Connect with us

Cyber Security

Nuclear Bot Author Arrested in Sextortion Case

Avatar

Published

on

Last summer, a wave of sextortion emails began flooding inboxes around the world. The spammers behind this scheme claimed they’d hacked your computer and recorded videos of you watching porn, and promised to release the embarrassing footage to all your contacts unless a bitcoin demand was paid. Now, French authorities say they’ve charged two men they believe are responsible for masterminding this scam. One of them is a 21-year-old hacker interviewed by KrebsOnSecurity in 2017 who openly admitted to authoring a banking trojan called “Nuclear Bot.”

On Dec. 15, the French news daily Le Parisien published a report stating that French authorities had arrested and charged two men in the sextortion scheme. The story doesn’t name either individual, but rather refers to one of the accused only by the pseudonym “Antoine I.,” noting that his first had been changed (presumably to protect his identity because he hasn’t yet been convicted of a crime).

“According to sources close to the investigation, Antoine I. surrendered to the French authorities at the beginning of the month, after being hunted down all over Europe,” the story notes. “The young Frenchman, who lived between Ukraine, Poland and the Baltic countries, was indicted on 6 December for ‘extortion by organized gang, fraudulent access to a data processing system and money laundering.’ He was placed in pre-trial detention.”

According to Le Parisien, Antoine I. admitted to being the inventor of the initial 2018 sextortion scam, which was subsequently imitated by countless other ne’er-do-wells. The story says the two men deployed malware to compromise at least 2,000 computers that were used to blast out the sextortion emails.

While that story is light on details about the identities of the accused, an earlier version of it published Dec. 14 includes more helpful clues. The Dec. 14 piece said Antoine I. had been interviewed by KrebsOnSecurity in April 2017, where he boasted about having created Nuclear Bot, a malware strain designed to steal banking credentials from victims.

My April 2017 exposé featured an interview with Augustin Inzirillo, a young man who came across as deeply conflicted about his chosen career path. That path became traceable after he released the computer code for Nuclear Bot on GitHub. Inzirillo outed himself by defending the sophistication of his malware after it was ridiculed by both security researchers and denizens of the cybercrime underground, where copies of the code wound up for sale. From that story:

“It was a big mistake, because now I know people will reuse my code to steal money from other people,” Inzirillo told KrebsOnSecurity in an online chat.

Inzirillo released the code on GitHub with a short note explaining his motivations, and included a contact email address at a domain (inzirillo.com) set up long ago by his father, Daniel Inzirillo.

KrebsOnSecurity also reached out to Daniel, and heard back from him roughly an hour before Augustin replied to requests for an interview. Inzirillo the elder said his son used the family domain name in his source code release as part of a misguided attempt to impress him.

“He didn’t do it for money,” said Daniel Inzirillo, whose CV shows he has built an impressive career in computer programming and working for various financial institutions. “He did it to spite all the cyber shitheads. The idea was that they wouldn’t be able to sell his software anymore because it was now free for grabs.”

If Augustin Inzirillo ever did truly desire to change his ways, it wasn’t clear from his apparent actions last summer: The Le Parisien story says the sextortion scams netted the Frenchman and his co-conspirator at least a million Euros.

In August 2018, KrebsOnSecurity was contacted by a researcher working with French authorities on the investigation who said he suspected the young man was bragging on Twitter that he used a custom version of Nuclear Bot dubbed “TinyNuke” to steal funds from customers of French and Polish banks.

The source said this individual used the now-defunct Twitter account @tiny_gang1 to taunt French authorities, while showing off a fan of 100-Euro notes allegedly gained from his illicit activities (see image above). It seemed to the source that Inzirillo wanted to get caught, because at one point @tiny_gang1 even privately shared a copy of Inzirillo’s French passport to prove his identity and accomplishments to the researcher.

“He modified the Tinynuke’s config several times, and we saw numerous modifications in the malware code too,” the source said. “We tried to compare his samples with the leaked code available on GitHub and we noticed that the guy actually was using a more advanced version with features that don’t exist in the publicly available repositories. As an example, custom samples have video recording functionality, socks proxy and other features. So the guy clearly improved the source code and recompiled a new version for every new campaign.”

The source said the person behind the @tiny_gang Twitter account attacked French targets with custom versions of TinyNuke in one to three campaigns per week earlier this year, harvesting French bank accounts and laundering the stolen funds via a money mule network based mostly in the United Kingdom.

“If the guy behind this campaign is the malware author, it could easily explain the modifications happening with the malware, and his French is pretty good,” the researcher told KrebsOnSecurity. “He’s really provocative and I think he wants to be arrested in France because it could be a good way to become famous and maybe prove that his malware works (to resell it after?).”

The source said the TinyNuke author threatened him with physical harm after the researcher insulted his intelligence while trying to goad him into disclosing more details about his cybercrime activities.

“The guy has a serious ego problem,” the researcher said. “He likes when we talk about him and he hates when we mock him. He got really angry as time went by and started personally threatening me. In the last [TinyNuke malware configuration file] targeting Poland we found a long message dedicated to me with clear physical threats.”

All of the above is consistent with the findings detailed in the Le Parisien report, which quoted French investigators saying Antoine I. in October 2019 used a now-deleted Twitter account to taunt the authorities into looking for him. In one such post, he included a picture of himself holding a beer, saying: “On the train to Naples. You should send me a registered letter instead of threatening guys informally.”

The Le Parisien story also said Antoine I. threatened a researcher working with French authorities on the investigation (the researcher is referred to pseudonymously as “Marc”).

“I make a lot more money than you, I am younger, more intelligent,” Antoine I. reportedly wrote in July 2018 to Marc. “If you do not stop playing with me, I will put a bullet in your head. ”

French authorities say the defendant managed his extortion operations while traveling throughout Ukraine and other parts of Eastern Europe. But at some point he decided to return home to France, despite knowing investigators there were hunting him. According to Le Parisien, he told the French authorities he wanted to cooperate in the investigation and that he no longer wished to live like a fugitive.

Tags: Augustin Inzirillo, LeParisien, Nuclear Bot, sextortion, TinyNuke

Republished from https://krebsonsecurity.com/2019/12/nuclear-bot-author-arrested-in-sextortion-case/

Cyber Security

Qualcomm Chip Bug Opens Android Fans to Eavesdropping

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/qualcomm-chip-bug-android-eavesdropping/165934/

Continue Reading

Cyber Security

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/

Continue Reading

Cyber Security

Ryuk Ransomware Attack Sprung by Frugal Student

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/ryuk-ransomware-attack-student/165918/

Continue Reading

Cyber Security

Hide Internet Activity At Work

Avatar

Published

on

How to hide your internet activities from your employer?

Table of Contents

How to hide your internet activities from your employer?

The Internet has evolved into such a public space that not only hackers or governments, but also employers, snoop on internet activity. Without your awareness, companies may monitor your internet use, and the free browsing time you have at work can no longer feel private. Even though your entire web browsing history can be monitored at work, there is a way to keep your internet activities secret from your boss. But first, let’s take a look at how and what your boss may be keeping track of.

Why employers monitor their employees’ internet activity?

The majority of employers keep track of their workers’ internet use for a reason. Compliance with security legislation is one rational reason why monitoring is used. These regulations require businesses (mostly financial institutions or government-related organizations) to control all of their internal networks to avoid fraud and hacking, as well as to be able to track down a problem if one arises.

Another factor, which may be obsolete in today’s world but remains, is their employees’ lack of confidence. Companies monitor software and internet use, as well as active and idle hours, to determine employee productivity. They keep track of how much time you spend online, what websites you visit, and what files you download, which doesn’t feel safe or private in any situation.

How employers can monitor employee internet activity?

Employee internet activity can be tracked in a variety of ways, one of which is functioning as a man-in-the-middle. The employer’s network can be set up so that all internet traffic is routed through a rogue proxy that can intercept any traffic and read its contents. A network administrator who can access the server either remotely or physically can view all internet traffic on the employer’s network. The router or proxy server may be inside a company building or in the data center.

Without a VPN, an employer will serve as a middleman and monitor all internet traffic on the network.

On the man-in-the-middle server that the employer owns, all internet activity can be seen – when you connected to what website, did you stream any videos, play a game, or download a file – all is recorded.

Companies that do not have an IT department or resources devoted to tracking their employees’ online activities have made contracts with their Internet Service Provider, who serves as a man-in-the-middle and reports on the online activities conducted via the company’s network regularly. IP addresses, link times, websites or files downloaded, and other data are all visible to an ISP.

Knowing that your personal data can be monitored and used by your employer makes you feel uneasy, but there is a way to mask your internet surfing at work.

How to hide internet activity from employers?

While your employer will track your internet usage and see which websites you visit, using a VPN is a good way to mask your online activities. When you use a VPN, all of your internet activity is encrypted, and the only information that your boss can see is the IP address of the VPN server and gibberish that is difficult to crack. NordVPN is a VPN that uses the best AES-256 bit encryption. It does not hold any records or personally identifying information, and it protects you from someone attempting to eavesdrop on your communications.

The way it works is that when you use a VPN, all of your internet traffic is routed through an encrypted VPN tunnel to the VPN server. This way, the boss and ISP can’t see what websites you visit or what files you download. Using the man-in-the-middle method to see inside the encrypted VPN tube, the employer can only see gibberish details, making it difficult to figure out where you’re trying to communicate online. It just indicates your link to the VPN server’s IP address, rather than your connection to specific websites.

With VPN employer can not see what is inside a strongly encrypted VPN tunnel

VPN hides your online activities from your employer in real-time but you also must take into consideration that your browsing history can be accessible later on your device.

How to bypass administrator rights requirement when installing?

Installing VPN software, especially on a work machine, can necessitate administrator privileges, which you may not have. Fortunately, using a VPN Chrome plugin (which also works for Firefox!) is a simple way to mask your online activities. It is only intended to run on browsers and does not require administrative privileges to install.

How to hide your browsing history from your employer?

A VPN masks your browsing history only on the router or server, keeping your internet activity secret from your boss. You should be aware that browsing history files are stored locally on your computer, and your employer can ask you to show them if they are truly interested.

Combining a VPN and an incognito window is the best way to keep your browsing history secret from your boss. When you close an incognito browser, it will erase all of your browsing history files and cookies. Any browser has an incognito window, which is ideal for keeping your browsing history clean at all times.

Does a work VPN expose my home network when working remotely

Many businesses use a VPN to securely access their services from a distance. What do you do if your boss has already built a VPN for you?

When you use a work VPN, all of your traffic from that computer is decrypted at the company’s servers, and your employer can see all of the websites you visit. The boss, on the other hand, cannot reach your local home network. All other browsing data on other devices is kept private, however, your ISP will be able to see it.

By simply disconnecting from the work VPN, your internet traffic will be routed back to your normal ISP. However, instead of an employer, your ISP now has access to all of your browsing data, and your privacy is compromised.

Best VPNs that would keep things private from your employer

NordVPN

NordVPN is a VPN industry leader, offering lightning-fast speeds across all of its 5600+ servers in 60+ countries. CyberSec, an ad-blocking and malware-protection feature prevent you from accessing compromised pages and protects you from online monitoring.

With double VPN servers and solid next-generation unbreakable encryption, it supports P2P/torrenting traffic with fast download speeds. It also unblocks Netflix and other streaming channels, making it an excellent option for those who enjoy watching movies and TV shows online.

NordVPN has a strict no-log policy and is available on all platforms (including browser extensions). It is the most comprehensive VPN on the market, with reasonable prices and a 30-day money-back guarantee.

    • 5200+ global servers in 59+ countries
    • CyberSec malware and ad-blocking protection
    • Next-generation encryption with double VPN servers
    • Obfuscation technology that masks VPN traffic
    • Strict no-logs policy
    • Works with Netflix and good for streaming
    • Lightning-fast with P2P support
    • 30-day money-back guarantee

Surfshark

Surfhsark is one of the most user-friendly and cost-effective VPNs available. It keeps no logs and has over 1700 servers in 63 different countries.

Since all of the apps use solid AES-256 encryption, neither your boss nor your ISP will be able to see what you do online. CleanWeb technology, which can block unwanted advertisements and trackers, is also included in the service.

Surfshark will unblock 15 Netflix libraries around the world, as well as Hulu, BBC iPlayer, Hotstar, and Disney+.

It also helps you to connect an infinite number of devices to the same account.

Both servers are P2P-friendly and torrenting is perfectly hidden from ISPs. VPN browser extensions for Chrome and Firefox are also available.

All of Surfhsark’s plans come with a 30-day money-back guarantee. You can currently get a 2-year contract for only $1.99 per month.

3200+ global servers in 60+ countries

    • CleanWeb ad-blocking feature
    • Secure and strong encryption with OpenVPN
    • Whitelist, Multi-hop VPN and kill switch
    • No-logs policy
    • Works with Netflix and good for streaming
    • Great speeds
    • 30-day money-back guarantee

ExpressVPN

ExpressVPN is one of the most private VPN services available. It was openly audited and found to have no logs. Its server network spans more than 160 locations around the world.

This VPN provider uses RAM for all of its servers, in addition to an Internet Kill Switch and best-in-class encryption algorithms. This means that when the server is restarted, all data is removed. This guarantees complete privacy and keeps the employer in the dark.

ExpressVPN is excellent for unblocking streaming services and other restricted content in countries where they are available. It completely supports and hides torrenting, and it downloads files at lightning speeds.

This VPN service offers applications for all major platforms as well as VPN plugins for Chrome and Firefox. However, administrator privileges are needed to use the extensions because they require a VPN app to function.

All ExpressVPN plans come with a 30-day money-back guarantee.

    • 160+ locations and 3000+ servers
    • Strict No-Log policy
    • Unlimited streaming (Netflix, Hulu, BBC iPlayer)
    • Strong military-grade AES 256-bit key encryption
    • Kill Switch, Split tunneling, and RAM-disk servers
    • 30-day money-back guarantee
    • Windows, macOS, iOS, Android, and Linux support
    • Fast speeds and reliable connections

Final thoughts

Using a VPN with strong and unbreakable encryption, such as NordVPN, will allow you to keep your online browsing at work private and hidden from your boss. It makes it difficult to see the contents of your internet traffic and covers the websites and files you download from your boss. The easiest way to keep your online habits secret from your boss is to use it in conjunction with an incognito window that deletes your browsing history on your browser until locked.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://cybersguards.com/hide-internet-activity-at-work/

Continue Reading
AR/VR16 mins ago

Demeo Is A VR Tabletop Dungeon Crawler And It’s AWESOME

Esports17 mins ago

Fortnite Console Champions Cup to Start May 14

Esports21 mins ago

Nintendo spent $880 million on research and development last year, mentions next platform after Switch

Energy23 mins ago

Battle North Gold Reports First Quarter 2021 Financial Results and Reminds Shareholders of Annual and Special Meeting of Shareholder Proxy Voting Deadline

Energy23 mins ago

ISS and Glass Lewis Support the Plan of Arrangement Between Battle North Gold Corporation and Evolution Mining Limited

Esports23 mins ago

MTG tabletop sanctioned play returns to US at end of May

Esports23 mins ago

MTG Arena heats up with Historic Anthology V, Mirror, Mirror, and Jumpstart events

Esports24 mins ago

Counterspell, Sanctum Prelate will be reprinted in Modern Horizons 2

Esports24 mins ago

Modern Horizons 2 brings new cards directly to MTG Modern on June 18

Blockchain34 mins ago

Major Law Firm CMS Adds Stratis (STRAX) to its Legal Accelerator Program

Blockchain34 mins ago

Moma Protocol Completes $2.25M Round to Create Infinite Liquidity for DeFi Lending Markets

Blockchain35 mins ago

Moma Protocol Completes $2.25M Round to Create Infinite Liquidity for DeFi Lending Markets

Blockchain35 mins ago

KnitFinance Raises $1M in a Round Led by Leading Blockchain Investors

Blockchain35 mins ago

KnitFinance Raises $1M in a Round Led by Leading Blockchain Investors

Blockchain36 mins ago

Bitcoin Has No Existential Threats, Says Michael Saylor

Blockchain36 mins ago

Bitcoin Has No Existential Threats, Says Michael Saylor

Blockchain36 mins ago

South America’s Largest E-Commerce Company Adds $7.8M Worth of Bitcoin to its Balance Sheet

Blockchain36 mins ago

South America’s Largest E-Commerce Company Adds $7.8M Worth of Bitcoin to its Balance Sheet

Blockchain36 mins ago

Cardano (ADA) Staking Live on the US-Based Kraken Exchange

Blockchain36 mins ago

Moma Protocol Completes $2.25M Round to Create Infinite Liquidity for DeFi Lending Markets

Energy37 mins ago

Pembina Pipeline Corporation Declares Common Share Dividend

Blockchain37 mins ago

KnitFinance Raises $1M in a Round Led by Leading Blockchain Investors

Blockchain38 mins ago

Bitcoin Has No Existential Threats, Says Michael Saylor

Energy38 mins ago

Pembina Pipeline Corporation Reports Results for the First Quarter 2021 and Provides Business Update

Blockchain38 mins ago

South America’s Largest E-Commerce Company Adds $7.8M Worth of Bitcoin to its Balance Sheet

Blockchain38 mins ago

Cardano (ADA) Staking Live on the US-Based Kraken Exchange

Energy42 mins ago

Borr Drilling Limited – 2021 Annual General Meeting

Blockchain44 mins ago

Mining Bitcoin: How to Mine Bitcoin

AI48 mins ago

Data Science is Where to Find the Most AI Jobs and Highest Salaries

Blockchain50 mins ago

IRS wins court approval to serve Kraken with a request for customer information

Trending