An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

As Russia’s invasion of Ukraine, navigation system monitors reported this week that they have noticed an increase in GPS jamming in Russian cities since Ukraine began conducting long-range drone strikes. Elsewhere, a lawsuit against Meta alleges that a lack of proper moderation of hate speech on Facebook led to violence that exacerbated Ethiopia’s civil war.

New evidence suggests attackers planted data to frame an Indian priest who died in police custody – and that the hackers may have been colluding with law enforcement when he was being investigated. Russia-based ransomware gang Cuba misused legitimate Microsoft certificates to sign some of their malware, a method of falsely authenticating hacking tools that cybercriminals have come to rely heavily on lately. And to mark the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals have reflected on the current state of security in the open source supply chain and what needs to be done to improve patch adoption.

We also examined the interaction of factors and circumstances that lead to radicalization and extremism in the United States. And Meta gave WIRED a glimpse into the difficulty of allowing users to recover their accounts if they’ve been suspended – without allowing attackers to use the same account takeover mechanisms.

But wait, there’s more! Each week we highlight the security news that we haven’t covered extensively ourselves. Click on the headlines below to read the full stories.

Alexey Brayman, 35, was one of seven people named this week in a 16-count federal indictment alleging they ran an international smuggling ring and illegally exported restricted technology to Russia for the past five years. Brayman was taken into custody Tuesday and later released on $150,000 bail after being ordered to forfeit his passport and observe a curfew. He is an Israeli citizen who was born in Ukraine. Brayman and his wife, Daria, live in Merrimack, New Hampshire, a small town where the two ran an online craft store from their home. “They are the nicest family,” said a courier who regularly delivers packages to their home The Boston Globe. “They leave gift cards around the holidays. And snacks.” However, the prosecution alleges that her home was a staging area for “millions of dollars in dual-use military and sensitive technology from US manufacturers and suppliers.” Two other suspects linked to the case were also arrested in New Jersey and Estonia.

A hacker this week breached the FBI’s information-sharing database InfraGard, compromising data of more than 80,000 members who use the platform to share details and updates related to critical infrastructure in the United States. Some of the data is sensitive and related to national and digital security threats. Last weekend, the hacker posted samples of data stolen from the platform on a relatively new cybercriminal forum called Breached. They valued the database at $50,000 for all content. The hacker claims to have gained access to InfraGard by posing as the CEO of a financial company. The FBI said it was “aware of a potentially bogus account related to the InfraGard portal and is actively investigating the matter.”

Former Twitter employee Ahmad Abouammo was convicted in August of being paid to send user data to the Saudi Arabian government while working for the tech company. He was also found guilty of money laundering, wire fraud and falsifying records. Now he has been sentenced to 42 months in prison. Abouammo worked at Twitter from 2013 to 2015. “This case demonstrated that foreign governments will bribe insiders to obtain the user information collected and stored by our Silicon Valley social media companies,” U.S. Attorney Stephanie Hinds said in a statement. “This phrase sends a message to insiders with access to user information to protect them, especially from repressive regimes or risk significant time in prison.” Earlier this year, whistleblower and former Twitter security chief Peiter Zatko claimed Twitter has since long-standing problems with foreign agents infiltrating the company. The situation was of particular concern as new CEO Elon Musk is massively overhauling the company and its workforce.

According to researchers at security firm Mandiant, hackers have released malicious Windows 10 installers on torrent sites used in Ukraine and Russia in an attempt to compromise Ukrainian government networks. The installers were set up with the Ukrainian language pack and were free to download. They used malware for reconnaissance, data collection and exfiltration. Mandiant said the campaign could not be positively linked to specific hackers, but the targets overlap with those targeted in previous hacks by Russia’s GRU military intelligence agency.

Years after proving vulnerable and insecure, the US National Institute of Standards and Technology said Thursday that the SHA-1 encryption algorithm should be removed from all software platforms by December 31, 2030. Developers should instead turn to algorithms with more robust security, namely SHA-2 and SHA-3. The “Security Hash Algorithm” or SHA was developed by the National Security Agency and introduced in 1993. SHA-1 is a slightly modified surrogate that has been in use since 1995. By 2005 it was clear that SHA-1 was “cryptographically broken”, but it remained in widespread use for years. However, NIST said this week that attacks on SHA-1 “have become increasingly difficult.” Developers have eight years to migrate for any remaining uses of the algorithm. “Modules still using SHA-1 after 2030 will not be approved for purchase by the federal government,” NIST computer scientist Chris Celi said in a statement.

https://www.wired.com/story/russian-smuggling-ring-new-hampshire-security-roundup/ An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

Zack Zwiezen

USTimesPost.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@ustimespost.com. The content will be deleted within 24 hours.

Related Articles

Back to top button