U.S., India to Crack Down on Cybercrime

[Vikrant]

There are way too many hackers that need to be locked up.

---

The U.S. and India are joining forces to crack down on cybercrime, in a bid to boost cross-border trade amid a rash of high-profile global data breaches.

Over two days of talks last week in Washington, delegates led by Obama Administration cyber-security czar Michael Daniel and Arvind Gupta, India’s Deputy National Security Adviser, identified key areas that would benefit from increased collaboration. These included cybersecurity capacity-building, research and development, international security and Internet governance, among others, according to a joint statement by the White House and Indian officials.

Known as the U.S.-India Cyber Security Dialogue, the talks brought together officials from a range of federal agencies, included the State, Justice, Homeland Security, Treasury and Commerce Departments.

They also included senior executives from Oracle Corp., International Business Machines Corp., Google Inc., Microsoft Corp., Symantec Corp. and other private-sector technology firms.

Delegates discussed a “range of cyber issues including cyber threats, enhanced cybersecurity information sharing, cyber incident management” and an “array of follow-on activities to bolster their cybersecurity partnership and achieve concrete outcomes,” the White House statement said.

At the same time, industry representatives submitted policy recommendations, which included a need to “protect cross border data flow, facilitate remote access, provide for strong encryption standards, and reduce cybersecurity threat through targeted public-private partnerships,” according to the U.S. India Business Council, a beltway advocacy group.

In a statement issued at the close of the talks Thursday, Mr. Daniel described cybersecurity as “fundamentally a team endeavor,” saying it was essential for India and the U.S. to work together, along with the private sector, to “raise our cyber defenses in both the short and long term, to disrupt and interrupt malicious actors in cyberspace, and to improve our ability to respond to and recover from cyber threats.”

President Obama and Indian Prime Minister Narendra Modi are scheduled to meet in New York next month, and the issue of cyber security is likely to be high on the agenda, officials said.

A draft Commerce Department report on the need to develop international standards for cybersecurity, released on Aug. 10, says working with global partners to improve online security “promotes U.S. interests by facilitating interoperability, security, usability and resiliency” while “helping U.S. products and services compete in global markets.”

Cheri McGuire, Symantec’s vice president of global government affairs and cybersecurity policy, told CIO Journal on Monday that such talks were “important given that cyber security is borderless by nature.”

While digitization is opening up opportunities for companies around the world to boost productivity, it’s also raising the risk of data breaches, she said.

“What we’re seeing in regard to India is a dynamic where rapid digitization is introducing new threats,” Ms. McGuire said, adding that more than 60% of cyber attacks in India target big companies.

Last year, businesses in India in the transportation, communications, electricity and gas industries faced a five-fold increase in targeted cyber attacks, according to Symantec’s 2015 Internet Security Threat Report, issued in April.

India ranked third highest in Asia for ransomware attacks, for instance, with over 60,0000 attacks per year, the report said.

“India is seen as an IT powerhouse, but it’s behind in cyber security,” said Vivek Wadhwa, a Palo Alto, Calif.-based Stanford University fellow whose research includes business and technology: “It’s like the cobbler’s children have no shoes,” he told CIO Journal.

U.S. India to Crack Down on Cybercrime - The CIO Report - WSJ

 

[Vikrant]

India - US cyber dialog that sounds naughty.

---

To increase global cybersecurity and promote the digital economy, the United States and India have committed to robust cooperation on cyber issues. To that end, the United States and India met at the U.S. Department of State in Washington, DC on August 11 and 12 for the 2015 U.S.-India Cyber Dialogue.

The whole-of-government Cyber Dialogue, fourth in the series, was led by the U.S. Cybersecurity Coordinator and Special Assistant to the President Michael Daniel and by India’s Deputy National Security Advisor Arvind Gupta. The Department of State Coordinator for Cyber Issues Christopher Painter and the Ministry of External Affairs Joint Secretary for Policy Planning, Counterterrorism, and Global Cyber Issues Santosh Jha co-hosted the Dialogue. U.S. whole-of-government participation included the Departments of State, Justice, Homeland Security, Treasury, and Commerce. The Indian government was represented by the National Cyber Security Coordinator at the National Security Council Secretariat, the Ministry of External Affairs, the Ministry of Home Affairs, and the Ministry of Communication and Information Technology.

The delegations discussed a range of cyber issues including cyber threats, enhanced cybersecurity information sharing, cyber incident management, cybersecurity cooperation in the context of “Make in India,” efforts to combat cybercrime, Internet governance issues, and norms of state behavior in cyberspace.

The two delegations identified a variety of opportunities for increased collaboration on cybersecurity capacity-building, cybersecurity research and development, combatting cybercrime, international security, and Internet governance, and intend to pursue an array of follow-on activities to bolster their cybersecurity partnership and achieve concrete outcomes.

In addition to the formal Dialogue, the delegations met with representatives from the private sector to discuss issues related to cybersecurity and the digital economy. The Indian delegation also met with Deputy Secretary of State Antony Blinken and Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco.

The two countries decided to hold the next round of the Cyber Dialogue in Delhi in 2016.

Joint Statement 2015 United States--India Cyber Dialogue whitehouse.gov

 

[waltky]

Granny onna phone to China, threatenin' to sell her rickshaw stocks...

U.S. considering sanctions over Chinese cyber theft: Washington Post
30 Aug.`15 - The White House is considering applying sanctions against companies and individuals in China it believes have benefited from Chinese hacking of U.S. trade secrets, the Washington Post reported on Sunday.

The newspaper, citing several unidentified Obama administration officials, said a final determination on whether to issue the sanctions was expected soon, possibly as early as the next two weeks. Suspicions that Chinese hackers were behind a series of data breaches in the United States have been an irritant in relations between the world's two largest economies as President Xi Jinping prepares to make his first visit to the United States next month.

Obama administration officials have said China is the top suspect in the massive hacking of a U.S. government agency that compromised the personnel records of at least 4.2 million current and former government workers. China has denied involvement. U.S. government officials and cyber analysts say Chinese hackers are using high-tech tactics to build massive databases that could be used for traditional espionage, such as recruiting spies or gaining access to secure data on other networks. A White House official had no immediate comment on the report. The State Department did not immediately respond to a request for comment.

A map of China is seen through a magnifying glass on a computer screen showing binary digits

A senior administration official said in reply to a Reuters query that President Barack Obama noted when he signed an executive order earlier this year enabling the use of economic sanctions against cyber hackers that the administration "is pursuing a comprehensive strategy to confront such actors." "That strategy includes diplomatic engagement, trade policy tools, law enforcement mechanisms, and imposing sanctions on individuals or entities that engage in certain significant, malicious cyber-enabled activities," the official said. "We are assessing all of our options to respond to these threats in a manner and time frame of our choosing," the official added.

The Post quoted an administration official as saying the possible sanctions move “sends a signal to Beijing that the administration is going to start fighting back on economic espionage, and it sends a signal to the private sector that we’re on your team. It tells China, enough is enough.” The newspaper said the sanctions would not be imposed as retaliation for the suspected hacking of the U.S. government personnel records, as they were deemed to have been carried out for intelligence reasons rather than to benefit Chinese industry.

U.S. considering sanctions over Chinese cyber theft: Washington Post

 

[waltky]

More than the whole population of the U.S.

India's internet user base crosses 350 million: IAMAIPTI
Sep 2, 2015: India has added 52 million internet users in first six months of the year, taking the total user base to 352 million as on June 30, 2015, industry body IAMAI said.

Interestingly, 213 million (over 60%) users accessed the worldwide web through mobile devices. "Internet (in India) has reached an inflection point. The consolidated numbers affirm the fact that internet in India has now become inclusive, which augurs well for the industry and society at large," the Internet and Mobile Association of India (IAMAI) said in a statement.

The number of internet users has grown over 26% from 278 million in October 2014. The number of mobile internet users has also grown about 40% from 159 million users in October last year.

"The internet in India took more than a decade to move from 10 million to 100 million and three years from 100 to 200 million. However, it took only a year to move from 200 to 300 million users. Clearly, internet is mainstream in India today," it said.

India's internet user base crosses 350 million: IAMAI - The Times of India

 

[waltky]

Mebbe Obama `fraid Xi'd whup some o' dat kung fu on him...

U.S. does not plan cyber sanctions before Xi visit
15 Sept.`15 WASHINGTON (Reuters) - The United States does not plan to impose sanctions on Chinese entities for economic cyber attacks ahead of next week's U.S. visit by Chinese President Xi Jinping, a U.S. official and a person briefed on the White House's thinking said on Tuesday.

The official, who spoke on condition of anonymity, suggested the reason was to avoid casting a shadow over Xi's visit rather than the emergence of any major agreement between the two sides over how to handle the issue. Imposing sanctions before Xi's high-profile visit, which will include a black tie state dinner at the White House hosted by President Barack Obama, would be a diplomatic disaster, said the person briefed on the White House's thinking.

The Washington Post first reported the decision, citing a senior Obama administration official as saying it came after an all-night meeting on Friday during which the two sides reached "substantial agreement" on several cybersecurity issues. The newspaper quoted the official as saying sanctions were not off the table and China's behavior in cyberspace is still an issue. "But there is an agreement, and there are not going to be any sanctions" before Xi arrives on Sept. 24, the official said.

China's President Xi Jinping attends a signing ceremony with King of Jordan Abdullah II (not pictured) at The Great Hall Of The People in Beijing, China

Last week, U.S. officials said Washington was considering sanctions against both Russian and Chinese individuals and companies for cyber attacks against U.S. commercial targets. The sanctions Washington was weighing would not target suspected hackers of government data but rather foreign citizens and firms believed responsible for cyber attacks on commercial enterprises.

If taken, the action would be the administration’s first use of an executive order signed by Obama in April to crack down on foreign hackers accused of penetrating U.S. computer systems. Two industry sources following the matter closely said that the idea of imposing sanctions in general has only mixed support among big companies that would be the intended beneficiaries.

That is in part because of fear of retaliation and in part because it could make it harder to do business with existing partners that might be sanctioned. The tech industry in general cares more about expanding access to the Chinese market, which is expected to be a major topic at the Seattle meetings that Xi will have with the heads of Microsoft Corp., Apple Inc. and other companies.

U.S. does not plan cyber sanctions before Xi visit

 

[waltky]

'Hacker-for-Hire' sentenced to prison...

US Sentences Proponent of 'Hacker-for-Hire' Cybercrime
May 03, 2016 - Nearly a decade ago, computer security experts found a new kind of malicious software that would eventually infect more than 1 million computers in the United States and Europe and cause tens of millions of dollars in damages.

On Monday, a U.S. federal court sentenced Russian national Nikita Kuzmin on charges of conspiracy, bank fraud and computer intrusion for creating the software, named Gozi, and selling it to hackers who used it to steal money from bank accounts. Prosecutors said Kuzmin "committed this crime purely out of greed" and helped pioneer a new kind of cybercrime that has become more prevalent in recent years. "In renting the malware to others, Kuzmin made it widely accessible to criminals, in other words, to criminals who do not or need not have sophisticated computer science skills like Kuzmin and his Gozi co-creators," U.S. Attorney Preet Bharara said in a letter to the court. "From this perspective, Kuzmin's crime is particularly significant." Under that model, malicious coders have expanded their reach from their own schemes to those imagined by anyone who wants to commit a cybercrime, even if they do not know how.

Gozi came to a user's computer through a file, such as a PDF, that looked normal to them, but once opened set the malware loose on the system. Because it was difficult for anti-virus software to detect, people had no idea the software was running, leaving their activities, such as logging into their account at a bank's website, free for Gozi to collect and send back to the hackers. Prosecutors said security experts identified 10,000 account records from more than 5,200 people, which included login information for accounts with hundreds of companies. The infected computers included hundreds at the U.S. space agency NASA. Kuzmin said he did not partake in stealing bank account information himself. He made money by renting use of Gozi to others and by collecting a portion of whatever they later stole with it. According to court documents, Kuzmin estimated he made at least $250,000.

A U.S. federal court sentenced Russian national Nikita Kuzmin on charges of conspiracy, bank fraud and computer intrusion.​

The court said Kuzmin's punishment is the 37 months he has already spent in prison, as well as paying $6.9 million that authorities have identified as the losses incurred by two banks in the U.S. and one in Europe. Kuzmin earned a lighter sentence after providing "substantial assistance" in the investigation that also led to the conviction of Latvian national Deniss Calovskis and the arrest of Romanian Mihai Ionut Paunescu, who is awaiting extradition to the U.S. But prosecutors say the scale of the crime is far bigger than the losses identified so far. "Unlike most crimes, Kuzmin's crime -- the creation and distribution of harmful malware -- cannot be stopped simply by capturing the perpetrator, as the government has done here. Because Kuzmin sold the Gozi source code to others, Gozi can be used by others, and it is in fact still in wide use by criminals today," Bharara told the court.

Prosecutors noted Kuzmin's computer science education and legitimate business projects in slamming his crimes as greedy. "Kuzmin used his talent and skills to create malware with the single purpose of stealing other people's money, and when he succeeding in doing that, he spent lavish sums on luxury sports cars, and extravagant travel and entertainment in Europe and Russia."

US Sentences Proponent of 'Hacker-for-Hire' Cybercrime

 

[waltky]

Combating cybercrime in Cambodia...

US to Train Cambodian Government on Combating Cybercrime
June 28, 2016 — The United States has invited senior Cambodian officials to learn about cybercrime from U.S. experts.

Numerous countries and nongovernmental organizations have expressed concern in recent years over the drafting of a Cambodian cybercrime law, which critics say could be used to restrict freedom of expression and stifle political dissent as Cambodians increasingly turn to social media websites such as Facebook to share their political opinions. Kan Channmeta, a secretary of state at the Ministry of Posts and Telecommunications, said he estimates about 7 million Cambodians — almost half the population — now regularly use the internet.

A person uses a smartphone to look at the Facebook page of Cambodia's Prime Minister Hun Sen during breakfast at a restaurant in central Phnom Penh, Cambodia​

U.S. Ambassador William Heidt said in early June that the United States wanted to work with the Cambodian government to ensure Cambodians have freedom of expression online. "Cybercrime is a real problem in the United States and Cambodia as well, so we are working with Cambodia," Heidt said when proposing the training. He said they would bring officials to the U.S. "to see how our cyberlaw works; how the United States enforces and prosecutes cybercrime." "We'll make sure that your internet remains a place for free expression as well," he said at the time.

Win over young voters

Prime Minister Hun Sen, who has ruled Cambodia for more than 30 years, is increasingly using Facebook as a medium to both direct policy and gauge popular opinion. Observers suggest the move is a strategic bid to win over young voters from the opposition Cambodia National Rescue Party ahead of the next general election in 2018. Phay Siphan, spokesman for the Council of Ministers, said that while the government welcomed the training, not everything that applied in the U.S. would work in Cambodia. "I am interested in U.S. standards regarding their culture of strengthening their national security and the knowledge of their nation," Siphan said, adding that U.S. cybercrime laws will be used as reference points for Cambodia.

University students from the Royal University of Phnom Penh check the Internet in a coffee shop along the city's Russian Federation Boulevard​

"We take [the law] as a reference since, though we are not there yet, we are prepared for the coming years when our economy is booming, and standards of living are better and the law is respected," he said. "So we want to collect elements to put into drafting of the cybercrime law." Siphan suggested government officials in Phnom Penh may encounter barriers to implementing anti-cybercrime measures, citing the dispute between the FBI and Apple, which centers around the extent to which courts can compel technology manufacturers to unlock encrypted cellphones.

Ability to tackle cybercrime

See also:

China Seeks On-Off Switch for Internet
June 29, 2016 — A controversial cyber security law that is under review in China will give authorities the power to shut down the internet and block all communications online when so-called “emerging social security events” occur.

The new draft law, which is being reviewed by China’s parliament, the National People’s Congress, does not clearly state what it means by emerging social security events. The broad phrase could refer to anything from localized protests to widespread riots or violent attacks. The current version of the draft law states local governments must seek approval of the central government before shutting down the internet. How long authorities would be allowed to keep an internet blackout in place is unclear.

China’s new Great Wall

Authorities in China routinely censor the internet, scrubbing it of all kinds of content and commentary, particularly comments critical of the Communist Party and its policy decisions. The new law goes even further, analysts say, and appears to be part of a trend by authorities to legitimize increasingly stringent and ever-expanding controls on the internet and make them more systematic. “The contrast between China’s internet and the internet in the rest of the world is increasingly widening and a barrier is being built,” said William Long, a well- known IT blogger in China. “The obstacles to the flow of information from the rest of the world to China are growing and foreign companies are finding it more and more difficult to expand their market in China.”
Soliciting public opinion
The government has asked the public to comment on the legislation, which was first publicized last year in June and is going through its second reading in parliament. Since the draft bill was launched, it has continually been a source of controversy both among the Chinese public as well as foreign businesses. Authorities have said the law aims to protect China’s cyber sovereignty and the public from growing threats such as terrorism.

But on social media, many criticized the draft bill and questioned whose interests it was putting first. “The power to shut down the internet is aimed at protecting those officials who arbitrarily bully and oppress the public, isn’t it? True security is not for the public, but to prevent the people from capturing images of the truth,” one commentator said on Weibo, China’s version of Twitter. “Can you turn off the hearts and minds of the people,” one user wrote, while others added sarcastically that the government should just cut off the public’s access to water, electricity and even air, when such events occur.
Easy to block?

Related:


US Increasingly Focused on Social Media to Weigh Terror Threats
June 29, 2016 - The United States government has become increasingly focused on the idea of examining social media posts in order to make determinations about who represents a security threat to the country.

The latest example is a proposal from the Customs and Border Protection arm of the Department of Homeland Security to ask foreign travelers to disclose information about their accounts on services like Facebook and Twitter. It would appear as an optional question on the form people fill out either upon arrival or presubmit online with information such as their name, address, phone number and the names of countries they have visited since 2011. It would also only apply to travelers from the 38 countries allowed visa-free entry into the U.S. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case," the proposal says.

Customs and Border Protection is asking the Office of Management and Budget for permission to add the question and says it would affect an estimated 24 million people. There is a 60-day comment period for the public to weigh in. Meanwhile, members of Congress have been busy during their current session drafting bills involving examining social media posts for terror links. Senator John McCain sponsored one of several bills that would require the Department of Homeland Security to look at internet activity and social media profiles of anyone applying for admission to the U.S. "It is unacceptable that Congress has to legislate on this, and that it wasn't already the Department of Homeland Security's practice to take such commonsense steps when screening individuals entering this country," McCain said.

A Customs and Border Protection officer checks the passport of a non-resident visitor to the United States inside immigration control at McCarran International Airport.​

A bill from Senators Martin Heinrich and Jeff Flake specifies that DHS "may search open source information, including internet and social media postings, of an alien who applies for a visa to enter the United States." "It should be crystal clear to those inside and outside of DHS that the agency has the authority to review publicly available social media posts when vetting visa applications," Flake said. The proposals do not seem to address the accounts of anyone who has set their posts to be private. "Reviewing the public social media posts of an individual seeking a U.S. visa is just common sense in the digital world we live in today," Heinrich said.

Senator Chuck Schumer has proposed a different tactic to alert authorities to potential terrorists. He wants to use the Justice Department's existing Rewards for Justice program to pay people who submit a tip about a social media post that leads to the arrest of someone planning an attack in the U.S. "We are in a time when a terrorist a world away can corrupt a disaffected youth -- and with just a few posts or tweets, can push them to plan or carry out acts of terror," Schumer said. "We need the public's eyes to alert authorities if they see someone they know writing things they know spell trouble." He wants the awards to range from $25,000 to $25 million.

In the House of Representatives, Congressman Stephen Fincher is focusing on keeping those serving time in federal prisons from becoming radicalized and posing a threat when they are released. His bill calls for anyone who wants to volunteer in the prisons to divulge their social media accounts as part of a background check for possible links to terrorism. "Over the years, our federal prisons have become a breeding ground for radicalization," Fincher said. "By allowing volunteers to enter the system without first having to undergo a comprehensive background check, some of the most vulnerable members of society have become susceptible to radicalization."

US increasingly focused on social media posts to weigh terror threats

 

[waltky]

Europol too...

Europol Brings Down Global Cybercrime Syndicate
December 01, 2016 - Europol, the European Union's law enforcement agency, said Thursday it has arrested five people in an online criminal enterprise and seized 39 computer servers following a four-year-long international investigation.

Police agencies spanning the globe and representing 30 countries participated in the effort, which closed down a criminal group that has caused hundreds of millions of dollars in damage through online cyberattacks, according to a written statement released by Europol. "The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800,000 domains seized, sinkholed or blocked," the statement read. Sinkholing refers to a technique used by police that redirects internet traffic coming from criminals to servers controlled by law enforcement. When fully implemented, the tactic stops criminals from gaining access to infected computers of their victims.

Eurojust President Michele Coninsx called the cybercrime group, known as Avalanche, "one of the world's largest and most malicious botnet infrastructures" and said its take-down by authorities was one of the biggest to date. "Today marks a significant moment in the fight against serious organized cybercrime, and exemplifies the practical and strategic importance of Eurojust in fostering international cooperation," Coninsx said in a statement issued by the European judicial cooperation agency.

Exterior view of the Europol headquarters in The Hague, Netherlands​

Members of the Avalanche group were able to gain access to a bank and email passwords of millions of victims after infecting computers with malware. Once the hackers took control of their victims' computers, they were able to draw money from their bank accounts. According to Europol, the Avalanche network contained around 500,000 infected computers around the world on any given day. Once the money was pilfered from a victim's bank account, the criminals used several highly organized networks of mules to purchase goods, which enabled them to launder the illicitly obtained money.

The criminal infrastructure had been in place for about three years before police began their investigation in 2012. Europol Director Rob Wainwright called the investigation and take-down of Avalanche "highly significant" and pointed to it as a model for handling international cybercrime in the future. "The complex transnational nature of cyber investigations requires international cooperation between public and private organizations at an unprecedented level to successfully impact on top-level cybercriminals," he said. "Avalanche has shown that through this cooperation, we can collectively make the internet a safer place for our businesses and citizens."

Europol Brings Down Global Cybercrime Syndicate

 

[waltky]

Cyber-thief arrested...

Man held at JFK airport over largest US financial cyber-hacking
Wed, 14 Dec 2016 - The FBI arrests a man charged with the largest cyber-attack of financial firms in US history.

US national Joshua Samuel Aaron, 32, was held at New York's JFK airport and will appear in court on Thursday. He is one of three men accused of illegally accessing the personal information of 100 million people in 2012-15. Twelve major institutions were victims of the hacking, including JPMorgan. Mr Aaron had been a fugitive living in Moscow, but flew to the US voluntarily to face the charges, his lawyer said.

Joshua Samuel Aaron captured​

In a statement on Wednesday, US Attorney Preet Bharara said: "Joshua Samuel Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of personal information from US financial institutions ever." The other two suspects are Israeli men: Gery Shalon and Ziv Orenstein. They were arrested in Israel in July 2015, and extradited to the US in June 2016. All three men were charged in November 2015. They allegedly manipulated stock prices by selling shares of companies to individuals whose contact information they had stolen.

The men were also charged with running an illegal payment processing business that they used to collect $18m (£14.3m) in fees. Prosecutors claim the men hacked into competitors' systems to spy on them and then hacked into a credit card company investigating their payment processing business in order to avoid detection. The company hit hardest by the breach was JPMorgan. More than 83 million of the bank's customers had data stolen in the breach.

Man held at JFK airport over largest US financial cyber-hacking - BBC News

See also:

Spanish police arrest 200 Chinese nationals in €16m fraud
Wed, 14 Dec 2016 - Police in Spain arrest more than 200 Chinese nationals in a fraud investigation, officials say.

The group is alleged to have convinced Chinese families to deposit money in bank accounts by pretending to be police officers. Authorities said 13 call centres were discovered and dismantled in Madrid, Barcelona and Alicante. More than 600 officers took part. "We are talking about thousands of Chinese citizens, mainly poor families who were robbed of their modest savings," Spanish police crime commissioner Eloy Quiros told a news conference.

The gang is alleged to have used bases in Spain to contact people in China by telephone. Pretending to be friends or family, they would warn their victims of various scams. The calls would later be followed up by members of the same gang impersonating police officers and claiming to be investigating the scams. Victims would then be encouraged to help the authorities with their inquiries by depositing money in a number of bank accounts.

Spanish police said in a statement that up to 50 individuals worked "in great secrecy" at the call centres. The suspects detained are mostly Chinese nationals who arrived in Spain as tourists and then remained in the country. China said it was seeking the extradition of all of its citizens connected with the investigation.

Spanish police arrest 200 Chinese nationals in €16m fraud - BBC News

 

[waltky]

Girl Scouts to take on cybercrime...

New Girl Scout Badges Focus on Cybercrime, Not Cookie Sales
June 21, 2017 - Cookie sales may take a back seat to fighting identity theft and other computer crime now that Girl Scouts as young as 5 are to be offered the chance to earn their first-ever cyber security badges.

Armed with a needle and thread, U.S. Girl Scouts who master the required skills can attach to their uniform's sash the first of 18 cyber security badges that will be rolled out in September 2018, Girl Scouts of the USA said in a press release. The education program, which aims to reach as many as 1.8 million Girl Scouts in kindergarten through sixth grade, is being developed in a partnership between the Girl Scouts and Palo Alto Networks (PANW.N), a security company.

The goal is to prevent cyberattacks and restore trust in digital operations by training "tomorrow's diverse and innovative team of problem solvers equipped to counter emerging cyber threats," Mark McLaughlin, chief executive officer of Palo Alto Networks, said in the release. The move to instill "a valuable 21st century skill set" in girls best known for cookie sales is also aimed at eliminating barriers to cyber security employment, such as gender and geography, said Sylvia Acevedo, the CEO of the Girl Scouts of the USA.

Women remain vastly underrepresented in the cyber security industry, holding just 11 percent of jobs globally, according to a recent study by (ISC)2, an international nonprofit focused on cyber security. "In our increasingly tech-driven world, future generations must possess the skills to navigate the complexities and inherent challenges of the cyber realm," Acevedo said in the release. "From arming older girls with the tools to address this reality to helping younger girls protect their identities via internet safety, the launch of our national cyber security badge initiative represents our advocacy of cyber preparedness," she said.

New Girl Scout Badges Focus on Cybercrime, Not Cookie Sales

 

[waltky]

Unpicking the cyber-crime economy...

Unpicking the cyber-crime economy
26 August 2018 - Turning virtual cash into real money without being caught is a big problem for successful cyber-criminals.

They often have to get creative when "cashing out" or laundering the money they have stolen, according to a security expert. Ziv Mador, head of security research at Trustwave SpiderLabs. told the BBC that credit card thieves, for example, have limited time to profit, because at some point the victim will put a stop on their card. Tens of thousands of stolen card numbers are traded daily on the underground markets that Mr Zador and his colleagues monitor, with details taken from compromised websites or databases. "They can try to sell the card, which is not big money because they only get a few dollars for each one," he said.

Cyber-thieves can struggle to dispose of the cash their crimes generate​

Instead, he added, they are more likely to use them to buy more valuable assets like iPhones or Macbooks, which are popular because they tend to hold their value when resold. "They do not buy 100 or so iPhones at once," he said. "They use a lot of different cards at different times." Mr Mador said the crooks use randomisation tools to thwart anti-fraud systems that would spot if all the purchases, even those made with different cards, are being done on the same computer. Another "cashing out" technique uses gift cards from big retailers such as Amazon and WalMart.

This technique involves buying the gift card with the stolen credit card and then offering it for sale at a big discount. For example, a customer may be able to buy a $400 (£312) card for half price, although they face the risk of it being cancelled if a retailer notices it was originally bought with a stolen credit card. Then there are the more creative scams that seek to use Uber and other ride-hailing firms to launder cash. Mr Mador, and others, have seen adverts seeking drivers who can take part, with Spain and the US both popular locations for the fraud. Other places like Moscow and St Petersburg were "temporarily unavailable". "They are looking for Uber drivers for fraudulent payments, people who can register for Uber and do fake rides," said Mr Mador.

​

Apple's iPhones are often bought and resold by cyber-thieves​

The driver's account is used to launder the cash generated when stolen credit cards are used to pay for the fictitious journeys and they get a cut of the money as a payment. It is these markets that form the backbone of the cyber-crime world, said Dr Mike McGuire, a criminologist from the University of Surrey, who has studied this shadowy community. "We took a holistic look at the criminal economy and then we could see where the flows of money were going," he told the BBC. Some was laundered via banks and other well-established routes long used by criminal gangs, who increasingly have been finding ways to use newer technological methods.

MORE

 

[Natural Citizen]

Problem. Reaction. Solution.