Facebook bans accounts of fake news firm

By Lisa Vaas

Facebook has shut down 265 fake accounts, many linked to an Israel-based social media company, that were being used to spread fake news and influence political discourse in a number of nations – mostly in Africa, but also in Latin America and Southeast Asia.

The company announced on Thursday that the accounts, which were on both Facebook and Instagram, had engaged in what Facebook dubbed “coordinated inauthentic behavior.”

In the ongoing back-and-forth over the use of social media as a platform from which to launch political meddling, companies such as Facebook and Twitter have been wrestling with the way their platforms have been used to spread disinformation. Singling out a company like Facebook did with Archimedes Group is a new twist, though.

The company promises its clients that it can bend reality for them. Archimedes Group, based in Tel Aviv, calls itself a leader in large-scale, worldwide “campaigns” and promises to “use every tool and take every advantage available in order to change reality according to our client’s wishes.”

…at least, the site was promising that when the Washington Post wrote up the news. Its site is strange to navigate, so either I can’t find that text, or perhaps Archimedes Group has yet again warped reality… and tweaked its site to remove the “by any means necessary” message.

Nathaniel Gleicher, Facebook’s head of global cybersecurity policy, said in Thursday’s post that the Pages and accounts weren’t taken down because of their content. Rather, it was their coordinated behavior that set off red flags:

As in other cases involving coordinated inauthentic behavior, the individuals behind this activity coordinated with one another to mislead others about who they were and what they were doing, and that was the basis for our action.

Gleicher said that the people behind the network used fake accounts to run Pages, disseminate content and artificially pump up engagement. They also lied about being locals – including local news organizations – and published what was allegedly leaked information about politicians.

Read more at https://nakedsecurity.sophos.com/2019/05/20/facebook-bans-accounts-of-fake-news-firm/

Bots rigged Russian finale of ‘The Voice Kids’ talent show

By Lisa Vaas

Sure, bots might be all over the US electorate, but this is serious. This is The Voice. Think of the children!

That’s what Russian bots were doing, in fact: robo-thinking of the children. Make that one child in particular – the daughter of pop singer Alsou and wealthy businessman Yan Abramov, whom they robo-voted in by a suspiciously large margin to win the sixth season of Russia’s popular TV talent show “The Voice Kids.”

Mikella Abramova, 10, won with 56.5% of the phone-in vote.

The state-owned channel that broadcasts the show, Channel One TV, announced on Thursday that it had decided to cancel the results of the vote.

Channel One said it’s working on boosting the safety of the voting system – before the start of the next season – so this never happens again.

What happened in the 6th season of “Voice of the Child” should be the first and the last case when someone tried to control the audience choice.

It came to the decision after having called on Group-IB to investigate the vote. Group-IB, an infosec firm that analyzes threats originating in Russia and Eastern Europe and which is an official partner of Interpol and Europol, released the initial results of that investigation on Thursday and said that their investigation is ongoing.

Read more at https://nakedsecurity.sophos.com/2019/05/20/bots-rigged-russian-finale-of-the-voice-kids-talent-show/

Google recalls Titan Bluetooth keys after finding security flaw

By Danny Bradbury

Google had egg on its face this week after it had to recall some of its Titan hardware security keys for being insecure.

Titan is Google’s name for its family of hardware security keys that provide two-factor authentication (2FA) for web users.

Launched in July 2018, they offer a level of physical authentication to complement website passwords. Google provides the Titan key for accessing your Google accounts, but you can also use it with other accounts that support the FIDO U2F standard for hardware keys.

When you switch on hardware key support in a website, it asks you to present your Titan key along with your password before it will let you in. This stops thieves who steal your password from accessing your web account.

How do you present your Titan key? It comes in two flavours: a USB key that you plug into your computer, and a Bluetooth-based key that connects wirelessly to your device. This works with computers and with your smartphone, giving mobile users extra protection for their web accounts.

The problem lies with the Bluetooth key, and in particular with its implementation of Bluetooth Low Energy (BLE). This is the protocol it uses to communicate wirelessly with the device it’s authenticating to.

In normal operation, you’d first register your BLE-enabled Titan key with the web service you’re using, generating a secret that is stored on the key.

Read more at https://nakedsecurity.sophos.com/2019/05/17/google-recalls-titan-bluetooth-keys-after-finding-security-flaw/

Hacking gang stole millions in cryptocurrency via SIM swaps

By Lisa Vaas

Six people have been indicted for allegedly being SIM card swappers who stole victims’ identities and their cryptocurrency, and three mobile phone company employees have been indicted for allegedly accepting bribes to help them steal subscribers’ identities.

On Thursday, federal prosecutors in the US Attorney’s Office for the Eastern District of Michigan said that the six alleged hackers are part of a hacking gang called “The Community.” The gang allegedly carried out seven attacks that netted a cryptocurrency haul valued at more than US $2.4 million.

The unsealed indictment charges Conor Freeman, 20, of Dublin, Ireland; Ricky Handschumacher, 25, of Pasco County, Florida; Colton Jurisic, 20, of Dubuque, Iowa; Reyad Gafar Abbas, 19, of Rochester, New York; Garrett Endicott, 21, of Warrensburg, Missouri; and Ryan Stevenson, 26, of West Haven, Connecticut, with conspiracy to commit wire fraud, wire fraud and aggravated identity theft.

How the crooks swing a SIM swap

As we’ve explained, SIM swaps work because phone numbers are actually tied to the phone’s SIM card – in fact, SIM is short for subscriber identity module, a special system-on-a-chip card that securely stores the cryptographic secret that identifies your phone number to the network.

Most mobile phone shops out there can issue and activate replacement SIM cards quickly, causing your old SIM to go dead and the new SIM card to take over your phone number …and your telephonic identity.

That comes in handy when you get a new phone or lose your phone: your phone carrier will be happy to sell you a new phone, with a new SIM, that has your old number.

Read more at https://nakedsecurity.sophos.com/2019/05/17/hacking-gang-stole-millions-in-cryptocurrency-via-sim-swaps/

Read more at https://nakedsecurity.sophos.com/2019/05/17/hacking-gang-stole-millions-in-cryptocurrency-via-sim-swaps/

Europol arrests end GozNym banking malware gang

By John E Dunn

Arrests in Europe and the US appear to have ended the cybercrime careers of the gang behind the GozNym banking malware.

According to Europol, which coordinated the pursuit of 10 people in Ukraine, Moldova, Georgia, Bulgaria, Germany and the US, GozNym stole $100 million by infecting 41,000 devices around the world – mainly business computers.

Among those picked up were the alleged network mastermind, arrested in Georgia, and another individual in Ukraine who unsuccessfully attempted to evade police by producing a firearm. Five unnamed Russians remain on the run.

The GozNym malware was created sometime around 2015 by combining the code of two older pieces of malware, the well-known banking trojans Gozi which leaked in 2010, and the Nymaim dropper, a later malware most often used to unleash ransomware attacks.

The combination combined the best of two slightly different worlds, turning up in attacks on customers of two dozen US and Canadian banks in 2016.

The attacks used a common technique – blasting out the malware in phishing campaigns, or via exploit kits planted on websites; capturing online banking credentials; accessing those accounts to steal money; and laundering the proceeds:

The GozNym network exemplified the concept of cybercrime as a service, with different criminal services such as bulletproof hosters, money mules’ networks, crypters, spammers, coders, organizers, and technical support.

The gang behind it was highly-specialized in their roles, each carrying out different tasks from coding, sending phishing emails, and tending to the flow of money from victims.

Read more at https://nakedsecurity.sophos.com/2019/05/17/europol-arrests-end-goznym-banking-malware/