Science and Technology News

Thursday, March 26, 2020

U.S. Attorney warns public of Coronavirus email malware schemes


COLUMBUS, Ohio – U.S. Attorney David M. DeVillers advises the public to be cautious about emails purporting to offer safety information about the coronavirus and containing a hyperlink. Many such emails contain malicious programming that can harm computers, access user’s personal information, and cause financial harm.

For example, emails might promise to:

    Tell you how to protect your friends from COVID-19 if you click a hyperlink
    Directly connect with you a clinical contact if you reply and pay within a certain timeframe
    Provide updated information from a health expert via a hyperlink

U.S. Attorney DeVillers reminds you to stay vigilant, think twice before clicking on links and only respond to emails in which you know the source.

Wednesday, March 25, 2020

DHS Initiating Crucial Research to Mitigate COVID-19



WASHINGTON – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is conducting ongoing research that will help scientists better understand the coronavirus that causes the disease known as COVID-19, and methods to prevent its spread. In the Trump Administration’s whole of government effort, this work is being done at the National Biodefense Analysis and Countermeasures Center (NBACC) laboratory in cooperation with the DHS Countering Weapons of Mass Destruction Office. As results become available, NBACC will provide updates on their findings to DHS and response agencies, especially those that may immediately impact efforts to mitigate transmission.

“With this critical research, we are advancing the country’s top priority in helping to stop the spread of COVID-19,” said William N. Bryan, DHS Senior Official Performing the Duties of the Under Secretary for Science and Technology. “This will help us understand many of the factors that influence the persistence of the virus on surfaces or in the air, and what methods are most effective for disinfecting potentially contaminated surfaces.”

There is currently only limited information available about the virus, so researchers at the NBACC are working very aggressively to answer the many questions experts have about its survivability and transmission. Using the lab’s unique capabilities, the researchers are evaluating the impact of a range of conditions, like temperature and humidity, to determine the virus’s survivability in the air, in respiratory fluids and on various types of surfaces.

The results of this work will provide essential information to protect those responding to the COVID-19 pandemic, including first responders and health care providers, as well as provide best practices for individuals to reduce potential for contamination. A disinfectant study will also provide information on the most effective materials to clean surfaces to rid them of the virus.

NBACC has a unique combination of capabilities in Virology and Aerobiology that operate together at high biocontainment levels, and its aerosol scientists can develop unique solutions to address complex questions, such as those posed during the COVID-19 situation. NBACC’s established ability to evaluate the stability of viruses and the effectiveness of decontamination methods previously enabled it to provide actionable information in mitigating spread of the Ebola virus.

NBACC was established specifically to conduct research for responses to biological events, to characterize emerging or novel biothreats, and develop response tools and information that enables effective responses and mitigation techniques to stem the impact of such events.

FBI Takes Down a Russian-Based Hacker Platform; Arrests Suspected Russian Site Administrator


San Diego – A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov - was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.

DEER.IO was a Russian-based cyber platform that allowed criminals to purchase access to cyber storefronts on the platform and sell their criminal products or services.  DEER.IO started operations as of at least October 2013, and claimed to have over 24,000 active shops with sales exceeding $17 million. The platform was shut down pursuant to a seizure order issued by the Southern District of California Court.

FBI agents arrested Firsov, a Russian cyber hacker, on March 7 in New York City. Firsov not only managed the DEER.IO platform, he also advertised it on other cyber forums, which catered to hackers. Firsov is next scheduled to appear on April 16, 2020, before U.S. Magistrate Judge Allison H. Goddard.

According to a federal complaint, DEER.IO virtual stores offered for sale a variety of hacked and/or compromised U.S. and international financial and corporate data, Personally Identifiable Information (PII), and compromised user accounts from many U.S. companies. Individuals could also buy computer files, financial information, PII, and usernames and passwords taken from computers infected with malicious software (malware) located both in the U.S. and abroad. Law enforcement found no legitimate business advertising its services and/or products through a DEER.IO storefront. Store operators and customers accessed the storefront via the Internet.  Specifically, in this case, the FBI made purchases from DEER.IO storefronts hosted on Russian servers.

The DEER.IO platform offered a turnkey online storefront design and hosting platform, from which cybercriminals could advertise and sell their products (such as harvested credentials and hacked servers) and services (such as assistance performing a panoply of cyber hacking activities). The DEER.IO online stores were maintained on Russian-controlled infrastructure. The DEER.IO platform provided shop owners with an easy-to-use interface that allowed for the automated purchase and delivery of criminal goods and services.

Once shop access was purchased via the DEER.IO platform, the site then guided the newly-minted shop owner through an automated set-up to upload the products and services offered through the shop and configure crypto-currency wallets to collect payments for the purchased products and/or services.

As of 2019, a cybercriminal who wanted to sell contraband or offer criminal services through DEER.IO could purchase a storefront directly from the DEER.IO website for 800 Rubles (approximately $12.50) per month. The monthly fee was payable by Bitcoin or a variety of online payment methods such as WebMoney, a Russian based money transfer system similar to PayPal.

A cybercriminal who wanted to purchase from storefronts on the DEER.IO platform could use a web browser to navigate to the DEER.IO domain, which resolved to DEER.IO storefronts. DEER.IO contained a search function, so individuals could search for hacked accounts from specific companies or PII from specific countries, or the user could navigate through the platform, scanning stores advertising a wide array of hacked accounts or cyber criminal services for sale. Purchases were also conducted using cryptocurrency, such as Bitcoin, or through the Russian-based money transfer systems.

On or about March 4, 2020, the FBI purchased approximately 1,100 gamer accounts from the DEER.IO store ACCOUNTS-MARKET.DEER.IS for under $20 in Bitcoin. Once payment was complete, the FBI obtained the gamer accounts, including the user name and password for each account. Out of the 1,100 gamer accounts, 249 accounts were hacked Company A accounts. Company A confirmed that if a hacker gained access to the user name and password of a user account, that hacker could use that account. A gamer account provides access to the user’s entire media library. The accounts often have linked payment methods, so the hacker could use the linked payment method to make additional purchases on the account. Some users also have subscription-based services attached to their gamer accounts.

On or about March 5, 2020, the FBI purchased approximately 999 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for approximately $170 in Bitcoin.  On that same date, the FBI purchased approximately 2,650 individual PII accounts from the DEER.IO store SHIKISHOP.DEER.IS for approximately $522 in Bitcoin. From those identities, the FBI identified names, dates of birth and U.S. Social Security numbers for multiple individuals who reside in San Diego County, including G.V. and L.Y.

“There is a robust underground market for hacked stolen information, and this was a novel way to try to market it to criminals hoping not to get caught,” said U.S. Attorney Robert Brewer. “Hackers are a threat to our economy, and our privacy and national security, and cannot be tolerated.”

FBI Special Agent in Charge Omer Meisel stated, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the internet. The seizure of this criminal website represents a significant step in reducing stolen data used to victimize individuals and businesses in the United States and abroad.  The FBI will continue to be at the forefront of protecting Americans from foreign and domestic cyber criminals.”

The office extends its appreciation to the New York Division of U.S. Customs and Border Protection operating at John F. Kennedy International Airport and to private sector cyber-security company Black Echo LLC, which provided assistance throughout the investigation.

Report cyber crimes by filing a complaint with the FBI's Internet Crime Complaint Center, by calling your local FBI office or 1800 CALL FBI.

DEFENDANT                                    Case Number: 20MJ1029

Kirill Victorovich Firsov                    Age: 28

SUMMARY OF CHARGE

Unauthorized Solicitation of Access Devices, 18 USC Sec. 1029(a)(6)(A)

Maximum Penalty: Ten years in prison, $250,000 fine, restitution.

AGENCIES

Federal Bureau of Investigatio