Skip Navigation

Critical Infrastructure News

Phishing Poses Biggest Threat to Users: Google

A study conducted by Google over a one-year period showed that online accounts are most likely to become compromised as a result of phishing attacks.

Between March 2016 and March 2017, Google researchers identified 12.4 million potential victims of phishing, roughly 788,000 potential victims of keylogger malware, and over 1.9 billion users whose accounts had been exposed due to data breaches.

The fact that third-party data breaches expose significant amounts of information is not surprising. Several companies admitted that hackers had stolen the details of millions of users from their systems and Yahoo alone exposed over one billion accounts in the past years.

However, Google’s analysis showed that only less than 7 percent of the passwords exposed in third-party data breaches were valid due to password reuse. Furthermore, the company’s data suggests that credential leaks are less likely to result in account takeover due to a decrease in password reuse rates.

On the other hand, nearly a quarter of the passwords stolen via phishing attacks were valid, and Google believes phishing victims are 460 times more likely to have their accounts hacked compared to a random user.

As for keyloggers, nearly 12 percent of the compromised passwords were valid, and falling victim to such malware increases the chances of account takeovers 38 times.

Phishing kits and keyloggers are also more likely to lead to account hijacking due to the fact that many of them also collect additional information that may be requested by the service provider to verify the user’s identity, including IP address, location and phone number.

An analysis of the most popular phishing kits revealed that they mainly target Yahoo, Hotmail, Gmail, Workspace Webmail (GoDaddy) and Dropbox users.

In the case of keyloggers, the HawkEye malware appears to be the most successful, with more than 400,000 emails containing stolen credentials being sent to attackers. Cyborg Logger and Predator Pain also made a significant number of victims.

As for the location of the individuals using these phishing kits and keyloggers, Google’s analysis of the IP addresses used to sign in to the email accounts receiving stolen credentials revealed that the top country is Nigeria in both cases.

“Our findings were clear: enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets,” Google employees wrote in a blog post. “While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defenses in order to stay ahead of these bad actors and keep users safe.”

More Prison Time for Ex-Secret Service Agent Who Stole Bitcoins

A former U.S. Secret Service agent already convicted for stealing bitcoins from the now-defunct underground marketplace Silk Road has been handed another prison sentence for the theft of digital currency from the government, the Department of Justice announced this week.

Shaun W. Bridges, 35, of Laurel, Maryland, was sentenced in December 2015 to 71 months in prison for money laundering and obstruction of justice. Bridges, who had been part of the task force investigating Silk Road, stole 20,000 bitcoins, at the time worth roughly $350,000, from Silk Road customers using information obtained following the arrest of one of the site’s customer support representatives. Bridges liquidated the bitcoins in the spring of 2015 and earned $820,000.

According to authorities, before he began serving his sentence for the 2015 conviction, Bridges stole another 1,600 bitcoins from a digital wallet belonging to the U.S. government.

Court documents obtained by Ars Technica show that the former federal agent retained the private key for an account storing bitcoins seized from digital currency exchange Bitstamp. After resigning from the Secret Service, Bridges used the key to transfer roughly 1,600 of the Bitstamp bitcoins from the government’s digital wallet into his own.

Bridges pleaded guilty to money laundering charges related to this case and agreed to return the stolen bitcoins. He received a 24-month prison sentence, which will be served consecutively to the previous 71-month sentence. The defense had hoped to convince the judge to hand out a concurrent sentence.

Day trader indicted for 'cyber boiler room' scheme targeting hacked online brokerage accounts

A self-described day trader from Pennsylvania was indicted Wednesday (8 November) for running a "cyber boiler room" scheme to illegally trade through over 50 hacked online brokerage accounts. Joseph Willner, 42, of Ambler, Pennsylvania, was charged with securities fraud, conspiracies to commit securities fraud and computer intrusions, wire fraud and money laundering.

According to the indictment, Willner was accused of conspiring with others between September 2014 and May 2017 to hack into victims' online securities brokerage accounts and illegally use them to place unauthorised trades. In some cases, they also liquidated existing positions in the victims' accounts to fund the unauthorised trades as well.

As part of the scheme, Willner used brokerage accounts in his name to place "short sale" offers for companies' stock at artificially high prices. Meanwhile, his co-conspirators hacked into victims' online brokerage accounts and used them to buy the same companies' shares.

These shares would then be repurchased by Willner and his co-conspirators at market or below-market prices, allowing them to profit. Willner immediately profited off the fraudulent trades, which would usually take place within minutes, based on the difference between the artificially high short sale price and the lower price at which he repurchased the stock, authorities said.