FBI | Breaking Cybersecurity News | The Hacker News

Microsoft and the FBI have taken down a botnet that controlled millions of infected PCs, which was responsible for massive bank fraud.  Botnets are networks of computers infected with viruses that let them be controlled by hackers. The outfit runs the Citadel Botnets and is believed to have stolen more than $500 million from bank accounts over the past 18 months. Citadel is one of the biggest botnets in operation today. Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks. Citadel infected as many as 5 million PCs around the world including here in Australia and according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPM

A website that can be described as " DDoS for hire " is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts payment through PayPal in order to flood sites with junk traffic, overloading servers and denying others access. The service uses a technique called DNS reflection to flood a website and amplify the amount of traffic directed at an address. Unlike other existing sites that offer similar services, the Ragebooter have particularly interesting back door leading directly to the FBI. It seems that the Federal Investigation Bureau uses the site to monitor the activity of users on the network, and that added to the site IP Logger that keeps the IP addresses of all users coming to the site. Investigation shows the site operator is a guy named Justin Folland located in M

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Remember Hector Xavier Monsegur a.k.a Lulzsec hacker  Sabu ?  That  undercover   double agent working for the FBI. Once again Authorities abruptly postponed his sentencing due to his continued cooperation with the feds. All told, he faced a maximum time behind bars of 124 years associated with his guilty plea on ten counts of bank fraud and one count of identity theft. When he was a active member of LulzSec , the group hacked into sites belonging to the CIA, Serious Organised Crime Agency, Sony Pictures Europe and News International. " It's widely believed that Monsegur will receive a reduced sentence for signing a plea agreement and serving as an  informant " cnet said . Monsegur, an unemployed father of two, led the loosely organized group of hackers from his apartment in a public housing project in New York.

Thai police arrested an Algerian Hacker, wanted by the US Federal Bureau of Investigation for allegedly making millions from cybercrime.  Hamza Bendelladj , 24, was arrested late Sunday while attempting to transit through Bangkok's Suvarnabhumi Airport from Malaysia. Police confiscated from Bendelladj two laptops, one tablet computer, a satellite phone and a number of external hard drives, where satellite phone and notebook computer were his main tools, the commissioner said. Bendelladj graduated in computer sciences from Algeria in 2008, has allegedly hacked private accounts in 217 banks and financial companies worldwide. " With just one transaction he could earn 10 to 20 million dollars ," Lt Gen Phanu said. " He's been travelling the world flying first class and living a life of luxury. " Bendelladj will be extradited to the U.S. state of Georgia, where a district court has issued an arrest warrant. " I'm not in the top 10, maybe just

The U.S. Department of Justice said on Tuesday that they've arrested 10 suspects from from Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States involved in a global botnet operation that infected more than 11 million systems. The ring is said to have caused more than $850m in losses in one of the largest cyber crime hauls in history. Officials said international cyber crime rings linked to Butterfly (aka Mariposa) botnet, first discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims. FBI said , " Facebook's security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, and security sy

According to reports, the hackers targeted personal computers retired Admiral Mike Mullen , the former chairman of the Joint Chiefs of Staff. The FBI is hunting for foreign hackers. Mullen is currently teaching WWS 318: U.S. Military and National and International Diplomacy and will teach an unnamed graduate seminar in the spring. According to Mullen's aides, however, he did not save or view classified information on his personal computers. Agents from an FBI cyber-security unit contacted Mullen in late October or early November, and asked that he surrender his computers in connection with the ongoing inquiry. Mullen agreed, and in early November at least one FBI agent collected the computers at his office at the U.S. Naval Institute. One official said that evidence gathered by the FBI points to China as the origin of the hacking, and that it appeared the perpetrators were able to access a personal email account of Mullen. Officials said that Mr. Mullen has had acce

A federal judge ordered the FBI to disclose more information about its " Going Dark "  surveillance program, an initiative to extend its ability to wiretap virtually all forms of electronic communications. Why shocking ? because a federal judge just ruled that police can place surveillance cameras on private property without a search warrant and another federal judge quickly overturned a previous decision blocking the indefinite detention provisions of the National Defense Authorization Act (NDAA) for Fiscal Year 2012. The EFF ( Electronic Frontier Foundation)   has filed filed two freedom of information requests, in response to which they received damned little. Judge Richard Seeborg says the feds need to go back and try again. FBI's wiretapping system is robust and advanced, so request sought documents concerning limitations that hamper the DOJ's ability to conduct surveillance on communication networks including encrypted services like BlackBerry, social-networking sites like

FBI have arrested 14 people over the theft of $1 million from Citibank using cash advance kiosks at casinos located in Southern California and Nevada. Authorities say the suspects would open accounts at Citibank, then go to casinos in California and Nevada and withdraw the money from cash-advance kiosks as many times as they could in a 60-second span. Someone had figured out that a glitch prevented Citibank from recording the extra withdrawals. FBI agents assisted by the Glendale Police Department and the Los Angeles Police Department arrested 13 of the defendants in the Los Angeles area Wednesday and Thursday. The suspects used the money to gamble and were given comped hotel rooms because of the amount they were spending, according to the FBI. Withdrawals were kept under $10,000 to avoid federal transaction reporting requirements, the FBI release read. FBI Special Agent in Charge Daphne Hearn commented, " While advancements in technology have created a world of

FBI's Cyber Division has a new and sharper focus on cyber-intrusion ," You are one click from compromising your network " FBI said. Giving priority to the labeling of suspects follows claims by the Pentagon that the military now has the capability to single out and retaliate against hackers. FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers digital signatures from mountains of malicious code. " A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define the attribution piece of a cyber attack to help determine an appropriate response ", said Richard McFeely , executive assistant director of the Bureau's Criminal, Cyber, Response, and Services Branch. Investigators can send findings to the FBI Cyber Division's Cyber Watch command, a 24-hour station at headquarters, where sp

Users should be aware that Cyber criminals are finding new ways to install malicious software on devices. The latest threat to Android phone users, according to the FBI , is a "work-at-home opportunity that promises a profitable payday just for sending out email." The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher .  Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number . FinFisher is a spyware capable of taking over the components of a mobile device. When in