Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Federal authorities have arrested five more men accused of taking part in a 21st-century bank heist that siphoned a whopping $45 million out of ATMs around the world in a matter of hours.

Prosecutors said the men charged on Monday were members of the New York-based cell of a global operation and contributed to the $45 million theft by illegally withdrawing $2.8 million from 140 different ATMs in that city. The arrests came after the defendants sent $800,000 in cash proceeds in a suitcase transported by bus to a syndicate kingpin located in Florida, US Attorney for the Eastern District of New York Loretta E. Lynch said. Photos seized from one defendant's iPhone showed huge amounts of cash piled on a hotel bed and being stuffed into luggage, she said.

The heists took place during two dates in December 2012 and targeted payment cards issued by the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman respectively. Prosecutors dubbed the heists "unlimited" operations because they systematically removed the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that processed online payments for the two targeted banks, prosecutors alleged in earlier indictments. Prosecutors didn't identify the payment processors except to say that one was in India and the other was in the United States.

Read 3 remaining paragraphs | Comments


    






Study: More than 1 percent of Google Play apps are “aggressive” copycats

soh

More than one percent of titles available in Google's official Android app market may be unauthorized copycats of competing apps that have been re-engineered to more aggressively monitor browsing history and other personal habits, security researchers said today.

The study, published Monday by researchers from antivirus provider Bitdefender, analyzed 420,646 Android apps available in Google Play. Of those, 5,077 contained code lifted from Facebook, Twitter, and other legitimate apps. The copycat apps offered the same functionality as the original apps, but they were redesigned to include aggressive advertising libraries (often referred to as SDKs), "beacons" that can be used to track users, and modified permissions that had access to text messages, call histories, and other personal information.

"Most modifications add a new Advertising SDK in the repackaged app or change the Advertiser ID from the original app so revenue obtained through ad platforms gets diverted from the original developer to the individual who plagiarizes their work," Bitdefender's Loredana Botezatu wrote. "Other modifications add extra advertising modules to collect more data from the user than the initial developer planned. Moreover, if a developer only collects UDIDs and e-mail addresses initially, a plagiarized application can be extended to place home-screen icons, spam the notification bar, and so on to maximize the hijacker’s revenue."

Read 3 remaining paragraphs | Comments


    






Yahoo will encrypt between data centers, use SSL for all sites

The NSA's MUSCULAR program grabbed more data (especially from Yahoo) than NSA's analysts could swallow.

In the wake of revelations about the National Security Agency's monitoring of traffic on the private international fiber links connecting the data centers of Google and Yahoo, Google stepped up its efforts to encrypt internal server traffic and block such monitoring. Now, Yahoo has announced its own plans to encrypt all information that travels between data centers by early next year.

In a blog post, Yahoo CEO Marissa Mayer reiterated that "Yahoo has never given access to our data centers to the NSA or any other government agency. Ever." Yahoo previously announced that it would protect Yahoo Mail sessions by default with Secure Socket Layer encryption by January 8, using a 2048-bit encryption key. Google moved to encrypt all its searches earlier this fall, and the company has enabled SSL encryption by default for users logged into its services since 2011.

In addition to encrypting traffic between its data centers by March of 2014, Yahoo is also moving to apply SSL encryption across all its websites within the same time frame. And Mayer said that Yahoo will "work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are HTTPS-enabled."

Read 1 remaining paragraphs | Comments


    






HashTag – Password Hash Type Identification (Identify Hashes)

HashTag.py is a Python script written to parse and identify the password hash type used. HashTag supports the identification of over 250 hash types along with matching them to over 110 hashcat modes (use the command line switch -hc to output the hashcat modes). It is also able to identify a single hash, parse a [...] The post HashTag –...

Read the full post at darknet.org.uk