Connect with us

Crime

Iranian Hackers Took 6 Terabytes Worth Of Data From Citrix

Published

on

Citrix was inflitrated by Iranian cybercriminals and accessed and downloaded 6 terabytes worth of crucial documents.

Another data breach has taken the tech world on its seat, as a leading American digital systems provider was infiltrated by hackers, taking terabytes of their clientele’s data.

According to the FBI, international cybercriminals have infiltrated the servers of Citrix, a global leader in computing systems, providing more than 400,000 companies with virtual private network access and credentials including 98% of the Fortune 500.

The company has assured its clients that they have already taken appropriate actions regarding the security breach. According to Stan Black, Citrix CSI, the company has “commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI.”

The global security firm, Resecurity, said that an Iranian-linked group called IRIDIUM perpetrates the attack. The group allegedly has already carried out an attack to more than 200 government agencies, oil and gas firms, and tech companies around the world.

The firm, Resecurity, said that they had given a preemptive warning to Citrix since December 28, 2018, regarding possible cyber attacks against its systems.

“Based on the timing and further dynamics, the attack was planned and organized specifically during Christmas period,” Resecurity says in a blog.

“Based our recent analysis, the threat actors leveraged a combination of tools, techniques, and procedures allowing them to conduct targeted network intrusion to access at least 6 terabytes of sensitive data stored in the Citrix enterprise network, including e-mail correspondence, files in network shares and other services used for project management and procurement.”

Resecurity says the group uses proprietary techniques to bypass 2FA authorization for critical applications and services for further unauthorized access to virtual private networks channels and single sign-on.

At this point, it is still not possible to pinpoint precisely the extent of the damage caused by the attack. It is possible that the cybercriminals were able to access and download crucial documents from Citrix’s servers.

“In investigations of cyber incidents, the details matter, and we are committed to communicating appropriately when we have what we believe is credible and actionable information,” says Black. “While our investigation is ongoing, based on what we know to date, it appears that the hackers may have accessed and downloaded business documents.”

“At this time, there is no indication that the security of any Citrix product or service was compromised,” Black added.

However, according to Ian Thornton-Trump, security head of AMTrust Europe: It’s possible the bad guys have the source code for older products, possibly the Citrix NetScaler Gateway, formerly known as the Citrix Access Gateway, or CAG, which is primarily used for secure remote access.

“Let’s look back to 2012 when Symantec had the source code for PC Anywhere stolen – let’s not forget that in this treasure trove of data Citrix may have given up the source code for Logmein as well as other products. PC Anywhere ceased to be a viable product, and it was one of the nails in the coffin; the same could happen for Logme in.”

The Federal Bureau of Investigation thinks that the attack was carried out by exploiting weak passwords in the system known as “password spraying.” The technique allows the hacker to gain limited control over the network and find a way to circumvent other remaining security layers.

According to UK’s National Cybersecurity Centre (NCSc), they have already warned tech companies of this method in the past where lists of a small number of common passwords are used to brute force large numbers of accounts.

“These attacks are successful because for any given large set of users there will likely be some who are using very common passwords, and these attacks can slip under the radar of protective monitoring which only look at each account in isolation,” the NCSC says.

The agency has previously conducted a study to determine who among the organizations and companies that participated are vulnerable to password spraying. It revealed that 75% of the participants had accounts with passwords that are featured in the top 1,000 most common passwords and 87% are highlighted in top 10,000.

This attack is another of the overwhelming sprout of data breaches and cyber attacks in multinational organizations and governments. Recently, the government of Singapore has named the group WhiteFly as the perpetrator of the notorious SingHealth data breach that affected thousands of Singaporean patients’ data.

A Consumer Tech and Cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Arts & Entertainment

Michael Avenatti To Nike: Stop “Rigging” The System And “Acting Innocent”

Published

on

Michael Avenatti said Nike is rigging the system and acting innocent.

Michael Avenatti, one of America’s most infamous lawyers, is facing the court himself after he was charged for attempting to extort from Nike last month. The lawyer, who is known for being vocal in social media, has been airing his thoughts and sentiments on Twitter and in a recent Tweet, he accused the athletic brand of “rigging” the system while pretending they are “innocent.”

Federal prosecutors in New York announced that they filed charges against Michael Avenatti, the lawyer who said he had a major announcement against Nike and it’s alleged involvement in a ‘major school/college basketball scandal.’

Read More: COURT DOCUMENT ALLEGES MICHAEL AVENATTI OF DEMANDING PAYMENTS FROM NIKE TO CONDUCT AN ‘INTERNAL INVESTIGATION’ THAT THE COMPANY DID NOT REQUEST

The charges filed by Assitant United States Attorneys Matthew Podolsky, Robert L. Boone, and Robert B. Sobelman alleges that Avenatti of attempting to extort Nike for up to $25 million by threatening to release damaging information about the company.

He now faces five counts of conspiracy to commit extortion and was arrested yesterday. He also faces a separate case for wire fraud and bank fraud in the Central District of California.

According to the lawsuit, Michael Avenatti attempted to conspire with another party to “extract more than $20 million in payments from a publicly traded company by using his ability to garner publicity to inflict substantial financial and reputational harm on the company if his demands were not met.”

Amid the charges that the 48-year-old is currently facing, Avenatti hits back at the company. In a late night tweet, the attorney accused Nike of making money out of the backs of student-athletes, exploiting them and their families.

He also said in a now-deleted post that colleges and athletic organizations like the NCAA should pay the student-athletes “legitimately” because they make “billions off their backs.”

“College athletes deserve to be paid. Legitimately. Colleges/the NCAA make billions off their backs. But companies like Nike should not rig the system and take advantage of the athletes/ their families at the same time they bullsh**t America and act like they are innocent,” Avenatti said on Twitter, Thursday morning.

He previously denied the allegations against him on Monday and began tweeting what he called evidence of the scandal the day he was arrested. He was released on a $300,000 bond in the New York case and has repeatedly proclaimed his innocence of all charges.

Extorting Nike

Prosecutors in the case said that Avenatti met with Nike’s attorneys to demand a payment ‘to make a multi-million dollar payment” and make an additional 1.5 million dollar payment to an individual that the lawyer refers to like his client.

The client was said to be an AAU coach, whose team have previously made deals with Nike. According to the affidavit, Nike refused to renew the contract with Avenatti’s client further. Avenatti claimed that his client has evidence that would prove that Nike employees have paid the families of high school players “similar to conduct a rival company” that had recently been subjecting of criminal proceedings in the District. He named three high school players in particular and indicated that his client is well aware of the said payments as well.

Earlier Monday, Avenatti posted on Twitter that he will be holding a press conference to disclose a major high school/college basketball scandal by Nike that he and his team have discovered. “This criminal conduct reaches the highest levels of Nike and involves some of the biggest names in college basketball.” Nike’s shares reportedly fell as much as 1.3% after the tweet of Avenatti’s supposed expose.

The legal document obtained by Z6Mag also revealed that on March 20, Avenatti called the representative of Nike concerning the demanded payment and if those demands were not met, the lawyer will “go and take ten billion dollars off your client market cap […] I’m not f*cking around.”

Related: [TIMELINE] THE EVENTS THAT PRECEDE THE ARREST OF MICHAEL AVENATTI

The affidavit from an investigator from the Federal Bureau of Investigation said that Avenatti and another party referred to as “CC-1,” used “threats of economic and reputational harm to extort Nike.” Specifically, Avenatti “threatened to hold a press conference on the eve of Nike’s quarterly earnings call and the start of the annual National Collegiate Athletic Association (NCAA) tournament at which he would announce allegations of misconduct by employees of Nike.”

The complaint characterized the unnamed CC-1 as an attorney licensed to practice in the state of California and is similarly known to have represented celebrities and public figure clients like Avenatti.

The attorneys of Nike said that they asked for time from Avenatti and the defendant gave them until Tuesday, two days after the alleged meeting.

“If [Nike] want to have one confidential settlement and we’re done, they can buy that for twenty-two and half million dollars, and we’re done[…] Full confidentiality, we ride off into the sunset,” Avenatti allegedly told Nike’s lawyers as indicated in the filed court document.

Continue Reading

Crime

Scam Alert: Blockmailers Pose As CIA To Demand Bitcoin Payment

Published

on

Blockmailers Poses As CIA To Demand Bitcoin Payment

A new modus to blackmail people into paying bitcoins is posing as a CIA agent who will magically take your imaginary troubles away. Consider this as your warning.

Some scammers are posing as the US Central Intelligence Agency (CIA) to fool those who have not known better into giving up $10,000 worth of Bitcoin. According to a Reddit post by r/sajber in a post entitled “CIA got me fam,” he received an email from a supposed CIA agent who is “one of several people who have access” to documents that may implicate him.

The case that the email is talking about, Case #97416285, refers to an imaginary crime which includes a warning that he was tagged in an investigation that has supposedly distributed and stored pornographic materials that involve underage children.

The “CIA Agent” identified himself as Hong Lees and a “technical collection officer.” He warns that personal details including email address, home address, work address, and a list of relatives are included in the said case and that he will be up for arrest. The certain Hong Lee said that the case is part of a “large international operation set to arrest more than 2000 individuals suspected of pedophilia in 27 countries.”

It’s interesting to note that the supposed email actually used masked email domain (@esxco.cia-gov.ga), as well as an image of CIA crest in the signature as if it would help build trust and establish legitimacy.

Amusingly, the supposed problem can go away only if he would just transfer $10,000 in Bitcoin to an address given by Hong Lees, who claimed that he has access to the documents and have enough security clearance to “amend and remove your details from the case.”

Hong Lees said in the email that he is contacting people who are wealthy and who maybe are concerned about their reputation.

Hong Lees prefers that the transfer to be made with online bitcoin exchanges such as Coinbase, Bitstamp, and Coinmama and that the transfer should be made before the deadline which is March 27, 2019.

He, however, asked for a time after the transfer is confirmed to make the changes in the supposed CIA document, erasing the name and information of those who successfully made the payment. He made it clear that he needs “ few days” to access and edit the files, so any potential payment should be made well before the arrests start on April 8, 2019 (very convenient).

For an average reasonable person, it is obvious that the email is a scam. The CIA will not be emailing perpetrators of sexual abuse, let alone ask bribe from them. If in the event they would, it’s very reckless if they use their government email or their real name. Thus, the best course of action is not to respond or better yet, report the incident to the authorities.

The parallelism of this modus operandi with other modus done offline is uncanny. An illegal spamming activity has been calling residents in Milwaukee claiming to represent a local law firm by the name of “Anderson and Thompson.” The modus operandi is that the group will call random Milwaukee residents under the disguise of a local law firm to collect an old debt from a legal conflict and that the debt must be paid immediately.

Similarly, the phone scammers are also using masked phone numbers (as with masked email addresses) to establish legitimacy. According to the report, the spammer is using a series of three phone numbers, all with a 414 area code, a local Wisconsin area code.

Furthermore, the scam is also a slight upgrade from the infamous Bitcoin “sextortion” scam. According to this modus, a “magic pixel” has been smuggled onto the target’s computer, which then recorded videos of the potential victim masturbating. The masturbation videos wouldn’t be released as long as $1,900 in Bitcoin is sent to a specific address. It was first discovered in June 2017 and is estimated to have swindled more than $300,000 worth of Bitcoins from victims.

The CIA scam, as well as other modus operandi, tells a story that technology is available for everyone’s disposal – including criminals. That is why it is important for people to be aware of existing techniques and modus to avoid being a victim of scams and extortion operations. /apr

Continue Reading

Crime

Unmasking Jack The Ripper’s Real Identity

Published

on

Forensic Science may have prove the real identity of the 1888 Jack the Ripper

Who would have forgotten the stories of the notorious serial killer who established fear and terror on women during the late 1800s in England? Decades have passed, and still, the real identity and personality of this man are still unknown. Although news of his mysteries and plight was uncovered on previous investigations, and some authorities have pointed their fingers on the ‘alleged’ suspects, Forensic studies are still not convinced that they were the real ‘Jack the Ripper.’

However, not until today.

The identity of the notorious killer, ‘Jack the Ripper,’ may finally be known. This probe questions to the public, ‘how after centuries could someone be able to find clues to the real person?’

Forensic science provides us the answer. This month, a DNA forensic investigation was administered by two British researchers who published their work in the Journal of Forensic Science. Both made the discovery who identified, Aaron Kosminski, a 23-year old Polish Barber and also the main suspect at that time, is likely the perpetrator.

The said study is authored by Jari Louhelainen of Liverpool John Moores University and David Miller of the University of Leeds.

Way back 1888, the famous killer, ‘Jack the Ripper,’ brutally killed five female prostitutes who lived and worked in the slums of the East End of London, whose throats were deeply cut and mutilated their abdominal parts. The removal of internal organs from most of his victims led to speculation that the killer is somehow inclined to the anatomical or surgical field, but it was only a mere allegation because the murderer has never been identified.

Rumors intensified in October 1888, as media received letters from a person who named himself as ‘Jack the Ripper.’ The letter is widely believed to be a hoax, and the public increasingly believed in a single serial killer mainly because of the extraordinary brutal nature of the murders and media’s sensationalized news covers.

Today, as the Forensic Sciences put life to the case, it also gave the media another story to tell.

The investigation explained that the ‘semen stains’ match those with the analysis done by the police on the main suspect, Aaron Kominski. The procedures which the authors conducted include genetic testing of blood and semen on a shawl found near the body of Catherine Eddowes, the killer’s fourth victim, who badly mutilated her body and was only discovered on September 30, 1888, days after she was gone missing.

USA Today revealed how researchers had instigated the samples. They compared fragments of mitochondrial DNA inherited from one’s mother to that of living relatives of Eddowes and Kosminski. The result is a massive development to finally resolve the case: the DNA samples matched those of Kosminki’s relative.

The researchers said that they have been analyzing the silk shawl for the past eight years and the only physical evidence linked to the victim and the suspect.

The study also includes an analysis of the killer’s appearance which suggested that the murderer had features of brown hair and eyes. This data reflects the only reliable eyewitness statement from the murder, which law enforcement had considered accurate.

Kosminski was the only suspect who had been tried and investigated several times. But his guilt has been a matter of debate in the past decades until now, and no one has ascertained his crimes. His name resurfaced in 2014 in a book authored by British businessman and a self-proclaimed ‘armchair detective,’ as well as, ‘Ripper researcher,’ Russell Edwards.

But, the latest finding marks the first time that Edward’s DNA evidence has been included in a Science investigation. And, the research conducted by Jari and David is the most advanced case study to date regarding with the murder and represent the first ‘systematic’ molecular level analysis of the only surviving physical evidence associated with the Jack the Ripper murders.

The recent findings, however, may not satisfy other Ripper experts who continue to claim that the shawl may have been contaminated over the years. The shawl came from Edwards who bought it in an auction in 2007 then gave it to Louhelainen for research purposes.

Jack the Ripper features in hundreds of works of fiction including movies, TV shows, and inspired many mystery-inclined books, games, songs, plays, and operas. The case straddles the boundaries between fact and fiction including the Ripper letters and a hoax Diary of Jack the Ripper. Today, finding such as this will be a great help to the case of Jack the Ripper even if it means swimming through the oceans of critics and some Ripper experts.

Continue Reading

Today’s Latest

Our Voices

Silicon Valley Silicon Valley
Our Voice2 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice6 days ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice2 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...

Trending