Friday 10 February 2017

Feds Bust Alleged Russian Bank Hacker in Los Angeles

A federal investigation into a Russian cybercrime ring led Secret Service agents to the doorstep of a 29-year-old Los Angeles man the United States calls an “extremely sophisticated and well-connected cybercriminal” who allegedly used malware to steal cash from thousands of U.S. bank accounts.
Alexander Tverdokhlebov was arrested in an early-morning raid Feb. 1 on a four-count wire-fraud indictment alleging that he worked with a Russian colleague in 2009 and 2010 to attack U.S. financial institutions. He allegedly used a botnet of 10,000 hacked PCs.
Tverdokhlebov is being held in the Metropolitan Detention Center in Los Angeles pending a bail review in Alexandria, Virginia, where he’s charged.
Long before the Kremlin was known for hacking political campaigns, Russian hackers and their peers in Ukraine dominated the for-profit cybercrime underworld, from the large-scale credit-card heists of the mid-2000s to today’s ransomware threat. And banking botnets have been a staple of Russian cybercrime for nearly a decade.
Instead of stealing passwords for a hacker to use later, the malware will wait for the victim to log in to their online banking, then splice itself into the connection and slip in a rogue funds transfer without setting off alarms at the bank. If the victim happens to check their balance or transaction history, the malware will even rewrite it on the fly to conceal the theft.
The Russian-made Zeus malware first proved the concept in 2009, and is behind, by some estimates, billions of dollars in losses over the years. Zeus’s alleged author, Evgeniy Bogachev, was even among the Russians sanctioned by President Obama last December in retaliation for the Kremlin’s election hacking, and the FBI has a $3 million reward out for his arrest.
The U.S. discovered Tverdokhlebov while examining the online chats of a different Russian: Vadim Polyakov, a 32-year-old St. Petersburg man who pleaded guilty last year to a million-dollar concert-ticket scam. Polyakov ran a crime ring that hacked consumers’ StubHub accounts to buy thousands of e-tickets for resale. He was arrested in Spain and extradited to the U.S. In July, a New York judge sentenced him to four to 12 years in state prison.
Court records don’t indicate how the Secret Service obtained Polyakov’s ICQ chat logs. The most likely scenario is that Spanish authorities seized Polyakov’s laptop at his arrest. In any event, the chat logs showed Polyakov conversing in Russian with a fellow cyberthief who let slip enough information to identify Tverdokhlebov as a suspect, specifically his first name, his girlfriend’s full name, and his home address and his phone number.
The indictment against Tverdokhlebov is based entirely on the years-old chats, with no hard information about specific thefts, suggesting that the feds are using it as a wedge to try and pry more evidence from Tverdokhlebov’s arrest and the search of his computers.
Over government objections, a magistrate judge set Tverdokhlebov’s bail at $100,000 last week but stayed the man’s release pending a government appeal, set to be heard in Virginia on Friday. The feds are urging that Tverdokhlebov be held without bail, claiming that he has few ties to the U.S. and enough underworld contacts to flee to Mexico and from there to Russia.
Tverdokhlebov was born in Russia and obtained U.S. citizenship in 2009 after marrying an American. According to prosecutors, the two have since divorced.
Secret Service agents have spent the days since Tverdokhlebov’s arrest opening his safe-deposit boxes. Three boxes in California were packed with $172,000 in $100 bills. A key locked in one box turned out to fit a fourth safe-deposit box in Las Vegas, where on Tuesday the feds found an additional $100,000.
“The large quantity of cash, as well as their distribution in safe-deposit boxes in different states, suggests that defendant may have concealed funds elsewhere in preparation for flight,” prosecutors wrote, urging that Tverdokhlebov be kept in jail.
Tverdokhlebov’s attorney, William Cummings, countered in a filing Thursday that his client is legitimately employed in Los Angeles and that the charges in the Virginia indictment are old.
Cummings also implied that with every cash-filled safe deposit box the feds find, his client becomes an even better candidate for pre-trial release. “The defendant, if he were on release, could now not go to Las Vegas to access that money,” he wrote.

nullcon Information Security Conference 8Bit, Goa 2017



nullcon‍ was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Our motto - "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology. The idea started as a gathering for researchers and organizations to brainstorm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security. In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

The nullcon conference is a unique platform for security companies/evangelists to showcase their research and technology. Nullcon hosts Prototype, Exhibition, Trainings, Free Workshops, null Job Fair at the conference. It is an integrated and structured platform, which caters to the needs of IT Security industry at large in a comprehensive way.

The event consists of 25 speeches and 11 training sessions, which cover all major topics of IT security industry. The conference is created for security companies/enthusiasts so they can showcase the most up to date research and technology on the topic. The shared knowledge is usually used afterwords within the organizations. Moreover, we host ExhibitionFree WorkshopsCTF Hacking competitionsJob FairBlackShield Awards and other events at the conference.

The Keynote will be addressed by Joshua Pennell, Founder & President, IOActive, following which we would have talks by various international security researchers on topics such as, ATM Hackings, Drone Hijacking, Telecom Protocol Security, Blockchain issues, Cloud Security, Bug Hunting, Social Engineering, Botnets and lots more.

With nullcon 8-bit edition we have made a lot of changes bringing the conference to the next level:
  • We anticipate to have 1000 people,
  • Additional DevOps Security Track,
  • New Trainings on Cloud Security, IoT, Infrastructure, Hardware Security,
  • New CXO Panel session,
  • Larger exhibition vendor area etc.

Nullcon Goa 2017 Dates:
  • Training - 28th Feb to 2nd March 2017
  • Conference - 3rd to 4th March 2017

New Venue:
Holiday Inn Resort, Mobor Beach, Cavelossim, Salcette, Goa - India.
Registartion is still open! Get your pass here: http://nullcon.net/website/register-goa.php