Archive

Posts Tagged ‘Cybersecurity’

Facebook password crisis – what to do? [VIDEO]

March 22, 2019 Leave a comment

Watch this special edition of Naked Security Live – we answer the questions people have been asking us, like “Should I stay or should I go?”

from Naked Security https://ift.tt/2HO6ek2
via IFTTT

Alleged Child Porn Lord Faces US Extradition

March 22, 2019 Leave a comment

In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring – 33-year-old Freedom Hosting operator Eric Eoin Marques – was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This week, Ireland’s Supreme Court cleared the way for Marques to be extradited to the United States.

Eric Eoin Marques. Photo: Irishtimes.com

The FBI has called Marques the world’s largest facilitator of child porn. He is wanted on four charges linked to hidden child porn sites like “Lolita City” and “PedoEmpire,” which the government says were extremely violent, graphic and depicting the rape and torture of pre-pubescent children. Investigators allege that sites on Freedom Hosting had thousands of customers, and earned Marques more than $1.5 million.

For years Freedom Hosting had developed a reputation as a safe haven for hosting child porn. Marques allegedly operated Freedom Hosting as a turnkey solution for Web sites that hide their true location using Tor, an online anonymity tool.

The sites could only be accessed using the Tor Browser Bundle, which is built on the Firefox Web browser. On Aug. 4, 2013, U.S. federal agents exploited a previously unknown vulnerability in Firefox version 17 that allowed them to identify the true Internet addresses and computer names of people using Tor Browser to visit the child porn sites at Freedom Hosting.

Irish public media service RTE reported in 2013 that Marques briefly regained access to one of his hosting servers even after the FBI had seized control over it and changed the password, briefly locking the feds out of the system.

As Wired.com observed at the time, “in addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.”

Marques, who holds dual Irish-US citizenship, was denied bail and held pending his nearly six-year appeal process to contest his extradition. FBI investigators told the courts they feared he would try to destroy evidence and/or flee the country. FBI agents testified that Marques had made inquiries about how to get a visa and entry into Russia and set up residence and citizenship there.

“My suspicion is he was trying to look for a place to reside to make it the most difficult to be extradited to the US,” FBI Special Agent Brooke Donahue reportedly told an Irish court in 2013.

Even before the FBI testified in court about its actions, clues began to emerge that the Firefox exploit used to record the true Internet address of Freedom Hosting visitors was developed specifically for U.S. federal investigators. In an analysis posted on Aug. 4, reverse engineer Vlad Tsrklevich concluded that because the payload of the Firefox exploit didn’t download or execute any secondary backdoor or commands “it’s very likely that this is being operated by an [law enforcement agency] and not by blackhats.”

According to The Irish Times, in a few days Marques is likely to be escorted from Cloverhill Prison to Dublin Airport where he will be put on a US-bound flight and handcuffed to a waiting US marshal. If convicted of all four charges, he faces life in prison (3o years for each count).

from Krebs on Security https://ift.tt/2Ub7iW1
via IFTTT

Inside Incident Response: 6 Key Tips to Keep in Mind

March 22, 2019 Leave a comment

Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.

from Dark Reading: https://ift.tt/2JxSeNM
via IFTTT

Two Found Guilty in Online Dating, BEC Scheme

March 22, 2019 Leave a comment

Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.

from Dark Reading: https://ift.tt/2Flzsny
via IFTTT

Security Lessons from My Game Closet

March 22, 2019 Leave a comment

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

from Dark Reading: https://ift.tt/2HRL4BP
via IFTTT

Week in security with Tony Anscombe

March 22, 2019 Leave a comment

APT group Ocean Lotus has been active with new memory corruption vulnerability. Google fined 1.7 billion US$ by the EU. Plus, pick your Android security app wisely, test shows

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

from WeLiveSecurity https://ift.tt/2TlHB0p
via IFTTT

BitLocker hacked? Disk encryption – and why you still need it [VIDEO]

March 22, 2019 Leave a comment

Is BitLocker cracked? Is disk encryption still worth it? The answers are “No” and “Yes”, and here’s why.

from Naked Security https://ift.tt/2Fq7pmP
via IFTTT