Category: The Authorities

Teenage Hacker Jailed

Adam Mudd has been jailed for two years for setting up a computer hacking business that caused chaos worldwide.

At 16 he created the Titanium Stresser program, which can be used to attack websites by flooding them with requests until the website crashes. This was used in more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft.

He earned £400,000 in US dollars and bitcoins from selling the program to cybercriminals.

Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. He said that the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.”

The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money.

Mudd admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard.

On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils.

There were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses, of which more than 52,000 were in the UK.

He developed the distributed denial of service, or DDoS, software from his bedroom, and started selling it to criminals when he was at school aged 16.

At his sentencing hearing, the court heard the Titanium Stresser programme had 112,298 registered users.

One hacker can cause a great deal of damage intentionally or otherwise and there appears to be a community of hackers sharing knowledge and software.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

General Data Protection Regulation

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws and there is the complication that often data is held in more than one country.

The General Data Protection Regulation (GDPR)  comes into force in May 2018. It is an EU regulation and takes effect in the UK regardless of the BREXIT situation.

With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.

Who does the GDPR apply to?

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

It  does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

It applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (DPA) – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach.

However, if you are a ‘controller’, there are still obligations where a ‘processor’ is involved – it places further obligations on you to ensure your contracts with processors comply with the GDPR.

Does the GDPR apply to Personal Data?

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc., the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.

 

Basically, if you are subject to the DPA then you need to plan to ensure compliance with the GDPR .

More information available at http://www.eugdpr.org/

Post Office Tears Up Scam letters

The Royal Mail has promised to destroy millions of letters sent by scammers. Also, where the Post Office believes letters are carrying money from UK citizens to scammers, they will be impounded and checked.

The Royal Mail makes a lot of money delivering “Marketing” letters of course so it’s not surprising they haven’t wanted to take action to stop the flood of scam letters included in that. The scammers were even able to use Royal Mail bulk mail contracts and have Royal Mail stamped on the envelopes.    This gave the letters a ‘trust’ factor.

However, pressure from newspapers, complaints and a word from the Prime Minister have brought about a change of heart and Royal Mail have introduced a new code of practice with all suppliers that lets them open letters they believe are scams.

Campaigner and broadcaster Esther Rantzen who has investigated postal fraud in the past said “I’m delighted Royal Mail is taking action to stamp out these appalling crimes against the most vulnerable people.  I’ve been horrified by the number of elderly people who’ve been victims of these fraudsters”.

Also, Royal Mail have said they will stop letters being sent to known scammers and where cash is involved – return it to the victim.

Royal Mail will also contact any homes they suspect of being targeted by scammers and will send warnings by recorded delivery to ensure they get to the intended recipient.

Good for Royal Mail and about time too.

To complain to the Riyal Mail about scam letters, emails or calls you have three choices

By post:              FREEPOST SCAM MAIL

By Email:            [email protected]

By Telephone:    03456 113 413 (message service only)

Do you have an opinion on this matter? Please comment in the box below.

Russian Mass Spammer Arrested

An alleged Russian hacker has been arrested in Spain at the request of the American authorities.

Pyotr Levashov should have realised that going on holiday to a country that has extradition with America was a bad idea. He knew the Americans wanted him as he is responsible for the Kelihos botnet and has been on the top ten list of the world’s biggest spammers for years.

The Kelhios botnet is a huge array of computers setup to send out vast quantities of scam emails.

He was arrested on a U.S. computer crimes warrant and will be extradited.

Levashov’s arrest drew immediate attention after his wife told the Russian network  RT that he was linked to America’s 2016 election hacking. She said when she spoke to her husband on the phone from the police station, he told her he was told he had created a computer virus that was linked to Trump’s election win. This may be a red herring designed to attract attention to his case.

According to the cybersecurity site KrebsOnSecurity, Levashov was allegedly responsible for “running multiple criminal operations that paid virus writers and spammers to install fake antivirus’ software. “There is a lot of  evidence that he is the cybercriminal behind the Waledac spam botnet, which infected more than 70,000 computers and was capable of sending up to  1.5 billion spam messages a day.”

The U.S. authorities announced that they are working to dismantle a global computer network that sent hundreds of millions of spam emails worldwide each year.  The U.S. Justice Department said it was working to take down the sprawling Kelihos botnet, which at times was made up of more than 100,000 compromised computers that sent phony emails advertising counterfeit drugs and work-at-home scams, harvested users’ logins and installed malware that captured their bank account passwords.

Controlling the vast network since 2010 was Pyotr Levashov, a 36-year-old described in U.S. court documents as “one of the world’s most notorious criminal spammers.”

The investigators’ efforts are showing early signs of success in disrupting the botnet.

It is a huge global problem combatting these operations  that are well organised and well equipped and few governments can do much to stop them.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

The Disrespect Nobody Campaign

You may have seen some strange adverts on the TV and on posters in city centres. This is part of a campaign called Disrespect Nobody and is aimed at teenagers.

The Disrespect NoBody campaign helps young people to understand about healthy relationships, re-think their views of controlling behaviour, violence, abuse, abuse and what consent means within their relationships.

It aims to challenge attitudes and behaviours amongst young people that abuse in relationships is acceptable.

The campaign is targeted at 12 to 18 year old boys and girls and aims to prevent them from becoming perpetrators and victims of abusive relationships.

There are four TV adverts

  • A talking bra
  • Talking underpants
  • Talking eyes
  • A talking hand

DISRESPECT NOBODY

“There’s a person attached to every body, respect both”.

“Healthy relationships are all about respecting each other. You should feel loved, safe and free to be yourself”.

“Relationships can be confusing and it can be difficult to understand what is and isn’t normal behaviour”.

“But disrespectful and unacceptable behaviour can come in many forms. It isn’t limited to just physical behaviour; it can also go way beyond that”.

The UK Government backed and funded the “Disrespect NoBody” campaign.

The campaign has been criticised as it video doesn’t acknowledge that men can be the ones experiencing abuse in a relationship and uses key phrases like “Do you turn to violence when your GIRLFRIEND disagrees with you”

There are documents on the website for teachers and group leader to use in discussions with teenagers

https://www.disrespectnobody.co.uk/

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Chancellor to Stop Subscription Trap Scam

The Chancellor Phillip Hammond will announce on Wednesday 8th March his plan to stop the scam known as the Subscription Trap and end misleading consumer practices.

This is where you agree to buy a product or take free samples, only to find out later that you’ve been subscribed and money is being taken from your account or credit card regularly without you authorising it.

This is a very common scam and unfortunately you can’t get your money back as it has been legitimate, though morally wrong of course.

The Chancellor promises the new measures will represent a crack-down on misleading consumer practices, including those which end up costing people money they aren’t expecting.

  • End subscription traps. The Government says people can end up in ‘subscription traps’ after they sign up to a paid-for service without intending to – for example, when a paid subscription starts automatically after a free trial. To address this, it plans to develop options to put a stop to this and ensure customers are notified in good time before a payment is taken. The Citizens Advice Bureau estimates that 2 million consumers have problems each year cancelling subscriptions.
  • Shorten and simplify small print. The Government will consider options for making terms and conditions clearer to consumers, including making the key terms much more obvious, examining the use of tick boxes, introducing rankings on good practice and improving understanding of which terms cause most confusion. (some mobile phone contracts run to 40,000 words).
  • Create new powers to fine companies that mistreat customers. Consumer enforcement bodies such as the Competition and Markets Authority will receive powers to ask civil courts to fine companies – including those in unregulated markets – which breach consumer law.

“Whether you’ve signed up to a music or TV streaming service, shopping service, wine club or beauty club, the key is to look out for these subscription traps when joining and diarise when to cancel if you don’t want it.

The details in these proposals will hopefully become clear over the next few months as the Business Department work on this and the Business Secretary will introduce the changes in a consumer green paper.

This package, once it becomes law, should eradicate a lot of bad business practice and make life easier for consumers.

Do you have an opinion on this matter? Please comment in the box below.