STE WILLIAMS

TalkTalk banbans TeamTeamviewerviewer againagain

TalkTalk customers who need to use remote desktop tools are on the warpath after their ISP blocked TeamViewer for the second time this year, ostensibly in an attempt to protect users from potential scammers.

A screenshot seen by The Register showed that teamviewer.com had been blocked as part of TalkTalk’s Scam Protect blocker, saying the site was used by scammers.

TeamViewer is sometimes used by ne’er-do-wells to gain remote access to a victim’s computer, but it is also used by many more honest people for legitimate purposes.

Users who complained to TalkTalk on Twitter were told that the ISP was “filtering a small number of websites that are being used by scammers”.

The responses also stated that users would have the ability to change the default settings for the protector in the new year, but for now could speak to their customer service team to manually enable access.

On the other side of the scam blocker, TeamViewer has yet to respond publicly to any complaints on the matter directed at them by users.

The last time TalkTalk blocked TeamViewer was in March of this year. The block lasted less than a day after customer complaints (and perhaps our own report) convinced TT to change their minds.

TalkTalk is an ISP that is necessarily mindful of security issues. It suffered a large data breach in October 2015, which leaked 157,000 users’ personal details, and its users were the target of an unrelated “Indian call centre” scam earlier this year.

A search of Twitter reveals a series of complaints between March and December, concerning apparent scammers pretending to be TalkTalk representatives and trying to fool users into downloading TeamViewer.

The Scam Protection page that pops up when a TalkTalk customer tries to visit teamviewer.com specifically states that TT never ask users to access the site, which one can deduce is a reaction to these reports.

The Register has asked TalkTalk and TeamViewer for comment. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/12/19/talktalk_banban_teamteamviewerviewer_againagain/

  • 19/12/2017
  • adm

‘Starwars’ Debuts on List of Worst Passwords of 2017

Many of the old standbys made this year’s list of the 25 stolen – and weakest – passwords found dumped online.

Once again, the top two worst and most popular passwords of the year were “123456” and “Password.” But one of the newest most commonly found compromised passwords this year was “starwars” at #16.

The 2017 Worst Passwords list, drawn from more than five million stolen and passwords found online and in plain text by researchers at password management firm SplashData, represents mostly credentials from users in North America and Western Europe. The list, now in its seventh year, doesn’t include credentials exposed in the Yahoo breach, nor from compromised adult websites.

“Starwars,” an apparent homage to the wildly popular Star Wars movie franchise, actually beat out the infamous “passw0rd,” which came in at #17.  

Morgan Slain, CEO of SplashData, says his firm basically scrapes Pastebin and other online lists for exposed passwords. “We don’t buy or decrypt any lists” of stolen credentials,” he says.

Some of the other usual suspects hit the top ten once again, including “12345678,” “qwerty,” and “football,” and newcomers to the top spots include the slightly longer yet still uncreative “123456789” (#6), “letmein” (#7), and “iloveyou” (#10).

“Over time, people still don’t seem to be adopting better password hygiene,” Slain says. “This [list] is to encourage people to take passwords more seriously and realize how sharing passwords or using the same one can expose you to risk.”

What was obvious once again with this year’s list is how passwords often reflect a user’s interests, he says. “If you go through the list, you can see what’s relevant to people … often people’s names and pets’ names, and a lot of popular culture.”

According to SplashData,  about 10% of users have employed at least one of the top 15 worst passwords on the 2017 list, while 3% have chosen the infamous number one password, “123456.”

While Slain says his company can’t definitively discern when the exposed passwords were created, some are years old, he says.

But a new survey of 1,000 Americans by Visa shows that consumers are getting a bit weary of the password drill: 70% of the respondents consider biometrics simpler than passwords, and some 46% believe biometric authentication is more secure. Close to one-third have used fingerprint authentication on one or two occasions, while 35% do so on a regular basis. Half consider the big selling point of biometrics is no longer having to remember multiple passwords.

The catch, notes SplashData’s Slain, is that with Apple’s biometric options, for instance, you still have a password for your device. “When you update your device, you have to use the password behind the Touch ID, and if you haven’t used the password in ages because you’re using a fingerprint or” facial recognition, it’s harder to recall the password, he says.

SplashData recommends that users set up passphrases of 12 characters or more, with upper- and lower-case letters, and a mix of characters, and avoiding password reuse among multiple online accounts.

Table 1: Top Worst Passwords of 2017

 Related Content:

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/starwars-debuts-on-list-of-worst-passwords-of-2017-/d/d-id/1330670?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 19/12/2017
  • adm

Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence

CTI falls into three main categories — tactical, operational, and strategic — and answers questions related to the “who, what, and why” of a cyber attack.

A recent report from Grand View Research predicts that the cyber threat intelligence (CTI) market will reach $12.6 billion by 2025. This growth in demand isn’t surprising when you consider the ongoing success of so many high-profile and extremely damaging attacks. This climate of increasingly sophisticated breaches has moved many organizations — particularly, those that handle and retain sensitive data — to upgrade their cybersecurity measures by adding CTI and incident forensics.

Different Types of CTI
Acknowledging the need to integrate CTI into your security strategy to more comprehensively protect endpoints is only the first step. Threat intelligence comes in many forms, and discerning the relative value of a CTI solution can be confusing. Granted, there are a variety of free open source intelligence feeds available, but leveraging them can put a strain on IT security resources and divert security operations center managers and threat analysts from the security planning and prevention tasks that are vital to their roles.

If you’re considering adding threat intelligence to your security strategy, it’s important to understand that CTI falls into three main categories — tactical, operational, and strategic — and all play a role in achieving comprehensive cybersecurity. Collectively, they answer questions related to the “who, what, and why” of a cyber incident. The following are brief descriptions of each type:

  • Tactical CTI: This form of CTI answers the “what” of a cyber incident and consists largely of bad IP addresses, URLs, file hashes, known malicious domain names, etc. Tactical CTI is the easiest to gather and is available through open source feeds. In addition, this intelligence is short-term in nature because it can be outdated almost as soon as it arrives.
  • Operational CTI: This form of intelligence analyzes and profiles threat actors and adversaries: the “who” behind the attacks. While still fairly short-term in nature, operational CTI requires human analysis because it adds context by delving into the motivations, intentions, and capabilities of attackers.
  • Strategic CTI: Strategic CTI is long-term and takes a geopolitical view that analyzes risk factors such as global events, foreign policy factors, and other local and international movements and agendas that can affect your organization’s safety. It is the most difficult type of intelligence to generate because it requires data collection by human analysts with a deep understanding of cybersecurity and the nuances of geopolitical circumstances. Due to its complexity, this intelligence is delivered in detailed, in-depth reports. Strategic CTI answers questions related to the “why” of an incident.

How CTI Can Be a Powerful Addition to Your Cybersecurity
Regardless of the threat level you face, CTI provides value only when it’s actionable. Simply integrating open source threat feeds with existing security products, such as an intrusion prevention system, next-generation firewall, or security information and event management (SIEM) system, can’t provide the kind of intelligence needed to mitigate risk or remediate a problem. Although some companies struggle to implement this intelligence effectively, CTI can be a powerful tool when applied correctly. The following are examples of how CTI can be used to increase your organization’s cybersecurity:

  • CTI can optimize prevention and strengthen defenses in anticipation of an attack: Operational CTI provides details on adversaries and helps recognize early-warning signs predicting an attack in the making, allowing security teams to mitigate risks.
  • CTI can accelerate detection time: The ingestion and application of technical indicators into a SIEM system or endpoint detection and response tools fortifies them with the latest intelligence. This allows such solutions to automatically correlate and detect incidents faster by eliminating the requirement of waiting for a product update or for the creation of new detection rules.
  • CTI can speed investigation and incident response times: By providing context and attribution, threat intelligence helps prioritize responses and accelerate investigations. With context and attribution, incident management becomes less unwieldy; security teams can start to separate the “forest from the trees” and apply correct prioritization to their workflows.
  • CTI can empower better security and executive decisions: Knowing which adversaries are likely to target your organization and why allows decision-makers to allocate the defenses and resources necessary to protect assets that are most at risk. At a higher level, executive decisions may include identifying and weighing the risk/reward equation of business outcomes, allowing stakeholders to select the option that presents the least risk for the highest reward.

Related Content:

Adam Meyers has over a decade of experience within the information security industry. He has authored numerous papers that have appeared at peer reviewed industry venues and has received awards for his dedication to the field. At CrowdStrike, Adam serves as the VP of … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/comprehensive-endpoint-protection-requires-the-right-cyber-threat-intelligence/a/d-id/1330623?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 19/12/2017
  • adm

Trump Adviser: North Korea Waged WannaCry Attack

White House declares the North Korean government as perpetrators of the epic ransomware attack that spread around the globe in early May.

The Trump administration now has officially confirmed what security researchers worldwide have believed all along: that North Korea was behind the massive WannaCry ransomware attacks earlier this year.

Trump’s homeland security adviser Thomas Bossert yesterday wrote in an op-ed piece in The Wall Street Journal that North Korea “is directly responsible” for the attack that infected hundreds of thousands of Windows machines in some 150 countries.

“The attack was widespread and cost billions, and North Korea is directly responsible,” Bossert wrote in the editorial.

“We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government,” he wrote.

Security researchers from Google, Kaspersky Lab, and Symantec, were the first to see a connection between the code used in WannaCry with that of a nation-state attack group thought to be out of North Korea, the so-called Lazarus Group. Several other security research teams later confirmed similar findings, and The Washington Post in June reported that the National Security Agency also was confident that Pyongyang executed the attack. 

NSA officials reportedly found tactics and techniques in the attack that match those of Reconnaissance General Bureau, the North Korean intelligence agency. US intel officials concluded that hackers sponsored by the North Korean government wrote two versions of WannaCry.

WannaCry spread via a previously unknown flaw in Microsoft’s Windows software discovered by the NSA and used by the agency to construct its own hacking tool. That tool and others went public after a data breach at the NSA and the online dump of the tools by Shadow Brokers, a mysterious group that later tried to sell the tools.

Related Content:

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/perimeter/trump-adviser-north-korea-waged-wannacry-attack/d/d-id/1330672?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 19/12/2017
  • adm

Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data

A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers’ financial histories, contact information, and mortgage ownership.

A major data leak resulting from yet another misconfigured Amazon Web Services S3 storage bucket has exposed sensitive information of 123 million American households. The cloud repository included data from analytics firm Alteryx, reports the UpGuard Cyber Risk Team.

Also exposed were massive data sets belonging to Alteryx partners Experian, the consumer credit reporting agency, and the US Census Bureau. Information from Experian’s ConsumerView marketing database and the 2010 US Census were leaked. Home addresses, contact information, financial histories, and analyses of purchasing behavior were publicly available.

UpGuard’s director of cyber risk research, Chris Vickery, found the AWS S3 bucket at the subdomain “alteryxdownload” containing sensitive data. The repository was configured to allow any AWS “Authenticated Users” to download its data, meaning anyone with a free Amazon AWS account could access the bucket’s information.

“Taken together, this exposed data provide a highly detailed database of tens of millions of Americans’ personal, financial, and private lives,” UpGuard says. This leak is a “prime example” of how third-party vendor risk can lead to sensitive data exposure.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/cloud/massive-cloud-leak-exposes-alteryx-experian-us-census-bureau-data/d/d-id/1330673?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 19/12/2017
  • adm

New Database Botnet Leveraged for Bitcoin Mining

Attackers are quietly building an attack infrastructure using very sensitive machines.

An organized group of cybercriminals is currently targeting database services in a new botnet build-up that’s being leveraged for cryptocurrency mining, among other more traditional botnet attack patterns.

Discovered by researchers with GuardiCore Labs, the so-called Hex-Men attacks have been slowly evolving since March and remain ongoing. 

The researchers say there are three main variants – Hex, Hanako, and Tayler – each of which target different SQL servers and have their own unique goals, scale, and target servers. Based on the evidence they’ve gathered, it appears the attackers are based out of China, with a heavy emphasis on Chinese victims but also plenty of other targets located in Thailand, the US, Japan, and other targets globally.

All three variants are difficult to detect as every machine attacking database servers only targets a few IPs at a time. Victim machines are used as a part of the botnet, but rotated out of use within about a month.

The truly unique part of this attack, says Daniel Goldberg, researcher with GuardiCore and a co-author of the report, is the sensitivity of the machines being targeted. These are production Web servers, MS SQL Servers, ElasticSearch management nodes, MySql services, and so on.

Possibly tens of thousands of servers have been compromised at this point, he says, with all of them being used in the rotation to help build a botnet that’s “very different” from the ones you typically hear about these days, which primarily target low-profile IoT devices and sensors.

“In a way it’s back to old times of attacking strong, powerful servers and abusing their power,” he says. “Every single one of these compromised servers is holding real data. It could be, tomorrow the attackers could decide they want to encrypt all this data, turn it into a ransomware attack. They could steal all of it, they could publish it. But what they’re doing right now is using the servers for cryptocurrency mining, and they’re using the servers to make their botnet bigger.”

The attack can be particularly problematic to block in a complex enterprise environment due to the low-level nature of the attack pattern and the difficulty large organizations have in not only controlling, but even having visibility into, which databases are Internet-facing. 

Today, where everything is in the cloud and you have multiple environments and different data centers, it’s really hard to keep track on what is exposed and what is not,” says Ofir Ziv, vice president of research for GuardiCore and co-author of the report today.

“The fact that they are targeting databases is pretty amazing to me … and it’s something that people need to really, really pay more attention to,” he says.

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/new-database-botnet-leveraged-for-bitcoin-mining/d/d-id/1330674?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 19/12/2017
  • adm

Microsoft Word slams the door on DDEAUTO malware attacks

Remember the DDEAUTO vulnerability?

DDEAUTO, short for automatic dynamic data exchange, is a command you can put right inside the data of an Office file to get it to pull data out of another file.

According to Microsoft’s official documentation, DDEAUTO is only supposed to work within the same app, or between two apps that are already active:

DDEAUTO argument-1 argument-2 [argument-3] [switches]

[. . .]

Description: For information copied from another application, 
this field links that information to its original source file 
using DDE and is updated automatically. 

The application name shall be specified in argument-1; 
this application must be running.

For example, you could have a Word report that pulled in the latest sales figures “live” from an Excel spreadsheet, provided you had both Word and Excel open already.

But researchers found that there was an undocumented feature in the DDEAUTO function whereby it could start any application already installed on your computer, such as the command shell CMD.EXE.

Having fired up this second program, the DDEAUTO function could be used to run a script specified inside the DDEAUTO command itself, instead of reading data from an existing file, as intended.

In other words, a crook could embed malware, in the form of a Powershell or other script, right in the data of a Word document or an Excel spreadsheet, and just opening the file would launch the malware command – without waiting for you to open an attachment, download a file or enable Word macros.

In short, remote code execution, or RCE.

Fortunately, you’d get two DDE warnings before the malicious script would run, but they weren’t warnings that anyone had previously learned to associate with malware.

First, this:

Followed by something along these lines:

Microsoft demurred over fixing this bug, describing it as a by-design feature – which it was, except for failing to enforce the restriction stated in the Microsoft Developer Network (MSDN) documentation, namely that “[the other] application must [already] be running”.

Cybercrooks quickly learned to exploit DDEAUTO as yet another route for introducing malware – one that few users were trained to look out for and avoid.

Change of heart

The good news is that Microsoft seems to have had a change of heart, at least in part.

I didn’t notice the details until now – as a macOS user, I get away without needing either Windows or Office in daily life! – but it turns out that downloads published in the December 2017 Update Tuesday included ADV170021, a so-called Microsoft Office Defense in Depth Update:

Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word.

Unfortunately, this isn’t a complete patch against your DDEAUTO problems, because it’s specific to the Word app, rather than generic to all the apps in the Office suite.

If you want to block DDEAUTO in other Office apps you will need to follow the app-specific registry hacks detailed in the Microsoft Office Security Advisory 4053440.

Nevertheless, this ADV170021 patch is a welcome change that introduces the following registry entry for Word:

HKEY_CURRENT_USERSoftwareMicrosoftOfficeversionWordSecurityAllowDDE = 0

The default value, as indicated above, is zero, meaning that DDE is turned off altogether.

If that doesn’t work for you, you can revert to the old, insecure behaviour by setting AllowDDE = 2, allowing all DDEAUTO commands issued from inside Word.

Fot a middle ground, AllowDDE = 1 sets the as-originally-documented behaviour, so that DDEAUTO is allowed, but only between apps that are already running.

That means you can still hook your Word documents up to Excel spreadsheets for financial and similar data, but crooks can’t send in documents from outside to trick Word into running dangerous external programs such as CMD.EXE and PowerShell.


Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/zSIfpHqkaNc/

  • 19/12/2017
  • adm

Alleged Uber black ops lawyer would rather not have his Xmas holiday ruined by Waymo, ta

Former Uber attorney Craig Clark on Monday filed an emergency motion in a Miami, Florida, court to quash a subpoena directing him to testify in Waymo’s trade secret lawsuit against Uber on Thursday on the other side of America in California – because he has holiday plans with his family in the Sunshine State.

“[R]equiring myself and my counsel to travel across the country at the height of the holiday season, and four days before Christmas, conflicts with personal and family plans and imposes an undue burden,” Clark wrote in a declaration filed in support of his motion.

Clark also claims he hasn’t had enough time to prepare to testify. He is one of two Uber employees axed in the wake of revelations the app maker paid hackers $100,000 to keep quiet about stolen customer data, and is said to have served as Uber’s legal director of ThreatOps in the now infamous letter penned by an attorney representing former Uber security analyst Richard Jacobs.

The Jacobs letter contends, among other things, that Clark, along with current Uber employee Mat Henley, led efforts to avoid legal discovery requests, court orders, and government investigations, in violation of the law and professional ethics.

“Clark devised training and provided advice intended to impede, obstruct, or influence the investigation of several ongoing lawsuits against Uber [and other matters in the US],” the letter stated.

Judge William Alsup, presiding over Waymo’s civil lawsuit against Uber, delayed the trial late last month after receiving the letter and notification of the US government’s involvement in a criminal investigation of Uber from a US attorney. The ride-sharing biz is reportedly the subject of at least five criminal investigations.

Judge stalls Uber trade-secret theft trial after learning upstart ‘ran a trade-secret stealing op’

READ MORE

The Jacobs letter gave Waymo more leeway to pursue its trade-secret-theft claim, and as part of that involves calling Clark to testify. But Clark’s legal team contended the letter is riddled with lies.

In the motion to quash the subpoena, Clark’s attorneys described the Jacobs letter as an inaccurate advocacy piece, drafted by Jacobs’s attorney, to maximize an undeserved settlement from Uber.

“Indeed, Mr Jacobs testified that he did not write, let alone carefully or thoroughly review, the Jacobs letter, and that the letter was ‘hyperbolic,’ ‘speculative,’ and the product of ‘surmising,'” the motion stated. “Moreover, Jacobs recanted or disagreed with critical statements that his lawyer made in the letter, including that Uber engaged in clandestine efforts to steal trade secrets from Waymo.”

The Miami court has given Waymo until 3pm EST on Tuesday, December 19, 2017 to respond. ®

PS: Police in Lebanon have cuffed an Uber driver in connection with the murder of British woman Rebecca Dykes, who worked in the British Embassy in Beirut. She was sexually assaulted and strangled on Saturday.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/12/19/alleged_uber_black_ops_lawyer_subpoena/

  • 19/12/2017
  • adm

Android trojan has miner so aggressive it can bork your battery

Kaspersky researchers have turned up a strain of malware lurking in adult content and fake virus scanners, and it can run a victim’s Android mobe so hard they might suffer physical damage.

The Android trojan, dubbed “Loapi”, has a modular architecture that lets it be adapted to run cryptocurrency mining, take part in DDoS networks, or bombard suffering users with constant advertisements.

The sample analysed by Kaspersky’s Nikita Buchka, Anton Kivva, and Dmitry Galov, when running a few days to mine the Minero cryptocurrency, worked their test device so hard that “the battery bulged and deformed the phone cover.”

Loapi communicates with the following module-specific command and control servers:

  • ronesio.xyz (advertisement module);
  • api-profit.com:5210 (SMS module and mining module);
  • mnfioew.info (web crawler); and
  • mp-app.info (proxy module)

The Web crawler module, Kaspersky said, “is used for hidden Javascript code execution on web pages with WAP billing in order to subscribe the user to various services”, and works in conjunction with the SMS module to send the subscription message.

Working with the ad module, the Web crawler “tried to open about 28,000 unique URLs on one device during our 24-hour experiment.”

The trojan tries to nag users into giving it admin privileges, which would also make it ideal for user espionage, something the Kaspersky researchers think is likely in the future.

Adups gets a redux

The folk over at Malwarebytes have had their own find-of-the-week: the China-based company which a year ago shipped data-harvesting firmware, Shanghai Adups Technology, is shipping an auto-installer dubbed “Android/PUP.Riskware.Autoins.Fota.”

When the noise about Adups died down, Nathan Collier wrote, there was a component Malwarebytes overlooked: “It comes with the package names com.adups.fota.sysoper and com.fw.upgrade.sysoper, appears in the app list as UpgradeSys, and has the filename FWUpgradeProvider.apk.”

Like Adups’ previous work, the installer gets admin privileges because it’s pre-installed on the device; and while on its own it isn’t malicious, it could be used to pull other dangerous software.

Malwarebytes provides instructions on disabling the installer, using the Debloater tool. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/12/19/android_trojan_has_miner_so_aggressive_it_can_bork_your_battery/

  • 19/12/2017
  • adm

Cryptocoins robbed at gunpoint

As through this life you travel, you meet some funny men
Some rob you with a six-gun, some with a fountain pen.

– Woody Guthrie, “Pretty Boy Floyd”

You may have thought that was hopelessly out of date, at least when it comes to cyber crime, since robberies that don’t involve physical cash are often done not with a gun or a pen, but with computer keystrokes from miles – even tens of thousands of miles – away.

Especially when it comes to that ephemeral money called cryptocurrency, where, as Naked Security has reported, the most common ways to lose it are through the volatility of its value, exchanges getting hacked or digital wallets being frozen.

But, according to an indictment handed down in New York Supreme Court this week, it can still happen with a gun. Which should serve as a warning to all those who have been enjoying seeing their cryptocurrency investments explode in value: be careful who you confide in.

Manhattan District Attorney Cyrus Vance announced last Tuesday that Louis Meza, 35, of Passaic, NJ, had been arraigned on eight charges, including grand larceny, kidnapping, robbery, criminal use of a firearm, computer trespass and computer tampering for allegedly robbing a so-far unnamed acquaintance on 4 November of about $1.8m of the cryptocurrency Ether.

According to a press release from the DA’s office, Meza had an accomplice who is still at large, but who will likely face similar charges.

The DA said Meza knew the victim had that much Ether in a digital wallet when they met at Meza’s apartment. After the meeting, Meza “insisted” on ordering a car service to take the victim back to his apartment – a “car service” with a gunman.

On the way to the victim’s apartment, an unapprehended individual who had been hiding in the vehicle appeared suddenly and demanded that the victim turn over his cell phone, wallet, and keys while holding the victim at gunpoint.

Prosecutors said the victim was also ordered to divulge a 24-word passphrase. Thankfully the victim managed to escape the minivan where he was being held, at which point he promptly called 911.

Meanwhile, when Meza allegedly entered the victim’s apartment, his presence was documented on surveillance video. And law enforcement found the $1.8m had been transferred to Meza’s personal account the following day.

Video surveillance later obtained from the victim’s apartment building showed MEZA using the set of keys stolen from the victim to enter the victim’s apartment and then leave the apartment holding a box believed to contain the victim’s digital wallet. Additional records reveal that soon after obtaining the victim’s digital wallet, the defendant then transferred approximately $1.8 million in Ether to his own personal account.

The DA didn’t specify exactly what was in the box, but it was presumably some kind of paper record or electronic storage.

While a hard drive or USB, if encrypted, can provide protection against thieves getting access to your currency, it doesn’t stop them threatening or coercing you into doing it for them.

In this case, at least one of the perps didn’t get far and the victim will, presumably, get his money back. But Vance warned that as long as cryptocurrency values continue on their seemingly endless spike, this kind of thing will become more common. “This case demonstrates the increasingly common intersection between cyber and violent crime,” he said.

The defendant is charged with coordinating an elaborate kidnapping, armed robbery, and burglary to gain access to the victim’s digital wallet and the significant funds it contained. We can expect this type of crime to become increasingly common as cryptocurrency values surge upward.

Meza entered a not-guilty plea but was held on $1m bond or $500,000 cash bail.


Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Y2wQyxs_e6M/

  • 18/12/2017
  • adm