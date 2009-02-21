from the gone-phishing dept.
Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.” The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers.
The Ukrainian attorney general’s office said it worked with the nation’s police force to identify a 39-year-old man from the Ternopil region who developed a phishing package and special administrative panel for the product.
“According to the analysis of foreign law enforcement agencies, more than 50% of all phishing attacks in 2019 in Australia were carried out thanks to the development of the Ternopil hacker,” the attorney general’s office said, noting that investigators had identified hundreds of U-Admin customers.
[...] Cybersecurity threat intelligence firm Intel 471 describes U-Admin as an information stealing framework that uses several plug-ins in one location to help users pilfer victim credentials more efficiently. Those plug-ins include a phishing page generator, a victim tracker, and even a component to help manage money mules (for automatic transfers from victim accounts to people who were hired in advance to receive and launder stolen funds).
Perhaps the biggest selling point for U-Admin is a module that helps phishers intercept multi-factor authentication codes. This core functionality is what’s known as a “web inject,” because it allows phishers to dynamically interact with victims in real-time by injecting content into the phishing page that prompts the victim to enter additional information. The video below, produced by the U-Admin developer, shows a few examples (click to enlarge).
Related Stories
Jo Best at ZDNet asks:
In a world where more and more objects are coming online and vendors are getting involved in the supply chain, how can you keep track of what's yours and what's not?
[...] Data gathered by IoT sensors and systems can pass through any number of hands -- those of the end-user that creates it, or of the company whose hardware collects it, even the software business the processes it, and the app maker that shares it, and all of them may want to claim rights over it. Whether you're part of a company wanting to improve their business with industrial internet systems or an individual planning to make their home a little smarter with IoT, whose data is it anyway?
According to law firm Taylor Wessing, end users don't really have ownership rights to the data gathered by off-the-shelf systems they've installed. If you've rolled out a smart home set-up, you can't legitimately claim that all the details about when you switched on your lights or opened your garage belong to you and you alone.
However, in Europe, companies that have spent time and money creating a fixed database that they can query could legitimately claim to have ownership of that data. If more than one company has had a hand in building that database, though, all may be able to claim ownership and then use it in their business contracts. "Where ownership has not been appropriately provided for, we can expect to see big disputes between those involved, given the potential value in data captured from the IoT," Taylor Wessing senior associate Adam Rendle noted in a blog.
(Score: 0) by Anonymous Coward on Wednesday February 10, @01:01AM
The smartphone generations are even more clueless than PC generation, in good part because smartphone tech is more complex and opaque than PCs.