Category: The Authorities

Teenage Hacker Jailed

Adam Mudd has been jailed for two years for setting up a computer hacking business that caused chaos worldwide.

At 16 he created the Titanium Stresser program, which can be used to attack websites by flooding them with requests until the website crashes. This was used in more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft.

He earned £400,000 in US dollars and bitcoins from selling the program to cybercriminals.

Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. He said that the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.”

The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money.

Mudd admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard.

On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils.

There were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses, of which more than 52,000 were in the UK.

He developed the distributed denial of service, or DDoS, software from his bedroom, and started selling it to criminals when he was at school aged 16.

At his sentencing hearing, the court heard the Titanium Stresser programme had 112,298 registered users.

One hacker can cause a great deal of damage intentionally or otherwise and there appears to be a community of hackers sharing knowledge and software.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

General Data Protection Regulation

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws and there is the complication that often data is held in more than one country.

The General Data Protection Regulation (GDPR)  comes into force in May 2018. It is an EU regulation and takes effect in the UK regardless of the BREXIT situation.

With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.

Who does the GDPR apply to?

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

It  does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

It applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (DPA) – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach.

However, if you are a ‘controller’, there are still obligations where a ‘processor’ is involved – it places further obligations on you to ensure your contracts with processors comply with the GDPR.

Does the GDPR apply to Personal Data?

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc., the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.

 

Basically, if you are subject to the DPA then you need to plan to ensure compliance with the GDPR .

More information available at http://www.eugdpr.org/

Post Office Tears Up Scam letters

The Royal Mail has promised to destroy millions of letters sent by scammers. Also, where the Post Office believes letters are carrying money from UK citizens to scammers, they will be impounded and checked.

The Royal Mail makes a lot of money delivering “Marketing” letters of course so it’s not surprising they haven’t wanted to take action to stop the flood of scam letters included in that. The scammers were even able to use Royal Mail bulk mail contracts and have Royal Mail stamped on the envelopes.    This gave the letters a ‘trust’ factor.

However, pressure from newspapers, complaints and a word from the Prime Minister have brought about a change of heart and Royal Mail have introduced a new code of practice with all suppliers that lets them open letters they believe are scams.

Campaigner and broadcaster Esther Rantzen who has investigated postal fraud in the past said “I’m delighted Royal Mail is taking action to stamp out these appalling crimes against the most vulnerable people.  I’ve been horrified by the number of elderly people who’ve been victims of these fraudsters”.

Also, Royal Mail have said they will stop letters being sent to known scammers and where cash is involved – return it to the victim.

Royal Mail will also contact any homes they suspect of being targeted by scammers and will send warnings by recorded delivery to ensure they get to the intended recipient.

Good for Royal Mail and about time too.

To complain to the Riyal Mail about scam letters, emails or calls you have three choices

By post:              FREEPOST SCAM MAIL

By Email:            scam.mail@royalmail.com

By Telephone:    03456 113 413 (message service only)

Do you have an opinion on this matter? Please comment in the box below.

Russian Mass Spammer Arrested

An alleged Russian hacker has been arrested in Spain at the request of the American authorities.

Pyotr Levashov should have realised that going on holiday to a country that has extradition with America was a bad idea. He knew the Americans wanted him as he is responsible for the Kelihos botnet and has been on the top ten list of the world’s biggest spammers for years.

The Kelhios botnet is a huge array of computers setup to send out vast quantities of scam emails.

He was arrested on a U.S. computer crimes warrant and will be extradited.

Levashov’s arrest drew immediate attention after his wife told the Russian network  RT that he was linked to America’s 2016 election hacking. She said when she spoke to her husband on the phone from the police station, he told her he was told he had created a computer virus that was linked to Trump’s election win. This may be a red herring designed to attract attention to his case.

According to the cybersecurity site KrebsOnSecurity, Levashov was allegedly responsible for “running multiple criminal operations that paid virus writers and spammers to install fake antivirus’ software. “There is a lot of  evidence that he is the cybercriminal behind the Waledac spam botnet, which infected more than 70,000 computers and was capable of sending up to  1.5 billion spam messages a day.”

The U.S. authorities announced that they are working to dismantle a global computer network that sent hundreds of millions of spam emails worldwide each year.  The U.S. Justice Department said it was working to take down the sprawling Kelihos botnet, which at times was made up of more than 100,000 compromised computers that sent phony emails advertising counterfeit drugs and work-at-home scams, harvested users’ logins and installed malware that captured their bank account passwords.

Controlling the vast network since 2010 was Pyotr Levashov, a 36-year-old described in U.S. court documents as “one of the world’s most notorious criminal spammers.”

The investigators’ efforts are showing early signs of success in disrupting the botnet.

It is a huge global problem combatting these operations  that are well organised and well equipped and few governments can do much to stop them.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

The Disrespect Nobody Campaign

You may have seen some strange adverts on the TV and on posters in city centres. This is part of a campaign called Disrespect Nobody and is aimed at teenagers.

The Disrespect NoBody campaign helps young people to understand about healthy relationships, re-think their views of controlling behaviour, violence, abuse, abuse and what consent means within their relationships.

It aims to challenge attitudes and behaviours amongst young people that abuse in relationships is acceptable.

The campaign is targeted at 12 to 18 year old boys and girls and aims to prevent them from becoming perpetrators and victims of abusive relationships.

There are four TV adverts

  • A talking bra
  • Talking underpants
  • Talking eyes
  • A talking hand

DISRESPECT NOBODY

“There’s a person attached to every body, respect both”.

“Healthy relationships are all about respecting each other. You should feel loved, safe and free to be yourself”.

“Relationships can be confusing and it can be difficult to understand what is and isn’t normal behaviour”.

“But disrespectful and unacceptable behaviour can come in many forms. It isn’t limited to just physical behaviour; it can also go way beyond that”.

The UK Government backed and funded the “Disrespect NoBody” campaign.

The campaign has been criticised as it video doesn’t acknowledge that men can be the ones experiencing abuse in a relationship and uses key phrases like “Do you turn to violence when your GIRLFRIEND disagrees with you”

There are documents on the website for teachers and group leader to use in discussions with teenagers

https://www.disrespectnobody.co.uk/

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Chancellor to Stop Subscription Trap Scam

The Chancellor Phillip Hammond will announce on Wednesday 8th March his plan to stop the scam known as the Subscription Trap and end misleading consumer practices.

This is where you agree to buy a product or take free samples, only to find out later that you’ve been subscribed and money is being taken from your account or credit card regularly without you authorising it.

This is a very common scam and unfortunately you can’t get your money back as it has been legitimate, though morally wrong of course.

The Chancellor promises the new measures will represent a crack-down on misleading consumer practices, including those which end up costing people money they aren’t expecting.

  • End subscription traps. The Government says people can end up in ‘subscription traps’ after they sign up to a paid-for service without intending to – for example, when a paid subscription starts automatically after a free trial. To address this, it plans to develop options to put a stop to this and ensure customers are notified in good time before a payment is taken. The Citizens Advice Bureau estimates that 2 million consumers have problems each year cancelling subscriptions.
  • Shorten and simplify small print. The Government will consider options for making terms and conditions clearer to consumers, including making the key terms much more obvious, examining the use of tick boxes, introducing rankings on good practice and improving understanding of which terms cause most confusion. (some mobile phone contracts run to 40,000 words).
  • Create new powers to fine companies that mistreat customers. Consumer enforcement bodies such as the Competition and Markets Authority will receive powers to ask civil courts to fine companies – including those in unregulated markets – which breach consumer law.

“Whether you’ve signed up to a music or TV streaming service, shopping service, wine club or beauty club, the key is to look out for these subscription traps when joining and diarise when to cancel if you don’t want it.

The details in these proposals will hopefully become clear over the next few months as the Business Department work on this and the Business Secretary will introduce the changes in a consumer green paper.

This package, once it becomes law, should eradicate a lot of bad business practice and make life easier for consumers.

Do you have an opinion on this matter? Please comment in the box below.

UK Biggest Cyber Criminals Caught

The UK’s biggest ever cyber scammers stole £113m by calling victims pretending to be from their bank. Fraudsters used bin bags full of cash for shopping sprees, bought supercars and a Lahore mansion. The Glasgow-based gang targeted small businesses in telephone fraud scam and they cleared out millions of pounds from their victims’ bank accounts

The ring leader Choudhary has been jailed for 11 years and 14 others also face prison terms.

The Burnley-born fraudster had fleeced over 750 British firms to fund his millionaire playboy lifestyle. Raking in £3million a month by cold-calling bank customers, he ruined hundreds of lives and put small businesses on the brink of bankruptcy – leaving one victim so distraught that she committed suicide.

The Method

Choudhary phoned businesses claiming to be from their bank, saying security on the accounts had been compromised. He got internet bank security details and passwords from employees and emptied their accounts in minutes, blocking phone lines with software to stop contact with the real bank

Unwitting customers were told their accounts had been hacked and were duped into giving their internet banking passwords over the phone.

The cash was withdrawn by ‘money mules’ and moved through transfer exchanges from London to Pakistan and elsewhere. The biggest raid saw £2.2million taken from a solicitor’s firm in minutes

Choudhary used the details to convince businesses he was a genuine bank employee, telling them they had been hacked by ‘someone in Aberdeen’ called ‘King’

Scotland Yard believes at least 750 businesses were affected between January 2013 and October 2015, but there could be countless others. Choudhary targeted customers from Lloyds, Santander, Barclays and Royal Bank of Scotland.

Choudhary grew so rich that he flew his personal valets 8,000 miles across the world to polish his Porsches.

He posed as a music producer and property developer and owned a fleet of expensive cars including a Bentley, Rolls-Royce, Lamborghini and two Porsches.

Choudhary spent millions on a property portfolio in Pakistan, Dubai and Scotland, treated himself to £100,000 shopping trips at Harrods, bought £45,000 Rolex watches and enjoyed luxury holidays in the Middle East.

Conviction

Choudhary was jailed for 11 years. Corrupt Lloyds business adviser, Jones Opare-Addo, was jailed for five years for leaking account details to the gang and setting up accounts to launder cash.

Emma Daramola, 23, was given a two-year suspended sentence for conspiracy to commit fraud by abuse of position for her role as an insider at Lloyds

A long list of accomplices were also jailed.

Do you have an opinion on this matter? Please comment in the box below.

The Government’s New Cyber Security Centre

The government’s National Cyber Security Centre (NCSC), based in Victoria, London, was officially opened by the Queen in early February.

The new boss is Ciaran Martin, who has moved from the agency’s headquarters in Cheltenham.

The NCSC is already busy as it says it has stopped more than a hundred high level cyber attacks in the last few months.

“The cyberattacks we are seeing are increasing in their frequency, their severity, and their sophistication,” chancellor Philip Hammond said ahead of the opening.

“We will help secure our critical services, lead the response to the most serious incidents and improve the underlying security of the internet through technological improvement and advice to citizens and organisations,” Martin said. This will include finding vulnerabilities in public sector websites, stopping spoof emails, and taking down thousands of phishing websites in the UK.

The National Cyber Security Centre has four key objectives outlined in its prospectus.

  1. To Be a Centre of Expertise on Cyber Security

To understand the cyber security environment, share knowledge, and use that expertise to identify and address systemic vulnerabilities. The NCSC will be the centre of government expertise on what is happening in cyberspace.. That knowledge will be used to provide best practice advice and guidance, and to tackle systemic vulnerabilities to enhance cyber security for all.

  1. To Protect the UK

To reduce risks to the UK by working with public and private sector organisations to improve their cyber security. The NCSC will support the most critical organisations in the UK across government and the private sector to secure and defend their networks.

  1. To respond to Cyber Security Incidents

When a serious cyber incident occurs, the NCSC will work with victims to minimise the damage, to help with recovery, and to learn lessons to reduce the chance of recurrence and minimise future impact. At the same time the NCSC will ensure that the wider response of government and law enforcement is well co-ordinated

  1. To Grow the UK Cyber Security Capability

To nurture and grow our national cyber security capability, and provide leadership on critical national cyber security issues. Cyber security and information technology continues to develop and evolve at a rapid pace. As the Centre within government for cyber-knowledge, the NCSC will have the best possible visibility of what is happening today – in terms of threats, vulnerabilities and technology trends. This means cutting edge technical research teams, combining the best of government, industry and academic expertise, scanning the horizon and helping plan for what could challenge us tomorrow. The NCSC will lead the UK’s thinking across the range of initiatives and developments, ensuring that the UK Government, organisations and the public can harness the advantages that new technologies bring in a safe and secure manner.

Let’s hope the new NCSC is up to the job of combatting foreign and domestic hackers, criminals and terrorists.

Do you have an opinion on this matter? Please comment in the box below.

Caller Protection Company Fined For Cold Calling

A West Sussex company has been fined £40,000 for making nuisance calls to the elderly.

The Information Commissioner’s Office (ICO) ruled that IT Protect Ltd, in Bognor Regis, broke the law because it called people registered with the Telephone Preference Service (TPS), which is a service home users can sign up to for preventing unsolicited calls.

Ironically, this firm was making nuisance calls to people to sell them a call blocking device. But by phoning people registered with the TPS it broke the law. The ICO  investigation was aided by members of the public reporting the nuisance calls they’d received from IT Protect.. They told ICO that the firm had preyed on the elderly and misled people by giving the impression they were working with BT.”  STEVE ECKERSLEY, HEAD OF ENFORCEMENT, ICO

IT Protect told the ICO it had bought a list of people and phone numbers from another firm, but it had not verified that the numbers were not on the TPS list and hence could not legally be cold called.

Reliance on another firm does not preclude the company from law breaking.

The law says that calls should not be made to anyone who has registered with the TPS unless they have told the caller that they wish to receive such calls from them. Companies failing to screen against the TPS, who then call people without consent, can expect enforcement action by the ICO.

IT Protect is the first company to be slapped with a bill by the ICO since it took over management of the Telephone Preference System in December

TPS  is a free service designed to protect people from unsolicited sales or marketing calls

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Liverpool Advertising Scammers Busted

Advertising magazine fraudster George Williams jailed for seven years over £5.2 million scam.

George Williams controlled a Liverpool-based team conning firms into paying for adverts in a publication called “Emergency Services News”. There should have been about 1.2m copies per year to fulfil their promises to clients but instead police found they only printed 30,000 copies over 3 years.

Williams and others called themselves Weinstein Williams Associates Ltd and were found to have falsely claimed that they worked for the emergency services and detectives believe as many as 15,000 victims paid for adverts in publications that either did not materialise or didn’t reached the audience they had been promised.

Weinstein Williams Associates cold-called people all over the UK, claiming they were endorsed by emergency services to get people to place paid adverts in their fake magazine. Anyone who complained was threatened with legal action.

Williams, of Linacre Road, Bootle, took £2,000 a week and splashed out on flash cars, boats and property. He was jailed for seven years and four other men were sentenced at Liverpool Crown Court over the scam.

Judge Robert Warnock told Williams: “The evidence is overwhelming. You recruited guilty and unscrupulous sales staff. You enjoyed the criminal lifestyle.”  “You have shown no remorse at all. It is highly probable you will offend in the same way. Your motive was greed and your method deception.”

Scammers like this create a plausible situation where they appear to help people in business. But it’s mostly fake and the businesses lose out and the scammers get very rich.

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.