Tech Friday

posted by Brian Thomas - 

  • Money laundered through video games:
    • Many free video games make money by allowing players to pay for items (food, weapons, etc.) used in the game
    • Bob Diachenko, Head of communications at Kromtech Security said "If you have ever played a free-to-play game you know that most of them require resources of one type or another to play. Whether it be gems, gold, power ups, or other items, these resources are required to advance within the game, making them critical to the game play. Manually gathering the free resources is a slow process and one can play a game for months working to move up levels"
    • Known as "In-App Purchases", players spend real money to simplify and speed up game play
    • In-app purchasing has created a multi-billion dollar industry of out of these free games
    • Items purchased in a game can retain value because they can often be traded to other players or one player's character can be sold to another player
    • When sold on 3rd party markets and opportunity for money laundering arises
    • In June of this year, Kromtech found a database full of credit card numbers and personal information on the web. They reported that the database appeared to belong to credit card thieves, aka "carders"
    • It appears that the carders have created a system that relies on free games, 3rd party resale websites and Facebook to launder money from stolen cards
    • Kromtech reported the carders are currently focusing on the 3 games, Clash of Clans, Clash Royale, and Marvel Contest of Champions
    • These three games have a combined total of roughly 250 million users and generate about $330 million per year. They also have very active 3rd party markets for items and characters
    • The carders create accounts for these games, purchase items and characters automatically, then sell them in 3rd party markets
    • Ultimately, this amounts to a money laundering process for carders where they earn real money for the in game items
  • The FBI warns of an imminent attack on the world’s ATMs:
    • A confidential alert was sent to banks warning that cybercriminals are planning a global "cash-out scheme" which attacks ATMs
    • The cybercriminals are planning to use malware to take control of ATMs to withdraw cash
    • Cybercriminals looking for bigger, faster scores have moved from stealing card numbers and online credentials to attacks on bank networks
    • The FBI warning stated: "The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach"
    • The FBI said "at a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards"
    • Security expert Brian Krebs said criminals could write stolen data to reusable magnetic strip cards to create "fraudulent copies"
    • This type of attack is known as "Jackpotting"
    • Experts have said that smaller, less sophisticated banks are likely to be the most vulnerable to these attacks
    • A group of hackers stole with over $1 million earlier this year using the jackpotting technique on US ATMs
    • Unfortunately, it appears that some banks have been slow to upgrade ATMs. A US Secret Service alert from January warned that devices running old OSs such as Windows XP were more vulnerable. It encouraged vendors to upgrade to newer OSs
    • These types of attacks can be traced back as far as 2016 when cybercriminals remotely attacked ATMs in more than a dozen European countries
  • An 11-year-old changed election results on a replica Florida website at DEFCON 26:
    • DEFCON is the world's longest running and largest underground hacking conference
    • Hackers, IT professionals, and three letter government agencies converge on Las Vegas each summer to absorb cutting edge hacking research
    • Hackers made big headlines at DEFCON 25 by exposing several vulnerabilities in voting technology. Disturbingly, they were successful hacking into every voting machine they tried
    • Several machines were broken into within two hours and sadly, and all were compromised within two-and-a-half days 
    • Joseph Lorenzo Hall, CTO at The Center for Democracy and Technology, said it wasn’t surprising that the voting machines were breached quickly, cybersecurity experts have warned about vulnerabilities for years
    • Many of the most typical voting machines are more than 15 years old. They run obsolete operating systems such as Windows 95. "The biggest barrier to hacking them was finding the right pieces of old software" Hall said
    • The Voting Machine Hacking Village (VMHV) at DEFCON offers a set of voting machines that will actually be used in the 2018 midterm elections
    • VHMV attendees are encouraged to analyze and attack voting machines and sites, and will again have access to dozens of pieces of equipment including several that haven’t previously been tested
    • The hackathon includes "13 imitation websites linked to voting in presidential battleground states" according to PBS
    • An 11-year old boy, Emmett Brewer, accessed a replica of the Florida secretary of state’s website and was able to change the results of the "election" in less than 10 minutes
    • Brewer was 1 of roughly 50 kids between 8 and 16 who participated in the VHMV hackathon
    • Nico Sell, co-founder r00tz Asylum, a non-profit that teaches kids to hack, and an event organizer reported that an 11-year-old girl also managed to triple the number of votes on the replica Florida site in about 15 minutes
    • Sell also reported that more than 30 kids were able to hack a variety of other similar state replica websites in less than half an hour
    • Jake Braun, a co-organizer of the VHMV and a former White House and public liaison for DHS, raised the concern that many voting machines use computer chips made in China: "This strikes at the heart of the idea that you’d need thousands of Russians with physical access to the machines to get into them, when in fact, no, you don’t -- you need one Russian to bribe a Chinese manufacturing-plant official, and now all of a sudden they own an entire class of machines nationwide" 
    • Jeanette Manfra, a cybersecurity expert with the Department of Homeland Security said election officials "do a lot with not a lot of resources, and now they're on the front lines trying to deal with a lot of these issues. They can't do it alone"
    • In a statement regarding VHMV, the National Association of Secretaries of State (NASOS) said "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols
    • The (NASOS) statement also said "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results"
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here