Tag: cyber security

  • Over 300 million children a year face sexual abuse online: study

    Over 300 million children a year face sexual abuse online: study

    More than 300 million children a year are victims of online sexual exploitation and abuse, according to the first global estimate of the scale of the problem published on Monday.

    Researchers at the University of Edinburgh found that one in eight of the world’s children have been victims of non-consensual taking, sharing and exposure to sexual images and video in the past 12 months.

    That amounts to about 302 million young people, said the university’s Childlight Global Child Safety Institute, which carried out the study.

    There have been a similar number of cases of solicitation, such as unwanted sexting and requests for sexual acts by adults and other youths, according to the report.

    Offences range from so-called sextortion, where predators demand money from victims to keep images private, to the abuse of AI technology to create deepfake videos and pictures.

    The problem is worldwide but the research suggests the United States is a particularly high-risk area, with one in nine men there admitting to online offending against children at some point.

    “Child abuse material is so prevalent that files are on average reported to watchdog and policing organisations once every second,” said Childlight chief executive Paul Stanfield.

    “This is a global health pandemic that has remained hidden for far too long. It occurs in every country, it’s growing exponentially, and it requires a global response,” he added.

    The report comes after UK police warned last month about criminal gangs in West Africa and Southeast Asia targeting British teenagers in sextortion scams online.

    Cases — particularly against teenage boys — are soaring worldwide, according to non-governmental organisations and police.

    Britain’s National Crime Agency (NCA) issued an alert to hundreds of thousands of teachers telling them to be aware of the threat their pupils might face.

    The scammers often pose as another young person, making contact on social media before moving to encrypted messaging apps and encouraging the victim to share intimate images.

    They often make their blackmail demands within an hour of making contact and are motivated by extorting as much money as possible rather than sexual gratification, the NCA said.

    pdh/bp

    © Agence France-Presse

  • New initiatives to protect sensitive information, prevent cyber attacks

    New initiatives to protect sensitive information, prevent cyber attacks

    The federal government has formed the National Computer Emergency Response Team to protect sensitive information and prevent cyber attacks.

    NCERT will protect digital assets, sensitive information and critical infrastructure.

    According to a notification of the Ministry of IT, NCERT has been formed as per PECA and CERT rules. The Cyber Security for Digital Pakistan project was declared a National CERT, which had been running for several years.

    The NCERT will play a role in detecting and preventing cyber attacks. For this, along with the appointment of experts, the purchase of necessary software and hardware has already been done.

    NCERT will work on creating awareness, research and development related to cyber attacks while a separate website for National Cert has also been launched.

    The Cyber Security for Digital Pakistan project has been running for several years, and it was run by the National Telecommunication and Information Security Board.

  • Global operation smashes ‘most harmful cyber crime group’

    Global operation smashes ‘most harmful cyber crime group’

    LONDON: An international operation led by UK and US law enforcement has severely disrupted “the world’s most harmful cyber crime group”, the Russian-linked ransomware specialist LockBit, officials announced Tuesday.

    LockBit and its affiliates have targeted governments, major companies, schools and hospitals, causing billions of dollars of damage and extracting tens of millions in ransoms from victims.

    Britain’s National Crime Agency (NCA), working with the Federal Bureau of Investigation, Europol and agencies from nine other countries in Operation Cronos, said it had infiltrated LockBit’s network and taken control of its services.

    “We have hacked the hackers, we have taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems,” NCA director general Graeme Biggar told reporters in London.

    LockBit’s website — selling services that allow people to organise cyber attacks and hold data until a ransom is paid appears — was taken over on Monday evening.

    A message appeared on the site stating that it was “now under control of law enforcement”.

    “As of today LockBit is effectively redundant, LockBit has been locked out,” Biggar said.

    The US Justice Department (DOJ) said the agencies had seized control of “numerous public-facing websites used by LockBit to connect to the organization’s infrastructure” and taken control of servers used by LockBit administrators.

    The NCA added that it had obtained more than 1,000 decryption keys and will be contacting UK-based victims in the coming days and weeks to offer support and help them recover encrypted data.

    Biggar said the network had been behind 25 percent of all cyber attacks in the past year.

    Lockbit has targeted over 2,000 victims and received more than $120 million in ransom payments since it formed four years ago, according to the (DOJ).

    Those targeted have included Britain’s Royal Mail, US aircraft manufacturer Boeing, and a Canadian children’s hospital.

    In January 2023, US law enforcers shut down the Hive ransomware operation which had extorted some $100 million from more than 1,500 victims worldwide.

    Following that action, Lockbit had been seen as the biggest current threat.

    Hive and Lockbit are part of what cybersecurity experts call a “ransomware as a service” style, or RaaS — a business that leases its software and methods to others to use in extorting money.

  • Google accidentally transfers $249,000 to self-proclaimed hacker’s bank account

    Google accidentally transfers $249,000 to self-proclaimed hacker’s bank account

    A blogger and security engineer who received a quarter-million dollars by mistake from Google claims he waited nearly a month for a response.

    On Wednesday, Sam Curry, who also describes himself as a hacker shared a screenshot along with the statement that the tech giant had “randomly” transferred him $249,999.

    Curry added in the tweet, “It’s OK if you don’t want it back,” adding that it had been more than three weeks since he had gotten the money and that he had been issued a support ticket when he contacted Google.

    Curry claimed that instead of spending the money, he saved it for the inevitable request for repayment from the corporation. He told NPR that in order to avoid paying tax on the money, he might need to transfer it to another account.

    The security engineer told NPR that he performs “bug bounty hunting” work for corporations like Google. He is paid to look for flaws in businesses’ software.

    He did not, however, see how the transfer related to his work at Google. As of Thursday, he still had the money.

    “Our team recently made a payment to the wrong party as the result of human error,” a Google spokesperson told NPR in a statement. “We appreciate that it was quickly communicated to us by the impacted partner, and we are working to correct it.”

    A Google spokesperson also disclosed to NPR that the company intended to recover the funds.

    A similar occurrence occurred last month when the cryptocurrency exchange Crypto.com unintentionally sent a woman over $10 million instead of $100. She spent or transferred significant amounts of money by the time the corporation realised the blunder, which was seven months later.

  • Google to ban call recording apps in the next update

    Google to ban call recording apps in the next update

    From May 11, a new policy of the Google Play Store will prohibit third-party call recording applications from being downloaded.

    Modifications to the Google Play Policy mean that developers’ access to the Accessibility API will be restricted even more. This has been used as a workaround for remote call audio recording, however starting May 11, Google will no longer allow apps on the Play Store to use the Accessibility Service.

    In addition, Google clarified potential misunderstandings about the change in policy through a recent developer webcast.

    Numerous apps allow recording audio from a call without the other party knowing. As a result, this policy change only affects third-party apps on the Play Store. On some devices, several default dialer apps, such as Google Phone, Mi Dialer, and others, have a native call recording feature built-in. The update would not affect the default dialer apps on devices like Pixel and Xiaomi handsets.

    “Remote in this sense refers to call audio recording where the person on the other end is unaware that the recording is taking place,” said Moun Choi, Google content operations lead, during the special developer webinar.

    “Accessibility capability is not necessary to get access to the incoming audio stream if the app is the phone’s default dialer and also pre-loaded”. As a result, there would be no infringement. Because this is a clarification of an existing policy, the new language will take effect on May 11th for all apps”.

    Read more: Netflix loses 200,000 subscribers in Q1 2022, projects deeper losses in Q2

    In other words, you won’t lose functionality if you can record calls using your pre-installed dialer programme. Call recording may not be possible in the future if you use an app downloaded from the Google Play Store.

  • FIA arrests suspects from Faisalabad for blackmailing US girl who committed suicide

    FIA arrests suspects from Faisalabad for blackmailing US girl who committed suicide

    The Federal Investigation Agency (FIA) has arrested two people in Faisalabad after a girl in the United States (US) committed suicide because of the ‘obscene content’ shared by them, ARY has reported. However, as per Dunya, three suspects have been arrested in this case.

    According to the FIA, the suspects blackmailed the girl by sharing content concerning her with her classmates. “As a result of this, the girl committed suicide in the United States,” said FIA.

    According to details, the arrested individuals met the teen on social media and obtained her pictures and videos. As per the agency, the US embassy has formally requested that the suspects be prosecuted.

  • Fake fingerprints being used to activate SIMs, warns Interior Ministry

    Fake fingerprints being used to activate SIMs, warns Interior Ministry

    The Ministry of Interior has disclosed that criminals are using fraudulent techniques like silicon thumbs impressions to activate SIM cards.

    The Cyber Crime Wing of the Federal Investigation Agency (FIA) has received more than 4,547 complaints of unsolicited/fraudulent calls. These cybercrime activities are financially deceiving common people.

    “It’s a fact that Cybercrime FIA assists the Pakistan Telecommunication Authority (PTA) in tracking the owner of such SIMs. Some culprits are being interrogated,” said the ministry.

    In 2019 and 2020, the Cyber Crime FIA registered 90 First Information Reports (FIRs), 107 accused were arrested while 17 biometric verification (BVS) devices, 25,192 SIMs, and 6,446 silicon thumbs impressions along with a voter list were recovered.

    The loss averted during 2019-20 was R.71.99 million, and the estimated cost of the confiscated items was Rs 91.76 million.

    The Cyber Crime FIA has established a special team in every cybercrime reporting centre to deal with complaints about unsolicited callers who defrauded people and collaborates with the PTA to crack down on such franchises that fraudulently activate SIMs.

  • FIA to probe hacking of SC Justice Faez Isa’s cell phone

    FIA to probe hacking of SC Justice Faez Isa’s cell phone

    The Federal Investigation Agency (FIA) will trace the suspects responsible for hacking the phone of senior Supreme Court judge Qazi Faez Isa.

    The News reported that the FIA team would comprise forensic and cyber exports who would identify the hackers and their motives for targetting the judge. It will also probe the potential theft of the judge’s phone data, email and messages, during the hacking attempt. It hasn’t been decided as to who would head the FIA team to probe the cyber attack.

    On Tuesday, Supreme Court Registrar Khawaja Daud Ahmad requested FIA Director General Wajid Zia to form a team of experts to probe this phone hacking issue.

    “I am directed to state that the personal cell phone of Justice Qazi Faez Isa, judge of this court, was hacked on Jan 29, 2021 (Saturday) and his lordship learnt of this early Sunday morning. I am therefore directed to request you [Wajid Zia] to depute a technical team to assess his lordship’s cell phone in respect of hacking status and apprise about the same at the earliest,” stated Registrar Supreme Court’s letter quoted by Geo News.

    The SC had also issued an official statement to inform the public that the personal cell phone of Justice Qazi Faez Isa was hacked.

    “There is suspicion that misleading communication can be made from his lordship’s number to anyone with ulterior motives,” read the SCP’s official statement. “Therefore, the communication purportedly made from his lordship’s cell phone, which his lordship had not sent, may be treated as fake and false,” the official statement added.

    IT expert Dr Umar Saif, while talking about the hacking of the judge’s phone, said there were two ways to hack a cell phone: one is to take over other person’s Whatsapp by stealing the confirmation code, while the second, more sophisticated one, is to hack the entire operating system of the cell phone.

    Both techniques are being used to hack phones in Pakistan, he said, adding that an Israeli cybersecurity firm built a software named Pegasus to hack the phones in 2016.

    Pegasus malware is spyware that can hack any device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram. The spyware can record conversations and video as well as snap pictures from the device’s camera.

    The malware was created by NSO Group, an Israeli cybersecurity firm founded in 2010, and has been around since at least the summer of 2016.

  • IBM to launch Open P-TECH in Pakistan for Youth’s capacity building

    IBM to launch Open P-TECH in Pakistan for Youth’s capacity building

    IBM is launching Open P-TECH in Pakistan to help develop talent and equip them with technical and professional proficiency in Artificial Intelligence (AI), Data Science, Cybersecurity, Cloud, etc to enabling our workforce, Tania Aidrus has tweeted.

    Open P-TECH was launched by the American tech giant, IBM and it aims to equip people of different countries with skills in tech-related fields like Artificial Intelligence, Data Science, Cyber Security, Design Thinking, and Professional Skills.

    “The P-TECH offers industry-recognised tools and digital badges on emerging technologies and professional competencies that are in demand across industries,” says the P-TECH website.

    The platform will help students across Pakistan in obtaining much-needed exposure, knowledge and skills before they enter the job market.

    Students will be able to showcase their skills and gain e-badges and the likes, attracting potential employers and selection committees at universities.

    Teachers will also have access to projects and lesson plans for their students, making it easier for them to teach as well as equipping them with many technical and professional skills.

    “Open P-TECH is a great place to start your career exploration and begin building skills that will help you become well-positioned for a fulfilling career!”

  • Former eBay director arrested for shipping live cockroaches, fly larvae, spiders to a journalist

    Former eBay director arrested for shipping live cockroaches, fly larvae, spiders to a journalist

    Six former eBay employees have been charged for an “aggressive cyber-stalking campaign” targeting a couple that published the newsletter for their negative eBay coverage — sending the couple online threats, abuses, mailing live insects and bloody pig face masks, and driving to their Massachusetts home to surveil them.

    The Department of Justice alleges that James Baugh, David Harville, Stephanie Popp, Brian Gilbert, Stephanie Stockwell and Veronica Zea were involved in the harassment campaign.

    The accused created an anonymous account to send insults and threats to the editor of the newsletter and her husband. Later on, the harassment escalated into in-person harassment.

    They shipped pig masks, a box of cockroaches, another box of fly larvae and live spiders, pornography, a book on “surviving the loss of a spouse”, a sympathy wreath from a local florist and a “preserved fetal pig” — although the pig fetus was never delivered.

    The team also allegedly spied on the couple to find evidence that they were collaborating with troll commentators. At one point, they planned to break into their garage and install a tracking device in their car.

    Texts between an unnamed eBay executive and Baugh.

    eBay’s leadership supposedly didn’t know about the harassment campaign until being notified by law enforcement in August 2019. 

    The company posted a statement saying that they have terminated all the employees involved in the case and “eBay does not tolerate this kind of behavior”.

    “eBay apologises to the affected individuals and is sorry that they were subjected to this. eBay holds its employees to high standards of conduct and ethics and will continue to take appropriate action to ensure these standards are followed.”

    Baugh was eBays global security and resiliency director, Harville was director of global resiliency, Popp was senior manager of global intelligence and Gilbert was a former police captain who handled security and safety at eBay’s North American offices.