The battle for e-privacy

At the Chaos Communications Congress, experts come together to discuss the hottest topics concerning security, privacy, and human rights in the digital age. Naturally, the new European ePrivacy Regulation was on the agenda this year.

Transatlantic Cable podcast, episode 30

Welcome to the 30th edition of the Transatlantic Cable podcast. In this episode, Dave and I discuss a cryptocurrency that seems like it missed a huge naming opportunity, more calls to delete Facebook now, and a rocket man. For more details on the stories we discuss, please see the links below:

The FBI’s 10 Most-Wanted Black-Hat Hackers – #9 and #8

Recently, we renewed our countdown of the FBI’s 10 most wanted black-hat hackers. First up was Bezhad Mesri at number 10. He is accused of having compromised Home Box Office (HBO) employees’ emails and abused that access to steal data, extort the company for ransom, and leak the information online when he didn’t get his way.This week, we present No. 9 and No. 8: Viet Quoc Nguyen and nine individuals collectively known as the “JabberZeus” suspects.#9 – Viet Quoc NguyenBeginning around February 2009, Viet Quoc Nguyen a/k/a “Vandehiu” a/k/a “Peter Nguyen” partnered with Giang Hoang Vu a/k/a “Lee Vu” and others to defraud at least eight different email service providers (ESPs) and to send spam mail to numerous individual recipients.Nguyen and Vu’s malicious scheme began when they acquired crypters, covert monitoring tools, and malware. The two black-hat hackers then launched phishing email attacks against some of their targeted ESPs. Those campaigns delivered malware, thereby allowing Nguyen and Vu to access victimized employees’ computers in order to steal credentials for their employer’s systems.The stolen information laid the foundation for Nguyen and Vu to access the ESPs’ systems and steal confidential information including tens of millions of customers’ email addresses. In other cases, they abused that access to launch phishing attacks against other ESPs’ employees in order to infiltrate those companies’ systems. Sometimes they even leveraged the email addresses they stole to conduct spam mail campaigns leading to Nguyen’s affiliate-marketing websites.For his alleged crimes, a federal grand jury charged Nguyen with 29 counts including wire fraud, aggravated identity theft, and other offenses. It wasn’t long after that the United States District Court in the Northern District of Georgia in Atlanta, Georgia issued a federal warrant for his arrest on 3 October 2012.Nguyen is known to have resided in Deventer, Netherlands and Hanoi, Vietnam around the time that he is believed to have committed the crimes.#8 – The JabberZeus SuspectsIn 2012, the United States District Court for the District of Nebraska indicted nine individuals for having infected thousands of computers with the Zeus banking Trojan, malware which they used to steal millions of dollars from victims’ bank accounts.The charges against them include conspiracy to participate in a racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.Those named in the indictment include the following:Vyacheslav Igorevich Penchukov, 32, of Ukraine, aka “tank” or father”Ivan Viktorvich Klepikov, 30, of Ukraine, aka “petr0vich” or “nowhere”Alexey Dmitrievich Bron, 26, of Ukraine, aka “thehead”Alexey Tikonov, of Russia, aka “kusanagi”Yevhen Kulibab, aka “jonni”Yuriy Konovalenko, aka “jtk0”John Doe #1, aka “lucky12345”John Doe #2, aka “aqua”John Doe #3, aka “mricq”Together, this cybercrime ring unlawfully installed the Zeus banking Trojan on victims’ computers, allowing them to steal usernames, passwords, and other information necessary for them to gain access to their victims’ banking accounts.By claiming they were employees of the victims and were authorized to manage their funds on their behalf, the JabberZeus suspects tricked a number of organizations, including a bank and a company based in Nebraska, into wiring more than $70 million to “money mules” based in the United States. These persons then forwarded some of the funds to the conspirators.In total, the JabberZeus suspects are believed to have successfully stolen or attempted to steal upwards of $220 million.While a number of individuals have been found, tried, and convicted, the scheme’s four masterminds—Penchukov, Klepikov, Bron and Tikonov—remain at large.

8 checklist items to help with GDPR compliance

The European Union (EU) adopted the General Data Protection Regulation or GDPR on April 2106 to keep personal data for EU citizens safe. In the wake of an increase in the number of malicious attacks that compromise businesses’ networks, it was high time government regulation stepped in to protect personal data.

Energy-saving Bitcoin rival Chia raises from A16Z, plans mini-IPO

Bram Cohen invented torrenting. Now he’s building a cryptocurrency called Chia that doesn’t waste electricity like Bitcoin, and top investors are lining up. Chia has just raised a $3.395 million seed round led by AngelList’s Naval Ravikant and joined by Andreessen Horowitz, Greylock and more. The money will help the startup build out its Chia coin and blockchain powered by proofs of space and time instead of Bitcoin’s energy-sucking proofs of work, which it plans to launch in Q1 2019.

Prevention Is Better Than Cure – Are You Cyber Secure?

A cyber attack can be as simple as an email that looks like it comes from your bank and includes an urgent link for you to click. When you take a close look at the email though you’ll see it isn’t real. Then if you hover your mouse over the link you’ll see that the web address looks fake, contains gibberish, or has names in it that aren’t associated with your bank. You may even find typos in the email or it could even look like it was written by someone whose second language is English.

Unified Access Management for Systems

Is there a solution that offers unified access management for systems such as Microsoft® Windows®, Linux®, and Mac®, regardless of if they are located on-prem or in the cloud? The short answer is yes – there is a modern cloud directory service that can not only manage access to systems, but to applications, files, and networks too. The longer answer is that the identity and access management (IAM) market has been searching for a unified access management solution that can securely manage and connect users to the IT resources they need, including systems, for a long time now. We’ll discuss the reasons why this is the case, but before we do that, we should outline what unified access management means.