Russian security chief says Moscow will work with U.S. to find hackers

MOSCOW (Reuters) -Russia will work with the United States to track down cyber criminals, the head of the FSB security service said on Wednesday, a week after U.S. President Joe Biden and Russian President Vladimir Putin agreed to increase cooperation in certain areas.

“We will work together (on locating hackers) and hope for reciprocity,” the RIA news agency quoted FSB chief Alexander Bortnikov as saying at a security conference in Moscow.

Deputy Foreign Minister Sergei Ryabkov told an investor conference that Russia had been “able to establish a very thorough and down-to-earth exchange with the U.S. side” on cyber security.

Another senior ministry official said Moscow was awaiting an answer from Washington on starting consultations, TASS news agency reported.

Biden told Putin at the summit that certain critical infrastructure should be “off-limits” to cyber-attacks after hackers seeking ransom money triggered the brief closure of a major U.S. oil pipeline network.

Washington has said those responsible for some cyber-attacks in the United States have been working either directly for the Russian government or from Russian territory. The Kremlin has denied any state involvement.

Putin and Biden also agreed to embark on negotiations to lay the groundwork for arms control agreements and risk-reduction measures.

Defense Minister Sergei Shoigu said on Wednesday that Moscow had requested greater transparency about the deployment of missiles in Europe.

He said Putin had proposed measures such as a moratorium on the deployment of intermediate- and short-range missiles in Europe to build mutual trust. The Kremlin has accused NATO of dismissing the proposals.

“The overall situation in Europe is explosive, which requires concrete steps to de-escalate it,” Shoigu said. “We are ready to work towards this.”

Russia’s relations with the West are at post-Cold War lows, strained by issues ranging from Moscow’s 2014 annexation of Crimea from Ukraine to allegations of Russian hacking of U.S. elections.

(Reporting by Maria Kiselyova and Tom Balmforth; Writing by Olzhas Auyezov/Gabrielle Tétrault-Farber; Editing by Kevin Liffey)

Police dismantle world’s ‘most dangerous’ criminal hacking network

(Reuters) – International law enforcement agencies said on Wednesday they had dismantled a criminal hacking scheme used to steal billions of dollars from businesses and private citizens worldwide.

Police in six European countries, as well as Canada and the United States, completed a joint operation to take control of Internet servers used to run and control a malware network known as “Emotet,” authorities said in a statement.

“Emotet is currently seen as the most dangerous malware globally,” Germany’s BKA federal police agency said in a statement. “The smashing of the Emotet infrastructure is a significant blow against international organized Internet crime.”

Emotet is used by cyber criminals to first gain access to a victim’s computer before then downloading additional malicious software, such as trojans designed to steal banking passwords or ransomware which can lock a computer until an extortion fee is paid.

Security experts say Emotet’s operators often sell access to victims’ computers to other hackers, using a “malware-as-a-service” business model that has made them one of the world’s most prolific and damaging cybercrime groups.

German police said infections with Emotet had caused at least 14.5 million euros ($17.56 million) of damage in their country. Globally, Emotet-linked damages cost about $2.5 billion, Ukrainian authorities said.

Ukraine’s General Prosecutor said police had carried out raids in the eastern city of Kharkiv to seize computers used by the hackers. Authorities released photos showing piles of bank cards, cash and a room festooned with tangled computer equipment, but did not say if any arrests were made.

($1 = 0.8259 euros)

(Reporting by Zuzanna Szymanska in Gdansk, Pavel Polityuk in Kyiv and Jack Stubbs in London; Writing by Jack Stubbs; Editing by Bernadette Baum)

U.S. charges seven in wide-ranging Chinese hacking effort

WASHINGTON (Reuters) – The U.S. Justice Department said on Wednesday it has charged five Chinese residents and two Malaysian businessmen in a wide-ranging hacking effort that encompassed targets from video games to pro-democracy activists.

Federal prosecutors said the Chinese nationals had been charged with hacking more than 100 companies in the United States and abroad, including software development companies, computer manufacturers, telecommunications providers, social media companies, gaming firms, nonprofits, universities, think-tanks as well as foreign governments and politicians and civil society figures in Hong Kong.

U.S. officials stopped short of alleging the hackers were working on behalf of Beijing, but in a statement Deputy Attorney General Jeffrey Rosen expressed exasperation with Chinese authorities, saying they were – at the very least – turning a blind eye to cyber-espionage.

“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like minded states to enforce laws against computer intrusions,” Rosen said. “But they choose not to.”

He further alleged that one of the Chinese defendants had boasted to a colleague that he was “very close” to China’s Ministry of State Security and would be protected “unless something very big happens.”

“No responsible government knowingly shelters cyber criminals that target victims worldwide in acts of rank theft,” Rosen said.

The Chinese Embassy in Washington did not immediately return an email seeking comment. Beijing has repeatedly denied responsibility for hacking in the face of a mounting pile of indictments from U.S. authorities.

Along with the alleged hackers, U.S. prosecutors also indicted two Malaysian businessmen, Wong Ong Hua, 46, and Ling Yang Ching, 32, who were charged with conspiring with two of the digital spies to profit from computer intrusions targeting video game companies in the United States, France, Japan, Singapore and South Korea.

The Justice Department said the pair operated through a Malaysian firm called SEA Gamer Mall. Messages left with the company were not immediately returned. Messages sent to email addresses allegedly maintained by the hackers also received no immediate response.

U.S. Assistant Attorney General for National Security John Demers said on Wednesday that the Malaysian defendants were in custody but were likely to fight extradition.

The Justice Department said it has obtained search warrants this month resulting in the seizure of hundreds of accounts, servers, domain names and “dead drop” Web pages used by the alleged hackers to help siphon data from their victims.

The Department said Microsoft Corp. had developed measures to block the hackers and that the company’s actions “were a significant part” of the overall U.S. effort to neutralize them. Microsoft did not immediately return a message seeking comment.

(Reporting by David Shepardson, Susan Heavey, Raphael Satter and Mark Hosenball in Washington; Editing by Chizu Nomiyama and Matthew Lewis)

Explainer: What do you do after a data breach?

FILE PHOTO: The logo and ticker for Capital One are displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., May 21, 2018. REUTERS/Brendan McDermid/File Photo

(Reuters) – A hacker has stolen the personal information of over 100 million people from Capital One Financial Corp, the company said this week, in the latest high-profile breach of sensitive consumer data.

Security experts say data breaches will continue to happen as cyber criminals and state-backed hackers target the protected information held by companies and government agencies.

Such attacks leave consumers vulnerable to fraud and identity theft. Here are some steps you can take to assess the severity of the breach and better secure yourself:

WHAT WAS COMPROMISED?

Breaches often cover a wide range of data. Information which is already publicly available, such as your name or email address, is seen as less of a concern.

Other details, however, can be extremely sensitive and need to remain private. For example, full credit card numbers, which could be used to make fraudulent purchases in your name, or passwords for your online accounts.

Even if stolen, the data may still be protected by encryption. Hacks by foreign governments are also usually seen as less dangerous for general consumers compared to data thefts by financially-motivated criminal gangs because most spy agencies do not sell or trade such information.

Much of the information stolen from Capital One was already public, including names and addresses of over 100 million people in the United States and Canada. But the breach also included 140,000 Social Security numbers which could be used to steal people’s identities.

To assess the severity of the breach, try and determine what information was compromised and in what format it was stolen.

AM I AFFECTED?

Try to establish if your data is likely to have been compromised in the breach. Are you a customer of the affected company? Do you know what data they hold on you? Does the breach only concern data collected in a specific time period?

Answering those questions will allow you to judge the level of risk, but remember some organizations may hold your data without you being aware. Those include credit-reporting companies such as Equifax Inc <EFX.N>, which suffered a breach in 2017 that affected 147 million people.

Breached companies are usually obliged to notify the people who are impacted, but this does not always happen immediately. Affected companies will typically post guidance for consumers on their own websites about data breaches.

Under the European Union’s General Data Protection Regulation (GDPR), companies have to inform victims of severe data breaches “without undue delay.” They must then describe in “clear and plain language” the nature of the breach, the likely consequences and what measures being taken to deal with it.

IS THIS A SCAM?

If you think you data was compromised, be on high alert for scams and fraud.

Watch your bank account balances and payment card statements carefully, especially if you believe your financial information has been compromised. If you spot any unusual activity, contact your bank or card provider immediately and inform the appropriate law enforcement agency.

Be aware of so-called “phishing” websites purporting to offer information about the breach, or even compensation, but actually set up by criminals to try and trick you into revealing more personal details or making a payment to the wrong account.

Fraudsters may also contact you directly, by phone or email, and could now be armed with large amounts of detailed personal information which will make them harder to spot. If you’re unsure about someone’s identity, find the affected company’s contact information and contact them independently.

Experts recommend changing passwords frequently and using a combination of letters, characters and symbols to maintain a complex passphrase that is less likely to be guessed.

(Reporting by Jack Stubbs and Christopher Bing; Editing by Jonathan Weber and Susan Thomas)

‘Jackpotting’ hackers steal over $1 million from ATM machines across U.S.: Secret Service

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017.

By Dustin Volz

WASHINGTON (Reuters) – A coordinated group of hackers likely tied to international criminal syndicates has pilfered more than $1 million by hijacking ATM machines across the United States and forcing them to spit out bills like slot machines dispensing a jackpot, a senior U.S. Secret Service official said on Monday.

Within the past few days there have been about a half-dozen successful “jackpotting” attacks, the official said.

The heists, which involve hacking ATMs to rapidly shoot out torrents of cash, have been observed across the United States spanning from the Gulf Coast in the southern part of the country to the New England region in the northeast, Matthew O’Neill, a special agent in the criminal investigations division, told Reuters in an interview.

The spate of attacks represented the first widespread jackpotting activity in the United States, O’Neill said. Previous campaigns have been spotted in parts of Europe and Latin America in recent years.

“It was just a matter of time until it hit our shores,” O’Neill said.

Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM makers, warned last week that cyber criminals are targeting ATMs with tools needed to carry out jackpotting schemes.

The Diebold Nixdorf alert described steps that criminals had used to compromise ATMs. They include gaining physical access, replacing the hard drive and using an industrial endoscope to depress an internal button required to reset the device.

A confidential U.S. Secret Service alert seen by Reuters and sent to banks on Friday said machines running XP were more vulnerable and encouraged ATM operators to update to Windows 7 to protect against the attack, which appeared to be targeting ATMs typically located in pharmacies, big box retailers and drive-thrus.

While initial intelligence suggested only ATMs running on outdated Windows XP software were being targeted, the Secret Service has seen successful attacks within the past 48 hours on machines running updated Windows 7, O’Neil said.

“There isn’t one magic solution to solve the problem,” he said.

A local electronic crimes task force in the Washington, D.C., metropolitan area first reported an unsuccessful jackpotting attempt last week, O’Neill said.

A few days later another local partner witnessed similar activity and “developed intelligence” that indicated a sustained, coordinated attack was likely to occur over the next two weeks, O’Neill said. He declined to say where that partner was located.

Jackpotting has been rising worldwide in recent years, though it is unclear how much cash has been stolen because victims and police often do not disclose details.

(Reporting by Dustin Volz in Washington, D.C.; Editing by David Gregorio)

Cyber extortion demands surge as victims keep paying: Symantec

A man walks past a display of hexadecimal code in a file photo. REUTERS/Nigel Treblin

By Alastair Sharp

TORONTO (Reuters) – Hackers are demanding increasingly hefty ransoms to free computers paralyzed with viruses, as cyber criminals seek to maximize profits from large numbers of victims willing to pay up, according to cyber security firm Symantec Corp.

The average demand embedded in such malicious software, which is known as ransomware, more than tripled last year to $1,077 from $294, and the pricing has continued to rise in 2017, according to Symantec.

“The bad guys haven’t found the top end of what people will pay,” Symantec Director of Security Response Kevin Haley said in a telephone interview.

Symantec said 69 percent of ransomware infections in 2016 hit consumer computers, with the remainder targeting businesses and other organizations.

More than a third of consumer ransomware victims around the globe pay cyber criminals to regain access to their data, according to Symantec. In the United States, where such attacks are most prevalent, 64 percent pay.

“If six out of ten people will pay your ransom when it’s three hundred bucks, you’re thinking ‘What if I raise it to four hundred? What if I raise to five hundred?'” Haley said.

The surge in cyber extortion has been fueled partly by the sale of ransomware kits, which sell for $10 to $1,800 on underground markets and make it easy for wannabe cyber crooks to get in the business, according to Symantec.

One kit, known as Shark, lets users name their demand, which its creators collect from victims and pass on to attackers, minus a 20 percent commission.

Ransomware attacks have increased sharply over the past year, with criminals targeting hospitals, police departments and other providers of critical services in the United States and Europe.

In some cases, the attacks have interrupted critical public services.

U.S. and European hospitals have been forced to divert patients to other facilities when ransomware paralyzed computer systems.

Local police have been forced to manually dispatch calls, and San Francisco’s public transit system was unable to collect fares for a weekend during the busy Christmas shopping season.

(Reporting by Alastair Sharp; Editing by Steve Orlofsky; Editing by Jim Finkle and Steve Orlofsky)