FBI and Microsoft Corp in joint assault on £500m fraud botnet

June 07, 2013

(Source) Microsoft's digital crimes unit takes down at least 1,000 Citadel botnets in attempt to curb £500m theft from bank accounts

Microsoft Corp and the FBI, aided by authorities in more than 80 countries, have launched a major assault on one of the world's biggest cybercrime rings, believed to have stolen more than $500m (£323m) from bank accounts over the past 18 months.

Microsoft said its digital crimes unit had successfully taken down at least 1,000 of an estimated 1,400 malicious computer networks known as the Citadel botnets.

Citadel infected as many as 5m PCs around the world and, according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.

While the criminals remain at large and the authorities do not know the identities of any ringleaders, the internationally co-ordinated take-down dealt a significant blow to their capabilities.

"The bad guys will feel the punch in the gut," said Richard Domingues Boscovich, assistant general counsel with Microsoft's digital crimes unit.

Botnets are armies of infected personal computers, or bots, which run software forcing them to regularly check in with and obey "command and control" servers operated by hackers. Botnets are typically used to commit financial crimes, send spam, distribute computer viruses and attack computer networks. Citadel is one of the biggest botnets in operation today. Microsoft said its creator bundled the software with pirated versions of the Windows operating system and used it to control PCs in the US, western Europe, Hong Kong, India and Australia.

The FBI said it is working closely with Europol and other overseas authorities to try to capture the unknown criminals. It has obtained search warrants as part of what it characterised as a "fairly advanced" criminal probe.

"We are upping the game in our level of commitment in going after botnet creators and distributors," the FBI's assistant executive director, Richard McFeely, said.

"This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and, if we can, get US criminal process on these botnet creators and distributors."

Microsoft has filed a civil lawsuit in the US district court in Charlotte, North Carolina against the unknown hackers and obtained a court order to shut down the botnets. The complaint, unsealed on Wednesday, identifies the ringleader as John Doe No 1, who goes by the alias Aquabox and is accused of creating and maintaining the botnet.

Boscovich said investigators are trying to determine Aquabox's identity and suspect he lives in eastern Europe and works with at least 81 "herders", who run the bots from anywhere in the world.

The Citadel software is programmed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.

According to Microsoft, Citadel was used to steal more than $500m from banks in the US and abroad, but the company did not specify losses at individual accounts or firms.

The American Bankers Association (ABA), one of three financial industry groups that worked with Microsoft, said any success in reducing the number of active Citadel botnets will reduce future losses incurred by banks and their customers.

"I am hopeful we have a model that will allow us to get closer and closer to those who are the ultimate perpetrators of these crimes," said ABA's vice-president, Doug Johnson.

In the US, banks typically reimburse consumers when they are victims of cybercrime, but they may require business customers to absorb those losses, the ABA said.

Microsoft's team of digital detectives, who are based at its corporate headquarters in Redmond, Washington, have been involved in seven efforts to attack botnets since 2010. The latest marks its first collaboration with the FBI.

The software maker sought help from the FBI about 10 days ago. At that time the agency told Microsoft that it had already done significant work on a criminal investigation into the Citadel botnets, McFeely said.

Microsoft said it and the FBI were working with law enforcement and other organisations in countries including Australia, Brazil, Ecuador, Germany, Holland, Hong Kong, Iceland, India, Indonesia, Spain and the UK.

Of the more than 1,000 botnets that were shut down on Wednesday, Microsoft said 455 were hosted in 40 data centres in the US. The rest were located in dozens of countries overseas.

Technicians from Microsoft, accompanied by US marshals, visited two data centres in Scranton, Pennsylvania and Absecon, New Jersey to collect forensic evidence.

Boscovich said the data centre operators typically were not aware that their servers were being used to run botnets. "There is no responsibility on their part to see what is in the pipes," he said.

It is the second time Microsoft's digital crimes unit has sought to bring down a large number of botnets at once. In March 2012 it targeted hundreds of Zeus botnets, which use similar software and infrastructure to Citadel, though they were not as sophisticated.

That effort succeeded in shutting just a quarter of the approximately 800 targeted Zeus command and control servers, according to Microsoft. Zeus is not controlled by a single developer like Citadel, which made it harder for investigators to track and knock out herders.

Cybercriminals typically infect machines by sending spam emails containing malicious links and attachments, and by infecting legitimate websites with computer viruses that attack unsuspecting visitors. Some bot herders rent or sell infected machines on underground markets to other cybercriminals looking to engage in a wide variety of activities.

The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. It surfaced in early 2012 and is sold over the internet in kits that cost $2,400 or more.

Boscovich said he believes that Aquabox also gets a percentage of money stolen by his customers using Citadel.

The kits allow herders to easily set up and run botnets on pirated versions of Microsoft's Windows XP operating system, according to court documents. The kits include modules for infecting PCs, as well as stealing from online banking sites, sending spam and engaging in other types of cybercrime.

Some Citadel botnet operators have used infected machines to disrupt bank websites in so-called distributed denial of service attacks, hoping to distract those firms from thefts that are occurring or have occurred, according to the complaint.


Aquabox provided herders a secret forum where they could suggest new features for the Citadel kits, as well as exchange ideas on best practices in botnet herding, Microsoft said.
READ MORE - FBI and Microsoft Corp in joint assault on £500m fraud botnet

Aishwarya Rai Bachchan skips meeting Hollywood legend Al Pacino for daughter Aaradhya

(Source) Aishwarya is a doting mother and the actress just proved it once again as she skipped a meeting with none other 'Godfather' Al Pacino to be with her daughter.

While the Bachchan couple was in London for a short holiday, along with their bundle of joy, they had a chance to meet the Hollywood legend but Aishwarya chose to stay back as there was no one to look after her daughter. 

According to a source Aishwarya's mother Vrinda was leaving for India on the same day. And since there was no one else to look after Aaradhya, Aishwarya decided to stay back.

Hubby Abhishek attended the dinner date alone, while Ash stayed home looking after her baby.
READ MORE - Aishwarya Rai Bachchan skips meeting Hollywood legend Al Pacino for daughter Aaradhya

Deepika Padukone wants to keep her Yeh Jawaani Hai Deewani glasses

(Source) Padukone's bespectacled look in Yeh Jawaani Hai Deewani has garnered much attention and the actress wants to keep the glasses she wore in the film as a souvenir.
In the first part of the film, the 27-year-old played a girl-next-door Naina Talwar, and is refereed to as chasmish by her on-screen friends played by Ranbir Kapoor and Aditya Roy Kapoor.
"Naina is a special character for me. The glasses helped me live that part. I would like to keep them as a memory of her," Deepika said in a statement.
"She is emotional about the character, and the glasses were an important part of it. Also, people kept calling her chashmish (a term she was addressed as in the film too)," a source said.
Yeh Jawaani Hai Deewani, a coming-of-age romantic comedy film has been directed by Ayan Mukerji and produced by Karan Johar.
The film has already crossed the Rs 100 crore mark within just a week of its release.
READ MORE - Deepika Padukone wants to keep her Yeh Jawaani Hai Deewani glasses

Torndado scene in Man of Steel to remain in film, director says

BURBANK, Calif. — In the upcoming film Man of Steel, Superman faces off against ruthless outcasts from his home planet. The last son of Krypton also encounters a more realistic force of nature on earth: a deadly tornado.
Man of Steel director Zack Snyder said there was never any discussion about altering the pivotal scene involving a twister following recent deadly storms in Oklahoma.

Man of Steel to Remain in Film

READ MORE - Torndado scene in Man of Steel to remain in film, director says

U.S. intelligence program secretly probes Internet servers

Director of National Intelligence James R. Clapper confirmed that the secret program exists but said media reports contained ¿numerous inaccuracies.

(Source) Government agencies search the central servers of nine leading Internet companies for emails and other data potentially linked to terrorism or espionage cases, the U.S. intelligence chief says.

WASHINGTON — The U.S. director of national intelligence late Thursday confirmed the existence of a secret program in which the government has tapped into the central servers of nine leading Internet companies to search for data potentially linked to terrorism, espionage or nuclear proliferation, but he called two newspapers' disclosure of it "reprehensible."

Under the 6-year-old program, code-named PRISM, the FBI and National Security Agency have searched for emails, videos, photographs and other documents. The effort involves Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube and Apple, the Washington Post and Britain's Guardian reported, quoting from classified documents. Among major Internet companies, only Twitter has so far been a holdout, the Post said.

Director of National Intelligence James R. Clapper confirmed the program but said the Post and Guardian articles contained "numerous inaccuracies."

Apple, Google, Facebook and Yahoo all denied participating. The others did not respond to requests for comment Thursday night.

Clapper said the program was intended to target foreigners and "cannot be used to intentionally target any U.S. citizen, any other U.S. person or anyone located within the United States." Court-approved procedures "minimize the acquisition" of information about U.S. persons, he said in a statement.

The Foreign Intelligence Surveillance Court, the executive branch and Congress oversee the program, which "was recently reauthorized by Congress after extensive hearings and debate," he said.

"Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats," Clapper said.

The latest disclosures, coming as officials separately confirmed a long-running NSA program to secretly collect records on nearly all domestic and international phone calls made by Americans, underscores how U.S. intelligence and law enforcement now secretly glean vast amounts of information from communications technology.

Legally, much of the data is considered property of the companies, not of individual users. That limits users' ability to challenge the government's data-mining operations in court.

The Post said it had obtained information about PRISM from a career intelligence officer who provided PowerPoint slides "to expose what he believes to be a gross intrusion on privacy."

According to the Post, a presentation for senior NSA analysts described PRISM "as the most prolific contributor to the president's daily brief, which cited PRISM data in 1,477 articles last year." The daily brief contains the nation's most valuable intelligence secrets and goes only to the president and a few top aides each morning.

According to the briefing slides, "NSA reporting increasingly relies on PRISM" as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports, the Post reported.

PRISM analysts can use search terms to delve into computer systems to pull out selected information. The terms are designed to look for data that is foreign in origin, but, according to the briefing materials, the NSA concedes that it inevitably picks up considerable data on Americans.

In most cases, Internet companies have voluntarily cooperated with PRISM in return for immunity from lawsuits, the Post said.

But in 2008, Congress gave the Justice Department the authority to seek a secret court order to force a reluctant company to comply. The Post said that Microsoft became the first corporate partner in PRISM in 2007 and that Apple held out until 2012.

Apple disputed that it had signed on to any such program.

"We have never heard of PRISM," Apple said in a statement Thursday night. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order."

Yahoo issued a similar denial.

"Yahoo! takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network," the company said in a statement.

Google said it "does not have a 'back door' for the government to access private user data."

And Joe Sullivan, chief security officer at Facebook, said protecting users' privacy and data is a top priority.

"We do not provide any government organization with direct access to Facebook servers," he said. "When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law."

Clapper, the intelligence director, declassified a few details about the separate program that collects telephone records, also disclosed by the Guardian. Clapper said he wanted to reassure Americans that "the intelligence community is committed to respecting the civil liberties and privacy of all American citizens."

He noted that the special court reviews the program every three months. He confirmed that the government is barred from searching telephone records "indiscriminately" and can only search the data for specific information after proving to a court that it has reasonable suspicion of association with a foreign terrorist organization.
READ MORE - U.S. intelligence program secretly probes Internet servers

’انٹرنیٹ پر صارفین کی نگرانی کی جاتی ہے‘

امریکہ کی نیشنل سکیورٹی ایجنسی کے ڈائریکٹر جیمز کلیپر نے تسلیم کیا ہے کہ حکومت نے انٹرنیٹ کمپنیوں سے صارفین کی بات چیت کا ریکارڈ حاصل کرتی ہے تاہم معلومات حاصل کرنے کی پالیسی کا ہدف صرف’غیر امریکی افراد‘ ہیں۔
جمعرات کو رات گئے امریکی نیشنل سکیورٹی ایجنسی کے ڈائریکٹر کلپیر کی جانب سے جاری ہونے والے ایک بیان میں کہا گیا ہے کہ’ امریکی اخبار واشنگٹن پوسٹ اور برطانوی اخبار گارڈین میں ’پرزم پروگرام‘ کے بارے میں شائع ہونے والی خبروں میں کئی خامیاں ہیں‘ تاہم اس بارے میں مزید تفصیل نہیں بتائی گئی۔
انہوں بیان میں مزید کہا ہے کہ بات چیت کی معلومات حاصل کرنے کے پروگرام’ کو بنانے کا مقصد بیرون ملک سے انٹیلیجنس معلومات حاصل کرنا ہے اور اس کا تعلق امریکہ سے باہر مقیم افراد سے ہے‘۔
جیمز کلیپر کے بیان کے بقول’ امریکی شہریوں، دیگر امریکی افراد اور امریکہ میں مقیم کسی بھی فرد کے خلاف جان بوجھ کر استعمال نہیں کیا جائے گا‘۔
انہوں نے بتایا کہ یہ پرگرام بیرون ملکی نگرانی کے ایکٹ کے سیکشن 702 کے تحت کام کرتا ہے اور اس کی حال ہی میں کانگریس میں بحث کے بعد اجازت دی گئی تھی۔
’اس پروگرام کے تحت کے جو معلومات حاصل کر جاتی ہیں، وہ بیرونی ملک سے حاصل کرنے والی خفیہ معلومات میں انتہائی اہم اور قیمتی ہوتی ہیں‘۔
امریکی اخبار واشنگٹن پوسٹ نے خبر دی ہے کہ امریکی خفیہ ایجنسیاں سراغ رسانی کی غرض سے انٹرنیٹ کی نو بڑی کمپنیوں کے سرورز سے صارفین کے بارے میں براہ راست معلومات حاصل کر رہی ہیں۔ ان کمپنیوں میں فیس بک، یو ٹیوب، سکائپ، ایپل، پال ٹاک، گوگل، مائکروسافٹ اور یاہو بھی شامل ہیں۔
اخبار کے مطابق یہ سب کچھ امریکی حکومت کے ایک خفیہ پروگرام کے تحت کیا جارہا ہے جسے پرزم کا نام دیا گیا ہے اور اسکے ذریعے لوگوں کی ذاتی ویڈیوز، تصاویر اور ای میلز تک نکال لی جاتی ہیں تاکہ مخصوص لوگوں پر نظر رکھی جا سکے۔
اس سے پہلے برطانوی اخبار گارڈین کی ایک رپورٹ کے مطابق امریکہ کی نیشنل سکیورٹی ایجنسی ایک خفیہ عدالتی حکم کے تحت امریکی کی سب سے ٹیلی کمیونیکیشن کمپنی ویریزون سے روزانہ لاکھوں صارفین کے ٹیلیفون ریکارڈ حاصل کرتی ہے۔

انسانی حقوق کی تنظیموں نے امریکی حکومت کے اس فیصلے کو ’حیرت انگیز‘ قرار دیا ہے۔
امریکہ کے آئینی حقوق کے سینٹر نے اپنے ردعمل میں کہا ہے کہ ایسا محسوس ہوتا ہے کہ کسی عدالت کی جانب سے لوگوں کی نگرانی کا سب سے وسیع حکم ہے۔
صدر بش کے دور میں منظور کیے جانے والے قانون پیٹریوٹ ایکٹ کے تحت جاری اس عدالتی حکم پر جج راجر ونسن کے دستخط ہیں۔
اس عدالتی حکم کے تحت کمپنی پر لازم ہے کہ وہ نیشنل سکیورٹی ایجنسی کو اس تمام الیکٹرانک ڈیٹا کی تفصیلات مہیا کرے جس میں کس صارف نےکس وقت، کہاں اور کس نمبر پر فون کیا۔
کمپنی پر لازم ہے کہ وہ ٹیلیفون نمبر، کالنگ کارڈ نمبر، انٹرنیشنل سبسکرائبر شناختی نمبر ، انٹرنیشنل موبائل سٹیشن آلات نمبر، اور کال کی تاریخ اور وقت کے بارے میں مکمل معلومات مہیا کرے۔
البتہ اس عدالتی حکم کے تحت ٹیلی کمیونیکیشن کمپنی اپنے صارف کا نام، پتہ اور اس رابطے کے دوران مواد کے تبادلے کی معلومات دینے کی پابند نہیں ہے۔
عدالت نے یہ بھی حکم دیا ہے کہ اس عدالتی حکم کے بارے میں کسی کو کوئی معلومات نہ فراہم کی جائے۔
انٹرنیٹ کمپنیوں یاہو، فیس بک اور ایپل نے اپنے ردعمل میں کہا ہے کہ وہ امریکہ کی کسی بھی حکومتی ایجنسی کو اپنے سرورز تک براہ راست رسائی نہیں دیتی ہیں۔
گوگل کی جانب سے جاری ہونے والے بیان میں کہا گیا ہے کہ’ گوگل حکومت کو کوئی ایسا خفیہ دروازہ مہیا نہیں کرتی جس کے تحت نجی صارفین کی معلومات حاصل کی جا سکیں۔
READ MORE - ’انٹرنیٹ پر صارفین کی نگرانی کی جاتی ہے‘

LinkWithin

Related Posts Plugin for WordPress, Blogger...

Welcome to The World Fashion