Over a thousand people fell for the bitcoin scam, charges against cyber crooks and another open database found.
Welcome to Cyber Security Today. It’s Wednesday July 22nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
You may recall headlines last week about the Twitter accounts of well-known people being hijacked and used for a bitcoin scam. The scam had these celebrities and politicians promising to double the bitcoin that people sent to a certain bitcoin wallet. Well, here’s a follow-up: Several cryptocurrency exchanges quickly recognized the scam and stopped the ability of their users from sending bitcoin to that wallet. One of them, Coinbase, told Forbes.com that it prevented just over 1,100 customers from sending bitcoin worth $280,000 to the scammers. That’s right: over a thousand people were fooled. And that’s just among Coinbase exchange users. However, Coinbase wasn’t fast enough to stop 14 people from sending about $3,000 to the crooks. Some experts think the person or persons behind the scam made off with about $100,000 before word got around.
Over two years after his arrest the United States has extradited a resident of Cyprus on allegations of cybercrime. The man has been indicted on charges of wire fraud, conspiracy to commit computer fraud, conspiracy to commit identity theft and extortion as part of a gang that stole personal information from websites between 2014 and 2016. Those websites were threatened with public disclosure of the stolen data unless they paid a ransom. Victim websites allegedly included a hardware company, an online sports news site and a free online game publisher. Separately the man has also been indicted on charges of conspiracy to commit computer hacking and stealing data from an Arizona company, and then threatening to release the data unless he was paid $90,000.
Separately a U.S. grand jury has indicted two named Chinese citizens with hacking into the computer systems, fraud and data theft from hundred of governments, companies and individuals over a 10-year period. The indictment alleges sometimes they worked to enrich themselves, other times for Chinese government agencies. In some cases they stole trade secrets from businesses. The indictment alleges the pair recently were hunting for ways to get into companies developing COVID-19 vaccines. They allegedly got into systems by exploiting software vulnerabilities in web server software, web application software and software collaboration applications. In some cases patches were available that would have stopped these attacks, but in other cases the vulnerabilities had just been announced and victims wouldn’t have had the ability to patch. Companies in 11 countries were targeted including the U.S. the United Kingdon, Australia and Japan. Targeted industries included high tech manufacturing; medical device makers, civil and industrial engineering, defence and pharmaceuticals.
Finally, company employees continue to be careless and leave databases open on the Internet. The latest example is a server from a company called MacKievSoftware. The database included information on subscribers to its software, which includes Family Tree Maker, Print Shop, Kid Pix, as well as some user data from Ancestry.com. Data included peoples’ email addresses, user support messages and user location data. The discovery was made by researchers working for a news site called Wizcase. The database has since been closed. However, information like email addresses could be used for phishing messages and spam.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.