Tag: russia

Russian hackers steal $10 million from ATMs through bank networks

The recent rash of bank system hacks goes deeper than you might have thought -- it also includes stealing cash directly from ATMs. Researchers at Group-iB have published details of MoneyTaker, a group of Russian hackers that has stolen close to $10 million from American and Russian ATMs over the past 18 months. The attacks, which targeted 18 banks (15 of which were American), compromised interbank transfer systems to hijack payment orders -- "money mules" would then withdraw the funds at machines.

The first known attack was in the spring of 2016, when MoneyTaker hit First Data's STAR network (the largest transfer messaging system for ATMs in the US). They also compromised Russia's AW CRB network, and swiped documents for OceanSystems' Fed Link system used by roughly 200 banks across the Americas. And in some cases, the group stuck around after the initial heist -- at least one US bank's documents were stolen twice, while the perpetrators kept spying on Russian bank networks.

While it's not clear who's behind MoneyTaker, you're only hearing about them now because they're particularly clever. They've repeatedly switched their tools and methods to bypass software, and have taken care to erase their tracks. For instance, they've 'borrowed' security certificates from the US federal government, Bank of America, Microsoft and Yahoo. One Russian bank did manage to spot an attack and return some of the ill-gotten gains.

This particular hack didn't directly affect users, since it was more about intercepting bank-to-bank transfers than emptying personal accounts. However, it illustrates both the sophistication of modern bank hacks and the vulnerability of the banks themselves. While it would be difficult to completely prevent hacks, it's clear that attackers are having a relatively easy time making off with funds and sensitive data.

Via: Reuters

Source: Group-iB (reg. required)

Recommended Reading: Making a shed a top-rated destination on TripAdvisor

I Made My Shed the Top Rated Restaurant On TripAdvisor
Oobah Butler,

If you've ever wondered just how many reviews on sites like TripAdvisor are fake, you're not alone. One writer took maters into their own hands to prove the extent of the issue by creating a fake restaurant in a backyard. Once it became popular on the site though, things escalated quickly.

How the Kremlin Tried to Pose as American News Sites on Twitter
Selina Wang, Bloomberg

Russia's fake news efforts around the 2016 election included posting at local news outlets on Twitter.

The Problem with Muzak
Liz Pelly, The Baffler

A detailed look at Spotify's effect on the music industry and how its algorithms and discovery tools are shaping creativity.

Russian Twitter bots are reportedly helping #NoRussiaNoGames push

It's both terrifying and fascinating how well Russia uses Twitter to influence the perception of world events. Operatives from the country have supported Trump and Brexit and positioned propaganda that was eventually shared by major news outlets. Now it seems that Russian propagandists are hard at work amplifying an actual hashtag campaign (#NoRussiaNoGames) against the ban of Russian athletes from the upcoming Olympic games.

Researcher Ben Nimmo of Washinton, DC-based Digital Forensic Research Lab analyzed the traffic around the issue and found that while initially genuine, the huge upswell in the number of posts with the hashtag is likely thanks to Russian state-sponsored bots and trolls. The hashtag first appeared on a Russian social network as an appeal by a St Petersburg boy protesting lifetime bans on his country's cross-country skiers for alleged violations of Olympic doping policies. It exploded on Twitter after the International Olympic Committee banned Russia from the upcoming games this past week.

"What we've got here is a small but genuine hashtag campaign, which is being exaggerated and amplified by Russian state propaganda outlets to make it look like the campaign is huge and an upwelling of popular anger," Nimmo told Reuters. "It's a good human interest story, it's an emotional boy saying how terrible unfairly Russia is being treated. It fits the state narrative perfectly." We've reached out to Twitter for comment and will update this post when we hear back.

Source: Reuters

Ex-NSA worker pleads guilty to taking data involved in Russian hack

The NSA hasn't been having the best week when it comes to security, but it's getting at least some closure. A former employee, now known as Nghia Pho, has pleaded guilty to bringing home classified data that was later stolen in a hack linked to Russian intelligence. Pho is expected to face prison time when he's sentenced on April 6th, but prosecutors have capped the maximum penalty to 8 years (versus the typical 10) and are open to calls for a lighter sentence given the non-malicious nature of the case.

Pho took a mix of digital and physical info home between 2010 and 2015. According to New York Times sources, he was using it to rewrite his resume -- this was intentional, but not spiteful. The Russian hackers reportedly exploited the Kaspersky antivirus software on his PC to take data, but it's not clear that Kaspersky was aware of what happened. The company previously acknowledged that it briefly held some NSA data, but there's no word on whether or not it held that data.

The plea is only going to help so much when the NSA has bigger fish to fry, such as the Shadow Brokers leaks (there's no indication that Pho is connected). It does show that the agency is racing to crack down on the multiple leaks it has suffered over recent months and years, however. The effort might also serve as a warning shot to NSA staff that may be tempted to leave with data, even if it's for innocuous reasons.

Via: New York Times

Source: Department of Justice

FBI failed to warn officials about Russian email hackers

It's no longer a secret that Russian hackers have targeted the personal email accounts of American officials, but the FBI was apparently less than vigilant in giving these targets a heads-up. The AP has discovered through interviews that, out of nearly 80 people Russia's Fancy Bear team tried to compromise (mainly in 2015), only two had been told by the FBI -- even though the bureau reportedly had evidence for a year or more. In a few cases, the AP chat was the first time the victims learned they were in the crosshairs.

For its part, the FBI's only official response is that it "routinely notifies" people and organizations of threats. Off the record, however, an unofficial source told the AP that the FBI struggles to cope with the volume of potential targets and had to prioritize alerts "to the best of our ability."

Whether or not that claim holds water is another matter. Although the hit list (obtained thanks to Secureworks poring through targeting data) was daunting with over 500 US-based targets, there doesn't appear to be evidence that the FBI launched a significant effort to warn those people and organizations. And there's the problem: while it's hard to know if the FBI could have notified all 500 in a timely manner, there doesn't appear to have been a concerted attempt to try.

It's not certain how much damage Russia's email attack actually caused. The targets had to have opened questionable links and otherwise fallen prey, and some hadn't occupied sensitive posts for years. However, the findings suggest that the FBI didn't always have a sense of urgency when dealing with Russia's coordinated hacking campaigns, and may not have taken them more seriously until the 2016 presidential election made clear they were a serious problem.

Source: AP News

Uber gets the go-ahead for its Russian merger

Uber's merger with Yandex's taxi service is effectively a done deal. Russian antitrust regulators have approved the union between the two ride-hailing companies, clearing the way for its expected completion in January 2018. The deal gives Yandex majority control (59.3 percent), but prevents the newly united companies from blocking drivers, partners or passengers from getting involved with rival services.

When the merger does finalize, Uber and Yandex will be interchangeable: either company's app will let you book rides, and drivers can accept either service's ride requests.

The alliance represents Uber's second withdrawal from direct competition in as many years, following its Chinese division's merger with Didi Chuxing in 2016. And in both cases, there were similar reasons to bow out: Uber struggled against both an incumbent and its own troubles (whether finances, regulation or protests) in the area. A merger with the local heavyweight lifts some of that burden for Uber while maintaining a stake it wouldn't have if it exited the market.

Via: Bloomberg

Source: Federal Antimonopoly Service

Google will downrank Russian state news agencies

The extent to which fake news is propagating the internet has become increasingly clear in recent months. In October Facebook revealed some 3,000 politically-charged adverts had been placed in crucial swing states in the US, while Freedom House this month demonstrated that governments in no less than 30 countries are creating content to distort the digital landscape in their favour. Russia's influence appears time and again in these stories, and Google is now preparing to take action by "de-ranking" the Russian news sites it believes is at the heart of the issue.

Eric Schmidt, the chief executive of Google's parent company Alphabet, says the problem is largely down to Russia Today and Sputnik, and that the company is "trying to engineer the systems to prevent it". Speaking at an event in Halifax, Canada, he said that Russia's disinformation strategy should prove easy to tackle as it hinges on "amplification around a message", and that such patterns can be detected and therefore "taken down or deprioritised". He firmly denied simply banning the news sites, saying the focus is on using Google's skill in algorithms and ranking. "We don't want to ban the sites. That's not how we operate. I am strongly not in favor of censorship. I am very strongly in favor of ranking. It's what we do."

Russia Today's editor-in-chief Margarita Simonyan issued a statement in response to Schmidt's comments, saying that Google's own internal review system didn't find any wrongdoing on Russia Today's behalf. "His colleagues admitted three weeks ago that RT did not violate any rules of the platform," she said.

Schmidt's proposed solution to the fake news epidemic seems overly simplified given the pervasive and complex nature of the issue. If it were that easy to combat, surely the problem wouldn't have reached the extent it has. Plus, some might argue that purposefully deprioritising certain sites or stories is a kind of censorship in itself. Finding the line between preventing harmful disinformation and censorship is one of the biggest quandaries facing the digital age so it seems unlikely it'll be solved by a simple algorithm.

Via: The Guardian

Facebook will alert you if you liked a fake Russian account

As part of its ongoing transparency efforts on Russian activity, Facebook today revealed that it will soon let users find out if they liked or followed pages created by the Internet Research Agency between January 2015 and August 2017. The company said it plans to roll out the tool by the end of this year, which is going to live in the Facebook Help Center and will also include information about Instagram accounts.

"It is important that people understand how foreign actors tried to sow division and mistrust using Facebook before and after the 2016 US election," Facebook said in a blog post. "That's why as we have discovered information, we have continually come forward to share it publicly and have provided it to congressional investigators."

Last month, Facebook announced that Russian influence had reached 126 million people on its platform -- and that doesn't include the additional 20 million who were reportedly exposed on Instagram. The company's General Counsel, Colin Stretch, has since testified before a US House of Representatives committee investigating Russia's meddling in the 2016 US Presidential Election and said that the social network is "deeply concerned about all these threats."

Stretch added that the social network is doubling its engineering efforts, hiring more ad reviewers and requiring more information from political advertisers to crack down on these "bad actors." Before the end of the year, you can find out whether or not you were fooled by one of them.

Source: Facebook

Russia accused of UK energy, media and telecoms cyberattacks

One of the UK's top cybersecurity chiefs has revealed that Russian hackers are behind recent attacks on the nation's media, telecommunications and energy sectors. Speaking at the Times Tech Summit in London, Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), said "Russian interference" had been identified numerous times over the past year. He argued that the Kremlin was seeking to "undermine the international system" and that "international order as we know it" had started to disappear. He didn't, however, specify which attacks had been attributed to Russia, or how the UK government had identified the culprit.

The comments follow a speech on Monday by UK prime minister Theresa May, who accused Russia of spreading fake news and meddling in British politics. "I have a very simple message for Russia," she said at the Lord Mayor's Banquet. "We know what you are doing. And you will not succeed. Because you underestimate the resilience of our democracies, the enduring attraction of free and open societies, and the commitment of western nations to the alliances that bind us." She added that the UK would do "what is necessary" to protect itself and those it considers allies.

The NCSC is part of GCHQ, the UK's intelligence and security division. It was set up last year to replace a number of cybersecurity teams including the CESG (Communications-Electronics Security Group) and the Centre for Cyber Assessment (CCA). In that time, it's responded to more than 600 attacks triggered by "hostile states" and independent criminals. Martin wouldn't say how many of those cases were tied to Russia, but did mention that state attacks had become "extremely sophisticated." According to The Times, they include distributed denial of service attacks and "intrusions" designed to steal government intelligence and corporate secrets.

Via: BBC

Source: NCSC, The Times

UK watchdog calls for transparency on online political ad funding

The UK's Electoral Commission wants political parties to be more transparent about the people or companies bankrolling their online advertising campaigns during general elections. The independent body says British voters deserve the same transparency while browsing the web as they do looking at billboards and pamphlets. At present, candidates and non-party campaigners are required to include an "imprint," or disclaimer, on physical advertising that explains who is behind it. Now, the Commission wants that same requirement to cover online material too.

"This would enable voters to identify who is spending money on trying to influence them at elections," it said in a report yesterday.

The UK's election rules are currently outlined under the Political Parties, Elections and Referendums Act 2000 (PPERA). The Commission's recommendations would require a piece of secondary legislation, created by the UK government and signed off by parliament, before any fines or sanctions could be levied against uncooperative groups. It follows remarks by the Prime Minister Theresa May, who on Monday accused Russia of meddling in British elections. "We know what you are doing," she said during a speech at the Lord Mayor's banquet, "and you will not succeed."

Bots are but one method that could be used to sway a vote. The Commission says it's aware of the "commentary and concern" raised during the last general election, and would extend its new imprint ruled to cover this campaigning technique. "It should be an offence to use 'bots' in this way without making clear who has caused the material to be created and on whose behalf it is disseminated," it added. The comments follow research from the University of Edinburgh, which discovered more than 400 fake Twitter accounts controlled by Russia to influence Brexit.

Damian Collins, the chairman of the Commons culture, media and sport select committee, has also asked Twitter for Russia-linked accounts that could have influenced "the democratic process of the United Kingdom."

The Commission also wants political parties to give a more detailed breakdown of the amounts they are spending on social media campaigns and digital advertising. These are covered under PPERA, but can be difficult to track because parties file them under general advertising and unsolicited campaign material. The Commission can filter by supplier name, which might reveal invoices from Facebook and Twitter, but others are trickier to track, especially if they involve intermediary media agencies. Directly employed staff — crucial for creating and amplifying social media campaigns — currently aren't counted in election spending either.

Finally, the Commission wants its investigative and sanctioning powers to be broadened to include offences relating to candidate spending and donations. "Most campaigners follow the rules, but failures to comply can reduce transparency for voters and confidence that an election was well run," the Commission said in its report. "It is therefore important that when breaches do occur they are dealt with robustly and effectively."

Source: Electoral Commission, The Guardian