Suspect In The UK Told To Decrypt His Devices For The US

Apple vs the FBI may be over but that doesn’t mean the question about decryption and the law is over. In the most recent case to catch our ears a suspect from the UK being asked to decrypt his devices for the US authorities.

Lauri Love is a British computer scientist, who is a suspect in the breach of US government networks, which are claimed to have caused “millions of dollars in damage”. After being initially arrested in 2013, and then released, Love was re-arrested back in 2015 and is facing extradition to the US for the suspected crime. While he has not been charged with any crimes, Love has been asked as part of a Section 49 RIPA notice (doesn’t sound that bad does it?) to decrypt his devices by providing them with the passwords and keys required to unlock his devices.

With his devices confiscated, something that Love is now fighting in a counter-sue in civil court, the authorities want to access the data on his devices which include, a Samsung Laptop, a Fujitsu Siemens laptop, a Compaq computer tower, an SD card and a Western Digital hard drive. Alongside this, the National Crime Authority, the UK branch that has demanded the devices be decrypted, are interested in files located on the SD card and external drive that are encrypted using TrueCrypt.

What is most worrying is that if Love was to provide the keys, and this evidence is used against him in the US, then it would breach his fifth amendment rights within the US. The fifth amendment can be described as allowing someone to present evidence against themselves, meaning that you can’t be forced to prove your guilt, by unlocking a computer for example.

In his argument, Love states that “the NCA are effectively arguing that any information that cannot be read and comprehended by the police has a presumption of guilt”. An argument that if extended to other circumstances, could be seen as worrying for any groups that share information and protect journalists, whistleblowers and anyone within the legal profession.

NCA Website Temporarily Taken Offline by Lizard Squad DDOS Revenge Attack

The National Crime Agency is a UK body which tackles online cyber attacks and recently arrested 6 people for using Lizard Squad’s DDOS tool. In an act of retaliation, the hacking group conducted a DDOS attack on the NCA website. The team mockingly used the NCA’s logo in a Twitter post and publicly announced the DDOS attack. An NCA spokesperson said about the incident:

“The NCA website is an attractive target. Attacks on it are a fact of life. DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability. At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly.”

Hacking via a DDOS method doesn’t usually result in long-term chaos and the majority of sites can be up and running within 1-2 hours. Of course, this greatly depends on the scale and complexity of each hacking attempt. The NCA spokesperson emphasized this and argued:

“The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate.”

However, Dave Larson, CTO at Corero Network Security explained the more sinister impact of DDOS attacks on network infrastructure:

“The recent reports indicating that the National Crime Agency website has been taken offline by DDoS attack, seemingly by the increasingly popular DDoS-for-hire site, Lizard Stresser is a classic example of cyber-warfare taking aim in retaliation of the recent arrests of individuals associated with the service.  

“DDoS attacks can be a nuisance, cause temporary or long term service disruptions, and take down IT security infrastructure in any organization. What is even more distributing is the potential for even greater damage in the form of smokescreen diversions allowing hackers to run additional attacks aimed at breaching sensitive data and further impacting operations.

“DDoS mitigation strategies must be viewed as more than just protecting your website, it is protecting the business, your intellectual property and your customers.” 

In my opinion, this particular hack was nothing more than an inconvenience and predatory response to the 6 arrests. Arguably, Lizard Squad hopes this sends a warning message out to government bodies trying to infiltrate the group and arrest its leading members. Personally, I feel this is more of a PR stunt and not a valid attempt to make the NCA’s website inoperable.

What do you think of Lizard Squad?

https://twitter.com/LizardLands/status/638617494702399488

Thank you The Register for providing us with this information.

UK National Crime Agency Arrests Five in Cybercrime Sweep, While Threats Continue

As part of an international operation targeting cybercriminals using remote access tools (RATs) to hijack computers, five people were arrested in the UK. There is an international effort to promote cybersecurity for both consumers and businesses, along with trying to crack down against cybercriminals.

The National Crime Agency (NCA) arrested the five suspects on Nov. 19 and Nov. 20, with a 20-year-old, one 30-year-old, two 33-year-olds, and a 40-year-old suspect detained in the national sweep.

Here is what Andy Archibald, director of the NCA’s National Cyber Crime Unit, said (via press statement):

“This operation demonstrates once again that all of UK law enforcement is working to respond effectively to cyber crime, and together we will continue to collaboratively target those who use technology to misuse other people’s devices, steal their money, or unlawfully access confidential information. Anyone who is tempted to get involved in this type of crime should understand that it can result in prison time, and substantial restrictions on your life afterwards.”

The first layer of protection against installing RAT software, and malware, is to be careful when clicking on links and attachments in emails – or while browsing the Internet. However, cyberattacks are increasing in sophistication, as the criminals behind these operations perfect their craft, with serious money available to them when successful.

Peter Goodman, from the East Midlands Deputy Chief Constable, had this to say:

“Cybercriminals are using very sophisticated technology to breach online security systems and to conceal their digital tracks. However, the police forces in the UK and overseas have the expertise to identify and disrupt those who are determined to access computers in order to steal data or to commit serious offences, wherever they are in the world.”

(Thank you to the NCA for providing us with this information. Image courtesy of NCA Twitter)

UK National Crime Agency Disrupts ‘Shylock’ Malware

Distribution of the “Shylock” malware has been disrupted by the UK National Crime Agency (NCA), in an effort to prevent a growing number of users from being compromised.

The Shylock malware reportedly infected more than 30,000 PCs across the world, with a specific focus on targeting bank accounts of UK residents.  Shylock, which included Shakespeare’s The Merchant of Venice passages hidden within its code, targeted PCs running Microsoft Windows.

The NCA confiscated servers responsible for distributing the malware – and the malware was able to steal banking login credentials.  Shylock could also capture data entered on select websites, and then upload it back to its home servers.

Here is what Andy Archibald, NCA’s National Cyber Crime Unit deputy director, said in a statement announcing the police operation:

“This phase of activity is intended to have a significant effect on the Shylock infrastructure and demonstrates how we are using partnerships across sectors and across national boundaries to cut cybercrime impacting the UK.  We continue to urge everybody to ensure their operating systems and security software are up to date.”

At the very least, security experts recommend users update their PCs and mobile OSes with the latest security updates, along with running anti-virus and anti-malware software.  Also, end-users need to be aware of clever phishing attacks using social engineering to trick them into clicking fraudulent links or downloading malicious programs.

Thank you to The Guardian for providing us with this information

Image courtesy of Getty Images

UK’s National Crime Agency Gives Two-Weeks Notice Regarding GoZeuS and CryptoLocker

The UK National Crime Agency warns the public to take advantage of a two-week notice in order to protect themselves from two major malware roaming the internet, the GoZeuS and CryptoLocker, which are responsible for transferring cash from online accounts and holding personal data for ransom.

The NCA stated that the alert is the most largest industry and law enforcement collaborations to this date and that the FBI’s involvement in several countries has weakened the global network of infected computers, meaning that the notice and prevention ahead of the malware activity can help diminish the infection chance.

GoZeuS, also known as P2PZeuS or Gameover ZeuS, and CryptoLocker are said to target all versions of Windows operating systems, including the ones running in virtual environment, servers or embedded versions. The agency also states that the malware is responsible for transferring hundreds of millions of pounds around the world.

In the case where GoZeuS cannot transfer significant amounts of money from a personal computer, it is said that CryptoLocker is called as a back-up plan, locking the user’s personal data and holding it for ransom, currently price at 1 Bitcoin. The recent estimate of infected systems is said to be at 15,500 PCs in the UK alone.

The infection is said to occur by clicking fake links or attachments in e-mail sent by people in the contact book who have already been infected by the malware. The NCA recommends users to always keep their software up to date and check their computers for infection using antivirus software.

Thank you TheNextWeb for providing us with this information
Image courtesy of TheNextWeb

National Crime Agency At War With Tor Network

Head of the NCA’s National Cyber Crime Unit, Andy Archibald has spoken out about their war on digital crime, especially that which takes place on the Tor Network. NCA is pretty new here in the UK, effectively the UK equivalent of the FBI and they’ve already proven they can effectively take down a site and make arrests on the Tor network, as we’ve seen last week with this closure of The Silk Road drug market place, which has led to multiple arrests around the world.

“You may think that you can operate anonymously online and have the security of Tor to conduct your business but you can’t. We have demonstrated from a law enforcement perspective that we can operate in that environment, we can recover intelligence and evidence in that environment, we can take action in that environment, and that has led to arrests right across the world.”

The Tor network promises the keep your location and identity private while browsing, it does this by heavily encrypting your connection several time and by bouncing that signal over several random servers around the world. This makes it difficult for you to be tracked, but it doesn’t make it impossible.

The NSA tacking this service is a big deal as the services has quickly become a home to everything from gun trafficking, drugs and indecent images. There are legitimate users on the service, but that hardly washes over the big issues.

“We recognise that there are some benefits in terms of Tor – the government and others would point out that in some countries there is a benefit to be able to communicate securely, and we wouldn’t want to interfere with that, but where criminals are using Tor to conduct their business, that’s the bit we’re interested in – we’re not interested in those who use the Tor for perfectly legitimate purposes, it’s for those who are using it to conduct and do criminal business and criminal activity.”

Things are changing quick in regards to the NCA and the Tor network, I imagine we’ll be hearing much more of both in the coming weeks and months.

Thank you Telegraph for providing us with this information.