In an indictment, federal prosecutors charged Prince Holding Group chairman Chen Zhi with wire fraud conspiracy and money laundering conspiracy.
The post US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin appeared first on SecurityWeek.
Resistant AI will use the funding to expand its fraud detection and transaction monitoring offerings to new markets.
The post Fraud Prevention Firm Resistant AI Raises $25 Million appeared first on SecurityWeek.
The company will invest in its AI and real-time detection platform, in global expansion, and in strategic partnerships.
The post Fraud Prevention Company SEON Raises $80 Million in Series C Funding appeared first on SecurityWeek.
French authorities extradited a 39-year-old Nigerian national to the United States Monday for allegedly hacking into tax preparation businesses and participating in a years-long conspiracy to defraud the Internal Revenue Service and state tax agencies.
Chukwuemeka Victor Amachukwu and his Nigeria-based co-conspirators, including Kinglsey Uchelue Utulu, are accused of obtaining about $2.5 million in fraudulent tax refunds from 2019 to 2023, the Justice Department said Tuesday. The conspirators sought fraudulent tax refunds of at least $8.4 million, according to prosecutors.
“Amachukwu allegedly operated multiple illicit fraud schemes — identity theft, computer intrusions via spearphishing, and false investments — profiting at the costs of others,” said FBI Assistant Director in Charge Christopher G. Raia said in a statement.
Prosecutors accuse Amachukwu and his co-conspirators of accessing computer systems of tax preparation businesses in New York, Texas and other states via spearphishing emails. The cybercrime crew allegedly filed false tax returns with federal and state authorities using identities stolen from the victim organizations.
In one of those attacks, in May 2021, members of the conspiracy sent a spearfishing email to an employee of a New York-based tax preparation business, which infected the firm’s computer systems with malware, according to an unsealed indictment.
Authorities said Amachukwu and his co-conspirators also used the stolen identities to file fraudulent claims with the Small Business Administration’s Economic Injury Disaster Loan program, obtaining at least $819,000 in payouts.
Amachukwu faces up to 47 years in prison for multiple charges, including conspiracy to commit computer intrusions, two counts of conspiracy to commit wire fraud, two counts of wire fraud and aggravated identity theft.
“Amachukwu also allegedly took part in a separate fraud scheme that promised his victims valuable investments that did not in fact exist,” U.S. Attorney Jay Clayton said in a statement. Officials said Amachukwu stole millions of dollars of his victims’ money from this scheme.
The FBI, Justice Department’s Office of International Affairs and the U.S. Marshals Service assisted the investigation, which led to Amachukwu’s arrest and extradition from France.
The post Nigerian accused of hacking tax preparation businesses extradited to US appeared first on CyberScoop.
A 21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T.
Cameron John Wagenius, who identified himself as “kiberphant0m” and “cyb3rph4nt0m” on online criminal forums, conducted extensive malicious activity for years, including while he was on active duty, the Justice Department said.
Wagenius pleaded guilty to conspiring to commit wire fraud, extortion in relation to computer fraud and aggravated identity theft. He faces a maximum of 27 years in prison for the charges and is scheduled for sentencing on Oct. 6. Wagenius previously pleaded guilty to two counts of unlawful transfer of confidential phone records information in connection with this conspiracy, the Justice Department said.
“This is one of the most significant wins in the fight against cybercrime,” Allison Nixon, chief research officer at Unit 221B, told CyberScoop. “The cybersecurity workers helping the victims through a storm, federal law enforcement with the fastest federal arrest I have ever witnessed, and the prosecutors now destroying them in court — all brought their A game and they deserve to celebrate tonight.”
Details prosecutors shared about Wagenius as part of their ongoing investigation underscore the bold actions cybercriminals take to extort multiple victims at scale and evade capture. Prior to his arrest in December, Wagenius attempted to sell stolen information to a foreign intelligence service as part of a broader attempt to defect to Russia or another country that he believed would allow him to avoid arrest.
Officials said Wagenius and co-conspirators attempted to defraud at least 10 victim organizations by obtaining login credentials for the organizations’ networks. In November, Wagenius made multiple attempts to extort $500,000 from a major telecommunications company while threatening to leak call records of high-ranking public officials, according to court documents filed in February.
“[Wagenius’] greatest significance is in how absolutely destroyed he’s getting,” Nixon said, adding that he was part of a gang that made threats against Nixon and Unit221B, which specializes in breaking the anonymity of English-speaking cybercriminals.
“He was in the Army, living on base in Texas, when he leaked the hacked call records of President Trump and his family in a failed bid to extort AT&T,” Nixon said. “He pled guilty without even a plea bargain, and the government might still file additional charges. Amazing.”
Authorities did not name Wagenius’ alleged victims in court filings. AT&T in July confirmed cybercriminals accessed the company’s Snowflake environment in April and stole six months of phone and text records of “nearly all” of its customers.
Wagenius’ alleged co-conspirators, Connor Moucka and John Binns, were indicted in November for allegedly extorting more than 10 organizations after breaking into cloud platforms used by AT&T and other major companies. Moucka, a Canadian citizen, consented to extradition to the United States in March to face 20 federal charges stemming from his alleged involvement in a series of attacks targeting as many as 165 Snowflake customers, one of the most widespread and damaging attack sprees on record.
Some of the records allegedly in Wagenius’ possession were stolen in the attack spree on Snowflake customer databases, according to cybercrime researchers. Federal law enforcement also found evidence on seized Wagenius’ devices indicating he had access to thousands of stolen identification documents and large amounts of cryptocurrency.
Justice Department officials said Wagnius and his co-conspirators attempted to extort at least $1 million from victim data owners. “They successfully sold at least some of this stolen data and also used stolen data to perpetuate other frauds, including SIM-swapping,” officials said in a news release.
“Cybercriminals are shockingly slow to update their threat model, and still operate on the assumption that they won’t be jailed and will get a job in the industry afterwards,” Nixon said. “As multi-decade sentences pile up, reality will set in: Brazen cybercriminals are much more likely to die in prison than they used to, and anonymity isn’t real.”
The post Former Army soldier pleads guilty to widespread attack spree linked to AT&T, Snowflake and others appeared first on CyberScoop.
In today’s digital landscape, protecting your identity from real-time threats is more critical than ever. As a cybersecurity expert, I’ve seen an evolving spectrum of threats that go far beyond traditional identity theft. From classic dark web doxing to the advent of fullz—full identity kits sold for a few dollars—threat actors are leveraging these methods for a new breed of real-time scams, amplified by cutting-edge technology.
Recently, a project by Anh Phu Nguyen and Caine Ardayfio demonstrated the capability to integrate facial recognition technology with Meta’s smart glasses, allowing instant identification of strangers. This development marks a significant leap from the traditional static forms of identity theft into real-time exploitation, where personal information is weaponized in the moment.
For decades, doxing and the sale of fullz (complete identity kits) have been staple methods of cybercriminals on the dark web. Doxing involves collecting and publicizing personal information such as home addresses, phone numbers, and social media profiles, often with the intent to embarrass, harass, or intimidate. OSINT tools (Open-Source Intelligence) allow attackers to scrape social media profiles, public databases, and breached datasets to compile detailed profiles on their victims. Once exposed, this data is used for targeted harassment or extortion.
Meanwhile, fullz provide a more comprehensive set of personal details, typically including social security numbers, financial data, and other sensitive information that can be exploited for identity theft. The sale of fullz on dark web marketplaces has enabled identity theft and financial fraud on a massive scale. For a relatively small fee, threat actors can purchase a victim’s entire identity, making it easy to perform account takeovers, create fake profiles, or apply for credit in the victim’s name.
In the past, these methods were effective but static. Attackers could steal and use personal data long after it was exposed. Today, however, advancements in technology have transformed these identity theft techniques into dynamic, real-time threats.
The rise of facial recognition technology combined with wearable devices, like Meta’s smart glasses, introduces a new dimension to identity theft. By pairing this real-time data collection with pre-existing fullz or other doxing techniques, threat actors can instantly exploit an individual’s identity on the fly.
In this I-XRAY demonstration, Meta’s smart glasses were modified to scan faces in public, instantly cross-referencing them with public social media data and possibly with compromised identity information. Imagine walking down the street, unaware that someone can identify you, access your data, and target you with personalized scams—all in real time. This shift turns identity theft into a real-time, hyper-targeted activity.
Here’s how this modern version of doxing and scamming might unfold:
AI plays an integral role in the future of identity scams. It allows for the rapid analysis and deployment of identity data, enabling new, sophisticated scams that were previously unimaginable. Here are several ways AI can enhance these real-time threats:
As highlighted previously, cybersecurity in the age of AI and real-time technologies requires an updated approach. The reliance on static data protection strategies, such as password managers or even two-factor authentication, is no longer sufficient. We need to implement dynamic identity monitoring, where AI-driven systems track unusual behavior related to your digital presence in real-time.
At Constella, we are dedicated to staying ahead of evolving threats by leveraging cutting-edge AI technologies and continuous monitoring to provide comprehensive identity protection. Our unique approach not only covers traditional dark web monitoring but also focuses on a broader range of sources across the surface web, ensuring a proactive stance against emerging scams and data leaks. Here’s how we’re tackling the future of identity theft:
By integrating these advanced tools and methodologies, Constella provides a comprehensive identity protection solution designed to stay one step ahead of modern identity theft techniques. Our AI-driven insights ensure that you are equipped to defend against both current and future threats, safeguarding your personal information in an ever-changing cyber landscape.
Recently, Constella Intelligence has observed an increase in attacks and data breaches resulting in cryptocurrency leaks. This surge could be partly attributed to comments made by former President Donald Trump in support of Bitcoin, which may have heightened hackers’ interest in these sites.
Former President Donald Trump has recently positioned himself as a pro-crypto presidential candidate. During his keynote speech at the Bitcoin 2024 conference in Nashville, Tennessee, held from July 25-27, 2024, Trump emphasized the transformative potential of cryptocurrencies. He pledged to make the United States a leader in Bitcoin mining and digital asset management.
These comments could have caused crypto-related sites to increase in value, making them more attractive targets for cybercriminals. As Bitcoin prices surge, the incentive for attacks on these platforms grows, highlighting the need for robust security measures.
In the first half of 2024, over 250 possible breaches or leaks related to cryptocurrencies, NFTs, and Bitcoin have been reported. These potential breaches could have affected users of various cryptocurrency platforms, including Bitcointalk, Crypto.com, Binance, eToro, and others.
Below are examples of how threat actors are offering information about these crypto-related sites on the Dark Web
This information was published on March 31, 2024. According to the threat actor the data includes:
The post was made on May 27, 2024. The exposed information includes:
The threat actor “whix” published this on March 26, 2024. The exposed information includes:
The same threat actor also reported this on March 25, 202, where the following information could be found:
According to the threat actor on March 25, 2024, a database exposing the following information was published:
These platforms are integral to the crypto ecosystem, providing services such as trading, wallet management, and social interaction for crypto enthusiasts.
Constella Intelligence has checked if the information published could have been produced as the effect of infostealer infections. This check resulted in nearly 4 million users of these cryptocurrency companies being exposed to infostealer data. Most exposures have impacted major cryptocurrency exchange platforms:
Digging into the infostealer exposures, Constella Intelligence also identified what seems to be infostealer infections of potential employees of some of those companies, including Binance.com, eToro.com, Crypto.com, and Localbitcoins.com, among others.
The exposure of such extensive and sensitive information has significant and far-reaching implications as it endangers the financial security and privacy of millions of users. The compromised data can be exploited for various malicious activities:
To mitigate the risks associated with the recent breaches, users should adopt the following security practices:
Login