Malicious actors look for accounts that are springboards to other systems, according to nearly 300 attendees of Black Hat USA.
Malicious actors look for accounts that are springboards to other systems, according to nearly 300 attendees of Black Hat USA.
New Bedford, Massachusetts’ refusal to pay a $5.3 million ransom highlights how victim towns and cities may be hitting the limit to what they’re willing to spend to speed recovery.
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
A new report investigates the evolution of crimeware, how businesses underestimate the threat, and why they should be concerned.
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious — and amusing — examples of cryptographic “snake oil.”
I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography. But every so often, a new company comes along that is so ridiculous, so nonsensical, so bizarre, that there is nothing to do but call it out.
Crown Sterling is complete and utter snake oil. The company sells “TIME AI,” “the world’s first dynamic ‘non-factor’ based quantum AI encryption software,” “utilizing multi-dimensional encryption technology, including time, music’s infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs.” Those sentence fragments tick three of my snake-oil warning signs — from 1999! — right there: pseudo-math gobbledygook (warning sign #1), new mathematics (warning sign #2), and extreme cluelessness (warning sign #4).
More: “In March of 2019, Grant identified the first Infinite Prime Number prediction pattern, where the discovery was published on Cornell University’s www.arXiv.org titled: ‘Accurate and Infinite Prime Number Prediction from Novel Quasi-Prime Analytical Methodology.’ The paper was co-authored by Physicist and Number Theorist Talal Ghannam PhD. The discovery challenges today’s current encryption framework by enabling the accurate prediction of prime numbers.” Note the attempt to leverage Cornell’s reputation, even though the preprint server is not peer-reviewed and allows anyone to upload anything. (That should be another warning sign: undeserved appeals to authority.) PhD student Mark Charney took the time to refute it. Most of it is wrong, and what’s right isn’t new.
I first encountered the company earlier this year. In January, Tom Yemington from the company emailed me, asking to talk. “The founder and CEO, Robert Grant is a successful healthcare CEO and amateur mathematician that has discovered a method for cracking asymmetric encryption methods that are based on the difficulty of finding the prime factors of a large quasi-prime numbers. Thankfully the newly discovered math also provides us with much a stronger approach to encryption based on entangled-pairs of keys.” Sounds like complete snake-oil, right? I responded as I usually do when companies contact me, which is to tell them that I’m too busy.
In April, a colleague at IBM suggested I talk with the company. I poked around at the website, and sent back: “That screams ‘snake oil.’ Bet you a gazillion dollars they have absolutely nothing of value — and that none of their tech people have any cryptography expertise.” But I thought this might be an amusing conversation to have. I wrote back to Yemington. I never heard back — LinkedIn suggests he left in April — and forgot about the company completely until it surfaced at Black Hat this year.
Robert Grant, president of Crown Sterling, gave a sponsored talk: “The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?” I didn’t see it, but it was widely criticized and heckled. Black Hat was so embarrassed that it removed the presentation from the conference website. (Parts of it remain on the Internet. Here’s a short video from the company, if you want to laugh along with everyone else at terms like “infinite wave conjugations” and “quantum AI encryption.” Or you can read the company’s press release about what happened at Black Hat, or Grant’s Twitter feed.)
Grant has no cryptographic credentials. His bio — on the website of something called the “Resonance Science Foundation” — is all over the place: “He holds several patents in the fields of photonics, electromagnetism, genetic combinatorics, DNA and phenotypic expression, and cybernetic implant technologies. Mr. Grant published and confirmed the existence of quasi-prime numbers (a new classification of prime numbers) and their infinite pattern inherent to icositetragonal geometry.”
Grant’s bio on the Crown Sterling website contains this sentence, absolutely beautiful in its nonsensical use of mathematical terms: “He has multiple publications in unified mathematics and physics related to his discoveries of quasi-prime numbers (a new classification for prime numbers), the world’s first predictive algorithm determining infinite prime numbers, and a unification wave-based theory connecting and correlating fundamental mathematical constants such as Pi, Euler, Alpha, Gamma and Phi.” (Quasi-primes are real, and they’re not new. They’re numbers with only large prime factors, like RSA moduli.)
Near as I can tell, Grant’s coauthor is the mathematician of the company: “Talal Ghannam — a physicist who has self-published a book called The Mystery of Numbers: Revealed through their Digital Root as well as a comic book called The Chronicles of Maroof the Knight: The Byzantine.” Nothing about cryptography.
There seems to be another technical person. Ars Technica writes: “Alan Green (who, according to the Resonance Foundation website, is a research team member and adjunct faculty for the Resonance Academy) is a consultant to the Crown Sterling team, according to a company spokesperson. Until earlier this month, Green — a musician who was ‘musical director for Davy Jones of The Monkees’ — was listed on the Crown Sterling website as Director of Cryptography. Green has written books and a musical about hidden codes in the sonnets of William Shakespeare.”
None of these people have demonstrated any cryptographic credentials. No papers, no research, no nothing. (And, no, self-publishing doesn’t count.)
After the Black Hat talk, Grant — and maybe some of those others — sat down with Ars Technica and spun more snake oil. They claimed that the patterns they found in prime numbers allows them to break RSA. They’re not publishing their results “because Crown Sterling’s team felt it would be irresponsible to disclose discoveries that would break encryption.” (Snake-oil warning sign #7: unsubstantiated claims.) They also claim to have “some very, very strong advisors to the company” who are “experts in the field of cryptography, truly experts.” The only one they name is Larry Ponemon, who is a privacy researcher and not a cryptographer at all.
Enough of this. All of us can create ciphers that we cannot break ourselves, which means that amateur cryptographers regularly produce amateur cryptography. These guys are amateurs. Their math is amateurish. Their claims are nonsensical. Run away. Run, far, far, away.
But be careful how loudly you laugh when you do. Not only is the company ridiculous, it’s litigious as well. It has sued ten unnamed “John Doe” defendants for booing the Black Hat talk. (It also sued Black Hat, which may have more merit. The company paid good money to have its talk presented amongst actual peer-reviewed talks. For Black Hat to remove its nonsense very well be a breach of contract.)
Maybe Crown Sterling can file a meritless lawsuit against me instead for this post. I’m sure it would think it’d result in all sorts of positive press coverage. (Although any press is good press, so maybe it’s right.) But it I can prevent others from getting taken in by this stuff, it would be a good thing.
Twitter today finally decided to temporarily disable a feature, called ‘Tweeting via SMS,’ after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey’s followers.
Dorsey’s Twitter account was compromised last week when a hacker group calling itself “Chuckling Squad” replicated a mobile phone number
Cybercriminals targeting financial institutions in the UK bypassed Symantec email gateway and other perimeter technologies.
A New York State school district was forced to delay the start of its school year when ransomware struck.
Beware! Billion of Android users can easily be tricked into changing their devices’ critical network settings with just an SMS-based phishing attack.
Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data
The cost of breaches will rise by two-thirds over the next five years, exceeding an estimated $5 trillion in 2024, primarily driven by higher fines as more jurisdictions punish companies for lax security.
Good article in the Washington Post on all the surveillance associated with credit card use.
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house.
Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security
Mozilla has finally enabled the “Enhanced Tracking Protection” feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android.
The company enabled the “Enhanced Tracking Protection” setting by default for its browser in June this year, but only for new users who downloaded and installed a fresh copy of Firefox.
Well, there’s some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide.
The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells ‘full chain, zero-click, with persistence’ Android zero-days.
A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “Satori” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
Kenneth Currin Schuchman pleaded guilty to one count of aiding and abetting computer intrusions. Between July 2017 and October 2018, Schuchman was part of a conspiracy with at least two other unnamed individuals to develop and use Satori in large scale online attacks designed to flood their targets with so much junk Internet traffic that the targets became unreachable by legitimate visitors.
According to his plea agreement, Schuchman — who went by the online aliases “Nexus” and “Nexus-Zeta” — worked with at least two other individuals to build and use the Satori botnet, which harnessed the collective bandwidth of approximately 100,000 hacked IoT devices by exploiting vulnerabilities in various wireless routers, digital video recorders, Internet-connected security cameras, and fiber-optic networking devices.
Satori was originally based on the leaked source code for Mirai, a powerful IoT botnet that first appeared in the summer of 2016 and was responsible for some of the largest denial-of-service attacks ever recorded (including a 620 Gbps attack that took KrebsOnSecurity offline for almost four days).
Throughout 2017 and into 2018, Schuchman worked with his co-conspirators — who used the nicknames “Vamp” and “Drake” — to further develop Satori by identifying and exploiting additional security flaws in other IoT systems.
Schuchman and his accomplices gave new monikers to their IoT botnets with almost each new improvement, rechristening their creations with names including “Okiru,” and “Masuta,” and infecting up to 700,000 compromised systems.
The plea agreement states that the object of the conspiracy was to sell access to their botnets to those who wished to rent them for launching attacks against others, although it’s not clear to what extent Schuchman and his alleged co-conspirators succeeded in this regard.
Even after he was indicted in connection with his activities in August 2018, Schuchman created a new botnet variant while on supervised release. At the time, Schuchman and Drake had something of a falling out, and Schuchman later acknowledged using information gleaned by prosecutors to identify Drake’s home address for the purposes of “swatting” him.
Swatting involves making false reports of a potentially violent incident — usually a phony hostage situation, bomb threat or murder — to prompt a heavily-armed police response to the target’s location. According to his plea agreement, the swatting that Schuchman set in motion in October 2018 resulted in “a substantial law enforcement response at Drake’s residence.”
As noted in a September 2018 story, Schuchman was not exactly skilled in the art of obscuring his real identity online. For one thing, the domain name used as a control server to synchronize the activities of the Satori botnet was registered to the email address firstname.lastname@example.org. That domain name was originally registered to a “ZetaSec Inc.” and to a “Kenny Schuchman” in Vancouver, Wash.
People who operate IoT-based botnets maintain and build up their pool of infected IoT systems by constantly scanning the Internet for other vulnerable systems. Schuchman’s plea agreement states that when he received abuse complaints related to his scanning activities, he responded in his father’s identity.
“Schuchman frequently used identification devices belonging to his father to further the criminal scheme,” the plea agreement explains.
While Schuchman may be the first person to plead guilty in connection with Satori and its progeny, he appears to be hardly the most culpable. Multiple sources tell KrebsOnSecurity that Schuchman’s co-conspirator Vamp is a U.K. resident who was principally responsible for coding the Satori botnet, and as a minor was involved in the 2015 hack against U.K. phone and broadband provider TalkTalk.
Multiple sources also say Vamp was principally responsible for the 2016 massive denial-of-service attack that swamped Dyn — a company that provides core Internet services for a host of big-name Web sites. On October 21, 2016, an attack by a Mirai-based IoT botnet variant overwhelmed Dyn’s infrastructure, causing outages at a number of top Internet destinations, including Twitter, Spotify, Reddit and others.
The investigation into Schuchman and his alleged co-conspirators is being run out the FBI field office in Alaska, spearheaded by some of the same agents who helped track down and ultimately secure guilty pleas from the original co-authors of the Mirai botnet.
It remains to be seen what kind of punishment a federal judge will hand down for Schuchman, who reportedly has been diagnosed with Asperger Syndrome and autism. The maximum penalty for the single criminal count to which he’s pleaded guilty is 10 years in prison and fines of up to $250,000.
However, it seems likely his sentencing will fall well short of that maximum: Schuchman’s plea deal states that he agreed to a recommended sentence “at the low end of the guideline range as calculated and adopted by the court.”
Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.
A new report finds 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users.
Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Here’s a brief primer on what you can do about it.
Over the past few weeks, a good number of readers have written in to say they feared their calendar app or email account was hacked after noticing a spammy event had been added to their calendars.
The truth is, all that a spammer needs to add an unwelcome appointment to your calendar is the email address tied to your calendar account. That’s because the calendar applications from Apple, Google and Microsoft are set by default to accept calendar invites from anyone.
Calendar invites from spammers run the gamut from ads for porn or pharmacy sites, to claims of an unexpected financial windfall or “free” items of value, to outright phishing attacks and malware lures. The important thing is that you don’t click on any links embedded in these appointments. And resist the temptation to respond to such invitations by selecting “yes,” “no,” or “maybe,” as doing so may only serve to guarantee you more calendar spam.
Fortunately, the are a few simple steps you can take that should help minimize this nuisance. To stop events from being automatically added to your Google calendar:
-Open the Calendar application, and click the gear icon to get to the Calendar Settings page.
-Under “Event Settings,” change the default setting to “No, only show invitations to which I have responded.”
To prevent events from automatically being added to your Microsoft Outlook calendar, click the gear icon in the upper right corner of Outlook to open the settings menu, and then scroll down and select “View all Outlook settings.” From there:
-Click “Calendar,” then “Events from email.”
-Change the default setting for each type of reservation settings to “Only show event summaries in email.”
For Apple calendar users, log in to your iCloud.com account, and select Calendar.
-Click the gear icon in the lower left corner of the Calendar application, and select “Preferences.”
-Click the “Advanced” tab at the top of the box that appears.
-Change the default setting to “Email to [your email here].”
Making these changes will mean that any events your email provider previously added to your calendar automatically by scanning your inbox for certain types of messages from common events — such as making hotel, dining, plane or train reservations, or paying recurring bills — may no longer be added for you. Spammy calendar invitations may still show up via email; in the event they do, make sure to mark the missives as spam.
Have you experienced a spike in calendar spam of late? Or maybe you have another suggestion for blocking it? If so, sound off in the comments below.
As the number vulnerabilities hit a historic high, battle-worn security teams are upping their patching game.
The common thread: Each acts as a force multiplier, adding value to every other security technology around it.
An engineer recruited by the Dutch intelligence agency AIVD helped bring to Iran’s Natanz nuclear facility the malware via USB that ultimately infected systems there and sabotaged centrifuges, according to an exclusive report from Yahoo News.
XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users.
The security breach occurred two months ago, according to security researcher Troy Hunt who alerted the company of the incident, with unknown hackers stealing around 562,000
Attackers are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection.
Good news for you is that this week’s THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level.
The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker.
The 45 hours of course that includes total 384 in-depth lectures, usually cost $1,273, but
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone.
Earlier this year, Google’s Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.)
Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
This upends pretty much everything we know about iPhone hacking. We believed that it was hard. We believed that effective zero-day exploits cost $2M or $3M, and were used sparingly by governments only against high-value targets. We believed that if an exploit was used too frequently, it would be quickly discovered and patched.
None of that is true here. This operation used fourteen zero-days exploits. It used them indiscriminately. And it remained undetected for two years. (I waited before posting this because I wanted to see if someone would rebut this story, or explain it somehow.)
Google’s announcement left out of details, like the URLs of the sites delivering the malware. That omission meant that we had no idea who was behind the attack, although the speculation was that it was a nation-state.
Subsequent reporting added that malware against Android phones and the Windows operating system were also delivered by those websites. And then that the websites were targeted at Uyghurs. Which leads us all to blame China.
So now this is a story of a large, expensive, indiscriminate, Chinese-run surveillance operation against an ethnic minority in their country. And the politics will overshadow the tech. But the tech is still really impressive.
Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News.
Yes, that’s correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick
What could be more exciting than seeing yourself starring alongside your favorite actor in a movie, music video, or TV program?
Yes, that’s possible—well, kind of, by using a new AI-based deepfake app that has gone viral in China over this weekend, climbing to the top of the free apps list in the Chinese iOS App Store in just three days.
Dubbed ZAO, the app is yet another deepfake app for
Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.
Prior to its acquisition, Adconion offered digital advertising solutions to some of the world’s biggest companies, including Adidas, AT&T, Fidelity, Honda, Kohl’s and T-Mobile. Amobee, the Redwood City, Calif. online ad firm that acquired Adconion in 2014, bills itself as the world’s leading independent advertising platform. The CEO of Amobee is Kim Perell, formerly CEO of Adconion.
In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak, Mark Manoogian, Petr Pacas, and Mohammed Abdul Qayyum — in a ten-count indictment on charges of conspiracy, wire fraud, and electronic mail fraud. All four men have pleaded not guilty to the charges, which stem from a grand jury indictment handed down in June 2017.
The indictment and other court filings in this case refer to the employer of the four men only as “Company A.” However, LinkedIn profiles under the names of three of the accused show they each work(ed) for Adconion and/or Amobee.
Mark Manoogian is an attorney whose LinkedIn profile states that he is director of legal and business affairs at Amobee, and formerly was senior business development manager at Adconion Direct; Bychak is listed as director of operations at Adconion Direct; Quayyum’s LinkedIn page lists him as manager of technical operations at Adconion. A statement of facts filed by the government indicates Petr Pacas was at one point director of operations at Company A (Adconion).
According to the indictment, between December 2010 and September 2014 the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive.
The government alleges the men sent forged letters to an Internet hosting firm claiming they had been authorized by the registrants of the inactive IP addresses to use that space for their own purposes.
“Members of the conspiracy would use the fraudulently acquired IP addresses to send commercial email (‘spam’) messages,” the government charged.
Prosecutors say the accused were able to spam from the purloined IP address blocks after tricking the owner of Hostwinds, an Oklahoma-based Internet hosting firm, into routing the fraudulently obtained IP addresses on their behalf.
Hostwinds owner Peter Holden was the subject of a 2015 KrebsOnSecurity story titled, “Like Cutting Off a Limb to Save the Body,” which described how he’d initially built a lucrative business catering mainly to spammers, only to later have a change of heart and aggressively work to keep spammers off of his network.
That a case of such potential import for the digital marketing industry has escaped any media attention for so long is unusual but not surprising given what’s at stake for the companies involved and for the government’s ongoing investigations.
Adconion’s parent Amobee manages ad campaigns for some of the world’s top brands, and has every reason not to call attention to charges that some of its key employees may have been involved in criminal activity.
Meanwhile, prosecutors are busy following up on evidence supplied by several cooperating witnesses in this and a related grand jury investigation, including a confidential informant who received information from an Adconion employee about the company’s internal operations.
According to a memo jointly filed by the defendants, “this case spun off from a larger ongoing investigation into the commercial email practices of Company A.” Ironically, this memo appears to be the only one of several dozen documents related to the indictment that mentions Adconion by name (albeit only in a series of footnote references).
Prosecutors allege the four men bought hijacked IP address blocks from another man tied to this case who was charged separately. This individual, Daniel Dye, has a history of working with others to hijack IP addresses for use by spammers.
For many years, Dye was a system administrator for Optinrealbig, a Colorado company that relentlessly pimped all manner of junk email, from mortgage leads and adult-related services to counterfeit products and Viagra.
Optinrealbig’s CEO was the spam king Scott Richter, who later changed the name of the company to Media Breakaway after being successfully sued for spamming by AOL, Microsoft, MySpace, and the New York Attorney General Office, among others. In 2008, this author penned a column for The Washington Post detailing how Media Breakaway had hijacked tens of thousands of IP addresses from a defunct San Francisco company for use in its spamming operations.
Dye has been charged with violations of the CAN-SPAM Act. A review of the documents in his case suggest Dye accepted a guilty plea agreement in connection with the IP address thefts and is cooperating with the government’s ongoing investigation into Adconion’s email marketing practices, although the plea agreement itself remains under seal.
Lawyers for the four defendants in this case have asserted in court filings that the government’s confidential informant is an employee of Spamhaus.org, an organization that many Internet service providers around the world rely upon to help identify and block sources of malware and spam.
Interestingly, in 2014 Spamhaus was sued by Blackstar Media LLC, a bulk email marketing company and subsidiary of Adconion. Blackstar’s owners sued Spamhaus for defamation after Spamhaus included them at the top of its list of the Top 10 world’s worst spammers. Blackstar later dropped the lawsuit and agreed to paid Spamhaus’ legal costs.
Representatives for Spamhaus declined to comment for this story. Responding to questions about the indictment of Adconion employees, Amobee’s parent company SingTel referred comments to Amobee, which issued a brief statement saying, “Amobee has fully cooperated with the government’s investigation of this 2017 matter which pertains to alleged activities that occurred years prior to Amobee’s acquisition of the company.”
It appears the government has been investigating Adconion’s email practices since at least 2015, and possibly as early as 2013. The very first result in an online search for the words “Adconion” and “spam” returns a Microsoft Powerpoint document that was presented alongside this talk at an ARIN meeting in October 2016. ARIN stands for the American Registry for Internet Numbers, and it handles IP addresses allocations for entities in the United States, Canada and parts of the Caribbean.
As the screenshot above shows, that Powerpoint deck was originally named “Adconion – Arin,” but the file has since been renamed. That is, unless one downloads the file and looks at the metadata attached to it, which shows the original filename and that it was created in 2015 by someone at the U.S. Department of Justice.
Slide #8 in that Powerpoint document references a case example of an unnamed company (again, “Company A”), which the presenter said was “alleged to be one of the largest spammers in history,” that had hijacked “hundreds of thousands of IP addresses.”
There are fewer than four billion IPv4 addresses available for use, but the vast majority of them have already been allocated. In recent years, this global shortage has turned IP addresses into a commodity wherein each IP can fetch between $15-$25 on the open market.
The dearth of available IP addresses has created boom times for those engaged in the acquisition and sale of IP address blocks. It also has emboldened scammers and spammers who specialize in absconding with and spamming from dormant IP address blocks without permission from the rightful owners.
In May, KrebsOnSecurity broke the news that Amir Golestan — the owner of a prominent Charleston, S.C. tech company called Micfo LLC — had been indicted on criminal charges of fraudulently obtaining more than 735,000 IP addresses from ARIN and reselling the space to others.
KrebsOnSecurity has since learned that for several years prior to 2014, Adconion was one of Golestan’s biggest clients. More on that in an upcoming story.
How information sharing and analysis centers provide contextual threat information by creating communities that helps security professionals and their organizations grow in maturity and capability.
Implementing game mechanics and competition into the mix can incentivize employees to improve their cybersecurity posture.
WHY CHOOSE LCG?