Tag : data encryption

DDoS Attacks are Making Cybercriminals Very, Very, Rich

Actually, $100,000 richer to be exact.

By sending just an email, the group called Armada Collective is easily shaking down companies and pulling in the cash. Distributed denial-of-service, better know as DDoS attacks, consist of little technical experience other than causing a website to crash by flooding it with traffic. Usually the threatening email alone is enough to get companies to pay up in Bitcoin.

This is not the first time we have heard of the Armada Collective group. Back in 2015 they became nonactive, and in 2016 alleged members were arrested. It is believed that a separate group has decided to use the Armada name in order to capitalize on previous DDoS presence.

The email looks something like this:

Capture

Over 100 businesses have received the email threats according to CloudFlare CEO Matthew Price. However, not one case of Armada actually launching a DDoS attack has been reported. Price weighs in by saying, ” In fact, because the extortion emails reuse Bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundred of thousands of dollars in extortion payments. ”

The Bitcoin fee ranges between 10-50 Bitcoin which is about $4,600-$23,000. There seems to be no rhyme or reason to how the collective determines Bitcoin amounts per company.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: How cybercriminals earned $100,000 just by sending a DDoS threat email

 

U.S. unlocks iPhone in San Bernardino Case, without Apple’s Help

applefbiAccording to the New York Times, law enforcement has figured out a way to sidestep the encryption on the iPhone in the San Bernardino case, and they did it without the help of Apple. The U.S. Department of Justice has since dropped legal action against Apple as they no longer need their assistance. The government pushed relentlessly for Apple to help unlock the phone. They even went as far as to say that an Apple created encryption key was the only method for gathering the stored data on the smartphone. We now know this to not be the case.

Apple’s main concern with complying to the government’s cry for help came from an understandable viewpoint. Apple CEO, Tim Cook, said creating a backdoor for this specific case would lead to a slippery slope for future cases with encryption components.

As it turns out Apple is off the hook for the time being, thanks to Cellebrite, an Israeli security firm. This firm provides mobile forensic services and assisted the FBI in unlocking the smartphone.

Withdrawing from prosecution leaves many questions open ended for future encryption cases. Something tells me this won’t be the last time Apple and other private companies will be faced with a difficult decision to make. Should such companies be forced to aid in encryption breaking for law enforcement purposes, or only special cases? What guidelines should be made?

If you would like to educate yourself further about the information presented in this blog post please visit:

http://www.pcmag.com/news/343264/u-s-unlocks-iphone-ends-legal-action-against-apple

Incriminate Yourself!

Data protection is becoming more and more of a compliance requirement for organizations that surround themselves with confidential information (whether it be social security numbers, banking information, or even credit cards), and one key element in protecting the data comes in the form of Data Encryption, often used throughout the world used as a last line of defense in the event of a breach or compromise to a companies network.

One US Citizen, charged by a Colorado District Court, is being accused by the FBI to have key information in the investigation of a Mortgage Scam stored on her “legally seized” laptop. Upon the acquisition of the laptop, authorities found the laptop to be encrypted by a password known only by its owner, and in the Case of US vs. Fricosu, the Colorado district court is deciding whether they can legally compel (or in better terms, “force”) Fricosu to divulge the decryption key that unlocks the hard drive, thus potentially incriminating her in the process.

The Electronic Frontier Foundation (backing the accused) is under the belief that due to the lack of presented evidence by the government prosecution with regards to what they expect to find on the laptop or what they are looking for, is simply fishing for evidence to prosecute the defendant, and believes forcing Fricosu to disclose her password is a direct violation of her Fifth Amendment rights (which protects witnesses from being forced to incriminate themselves).

It’s pretty simple, no evidence against the defendant, a clear violation of the users privacy, and an attempt to force a person to violate their civil rights? This case should clearly be dropped, what’s your take on it?