Category Archives: Gangs and Crimes

26M Amazon, Facebook, Apple, eBay User Logins Stolen by Hackers

Posted on by

The private login information belonging to tens of millions of people was compromised after malware infiltrated over 3.2 million Windows-based computers during a two-year span.

According to a report by cybersecurity provider NordLocker, a custom Trojan-type malware infiltrated the computers between 2018 and 2020 and stole 1.2 terabytes (TB) of personal information.
As a result, hackers were able to get their hands on nearly 26 million login credentials including emails, usernames and passwords from almost a million websites, according to Nordlocker’s report, which was conducted in partnership with a third-party company specializing in data breach research.

The targeted websites include major namesakes such as Amazon, Walmart, eBay, Facebook, Twitter, Apple, Dropbox and LinkedIn.

Adobe breach far bigger than thought - 38 million records ...

The malware was transmitted through email and “illegal software” which included a pirated version of “Adobe Photoshop 2018, a Windows cracking tool, and several cracked games,” according to the report.

To steal the personal information, the malware was reportedly able to take screenshots of a person’s information and also photograph “the user if the device had a webcam.”

Among the stolen database were 2 billion browser cookies and 6.6 million files, including 1 million images and more than 650,000 Word and .pdf files.

“Cookies help hackers construct an accurate picture of the habits and interests of their target,” the report read. “In some cases, cookies can even give access to the person’s online accounts.”

Making up the bulk of the stolen database was “3 million text files, 900,00 image files, and 600,000+ Word files.”

What was of most concern, according to Nordlocker, was that “some people even use Notepad to keep their passwords, personal notes, and other sensitive information,” according to the report.

***

McDonald's discloses hack of customer data in South Korea ...

But now McDonald’s is the latest victim.

McDonald’s on Friday disclosed limited details of a data breach that may have exposed some customer data.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” a McDonald’s spokesperson said, adding that based on the company’s investigation so far, only Korean and Taiwanese customers were impacted.

The Wall Street Journal initially reported that U.S. markets were also impacted and that the breach exposed some U.S. business and employee contact information.

Those markets “will be taking steps to notify regulators and customers listed in these files,” which did not include customer payment information, the McDonald’s spokesperson said.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the spokesperson said.

The fast-food chain said it was able to “quickly identify and contain” threats on its network. It also conducted a “thorough investigation” and worked with “experienced third parties” to do so.

McDonald’s did not share any additional details about the breach.

From Cyberscoop in part:

In other cases, by compromising payment machines, cybercriminals have swept up troves of customer data. That’s what happened in a 2019 breach of Checkers Drive-In Restaurants, when hackers accessed data such as payment card numbers and verification codes in an incident that affected more than 100 Checkers locations. The most notorious group to use the tactic is known as FIN7, a multibillion dollar criminal enterprise that has targeted payment data at Chipotle, Red Robin and Taco’s John.

McDonald’s defended its cybersecurity practices on Friday.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company’s statement reads.

“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”

Airline Hacked by APT41

Posted on by

On March 4, 2021, SITA, an international provider of IT services for the air transport industry worldwide, said it had suffered a security incident. The announcement, however, was not getting the attention it deserved until Air India, one of SITA’s customers, reported a massive passenger data breach on May 21 caused by an earlier attack against SITA. Between March and May, various airline companies, including Singapore Airlines, Malaysia Airlines, and others, disclosed data breaches. All of those companies were SITA customers. After Air India revealed the details of its security breach, it became clear that the carriers were most likely dealing with one of the biggest supply chain attacks in the airline industry’s history.

Using its external threat hunting tools, Group-IB’s Threat Intelligence team attributed the Air India incident with moderate confidence to the Chinese nation-state threat actor known as APT41. The campaign was codenamed ColunmTK.

On May 21, Air India, India’s flag carrier, published an official statement on their website about a data breach. The announcement revealed that the breach was caused by a February incident at the airline’s IT service provider, SITA PSS, which is responsible for processing customers’ personally identifiable information (PII). It came to light that the SITA cyberattack affected 4,500,000 data subjects globally, including data related to Air India’s customers.

On May 21, Air India, India’s flag carrier, published an official statement on their website about a data breach. The announcement revealed that the breach was caused by a February incident at the airline’s IT service provider, SITA PSS, which is responsible for processing customers’ personally identifiable information (PII). It came to light that the SITA cyberattack affected 4,500,000 data subjects globally, including data related to Air India’s customers. Significant attribution detail continues here.

***

The FBI defines the APT41 as:

From 2020:

A global hacking collective known as APT41 has been accused by US authorities of targeting company servers for ransom, compromising government networks and spying on Hong Kong activists.

Seven members of the group—including five Chinese nationals—were charged by the US Justice Department on Wednesday.

Some experts say they are tied to the Chinese state, while others speculate money was their only motive. What do we really know about APT41?

Who are they?

Five members of the group were expert hackers and current or former employees of Chengdu 404 Network Technology, a company that claimed to provide legitimate “white hat” hacking services to detect vulnerabilities in clients’ .

But the firm’s work also included malicious attacks on non-client organisations, according to Justice Department documents.

Chengdu 404 says its partners include a government tech security assessor and Chinese universities.

The other two hackers charged are Malaysian executives at SEA Gamer Mall, a Malaysia-based firm that sells video game currency, power-ups and other in-game items.

What are they accused of?

The team allegedly hacked the computers of hundreds of companies and organisations around the world, including healthcare firms, and telecoms and pharmaceutical providers.

The breaches were used to collect identities, hijack systems for ransom, and remotely use thousands of computers to mine for cryptocurrency such as bitcoin.

One target was an anti-poverty non-profit, with the hackers taking over one of its computers and holding the contents hostage using encryption software and demanding payment to unlock it.

The group is also suspected of compromising in India and Vietnam.

In addition it is accused of breaching video game companies to steal in-game items to sell back to gamers, the Justice Department court filings said.

How did they operate?

Their arsenal ran the gamut from old-fashioned phishing emails to more sophisticated attacks on software development companies to modify their code, which then allowed them access to clients’ computers.

In one case documented by security company FireEye, APT41 sent emails containing malicious software to human resources employees of a target just three days after the firm recovered from a previous attack by the group.

Wong Ong Hua and Ling Yang Ching, the two Malaysian businessmen, ordered their employees to create thousands of fake video game accounts in order to receive the virtual objects stolen by APT41 before selling them on, the court documents allege.

Is the Chinese government behind them?

FireEye says the group’s targeting of industries including healthcare, telecoms and news media is “consistent with Chinese national policy priorities”.

APT41 collected information on pro-democracy figures in Hong Kong and a Buddhist monk from Tibet—two places where Beijing has faced political unrest.

One of the hackers, Jiang Lizhi, who worked under the alias “Blackfox”, had previously worked for a hacking group that served government agencies and boasted of close connections with China’s Ministry of State Security.

But many of the group’s activities appear to be motivated by financial gain and personal interest—with one laughing in chat messages about mass-blackmailing wealthy victims—and the US indictments did not identify a strong official connection.

Where are they now?

The five Chinese hackers remain at large but the two businessmen were arrested in Malaysia on Monday after a sweeping operation by the FBI and private companies including Microsoft to block the hackers from using their online accounts.

The United States is seeking their extradition.

None of the men charged are known to have lived in the US, where some of their targets were located.

They picked targets outside Malaysia and China because they believed law enforcement would not be able to track them down across borders, the court documents said.

Half of Pandemic Money Stolen, Just $400 Billion

Posted on by

At least 30% of unemployment claims are fraudulent. 70% of the money has left our shores…oh don’t worry…the Biden administration has set aside $2 billion to stop this. What?

Beware of increased unemployment fraud due to identity theft

Axios:

Criminals may have stolen as much as half of the unemployment benefits the U.S. has been pumping out over the past year, some experts say.

Why it matters: Unemployment fraud during the pandemic could easily reach $400 billion, according to some estimates, and the bulk of the money likely ended in the hands of foreign crime syndicates — making this not just theft, but a matter of national security.

Catch up quick: When the pandemic hit, states weren’t prepared for the unprecedented wave of unemployment claims they were about to face.

  • They all knew fraud was inevitable, but decided getting the money out to people who desperately needed it was more important than laboriously making sure all of them were genuine.

By the numbers: Blake Hall, CEO of ID.me, a service that tries to prevent this kind of fraud, tells Axios that America has lost more than $400 billion to fraudulent claims. As much as 50% of all unemployment monies might have been stolen, he says.

  • Haywood Talcove, the CEO of LexisNexis Risk Solutions, estimates that at least 70% of the money stolen by impostors ultimately left the country, much of it ending up in the hands of criminal syndicates in China, Nigeria, Russia and elsewhere.
  • “These groups are definitely backed by the state,” Talcove tells Axios.
  • Much of the rest of the money was stolen by street gangs domestically, who have made up a greater share of the fraudsters in recent months.

What they’re saying: “Widespread fraud at the state level in pandemic unemployment insurance during the previous Administration is one of the most serious challenges we inherited,” said White House economist Gene Sperling.

  • President Biden has been clear that this type of activity from criminal syndicates is despicable and unacceptable. It is why we passed $2 billion for UI modernizations in the American Rescue Plan, instituted a Department of Justice Anti-Fraud Task Force and an all-of-government Identity Theft and Public Benefits Initiative.”

How it works: Scammers often steal personal information and use it to impersonate claimants. Other groups trick individuals into voluntarily handing over their personal information.

  • “Mules” — low-level criminals — are given debit cards and asked to withdraw money from ATMs. That money then gets transferred abroad, often via bitcoin.

The big picture: Before the pandemic, unemployment claims were relatively rare, and generally lasted for such short amounts of time that international criminal syndicates didn’t view them as a lucrative target.

  • After unemployment insurance became the primary vehicle by which the U.S. government tried to keep the economy afloat, however, all that changed.
  • Unemployment became where the big money was — and was also being run by bureaucrats who weren’t as quick to crack down on criminals as private companies normally are.
  • Unemployment fraud is now offered on the dark web on a software-as-a-service basis, much like ransomware. States without fraud-detection services are naturally targeted the most.

The bottom line: Many states are now getting more sophisticated about preventing this kind of fraud. But it’s far too late.

*** What Is Unemployment Insurance Fraud? | does

Consequences should also be on the states and we don’t spend anything more in unemployment until at least 50% is recovered…..billions of dollars likely ending up in the hands of foreign crime syndicates based in China, Russia and other countries, experts say.

“Fraud is being perpetrated by domestic and foreign actors,” Blake Hall, CEO and founder of ID.ME, told FOX Business. “We are successfully disrupting attempted fraud from international organized crime rings, including Russia, China, Nigeria and Ghana, as well as U.S. street gangs.”

Haywood Talcove, the CEO of LexisNexis Risk Solution, suggested the bulk of the money – about $250 billion – went to international criminal groups, most of which are backed by the state. The money is essentially being used as their slush fund for “nefarious purposes,” such as terrorism, illegal drugs and child trafficking, Talcove said.

The criminals have been able to access the money by stealing personal information and using it to impersonate claimants or buying it on the dark web. The groups also use an army of internet thieves to submit fraudulent claims. States, which administer the aid, may be prepared to combat fraud from individuals who are trying double-dip or cash in on benefits they don’t need, but not international criminals using the dark web to exploit the system.

VP Harris Trip Results in Joint Task Force Alpha

Posted on by

Harris meets with Mexico's president, declares 'new era' - Los Angeles Times source

In part from USA Today: GUATEMALA CITY – Vice President Kamala Harris, during a trip to Guatemala, announced initiatives Monday to address corruption and human trafficking in Central America and urged people from the region not to come to the U.S.-Mexican border. Harris announced that a task force would be created to work with the Justice, Treasury and State Departments to investigate corruption in the region. U.S. officials will train law enforcement in Guatemala to conduct their own investigations.

Joint Task Force Alpha was established to enhance U.S. law enforcement efforts against human smuggling and trafficking groups in Mexico and the Northern Triangle countries of Guatemala, El Salvador and Honduras.

“I have personally worked on these cases in my career and can say that when we see some of the most vulnerable in our communities being taken advantage of, being sold for profit, being abused, it should be a priority for all of us who care about the human condition and humanity,” Harris said.

“Corruption really does sap the wealth of any country and in Central America is at a scale where it is a large percentage of GDP across the region,” said Ricardo Zuniga, the State Department’s special envoy for the Northern Triangle. “We see corruption as one of the most important root causes to be dealt with.”

Part of the strategy to slow the pace of migration is creating better living conditions and economic opportunities for people in the region through investment. Last month, Harris secured the commitment of 12 U.S. companies and organizations – including MasterCard, Microsoft and Chobani – to invest in Guatemala, Honduras and El Salvador.

US: Kamala Harris declares Mexico, Guatemala trip ′a success′ | News | DW | 09.06.2021

From the DOJ:

“Transnational human smuggling and trafficking networks pose a serious criminal threat,” said Attorney General Garland. “These networks profit from the exploitation of migrants and routinely expose them to violence, injury, and death. The joint efforts we are announcing today will combine investigative, prosecutorial, and capacity-building efforts of both the Departments of Justice and Homeland Security. Our focus will remain on disrupting and dismantling smuggling and trafficking networks that abuse, exploit, or endanger migrants, pose national security threats, and are involved in organized crime. Together, we will combat these threats where they originate and operate.”

In addition to the work of the Joint Task Force, Attorney General Garland directed the Office of Prosecutorial Development, Assistance, and Training (OPDAT) and the International Criminal Investigative Training Assistance Program (ICITAP), in coordination with the State Department, to enhance the assistance provided to counterparts in the Northern Triangle countries and Mexico to support their efforts to prosecute smuggling and trafficking networks in their own courts.

The Joint Task Force will consist of federal prosecutors from U.S. Attorney’s Offices along the Southwest Border (District of Arizona, Southern District of California, Southern District of Texas, and Western District of Texas), from the Criminal Division and the Civil Rights Division, along with law enforcement agents and analysts from DHS’s Immigration and Customs Enforcement and Customs and Border Patrol. The FBI and the Drug Enforcement Administration will also be part of the Task Force. And it will work closely with Operation Sentinel, a recently announced DHS operation focused on countering transnational criminal organizations affiliated with migrant smuggling.

 

The Under Reported Threat to the US of Smuggling Chinese

Posted on by

We have watched for years the chaos at the U.S. Southern border with Mexico. While there is has been a single focus on Latin Americans crossing into the United States, very little has been reported about the volume of Chinese. This should stimulate some critical thinking and questions.

Is this espionage, operatives or the building of a force for other reasons? In February of 2020, NBC News was asking some of the same questions.

A Chinese student walked around a perimeter fence at a U.S. naval base in Key West, taking pictures of government buildings. Stopped by police, he said he was trying to capture images of the sunrise.

aerial view of nas key west naval air station base truman ...

And nine days after that, two more Chinese students drove past a guard at the same naval base. When stopped by security 30 minutes later, they voluntarily displayed the videos and photos they had taken of the base.

The first Chinese student arrested at the naval base in Key West was Zhao Qianli, 20, who was taken into custody on Sept. 26, 2018.

Zhao entered the base by walking along the facility’s secure fence line and trudging through the beach, court documents say.

Zhao headed directly to the Joint Interagency Task Force South property, according to court records, where he took several photographs on his Motorola cellphone and his Canon EOS digital camera.

His devices contained photos and videos of sensitive equipment at the facility’s “antenna farm,” as well as images of warning signs that read “Military Installation” and “Restricted Area,” according to court documents.

Zhao initially told military police that he was “lost” and that he was a “dishwasher from New Jersey.” In later conversations with the FBI, Zhao said he traveled to Key West to “see the sights, such as the Hemingway House,” but there were no images of tourist attractions on his phone, according to his sentencing memo.

Zhao admitted to receiving military training as a university student in China and was found to have a “police blouse” and a People’s Republic of China Interior Ministry belt buckle at his hotel, the memo says.

 

In 2016, Newsweek in part reported:

Smuggling Chinese across the southern U.S. border appeals to traffickers because it is more lucrative than smuggling individuals from Mexico or Central America. A longer journey commands a steeper price and the going rate per person is believed to be somewhere between $50,000 and $70,000; the total value of the trade for the Chinese mafias involved has been estimated at $750 million.

The role of Chinese mafia groups (triads) in bringing migrants across the border has also deepened their exposure to and ties with Latin American narcotics cartels, both in human smuggling and beyond.

An “alliance between Chinese and Latin American smuggling rings” was noted as early as 1993, but today the scope of this “alliance” encompasses not just smuggling, but also other illicit activity including the sale of drug precursors from Asia and pirated materials.

In Mexico, contact between triads and cartels occurs in various regions, including those ruled by the ruthless Los Zetas syndicate and the Gulf and Juarez cartels, depending on what routes are used for migrants. Triad groups are believed to operate in the Mexican state of Chiapas and the Red Dragon triad, which operates in Peru, is involved not only in smuggling, but also in extortion and drug trafficking within Latin America. The wide-ranging activities of transnational organized crime groups generate additional law enforcement concerns beyond border security.

But it is important to look to the other side of our country, the area of the Bahamas and South Florida. A few islands in the Bahamas are now fully owned by China, one such island is Bird Cay. From Forbes in 2019 in part:

Quoting CaribbeanNews.com directly:

“China has set its sights on The Bahamas and has invested billions of dollars in building new infrastructure and industry across the country.

New roads, new businesses, new hotels, and booming Chinese immigration has led to many companies being staffed with more Chinese workers than local Bahamians.”

Plus, “Reports show that over 200,000 Chinese are illegally smuggled into the Caribbean every year to open their shops or work at Chinese businesses, with many sending their money back to China.”

However, the local government doesn’t see how it’s in a good position to do anything about it since Chinese state banks are simultaneously flooding the islands with tens of millions of dollars… even going so far as to finance new ports there.

Private Islands for sale - Bird Cay - Bahamas - Caribbean Bird Cay, owned now by China

Hold on, there is South Florida where those smuggled Chinese are making their way into the United States aboard some very expensive yachts.

The Miami Herald just last year told us:

Dozens of Chinese nationals without proper papers have been smuggled from the Bahamas to South Florida by operators of luxury yachts who are charging them thousands of dollars each for the short Atlantic journey, according to federal criminal cases.

In recent instances, the Coast Guard stopped two vessels approaching the South Florida shore, leading to the arrests of three men accused of transporting a total of 26 Chinese passengers and one Bahamian, court records show. The alien smuggling operations were not related, however.

Rocco Oppedisano, a 51-year-old Italian national, is scheduled for arraignment in Miami federal court Wednesday on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. Oppedisano told a magistrate judge this week that properties he once owned in the Northeast have been sold along with his Mercedes-Benz, Porsche and Fiat vehicles to pay for legal costs over his immigration troubles.

Oppedisano was stopped by the Coast Guard on Dec. 2 while he was commandeering a 63-foot Sunseeker yacht named INXS FINALLY with 14 Chinese passengers and one Bahamian, according to an indictment. Among the passengers was a Chinese national, Ying Lian Li, who was deported last April but tried to re-enter the country.

It is unclear why these Chinese nationals — unlike Cubans and Haitians smuggled here in both go-fast and rickety boats in the past — sought to come to South Florida. But over the past five years, the Bahamas has experienced an influx of Chinese workers flocking to the archipelago as part of a push by China to invest in the country’s hotel, tourism and trade industries.

In the other alien smuggling case, a Coast Guard cutter encountered a 70-foot Hatteras yacht about 20 miles east of South Florida on July 23, when officers radioed the vessel to ask how many people were on board. The yacht’s response: two crew and eight Japanese passengers with passports, who did not need additional visas to enter the United States.

It was all a lie, according to a Homeland Security Investigations criminal affidavit.

About 10 miles east of Port Everglades, Coast Guard officers boarded the yacht and asked crew member Robert L. McNeil Jr. to bring all the passengers on deck. The officers counted 12 passengers with passports from the People’s Republic of China but without required visas to enter the United States, according to the HSI affidavit.

The Coast Guard concluded that none of the 12 Chinese nationals possessed documents that would allow them to enter the United States legally. McNeil, and the yacht’s charter captain, James A. Bradford, along with the 12 Chinese nationals were transferred to the Coast Guard cutter.

During questioning, Bradford said he left South Florida on the Hatteras yacht bearing the name CAREFREE on July 22 and arrived in Nassau, Bahamas, that day. He admitted that the purpose of the trip was to pick up a “tour group of aliens” in the Bahamas, transport them to South Florida and return to the Bahamas on July 26.

Bradford, who has been a charter captain for decades, said “he never checked to see if the passengers had proper documents to come to the U.S.,” according to the affidavit.

A search of the yacht uncovered 10 cellphones in the bridge area; none of the Chinese nationals had mobile phones on them.

“Based on my knowledge and experience in human smuggling cases, smugglers often collect cell phones from migrants until they are paid for delivering the migrants to the U.S.” wrote HSI special agent David Jansen, who added that none of the passengers carried any luggage.

The search also uncovered $118,100 hidden behind the wall paneling of the yacht’s master bedroom, the affidavit said. Investigators also seized more than $2,800 from McNeil.

Both Bradford and McNeil were indicted on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. To resolve his case, McNeil pleaded guilty earlier this month to one count of alien smuggling to make a profit. He faces up to 10 years in prison.

The Hill says this is a disturbing trend.

Matt Cardy/Getty Images

While it’s unclear why these Chinese nationals sought to come to South Florida, the move is part of a larger five-year trend in the region. The Bahamas has seen a surge of Chinese workers as China invests in the archipelago’s hospitality and tourism industries. China’s presence in the Bahamas reportedly stems from a burgeoning relationship between the two countries, after China provided disaster relief in a bid to establish trade.