Cyber security is a fast-growing industry, employing 58,000 experts, the government says, but the Public Accounts Committee has warned it is proving difficult to recruit people with the right skills.

Russian hacks ‘aim to destabilise the West’
The Department for Culture, Media and Sport is providing £20m for the lessons, which will be designed to fit around pupils’ current courses and exams.

Digital and Culture Minister Matt Hancock said: “This forward-thinking programme will see thousands of the best and brightest young minds given the opportunity to learn cutting-edge cyber security skills alongside their secondary school studies.

‘Pipeline of talent’
“We are determined to prepare Britain for the challenges it faces now and in the future and these extra-curricular clubs will help identify and inspire future talent.”

The government is already providing university funding and work placements for promising students.
An apprenticeship scheme has also begun to support key employers to train and recruit young people aged 16 or over who have a “natural flair for problem-solving” and are “passionate about technology”.

Steve Elder, 20, who is a cyber security apprentice with BT, told BBC Radio 5 Live that educating young people about the risks and vulnerabilities of the cyber security world would help the UK prepare for the future.

He added: “Getting young people involved and getting them taught from a young age will allow them – even in their home environment – to protect themselves, before it has to come to people at a specialist level.”

Mr Hancock told the BBC he wanted to ensure the UK “had the pipeline of talent” it would need.
Cyber security expert Brian Lord, a former deputy director at GCHQ, told BBC Breakfast that the scheme was an “essential initiative” to recruit more people into the profession.

He added: “There is perception that cyber security is all about techno geeks who have long hair, glasses, wear heavy metal t-shirts and drink red bull.

“There are those, and they do an extraordinarily good job. But there is a whole range of other activities… that can appeal to a wide cross section of children, graduates and apprentices, and at the moment they don’t know what [is on] offer.

“The more exposure [children] can get [the more it will] prepare them for a future career and, as that generation needs to understand how to be safe online, you get a double benefit.”

–

Source: BBC

The post Teenagers to help stop hackers appeared first on Citi 97.3 FM - Relevant Radio. Always.

Microsoft said Tuesday that it will issue a fix next week for a Windows vulnerability it says is being exploited by hackers linked to Russia’s government.

The company said in a blog post that it would release the fix November 8 as part of its normal patch cycle, adding that a well-known hacking group was already using the newly discovered flaw in a hacking campaign that sends people bogus emails in an attempt to con them out of personal data. The bug, which was publicly revealed by Google on Monday, can be used to bypass the security in the Windows32K system.

The revelation of the bug has caused some friction between Microsoft and Google. The search giant said it gave Microsoft 10 days to issue an advisory or a fix but that Microsoft failed to act. Google went public after that because it rated the bug as “critical” and learned it was being actively exploited. Microsoft hasn’t addressed the delay in issuing a fix but disputed Google’s assessment of the bug’s threat, adding that Google’s disclosure “could put customers at potential risk.”

Microsoft said a hacking group known as Strontium was behind email attacks that took advantage of the flaw. The group, more widely known as “Fancy Bear” and APT 28, has also been linked to a series of hacks this summer, including one in which emails and chat transcripts were stolen from the Democratic National Committee’s computer network.

The post Microsoft to fix Windows flaw exploited by hackers appeared first on Citi 97.3 FM - Relevant Radio. Always.

According to the Head of the Animal Products and Biosafety Department of the Kofi Essel, people continue to live in poor sanitary conditions in spite of numerous educational campaigns on sanitation and personal hygiene.

“Personally, we need to take a lot of the blame. If you take any by-laws of any local government, it tells you that you are responsible for any immediate public property that borders your property. You are primarily responsible for your health. If you fail to observe hygiene, no amount of facilities that have been put in place will help you.”

He believes that the authority faces a huge task in maintaining quality health standards in the country due to the unwillingness of people to change their attitudes.

“This is the 21^st century, and people still eat without washing their hands, or do so without using soap. We can’t do anything about that. We can only continue to hammer on these attitudinal changes that we have been talking about. Each individual has a role to play in the fight against cholera,” he added.

Mr. Essel also believes that the local assemblies have failed to provide the appropriate facilities to promote public health and safety.

“If the gutters are not clean, and people don’t have hygienic places to sell food, that is a problem.

The disease has claimed over 80 lives with more than 10,000 cases recorded across the country.

An outbreak of cholera has claimed the lives of over 80 people with more than 10,000 cases recorded across the country.

The Ghana Health Service says it is contemplating a ban on the sale of food on the street in light of the epidemic.

The country has also initiated discussions with the World Health Organization (WHO) to supply oral vaccines to help bring the situation under control.

Mr. Essel is hoping that increased education on personal hygiene would help prevent a further spread of the the disease.

“The FDA is working with the local government and other organisations to intensify public education so that people will be aware.We want to ensure that the food vending activities do not pose a threat to public health and safety.”

By: Edwin Kwakofi/citifmonline.com/Ghana

The post Cholera won’t stop spreading if you don’t change – FDA appeared first on Citi 97.3 FM - Relevant Radio. Always.