Fraud prevention platform Sift raises $50M at over $1B valuation, eyes acquisitions

With the increase of digital transacting over the past year, cybercriminals have been having a field day.

In 2020, complaints of suspected internet crime surged by 61%, to 791,790, according to the FBI’s 2020 Internet Crime Report. Those crimes — ranging from personal and corporate data breaches to credit card fraud, phishing and identity theft — cost victims more than $4.2 billion.

For companies like Sift — which aims to predict and prevent fraud online even more quickly than cybercriminals adopt new tactics — that increase in crime also led to an increase in business.

Last year, the San Francisco-based company assessed risk on more than $250 billion in transactions, double from what it did in 2019. The company has over several hundred customers, including Twitter, Airbnb, Twilio, DoorDash, Wayfair and McDonald’s, as well a global data network of 70 billion events per month.

To meet the surge in demand, Sift said today it has raised $50 million in a funding round that values the company at over $1 billion. Insight Partners led the financing, which included participation from Union Square Ventures and Stripes.

While the company would not reveal hard revenue figures, President and CEO Marc Olesen said that business has tripled since he joined the company in June 2018. Sift was founded out of Y Combinator in 2011, and has raised a total of $157 million over its lifetime.

The company’s “Digital Trust & Safety” platform aims to help merchants not only fight all types of internet fraud and abuse, but to also “reduce friction” for legitimate customers. There’s a fine line apparently between looking out for a merchant and upsetting a customer who is legitimately trying to conduct a transaction.

Sift uses machine learning and artificial intelligence to automatically surmise whether an attempted transaction or interaction with a business online is authentic or potentially problematic.

Image Credits: Sift

One of the things the company has discovered is that fraudsters are often not working alone.

“Fraud vectors are no longer siloed. They are highly innovative and often working in concert,” Olesen said. “We’ve uncovered a number of fraud rings.”

Olesen shared a couple of examples of how the company thwarted fraud incidents last year. One recently involved money laundering through donation sites where fraudsters tested stolen debit and credit cards through fake donation sites at guest checkout.

“By making small donations to themselves, they laundered that money and at the same tested the validity of the stolen cards so they could use it on another site with significantly higher purchases,” he said. 

In another case, the company uncovered fraudsters using Telegram, a social media site, to make services available, such as food delivery, with stolen credentials.

The data that Sift has accumulated since its inception helps the company “act as the central nervous system for fraud teams.” Sift says that its models become more intelligent with every customer that it integrates.

Insight Partners Managing Director Jeff Lieberman, who is a Sift board member, said his firm initially invested in Sift in 2016 because even at that time, it was clear that online fraud was “rapidly growing.” It was growing not just in dollar amounts, he said, but in the number of methods cybercriminals used to steal from consumers and businesses.

Sift has a novel approach to fighting fraud that combines massive data sets with machine learning, and it has a track record of proving its value for hundreds of online businesses,” he wrote via email.

When Olesen and the Sift team started the recent process of fundraising, Insight actually approached them before they started talking to outside investors “because both the product and business fundamentals are so strong, and the growth opportunity is massive,” Lieberman added.

“With more businesses heavily investing in online channels, nearly every one of them needs a solution that can intelligently weed out fraud while ensuring a seamless experience for the 99% of transactions or actions that are legitimate,” he wrote. 

The company plans to use its new capital primarily to expand its product portfolio and to scale its product, engineering and sales teams.

Sift also recently tapped Eu-Gene Sung — who has worked in financial leadership roles at Integral Ad Science, BSE Global and McCann — to serve as its CFO.

As to whether or not that meant an IPO is in Sift’s future, Olesen said that Sung’s experience of taking companies through a growth phase such as what Sift is experiencing would be valuable. The company is also for the first time looking to potentially do some M&A.

“When we think about expanding our portfolio, it’s really a buy/build partner approach,” Olesen said.

#airbnb, #artificial-intelligence, #board-member, #credit-card, #credit-card-fraud, #crime, #crimes, #cybercrime, #doordash, #federal-bureau-of-investigation, #food-delivery, #fraud, #funding, #fundings-exits, #identity-theft, #insight-partners, #jeff-lieberman, #machine-learning, #mcdonalds, #online-fraud, #private-equity, #recent-funding, #san-francisco, #sift, #startup, #startups, #stripes, #tc, #twilio, #union-square-ventures, #wayfair, #y-combinator


Indianapolis Police Chief Says Gunman Bought Weapons Legally

Chief Randal Taylor said the gunman in the attack bought two assault-style weapons in July and August. Months earlier, his mother had warned the police about his mental state.

#federal-bureau-of-investigation, #firearms, #indianapolis-ind, #murders-attempted-murders-and-homicides


Indianapolis Sikhs Mourn FedEx Shooting Victims as Questions About Motive Linger

Four of the eight people killed on Thursday night were from Indiana’s growing Sikh community.

#bin-laden-osama, #federal-bureau-of-investigation, #indianapolis-ind, #indianapolis-ind-shooting-april-2021, #murders-attempted-murders-and-homicides, #sikhs-and-sikhism


Biden’s Choice for Justice Dept.’s No. 2 Is Lisa Monaco

Lisa Monaco, a veteran of national security posts, is expected to be a key player in the administration’s push to combat domestic extremism, embodied most publicly in the department’s inquiry into the Capitol attack.

#biden-joseph-r-jr, #content-type-personal-profile, #cyberwarfare-and-defense, #federal-bureau-of-investigation, #justice-department, #monaco-lisa-o, #storming-of-the-us-capitol-jan-2021, #terrorism, #united-states-politics-and-government


He Was Convicted of a Bombing Plot. Was It a Setup?

Since 9/11, U.S. authorities have used informants to convict hundreds of people of crimes related to international terrorism. Did the informants help create plots where none had existed?

#bay-ridge-brooklyn-ny, #federal-bureau-of-investigation, #herald-square-manhattan-ny, #informers, #james-elshafay, #muslims-and-islam, #osama-eldawoody, #police-department-nyc, #prisons-and-prisoners, #september-11-2001, #siraj-shahawar-matin, #surveillance-of-citizens-by-government, #wiretapping-and-other-eavesdropping-devices-and-methods


Intelligence Chiefs Warn of Russian Troops Near Ukraine and Other Threats

Officials said that China’s push for global power posed a threat to the United States, and they dwelled on climate change, domestic extremism and more.

#burns-william-j, #central-intelligence-agency, #china, #defense-intelligence-agency, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #haines-avril-d, #office-of-the-director-of-national-intelligence, #russia, #ukraine, #united-states-politics-and-government, #wray-christopher-a


FBI launches operation to remotely remove Microsoft Exchange server backdoors

A Texas court has authorized an FBI operation to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers in the United States, months after hackers used four previously undiscovered vulnerabilities to attack thousands of networks.

The Justice Department announced the operation on Tuesday, which it described as “successful.” It’s believed this is the first known case of the FBI effectively cleaning up private networks following a cyberattack.

In March, Microsoft discovered a new China state-sponsored hacking group — Hafnium — targeting Exchange servers run from company networks. The four vulnerabilities when chained together allowed the hackers to break into a vulnerable Exchange server and steal its contents. Microsoft fixed the vulnerabilities but the patches did not close the backdoors from the servers that had already been breached. Within days, other hacking groups began hitting vulnerable servers with the same flaws to deploy ransomware.

The number of infected servers dropped as patches were applied. But hundreds of Exchange servers remained vulnerable because the backdoors are difficult to find and eliminate, the Justice Department said in a statement.

“This operation removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorized access to U.S. networks,” the statement said. “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).”

The FBI said it’s attempting to contact owners of servers from which it removed the backdoors by email.

Assistant attorney general John C. Demers said the operation “demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions.”

The Justice Department also said the operation only removed the backdoors, but did not patch the vulnerabilities exploited by the hackers to begin with or remove any malware left behind.

Neither the FBI nor the Justice Department commented by press time.

#backdoor, #china, #computing, #cryptography, #cybercrime, #cyberwarfare, #department-of-justice, #federal-bureau-of-investigation, #hacking, #justice-department, #malware, #microsoft, #ransomware, #security, #security-breaches, #spyware, #technology, #texas, #united-states


Subpoenaing the Brookings Institution, Durham Focuses on Trump-Russia Dossier

The special counsel scrutinizing the Russia inquiry, a Trump-era leftover, appears to be retreading ground that an inspector general explored in 2019.

#brookings-institution, #danchenko-igor, #durham-john-h, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #foreign-intelligence-surveillance-court, #justice-department, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #surveillance-of-citizens-by-government, #trump-donald-j, #united-states-politics-and-government, #wiretapping-and-other-eavesdropping-devices-and-methods


Man Charged in Bomb Plot Targeting Amazon Data Center

Seth Aaron Pendley was arrested on Thursday and charged with plotting to blow up an Amazon data center in Virginia, prosecutors said.

#amazon-com-inc, #bombs-and-explosives, #data-centers, #federal-bureau-of-investigation, #fort-worth-tex, #justice-department, #seth-aaron-pendley, #storming-of-the-us-capitol-jan-2021, #united-states-politics-and-government, #virginia


New Autopsy Report Reveals Black Man’s 2004 Death Was Homicide

The cold case of Alonzo Brooks, 23, was featured in an episode of the Netflix reboot of “Unsolved Mysteries.”

#brooks-alonzo, #federal-bureau-of-investigation, #forensic-science, #kansas, #murders-attempted-murders-and-homicides, #netflix-inc


US indicts California man accused of stealing Shopify customer data

A grand jury has indicted a California resident accused of stealing Shopify customer data on over a hundred merchants, TechCrunch has learned.

The indictment charges Tassilo Heinrich with aggravated identity theft and conspiracy to commit wire fraud by allegedly working with two Shopify customer support agents to steal merchant and customer data from Shopify customers to gain a competitive edge and “take business away from those merchants,” the indictment reads. The indictment also accuses Heinrich, believed to be around 18-years-old at the time of the alleged scheme, of selling the data to other co-conspirators to commit fraud.

A person with direct knowledge of the security breach confirmed Shopify was the unnamed victim company referenced in the indictment.

Last September, Shopify, an online e-commerce platform for small businesses, revealed a data breach in which two “rogue members” of its third-party customer support team of “less than 200 merchants.” Shopify said it fired the two contractors for engaging “in a scheme to obtain customer transactional records of certain merchants.”

Shopify said the contractors stole customer data, including names, postal addresses and order details, like which products and services were purchased. One merchant who received the data breach notice from Shopify said the last four digits of affected customers’ payment cards were also taken, which the indictment confirms.

Another one of the victims was Kylie Jenner’s cosmetics and make-up company, Kylie Cosmetics, the BBC reported.

The indictment accuses Heinrich of paying an employee of a third-party customer support company in the Philippines to access parts of Shopify’s internal network by either taking screenshots or uploading the data to Google Drive in exchange for kickbacks. Heinrich paid the employee in thousands of dollars worth of cryptocurrency, and also fake positive reviews claiming to be from merchants to whom the employee had provided customer service but had not left feedback. The indictment alleges that Heinrich received a year’s worth of some merchants’ data.

Heinrich allegedly spent at least a year siphoning off incrementing amounts of data from Shopify’s internal network, at one point asking if he could “remotely access” the customer support employee’s computer while they were asleep.

Heinrich was arrested by the FBI at Los Angeles International Airport in February,and is currently detained in federal custody pending trial, set to begin on September 7. Heinrich has pleaded not guilty.

A Shopify spokesperson did not respond to a request for comment.

#california, #companies, #data-breach, #ecommerce, #federal-bureau-of-investigation, #kylie-jenner, #philippines, #publishing, #security, #shopify, #spokesperson


Biden Steps Up Federal Efforts to Combat Domestic Extremism

The administration has taken a series of steps to prioritize dealing with white supremacists and militias, especially after the Capitol riot on Jan. 6.

#biden-joseph-r-jr, #federal-bureau-of-investigation, #fringe-groups-and-movements, #homeland-security-department, #justice-department, #national-security-council, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #surveillance-of-citizens-by-government, #terrorism, #trump-donald-j, #united-states-politics-and-government, #whites


How Jamaica failed to handle its JamCOVID scandal

As governments scrambled to lock down their populations after the COVID-19 pandemic was declared last March, some countries had plans underway to reopen. By June, Jamaica became one of the first countries to open its borders.

Tourism represents about one-fifth of Jamaica’s economy. In 2019 alone, four million travelers visited Jamaica, bringing thousands of jobs to its three million residents. But as COVID-19 stretched into the summer, Jamaica’s economy was in free fall, and tourism was its only way back — even if that meant at the expense of public health.

The Jamaican government contracted with Amber Group, a technology company headquartered in Kingston, to build a border entry system allowing residents and travelers back onto the island. The system was named JamCOVID and was rolled out as an app and a website to allow visitors to get screened before they arrive. To cross the border, travelers had to upload a negative COVID-19 test result to JamCOVID before boarding their flight from high-risk countries, including the United States.

Amber Group’s CEO Dushyant Savadia boasted that his company developed JamCOVID in “three days” and that it effectively donated the system to the Jamaican government, which in turn pays Amber Group for additional features and customizations. The rollout appeared to be a success, and Amber Group later secured contracts to roll out its border entry system to at least four other Caribbean islands.

But last month TechCrunch revealed that JamCOVID exposed immigration documents, passport numbers, and COVID-19 lab test results on close to half a million travelers — including many Americans — who visited the island over the past year. Amber Group had set the access to the JamCOVID cloud server to public, allowing anyone to access its data from their web browser.

Whether the data exposure was caused by human error or negligence, it was an embarrassing mistake for a technology company — and, by extension, the Jamaican government — to make.

And that might have been the end of it. Instead, the government’s response became the story.

A trio of security lapses

By the end of the first wave of coronavirus, contact tracing apps were still in their infancy and few governments had plans in place to screen travelers as they arrived at their borders. It was a scramble for governments to build or acquire technology to understand the spread of the virus.

Jamaica was one of a handful of countries using location data to monitor travelers, prompting rights groups to raise concerns about privacy and data protection.

As part of an investigation into a broad range of these COVID-19 apps and services, TechCrunch found that JamCOVID was storing data on an exposed, passwordless server.

This wasn’t the first time TechCrunch found security flaws or exposed data through our reporting. It also was not the first pandemic-related security scare. Israeli spyware maker NSO Group left real location data on an unprotected server that it used for demonstrating its new contact tracing system. Norway was one of the first countries with a contact tracing app, but pulled it after the country’s privacy authority found the continuous tracking of citizens’ location was a privacy risk.

Just as we have with any other story, we contacted who we thought was the server’s owner. We alerted Jamaica’s Ministry of Health to the data exposure on the weekend of February 13. But after we provided specific details of the exposure to ministry spokesperson Stephen Davidson, we did not hear back. Two days later, the data was still exposed.

After we spoke to two American travelers whose data was spilling from the server, we narrowed down the owner of the server to Amber Group. We contacted its chief executive Savadia on February 16, who acknowledged the email but did not comment, and the server was secured about an hour later.

We ran our story that afternoon. After we published, the Jamaican government issued a statement claiming the lapse was “discovered on February 16” and was “immediately rectified,” neither of which were true.

Contact Us

Got a tip? Contact us securely using SecureDrop. Find out more here.

Instead, the government responded by launching a criminal investigation into whether there was any “unauthorized” access to the unprotected data that led to our first story, which we perceived to be a thinly veiled threat directed at this publication. The government said it had contacted its overseas law enforcement partners.

When reached, a spokesperson for the FBI declined to say whether the Jamaican government had contacted the agency.

Things didn’t get much better for JamCOVID. In the days that followed the first story, the government engaged a cloud and cybersecurity consultant, Escala 24×7, to assess JamCOVID’s security. The results were not disclosed, but the company said it was confident there was “no current vulnerability” in JamCOVID. Amber Group also said that the lapse was a “completely isolated occurrence.”

A week went by and TechCrunch alerted Amber Group to two more security lapses. After the attention from the first report, a security researcher who saw the news of the first lapse found exposed private keys and passwords for JamCOVID’s servers and databases hidden on its website, and a third lapse that spilled quarantine orders for more than half a million travelers.

Amber Group and the government claimed it faced “cyberattacks, hacking and mischievous players.” In reality, the app was just not that secure.

Politically inconvenient

The security lapses come at a politically inconvenient time for the Jamaican government, as it attempts to launch a national identification system, or NIDS, for the second time. NIDS will store biographic data on Jamaican nationals, including their biometrics, such as their fingerprints.

The repeat effort comes two years after the government’s first law was struck down by Jamaica’s High Court as unconstitutional.

Critics have cited the JamCOVID security lapses as a reason to drop the proposed national database. A coalition of privacy and rights groups cited the recent issues with JamCOVID for why a national database is “potentially dangerous for Jamaicans’ privacy and security.” A spokesperson for Jamaica’s opposition party told local media that there “wasn’t much confidence in NIDS in the first place.”

It’s been more than a month since we published the first story and there are many unanswered questions, including how Amber Group secured the contract to build and run JamCOVID, how the cloud server became exposed, and if security testing was conducted before its launch.

TechCrunch emailed both the Jamaican prime minister’s office and Jamaica’s national security minister Matthew Samuda to ask how much, if anything, the government donated or paid to Amber Group to run JamCOVID and what security requirements, if any, were agreed upon for JamCOVID. We did not get a response.

Amber Group also has not said how much it has earned from its government contracts. Amber Group’s Savadia declined to disclose the value of the contracts to one local newspaper. Savadia did not respond to our emails with questions about its contracts.

Following the second security lapse, Jamaica’s opposition party demanded that the prime minister release the contracts that govern the agreement between the government and Amber Group. Prime Minister Andrew Holness said at a press conference that the public “should know” about government contracts but warned “legal hurdles” may prevent disclosure, such as for national security reasons or when “sensitive trade and commercial information” might be disclosed.

That came days after local newspaper The Jamaica Gleaner had a request to obtain contracts revealing the salaries state officials denied by the government under a legal clause that prevents the disclosure of an individual’s private affairs. Critics argue that taxpayers have a right to know how much government officials are paid from public funds.

Jamaica’s opposition party also asked what was done to notify victims.

Government minister Samuda initially downplayed the security lapse, claiming just 700 people were affected. We scoured social media for proof but found nothing. To date, we’ve found no evidence that the Jamaican government ever informed travelers of the security incident — either the hundreds of thousands of affected travelers whose information was exposed, or the 700 people that the government claimed it notified but has not publicly released.

TechCrunch emailed the minister to request a copy of the notice that the government allegedly sent to victims, but we did not receive a response. We also asked Amber Group and Jamaica’s prime minister’s office for comment. We did not hear back.

Many of the victims of the security lapse are from the United States. Neither of the two Americans we spoke to in our first report were notified of the breach.

Spokespeople for the attorneys general of New York and Florida, whose residents’ information was exposed, told TechCrunch that they had not heard from either the Jamaican government or the contractor, despite state laws requiring data breaches to be disclosed.

The reopening of Jamaica’s borders came at a cost. The island saw over a hundred new cases of COVID-19 in the month that followed, the majority arriving from the United States. From June to August, the number of new coronavirus cases went from tens to dozens to hundreds each day.

To date, Jamaica has reported over 39,500 cases and 600 deaths caused by the pandemic.

Prime Minister Holness reflected on the decision to reopen its borders last month in parliament to announce the country’s annual budget. He said the country’s economic decline last was “driven by a massive 70% contraction in our tourist industry.” More than 525,000 travelers — both residents and tourists — have arrived in Jamaica since the borders opened, Holness said, a figure slightly more than the number of travelers’ records found on the exposed JamCOVID server in February.

Holness defended reopening the country’s borders.

“Had we not done this the fall out in tourism revenues would have been 100% instead of 75%, there would be no recovery in employment, our balance of payment deficit would have worsened, overall government revenues would have been threatened, and there would be no argument to be made about spending more,” he said.

Both the Jamaican government and Amber Group benefited from opening the country’s borders. The government wanted to revive its falling economy, and Amber Group enriched its business with fresh government contracts. But neither paid enough attention to cybersecurity, and victims of their negligence deserve to know why.

Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more

#articles, #ceo, #contact-tracing, #contractor, #federal-bureau-of-investigation, #florida, #government, #health, #jamaica, #mass-surveillance, #mobile-applications, #new-york, #norway, #nso-group, #privacy, #securedrop, #security, #social-media, #software, #spokesperson, #technology, #united-states


It’s Time to Revisit the Satanic Panic

As the United States shifted with the anxieties of the 1980s, baseless conspiracy theories about satanic cults committing mass abuse spread around the country.

#child-abuse-and-neglect, #conspiracy-theories, #false-arrests-convictions-and-imprisonments, #federal-bureau-of-investigation, #mcmartin-preschool, #news-and-news-media, #nineteen-hundred-eighties, #occult-sciences, #rivera-geraldo, #sex-crimes


Biden Announces Actions to Combat Anti-Asian Attacks

“We can’t be silent in the face of rising violence against Asian Americans,” President Biden said after an assault on a woman in New York.

#asian-americans, #atlanta-spa-shootings-2021, #biden-joseph-r-jr, #domestic-violence, #federal-bureau-of-investigation, #hate-crimes, #health-and-human-services-department, #justice-department, #new-york-city, #united-states-politics-and-government


N.Y. Nursing Home Deaths: F.B.I. Investigating if Cuomo Aides Gave False Data

The inquiry has added to the legal pressure faced by Gov. Andrew Cuomo and his aides over the deaths of nursing home residents from Covid-19.

#coronavirus-2019-ncov, #cuomo-andrew-m, #derosa-melissa, #elder-care, #federal-bureau-of-investigation, #justice-department, #new-york-state, #nursing-homes


New Report Warns of Rising Threat of Domestic Terrorism

President Biden requested the intelligence community complete the assessment shortly after taking office, and his administration has made fighting domestic terrorism a priority.

#federal-bureau-of-investigation, #fringe-groups-and-movements, #homeland-security-department, #oath-keepers, #proud-boys, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #united-states-politics-and-government


Proud Boys Leaders in Four States Are Charged in Capitol Riot

Prosecutors accused prominent members of the far-right nationalist group of conspiring together in connection with the Jan. 6 attack.

#biggs-joseph-1984, #federal-bureau-of-investigation, #nordean-ethan, #proud-boys, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #trump-donald-j, #united-states-politics-and-government


Murder Rate Remains Elevated as New Crime Reporting System Begins

A new system will be a “leap forward,” but in the short term it may hurt the public’s ability to evaluate key trends during a volatile period.

#bureau-of-justice-statistics, #crime-and-criminals, #federal-bureau-of-investigation, #murders-attempted-murders-and-homicides, #united-states


US Murder Rate Remains Elevated as New Reporting System Begins

A new system will be a “leap forward,” but in the short term it may hurt the public’s ability to evaluate key trends during a volatile period.

#bureau-of-justice-statistics, #crime-and-criminals, #federal-bureau-of-investigation, #murders-attempted-murders-and-homicides, #united-states


White House Weighs New Cybersecurity Approach After Failure to Detect Hacks

The intelligence agencies missed massive intrusions by Russia and China, forcing the administration and Congress to look for solutions, including closer partnership with private industry.

#biden-joseph-r-jr, #central-intelligence-agency, #china, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #fireeye-inc, #house-of-representatives, #industrial-espionage, #microsoft-corp, #national-security-agency, #public-private-sector-cooperation, #russia, #senate, #solarwinds, #united-states-cyber-command, #united-states-defense-and-military-forces, #united-states-politics-and-government, #us-federal-government-data-breach-2020


Police Shrugged Off the Proud Boys, Until They Attacked the Capitol

Two Proud Boys accused of leading a mob to Congress followed a bloody path to get there. Law enforcement did little to stop them.

#biggs-joseph-1984, #demonstrations-protests-and-riots, #federal-bureau-of-investigation, #fringe-groups-and-movements, #jones-alex-1974, #mcinnes-gavin, #nordean-ethan, #pezzola-dominic, #police, #proud-boys, #right-wing-extremism-and-alt-right, #stone-roger-j-jr, #storming-of-the-us-capitol-jan-2021, #tarrio-enrique, #trump-donald-j


Hackers are exploiting vulnerable Exchange servers to drop ransomware, Microsoft says

Hackers are exploiting recently discovered vulnerabilities in Exchange email servers to drop ransomware, Microsoft has warned, a move that puts tens of thousands of email servers at risk of destructive attacks.

In a tweet late Thursday, the tech giant said it had detected the new kind of file-encrypting malware called DoejoCrypt — or DearCry — which uses the same four vulnerabilities that Microsoft linked to a new China-backed hacking group called Hafnium.

When chained together, the vulnerabilities allow a hacker to take full control of a vulnerable system.

Microsoft said Hafnium was the “primary” group exploiting these flaws, likely for espionage and intelligence gathering. But other security firms say they’ve seen other hacking groups exploit the same flaws. ESET said at least 10 groups are actively compromising Exchange servers.

Michael Gillespie, a ransomware expert who develops ransomware decryption tools, said many vulnerable Exchange servers in the U.S., Canada, and Australia had been infected with DearCry.

The new ransomware comes less than a day after a security researcher published proof-of-concept exploit code for the vulnerabilities to Microsoft-owned GitHub. The code was swiftly removed a short time later for violating the company’s policies.

Marcus Hutchins, a security researcher at Kryptos Logic, said in a tweet that the code worked, albeit with some fixes.

Threat intelligence company RiskIQ says it has detected over 82,000 vulnerable servers as of Thursday, but that the number is declining. The company said hundreds of servers belonging to banks and healthcare companies are still affected, as well as more than 150 servers in the U.S. federal government.

That’s a rapid drop compared to close to 400,000 vulnerable servers when Microsoft first disclosed the vulnerabilities on March 2, the company said.

Microsoft published security fixes last week, but the patches do not expel the hackers from already-breached servers. Both the FBI and CISA, the federal government’s cybersecurity advisory unit, have warned that the vulnerabilities present a major risk to businesses across the United States.

John Hultquist, vice president of analysis at FireEye’s Mandiant threat intelligence unit, said he anticipates more ransomware groups trying to cash in.

“Though many of the still unpatched organizations may have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by releasing stolen emails,” said Hultquist.

#australia, #canada, #computer-security, #cyberattack, #cybercrime, #cyberwarfare, #federal-bureau-of-investigation, #fireeye, #github, #healthcare, #malware, #mandiant, #marcus-hutchins, #microsoft, #ransomware, #riskiq, #security, #security-breaches, #united-states


Oath Keepers Founder Is Said to Be Investigated in Capitol Riot

The inquiry is in its early stages, an official cautioned, but prosecutors have begun laying out evidence in court papers.

#federal-bureau-of-investigation, #fringe-groups-and-movements, #justice-department, #meggs-kelly-1969, #oath-keepers, #rhodes-stewart-1966, #storming-of-the-us-capitol-jan-2021, #trump-donald-j, #united-states-politics-and-government, #watkins-jessica-marie


F.B.I. Finds Contact Between Proud Boys Member and Trump Associate Before Riot

A leader of the far-right group separately said he had been in touch with Roger Stone, but an official said it was not the same contact investigators found through electronic communications records.

#federal-bureau-of-investigation, #fringe-groups-and-movements, #proud-boys, #right-wing-extremism-and-alt-right, #stone-roger-j-jr, #storming-of-the-us-capitol-jan-2021, #treason-and-sedition, #trump-donald-j, #united-states-politics-and-government


FBI Finds Contact Between Proud Boys Member and Trump Associate Before Capitol Riot

A leader of the far-right group separately said he had been in touch with Roger Stone, but an official said it was not the same contact investigators found through electronic communications records.

#federal-bureau-of-investigation, #fringe-groups-and-movements, #proud-boys, #right-wing-extremism-and-alt-right, #stone-roger-j-jr, #storming-of-the-us-capitol-jan-2021, #treason-and-sedition, #trump-donald-j, #united-states-politics-and-government


Domestic Terrorism Threat Is ‘Metastasizing’ in U.S., F.B.I. Director Says

Christopher A. Wray condemned the Capitol riot and told the Senate Judiciary Committee that agents had opened 2,000 domestic terrorism inquiries in recent years.

#antifa-movement-us, #federal-bureau-of-investigation, #fringe-groups-and-movements, #justice-department, #neo-nazi-groups, #right-wing-extremism-and-alt-right, #senate-committee-on-the-judiciary, #storming-of-the-us-capitol-jan-2021, #terrorism, #trump-donald-j, #united-states-politics-and-government, #whites, #wray-christopher-a


Microsoft says China-backed hackers are exploiting Exchange zero-days

Microsoft is warning customers that a new China state-sponsored threat actor is exploiting four previously undisclosed security flaws in Exchange Server, an enterprise email product built by the software giant.

The technology company said Tuesday that it believes the hacking group, which it calls Hafnium, tries to steal information from a broad range of U.S.-based organizations, including law firms and defense contractors, but also infectious disease researchers and policy think tanks.

Microsoft said Hafnium used the four newly discovered security vulnerabilities to break into Exchange email servers running on company networks, granting the attackers to steal data from a victim’s organization — such as email accounts and address books — and the ability to plant malware. When used together, the four vulnerabilities create an attack chain that can compromise vulnerable servers running on-premise Exchange 2013 and later.

Hafnium operates out of China, but uses servers located in the U.S. to launch its attacks, the company said. Microsoft said that Hafnium was the only threat group it has detected using these four new vulnerabilities.

Microsoft declined to say how many successful attacks it had seen, but described the number as “limited.”

Patches to fix those four security vulnerabilities are now out, a week earlier than the company’s typical patching schedule, usually reserved for the second Tuesday in each month.

“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” said Tom Burt, Microsoft’s vice president for customer security.

The company said it has also briefed U.S. government agencies on its findings, but that the Hafnium attacks are not related to the SolarWinds-related espionage campaign against U.S. federal agencies. In the last days of the Trump administration, the National Security Agency and the FBI said that the SolarWinds campaign was “likely Russian in origin.”

#china, #computer-security, #computing, #cryptography, #cyberattack, #cybercrime, #cyberwarfare, #defense-contractors, #federal-bureau-of-investigation, #internet-security, #law-firms, #microsoft, #national-security-agency, #security, #software, #solarwinds, #technology, #threat, #trump-administration, #u-s-government, #united-states, #vulnerability


Sarah Lawrence Student Seen as Cult Victim Is Now Charged

Isabella Pollok was one of the students at Sarah Lawrence College who prosecutors said was exploited by a classmate’s father, Lawrence V. Ray. Now she is under indictment, too.

#federal-bureau-of-investigation, #human-trafficking, #nxivm, #psychology-and-psychologists, #raniere-keith, #ray-lawrence-v, #sarah-lawrence-college, #sex-crimes, #women-and-girls


F.B.I. Said to Have Singled Out Suspect in Brian Sicknick’s Death

The death of the officer, Brian Sicknick, after the Capitol riot has been a major focus for investigators scrutinizing the attack by a pro-Trump mob.

#attacks-on-police, #federal-bureau-of-investigation, #proud-boys, #sicknick-brian-d-1978-2021, #storming-of-the-us-capitol-jan-2021, #united-states-capitol-police, #united-states-politics-and-government


The Merit, Thrills, Boredom and Fear of Police Work

“Tangled Up in Blue,” by Rosa Brooks, and “We Own This City,” by Justin Fenton, take readers inside two police forces (in Washington and Baltimore) to examine a complicated culture.

#baltimore-md, #books-and-literature, #brooks-rosa, #federal-bureau-of-investigation, #fenton-justin, #metropolitan-police-department-dc, #police, #tangled-up-in-blue-policing-the-american-city-book, #washington-dc, #we-own-this-city-a-true-story-of-crime-cops-and-corruption-book


Justice Dept. Is Said to Be Examining Stone’s Possible Ties to Capitol Rioters

A full criminal investigation is far from certain, a person familiar with the inquiry said.

#amnesties-commutations-and-pardons, #federal-bureau-of-investigation, #justice-department, #oath-keepers, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #stone-roger-j-jr, #storming-of-the-us-capitol-jan-2021, #trump-donald-j


Trump Justice Department Sought to Block Search of Giuliani Records

Manhattan prosecutors had been prepared to seek a search warrant for electronic records related to powerful Ukrainians who had helped Rudolph Giuliani dig for dirt on the Biden family.

#biden-joseph-r-jr, #federal-bureau-of-investigation, #giuliani-rudolph-w, #justice-department, #trump-ukraine-whistle-blower-complaint-and-impeachment-inquiry, #united-states-attorneys, #united-states-politics-and-government


U.S. Will Examine Giving F.B.I. More Resources to Counter Domestic Extremism

The issue of violent extremist groups in the United States has come to the top of the agenda since a mob of far-right groups stormed the Capitol on Jan. 6.

#espionage-and-intelligence-services, #federal-bureau-of-investigation, #fringe-groups-and-movements, #office-of-the-director-of-national-intelligence, #presidential-election-of-2020, #terrorism


Muddled Intelligence Hampered Response to Capitol Riot

New details about what authorities anticipated on Jan. 6 highlight failures to grasp the degree of the threat from pro-Trump right-wing extremists.

#antifa-movement-us, #conspiracy-theories, #demonstrations-protests-and-riots, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #fringe-groups-and-movements, #homeland-security-department, #muslims-and-islam, #pittman-yogananda-d, #right-wing-extremism-and-alt-right, #security-and-warning-systems, #september-11-2001, #storming-of-the-us-capitol-jan-2021, #sund-steven-a, #terrorism, #trump-donald-j, #united-states-capitol-police, #united-states-politics-and-government, #whites


Justice Department Unveils Further Charges in Capitol Riot

Two men were charged with conspiracy and another with leading a mob of 100 people who stormed the building on Jan. 6.

#biden-joseph-r-jr, #biggs-joseph-1984, #decarlo-nicholas, #federal-bureau-of-investigation, #justice-department, #news-and-news-media, #nordean-ethan, #ochs-nicholas, #proud-boys, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #united-states-politics-and-government


Suspect in Killing of 2 Florida F.B.I. Agents Is Identified

As cases of online child sexual abuse explode, the F.B.I. is investigating the case of a Florida technology contractor who they said shot two agents serving a search warrant at his apartment.

#alfin-daniel-d-2021, #child-pornography, #federal-bureau-of-investigation, #florida, #schwartzenberger-laura, #sunrise-fla


Florida FBI Shooting: 2 Agents Killed While Serving Warrant in Sunrise

Three other agents were injured in a shooting that occurred as agents were executing a search warrant in Sunrise, west of Fort Lauderdale. The man being investigated was found dead.

#attacks-on-police, #federal-bureau-of-investigation, #murders-attempted-murders-and-homicides, #sunrise-fla


F.B.I. Agents Are Involved in Shooting in Florida

The shooting occurred as agents were serving a warrant in the city of Sunrise, west of Fort Lauderdale, the authorities said.

#crime-and-criminals, #federal-bureau-of-investigation, #florida, #sunrise-fla


He Threatened Pelosi. Agents Didn’t Wait to See if He Really Meant It.

After a “9/11 moment,” federal authorities have begun arresting people for domestic threats they might have just monitored in the past.

#computers-and-the-internet, #cyberharassment, #demonstrations-protests-and-riots, #federal-bureau-of-investigation, #fringe-groups-and-movements, #oath-keepers, #proud-boys, #social-media, #storming-of-the-us-capitol-jan-2021, #threats-and-threatening-messages, #three-percenters, #united-states, #united-states-politics-and-government


How Trump’s Focus on Antifa Distracted Attention From the Far-Right Threat

Federal law enforcement shifted resources last year in response to Donald Trump’s insistence that the radical left endangered the country. Meanwhile, right-wing extremism was building ominously.

#antifa-movement-us, #barr-william-p, #boogaloo-movement, #cuccinelli-kenneth-t-ii, #demonstrations-protests-and-riots, #federal-bureau-of-investigation, #fringe-groups-and-movements, #george-floyd-protests-2020, #homeland-security-department, #horowitz-michael-e, #justice-department, #murphy-brian-j, #oath-keepers, #presidential-election-of-2020, #proud-boys, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #tarrio-enrique, #trump-donald-j, #united-states-politics-and-government, #wolf-chad-f, #wolverine-watchmen, #wray-christopher-a


Kevin Clinesmith, Ex-F.B.I. Lawyer, Is Sentenced to Probation

A judge rebuffed a request by prosecutors to impose a prison sentence on Kevin Clinesmith, who admitted doctoring an email used to help authorize a wiretap on a former Trump campaign aide.

#barr-william-p, #boasberg-james-e, #central-intelligence-agency, #clinesmith-kevin, #durham-john-h, #federal-bureau-of-investigation, #foreign-intelligence-surveillance-court, #justice-department, #page-carter, #presidential-election-of-2016, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #surveillance-of-citizens-by-government, #trump-donald-j, #united-states-politics-and-government, #wiretapping-and-other-eavesdropping-devices-and-methods


Proud Boys Leader Secretly Cooperated With F.B.I. and Police

Enrique Tarrio, the chairman of the far-right nationalist group, which is under increasing scrutiny for its role in the Capitol riot, helped to convict more than a dozen people.

#federal-bureau-of-investigation, #florida, #proud-boys, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #tarrio-enrique


Son Tipped Off F.B.I. About His Father, Who Is Charged in Capitol Riot

“I put my emotions behind me to do what I thought was right,” said Jackson Reffitt, who weeks before the siege alerted the F.B.I. that his father was planning “something big.”

#bryan-tex, #cnn, #federal-bureau-of-investigation, #guy-reffitt, #jackson-reffitt, #right-wing-extremism-and-alt-right, #storming-of-the-us-capitol-jan-2021, #threats-and-threatening-messages


Hank Aaron Interview: ‘I Recognized That I Had a Gift’

No matter what happened in America, his greatness still shone.

#aaron-hank, #atlanta-ga, #atlanta-braves, #baseball, #black-people, #carter-jimmy, #civil-rights-movement-1954-68, #discrimination, #federal-bureau-of-investigation, #king-martin-luther-jr, #milwaukee-braves, #negro-league


For Prosecutors, Trump’s Clemency Decisions Were a ‘Kick in the Teeth’

Commutations in high-profile Medicare fraud cases have elicited anger among those who spent years pursuing complex prosecutions.

#amnesties-commutations-and-pardons, #dershowitz-alan-m, #esformes-philip-1968, #federal-bureau-of-investigation, #frauds-and-swindling, #health-and-human-services-department, #johnson-alice-marie, #justice-department, #kardashian-kim, #medicare, #melgen-salomon-e, #negron-judith, #trump-donald-j, #united-states-politics-and-government


F.B.I. Launches Investigation into Capitol Riot Conspiracy Charges

An initial wave of arrests was based on news accounts and social media. Proving a conspiracy could be a lot tougher.

#caldwell-thomas-edward, #crowl-donovan, #demonstrations-protests-and-riots, #federal-bureau-of-investigation, #oath-keepers, #proud-boys, #right-wing-extremism-and-alt-right, #social-media, #storming-of-the-us-capitol-jan-2021, #treason-and-sedition, #united-states-politics-and-government, #washington-dc, #watkins-jessica


Man Accused of Beating Officer With Hockey Stick in Capitol Riot Is Arrested

The arrest is the latest in a growing number of prosecutions against people accused of attacking law enforcement officials in the storming of the Capitol.

#assaults, #attacks-on-police, #federal-bureau-of-investigation, #storming-of-the-us-capitol-jan-2021, #united-states-politics-and-government, #video-recordings-downloads-and-streaming, #washington-dc


In Trump’s Pardons, Disdain for Accountability

President Donald J. Trump’s clemency actions underscored his animosity toward a justice system seeking to punish corruption and betrayals of public trust.

#amnesties-commutations-and-pardons, #broidy-elliott, #federal-bureau-of-investigation, #fitzgerald-patrick-j, #giorno-karen, #hunter-duncan-d-1976, #kilpatrick-kwame-m, #kiriakou-john-c, #manafort-paul-j, #presidential-election-of-2016, #presidential-election-of-2020, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #stockman-steve, #trump-donald-j, #united-states-politics-and-government


Oath Keeper Suspects Charged With Conspiracy

While most arrests in the Capitol riot have been individuals, new charges accused three people tied to a right-wing militia of conspiring to commit violence.

#federal-bureau-of-investigation, #fringe-groups-and-movements, #oath-keepers, #ohio, #storming-of-the-us-capitol-jan-2021, #trump-donald-j, #united-states-politics-and-government, #virginia