Author: rescue@crimefire.in

Cybercrime is projected to cost $7 trillion globally in 2022, according to research by Cybersecurity Ventures. And despite strong business and interpersonal skills, many professionals lack the cybersecurity knowledge needed to help their company prevent cyberattacks.
Complicating matters further, there’s a massive cybersecurity talent gap of more than 700,000 open positions in the U.S. C-suite leaders and business executives are “paying attention” to cybersecurity, according to Cybersecurity Venture’s report, “but they tell us reports on cybersecurity are way too technical, and use terms they don’t understand.”
To help business leaders prepare for “real-world” scenarios involving cybersecurity, talent development platform Udacity announced this week it’s launching a Cybersecurity for Business Leaders Program—which is tailor-made for C-suite executives and senior-level managers.
“Cybersecurity should be a top concern for all of us—especially given the impact that the choices we make now about cybersecurity can have on our future business success,” Udacity CEO Gabriel Dalporto tells Fortune. “C-suite and senior-level managers must be able to identify potential cyber threats to their organization and understand systemic risks present within its digital ecosystem of suppliers, vendors, and customers.”
Dalporto says that professionals who participate in the cybersecurity program should walk away with the following five major understandings: 
Essentially, the course is designed to help people understand cybersecurity risks, identify potential threats, and create a budget for cybersecurity protections. It’s also important for business leaders to get “buy-in” from other employees by launching cybersecurity awareness campaigns, training plans, and accountability measures, Dalporto says.
What’s more, participants complete the course with materials they can apply in their current companies. They leave the program with a “fully baked out” incident response plan (as Dalporto puts it), an internal cybersecurity awareness campaign model, and a three-year cybersecurity investment budget proposal for their company.
“Many leaders have struggled to keep pace with the digital transformation of their industries, leaving significant knowledge, process, and technology gaps in how they manage threats,” Dalporto says. “It’s a challenge to stay current—but a challenge we should all embrace to ensure the right decisions are made at every level.”
Enrollment for the program is open until October 12 for the upcoming cohort. The program takes one month to complete with about three-to-five hours of commitment per week. No prerequisite courses are necessary, though Udacity also offers other cybersecurity-related courses, including an Introduction to Cybersecurity. 
The program is taught by Eric Hollis, president and CEO of HollisGroup, a cybersecurity and risk management consultancy. Hollis holds several cybersecurity certifications, including Certified Information Security Manager (CISM), an advanced certification for industry leaders.
“Digital ecosystems pose an easy access point for cyber threats and breaches,” Hollis said in a statement. “Cybersecurity for Business Leaders is a highly-detailed program, and I’m eager to work with a diverse set of leaders who are looking to expand their cybersecurity skill set and help their teams excel.”
The program costs $399 to complete and also includes access to mentor support and career services.
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

MORGANTOWN, W.Va. — West Virginia University has advised the campus community that a data breach has occurred, but officials said only a limited number of people and their personal information were compromised.
Officials learned last Nov. 25 that a development webpage launched in December of 2021 contained the information that was then available to the public. As of Nov. 28, 2022, all of the information had been scrubbed from public view.
According to WVU’s chief information officer, Brice Knotts, an investigation determined patient file names were accessible and downloaded by outside parties. The investigation also established that no social security numbers, financial information, birth dates, passwords, addresses, or account numbers were released.
“It was part of a development community,” Knotts said. “When it was configured to be publicly facing, any member of that development community could have downloaded that information, so it’s not possible to identify specific individuals.”
The information that was compromised included the patient’s last name, medical procedure or treatment name, and potential exposure to disease.
Officials clarified that only the file name and not the content of the patient’s medical record were released. Actual medical records are kept on an encrypted file server only accessible by authorized personnel.
“The information that was disclosed was just a file name, not the actual file; it’s important to recognize that,” Knotts said. “The patient’s actual medical record was not released.”
Even though officials believe none of the information has been misused, additional resources and instructions for safeguarding information are being offered to the victims.
“As always, we would advise people to monitor their accounts just to make sure none of their information is being misused,” Knotts said.
Knotts also recommended the use of an account password manager application and noted that some credit card companies offer free identification protection services.
“I think if it were me, I would keep an extra eye on my information and make sure it’s not being misused, which is probably a good thing to do as a general practice,” Knotts said.
People with questions or concerns are asked to contact the WVU Health Sciences Risk Management and Privacy Office toll-free at 1-888-825-1401.

Contact Us  |  Privacy Policy  |  Employment  |  Affiliates Intranet
Do Not Sell My Personal Information
Copyright © 2023 West Virginia MetroNews Network.

source

On February 24, 2023, Crystal Bay Casino filed notice of a data breach with the attorney general offices in Maine, Montana and Massachusetts after learning that an unauthorized party accessed files on the company’s computer network containing confidential consumer information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers and driver’s license numbers. After confirming that consumer data was leaked, Crystal Bay Casino began sending out data breach notification letters to the 86,291 individuals who were impacted by the recent data security incident.
If you received a data breach notification from Crystal Bay Casino, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Crystal Bay Casino data breach, please see our recent piece on the topic here.
The available information regarding the Crystal Bay Casino breach comes from the company’s filing with the Attorney General of Montana. According to this source, in November 2022, Crystal Bay Casino detected unusual activity on its computer network. In response, the company secured its systems and launched an investigation to determine the nature and scope of the incident, as well as whether any consumer information was compromised as a result.
The Crystal Bay Casino investigation confirmed that an unauthorized party was able to access the company’s IT network and remove certain files. It was later determined that some of these files contained confidential consumer information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Crystal Bay Casino began to review the affected files to determine what information was compromised and which consumers were impacted. The company completed this review on January 25, 2023. While the breached information varies depending on the individual, it may include your name, Social Security number and driver’s license number.
On February 24, 2023, Crystal Bay Casino sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1937, Crystal Bay Casino is a hotel and casino resort located in Crystal Bay, Nevada, near Lake Tahoe. Crystal Bay Casino also hosts live music events at the Crystal Bay Casino Crown Room. Crystal Bay Casino employs more than 92 people and generates approximately $17 million in annual revenue.
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Console and Associates, P.C. | Attorney Advertising
Refine your interests »
Back to Top
Explore 2023 Readers’ Choice Awards
Copyright © JD Supra, LLC

source

The hackers attained stealth in the News Corp network and remained hidden for two years between February 2020 and January 2022.

This week, mass communications and publishing giant News Corp disclosed additional details about a three-year-old breach that came to light in 2022. The company revealed that the threat actors were inside its network for two years.
First reported by BleepingComputer, which came across the Rupert Murdoch-headed media conglomerate’s letterOpens a new window to its employees, the hackers attained stealth in the News Corp network and remained hidden for two years between February 2020 and January 2022.
Believed to be conducted by China-based threat actors, News Corp first discovered the breach in February 2022. At the time, the company incorrectly gauged that the attack occurred in January 2021. 
News Corp disclosed in an SEC filingOpens a new window last year that the attack impacted News Corp headquarters, The Wall Street Journal, its parent company Dow Jones, the New York Post, News Corp’s U.K.-based business, including News U.K., Times of London, and the Sun.
“It is astounding that News Corp has only discovered this highly important piece of information one year after the breach was first announced, and it puts employees at a much greater risk of financial fraud and identity theft,” Julia O’Toole, CEO of MyCena Security Solutions, told Spiceworks.
“Given that the attackers had two years of access before they were identified, this means they most likely got away with more information than was first realized, and with no one knowing it was stolen, they wouldn’t have been on high alert for potential attacks,” said O’Toole.
News Corp confirmed that employees’ personal information, including their names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, and health insurance information, was impacted.
See More: Staying Ahead of Cybersecurity Threats with a Risk-Based Approach
“Detecting an intruder once they are inside an organization can be very difficult, especially if they have a long game in mind and move slowly,” Javvad Malik, lead awareness advocate at KnowBe4, told Spiceworks. “Most organizations are usually overwhelmed with alerts on a daily basis, and even with a large number of tools, it can be difficult to isolate actual intrusions.”
In February 2022, the damage from the cyber incident was assessed to be employees, including dozens of journalists (emails and article drafts were accessed). The hackers were also interested in News Corp journalists’ information on Taiwan, Uyghurs, the incumbent White House administration, President Joe Biden, the vice president, other officials, and other defense matters such as the U.S. military. 
The threat actors also sought information about U.S. regulations concerning China, especially in technology matters. Some of the targeted journalists were also in close contact with people with sensitive information regarding China.
“Cyberattacks from China on global businesses are all too frequent in today’s connected environment,” Kline and O’Brien told employees in the email to News Corp employees. “While News Corp has protections in place, we appear to have been the target of persistent nation-state attack activity that affected a limited number of our employees.”
According to News Corp’s letter to employees, those impacted can avail of one free annual credit report from each of the three nationwide consumer reporting agencies. The company is also offering free identity protection and credit monitoring services for 24 months.
O’Toole added, “The suspected groups behind cyber espionage campaigns will generally always use phishing to gain an initial foothold on an organization. Knowing it provides the greatest chance of success, they will target employees with realistic phishing emails in a bid to steal their user credentials, so they can access the corporate network, carry out reconnaissance, and steal data.”
“As a result, businesses must prioritize their defenses against this type of threat. The only way to achieve this is through encryption, where employee credentials are encrypted, meaning they never see them, know them, or have the ability to hand them over to criminals unwittingly.”
Malik concluded, “A layered approach to detection is needed. This includes locking down workstations, limiting traffic to sensitive areas, and using honeypots or honey tokens which will often provide fewer alerts, but they will be of much greater value in identifying an attacker.”
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
Image source: Shutterstock

Asst. Editor, Spiceworks Ziff Davis

source

Data breaches affecting millions of Australians are on the rise, Information Commissioner says
Millions of Australians' personal details have been compromised by unpublicised data breaches – separate from the Optus and Medibank hacks – according to figures released by the national information watchdog on Wednesday.
The Australian Information Commissioner revealed there were three large-scale data breaches in the second half of last year, which affected between 1 million and 10 million Australians.
There was also another data breach which affected between 500,000 and 1 million people.
The commissioner did not name the enterprises involved in the breaches, but the numbers indicate that large-scale attacks are on the rise.
The stark figures track the period between July and December 2022 and reveal a 67 per cent rise in the number of attacks from the first half of the year, which only saw 24 large-scale attacks compared to 40 in the back half.
Have you been affected by a data breach? Contact Specialist.Team@abc.net.au.
In total, there were 497 data breaches, mostly in the health and finance sectors, which represented a 26 per cent increase.
Almost three-quarters of those breaches were blamed on criminal attacks, while a quarter was due to human error.
Australian Information Commissioner Angelene Falk acknowledged there was a pronounced rise in wide-reaching cyber attacks and urged businesses and agencies to step up.
"Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats," Commissioner Falk said.
"This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.
"As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation fraud and scams, can increase.
"Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals."
The worrying new data comes after the federal Attorney-General's department called for Australia's Privacy Act to be tightened.
Under Australia's current data breach laws, there is no specific time frame for agencies or organisations to report that they have been hacked, but a new proposal by the department would shorten that period to 72 hours.
It is part of a suite of 116 recommendations made last month, which also recommended that Privacy Act exemptions for small businesses be scrapped, putting new obligations on millions of new Australian entities.
The federal government is also setting up a national cyber office that would consider a new Cyber Security Act and strengthening existing laws.
We acknowledge Aboriginal and Torres Strait Islander peoples as the First Australians and Traditional Custodians of the lands where we live, learn, and work.
This service may include material from Agence France-Presse (AFP), APTN, Reuters, AAP, CNN and the BBC World Service which is copyright and cannot be reproduced.
AEST = Australian Eastern Standard Time which is 10 hours ahead of GMT (Greenwich Mean Time)

source

The Ministry of Home Affairs invites applications for the post of Director (Legal) in the Indian Cyber Crime Coordination Centre (I4C) Scheme under the Cyber & Information Security Division of the Ministry of Home Affairs on a Deputation (including short-term contract) basis.
Name of the Post: Director (Legal)
No. of Post: 01 (One)
Essential Qualification and Experience
• Degree in any stream or Degree in Law from a recognized University or institute;
• Must have dealt with cases involving cybercrime. Must possess experience as a legal advisor in a Government organization, prosecutor or judicial officer.
How to apply?
• Interested candidates are required to submit their application for the post of Under Secretary (Ad-V), Ministry of Home Affairs, Room No. 81-D, North Block, New Delhi-110001 within 60 from the date of notification i.e., 27.02.2023
To Access Official Notification, click here
Subscribe to Live Law now and get unlimited access.
Already have an account? Sign In

source

Obtenga más información sobre los incidentes de seguridad más importantes que
surgieron en 2021 y cómo reforzar sus defensas.
By Mayra Rosario Fuentes
A look into the cybercriminal gender gap, the status and perceptions on gender profiles in the underground, and the role assumptions have for law enforcement.
 
With the anonymity of cybercrime and the groups behind them, gender plays a much less important role than in other online communities. In many ways, it is one of the most meritocratic communities online, where developers are valued for their skills and experience, and not necessarily for their gender when it comes to conducting business in the underground. In this research paper, we will show that while female cybercriminals are (still) in the minority, they most certainly do exist, and an investigator should be open to this possibility from the start.
It is generally accepted that most cybercriminals are male. Following law enforcement bulletins and media reports, it is more common to hear investigators use the terms “he” or “him” when referring to a cybercriminal that has yet to be attributed. In Trend Micro, research teams have had a long-standing policy of using “them” or “they” to refer to threat actors, long before this became more common in gender discussions. At the minimum, this allows for the hacker handles discovered to be observed or thought of being operated by a group. But looking at this usage from a bigger picture, we found that this practice removes gender bias — an unconscious tendency that we strongly believe can lead an investigator down the wrong path. Gender bias, whether explicit or implicit, can severely undermine a criminal investigation. In many cases, investigating and interviewing a female suspect requires a different mindset.
Gender is one of the important factors in dealing with different kinds of crimes. For women, there is not one dominant path that leads them to commit or be involved in criminal activities. According to an Inquiries Journal article, consistent research findings over the years from criminologists, legal scholars, and sociologists have found that men and women differ in criminal behavior and sentences received, resulting in a “gender gap” in criminality rates and prison populations. The same study also cites that the crimes most often committed by women are non-violent and carry milder sentences. On comparing past and current situations, we observed that the cybercriminal underground economy was less accepting of those who identified as women then, based on discussions in forums. Over the last few years, however, gender has been discussed less when it comes to business.
Different theories exist regarding the general lack of women’s involvement in cybercrime, including the lower numbers of women engaging with online forum communities and the gap in internet access. According to a study conducted by the World Wide Web Foundation in 2020, women are less likely to create online content, comment, or post about political events when they get online, and 29% are more likely to sell or advertise a product. Another theory is the product of having low numbers of women practicing in cybersecurity as part of the workforce as cybercrime offenses are usually technical in nature. Technical offenses require a particular skillset or knowledge about computer systems. Cybersecurity Ventures predicts women will represent 30% of the global cybersecurity workforce by 2025, and up to 35% by 2031. The report mentioned that as of 2021, women held 25% of cybersecurity jobs globally, reflecting an annual increase of female practitioners even on average. It is important that we understand the relationships between gender and cybercrime to understand the issues investigators can and will face later: Cybercrime is not gender-neutral.
For the purposes of this research, cybercrime is defined by and limited to the different types of incidents and activities such as gaining unauthorized access to a computer system with a criminal motive, fraud, money laundering, denial of service attacks, ransomware attacks, identity theft, cryptocurrency mining, and the development and supply of malware. We predominantly focus on cyber-dependent crime while also looking at some cyber-enabled crimes. We will not investigate interpersonal cybercrime offenses such as harassment, child sexual exploitation, and stalking.
It is important to mention that while carrying out this research, we made every effort to consider the wider definition of gender to include non-cisgender (to note, cisgender denotes a person whose biological sex and gender identity match) profiles. However, as will be shown throughout the study, specific profiles on a technical-level are also difficult to ascertain from the anonymous community that cybercrime represents. With some exceptions where this was possible, most of our commentary will refer to male and female gender profiles simply as that is what the data presented. On this theme, we encourage the security community to explore this further should other techniques become available later on.
In cybercrime, gender influences peoples’ different experiences and shapes their roles among cybercriminal groups or hackers. Online cybercrime patterns mimic the offline world. Due to the lack of readily available national cybercrime arrest data, we looked at the overall incarceration data for both men and women in the United Kingdom, US, and Russia. The data was compiled from the World Prison Brief, an online database providing free access to information on prison systems around the world, hosted by the Institute for Crime & Justice Policy Research at Birkbeck, University of London.
The rate at which women are incarcerated varies greatly by country, but overall still account for less than 10%. Women are accused and convicted of less serious crimes and are less likely to be incarcerated compared to their male criminal counterparts. Today, the number of women committing crimes is on the rise globally. A 2017 report by the Institute for Criminal Policy Research at Birkbeck, University of London, showed that the global female prison population has surged by more than half since the turn of the century, while the male prison population increased by just a fifth over that same period. In the US alone, women made up only 6.8% of the prison population in the first half of 2022. In the United States, women commit more drug and property offenses, making up more than half of the offenses for which women are incarcerated.
It is widely assumed that most cybercriminals are male. Over time, however, female cybercriminals have been making their presence known. In underground cybercriminal forums, jobs for women include roles as money mules and for money laundering purposes.
In Russia, women make up 8% of the total prison inmate population. The country has one of the highest incarceration rates in Europe, reaching over 356 prisoners per 100,000 of their population in 2020. Most criminal offenses in the country were considered “crimes of little gravity” (that is, minor crimes borne of negligence), while the share of “grave crimes” stood at approximately 6%.
In 2021, there were approximately 75,000 males and almost 3,200 women prison inmates in England and Wales, with females accounting for 4% of the total prison population. TV license evasion was the most common offense for which women were convicted in 2019. Theft from shops was also the most common indictable offense committed, for which 34% of females and 14% of males were convicted in 2019.

Figure 1. Male and female prison population percentage by gender (data taken from World Prison Brief)
Data from a 2020 study on women shows that men are 21% more likely to be online and use the internet globally, rising up to 52% in a gap to women in least developed countries. A lack of digital skills emerged as the biggest factor keeping women offline. Women are also less likely to create certain types of online content, compared to men being 29% more likely than women to post comments about political, social, or economic issues, and 29% more likely to sell or advertise a product or service online.

Figure 2. Prison population count by gender (data taken from World Prison Brief)
Another way gender imbalance in cybercrime can be seen and explained is due to the accessibility to formal knowledge. We have consistently seen lower numbers of female students studying STEM-based (science, technology, engineering, and mathematics) degrees than men. According to a study conducted by the International Labour Organization (ILOSTAT) in 2019, the country of Georgia had the highest share of women employed in STEM fields, with 55.6% of all those employed in STEM fields being women. In the United States, women accounted for 48% of all STEM jobs compared to the United Kingdom’s count at 40%. This is considering the already-low numbers of STEM occupations, which comprise less than 20% of employment in all 69 countries included in the study, ranging from low decimal percentages in several African countries to 15% in the US and in the UK, and 17% in Austria.

Figure 3. Percentage of women working in STEM fields in 2021 by country. Data taken from ILOSTAT.
Gender gaps such as access to the internet and mobile phones, employment, and education affect how users interact with the internet, and therefore in committing cybercrime. Women remain 7% less likely than men to own a mobile phone and are 16% even less likely to use mobile devices to access the internet. According to the International Telecommunication Union (ITU), 62% of men are using the internet, compared to 57% of women in 2022.
Given that authorities’ public identification of cybercriminals is already at a relatively low volume occurrence, identifying specifically female cybercriminal members would be even more unusual. However, when it does happen, this unusual aspect means these stories will frequently generate more media coverage than their male counterparts. Here is an overview of some of the most high-profile cases on female cybercriminals charged in recent years.
Figure 4. Valérie Gignac. Photo courtesy of CBC News.
In 2015, Canadian Valérie Gignac was arrested by the Royal Canadian Mounted Police for hacking computers, taking over their webcams, and spying on people. Valérie Gignac also ran the cybercriminal forum viphackforums[.]net. She was charged with four counts related to the unauthorized use of a computer and mischief in relation to computer data.
Figure 5. Lauren Lide. Photo courtesy of Flying Magazine.
Lauren Lide used to work at the Melbourne Flight Training school in Florida as a Flight Operations Manager.  She quit in November 2019, the same day her father got fired from his job at the same company. In retaliation for her father being fired, the disgruntled former employee used her old boss’ login information to wipe out critical aircraft and safety data on their fleet. She was charged with two counts of unauthorized access of a computer electronic device without authority, and one count of modifying computer data programs without authority.
Figure 6. Paige Thompson. Photo courtesy of Komo News.
Paige Thompson was a former Amazon engineer convicted in the 2019 Capital One breach. Thompson developed a tool that scanned Amazon Web Services (AWS) for misconfigured accounts to gain access to the systems of Capital One and dozens of other AWS customers. Prosecutors also say Thompson “hijacked” companies’ servers to install cryptocurrency mining software that would transfer any earnings to her wallet. Thompson was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer.  The jury found her not guilty of access device fraud and aggravated identity theft.
Figure 7. Alla Witte. Photo courtesy of Tech Startups.
55-year-old Latvian Alla Witte was charged in a US federal court with 19 counts for her role and activities in the TrickBot Group, including conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud affecting a financial institution, and conspiracy to commit money laundering, among other charges. Before her arrest in 2021, Witte worked as a malware developer and wrote code related to the control, deployment, and payment of ransomware for the group since 2015.

Figure 8. Laura Rose Carroll (left) and her daughter (right). Photo courtesy of News4Jax.
17-year-old high school student and her mother were arrested for hacking the school’s system to change the homecoming queen votes, enabling the former to win the competition in 2021. Agents with the Florida Department of Law Enforcement (FDLE) arrested the mother, former Assistant Principal Laura Rose Carroll, and daughter duo on one count each of offenses against users of computers, computer systems, computer networks, and electronic devices, unlawful use of a two-way communications device, criminal use of personally identifiable information (PII), and conspiracy. The mother was sentenced to 18 months of probation and ordered to pay court costs totaling $518.
Figure 9. Heather “Razzlekhan” Morgan (left) and Ilya “Dutch” Lichtenstein (right). Photo courtesy of New York Post.
Husband and wife Ilya “Dutch” Lichtenstein and Heather “Razzlekhan” Morgan were arrested in February 2022 for allegedly conspiring to launder cryptocurrency stolen during the 2016 hack of virtual currency exchange Bitfinex. Law enforcement has so far seized over $3.6 billion in cryptocurrency linked to the said hack. They were charged with conspiracy to commit money laundering and conspiracy to defraud the US, which are charges punishable for up to 25 years in prison.
Figure 10. Ruja Ignatova. Photo courtesy of BBC.
Ruja Ignatova , known as the “missing Cryptoqueen,” is still wanted by the Federal Bureau of Investigation (FBI) for her alleged participation in a large-scale cyptocurrency fraud scheme. Ignatova was the founder of OneCoin Ltd., a Bulgaria-based company that marketed OneCoin as a purported cryptocurrency. Ignatova allegedly made false statements and representations to individual investors to solicit for OneCoin beginning in 2014, and instructed victims to transmit investment funds to OneCoin accounts to purchase OneCoin packages. The scheme caused victims to send wire transfers representing these investments, defrauding victims out of more than $4 billion in total.
To date, there have been few research on women’s participation in the cybercriminal underground. Female hackers were previously perceived with hostility by the general hacker community. If women identified themselves, users would harass them, and sometimes lower their reputation or popularity points on the forums. According to a 2021 Pew research, Americans who experienced online harassment have not increased, and that the overall prevalence of this type of abuse is the same as it was in 2017.The same report found that women are about twice as likely as men to say they have been targeted because of their gender.
But as societal norms began changing, the cybercriminal underground became less concerned about gender when conducting business. As seen in discussion boards, women would get a positive reputation because it’s not common to see female hackers in the community. With users who have yet to improve or gain points and take on female usernames, people assume the person behind the user handle is a guy pretending to be a woman to get more popularity points.

Figure 11. Discussion about past instances of women participating on hack forums wherein users were hostile toward them via the points (rep) system
Underground cybercriminal forums have rules and etiquette that prohibit harassment, bullying, and sexual harassment even though these still occur. One hacking forum, Hackforums, changed their reputation system to include a business rating. People have used reputation points to harass others, which can then affect their business since other members use it to gauge trustworthiness. Similar to the figure above, some women have discussed purposely using male pronouns to avoid harassment.

Figure 12. The “code of conduct” guidelines of a Russian language forum

Figure 13. User profile showing reputation and business ratings
We cannot conclude that the community has become more accepting of women. Instead, it would be more accurate to say that gender is not an issue when conducting business in the underground. An example is Alla “Max” Witte, the 55-year-old woman and mother charged for her involvement with the Trickbot Group. Many in the cybercriminal gang not only knew her gender but her name as well. She was so well-liked that at one time, ransomware group Conti members were considering paying for her legal fees.
Topics about sexual orientation and genders such as LGBTQIA, female, binary, and non-binary, among others, are discussed in the underground in mostly English-speaking forums. Some users in the introduction forum section mentioned their gender though they are never required to do so in their welcome messages. We noticed a trend over the years wherein users discuss their gender and sexuality more openly than in the past. We have also seen English language forums posting with the rainbow pride flag and users celebrating Pride Month.

Figure 14. Forum user discussing job qualifications with their gender explicitly stated in the title
Meanwhile, Russian-based forums usually do not discuss genders or sexual orientations. This could be due to the political nature of the country where the LGBTQIA community do not have the same rights as in other countries. When these topics do appear in forums, they are often found in the non-business sections such as religion, lounge, and politics. The Russian language forum, Exploit, allows users to set their respective gender profiles, but many users leave it empty.
We found underground forums frequented by lower-level criminal actors (also known as skids, or script kiddies) discussing gender differently than other, more professional forums frequented by top-tier cybercrime actors. Many users in these lower-level communities argue over petty topics all the time and use derogatory terms to refer to each other. One example is OGUsers forum, known for selling stolen accounts and for being a community with a “lower maturity” level. Where it was possible to link these forum users to social network profiles, we noticed they behaved similarly in those communities. By comparison, gender-based derogatory comments are unusual in more professional and business-oriented communities, such as the Russian forums XSS and Exploit — it’s all about business

Figure 16. Exploit user profile showing their gender
The types of jobs advertised specifically for women in cybercriminal forums include muling (facilitators for drug trafficking and money laundering, among others), call center jobs, and social engineering and romance scams where voice and images are usually needed. However, most job advertisements or affiliate postings found in the underground are gender-neutral and open to everyone, as long as they have the right skillsets similar to the real world, where gender is not mentioned. In the underground, recruitment posts for cybercriminal gangs do not mention gender, either.
Mules are used by others to launder the proceeds of cybercrime by taking stolen money and goods and turning them into clean funds. They do this via internet payments, money transfers, or online auctions. We found one website advertised in a Russian forum for document forgery, betting services, and cryptocurrency exchanges where gender and age were specifically mentioned. The business also mentioned offering any photo or video recording services from the women on their site.

Figure 17. A photo listing of women who can be hired for document forgery, video, and photo services (above). Clicking on a photo opens a new range of photos with the instruction, “all photos are with the same clothing, while photos with 3×4 (size, or ratio) are with 2 clothes. To view the full size preview, click right mouse button and open image in the new tab.” (below)
Romance scams are considered cybercriminal activities when a scammer deceives a user into believing they’re in a romantic relationship with someone they met online. Confidence scams are similar in nature, though varying in schemes such as Grandparent Scams. In fact, the other half — commonly the initiator of contact — is a cybercriminal using a fake identity to gain enough of their victim’s trust for blackmail or to ask for money. In 2021, the Internet Crime Complaint Center (IC3) received reports from 24,299 victims who lost more than $956 million to romance scams. This type of fraud accounts for the third highest losses reported by victims, after business email compromise (BEC) and investment fraud.

Figure 18. Romance scams and confidence fraud categorized by victims’ age groups (data taken from IC3)
For comparison, this is almost 20 times the losses associated with ransomware in the same report. The pandemic led to a boom in online romance fraud worldwide. According to a survey in the United Kingdom, two in five people (38%) who dated someone they met online were asked for money. Over half (57%) of those who were asked for money said that they gave or lent it. According to the Federal Trade Commission (FTC), people in the US reported losing a total of $1.3 billion to romance scams in the last five years. Admittedly, the number could be even higher because some victims are too embarrassed to come forward after they lose money. The underground posting for these types of scams are usually advertised under the terms “eWhoring” or “social engineering.” Prices for female voice verifications start from $15 per recording upward. These job postings are sometimes very specific with requirements about language accents, physical looks like hair color, and sometimes even some acting skills. These types of advertisements can be found in both English and Russian language forums.

Figure 19. Underground job posting for female voices to use in romance scams

Figure 20. Social engineering scam job posting with very specific requirements
Call center jobs can be found in English- and Russian-based language forums. These types of postings often look for male and female native speakers in multiple languages such as German, English, French Spanish, and Italian. The call center jobs could be used for social engineering, romance scams, and fake software support. Prices start from $10 per call and are sometimes paid by the hour, too. Women are probably sought out due to people being more likely to trust female service agents versus male callers. Some forum users have explicitly said they prefer women for call-based jobs and are better than men at extracting information. In the future, these jobs may be replaced by using artificial intelligence (AI) video creation platforms. Cybercriminal underground forums are already using video creation platforms such as Synthesia for deepfake videos.

Figure 21. Russian-based forum posts looking for voice actors and platforms to use for deepfake videos

Figure 22. Call center job posting for male and female voice actors

Figure 23. Social engineering job posting for female voice actors
Discussions in the underground for non-cisgender topics are strictly about non-business dealings. These topics can be found in the science, relationship, religion, philosophy, and politics sections of forums. The forums that do talk about these topics are usually English-based spaces. Many of the discussions are derogatory and not taken seriously by others. A few forums’ discussions on this appear to try to have a serious exchange, but are quickly turned down by others or questioned why this topic is being discussed in the forum.

Figure 24. A query for a discussion on a transgender athlete in US college sports
We looked at the top five non-cisgender identity words mentioned in English and Russian language forums based on a list by Spunout.

Figure 25. Mention counts of the top five non-cisgender keywords found in underground English forums
The top five most mentioned non-cisgender words were “trans,” “transgender,” “transitioning,” “gender identity,” and “MTF” (male-to-female) in English language forums. In contrast with Russian language forums, we had to reduce the number to the top three words, which were significantly lower and did not reach the hundreds unlike the English language forums’ numbers. Meanwhile, search results for the words “female,” “women,” and “woman” on HackForums reached over 35,000 hits.

Figure 26. Mention counts of the top three non-cisgender keywords found in underground Russian forums
Overall, this reflects previous sections’ discussions on women in the underground. Topics around gender are unusual, as is any unnecessary revelation of one’s gender outside of job postings (when a specific gender profile is preferred for a role). Unless it has a direct benefit for business, it is not seen as necessary and will not be discussed.
We used a tool called Semrush, a search engine marketing company that uses data from a variety of social networks and public census through their own machine learning (ML) algorithms and trusted data providers to conduct case studies and analytics. While the exact methodology used is proprietary, the company claims to draw on data from web traffic of over 200 million real internet users in 190 countries. Using this tool, we looked at a snapshot of male and female visitors, along with their respective age groups, visiting five English and Russian language forums. As a control sample, we compared them to popular IT blogs Stack Overflow and Reddit.
While we cannot fully validate the methods used by Semrush to ascertain gender, we used it instead to compare traffic to different sites as the methods should be consistent. With an increasing number of women in STEM roles, we wanted to see if there was also a percentage of women visiting underground criminal forums. Considering we see advertisements directed at women in the underground, we can assume someone is answering these postings.
We looked at the following English forums:
We looked at the following five Russian language forums:
We chose these underground forums for their popularity in the cybercrime community, the number of users participating and following the forums, the number of threads, and the number of offered jobs and posts. Especially in the case of the Russian forums, XSS and Exploit rank as the two most popular forums for cybercrime and security research for analysts. XSS was even featured in the news as ransomware actors posted advertisements on the forum looking for people to work with them in the Colonial Pipeline ransomware attack.
For English forums, the total number of visitors at the given time were 200. We found 40% women visited these sites compared to the 60% male visitors. For Russian forums, we also counted 200 visitors. We found 42.6% women visited these sites compared to 57.4% men. Sinister had the most female visitors at 61%. When compared to Stack Overflow, a developer and programming forum, only 12% of visitors were female.

Figure 27. The number of male and female visitors in underground English forums by age group

Figure 28. The number of male and female visitors in underground Russian forums by age group

Figure 29. Reddit demographics results for August 2022 (data taken from Semrush)

Figure 30. Stack Overflow demographics results for August 2022 (data taken from Semrush)
Looking to find other analytic methods beyond a marketing research tool, we also experimented with an online gender text analyzer to figure out if a forum text is written by a male or female. This is also in consideration that many users do not disclose their gender preferences in their profiles. For this portion of the research, we looked at two popular cybercriminal forums: the Russian-speaking XSS, and the English-speaking Hackforums.
We used the tool Gender Analyzer V5 created in 2008 by uClassify, a machine learning web service to create and use text classifiers. As of this writing, version 5 has been trained to analyze text based on 11,000 blogs: 5,500 blogs written by females and 5,500 by males.
Our control group consisted of 10 aliases that posted their gender profiles online and identified themselves as women from XSS and Hackforums. When we ran posts from these users through the text analyzer, results indicated that all the aliases were classified as female with an average classifier percentage of 82.4%.
We then ran 50 random users’ accounts from XSS forum through the classifier. The average account of these users was created approximately 31 months prior, and had an average of 704 posts to give enough data to work with. When we ran the text analyzer, the results showed that of the 50 random users, 70% were male users and 30% female. Comparing these results to the Semrush analytics, they had predicted that XSS received 59% male visitors compared to 41% women.
We also ran 50 random aliases from Hackforums wherein the average account was 32 months old with an average of 947 posts. The results showed that the aliases were 64% male and 36% female. These results are closer to the overall English forums where we found 40% of women visited these sites compared to 60% when we used Semrush.

Figure 31. The percentage of male and female users based on text analysis of underground forum users’ accounts
The underground provides an open environment for individuals of any gender to find employment or a side business, particularly in communities that protect potentially discriminating details about identities. While language can be a barrier, we did not see any evidence that an actor was disqualified from participating in a role based on gender. It is generally accepted that most cybercriminals are likely male. However, gender bias — whether explicit or implicit — can severely undermine a criminal investigation. Law enforcement and other investigators should not automatically assume the actor’s gender to be one or the other. Our text analyzer exercise showed that at least 30% of underground forum participants may be women, even though they are not openly discussing their gender profiles online.
The criminal underground is one of the most meritocratic online communities where people are valued only for their skills and experience — and not their gender — when it comes to conducting business. Underground criminal forums in the past have kept up with current events and societal changes. We now often see forum users asking if there are women in the forums, with some even mentioning the increased female participation in STEM fields. Discussion on non-cisgender topics is less common, but this is due to the business-focused nature of these communities where ability is all that matters. As more cybercriminals are arrested and names are published in the media, we might get a better view of how often women get to participate in cybercrime.
It is our recommendation for all investigators to avoid assumptions of male personas while carrying out their work (such as referring to a suspect as “he” or “his”) as this creates an inherent bias as they progress their case. We suggest instead to use “they,” which will not only cover any gender involved, but also force investigators to factor in that more than one person may be behind a single moniker under investigation.
Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Enterprises and organizations are facing a period of transition and uncertainty – malicious actors will hunker down and reuse tried-and-tested tools and techniques.
View the 2023 Trend Micro Security Predictions
Our annual cybersecurity report sheds light on the major security concerns that surfaced and prevailed in 2022.
View the report

source

Feb 27 (Reuters) – The U.S. Marshals Service (USMS) suffered a ransomware security breach this month that compromised sensitive law enforcement information, a spokesman said on Monday.
The Marshals Service notified the U.S. Department of Justice to the breach, and agents there began a forensic investigation, Drew Wade, chief of the Marshals Service public affairs office, told Reuters in an email.
"The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees," Wade said.
The incident took place on Feb. 17, when the service "discovered a ransomware and data exfiltration event affecting a stand-alone USMS system", after which the system was disconnected from the network, Wade said.
The USMS is a federal law enforcement agency within the Department of Justice.
Our Standards: The Thomson Reuters Trust Principles.
Israel put a new version of its Ofek spy satellite into orbit on Wednesday, with the Defence Ministry saying it would enhance around-the-clock regional monitoring as the country braces for a possible showdown with Iran.
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Access unmatched financial data, news and content in a highly-customised workflow experience on desktop, web and mobile.
Browse an unrivalled portfolio of real-time and historical market data and insights from worldwide sources and experts.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2023 Reuters. All rights reserved

source

To enjoy additional benefits
CONNECT WITH US
March 05, 2023 05:22 pm | Updated March 06, 2023 12:18 pm IST – SIVAGANGA
COMMents
SHARE
READ LATER
Computers, laptops and other paraphernalia seized by Sivaganga district police from a cybercrime gang that was operating from Coimbatore. | Photo Credit: Special Arrangement

The cyber crime police station of Sivaganga district has busted a Coimbatore-based gang involved in siphoning off money from bank accounts of gullible people with 18 persons and seized as many as 22,735 SIM cards.
A team of cyber crime police, led by Additional Superintendent of Police, Namasivayam, acted on a February 26 case of cheating a victim off a sum of ₹99,887.
The victim had clicked a link received as SMS on his phone under the guise of updating Know Your Customer form of a private bank.
He entered personal details on a fake Internet banking site with looks similar to that of the private bank. He also entered several One-Time Passwords received on the phone.
Later, he got an alert from the bank that ₹99,887 had been debited from his account.
The police found that the phone number that had sent the SMS to the victim was in the name of a person from Virudhunagar, but was active from a location in Coimbatore.
The police also found that the phone was switched off after remaining active for 5 to 10 minutes.
The International Mobile Equipment Identity (IMEI) of the mobile number revealed that 80 to 90 SIM cards were being used by the mobile phone in a day. These mobile numbers were used only to send SMS to several mobile numbers.
“We found that the mobile numbers were used to send bulk SMS and once a SIM had been used, the number is switched off and other mobile number is used through the same mobile device,” Mr. Namasivayam said.
Tracking the location, the Sivaganga district police reached Peelamedu where one Shikka Marketing company from Srinagar was operating.
The police found huge number of fake SIM cards, SMS sending softwares running in several laptops and desktop computers.
The company, run by a couple N. Saravanan (52) and Bharathi (48) of Veeriyapalayam Road, employed seven women and was paying them to send the messages.
The police seized 22,735 SIM cards, 11 laptops, 19 desktop computers, 292 mobile phones, 23 SIM modem boxes, and nine ATM cards with cheque books.
Interrogation of Mr. Saravanan revealed that one Syed Raghib Khursheed from Delhi had provided the fake links along with the mobile numbers to which the spam links were sent. He was paid based on the volume of SMS sent.
Mr. Saravanan and his wife had used SIM cards purchased from several persons.
The police have arrested 18 persons, including Mr. Khursheed from New Delhi. Others arrested, including women, were from Coimbatore, Tiruppur, Pollachi, Tiruchi, Thoothukudi, Tenkasi, and Tirunelveli.
Deputy Inspector General of Police (Ramanathapuram Range), M. Durai, and Sivaganga Superintendent of Police, S. Selvaraj, appreciated the team led by the ADSP in cracking the case.
COMMents
SHARE
Madurai / cyber crime / Coimbatore / police / banking / fraud
BACK TO TOP
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.

source

New Delhi: The Ministry of Home Affairs (MHA) has written to states and Union territories (UTs) flagging concerns about the “misuse” of the Aadhaar Enabled Payment System (AePS) by cybercriminals to commit financial fraud, ThePrint has learnt.
In a letter dated 21 February, the Indian Cyber Crime Coordination Centre (I4C) — the MHA’s nodal agency to tackle matters related to cybercrime — wrote that cybercriminals are “cloning” the biometric data of Aadhaar users uploaded on states’ registry websites that host sale deeds and agreements. ThePrint has seen a copy of the letter.
This data is “cloned” with the intention of carrying out unauthorised withdrawals through AePS, the I4C wrote. The agency asked the state and UT governments to direct their revenue and registration departments to “mask” the fingerprints on documents while uploading them on the registry websites.
The I4C also advised state agencies to investigate complaints about such crimes, sensitise victims, and organise awareness campaigns. “Cyber criminals are misusing Aadhaar Enabled Payment System (AePS) to conduct financial frauds, as the system allows any user to deposit cash, withdraw cash, transfer funds and check statement using Aadhaar number and biometrics,” read the letter.
The Print reached the MHA spokesperson for comment via text message but had not received a response by the time of publication. This report will be updated when a response is received.
Also Read: UPI to Aadhaar, Modi govt showcases ‘India Stack’ of digital goodies for global adoption

According to the letter, the I4C analysed the nature of complaints and related data, and interacted with police organisations and investigative agencies to understand the pattern adopted by cybercriminals.
“Analysis of modus operandi of AePS cyber financial frauds reveals that biometrics information uploaded on states’ registry websites (registration of various deeds like sale deed, agreement to sale, etc) are downloaded by criminals, which is then further ‘cloned’ to carry out unauthorised withdrawals using AePS. Revenue and registration authorities may be requested to mask the fingerprints on the documents publicly available,” said the letter.
Multiple serving and retired IPS officers well versed in the nature of cybercrime said these issues were also discussed at the three-day All India Conference of Director Generals of Police (DGPs) held in January this year.
According to sources in the MHA, the I4C in a presentation at the conference identified 20 districts across six states and a UT — Rajasthan, Jharkhand, Bihar, Uttar Pradesh, Haryana, West Bengal, and Delhi— which account for 70 per cent of total cybercrime complaints registered in India.
The agency in its presentation also suggested that the MHA introduce legal amendments to classify cyber offences as organised crimes and sought the intervention of the Ministry of Finance to frame regulations to oversee the policies of loan apps and payment aggregators.
On the concerns flagged by the I4C in its letter to states and UTs, former IPS officer Nandkumar Saravade told ThePrint, “Aadhaar was supposed to be secure data, but security is a complex area and it is not static. It keeps changing depending on the circumstances.”
“But in this case, why are fingerprints being uploaded? Can there be any substitute for how to verify an individual? And what about existing data? Can that be removed? These are some of the relevant issues the government may consider now,” said Saravade, who has also served as director, cyber security and compliance at NASSCOM.
Saying that there are mechanisms available to secure government sites that hold bulk sensitive data, he added, “In fact, there should be some system that will send alerts when such data is being downloaded in bulk.”
Former IPS officer Rajan Medhekar who retired as director-general (DG) of the National Security Guard (NSG), said, “If Aadhaar data is being cloned, it can be detrimental to national security. There are several critical components of national security. Servers of sensitive installations, banks and health facilities are some of them. We have already been facing cyber attacks since 2017.”
He added, “I also feel that why do departments need to upload someone’s biometric data on a public website? They can generate a unique identification number and use that for the verification.”
(Edited by Amrtansh Arora)
Also Read: Govt’s information wing cautions against sharing Aadhaar copy, retracts note 48 hours later
 
Subscribe to our channels on YouTube & Telegram
Support Our Journalism
India needs fair, non-hyphenated and questioning journalism, packed with on-ground reporting. ThePrint – with exceptional reporters, columnists and editors – is doing just that.
Sustaining this needs support from wonderful readers like you.
Whether you live in India or overseas, you can take a paid subscription by clicking here.
Support Our Journalism
Copyright © 2022 Printline Media Pvt. Ltd. All rights reserved.

source