U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week
In 2015, the U.S. Secret Service was on the hunt for Aleksei Burkov, an infamous Russian hacker suspected of facilitating the theft of $20 million from stolen credit cards on the Cardplanet website. The methods the agency used to pursue him, revealed for the first time as a result of a Forbes legal challenge, show how the U.S. government was able to strongarm two data companies into spying on him for two years based on the authority of a 233-year-old law and to issue weekly reports on his whereabouts. The government has never disclosed how many other individuals could be under such prolonged and unconventional surveillance.
US law enforcement on Tuesday announced the takedown of SSNDOB Marketplace, a series of websites selling personally identifiable information (PII). For years, the SSNDOB Marketplace sold the personal information – such as Social Security numbers, names, and birth dates – of millions of people, including approximately 24 million individuals in the US. Authorities estimate that the PII sellers raked in over $19 million from this illicit activity. The marketplace’s administrators advertised their portals on dark web criminal forums, offered customer support, and monitored customer activity, including when money was being deposited into accounts.
U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices with the goal of gaining deeper access to victim networks. In addition, the actors used these compromised devices as route command-and-control (C2) traffic to break into other targets at scale, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) said in a joint advisory.
A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. This requires greater transparency and threat intel sharing between the government and private sector, they added. “There’ll never be a time when we don’t defend ourselves –— especially in cyberspace,” National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA’s Shields Up initiative as the new normal. “Now, we all know that we can’t sustain the highest level of alert for an extensive period of time, which is why we’re thinking about, number one, what’s that relationship that government needs to have with the private sector,” Easterly said on the RSA Conference panel with Inglis and National Security Agency (NSA) cybersecurity director Rob Joyce.
Congress looked into amending the 1986 Computer Fraud and Abuse Act (CFAA) to address concerns from cybersecurity researchers before the Justice Department announced last month that it would revise how it enforces the law, a top DOJ official said Monday. Leonard Bailey, head of the cybersecurity unit at the DOJ, was speaking about the changes to how CFAA will be enforced on good-faith security researchers at the RSA cybersecurity conference when he was asked about further concerns some researchers still have. An attendee questioned whether the new DOJ charging guidelines – handed down on May 19 – could be rescinded or changed by another administration.
Two million patients from nearly 60 healthcare providers were recently informed that their data was stolen after the hack of a third-party vendor, Shields Health Care Group. Shields Health provides MRI, PET/CT, and outpatient surgical services for covered entities. The breach tally makes it the largest healthcare data breach reported so far this year. The “suspicious activity” was discovered on the Shields network on March 28, which “may have involved data compromise.” Shields took steps to contain the incident, and an investigation was launched with support from third-party forensic specialists. Law enforcement was also notified.