Hackers claim to have obtained 327,268 files from law enforcement and are holding the data ransom

us-marshall-hacker-top-secret

Important Takeaways:

  • A ransomware gang claims it hacked the U.S. Marshals Service and is threatening to release data that includes “Top Secret” documents.
  • In a recent post to its site on the dark web, the cybercrime group known as Hunters International added the law enforcement agency to its list of alleged victims, alongside a countdown timer set for roughly two days.
  • The posting, as viewed by the Daily Dot, claims that 386 GB of data, made up of 327,268 files, were obtained in the breach. Screenshots of the purported data suggest the leak includes dossiers on gang members and their mugshots, files marked “Confidential” and “Top Secret,” as well as files from the FBI.
  • One such top-secret document appears to be a report from the Organized Crime Drug Enforcement Task Group. A document under the FBI label is listed as a white paper on Instagram from the National Domestic Communications Assistance Center, a hub containing collective technical knowledge and resources of law enforcement.
  • Other screenshots reference electronic surveillance, ongoing cases, and documents related to “Operation Turnbuckle,” the name of a law enforcement effort that saw the takedown of alleged drug traffickers in 2022.
  • The posting does not indicate that the criminal organization encrypted any files belonging to the U.S. Marshals Service, but instead, based on the countdown timer, is seeking a ransom from the government entity in order to not leak or sell the data.

Read the original article by clicking here.

Thailand unveils ‘anti-fake news’ center to police the internet

Thailand unveils ‘anti-fake news’ center to police the internet
By Patpicha Tanakasempipat

BANGKOK (Reuters) – Thailand unveiled an “anti-fake news” center on Friday, the Southeast Asian country’s latest effort to exert government control over a sweeping range of online content.

The move came as Thailand is counting on the digital economy to drive growth amid domestic political tensions, following a March election that installed its junta leader since 2014 as a civilian prime minister.

Thailand has recently pressed more cybercrime charges for what it says is misinformation affecting national security. Such content is mostly opinion critical of the government, the military or the royal family.

Minister of Digital Economy and Society Puttipong Punnakanta broadly defined “fake news” as any viral online content that misleads people or damages the country’s image. He made no distinction between non-malicious false information and deliberate disinformation.

“The center is not intended to be a tool to support the government or any individual,” Puttipong said on Friday before giving reporters a tour.

The center is set up like a war room, with monitors in the middle of the room showing charts tracking the latest “fake news” and trending Twitter hashtags.

It is staffed by around 30 officers at a time, who will review online content – gathered through “social listening” tools – on a sweeping range of topics from natural disasters, the economy, health products and illicit goods.

The officers will also target news about government policies and content that broadly affects “peace and order, good morals, and national security,” according to Puttipong.

If they suspect something is false, they will flag it to relevant authorities to issue corrections through the center’s social media platforms and website and through the press.

Rights groups and media freedom advocates were concerned the government could use the center as a tool for censorship and propaganda.

“In the Thai context, the term ‘fake news’ is being weaponized to censor dissidents and restrict our online freedom,” said Emilie Pradichit, director of the Thailand-based Manushya Foundation, which advocates for online rights.

Pradichit said the move could be used to codify censorship, adding the center would allow the government to be the “sole arbiter of truth”.

Transparency reports from internet companies such as Facebook and Google show Thai government requests to take down content or turn over information have ramped up since the military seized power in 2014.

A law prohibiting criticism of the monarchy has often been the basis for such requests for Facebook. In Google’s cases, government criticism was the main reason cited for removal of content.

(Reporting by Patpicha Tanakasempipat; Editing by Kay Johnson and Frances Kerry)

Lesser-known North Korea cyber-spy group goes international: report

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017. REUTERS/Thomas White/Illustration

By Eric Auchard

FRANKFURT (Reuters) – A North Korean cyber espionage group previously known only for targeting South Korea’s government and private sector deepened its sophistication and hit further afield including in Japan and the Middle East in 2017, security researchers said on Tuesday.

Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world. North Korea rejects accusations it has been involved in hacking.

U.S. cyber security firm FireEye said the state-connected Reaper hacking organization, which it dubbed APT37, had previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 global WannaCry attacks.

APT37 had spied on South Korean targets since at least 2012 but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.

The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs – previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said.

“Our concern is that their (international) brief may be expanding, along with their sophistication,” Hultquist said.

“We believe this is a big thing”.

APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or financial cyber crime, as Lazarus Group and other similar hacking groups have been shown to engage in order to raise funds for the regime, it said.

The group appears to be connected to attack groups previously described as ScarCruft by security researchers at Kaspersky and Group123 by Cisco’s Talos unit, FireEye said.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests,” the security report said.

From 2014 until 2017, APT37 concentrated mainly on South Korean government, military, defense industrial organizations and the media sector, as well as targeting North Korean defectors and human rights groups, the report said.

Since last year, its focus has expanded to include an organization in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.

Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

FireEye declined to name the firm involved, but Egypt’s Orascom <OTMT.CA> provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.

Asked for comment, a spokeswoman for Orascom said she had no immediate knowledge of the matter and was looking into it.

(Reporting by Eric Auchard, and Nadine Awadalla in Cairo, Editing by William Maclean)

TruNews: Charges In Massive Cyberattacks against JPMorgan Chase & Co

TRUNEWS – Prosecutors have announced criminal charges for three men accused of helping to run a series of hacking and fraud schemes, including an attack in 2014 against JPMorgan Chase & Co that generated hundreds of millions of dollars in illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein are named in a 23-count indictment, the three are accused of crimes involving at least nine financial services companies and media outlets, as well as online casinos, payment processing for criminals, and an illegal bitcoin exchange.

A fourth man, Anthony Murgio, is also named in the bitcoin exchange scam.

The charges are the first to be connected to the attack on JPMorgan, in which 83 million customers had their personal data accessed; prosecutors are calling it the largest theft of customer data from a US financial institution.

Other companies who were affected include E Trade  Financial, which says it’s contacted some 31,000 customers who may have been affected.

JPMorgan says it continues to work with authorities in an effort to fight further cybercrimes.