Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybercrime

Regin: Top-tier espionage tool enables stealthy surveillance

Symantec Security Response: ” An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.  An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals. It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state. As outlined in a new technical whitepaper from Symantec, Backdoor. Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage.  Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”

Executive Order – Improving the Security of Consumer Financial Transactions

“Given that identity crimes, including credit, debit, and other payment card fraud, continue to be a risk to U.S. economic activity, and given the economic consequences of data breaches, the United States must take further action to enhance the security of data in the financial marketplace. While the U.S. Government’s credit, debit, and other paymentContinue Reading

State Department Tweets After Cyberattack

“To reach the State Dept Press Office today please call the Press Office main number at 202.647.2492. Or e-mail [email protected]” Via The Atlantic: “The State Department confirmed on Monday that hackers breached its unclassified email system. The White House, the Postal Service, and NOAA have also been compromised in recent weeks.”

WaPo – Chinese hack U.S. weather systems, satellite network

Mary Pat Flaherty, Jason Samenow and Lisa Rein: “Hackers from China breached the federal weather network recently, forcing cybersecurity teams to seal off data vital to disaster planning, aviation, shipping and scores of other crucial uses, officials said. The intrusion occurred in late September but officials gave no indication that they had a problem until Oct. 20,Continue Reading

Home Depot Reports Findings in Payment Data Breach Investigation

News release: “The Home Depot®, the world’s largest home improvement retailer, today disclosed additional findings related to the recent breach of its payment data systems. The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company’s third-party IT security experts. Additional Investigation Details Disclosed – InContinue Reading

Cyber resilience in financial market infrastructures

Bank for International Settlements: “Given the critical role that financial market infrastructures (FMIs) play in promoting the stability of the financial system, the Committee on Payments and Market Infrastructures (CPMI) has sought to understand the current cyber risks faced by FMIs and their level of readiness to effectively deal with worst case scenarios. The reportContinue Reading

Defining Criticality in a Networked World

Fleming, Matthew H. and Goldstein, Eric and Abott, Stephen and Bromberger, Seth and Kendall, Joseph, Defining Criticality in a Networked World: Implications of the Use of Information and Communications Technology for Efforts to Promote the Security and Resilience of Critical Infrastructure (January 17, 2014). Available for download at SSRN: http://ssrn.com/abstract=2519887 “Current approaches to critical infrastructureContinue Reading

Postal Service Statement on Cyber Intrusion Incident

“The Postal Service has recently learned of a cyber security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federalContinue Reading

FBI Seeks Expanded Access to Surveil Computers Around the World

Ed Pilkington – The Guardian: “The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement in order to seize significant new powers to hack into and carry out surveillance of computers throughout the US and around the world. Civil liberties groups warn that the proposed rule change amountsContinue Reading

Arrested – Mastermind of Silk Road Drug Sales Dark Web

ELIAS GROLL – Foreign Policy: “According to the criminal complaint filed in a New York federal court detailing charges against him, Benthall was easily identified once federal authorities discovered a server used to run Silk Road 2.0. His email address gave away his name and was listed on several publicly available social media profiles, including his accountContinue Reading

Map of Industrial Control Systems on the Internet

“What is an Industrial Control System? In a nutshell, Industrial control systems (ICS) are computers that control the world around you. They’re responsible for managing the air conditioning in your office, the turbines at a power plant, the lighting at the theatre or the robots at a factory. Power Plants on the Internet? Really? You’d beContinue Reading

Steganography in Modern Smartphones and Mitigation Techniques

“By offering sophisticated services and centralizing a huge volume of personal data, modern smartphones changed the way we socialize, entertain and work. To this aim, they rely upon complex hardware/software frameworks leading to a number of vulnerabilities, attacks and hazards to profile individuals or gather sensitive information. However, the majority of works evaluating the securityContinue Reading