law enforcement | Breaking Cybersecurity News | The Hacker News

An international law enforcement operation has resulted in the arrest of 288 vendors who are believed to be involved in drug trafficking on the dark web, adding to a long list of  criminal enterprises  that have been shuttered in recent years. The effort, codenamed Operation SpecTor , also saw the authorities confiscating more than $53.4 million in cash and virtual currencies, 850 kg of drugs, and 117 firearms. The largest number of arrests were made in the U.S. (153), followed by the U.K. (55), Germany (52), the Netherlands (10), Austria (9), France (5), Switzerland (2), Poland (1), and Brazil (1). "This represents the most funds seized and the highest number of arrests in any coordinated international action," U.S. Attorney General Merrick B. Garland  said . "The drug traffickers are confident that, by operating anonymously on the dark web, they can operate outside the bounds of the law. They are wrong." The arrests stem from evidence gathered after the  tak

The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn't mention the number of affect customers, in a report , the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organization who worked with Experian to investigate the breach—disclosed that the attacker had reportedly stolen data of 24 million South Africans and 793,749 business entities. Notably, according to the company, the suspected attacker behind this breach had already been identified, and the stolen data of its customers had successfully been deleted from his/her computing devices. "We have identified the suspect and confirm that Experian South Africa was successful in obtaining and executing an Anton Piller order which resulted in the individual's hardware being impounded and the misappropriated data being

As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee

The United States Department of Justice said today that they had arrested hundreds of criminals in a global crackdown after taking down the largest known child porn site on the dark web and tracing payments made in bitcoins. With an international coalition of law enforcement agencies, federal officials have arrested the administrator of the child sexual abuse site, 23-year-old Jong Woo Son of South Korea, along with 337 suspects who have been charged for allegedly using the site. The site in question is "Welcome to Video," which operated from June 2015 until March 2018 and hosted over 250,000 sexual exploitation videos of children, toddlers, and infants, which comprised of roughly over 8TB of data. According to a press release published by DoJ, the Welcome to Video site hosted more than 250,000 unique videos, and almost 45 percent of the videos contain new images that have not been previously known to exist. The operation also resulted in the rescue of at least 23

U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that's reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a "geofence" warrant, authorities obtain location history of all devices from Google's Sensorvault database that pass through a crime scene over a certain time period. For those unaware, Google maintains Sensorvault database over nearly the past decade which contains precise location information from hundreds of millions of smartphones around the world and shares it with authorities to help in criminal cases. However, Google does not share identifiable information on all devices after receiving a warrant. Instead, authorities have to first narrow down their list of suspects using the location history data, only after which Google shares further information about a few selected u

Can feds force you to unlock your iPhone or Android phone? ..."NO" A Northern California judge has ruled that federal authorities can't force you to unlock your smartphone using your fingerprints or other biometric features such as facial recognition—even with a warrant. The ruling came in the case of two unspecified suspects allegedly using Facebook Messenger to threaten a man with the release of an "embarrassing video" to the public if he did not hand over money. The federal authorities requested a search warrant for an Oakland residence, seeking to seize multiple devices connected to the suspects and then compel anybody on the premises at the time of their visit to unlock the devices using fingerprint, facial or iris recognition. However, Magistrate Judge Kandis Westmore of the U.S. District Court for the Northern District of California turned down the request, ruling the request was "overbroad and neither limited to a particular person nor

Australia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill , on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The Australian government argues the new legislation is important for national security and an essential tool to help law enforcement and security agencies fight serious offenses such as crime, terrorist attacks, drug trafficking, smuggling, and sexual exploitation of children. Since the bill had support from both major parties (the Coalition and Labor), the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019. Although the new legislation does not properly clarify specifics around the potential power that the Assistance

It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars. Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system. Tor browser users should take this news an early warning, especially who use Tails OS to protect their privacy. Zero-day exploit acquisition platform has also published some rules and payout details on its website, announcing that the payout for Tor exploits with no JavaScript has been kept double than those with JavaScript enabled. The company has also clearly mentioned that the exploit must leverage remote code execution vulnerability, the initial attack vector should be a web page and it should work against the latest version of Tor Browser. Moreover, the zero-day Tor exploit must work without requiring an

Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.  This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export authorities have revoked the company's license to sell outside of Europe. Almost a year after it was hacked and got all its secrets leaked online , Hacking Team somehow managed to resume its operations and start pitching new hacking tools to help the United States law enforcement gets around their encryption issues. Hacking Team had sold its malware, officially known as the Galileo Remote Control System , to authorities in Egypt, Morocco, Brazil, Malaysia, Thailand, Kazakhstan, Vietnam, Mexico, and Panama. Hacking Team had also signed big contracts with the Federal Burea

Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues . Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to break encrypted communications. The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions." The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states: "Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as te

The joint operation by authorities of the U.S. Federal Bureau of Investigation (FBI) and European law enforcement seized Silk Road 2.0 , an alternative to the notorious online illegal-drug marketplace last week, and arrested 26-year-old operator Blake Benthall, but that wasn't the end. US and European authorities over the weekend announced the seizure of 27 different websites as part of a much larger operation called Operation Onymous , which led to take-down of more than "410 hidden services" that sell illegal goods and services from drugs to murder-for-hire assassins by masking their identities using the Tor encryption network. " The action aimed to stop the sale, distribution and promotion of illegal and harmful items, including weapons and drugs, which were being sold on online 'dark' marketplaces, " according to the Europol press release . This globally-coordinated take down is the combined efforts of 17 nations which includes the law enforcemen

Vodafone , the world's second-largest mobile carrier with more than 400 million customers around the world has issued its first " Law Enforcement Disclosure Report ", reveals that the governments in some of the countries it operates, have direct access to its network allowing them to listen to all conversations. The Company has broken its silence on government surveillance and after Snowden's revelations about NSA , this is the only most comprehensive transparency report ever published by an International company detailing that how some Governments are taking advantage of their laws to infiltrate citizens privacy. Vodafone operates in 29 countries, where the government agencies need legal notices to tap into customers' communications, but some of those countries are actually tapping directly into their network, without any need for a warrant or any explanation. There are many countries like Albania, Egypt, Hungary, India , Malta, Qatar, Romania, South Africa and Turk

The US Justice Department (DOJ) is seeking a transition in the criminal rules that would make the authorities to have more leeway to secretly hack into the suspected criminals' computer during criminal investigations at any times in bunches. The proposed [ PDF ] change in the rules would make FBI to easily obtain warrants to secretly access suspects' computers for the evidence when the physical location of the computer is not known to them. The problem FBI and government agents increasingly face as more and more crime carried out is online, and with the help of online tools, it is easy to conceal identity of the criminal. " This proposal ensures that courts can be asked to review warrant applications in situations where it is currently unclear what judge has that authority ," Justice Department spokesman Peter Carr told Bloomberg . " The proposal makes explicit that it does not change the traditional rules governing probable cause and notice. " This new U.S. proposal

For the first time in history, Indian Law Enforcement Agency 'Central Bureau of Investigation' (CBI) has arrested a Cyber criminal after getting a tip-off from the US Federal Bureau of Investigation (FBI). 33-Year-old Amit Vikram Tiwari , son of an Indian Army colonel and an engineering dropout, who allegedly ran two websites offering services for hacking into email accounts was arrested on Friday from Pune city. According to the details submitted by FBI, he had compromised more than 1,000 Accounts around the world and offering illegal services for cracking email account login for $250 - $500 via two websites www.hirehacker.net and www.anonymiti.com hosted on U.S. Based servers. Amit received most of the payments from his Clients via Western Union Money Transfer or PayPal. During the investigation, police found several fictitious names of clients and bank account numbers in his computer. Initial investigation clarifies that he has clients in China, Romania, an

The TARGET Hack was not the only massive Data breach that happened during the last Black Friday, but also other three major US Retailers were also hacked. Recently, Neiman Marcus also confirmed a data breach that involves Credit card theft from its customers during the holiday shopping season, using similar techniques to the one that penetrated Target last month. Neiman Marcus has 79 stores and reported total sales of $1.1 Billion in the Q4 2013. Neiman Marcus revealed that its customers are at risk after hackers breached servers of the company and accessed the payment information of those who visited its stores. The company is working to inform customers whose cards have been used for fraudulent purchases, but differently from the case of retailer Target, the company hasn't provided information on the nature of data leaked and on the number of customer records exposed. Neiman Marcus spokesperson Ginger Reeder announced that the company does not yet know the cause, size or dur

Yet another American Internet privacy service has bitten the dust, prompted by fears about broad government surveillance demands. CryptoSeal, a Virtual private network (VPN) based in California has decided to shutter its privacy-conscious service rather than hand over its encryption keys to the U.S. Government. VPNs are secure tunnels to the Internet that allow users to mask their location, defeat regional restrictions, stay safe over public Wi-Fi connections, and maintain at least a modicum of privacy online. CryptoSeal is the latest company to voluntarily shut down its service after the U.S. Government's legal action against Lavabit, an email service used by former NSA contractor Edward Snowden. " With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated, " a notice reads on the company's website. " All cryptographic keys used in the operation of the service have been zerofilled...all records created incidental

The US government, particularly the National Security Agency  has been paying a French security firm for backdoors and zero day hacks. According to a contract newly released in response to a Freedom of Information request, last year the NSA purchased a 12-month subscription to a " binary analysis and exploits service " sold by Vupen, a zero-day Exploit Seller based in France. VUPEN is one of a handful of companies that sell software exploits and vulnerability details, who do original vulnerability research and develop exploits for bugs that they find. They Sold those exploits to the Governments and Law enforcement agencies. VUPEN has promised that the company only will sell its services to NATO countries and will not deal with oppressive regimes. It is unclear how much money the NSA spent on the Vupen exploits package because the cost has been redacted in the released contract. Last year, Vupen researchers successfully cracked Google's Chrome browser, but declined to

An Anonymous Hacker and Online hacktivist who was  responsible for hacking into the City of Springfield's website and others Police websites has been sentenced to 3 years in federal prison. John Anthony Borell III, a 22-year-old man from Ohio with the online handle @ItsKahuna started advertising his exploits using the Twitter and encouraged other hackers to crack websites as part of campaigns run by an Anonymous offshoot called CabinCr3w . Borell admitted to compromising the websites belongs to various Law Enforcement Agencies from Los Angeles, Syracuse, The official city site for Springfield, Missouri and many more.  He also exposed the names and private details of almost 500 police officers after using an automated script to carry out SQL injection attacks on websites belonging to the Utah Chiefs of Police and the Salt Lake City Police Department. Hacker denied involvement in the attacks on April 2012, but later he pleaded guilty to computer fraud charges and agreed to pay $22

Apple revealed on monday that it received between 4,000 and 5,000 data requests in six months from  U.S. law enforcement for user information and affected accounts. Apple said the most common forms of requests involved investigating robberies and other crimes.  Period between December 1, 2012 and May 31, 2013, federal, state and local law enforcement had requested customer information up to 5,000 times, related to between 9,000 and 10,000 accounts or devices. But the iPhone maker said it works vigorously to protect the privacy of its users and only provides information by court order.  " We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers' privacy as they expect and deserve, " statement from Apple. Apple doesn't provide some types of information either because the company doesn't retain it or because it is encrypted , the company said.  Apple also specified certain types of co

If you have followed the startling revelations about the scope of the US government's surveillance efforts, you may have thought you were reading about the end of privacy, and about the Enemies of the Internet. " My computer was arrested before I was ." a perceptive comment by an internet activist who had been arrested by means of online surveillance.  Online surveillance is a growing danger for journalists, bloggers, citizen-journalists and human rights defenders. Over the last few years, law enforcement agencies have been pushing for unprecedented powers of surveillance and access to your private online communications. This week the PRISM surveillance scandal has consumed the Internet as the implications of massive scale U.S. Government spying begin to sink in. The US National Security Organization (NSA) is almost certainly one of (if not the) most technologically sophisticated, well-funded and secretive organizations in the world. The Prism initiative was launched by Na

The security features built into Apple 's iOS software are so good that the police are unable to gain access to defendant's iPhones when they need to.  Companies like Apple and Google are being asked by law enforcement officials to bypass these protections to aid in investigations. Apple receives so many police demands to decrypt seized iPhones that it has created a waiting list to handle the deluge of requests. In one of the recent cases, according to court documents, the federal agents were baffled by the encrypted iPhone 4S of a man in Kentucky who was charged for supplying crack cocaine. CNET reports that ATF agent Rob Maynard spent three months trying to "locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock" an iPhone 4S. After everyone said that they did not have the capabilities, Maynard turned to Apple. Apple can reportedly bypass the security lock to get access to data on a phone, download it to an external devic