Operation Endeavour: The Tip of the Iceberg?

In mid January 2014, reports began emerging of a cybersex ring that had recently been under investigation in the Philippines. Crime agencies across the UK, USA, Australia and the Philippines themselves have been working together since 2012 on a case codenamed Operation Endeavour, and recently results have started to be published in the media.

To date, the operation has seen twenty-nine arrests across twelve countries, with fifteen children identified as targets. The case is still ongoing, and more arrests are expected in the coming weeks. In the midst of a series of recent stories about child abuse both on the internet and offline, including the arrest of Lostprophets’ lead singer Ian Watkins, it may seem reasonable to conclude that the sharing of indecent content depicting children is at an all-time high. But is this true? Have the international legal authorities been seeing more crimes against children than ever before? And what challenges do they face when investigating such cases?

Backbone Security Expands World's Largest Digital Steganography Database

JANUARY 22, 2014 --

Fairmont, WV (PRWEB) January 22, 2014

1. Backbone Security, the global leader in advanced digital steganography detection and hidden information extraction tools, is pleased to announce the release of the latest version of their Steganography Application Fingerprint Database (SAFDB), which now contains over 1,225 steganography applications.
2. Developed in Backbones Steganography Analysis and Research Center (SARC), SAFDB is the worlds largest commercially available hash set exclusive to digital steganography applications.
3. The database is widely used by US and international government and law enforcement agencies, the intelligence community, and private sector digital forensic examiners and network security professionals to detect digital steganography applications on seized digital media and within inbound and outbound network traffic streams.

Full article at

Refrigerator Used to Launch Hacker Attack

1. An Internet security provider, Proofpoint, Inc., says it found the first example of an Internet of Things (IoT)-based hacking scheme that included at least one fridge, as well as thousands of computers, TVs, home-networking routers and multimedia centers.
2. The consumer goods were responsible for sending out more than a quarter of the 750,000 malicious emails delivered between December 23, 2013, and January 6, 2014, by unidentified cyber criminals.
3. Proofpoint says this kind of IoT-based cyber assault will only increase in coming years, with “significant security implications for device owners” and those targeted by hackers.
4. “Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse,” David Knight, general manager of Proofpoint’s Information Security division, said. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”

Read full article at http://www.allgov.com/news/unusual-news/refrigerator-used-to-launch-hacker-attack-140119?news=852202

Mobile Device Forensics: The New Frontier

Mobile Device Forensics: The New Frontier

Tuesday, January 14, 2014 - 10:56

iDiscovery Solutions

Brandon Leatha

Arnold Garcia

 

 

Mobile devices are no longer seen as a “gadget” or “toy” only used by technology-savvy executives. It is becoming increasingly common for corporate employees at all levels to rely on a tablet, smartphone, or other mobile device as their primary means of corporate communications. In some cases, employees are choosing to ditch the PC or laptop altogether, making the mobile device a significant source of unique ESI that may be relevant to investigations, litigation, or government inquiries.

 

Read full article at  http://www.metrocorpcounsel.com/articles/26979/mobile-device-forensics-new-frontier 

Police get tool for patrolling social media

1. Criminals are not always the smartest people. Most don’t tip off the police by bragging about a bank robbery on YouTube, but criminals do use social media to communicate, and police are paying attention.
2. In a move that law enforcement officers might “like,” LexisNexis Risk Solutions’ Social Media Monitor will allow police to watch all social media channels to look for signs of criminal activity. As a new feature of the larger LexisNexis Accurint for Law Enforcement platform, Social Media Monitor lets law enforcement agencies discover risks and threats by leveraging social media. The system can target critical incidents such as gang violence, drug dealing, crimes against children and human trafficking.
3. The program is already being beta tested at several agencies and local police forces across the county.
4. According to LexisNexis, the impetus to create the program was a survey of 1,200 law enforcement officers that showed that four out of five of them research social media when pursuing cases. And when challenged, the use of social media sites as evidence for search warrants held up in court 87 percent of the time. But without a dedicated social media tool, officers are on their own when conducting investigations.
5. Social Media Monitor can alert officers to potential areas of concern and help them identify posts or tweets within specific geographic locations. By entering a few search terms, law enforcement personnel are provided with a social canvas within minutes, adding a virtual dimension to traditional public records data. In a recent demonstration, LexisNexis officials showed how monitoring the Twitter feeds of gang members could help them learn code words, drug drops, meeting locations and criminal trends within cities or even larger demographic areas.
6. Social Media Monitor is a Web-based platform with no software to install. It can work within specific geographical or jurisdictional areas and comes with a dashboard that allows officers to filter search results as needed.
7. The program looks to be an elegant way of searching the huge ocean of social media and could empower individual officers as well as whole groups and departments. I plan to follow-up with a full report on how the program is working once local officers have some more time with this fascinating piece of emerging technology. They may have a few success stories to share as well.
8. Read More at http://goo.gl/b1qTU4

Digital forensic tools dig up hidden evidence faster

nShare

Digital forensic tools dig up hidden evidence faster

• By GCN Staff ,Jan 15, 2014

Government investigators and law enforcement officials filtering and searching for forensic evidence on computers can be overwhelmed by the frequency and complexity of digital investigations.
AccessData, a developer of stand-alone and enterprise-class digital investigation tools, has added features to its Forensic Toolkit that offer greater visibility into digital elements and artifacts left on computers to help ensure evidence is not missed.
Forensic Toolkit (FTK) version 5.1 now includes native support for Microsoft’s Volume Shadow Copy (VSC), a technology that allows taking manual or automatic backup copies or snapshots of data at a specific point in time over regular intervals. 
Now investigators can “easily identify and quickly examine ‘digital artifacts’ across different points in time, while leveraging all of the advanced features of FTK,” said Brian Karney, AccessData’s COO and president.

Full article at http://goo.gl/P3xjUB

Cops: Stamford Man Busted with Over 500 Child Porn Images on Computer

1. Stamford Police announced late Thursday the arrest of a 43-year-old man on charges that he was in possession of more than 500 images of child pornography on his computer.  
2. According to Lt. Diedrich Hohn, the Stamford Police Department's Digital Forensics Unit (DFU), in collaboration with the States Attorney's Office, conducted an investigation into Efrain Martinez-Guiterrez after the DFU received information in October 2013 that hundreds of images of child pornography were being downloaded at his 31 Stephen Street address. 
3. On January 9, 2014, DFU executed a search warrant at the location and discovered numerous computers that could have been responsible for the downloads, Hohn said. The computers were seized, along with phones and thumb drives that belonged to multiple residents of a basement apartment there. It was then extensively analyzed, Hohn said. 
4. Hohn said it was determined the computer belonging to Martinez-Gutierrez contained over 500 images of child pornography on his hard drive. An arrest warrant was applied for and the suspect was located and arrested on January 16, 2014. 
5. Martinez-Gutierrez was charged with first-degree possession of child pornography, importing child pornography and obscenity. He was held in lieu of a $75,000 bond. 
6. Hohn acknowledged the work of Officers Kevin McKay and Mark Sinise for their "diligent work on this sensitive investigation."

details of more than 18,000 members of the ‘Verified' Eastern European cyber crime forum were leaked by a rival gang.

18,000 suspected cyber criminals 'shopped' by rival gang

18,000 suspected cyber criminals 'shopped' by rival gang

A major breakthrough in the fight against global cyber crime has come after details of more than 18,000 members of the ‘Verified' Eastern European cyber crime forum were leaked by a rival gang.

The information, held on a stolen database uploaded to Sendspace, includes the identities, passwords and IP addresses of 18,894 suspected criminals, as well as their private messages discussing crimes, which supposedly include online fraud attacks against British, American and Australian banks.

Experts say this is the first time such a goldmine of information has come into the hands of police and intelligence agencies, giving them the chance to catch some of the world's most notorious cyber criminals. It also could allow them to infiltrate other cyber crime forums by using shared passwords.

Read full report at http://www.scmagazineuk.com/18000-suspected-cyber-criminals-shopped-by-rival-gang/article/328803/

Do you know who is stalking your child on the internet?

The arrest of a Red Bank man accused of soliciting nude pictures of a 13-year old girl on Facebook has opened up the discussion about local cyber sex crimes.

WDEF recently spoke to a local undercover detective who specifically investigates crimes committed over the internet.The internet is not safe. It's a great tool and great resource for information and for learning but there's another side to the internet," the detective said.

That was revealed when James Renfro, 21, of Red Bank allegedly tried to get a 13-year old girl to send him nude pictures of herself on Facebook. According to the detective, that cyber crime was only the tip of the iceberg.

"What I've often see is a man posing as a female child or female teen trying to get another female teen to send pictures for a teen lesbian site or teen sex site," the detective said.

According to authorities, there has been an increase in children downloading free apps on their mobile internet devices that allows them to text to chat-rooms that may often have child predators.

"I've had a lot of those cases where you're just in a chat-room or you're on one of these text-apps and you get solicited for sending nudity to them," said the investigator.

Authorities say parents need to keep a closer eye on their child's internet activity because there is always someone in cyberspace looking for a victim.

"It's almost like taking your child to a state prison and asking can your child go into the sex offender unit and spend the day," said the detective.

According to the Internet Crimes Against Children Task Force, one in 25 children ages 10 to 17 receive an online sexual solicitation from an adult. 4% of cell phone carrying teenagers say they have sent sexual material via text messaging while 15% of cell pone carrying teenagers say they have received sexual material via text messaging.

Source : http://www.wdef.com/content/news/crime/story/Do-you-know-who-is-stalking-your-child-on-the/Zevs5Q0ZIUGxNTMrmNfweA.cspx

"In our high school, almost everyone in the 11th and 12th grade did it"

1. It's easy to tell which kids in this town have helped to make it a global center for criminal hacking and Internet scams.
2. They're the pupils who come to school wearing the best clothes and gold jewelry in a region of Romania where chickens are raised in yards and roads are full of potholes.
3. This is how the Romanians have expressed their hacking operations carried out of US firms.

read full story at http://goo.gl/mAlrHl

Craziest Linux Distributions

1. Ubuntu Satanic Edition: To be honest, this OS doesn’t really fit the name. Based on the Ubuntu 10.10 platform, this one seems more to be a dark themed distribution. But, it shows that there is at least one Ubuntu distro for everyone. You can download a live CD (called the ‘undead CD’) for this one if you want to try it. It was discouraged by many Linux users and many protested and complained against it.
2. Hannah Montana Linux: Sometimes go your own way results in an excessively pink desktop background. Based on popular children’s character Hannah Montana, this OS was created to attract young users. It is a derivative of the Kubuntu OS, which changes the KDE menu to the Hannah Montana Menu. In addition, it doesn’t have applications like GIMP, LibreOffice or KOffice, which many who downloaded this OS complained against.
3. Red Star OS: From Satanists and Hannah Montana fans to politicians. Red Star was the first ever politics themed Linux-based distribution created. It came up in North Korea back in 2002 in an effort made to replace Microsoft’s Windows as the primary OS of choice. It is available only in the Korean language and hosts a customised version of Mozilla Firefox, which is known as Naenara. It uses KDE 3.
4. Apartheid Linux: This is perhaps the most offensive Linux-based distribution ever created. As the name suggests, Apartheid Linux is a racially charged operating system. It is based on the PCLinuxOS and comes with wallpapers of the swastika etc. 

 Source http://goo.gl/Lbb6hj

World's first insured bitcoin vault opens in UK

1. The new bitcoin storage service offering insurance in UK, named Elliptic Vault, uses "deep cold storage" techniques to secure the digital currency.
2. bitcoin keys are encrypted and stored offline. There are multiple copies, protected by layers of cryptographic and physical security.
3. The copies are accessible only via a quorum of Elliptic's directors.

Cards Stolen in Target Breach Flood Underground Markets

Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card, KrebsOnSecurity has learned.

See more at http://goo.gl/AQX8mk

More Well-known US Retailers Victims of Cyber Attacks

Target Corp and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed.

 

Smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target, according to the people familiar with the attacks. Those breaches have yet to come to light. Also, similar breaches may have occurred earlier last year.

http://goo.gl/otwMQx

How to Check Whether Your Facebook Account is Compromised or Not

1. Sign on to your Facebook account.
2. Click the “Account” link located in the upper right corner.
3. In the drop-down menu, select  “Account Settings”.
4. Click on "Security "in left hand menu, below general account settings.
5. Go to last optios in "Accounts Settings" which is "Active Sessions".
6. Here you will find all the active session currently on as well as past history.
7. In case you see a location  or device from which your Facebook account has been accessed. 
8. Happy hunting.

While You Were Sleeping, 5 HUGE Cyber Hacking Stories Made News This Weekend

1. More U.S. retailers are being cyber-attacked

2. The Target hacking was wayyyy bigger than we thought

3. Microsoft's blog and two Twitter accounts were hacked by foreign military

4. Dropbox was hacked (but not actually)

5. MIT's website was hacked on the anniversary of Aaron Swartz's suicide

 sources : http://www.policymic.com/articles/78733/there-were-5-big-cyber-hacking-news-stories-this-weekend-what-the-heck-is-going-on

Spotting the latest email hoaxes may be easier than you think!

1. Spotting the latest email hoaxes may be easier than you think!
2. There are thousands of email hoaxes moving around the Internet at any given time. Some may be the latest email hoaxes around. Others may be mutated versions of hoax messages that have travelled the Internet for years. These email hoaxes cover a range of subject matter, including:

• Supposedly free giveaways in exchange for forwarding emails.
• Bogus virus alerts.
• False appeals to help sick children.
• Pointless petitions that lead nowhere and accomplish nothing.
• Dire, and completely fictional, warnings about products, companies, government policies or coming events.

Source of information thanks to hoax slayer.read more at http://goo.gl/eDNIWZ

Introduction to Penetration Testing

1. What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester.
2. You can become a penetration tester at home by testing your own server and later make a career out of it.

https://community.rapid7.com/docs/DOC-2248

The Six Dumbest Ideas in Computer Security

1. There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book.
2. And, thanks to the fact that it's a topic of public concern and a "safe issue" for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a "hot topic." 
3. Read more at http://www.ranum.com/security/computer_security/editorials/dumb/index.html

Ten torrents sites to be aware of

01. extratorrent.com

02. bitenova.nl

03. fenopy.com

04. torrentat.org

05. fulldls.com

06. spynova.org

07. 2torrents.com

08. scrapetorrent.com

09. litebay.org

10. torrents.to

Cyber Psycho-analysis: A new buzz word

Soft-skills might become more important in the cyber war as criminals are expected to employ new strategies focusing not solely on the technology but on the user and his or her psychology. The tactics may include more convincing phishing emails and leveraging pop culture to trick the users.

'Syrian Electronic Army' hacks Skype's accounts in social networks

1. Hackers from the so-called “Syrian Electronic Army” have got access to the blog and the official accounts in social networks that are hosted by Skype. The intruders used the hacked facilities for placing messages criticizing NSA's programs of mass surveillance, the TechCrunch edition writes.
2.  One of the messages that the hackers placed in Twitter calls on Web users not to use post services run by Microsoft, such as Hotmail or Outlook. The hackers are claiming that these services are surveying their clients' accounts and selling information to the governments.
3.  At present, the hackers' messages at the Skype's blog and page in Facebook have already been removed, while the messages in Skype's microblog in Twitter are still there.
4. Read more: http://voiceofrussia.com/news/2014_01_08/Sweden-fell-victim-of-foreign-hackers-intelligence-0261/

 

Computer Security: Safeguard System Antivirus Software

1. With high pc usage, pc security is very important for the sleek functioning of the machine. Shielding your pc with antivirus package could be a wise thanks to beware of your computer’s health. integration this security can prevent from the obstacles that area unit created by risky viruses.
2. Antivirus works to safeguard the pc from any attack and could be a should for information security.
3. Why install antivirus software?

http://goo.gl/g2l42H

Sweden fell victim of foreign hackers - intelligence

1. Hacking attacks last yer targeting a number of Swedish state institutions, companies and colleges were masterminded by foreign intelligence services, the country: Local news agency has cited a source in Swedish intelligence.
   Read more: http://voiceofrussia.com/news/2014_01_08/Sweden-fell-victim-of-foreign-hackers-intelligence-0261/

 

Digital Forensics Framework

1. DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
2. It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.
3.   

   Preserve digital chain of custody

   Software write blocker, cryptographic hash calculation
   

   Access to local and remote devices

   Disk drives, removable devices, remote file systems
   

   Read standard digital forensics file formats

   Raw, Encase EWF, AFF 3 file formats
   

   Virtual machine disk reconstruction

   VmWare (VMDK) compatible
   

   Windows and Linux OS forensics

   Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems
   

   Quickly triage and search for (meta-)data

   Regular expressions, dictionaries, content search, tags, time-line
   

   Recover hidden and deleted artifacts

   Deleted files / folders, unallocated spaces, carving
   

   Volatile memory forensics

   Processes, local files, binary extraction, network connections
4. Read more at http://goo.gl/XIyxiq

FireEye Buys Mandiant for Nearly $1 Billion to Stamp Out Cyber Attacks

CHECK OUT MORE AT

http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks

FireEye Buys Mandiant for Nearly $1 Billion to Stamp Out Cyber Attacks - See more at: http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks#sthash.rV1pmBBK.dpuf

ireEye, a major enterprise security company, is hoping to better shield its customers from cyberattacks through its acquisition of privately held Mandiant for nearly US$1 billion. - See more at: http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks#sthash.rV1pmBBK.dpufireEye, a major enterprise security company, is hoping to better shield its customers from cyberattacks through its acquisition of privately held Mandiant for nearly US$1 billion. - See more at: http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks#sthash.rV1pmBBK.dpuf

Now Bitcoin Malwares Target Personal Computers

New Delhi: Bitcoin craze is turning into a fertile ground for cyber fraudsters as thousands of computers, including in India, are being infected with malwares related to the virtual currency. The findings of a survey, that has pegged the count of computers infected with bitcoin related malware at least 12,000, comes at a time when regulators worldwide have flagged money laundering concerns about this popular virtual currency.


Chech more at http://goo.gl/Sxj3vv

Cyber Security Tips : 2014

 

Courtsey Zoom Technologies

It’s a hoax

WhatsApp to start charging for every message you send? It’s a hoax

Users of WhatsApp, the immensely popular instant messaging app for smartphones, are being duped into spreading a hoax message to their friends and contacts – claiming that the service will begin to charge for every message sent.
The messages say that WhatsApp will charge for each message from 31st December/1st January – and that to avoid charges, users have to forward the message to 10 of their contacts.
According to the hoax, if you follow the instructions the logo on your WhatsApp app will turn blue.
Here’s an example of one duped user, who appears to have entirely misunderstood the idea behind the hoax and shared it with her Facebook friends rather than her WhatsApp contacts:

31st Dec and 1st Jan whatsapp will become chargeable.
If you have at least 10 contacts.
Send them this messages.
In this way we will see that you are an avid user and your logo will become blue in color and remain free.
Send this messages thru your whatsapp column.

According to Hoax Slayer, other versions of the hoax include the following:

Saturday morning whatsapp will become chargeable. If you have at least 10 contacts send them this message. In this way we will see that you are an avid user and your logo will become blue and will remain free. (As discussed in the paper today. Whatsapp will cost 0.01€ per message. Send this message to 10 people. When you do the light will turn blue otherwise whatsapp activate billing.

The official WhatsApp blog has debunked the hoax, which appears to have been spreading since at least January 2012!
Once again, do your homework before forwarding messages like the hoax above to your internet friends. You are not only wasting time and bandwidth, you are also helping to perpetuate hoaxes that are hard to stamp out.