Category: crime

According to analysis by cybersecurity researchers at Trend Micro, Linux servers are “increasingly coming under fire” from ransomware attacks, with detections up by 75% over the course of the last year as cyber criminals look to expand their attacks beyond Windows operating systems.

Linux powers important enterprise IT infrastructure including servers, which makes it an attractive target for ransomware gangs — particularly when a perceived lack of threat to Linux systems compared with Windows means that cybersecurity teams might choose to focus on defending Windows networks against cybercrime. Researchers note that ransomware groups are increasingly tailoring their attacks to focus specifically on Linux systems. For example, LockBit is one of the most prolific and successful ransomware operations of recent times and now offers the option of a Linux-based variant that is designed to target Linux systems and has been used to conduct attacks in the wild….

And it isn’t just ransomware groups that are increasingly turning their attentions towards Linux — according to Trend Micro, there’s been a 145% increase in Linux-based cryptocurrency-mining malware attacks, where cyber criminals secretly exploit the power of infected computers and servers to mine for cryptocurrency for themselves. One of the ways cyber criminals are compromising Linux systems is by exploiting unpatched vulnerabilities. According to the report, these flaws include CVE-2022-0847 — also known as Dirty Pipe — a bug that affects the Linux kernel from versions 5.8 and up, which attackers can use to escalate their privileges and run code. Researchers warn that this bug is “relatively easy to exploit”.
The article recommends installing all security patches as soon as they’re available — and implementing multi-factor authentication across your organization.

And yes, it’s the real ZDNet. They’ve just re-designed their web site…

It’s not the whole story, either. Cryptocrime analysis firm Chainanalysis addressed Thorex specifically in its overview of 2021, in the wider context of a total $2.8 billion worth of crypto scams over this year being ‘rug pulls’: wherein a seemingly legitimate business is set up, operates as normal for a while, then suddenly all the money is gone. It’s large-scale fraud. “We should note that roughly 90% of the total value lost to rug pulls in 2021 can be attributed to one fraudulent centralized exchange, Thodex, whose CEO disappeared soon after the exchange halted users’ ability to withdraw funds,” says the Chainanalysis report. That works out at an estimate of around $2.5 billion of crypto.

Six people have already been jailed for their role in Thodex, including family members of Ozer, while 20 other prosecutions are ongoing. The Turkish daily Harriyet reports that state prosecutors are out to set an example: “A prison sentence of 40,564 years is sought for each of these 21 people, including Ozer, as over 2,000 people are included in the indictment as complainants.”

Zhang was arrested by federal agents in July 2018 at the San Jose airport, where he planned to fly to China. He had previously worked for Apple since 2015, most recently as a hardware engineer on Apple’s autonomous vehicle team, according to charging documents from the FBI and U.S. attorney’s office. The charges gave a peek into a secretive side of Apple that the company even years later still doesn’t often acknowledge: its division developing autonomous electric vehicles.

The Post reports that prosecutors in the appeal to Shehab’s case argued for a more severe punishment under Saudi cybercrime and anti-terrorism laws, leading to a drastically increased sentence of 34 years, handed down on August 8th. The Freedom Initiative nonprofit, which advocates for the rights of prisoners detained in the Middle East, states that this is the longest known sentence for a women’s rights activist in Saudi Arabia.

A Home Office data protection impact assessment (DPIA) from August 2021, obtained by the charity Privacy International through a freedom of information request, assessed the impact of the smartwatch technology before contracting a supplier. In the documents, seen by the Guardian, the Home Office says the scheme will involve “daily monitoring of individuals subject to immigration control,” with the requirement to wear either a fitted ankle tag or a smartwatch, carried with them at all times. Photographs taken using the smartwatches will be cross-checked against biometric facial images on Home Office systems and if the image verification fails, a check must be performed manually. The data will be shared with the Home Office, MoJ and the police, with Home Office officials adding: “The sharing of this data [to] police colleagues is not new.”

The number of devices to be produced and the cost of each smartwatch was redacted in the contract and there is no mention of risk assessments to determine whether it is appropriate to monitor vulnerable or at-risk asylum seekers. The Home Office says the smartwatch scheme will be for foreign-national offenders who have been convicted of a criminal offense, rather than other groups, such as asylum seekers. However, it is expected that those obliged to wear the smartwatches will be subject to similar conditions to those fitted with GPS ankle tags, with references in the DPIA to curfews and inclusion and exclusion zones. Those who oppose the 24-hour surveillance of migrants say it breaches human rights and may have a detrimental impact on their health and wellbeing. Lucie Audibert, a lawyer and legal officer for Privacy International, said: “Facial recognition is known to be an imperfect and dangerous technology that tends to discriminate against people of color and marginalized communities. These ‘innovations’ in policing and surveillance are often driven by private companies, who profit from governments’ race towards total surveillance and control of populations.

“Through their opaque technologies and algorithms, they facilitate government discrimination and human rights abuses without any accountability. No other country in Europe has deployed this dehumanizing and invasive technology against migrants.”

News of the breach was first reported by Web3 is Going Great . According to the blog, both accounts were simultaneously compromised to promote two different cryptocurrency scams.

Although it has since been scrubbed, the army’s verified Twitter account was briefly changed to look like a page for The Possessed, a project involving a collection of 10,000 animated NFTs with a price floor of 0.58 Ethereum (approximately $1,063). During that time, the account tweeted out multiple links to a fake minting website….

Over on YouTube, the army’s channel [had] been made to look like a page for Ark Invest…livestreaming videos that repurpose old footage of Elon Musk, Jack Dorsey and Ark CEO Katie Wood discussing cryptocurrency. The clips feature an overlay promoting “double your money” Bitcoin and Ethereum scams. According to Web3 is Going Great, a similar scheme netted scammers $1.3 million this past May. It’s unclear who is behind the attacks.

And she’s recently donated more than $100,000 to a genetics lab called Othram — to fund the sequencing of DNA to solve cold cases back in her home state. “These families have waited so long for answers,” she told the New York Times, which calls her “part of a growing cohort of amateur DNA detectives…”
[Othram] created a site called DNASolves to tell the stories of horrific crimes and tragic John and Jane Does — with catchy names like “Christmas tree lady” and “angel baby” — to encourage people to fund budget-crunched police departments, so that they can hire Othram. A competitor, Parabon NanoLabs, had created a similar site called JusticeDrive, which has raised around $30,000.

In addition to money, Othram encouraged supporters to donate their DNA, a request that some critics called unseemly, saying donors should contribute to databases easily available to all investigators. “Some people are too nervous to put their DNA in a general database,” said Mr. Mittelman, who declined to say how large his database is. “Ours is purpose-built for law enforcement.”
Another group raising money for genetic investigations are the producers of true-crime podcasts — and their listeners. According to the article, the podcast-producing company Audiochuck has donated roughly $800,000 to organizations doing investigative genealogical research (including Othram), though the majority went to a nonprofit started by the host of the “Crime Junkie” podcast. (And that nonprofit raised another $250,000, some through crowdfunding.)

“Why just listen to a murder podcast when you can help police comb through genealogical databases for the second cousins of suspected killers and their unidentified victims?” the Times asks?

So far donors around the country have given at least a million dollars to the cause. They could usher in a world where few crimes go unsolved — but only if society is willing to accept, and fund, DNA dragnets…. A group of well-off friends calling themselves the Vegas Justice League has given Othram $45,000, resulting in the solving of three murder-rape cases in Las Vegas, including those of two teenage girls killed in 1979 and in 1989…. [T]he perpetrators were dead….

Natalie Ram, a law professor at the University of Maryland, expressed concern about “the public picking and choosing between cases,” saying investigative priorities could be determined by who can donate the most. Ms. Ram said the “largest share” of cases solved so far with the method “tend to involve white female victims….”
Ms. Ram is also concerned about the constitutional privacy issues raised by the searches, particularly for those people who haven’t taken DNA tests or uploaded their results to the public internet. Even if you resolve never to put your DNA on a site accessible to law enforcement authorities, you share DNA with many other people so could still be discoverable. All it takes is your sibling, aunt or even a distant cousin deciding differently.

“There was just one major problem,” the article notes. “Crazy Eddie had been lying about its numbers since its inception — and the higher the stock soared the further founder Eddie Antar went to maintain the illusion.”

It’s a colorful story from the early days of home PC sales. Antar’s uncle hid up to $3.5 million in cash in a false ceiling at Antar’s father’s house, according to The Hustle. “Eddie Antar kept close tabs, usually calling his uncle twice a day to see how much money they were skimming…. The skimming strategy allowed Antar to not only hoard cash but also evade sales taxes. His employees were also paid off the books so Crazy Eddie could avoid payroll taxes.”

“Money was always in the house,” said Debbie Rosen Antar, Antar’s first wife, to investigators in the late 1980s. “And if I needed it and I asked him, he would say, ‘Go underneath the bed and take what you need….'”

Why would a company built on a family fraud go public? Somebody told Antar he could keep making millions skimming cash, but he could make tens of millions if the company traded on the stock market. Strangely, Crazy Eddie’s fraudulent history gave it an advantage. To provide the illusion of quickly increasing profits ahead of the IPO, the Antars simply reduced the amount of cash they were skimming. With millions more on the ledger instead of in the family’s pockets, the company’s profits looked more impressive.
As a public company, Crazy Eddie then made up for its inability to skim cash by initiating new fraud streams.

– The company embellished its inventories by millions of dollars to appear better-stocked and better positioned for profits.

– The Antar family laundered profits it had previously skimmed — and deposited in foreign bank accounts — back into the company to inflate revenues….

In November 1987, a hostile investment group led by Houston entrepreneur Elias Zinn pounced, purchasing Crazy Eddie. As Antar’s cousin later recounted, Antar thought the sale would at least give them an opportunity to pin the fraud on the new owners. But Zinn immediately discovered $45 million of listed inventory was missing. Stores soon closed, and the company went bankrupt in 1989.
Two disgruntled ex-employees then brought fraud allegations to America’s stock-regulating agency, the article reports, while the FBI “started sniffing around, too.” Crazy Eddie fled the country, using forged passports to escape to Tel Aviv, Zurich, São Paulo, and the Cayman Islands. But he was eventually arrested in Israel, sentenced to 12.5 years in prison, and ordered to repay investors $121 million (though he apparently served only seven).

But Crazy Eddie also became a cultural phenomenon — sort of. In the 1984 movie Splash, Darryl Hannah’s character even watches a Crazy Eddie TV ad. The Hustle’s article also includes photos of a Crazy Eddie stock certificate — and an actual “Wanted” poster issued the next year by the U.S. Marshalls office.

Yet just four years before his death in 2016, Antar — a high school dropout — was telling an interviewer from The Record that “I changed the business….”

During the presentation, PenLink’s Scott Tuma described how the company works with law enforcement to track users through multiple services, including the “phenomenal” Apple with iCloud. Apple is open about what it does in the event of a suboena from law enforcement. It’s specific about how it will not unlock iPhones, for instance, but it will surrender information from iCloud backups that are stored on its servers. “If you did something bad,” said Tuma, “I bet you I could find it on that backup.” Tuma also says that in his experience, it’s been possible to find people’s locations through different services, although not through iCloud. “[Google] can get me within three feet of a precise location,” he said. “I cannot tell you how many cold cases I’ve helped work on where this is five, six, seven years old and people need to put [the suspect] at a hit-and-run or it was a sexual assault that took place.” It’s also possible for law enforcement and firms like PenLink which help them, to get location data from Facebook and Snapchat. […]