The FBI warns holiday scammers are hitting email, social media, fake sites, delivery alerts, and calls, with new data showing losses and complaints rising.

The post FBI Flags Rising Holiday Scams Spreading Across Email, Social, and Web appeared first on TechRepublic.

The FBI warns holiday scammers are hitting email, social media, fake sites, delivery alerts, and calls, with new data showing losses and complaints rising.

The post FBI Flags Rising Holiday Scams Spreading Across Email, Social, and Web appeared first on TechRepublic.

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes.

The post Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI appeared first on SecurityWeek.

Innocent pen testing mistake or premeditated attack?

The FBI has issued a federal subpoena to domain registrar Tucows, demanding extensive billing and session records to unmask the anonymous operator of Archive.ph (Archive.is and Archive.today). The site, known for bypassing paywalls, is now the subject of an undisclosed criminal investigation.

A Nigerian national has been sentenced to five years in federal prison for his role in a massive darknet fraud scheme that intended to cause over $6 million in losses, according to the U.S. Department of Justice (DOJ). Using various online aliases, Kaura led a global network selling stolen payment card data, using cryptocurrencies like […]

Law enforcement authorities from over a dozen countries in Europe and North America have taken part in disrupting the activities of the Hive ransomware group, the U.S. Justice Department and Europol announced. Hive is believed to have targeted various organizations worldwide in the past couple of years, often extorting payments in cryptocurrency.

Captured Decryption Keys Helped Hive Victims Avoid Paying $130 Million in Ransom

Ransomware network Hive, which has had around 1,500 victims in more than 80 countries, has been hit in a months-long disruption campaign, the U.S. Department of Justice (DOJ) and the European Union Agency for Law Enforcement Cooperation (Europol) revealed. A total of 13 nations participated in the operation, including EU member states, the U.K. and Canada.

Hive has been identified as a major cybersecurity threat as the ransomware has been used by affiliated actors to compromise and encrypt data and computer systems of government facilities, oil multinationals, IT and telecom companies in the EU and U.S., Europol said. Hospitals, schools, financial firms, and critical infrastructure have been targeted, the DOJ noted.

It has been one of the most prolific ransomware strains, Chainalysis pointed out, which has collected at least $100 million from victims since its launch in 2021. A recent report by the blockchain forensics company unveiled that revenue from such attacks has decreased last year, with a growing number of affected organizations refusing to pay the demanded ransoms.

According to the announcements by the law enforcement authorities, the U.S. Federal Bureau of Investigation (FBI) penetrated Hive’s computers in July 2022 and captured its decryption keys, providing them to victims around the world which prevented them from paying another $130 million.

Working with the German Federal Police and the Dutch High Tech Crime Unit, the Bureau has now seized control over the servers and websites that Hive used to communicate with its members and the victims, including the darknet domain where the stolen data was sometimes posted. FBI Director Christopher Wray was quoted as stating:

The coordinated disruption of Hive’s computer networks … shows what we can accomplish by combining a relentless search for useful technical information to share with victims.

The Hive ransomware was created, maintained and updated by developers while being employed by affiliates in a ‘ransomware-as-a-service’ (RaaS) double extortion model, Europol explained. The affiliates would initially copy the data and then encrypt the files before asking for a ransom to decrypt the information and not publish it on the leak site.

The attackers exploited various vulnerabilities and used a number of methods, including single factor logins via Remote Desktop Protocol (RDP), virtual private networks (VPNs), and other remote network connection protocols as well as phishing emails with malicious attachments, the law enforcement agencies detailed.

Do you expect police authorities around the world to dismantle more ransomware networks in the near future? Tell us in the comments section below.

A former doctor will be imprisoned for 8 years for trying to hire a killer from the “dark web”.

It all started in February 2021, when a visitor to a website for ordering killer services under the nickname Scar215 addressed the administrator of the site in a personal letter with a desire to order an attack on his colleague. The customer sent full information about the victim (name, address and photo) and an amount of about USD 2,000 (approximately the same amount of money was used to buy the assassination of the colleague).

This was not the last order from the anonymous person. In early April 2021, Scar215 sent letters to three administrators of similar sites with a detailed description of his order. He wanted to order the kidnapping of his wife because she had started the process of divorce from him. The text of the task stated that she had to be kidnapped and held for one week, the victim had to be injected with heroin twice a day to induce addiction, and the task was accompanied by a list of goals for which the mercenary would receive a “nice bonus”. If we count all the “bonuses” and the initial amount specified in the text of the task, we will get the amount of USD 60,000, which is the amount for which the customer planned to organize the “re-education” of his wife. During the discussion of the details, the customer allowed the mercenary to use any methods to achieve the goal, and the goal was to return the wife to the customer and complete the divorce procedure. Scar215 paid for his two orders with bitcoin, probably to remain completely anonymous.

All the illegal actions could not go unnoticed. While analyzing the blockchain, the FBI noticed some strange transactions, and they contacted the exchange (Coinbase, because it was from an account registered on this exchange that strange transactions for a rather large amount were made) to obtain information on these transactions, which led them to a man named Ronald Craig Ilg, who lived in Spokane, Washington. Ronald was then detained. In the morning, on April 11, 2021, he was interrogated, during which Ronald confessed that he intended to hire killers to kill himself, but investigators did not believe him, so a search was conducted at the suspect’s home. The police were interested in a safe in the man’s bedroom. Access to it was provided by the owner of the house. Inside the safe, investigators found a lot of records and notes. On April 13, 2021, using the found records, law enforcement agencies gained access to the Scar215 user account on the dark web, as well as to correspondence with administrators of sites providing “specific” services.

Ronald Craig Ilg confessed to ordering the attacks on his colleague and ex-wife and was sentenced on August 10, 2022: 8 years in prison in a general regime colony. If you think that’s all, you’re wrong, on January 24, 2023, the court ordered the prisoner to pay the victims compensation in the amount of $125,000.

“That was the only path through this darkness,” says U.S. prosecutor Zia Faruqui. “The darker the darknet gets, the way that you shine the light is following the money.” In “Tracers in the Dark,” Andy Greenberg, a senior writer at Wired, takes a historical look at what he calls Bitcoin’s “siren song: the promise of […]

Unfortunately, you've probably already heard the cliche that "cybercrime abhors a vacuum"...

This article by Davey Winder exposes how breaches in 2019 cost $3.5 Billion for nearly 500,000 people and organizations.

The FBI paid a non-profit organization focused on unmasking child predators $250,000 for access to a series of hacking tools, according to public procurement records viewed by Motherboard.

The news provides more insight into how the FBI obtains some of its hacking tools, or so-called network investigative techniques (NITs). The contract also highlights the close relationship between private parties and the FBI when hacking suspects. Facebook, for example, previously bought a hacking tool for the FBI to use to unmask one of the social network's users who was aggressively targeting minors on the platform.

The procurement record says the FBI's Child Exploitation Operational Unit (CEOU) is "purchasing a set of NITs." The contract dates from June 2020.

The NITs "have been demonstrated for OTD and CEOU and which have the capability, if activated, of providing the true internet address of the subject," the product description continues, referring to the Operational Technology Division, a part of the FBI that carries out hacking operations. The latter half of the product description is cut-off, but reads in part "of providing the true internet address of the subject even when hidden behi," presumably referring to whether the target is behind a proxy or anonymization network.

Do you produce NITs for the government? Do you know someone who does? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

The non-profit that the FBI paid for the NITs is called the Innocent Lives Foundation (ILF).

"We unmask anonymous child predators to help bring them to justice," the organization's website reads. "We use Open Source Intelligence Gathering (OSINT) methods to identify child predators. Once we have gathered the appropriate amount of information to confirm the identification of the predator, that file is then submitted to law enforcement," the website continues.

The ILF includes a board of directors, various corporate roles such as a Chief Operating Officer, and a number of volunteers who are accepted by invitation only, the website reads. In 2019, hacking conference DerbyCon selected the ILF as one of the featured non-profits of the conference, and provided the charity with more than $25,800 in donations, the ILF website adds.

U.S. law enforcement's umbrella term of network investigative technique has previously encompassed a wide range of different technologies and approaches. In some investigations NIT has referred to a booby-trapped Word document that once opened phoned home to an FBI controlled server, revealing the recipient's IP address. At the higher end, the FBI has deployed non-public exploits that break through the security protections of the Tor Browser. 

In a phone call with Motherboard, Chris Hadnagy, founder, executive director, and board member of the ILF declined to specify what sort of tool the NITs were, nor whether the charity developed the NITs itself or sourced them from another party.

At one point a company that sources zero-day exploits and then sells them to governments offered $80,000 for an attack targeting Firefox, which the Tor Browser is based on. That company, Exodus Intelligence, later provided a Firefox exploit to an offensive customer; a law enforcement agency deployed it to visitors of a dark web child abuse site, Motherboard previously reported.

Law enforcement agencies have used NITs to investigate financially-motivated crime, bomb threats, and hackers. Most prolifically, the FBI has deployed NITs in child abuse investigations, particularly on the dark web. Among other large scale cases, in 2015 the FBI hacked over 8,000 computers in 120 countries based on one warrant. Some judges threw out evidence in subsequent cases as they ruled that the judge who signed the warrant did not have the authority to do so. The campaign, dubbed Operation Pacifier, led to the arrest of 55 hands-on-abusers and 26 producers of child pornography, as well as recovering 351 children, according to a report from the Department of Justice Office of the Inspector General. 

The report also mentioned how between 2012 and 2017 the FBI’s Remote Operations Unit, which is part of the OTD, was largely responsible for the development and deployment of dark web solutions. 

"However, over the past 2 years, its dark web role has eroded due to budget decreases and an increased prioritization on tools for national security investigations. This has resulted in the operational units seeking tools useful to dark web investigations independently without a mechanism to share the product of their efforts," the report added.

The FBI declined to comment.

Update: This piece has been updated with a response from the FBI.

Subscribe to our cybersecurity podcast CYBER, here.