Free Republic

The Justice Department announced today the seizure of four domains used by the administrators and customers of a domain spoofing service. The domain seizures were authorized pursuant to seizure warrants issued in the Western District of Pennsylvania and were executed in coordination with the arrest of dozens of administrators and customers of the illicit service by foreign law enforcement agencies.“Together with our international partners, the Justice Department has disrupted another cybercrime scheme originating from Russia that enabled criminals to steal from over a million victims in the United States and around the world,” said Attorney General Merrick B. Garland. “I...

The hacking of a UnitedHealth affiliate is a symptom of consolidation within the health care sector, and it’s likely to get even worse.In a bid to win reelection, the Biden administration keeps trying to sell the country on all the supposed benefits of Obamacare. Before continuing their sales campaign, they might want to check in with the doctors’ offices struggling to make payroll.For over a month, the multitrillion-dollar health care sector has had to respond to a hack on a payment processor owned by UnitedHealthGroup, the nation’s largest insurer. Axios reported that hospitals, doctors, medical equipment suppliers, and pharmacies are...

Living off the Land: How hackers blend into your environment Cyber-criminals are increasingly ‘Living off the Land’, leveraging commonly-used tools to fly under the radar of conventional cyber defenses. Discover why Self-Learning AI is uniquely positioned to identify attacks leveraging this technique. What is Living off the Land attack? Living off the Land is a strategy which involves threat actors leveraging the utilities readily available within the target organization’s digital environment to move through the cyber kill chain. This is a popular method because It is often cheaper, easier, and more effective to make use of an organization’s own infrastructure...

Your personal information may have been leaked in the 'Mother of all Breaches' (MOAB), cybersecurity researchers have warned. Over 26 billion personal records have been exposed, in what researchers believe to be the biggest-ever data leak. Sensitive information from several sites including Twitter, Dropbox, and Linkedin was discovered on an unsecured page. Worryingly, the researchers who found it claim this breach is extremely dangerous and could prompt a tsunami of cybercrime.

SAN FRANCISCO/WASHINGTON (Reuters) - The U.S. Federal Bureau of Investigation (FBI) has struggled to stop a hyper-aggressive cybercrime gang that's been tormenting corporate America over the last two years, according to nine cybersecurity responders, digital crime experts and victims. For more than six months, the FBI has known the identities of at least a dozen members tied to the hacking group responsible for the devastating September break-ins at casino operators MGM Resorts International and Caesars Entertainment, according to four people familiar with the investigation. Industry executives have told Reuters they were baffled by an apparent lack of arrests despite many...

The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors. In its announcement, the FBI says the operation was carried out with the help of the Virtual Currency Response Team, the National Police of Urkaine, and legal prosecutors in the country. The nine websites and their servers seized in this operation are: 24xbtc.com 100btc.pro pridechange.com 101crypta.com uxbtc.com trust-exchange.org bitcoin24.exchange paybtc.pro owl.gold Visiting any of these domains today displays the seizure banner below, alternating its message between Russian and English. [Banner behind the article link above.] The seized sites...

Distributed Denial of Service (DDoS) attacks have become an everyday or, some might argue, an hourly problem. Using a variety of techniques, a wide range of threat actors from lone hackers, criminal gangs and hacktivists, to nation-states have and are using DDoS attacks. These attacks are carried out to degrade or disable the performance and network communications of target systems. These targets can be small or large businesses, internet service providers, manufacturers, retailers, healthcare providers, schools and universities, or other nation-states. Essentially, any entity with an online presence can become a DDoS target. Now, here is the why. There are...

He was the “king of revenge porn” — until his shocked and fed-up victims took him down. The “king” in question is Hunter Moore, the founder of the now-defunct revenge porn website IsAnyoneUp.com and whose horrific enterprise is examined — along with his victims’ desperate fight for justice — in a new three-part Netflix documentary, “The Most Hated Man on the Internet.” Moore, 36, created the site in 2010 and it allowed people allegedly hurt by relationships to post anonymous NSFW sexual content without the consent of their partners. “Me and my friends would post [photos of] a bunch of...

Today we saw some important testimony in the Michael Sussmann case. First, Rodney Joffe, an FBI confidential human source, went around his FBI handler to relay dubious Alfa Bank information to a friend at the FBI. Second, there were indications that Joffe previously worked on Russia cyber security matters. This leads us to ask whether Joffe was in some way involved in the Trump/Russia investigation. More on that below. The testimony of retired FBI Agent Tom Grasso. Grasso, a witness for Sussmann, was a Special Agent with the FBI whose “primary responsibility involved investigating cyber crimes.” He was part of...

Brett Johnson was a US Most Wanted cybercriminal, called the Original Internet Godfather by US Secret Service for building the first organized cybercrime community called ShadowCrew, which was the precursor to today's darknet and darknet markets.

Apple and Facebook reportedly provided sensitive customer information to hackers who faked being law enforcement officials in 2021. Facebook parent company Meta and Apple gave the hackers basic customer details — such as phone numbers, home addresses, and IP addresses — in response to forged "emergency data requests," Bloomberg reported. Typically, such data requests can only be granted through search warrants or subpoenas provided by a judge, but emergency requests don't require a full-court order. The hackers who duped the companies are affiliated with cybercrime groups known as “Recursion Team,” who have a history of using fake legal requests to...

Sinclair Broadcast Group, which operates dozens of TV stations across the U.S., said Monday that some of its servers and work stations were encrypted with ransomware and that some of its data was stolen from the company's network. The company said in a regulatory filing it started investigating the potential security incident on Saturday and on Sunday it and found that certain office and operational networks were disrupted.,,, ...Sinclair said it's taken measures to contain the incident and that its forensic investigation is ongoing. However, the company said that the data breach has caused – and may continue to cause...

Cyber hackers returned nearly half of the $600 million they stole from DeFi platform Poly Network, in what is considered one of the biggest cryptocurrency heists in history. Around $260 million has been returned as of Wednesday noon, Poly Network said in a tweet. Of the funds given back, $3.3 million were in ethereum, $256 million in Binance smart chain, and $1 million in polygon, according to the post. The return of funds follows pleas from Poly Network on Tuesday, asking the hackers for the money back and urging cryptocurrency exchanges and miners to halt tokens from the hacker's wallets.......

Some Facebook pages are under attack. Users are losing control of their pages and their memories, and some people are losing their money. "It's very much personal. It's very emotional," Renee Heller said. Heller can see her Facebook page but can't access anything on it, including thousands of family photos. "Looking back through photos, I have 15 years that I can't account for," she said. A few weeks ago, Heller got an email in the middle of the night. The message from Facebook said her account information had been charged. "My password was changed. My email address was changed. My...

When Chancellor Angela Merkel’s Christian Democratic Union (CDU) met online to elect a new party leadership in January, hackers carried out a series of massive attacks aimed at throwing the summit into chaos. The attacks picked up speed every time delegates were about to vote. According to CDU spokespeople, the assailants, operating mostly from abroad, bombarded the party’s website with internet traffic to overwhelm its server. At some point, they succeeded. The site collapsed and the livestream of the event cut out. In the end, the CDU managed to push the intruders out […] Yet the thwarted attack illustrates the...

In 2010, the U.S. Department of Defense found thousands of its computer servers sending military network data to China — the result of code hidden in chips that handled the machines’ startup process. In 2014, Intel Corp. discovered that an elite Chinese hacking group breached its network through a single server that downloaded malware from a supplier’s update site. And in 2015, the Federal Bureau of Investigation warned multiple companies that Chinese operatives had concealed an extra chip loaded with backdoor code in one manufacturer's servers.

An allegedly stolen Wattpad database containing 270 million records were being sold in private sales for over $100,000. Now it is being offered for free on hacker forums. Watthpad is a web site that allows members to publish user-generated stories on a variety of different topics. The site is immensely popular and is ranked as the the 150th most visited site worldwide. Since July 7th, BleepingComputer has been tracking the rumored private sale of a Wattpad database containing over 200 million records. In an anonymous tip, BleepingComputer was told that this database was being sold by Shiny Hunters, a group...

COMPLAINT         LOS ANGELES – A Dubai resident who flaunted his extravagant lifestyle on social media has arrived in the United States to face criminal charges alleging he conspired to launder hundreds of millions of dollars from business email compromise (BEC) frauds and other scams, including schemes targeting a U.S. law firm, a foreign bank and an English Premier League soccer club.         Ramon Olorunwa Abbas, 37, a.k.a. “Ray Hushpuppi” and “Hush,” a Nigerian national, arrived in Chicago Thursday evening after being expelled from the United Arab Emirates (UAE). Abbas made his initial U.S. court appearance this morning in Chicago, and he is...

One of the leaders of the Infraud Organization pleaded guilty today to RICO conspiracy.  Infraud was an Internet-based cybercriminal enterprise engaged in the large-scale acquisition, sale, and dissemination of stolen identities, compromised debit and credit cards, personally identifiable information, financial and banking information, computer malware, and other contraband. Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division made the announcement.Sergey Medvedev, aka “Stells,” “segmed,” “serjbear,” 33, of the Russian Federation, pleaded guilty before U.S. District Court Judge James C. Mahan in the District of Nevada.  According to the indictment, the Infraud Organization was created in October...

Hackers are trying to infect organizations throughout the world with a popular strain of malware by sending emails that appear to be from an Egyptian oil company. In research published Tuesday, Romanian antivirus company BitDefender noted a surge in attempted phishing attacks that try to trick users into downloading malware by masquerading as Enppi, an oil company owned by the Egyptian government. The malware, known as Agent Tesla, is a spyware tool which enables hackers to monitor keystrokes, steal data about file downloads and collect username and password credentials from internet browsers, among other capabilities. The number of attacks spiked...