The world continues to battle the deadly Covid-19 pandemic also called Coronavirus as many sectors and companies encourage their staffs to work from home.
Office workers who usually don’t have much time for their social networks and mass random messages now have ample time to go through their devices and computers and even see a few movie series.
Ironically, this is possible as individuals cling to the only thing that could help them communicate with the outer work – their smartphones.
This large number of human force all stuck at home has led a major increase in online scammers as even the ethical one’s amongst them have grown bored and looking for new loopholes to exploit.
Organizations are been targeted, individuals are made to pay the price for being idle, phishing mails are getting sent and received at a rate of a thousand mails every second. But asides all these, individuals are encouraged to stay safe from the deadly virus with recorded infection figures going up each day here in the part of the world.
Seems everyone forgot about the other safe which is very much vital too??!
The U.S. Federal Bureau of Investigations (FBI) is warning the Internet community that COVID-19 has sparked rising scammers leveraging the deadly virus to steal money, personal information or both from users of online services.
“Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits”, the US law enforcement agency advises.
In this part of the world where vulnerable individuals hardly struggle to survive each day, talks making rounds on the internet regarding the Nigerian government sharing stimulus package of N20,000 to every citizen has done little to help arrest the issue of cybercrime.
Hackers and scammers have been continuously bombarding individuals with phishing links to give away their details so as to enlist them and reserve their own package; which invariably is only sugar-coated lies.
This is not a happy sight as so many individuals who struggle to make through each day with their families end up giving away the little they have in reserve.
A recent war brewing between the United States and China over alleged hack into the former’s Covid-19 vaccine research systems just goes about to tell you no one is exempt from the monster that is Cyber attack.
Furthermore, company’s have had to educate their staffs with regards to working from home and handling logins both on personal and public computers as any major breakthrough in user data could finally result in giving away company information which isin’t really a worthy report.
FBI says Internet users should always use good cyber hygiene and security measures when they are online.
According to the law enforcement agency, the following five(core) tips are vital for any Internet user to protect themselves and help limit the rate of cybercrime activity:
- Do not open attachments or click links within emails from senders you don’t recognize no matter how tempting the message contained is.
- Do not provide your username, password, date of birth, social security number, BVN, financial data, or other personal information in response to an email or robocall from a random individual.
- Always verify the web address of legitimate websites and manually type them into your browser. If possible Google search the address name categorically before clicking through.
- Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in .com” instead).
- If you believe you are the victim of an Internet scam or cyber crime, or if you want to report suspicious activity, don’t hesitate to contact the institution involved ASAP.
Internet fraud is a monster that won’t just go away yet but with staying safe, careful and regulating our online footprints, we could save lives and cooperations at large.
US agencies arrest three individuals including a 17-year-old-minor for Twitter’s Bitcoin Heist involving Elon Musk, Apple and more
Investigations, analysis and multiple Intel collection involving the biggest Bitcoin heist in history doesn’t seem to be abating any day as information reveals three individuals as well as a 17 year-old boy were all perpetrators of the Twitter hack.
After Twitter on Thursday confirmed through its Security account notes that it was a phone spear-phishing attack that led to the hacking of tens of high-profile accounts luring users to invest in bitcoin currency, it seems the rebels are beginning to show up or rather found out.
A 17-year-old boy from Florida has been charged and put under arrest for carrying out what could be the biggest security hack in Twitter’s history on July 15, affecting verified profiles and using them for phishing in a bitcoin scam. The Florida boy named Graham Clark is charged with over 30 felonies, by the Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), US Secret Service, and Florida state law enforcement body.
What were you doing at 17?
Little boy Clark is believed to be the mastermind behind the Twitter breach and attack carried out on July 15, 2020, in which he took over the verified accounts of Elon Musk, Bill Gates, Joe Biden, Kanye West, and Apple among 130 accounts. While initially, it was only Clark who was found guilty, a further investigation later revealed at least three more people were involved.
The US Department of Justice arrested 22-year-old Nima Fazeli from Orlando and 19-year-old Mason Shepphard from the United Kingdom, and an unidentified minor from California who admitted to having aided Shepphard in selling access to Twitter accounts. The two identified individuals go by “Rolex” and “Chaewon” as their hacker aliases. However, the federal agencies believe, basis the evidence they have procured, that Clark from Florida had to more in the colossal security breach that forced Twitter to suspend verified profiles of famous people briefly.
How could Clark and co. have done this?
According to agents, Clark is said to had gained access to the internal tool of Twitter by tricking one of the company’s IT department employees into giving him confidential credentials probably through social
Now before you get on my heels, I’m no Master Graham Clark but I know some about at social engineering and phishing.
Social engineering is basically the skill of the mind through which hackers manipulate people into giving out critical information. They may or may not have access to the company’s codes. Phishing is a part of social engineering.
So, three Under-23 individuals accurately did an SE on Twitter staffs old enough to be their parents?? Right
According to an affidavit released by the authorities, Clarke got an approximate amount of $117,000 (roughly NGN 46.6million) from the bitcoin scam by defrauding the followers of the people whose verified profiles were hacked.
But they were found out, finally…
There’s the popular saying, “You hang around a barbershop, sooner or later you gonna get a haircut”, so, Clark and his compatriots knew a bunch about breaking through security firewalls but not securing their trails themselves.
Chaewon, or Shepphard from the UK, left his trails, which helped the US authorities to trace him. According to the federal agencies working the case, Chaewon used his driver’s license for verification on the Binance and Coinbase cryptocurrency exchanges, which were used to trade bitcoins from the scam.
Fazeli aka Rolex was no different either for he also registered on Coinbase and verified his account using a driver’s licence. He received payments in bitcoin for selling stolen Twitter credentials.
Both Chaewon and Rolex are charged with $250,000 (roughly Rs 1.87 crore) fine in the US but other consequences are different. Chaewon has been charged with computer intrusion, wire fraud conspiracy, money laundering conspiracy, and a 20-year jail term for the most serious crime. Rolex is charged only with computer intrusion, the fine for which is his punitive consequence.
What has Twitter done or doing so far?
Well, pretty much a bunch at least. Twitter has acknowledged the arrests made by the US authorities and revealed more data on how the breach affected the users and what data was stolen if it was.
According to the US-based social media giant, the breach carried out on July 15, 2020 targeted 130 accounts using the internal tools, 45 of which were bypassed by the hackers and their passwords were reset. These 45 accounts were then used to send scamming tweets to the followers of the profiles. 36 accounts had their DMs accessed by the hackers while 8 of them had their Twitter archived and downloaded.
Twitter says these 8 accounts were not the verified ones but has not disclosed if such an action will be consequential to the privacy of the individuals who owned these accounts.
Moreover, the Jack Dorsey-led company has also stated measures the company will take in the future, including restoring the accounts who are still locked out, continuing with the investigation internally and with the cooperation of law enforcement, securing the systems further to prevent such hacks in future.
Also, it expects to introduce a company-wide training of employees on ongoing phishing and other “social engineering tactics” used by hackers to prevent themselves from being falling prey to them.
Google pays Student $10,000 For Reporting Security Flaw
Last year, Google released a result which shows that hackers were rewarded $3 million throughout 2016. Recently, a Uruguayan student has been rewarded with $10,000 because he managed to discover a vulnerability in Google.
According to Ezequiel Pereira, he found the vulnerability when he was playing with Google services using a web security testing tool known as Burp Suite.
He was actually playing with Burp Suite to find the vulnerability, after many failed attempts, he discovered that the internal web page of yaqs.googleplex.com didn’t have the username or password check in place.
Googleplex.com hosts several Google App Engine applications.
Ezequiel Pereira wrote
“The website’s homepage redirected me to “/eng”, and that page was pretty interesting, it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: “Google Confidential
“At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp”
He also shared screenshots of the email exchanges with Google’s security team the same day. Google’s security team confirmed that the bug he reported was very effective. Pereira says he was very surprised when he received $10,000 from Google team for his work after a month.
However, Google has resolved the vulnerability and the large reward was because they found a few variants that would have allowed an attacker access sensitive data”