Archive for the 'Cyber Crime' Category

While cryptocurrencies like Bitcoin and Ethereum have enjoyed meteoric popularity over the past several months, there are still many potential investors who remain skeptical. And one of the reasons for this skepticism is the ongoing concern about cryptocurrency security. Now that a second major hack of Ethereum has taken place within the span of one week, those concerns may have more traction, although it certainly hasn’t stopped many investors from shifting their attention to the digital money space.

Two High-Profile Hacks in Three Days

Ethereum suffered major losses because of two separate hacking incidents that occurred within three days of each other last week, according to a report by PC Gamer.

The second of the two robberies was the more substantial. It exploited a vulnerability in Parity, the digital wallet service popular among many Ethereum miners. Hackers stole about 153,000 Ether, the network’s native currency, with a value of about $34 million. The hackers stole this sum from three different multi-signature Ethereum wallets.

Gavin Wood, founder of Parity, issued a critical security notice in response to the hacking event. “A vulnerability in Parity Wallet’s variant of the standard multi-sig contract has been found,” he explained.

Wood then urged all Parity users to “immediately move assets contained in the multi-sig wallet to a secure address.” Simultaneously, hackers working to defend the network siphoned more than 377,000 additional Ether tokens to a safe space. The White Hat Group explained its actions in a post on Reddit, saying it would re-issue the funds back to owners once the vulnerability could be properly addressed.

CoinDash Exposes Another Entry Point for Hackers

The other hacking event, which occurred last week, exposes another point of concern with regard to crypto security. Hackers stole about $10.3 million in Ether from CoinDash, a popular exchange. In this case, the robbers may have simply replaced wallet addresses with a simple hack.

And yet, in spite of these and a number of other prominent thefts in recent months,

its seem to be showing no signs of slowing down in terms of growth.

The largest currencies, Bitcoin and Ethereum, have appreciated 178% and 2,569%, respectively, so far in 2017, and the overall user base of cryptocurrencies worldwide is expanding at a significant pace. It could be that the risk of hacking and theft is simply not great enough in the minds of potential investors to convince them to stay away from a potentially lucrative investment.

PC Gamer suggests that the downfall of cryptocurrencies, if there is one at any time in the future, would more likely be because of a drop in the values of those currencies than due to concerns over possible theft of assets.



AlphaBay,  one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods — that mysteriously went dark earlier this month without any explanation from its admins has reportedly been shut down by the international authorities.

On July 4th, the dark web marketplace suddenly went down without any explanation from its admins, which left its customers who have paid large sums in panic.

Some customers even suspected that the site’s admins had pulled an exit scam to steal user funds.

However, according to the Wall Street Journal, the disappearance of the AlphaBay came after authorities in the United States, Canada, and Thailand collaborated to conduct a series of raids and arrest Alexandre Cazes, who allegedly was one of the AlphaBay’s operators.

Citing_ “people familiar with the matter,”_ the publication claims that Cazes, a resident of Canada, was arrested in Thailand and taken into custody in Bangkok on July 5th, the same day the police executed two raids on residences in Quebec, Canada.

The 26-year-old Canadian citizen was awaiting extradition to the United States when a guard found him hanged in his jail cell on Wednesday, the Chiang Rai Times confirms. Cazes is believed to have hanged himself using a towel.

AlphaBay Market — one of the largest Dark Web marketplaces for drugs, guns, and other illegal goods — that mysteriously went dark earlier this month without any explanation from its admins has reportedly been shut down by the international authorities.

On July 4th, the dark web marketplace suddenly went down without any explanation from its admins, which left its customers who have paid large sums in panic.

Some customers even suspected that the site’s admins had pulled an exit scam to steal user funds.

However, according to the Wall Street Journal, the disappearance of the AlphaBay came after authorities in the United States, Canada, and Thailand collaborated to conduct a series of raids and arrest Alexandre Cazes, who allegedly was one of the AlphaBay’s operators.

Citing_ “people familiar with the matter,”_ the publication claims that Cazes, a resident of Canada, was arrested in Thailand and taken into custody in Bangkok on July 5th, the same day the police executed two raids on residences in Quebec, Canada.

The 26-year-old Canadian citizen was awaiting extradition to the United States when a guard found him hanged in his jail cell on Wednesday, the Chiang Rai Times confirms. Cazes is believed to have hanged himself using a towel.

Cazes had been living in Thailand for nearly 8 years. During his arrest, authorities also seized “four Lamborghini cars and three houses worth about 400 million baht ($11.7 million) in total.”

AlphaBay, also known as “the new Silk Road,” also came in the news at the beginning of this year when a hacker successfully hacked the AlphaBay site and stole over 200,000 private unencrypted messages from several users.

After the disappearance of Silk Road, AlphaBay emerged in 2014 and became a leader among dark web marketplaces for selling illicit goods from drugs to stolen credit card numbers, exploits, and malware.

Unlike dark web market ‘Evolution’ that suddenly disappeared overnight from the Internet, stealing millions of dollars worth of Bitcoins from its customers, AlphaBay Market was shut down by the law enforcement, suffering the same fate as Silk Road.

Silk Road was shut down after the law enforcement raided its servers in 2013 and arrested its founder Ross William Ulbricht, who has been sentenced to life in prison.

The FBI also seized Bitcoins (worth about $33.6 million, at the time) from the site. Those Bitcoins were later sold in a series of auctions by the United States Marshals Service (USMS).


Personal details of some 120 Million customers have been allegedly exposed on the Internet in probably the biggest breach of personal data ever in India.

Last night, an independent website named went online, offering Reliance Jio customers to search for their identification data (Know Your Customer or KYC) just by typing in their Jio number.

Reliance set up the Jio 4G network across the length and breadth of India in September last year and gained more than 50 million subscribers within a span of just 83 days. The company gave seven months of free internet, unlimited calls, unlimited music to its subscribers.

Although the website that claimed to have hacked into Jio database is no longer accessible, many users confirmed their personal data showed up on the website, displaying their names, email addresses and most alarmingly, in some cases, Aadhaar numbers.

Aadhaar is a 12-digit unique identification number issued by the Indian government to every resident of India. This number is also used for enrolling for a SIM.

In response to the breach, Reliance Jio released a statement, saying that the claims are unverified and that the leaked data appears to be “unauthentic.”

“We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic,” a spokesperson said.

“We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement.”

The Jio spokesperson said the company has “informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”


Breach Appears to be Authentic! But Doesn’t Affect All JIO Users

The Hacker News independently verified the leak for a few Jio numbers, and the data came out to be accurate for some Jio numbers, but not for all.Therefore, the data on the website seems to be authentic, but luckily some customers are spared–probably those who have been issued Jio SIM after the breach.

For obvious reasons, we are not naming the customers we tested on the website and found their identity leaked just by typing their mobile number. The leaked information includes:
First Name
Middle Name
Last Name
Mobile Number
SIM Activation Date and Time
Aadhaar Number, in some cases Mobile numbers for other telecom operators in India, such as Vodafone and Airtel, did not work on the website.


Hackers Identity is Unknown Yet

The website was hosted by the web hosting company and was registered in May 2017, but so far it is not clear who owned the domain.

Also, it is not clear at this moment that how the hackers got access to sensitive data of Jio customers and was it Jio who got hacked or some third-party marketing company with whom the company shared its customer’s data.

Though there is very little victims (especially those who have exposed their Aadhaar number) can do to protect themselves from future attacks. Hackers holding their Aadhaar number can disguise their identities to carry out several frauds.

All Jio customers are highly recommended to be vigilant to unrequested calls asking for their further details or account passwords. No company asks for these details over phone calls or emails.

Victims should also particularly be alert of the Phishing emails, which are usually the next step of cyber criminals after a large-scale hack at any telecoms company. Phishing tricks users into giving up further personal details like passwords.


January 9, 2017


Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.


The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.


On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.


The attackers left a message behind for the database administrators asking for 0.2 bitcoins (around US $180) to return the data.


A day later, the number of databases wiped by Harak1r1 had reached 2,500 and by Friday, more than 8,600 had been affected and contained the ransom message.


In addition, other attackers have joined the scheme, researchers counting at least five groups with different ransom messages so far. Together, the groups deleted 10,500 databases, and in some cases, they’ve replaced each other’s ransom messages.


The bad news is that most of them don’t even bother copying the data before deleting it, so even if the victims decide to pay, there’s a high chance they won’t get their information back.


Gevers said he has helped some victims and there was no evidence in the logs that the data had been exfiltrated. He advises affected database owners not to pay and to get help from security professionals.


MongoDB administrators are advised to follow the steps on the security checklist from the MongoDB documentation in order to lock down their deployments and prevent unauthorized access.




When John Matherly released SHODAN, search engine which could collect data on web servers like HTTP port 80, FTP etc. It was considered a success, in the hackers point of view. And now there’s censys.


Censys was created by a group of scientists from the University of Michigan as an instrument to make Internet more secure. In fact, both Shodan and Censys are meant for security researches, but as the duo gains more and more attention, there certainly can be a lot of people who would try to use it for more nefarious purposes.
Censys is just like shodan but, more user friendly and works in a better and broader way. Censys is like a time saving buddy for the system lovers or the so called hackers.






Millions of devices like the home routers, ip cameras, mobile phones use same set of cryptographic keys for SSH secure shells or https. Which makes them vulnerable to hijacking. The vendors build and deploy their products. Typically, the vendors build their device’s firmware based on software development kits (SDKs) received from chip makers. They are too lazy to change the codes.


Censys conducts a daily scan on whole internet database almost everything. It scans all the IPv4 addresses which controls the majority internet traffic. It makes sure that it checks all the possible vulnerabilities. When researcher conducted the mass scan of 4 billion ip addresses the result was shocking.


“We have found everything from ATMs and bank safes to industrial control systems for power plants. It’s kind of scary,” said Zakir Durumeric, the researcher leading the Censys project at the University of Michigan and inventor of ZMap. Censys uses mainly two tools.








The first step of collecting data is Zmap(20) it performs single packet host discovery and scans all the Ipv4 address space. Hosts found by ZMap seed pluggable application scanners, which perform a followup application layer handshake and produce structured JSON data describing a certain aspect of how a host is configured. Typically, application scanners only perform a single handshake and measure one aspect of how a service is configured. For example, they perform separate horizontal scans and use different pluggable scanners to measure how HTTPS hosts respond to a typical TLS handshake, whether hosts support SSLv3, and whether a host is vulnerable to the heart bleed attack. Since collecting all the data from a single scan may cause load on the host., it instead uses scheduled scans thereby aggregating the data collected from each scheduled scans.





It is a fast and more extensible application scanner. At this time, ZGrab supports application handshakes for HTTP, HTTP Proxy, HTTPS, SMTP(S), IMAP(S), POP3(S), FTP, CWMP, SSH, and Modbus, as well as StartTLS, Heartbleed, SSLv3, and specific cipher suite checks. On a dual-Xeon E5-2640 (6-cores at 2.5 GHz) system with an Intel X520 ethernet adapter, ZGrab can complete HTTPS handshakes with the full IPv4 address space in 6h20m, and a banner grab and StartTLS connection with all publicly accessible SMTP hosts in 3h9m, 1.86k and 1.32k hosts/second respectively. In simple words ZMap quickly identifies hosts and ZGrab produces structured data about each of those hosts. Zgrab can be used independently. It does on even on one host from simply reading and writing a data to initiating a handshake.


Censys exposes data back to the community, which ranges from researchers who need to quickly perform a simple query to those who want to perform in-depth analysis on raw data. In order to meet these disparate needs, they are exposing the data to researchers through several interfaces, which offer varying degrees of flexibility.


1) a web-based query and reporting interface,

2) a programmatic REST API,

3) Public Google BigQuery tables,

4) Raw downloadable scan results. They are planning to publish pre-defined dashboards that are accessible to users outside of the research community.

Neither Shodan nor Censys are likely to be used by some serious cyber criminals — the real big bad guys have had botnets for a while, which can serve the very same purpose yet yield more power. It took Shodan’s creator John Matherly only 5 hours to ping and map all the devices on the whole Internet, and a botnet utilising hundreds of computers would probably do that even faster.


But there are a lot of other people who already have tried to misuse Shodan and Censys to play bad tricks and pranks on other people. And while the problem with the IoT security is mostly for the manufacturers to solve, there are a few things that you can do about it to secure those connected things that actually belong to you.






An unknown hacker or a group of hackers just claimed to have hacked into “Equation Group” — a cyber-attack group allegedly associated with the United States intelligence organization NSA — and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online.


In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency.


Screenshot from 2016-08-17 10:08:23



In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr, but a cached version here was still available as this post was going live). Last year, Kaspersky Lab researchers described Equation Group as one of the world’s most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn’t immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group.

The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers including, Cisco, Juniper, and Fortinet.


According to the leaked files, Chinese company ‘Topsec’ was also an Equation Group target.


The leak mentioned names of some of the hacking tools that correlate with names used in the documents leaked by whistleblower Edward Snowden, like “BANANAGLEE” and “EPICBANANA.”


Screenshot from 2016-08-17 10:08:40 Screenshot from 2016-08-17 10:08:56 Screenshot from 2016-08-17 10:09:24


It is yet not confirmed whether the leaked documents are legitimate or not, but some security experts agree that it likely is. “I haven’t tested the exploits, but they definitely look like legitimate exploits,” Matt Suiche, founder of UAE-based cyber security firm Comae Technologies, told the Daily Dot.


While some are saying that the leak could be a very well-researched hoax, and the Bitcoin auction could be nothing but a distraction in an attempt to gain media attention.
At the same time, the Risk Based Security post cautioned that so-called false-flag operations—in which attackers manufacture evidence that falsely implicates others—is a regular occurrence in hacking campaigns, particularly those sponsored by nations. If the claims in the Shadow Brokers’ post are true, this may be one of the only publicly known times the NSA has been compromised. But even if the claims turn out to be exaggerated, the Shadow Brokers’ post is significant, if only for the amount of work and planning that went into the fabricating evidence to provoke one of the world’s most advanced hacking operations.




Map Real Time Cyber Attacks

Author: Satish Arthar
May 4, 2016

It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple ways of tracking online attacks and attackers around the globe and in real-time.


A couple of notes about these graphics. Much of the data that powers these live maps is drawn from a mix of actual targets and “honeypots,” decoy systems that security firms deploy to gather data about the sources, methods and frequency of online attacks. Also, the organizations referenced in some of these maps as “attackers” typically are compromised systems within those organizations that are being used to relay attacks launched from someplace else.

The main method is by getting reports back from Intrusion Detection Systems. So each attack that hits an IDS is reported back you have the source of the attack – which may not be the instigator – just the ip registered as attacking you. and of course the target is known to the IDS as the IDS IS the target.The IDS could be software or hardware based.


FireEye Cyber Threat Map, While the FireEye Cyber Threat Map doesn’t technically operate in real time, it does generate a very interesting picture of how surreptitiously installed malware communicates with the server systems that are remotely controlling the malicious software.






My favorite – and perhaps the easiest way to lose track of half your workday (and bandwidth) comes from the folks at Norse Corp. Their map – IPViking – includes a wealth of data about each attack, such as the attacking organization name and Internet address, the target’s city and service being attacked, as well as the most popular target countries and origin countries.



Screenshot from 2016-05-04 14:45:27


Another live service with oodles of information about each attack comes from Arbor Networks’ Digital Attack map. Arbor says the map is powered by data fed from 270+ ISP customers worldwide who have agreed to share anonymous network traffic and attack statistics.



Screenshot from 2016-05-04 14:13:50



Kaspersky’s Cyberthreat Real-time Map is a lot of fun to play with, and probably looks the most like an interactive video game. Beneath the 3-D eye candy and kaleidoscopic map is anonymized data from Kaspersky’s various scanning services. As such, this fairly interactive map lets you customize its layout by filtering certain types of malicious threats, such as email malware, Web site attacks, vulnerability scans, etc.



Screenshot from 2016-05-04 21:12:33



The Cyberfeed, from Anubis Networks, takes the visitor on an automated tour of the world, using something akin to Google Earth and map data based on infections from the top known malware families. It’s a neat idea, but more of a malware infection map than an attack map, and not terribly interactive either. In this respect, it’s a lot like the threat map from Finnish security firm F-Secure, the Global Botnet Threat Activity Map from Trend Micro, and Team Cymru’s Internet Malicious Activity Map.



The Honeynet Project’s Honey Map is not super sexy but it does include a fair amount of useful information about real-time threats on honeypot systems, including links to malware analysis from Virustotal for each threat or attack.



Additionally, the guys at OpenDNS Labs have a decent attack tracker that includes some nifty data and graphics.


Speaking of attacks, some of you may have noticed that this site was unreachable for several hours over the last few days. That’s because it has been under fairly constant assault by the same criminals who attacked Sony and Microsoft’s gaming networks on Christmas Day. We are moving a few things around to prevent further such disruptions, so you may notice that some of the site’s features are a tad flaky or slow for a few days.


We made ths post becoz, we Cyber51 decided to build one of our own. When we started more focused on user experience and information accessibility. We were able to create a close to real time cyber attack monitoring system that is engaging, interactive, and insightful. Soon it may suprise you all with nice some functions.



March 4, 2016



Each and every day we’re becoming increasingly connected. This has been driven by an acceleration of the Internet of Things – a highly complex network of physical devices and systems with embedded electronics and network connectivity – that enable devices to communicate and exchange data.


This rapid uptake has been largely made possible by the transition into IPv6 – the latest version of the IP networking protocol that underpins every aspect of our digital lives. This new protocol provides us with 340 Trillion Trillion available addresses, which to give you some perspective – is 1021 addresses per square meter on earth. This new version solved a serious problem that was inherent in its predecessor IPv4 – that there were not enough addresses available to cope with the blistering expansion of the internet.


In the future every single device that we own will be interconnected to every other – but has anybody thought about the security implications that this presents? The evidence to date suggests not. Building security into these devices appears to be an after-thought. Security has become a bolt-on addition to products following their development cycle, rather than being integrated into the product design from the ground up.


As the result?

A network of interconnected & insecure devices that are publicly accessible from the internet. You may not have known but a project exists that aims to automate the detection and cataloguing of these devices.


Screenshot from 2016-03-04 21:39:51


Shodan is a search engine much like Google, however that’s where the similarities end. Rather than indexing web content over ports 80 (HTTP) or 443 (HTTPS) like Google – Shodan crawls the web searching for devices that respond on a host of other ports including 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 80, 443, 3389 (RDP) and 5900 (VNC). Once Shodan discovers a host that’s responding on a given port it connects to the machine and pulls down the port banner. This information then becomes indexed along with the devices geolocation data.


Since launching in 2009 Shodan has discovered and indexed a wide range of internet connected devices, including webcams, traffic signalling equipment, routers, firewalls, CCTV systems, industrial control systems for nuclear power plants and electrical grids, domestic home appliances and much more. These devices have been connected to the internet without any thought for security – often without even implementing basic protections such as a strong username and password.




Screenshot from 2016-03-04 21:42:49


Screenshot from 2016-03-04 21:42:13


Searching on Shodan is simple and powerful and gives you the ability to find what you’re looking for with ease. Your number of results is limited with a basic account – so you may need to upgrade if you’d like to access and make use of premium features. These include accessing the full search listings, plotting the host locations on maps and finding exploits for ports and services based upon version information.

Like any good search engine Shodan also gives you the option to search using various filters – which makes it much easier to narrow your results down and find what you’re looking for.

city: find devices in a particular city

country: find devices in a particular country

geo: you can pass it coordinates

hostname: find values that match the hostname

net: search based on an IP

os: search based on operating system

port: find particular ports that are open

before/after: find results within a timeframe


We could for example use these filters to search for apache city:”Newyork” to find Apache servers in Newyork or even Server: “Apache” country:”US” to find all webcams in the United States.



Screenshot from 2016-03-04 21:40:47



While it’s frightening to learn how many Internet of Things devices are completely unsecured – there’s also another story behind the ones that are. Many of the devices that Shodan detects and indexes do have some security in place – requiring authentication for example, but even these devices aren’t 100% safe from unauthorised access. In the ever-changing world of cyber security nothing remains static, and new exploits and vulnerabilities are being discovered and disclosed all of the time.


A significant example involves one of the largest and most well-known computer networking companies in the world – Juniper. In a recent public disclosure Juniper revealed that the firmware running on some of their devices contained a hard-coded back-door password that would allow anybody connecting to a vulnerable device to simply supply that password against a valid user account to gain full administrative access to the device over Telnet or SSH. This exploit for against a vulnerable NetScreen firewall. You can read the full disclosure here: CVE-2015-7755.


Using Shodan we can search for Juniper firewalls and browse through the list to find those that are running a vulnerable version of the ScreenOS firmware. Once we’re connected we’d be able to supply the known backdoor password with a default ScreenOS user account (system) and be able to begin remote management of those devices.


Screenshot from 2016-03-04 21:45:32


We’re  talking about firewalls that are live on mission critical networks all over the world. And how many of these potentially vulnerable NetScreen firewalls has Juniper indexed? More than 18,000. Assuming only 10% of those are vulnerable (which is an extremely conservative estimate) that’s 1,800 vulnerable Juniper firewalls that are currently sitting targets right now on the internet.


At DefCon 2012 an independent security researcher and penetration tester Dan Tentler demonstrated how he was able to use Shodan to find control systems for evaporative coolers, pressurised water heaters and even garage doors. He was also able to find a hydroelectric plant in France, a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with the click of a button. He even found a city’s entire traffic control system was connected to the internet and could be interrupted with some simple commands.


If these large enterprises haven’t got the resources to lock down and protect their infrastructure then what chance do we have? It’s up to manufacturers to build security into our products and services so that it removes the responsibility from ourselves.


Attacks on critical infrastructure until now have been minimal to non-existent. Unfortunately it’s only a matter of time before this changes. Attacks on networked industrial control systems are going to become a significant threat to our safety and security – given that computer systems regulate the treatment plants that deliver our drinking water, the traffic lights that allow us to drive safely, the signalling systems on a transport networks and the nuclear reactors that deliver our energy.


As consumers we need to think carefully about the smart products that we purchase and consider the security implications that come with many of these devices. As businesses we need to make sure that we have a proper risk management framework in place – and that the person or organisation that’s looking after our technology is also capable of looking after our security.


Cyber Crime on the rise

Author: Martin Voelk
February 3, 2016

You can read about Cyber crime in the papers daily. Breaches and hacks in all parts of the world. However what is often neglected is the fact that a lot of the Cyber crime is committed by a lot absolute amateurs with very little IT knowledge. The victims unfortunately, in most cases, are even less experienced in even basic IT Security. A lot of the crimes could be prevented by basic user education. Even a lot of companies fail to educate their users around the threats out there, so one can imagine how the security awareness is around individuals and families.

No doubt there are sophisticated hacking groups, organised networks and individuals who are very skilled and true Black hats. But the sort of scams we see almost daily are sometimes so basic, yet so effective due to the lack of education.

A few very bad examples we encountered:

  • Bad guy sends an email to someone’s wife asking for confidential information like a credit card by email. Bit of research, new gmail or Yahoo address and the results are stunning how many people send their Credit Card information to their alleged husband/wife
  • Installing Malware with a Microsoft installer and even disabling AV because the instruction of the great game or tool asks people to
  • Trusting any Facebook profile if people believe it’s actual a friend, not realising that anyone can set up any Facebook profile and pretext to be someone else
  • Get a $100 USD/EUR/GBP voucher for XYZ  by simply answering 5 questions and authenticate with your Gmail / Yahoo / Hotmail / Amazon or Ebay account. This is a bit more sophisticated but for the bad guys easily done. The problem is cross authentication where you have legit sites which allow you to use FB/Twitter login. If in doubt – don’t enter credentials! No one will give anyone a $100 voucher for a few questions.

A few golden rules to mitigate threats:

  • Mistrust all email which isn’t digitally signed (verify offline, call the boss, husband, wife or whoever asks for something sensitive by Email)
  • Don’t blindly install cool games or tools. Run an AV scan on everything first
  • Don’t trust Social Media and especially not requests for sensitive information over that medium. Verify offline
  • No one will give you a $100 USD voucher for just a few questions. And if someone really does, there is no need to supply a password ever!

A police officer in a small town in the UK recently addressed the fact that 80% of Cyber crime could be prevented by basic user education and security awareness. Very good article.




UK police hires Ex-Hacker

Author: Martin Voelk
January 11, 2016

Law enforcement often is hiring Top nodge Ex-Hackers to provide their services for them. Everyone knows about the famous Kevin Mitnick who once was the most wanted by the FBI. These days Mr. Mitnick runs his own business helping others to stay safe from Cyber Crime.

More recently something similar happened in the UK. Tony Sales was one of the biggest online fraudsters in the UK and has recently been hired by West Midlands police in the UK.