arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

DarkSide, Blamed for Colonial Pipeline Attack, Says It Is Shutting Down

Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.

The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.

The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)

“The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”

Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.

“It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”

Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.

“You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”

Julian Barnes contributed reporting.

View Source

90-Year-Old Hong Kong Woman Robbed of $33 Million in Phone Scam

Not much has been publicly disclosed about the 90-year-old woman at the center of the latest Hong Kong scam, how she acquired her wealth or how she became a target. But she received a phone call in August from someone who claimed to be a government official, The South China Morning Post reported. Days later, the police said, a person claiming to be a Chinese police officer arrived at her home on Victoria Peak, the lofty realm of Hong Kong’s wealthy elite, to deliver a cellphone she was to use to communicate during the so-called investigation.

Over five months, the scammers unspooled instructions on transferring millions as part of the so-called investigation. She transferred her first million on Aug. 12, the police said. From Aug. 13 to Jan. 4, she deposited $31.8 million more into the scammers’ bank accounts.

The scheme began to collapse when a domestic helper grew suspicious and alerted the woman’s daughter, who persuaded her mother to make a police report in March, the police said. By then, nearly $33 million had vanished. It was unclear whether the woman will ever recover a dime.

Chief Inspector Mok said that the elderly were among the most vulnerable targets of phone scammers. He called on the public to contact older relatives on a regular basis as a way to reduce such fraud.

“We hope everyone calls the elderly more frequently, not only to show that you care for them and to remind them not to fall for phone scams,” he said, “but to allow them to become more familiar with your voices and the types of words you use.”

Lennon Chang, a senior lecturer at Monash University in Australia and an expert in cybercrime in the greater China region, said that elderly victims of such crimes are often plagued by feelings of shame. Sometimes they continue to follow the instructions of their swindlers, who often dangle promises to return the money, even if they begin to suspect that they are being deceived.

“They fear that if they tell other people, they will be criticized for being stupid,” he said in a phone interview. “They are afraid for being teased. They don’t want to be seen as falling into this kind of graft despite decades of life experience.”

View Source

Lending Apps in India Shame Borrowers Who Can’t Pay Money Back

HYDERABAD, India — The harassing calls began soon after sunrise. Kiran Kumar remained in bed and, for hours, thought about how he was going to end his hostage of a life.

The cement salesman had initially borrowed about $40 from a lender through an online app to supplement his $200-a-month salary. But he couldn’t pay the mounting fees and interest, so he borrowed from others. By that morning, Mr. Kumar owed roughly $4,000.

Even worse, the lenders had the phone numbers of those closest to him, and were threatening to make his problems public.

“If I am labeled a fraud in front of everyone, my self-respect is gone, my honor is gone,” Mr. Kumar, 28, said in an interview. “What is left?”

devastated by the impact of the coronavirus on the Indian economy.

About 100 loan apps have been removed from the Google platform, according to the Indian government. A Google spokesperson said it reviewed hundreds of loan apps and removed those that violated its terms.

The investigations are raising alarms in India over the vulnerability of a population of 1.3 billion who are still getting accustomed to digital payments. Online transactions in India will reach more than $3 trillion by 2025, according to PwC, the consulting firm. Further fraud findings could spur the government, which has already limited the personal data that online companies can use, to take a tighter grip on the industry.

The apps also speak to the global nature of online fraud. Many of the companies use techniques that flourished in China two years ago before the authorities there shut them down, and that have since reappeared elsewhere.

The loan apps emerged at a desperate time. The government enacted a tough, two-month lockdown a year ago to contain the virus, plunging India into a deep recession. Millions were thrown out of work. Traditional forms of lending, like banks and microlenders, were temporarily closed.

With names like Money Now, First Cash, Super Cash and Cool Cash — according to police documents — the apps came and went on Google’s app store in India, some reappearing with a slight change of identity. Most were built with off-the-shelf software that made their creation as easy as starting a blog, said Srikanth Lakshmanan, one of the coordinators of Cashless Consumers, a collective of technology volunteers who have been studying the apps.

Aasra.info for more resources.

Cao Li contributed reporting from Hong Kong.

View Source