Category: The Authorities

Bitcoin Mining Steamrollered

Bitcoin is the world’s most popular cyber currency – a currency that only exists in digital form, not in any physical sense.

There is a limited quantity of Bitcoin in the world because the means to create more is a very clever, computing intensive process that gets progressively more difficult to achieve as there are more Bitcoins. In time it will become impossible to create any more Bitcoins.

This protects the value of the Bitcoins already in existence.

Bitcoin mining is the process that allows the creation of new Bitcoins and it involves solving complex mathematical puzzles using vast amounts of computing power and in turn that means using huge amounts of electricity.

One Bitcoin is worth many thousands of dollars, so for those who can, Bitcoin mining can be profitable.

However, to make money at this usually involves using stolen computers and stolen electricity on a huge scale, so it is largely done by criminals using stolen computers running on stolen electricity.

Bitcoin mining is increasingly recognised to be an ecological disaster.

In Malaysia, Bitcoin miners stole $2 million worth of electricity siphoned from Sarawak Energy power lines, so the authorities found the culprits, seized 1,069 bitcoin mining computers, laid them out in a parking lot at police headquarters and used a steamroller to crush them. The video of this went viral.

Six people were charged in relation to the Bitcoin mining.

Good riddance to the criminals and their computers.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Singapore Scam Shield

This is a very useful APP that blocks scam messages and texts but is only available in Singapore and is only for iOS phones currently but they are working on an Android version.

That’s a shame, as we all need one of these APPS.

The APP can do the following:

  1. Block scam calls – Scam Shield compares an incoming call against a list maintained by the Singapore Police Force to determine if the number has been used for illegal purposes and blocks it.
  2. Filter scam Text messages – when you receive an SMS from an unknown contact, Scam Shield will determine if the SMS is a scam and filter the messages to a junk SMS folder.
  3. Report scam messages – you can report scam messages from other chat apps such as WhatsApp, Wechat, IMO, Viber, etc. You can forward the messages via Scam Shield’s in-app reporting function.

Privacy

There are strict rules on what ScamShield can or cannot read. If a message comes from a known contact, then iOS does not pass the message to Scamshield. If you have previously interacted with an unknown contact or decided to engage an unknown contact in conversation then ScamShield will not get to see the message. Only messages sent by unknown persons via SMS will be passed to Scam Shield.

Also, the APP also does not have any access to your location data or any personal data.

How does ScamShield work?

The app filters incoming calls and text messages. ScamShield compares an incoming call against a list maintained by the Singapore Police Force to determine if the number has been used for illegal purposes and blocks it.

When you receive an incoming SMS from an unknown contact, ScamShield will determine if the SMS is a scam using an on-device algorithm and filters the messages to a junk SMS folder.

Remember, the APP only works in Singapore.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Card and Payment Crime Unit

The Dedicated Card and Payment Crime Unit (DCPCU) is a proactive operational Police unit with a national remit. It was formed in 2002 in partnership between UK Finance, the City of London Police and the Metropolitan Police.

Their brief is to investigate, target and, where appropriate, arrest and seek successful prosecution of offenders responsible for card, cheque and payment fraud crimes.

In the first half of 2020 the unit disrupted seven organised crime groups, made 70 arrests and secured 30 convictions. Through close collaboration with banks, the telecoms industry and other law enforcement agencies, the unit prevented an estimated £12.5 million of fraud and seized or blocked over £2 million in assets. Also, their partnership with social media platforms led to the identification of accounts that featured posts relating to payment crime and saw more than  500 social media accounts linked to fraudulent activity taken down.

The DCPCU is comprised of officers from the City of London Police and Metropolitan Police as well as banking industry fraud investigators and support staff from UK Finance. It carried out enforcement activity against individuals seeking to use Covid-19 as an opportunity to target victims, executing 25 warrants between March and June 2020.

The DCPCU say they continue to work closely with UK Finance and its members from across the payment industry to tackling the constantly evolving challenges of fraud.

DCPCU recommend that Consumers follow the advice of the Take Five to Stop Fraud campaign to stay safe from fraud, and always question any uninvited approaches to transfer money or give away personal details in case they are a scam.

https://fightback.ninja/take-five-stop-fraud/

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Lazarus Heist

In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and almost succeeded. It was only down to luck that all but $81m of the transfers were halted.

The hackers prepared meticulously for months, gained access to the systems then waited for months for the exact right moment that would give them the longest window of opportunity.

This was at the start of a weekend, at a holiday time giving them a clear 5 days starting in Bangladesh, then the Fed in New York then the Philippines where much of the money was intended to end up.

They carried out their plan meticulously, but bad luck got in the way.

  1. They had created a number of fake accounts at a bank branch in Jupiter street in Manila but Jupiter was the name of an Iranian ship and that raised red flags in New York and all but $101 million of the transactions were temporarily blocked for investigation.
  2. $20m was to be transferred to a Sri Lankan charity called the Shalika Foundation but the name was misspelt and the transaction blocked
  3. $81 reached a hotel and Casino in the Philippines to be laundered but much was lost in the process

The group got away with around $34 million of the $1 Billion they targeted.

Analysis of the digital fingerprints of the theft point to the government of North Korea, to a group of hackers known as the Lazarus Group.

These are the people believed to have spread the Wannacry ransomware that devastated the NHS in 2017 and also various large organisations around the world.

For more detailed information see  https://www.bbc.com/news/stories-57520169

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Government Secure by Design

The government department for Digital, Culture, Media and Sport (DCMS) is working to ensure consumer “smart” devices are more secure, with security built in from the start.

Matt Warman, Minister for Digital Infrastructure has said “This government wants you and your families to be safe online. In these extraordinary circumstances, we all increasingly rely on internet-connected products to socialise, work and live out our lives. You should be able to trust that those products – whether they be watches, speakers, doorbells or baby monitors – are designed and built securely”.

At the moment, many manufacturers concentrate on producing their products cheaply and leave security to be a minor feature, not worth investment. Their products are shipped with very basic security and little advice to the buyer. This puts people at risk as consumers will assume a product is safely setup and trust the seller has put in the effort to ensure safety, but this is often not the case.

The government say that Cyber security is at the heart of their approach to digital technology, and plays a critical role in ensuring people and businesses can benefit from the huge opportunities of technology.

In 2018, DCMS published a Code of Practice for Consumer Internet of Things Security and have been supporting the development of the first industry standard on consumer smart product security.

Despite widespread adoption of the guidelines in the Code of Practice for Consumer Internet of Things Security, both in the UK and overseas, change has not been swift enough, with poor security still commonplace.

In January 2020 the government announced the intention to bring in legislation to ensure stronger security is built into consumer smart products. This work has been progressing in collaboration with industry leaders and cyber security experts.

The government response to the 2020 call for views on proposals for regulating the cyber security of consumer smart devices was published on 21 April 2021.

We need this to move as so products can be safe by design not by accident or not at all.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

London Police Cyber Crime

In the year 2019/2020 the London Police recorded 27,187 reports of cybercrime, comprising

  • 13,271 reports of hacking social media and email
  • 7,095 reports of computer viruses / malware
  • 3,605reports of personal hacking

These reports amount to a reported loss of £5.4 million.

Perhaps surprisingly, the people at highest risk of being scammed were 20-29 year olds.

The most common methods most used by the cyber criminals were:-

  1. Phishing emails – messages that claim from be from an authority of some kind, but seek to get your personal information e.g. login and password, credit card details etc.
  2. Weak passwords i.e. ones that can be guessed or are a word in the dictionary
  3. Weak security that allows attackers access for ransomware or to breach the security to steal data

The most commonly reported example of phishing was fake emails offering a TV licence renewal.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature