in brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time (so far) this year.…
This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others.…
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit.…
The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers
The post APTs target MSP access to customer networks – Week in security with Tony Anscombe appeared first on WeLiveSecurity
The city of Dallas, Texas, is working to restore city services following a ransomware attack that crippled its IT systems.…
Capita is telling pension customers that some data contained within its systems was potentially accessed when criminals broke into the outsourcing giant's tech infrastructure earlier this year.…
Updated The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts.…
The National Computer Virus Emergency Response Center of China and local infosec outfit 360 Total Security have conducted an investigation called "The Matrix" that found the CIA conducts offensive cyber ops, and labelled the United States an "Empire of Hacking".…
The U.S. government this week put a $10 million bounty on a Russian man who for the past 18 years operated Try2Check, one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov‘s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.
Denis Kulkov, a.k.a. “Nordex,” in his Ferrari. Image: USDOJ.
Launched in 2005, Try2Check soon was processing more than a million card-checking transactions per month — charging 20 cents per transaction. Cybercriminals turned to services like this after purchasing stolen credit card data from an underground shop, with an eye toward minimizing the number of cards that are inactive by the time they are put to criminal use.
Try2Check was so reliable that it eventually became the official card-checking service for some of the underground’s most bustling crime bazaars, including Vault Market, Unicc, and Joker’s Stash. Customers of these carding shops who chose to use the shop’s built-in (but a-la-carte) card checking service from Try2Check could expect automatic refunds on any cards that were found to be inactive or canceled at the time of purchase.
Many established stolen card shops will allow customers to request refunds on dead cards based on official reports from trusted third-party checking services. But in general, the bigger shops have steered customers toward using their own white-labeled version of the Try2Check service — primarily to help minimize disputes over canceled cards.
On Wednesday, May 3, Try2Check’s websites were replaced with a domain seizure notice from the U.S. Secret Service and U.S. Department of Justice, as prosecutors in the Eastern District of New York unsealed an indictment and search warrant naming Denis Gennadievich Kulkov of Samara, Russia as the proprietor.
Try2Check’s login pages have been replaced with a seizure notice from U.S. law enforcement.
At the same time, the U.S. Department of State issued a $10 million reward for information leading to the arrest or conviction of Kulkov. In November 2021, the State Department began offering up to to $10 million for the name or location of any key leaders of REvil, a major Russian ransomware gang.
As noted in the Secret Service’s criminal complaint (PDF), the Try2Check service was first advertised on the closely-guarded Russian cybercrime forum Mazafaka, by someone using the handle “KreenJo.” That handle used the same ICQ instant messenger account number (555724) as a Mazafaka denizen named “Nordex.”
In February 2005, Nordex posted to Mazafaka that he was in the market for hacked bank accounts, and offered 50 percent of the take. He asked interested partners to contact him at the ICQ number 228427661 or at the email address polkas@bk.ru. As the government noted in its search warrant, Nordex exchanged messages with forum users at the time identifying himself as a then-24-year-old “Denis” from Samara, RU.
In 2017, U.S. law enforcement seized the cryptocurrency exchange BTC-e, and the Secret Service said those records show that a Denis Kulkov from Samara supplied the username “Nordexin,” email address nordexin@ya.ru, and an address in Samara.
Investigators had already found Instagram accounts where Kulkov posted pictures of his Ferrari and his family. Authorities were able to identify that Kulkov had an iCloud account tied to the address nordexin@icloud.com, and upon subpoenaing that found passport photos of Kulkov, and well as more photos of his family and pricey cars.
Like many other top cybercriminals based in Russia or in countries with favorable relations to the Kremlin, the proprietor of Try2Check was not particularly difficult to link to a real-life identity. In Kulkov’s case, it no doubt was critical to U.S. investigators that they had access to a wealth of personal information tied to a cryptocurrency exchange Kulkov had used.
However, the link between Kulkov and Try2Check can be made — ironically — based on records that have been plundered by hackers and published online over the years — including Russian email services, Russian government records, and hacked cybercrime forums.
Kulkov posing with his passport, in a photo authorities obtained by subpoenaing his iCloud account.
According to cybersecurity firm Constella Intelligence, the address polkas@bk.ru was used to register an account with the username “Nordex” at bankir[.]com, a now defunct news website that was almost standard reading for Russian speakers interested in news about various Russian financial markets.
Nordex appears to have been a finance nerd. In his early days on the forums, Nordex posted several long threads on his views about the Russian stock market and mutual fund investments.
That Bankir account was registered from the Internet address 193.27.237.66 in Samara, Russia, and included Nordex’s date of birth as April 8, 1980, as well as their ICQ number (228427661).
Cyber intelligence firm Intel 471 found that Internet address also was used to register the account “Nordex” on the Russian hacking forum Exploit back in 2006.
Constella tracked another Bankir[.]com account created from that same Internet address under the username “Polkas.” This account had the same date of birth as Nordex, but a different email address: nordia@yandex.ru. This and other “nordia@” emails shared a password: “anna59.”
Nordia@yandex.ru shares several passwords with nordia@list.ru, which Constella says was used to create an account at a religious website for an Anna Kulikova from Samara. At the Russian home furnishing store Westwing.ru, Ms. Kulikova listed her full name as Anna Vnrhoturkina Kulikova, and her address as 29 Kommunistrecheskya St., Apt. 110.
A search on that address in Constella brings up a record for an Anna Denis Vnrhoturkina Kulkov, and the phone number 879608229389.
Russian vehicle registration records have also been hacked and leaked online over the years. Those records show that Anna’s Apt 110 address is tied to a Denis Gennadyvich Kulkov, born April 8, 1980.
The vehicle Kolkov registered in 2015 at that address was a 2010 Ferrari Italia, with the license plate number K022YB190. The phone number associated with this record — 79608229389 — is exactly like Anna’s, only minus the (mis?)leading “8”. That number also is tied to a now-defunct Facebook account, and to the email addresses nordexin@ya.ru and nordexin@icloud.com.
Kulkov’s Ferrari has been photographed numerous times over the years by Russian car aficionados, including this one with the driver’s face redacted by the photographer:
The Ferrari owned by Denis Kulkov, spotted in Moscow in 2016. Image: Migalki.net.
As the title of this story suggests, the hard part for Western law enforcement isn’t identifying the Russian cybercriminals who are major players in the scene. Rather, it’s finding creative ways to capture high-value suspects if and when they do leave the protection that Russia generally extends to domestic cybercriminals within its borders who do not also harm Russian companies or consumers, or interfere with state interests.
But Russia’s war against Ukraine has caused major fault lines to appear in the cybercrime underground: Cybercriminal syndicates that previously straddled Russia and Ukraine with ease were forced to reevaluate many comrades who were suddenly working for The Other Side.
Many cybercriminals who operated with impunity from Russia and Ukraine prior to the war chose to flee those countries following the invasion, presenting international law enforcement agencies with rare opportunities to catch most-wanted cybercrooks. One of those was Mark Sokolovsky, a 26-year-old Ukrainian man who operated the popular “Raccoon” malware-as-a-service offering; Sokolovsky was apprehended in March 2022 after fleeing Ukraine’s mandatory military service orders.
Also nabbed on the lam last year was Vyacheslav “Tank” Penchukov, a senior Ukrainian member of a transnational cybercrime group that stole tens of millions of dollars over nearly a decade from countless hacked businesses. Penchukov was arrested after leaving Ukraine to meet up with his wife in Switzerland.
It's a bit of a mixed bag this week with a very light-hearted look at the death of the browser padlock icon (which has been replaced by an icon that looks like a sex act), and a much more serious discussion about divorce. It took a long time to write and be ready to publish that blog post, many years in fact, but I'm so glad I did. You don't have to scroll far through the responses to the launch tweet or the comments on the blog itself to get a sense of how it's impacted people, and as I said in the very opening of the post, this sort of openness tends to be really well received. Wherever you are in your own stage of life, I hope you enjoying reading that post and share it generously with those for whom it might just make a real difference.
Joe Sullivan won't serve any serious time behind bars for his role in covering up Uber's 2016 computer security breach and trying to pass off a ransom payment as a bug bounty.…
The US Federal Trade Commission is preparing to take action against Facebook parent company Meta for a third time over claims it failed to protect user privacy, as required under a 2020 agreement Meta made with the regulator.…
For Murray Green, working for a company that is a steward of critical internet infrastructure is a mission that he can get behind. Green, a senior engineering manager at Verisign, is a U.S. Army veteran who served during Operation Desert Storm and sees stewardship as a lifelong mission. In both roles, he has stayed focused on the success of the mission and cultivating great teamwork.
Teamwork is something that Laura Street, a software engineer and U.S. Air Force veteran, came to appreciate through her military service. It was then that she learned to appreciate how people from different backgrounds can work together on missions by finding their commonalities.
While military and civilian roles are very different, Verisign appeals to many veterans because of the mission-driven nature of the work we do.
Green and Street are two of the many veterans who have chosen to apply their military experience in a civilian career at Verisign. Both say that the work is not only rewarding to them, but to anyone who depends on Verisign’s commitment in helping to maintain the security, stability, and resiliency of the Domain Name System (DNS) and the internet.
At Verisign, we celebrate Military Appreciation Month by paying tribute to those who have served and recognizing how fortunate we are to work alongside amazing veterans whose contributions to our work provide enormous value.
Before joining the military, Murray Green studied electrical engineering but soon realized that his true passion was computer science. Looking for a way to pay for school and explore and excel as a Programmer Analyst, he turned to the U.S. Army.
He served more than four years at the Walter Reed Army Medical Center in Washington as the sole programmer for military personnel, using a proprietary language to maintain a reporting system that supplied data analysis. It was a role that helped him recognize the importance of data to any mission – whether for the U.S. Army or a company like Verisign.
At Walter Reed, he helped usher in the age of client-server computing, which dramatically reduced data processing time. “Around this time, personal computers connected to mini servers were just coming online so, using this new technology, I was able to unload data from the mainframe and bring it down to minicomputers running programs locally, which resulted in tasks being completed without the wait times associated with conventional mainframe computing,” he said. “I was there at the right time.”
His work led him to receive the Meritorious Service Medal, recognizing his expertise in the proprietary programming language that was used to assist in preparation for Operation Desert Storm, the first mobilization of U.S. Army personnel since Vietnam.
In the military, he also came to understand the importance of leadership – “providing purpose, direction, and motivation to accomplish the mission and improve the organization.”
Green has been at Verisign for over 20 years, starting off in the registry side of the business. In that role, he helped maintain the .com/.net top level-domain (TLD) name database, which at the time, held 5 million domain names. Today, he still oversees this database, managing a highly skilled team that has helped provide uninterrupted resolution service for .com and .net for over a quarter of a century.
Street had been in medical school, looking for a way to pay for her continued education, when she heard about the military’s Health Professional Scholarship Program and turned to the U.S. Air Force.
“I met some terrific people in the military,” she said. “My favorite experiences involved working with people who cared about others and were able to motivate them with positivity.” But it was the sense of teamwork she encountered in the military that left a lasting impression.
“There’s a sense of accountability and concern for others,” she said. “You help one another.”
While working in the Education and Training department, she had been working with a support team to troubleshoot a video that wasn’t loading properly and was impressed with how the developers worked to fix the problem. She immediately took an interest in programming and enrolled in night classes at a local community college. After completing her service in the U.S. Air Force, she went back to school to pursue a bachelor’s degree in computer science.
She’s been at Verisign for two years and, while the job itself is rewarding because it taps into so many of her interests – from Java programming to network protection and packet analysis – it was the chemistry with the team that was most enticing about the role.
“I felt as at-ease as one can possibly feel during a technical interview,” she said. “I got the sense that these were people who I would want to work with.
Street credits the military for teaching her valuable communication and teamwork skills that she continues to apply in her role, which focuses on keeping the .com and .net top-level-domains available around the clock, around the world.
Both Green and Street encourage service members to stay focused on the success of their personal missions and the teamwork they learned in the military, and to leverage those skills in the civilian world. Use your service as a selling point and understand that companies value that background more than you think, they said.
“Being proud of the service we provide to others and paying attention to details allows us at Verisign to make a global difference,” Green said. “The veterans on our team bring an incredible skillset that is highly valued here. I know that I’m a part of an incredible team at Verisign.”
Verisign is proud to create career opportunities where veterans can apply their military training. To learn more about our current openings, visit Verisign Careers.
The post Verisign Honors Vets in Technology For Military Appreciation Month appeared first on Verisign Blog.
Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization
The post Creating strong, yet user‑friendly passwords: Tips for your business password policy appeared first on WeLiveSecurity