Using the new scheme, fraudsters plan to steal money and passport data, gain access to accounts on social networks and electronic mailboxes of Russians who needed to issue passes during the quarantine period. At the moment, criminals are working on creating clones of government agencies responsible for issuing documents (including mos.ru, mosreg.ru and gosuslugi.ru), and fake media portals on which it is planned to post fake news, experts told Izvestia on cybersecurity. In addition, the planned hackers and the mass mailing of messages via e-mail, social networks and instant messengers. To protect against intruders, experts advise using information verification services. About how to do this - in the material of Izvestia.
Clone attack
Forced isolation due to the COVID-19 pandemic is forcing people to spend more and more time on the Internet. The network is needed for working remotely, studying, ordering goods and organizing home leisure activities. The growth of traffic was even confirmed by the deputy head of the Ministry of Communications Alexey Volin, who said that "when they stayed at home, the people rushed to the Internet, and rushed there with terrible force."
According to the Russian company "Internet Rozysk", network scammers also decided to take advantage of the trend. Now they are organizing a global criminal system consisting of fake sites, hacked accounts on social networks and malicious Telegram bots. Criminals are going to attract people with a service to provide passes for moving around the city in the context of the COVID-19 epidemic, and then steal their money and personal data.
“We got information about the upcoming action using our bots, which are embedded in the darknet (the shadow segment of the Internet. - Izvestia) and a number of closed chats,” said Igor Bederov, CEO of the company. “We learned from them that a scheme is being prepared for deceiving people who plan to obtain passes for themselves.”
According to the expert, this scheme, known as the “rabbit hole”, involves the mass mailing of addresses of fake sites that will be as similar as possible to the resources of government agencies with the authority to issue documents (including mos.ru, mosreg.ru and gosuslugi.ru ) It is expected that this will happen with the help of hacked accounts on social networks and Telegram bots. Attackers will try to confirm the legitimacy of the messages with links to articles allegedly posted in leading Russian media - their sites will also receive clones.
Throughput pressure
After users switch to malicious resources, they will be asked for passport data for issuing passes, as well as bank card details - supposedly to pay for the service upon receipt.
“Their further actions can be predicted from earlier criminal actions of this type, which, in particular, were conducted under the guise of receiving certain compensatory state payments or paid bank surveys,” warned Igor Bederov. - Then the criminals, as a rule, sought a voluntary transfer of money, after which they managed to withdraw the remaining funds from the cards with the help of the details already received.
At the same time, personal data of users is likely to become goods for sale on the black market, forming new illegal bases. The final stage of the scheme is usually the hacking of the personal accounts of the deceived user on social networks and his mailboxes (this is done using the captured cookies), after which they are connected to the distribution of malicious messages.
The large-scale nature of the illegal action was confirmed by specialists of the Security Intelligence Cryptocurrencies Platform (SICP) risk analysis service.
“The scale of the new threat is comparable to the financial pyramids, the organizers of which spend huge sums on promotion through famous people and popular sites,” said Aleksandr Podobnykh, an independent expert at SICP. - And the state’s symmetric response to this, I’m afraid, can only be a significant increase in control over SIM cards, hosting and data centers.
According to experts, in addition to the already mentioned increase in Russian Internet traffic, there are a number of additional factors that will play into the hands of criminals, increasing their chances of success.
“First of all, they include neurotization of people against the background of the epidemic, which makes it easier to manipulate,” said Luka Safonov, director of the information security department of the National Engineering Corporation. - On the other hand, the situation is complicated by the situation with state portals, which now do not withstand the influx of visitors. The fact is that when people cannot get a pass through an official resource, they are most likely to be interested in an alternative offer.
Simple calculations
Despite the sophistication of criminal methods, you can still protect yourself from fraud using a few simple tools that allow you to calculate fraudsters. The instruction for checking incoming messages to Izvestia was provided by Internet Rozysk:
- all state organizations and private companies operating in Russia have domain names registered in our country. Therefore, suspicious links should be checked through the WHOIS service, which reveals their true owners. If, according to the results of the examination, they turn out to be hidden, then it is better not to trust the received information.
- checking the sender of the letter, which can be carried out through the verifiers of mailboxes located on the sites https://2ip.ru/mail-checker/, will be useful in such a situation; http://ru.smart-ip.net/check-email/ and https://ivit.pro/services/email-valid/. It will make sure that the message came from the server of the organization whose employees were indicated as its authors.
- also an indirect sign of fraud can be the so-called shortened link, which has the end click.ru, goo-gl.ru, etc. Its original address is also worth checking (without going to it!) Using special services - they are available at: https://scanurl.net/; https://vms.drweb.ru/online/, https://virusdesk.kaspersky.ru/ and https://iplogger.ru/url-checker/.
The Izvestia source in the power structure confirmed the need for additional verification of the legitimacy of the request when receiving a request for the transfer of funds. “This needs to be done even if it seems that the message was sent to one of the state structures,” he noted.
The expert also proposed an additional way to check emails received via e-mail: you should try to reply to a suspicious message. If the address of the organization’s employee does not change, then with a high degree of probability it is not fake.
However, this does not eliminate the need for additional checks described in the instructions.
Roskomnadzor responded to a request from Izvestia that they were ready to promptly send administrators of sites hosting false information notifications of the need to delete it, if the Prosecutor General's Office so requires.
“If this instruction is not followed, information will be communicated to telecom operators about the need to limit the access of Russian users to this content,” the organization noted.
At the same time, Roskomnadzor emphasized that they do not have the authority to conduct investigations to prevent cybercrime and fraud on the Internet.
Izvestia also sent inquiries to the Ministry of Internal Affairs, the FSS and the Moscow Department of Information Technology. However, operational responses could not be obtained.
Source: IZ.ru
All investigations and political actions of blogger Alexei Navalny begin immediately after large cash receipts come to his bitcoin wallets, the owner of Internet-Rozysk, Igor Bederov, told the Krasnaya Vesna correspondent on November 6.
He said that his company is developing unique services for the prevention and investigation of crimes intended for law enforcement and security services: “You should start the story with the fact that we are developing the first domestic service designed to trace cryptocurrency transactions - SICP | Security Intelligence Cryptocurrencies Platform."
Igor Bederov recalled that Navalny “uses several cryptocurrency bitcoin wallets to finance his activities,” and spoke about the results of monitoring the status of these wallets.
“What are these wallets? The first wallet 3QzYv * (the wallet number is at the disposal of the publisher) was used in 2691 transactions. In total, 633.28146173 Bitcoins came to this wallet, which is 378 196 391.89 rubles. at today's rate.
The second 3MQTR wallet * (wallet number is at the disposal of the publisher) was used in 666 transactions. A total of 72.80104198 Bitcoins came to this wallet, which is 43,476,863.08 rubles. at today's rate, ”the specialist shared information.
He drew particular attention to the fact that the activities of the opposition are “tied” to the proceeds of his Bitcoin wallets: “During the monitoring of these wallets, we clearly see that all his investigations or political actions take place immediately after receiving a large monetary tranche.”
Igor Bederov noted the difference between such large tranches and the receipt of money from Navalny’s supporters: “Such tranches are very specific and very different from the usual donations from FSC supporters. An ordinary supporter of Navalny can transfer him an amount of 100 rubles. and up to 15 thousand rubles. maximum. And these are direct transactions that go from wallet A to wallet B.
At the same time, large transfers that precede stocks and FSC investigations start at 3 million rubles. And these transactions are far from simple. They mix bitcoins, hide information about their real sender in a heap of parallel transactions."
In conclusion, he emphasized that after the analysis it was possible to establish that the sender of such tranches may be located in the USA: “However, we were able to analyze several chains of such transactions and determine that the probable sender of funds may be located in the United States.”
Note, on October 9, the Ministry of Justice of Russia recognized FSC as a foreign agent.
And in mid-October in 30 headquarters of the headquarters of the Anti-Corruption Fund, the Investigative Committee of the Russian Federation conducted searches. They took place in the framework of the criminal case of money laundering by FSC employees, as well as their receipt of money from abroad. FSC accounts were arrested.
On November 5, the Levada Center released data according to which a third of Russia's residents call criminal cases against the Navalny Fund protection of the country from foreign influence and the fight against money laundering.
Source: Red Spring.
PlusToken crypto wallet, which proposed storing almost all the world's leading cryptocurrencies and making a profit on their investments, can claim the status of the largest fraudulent project in the history of financial pyramids. Users cannot withdraw the equivalent of $ 3 billion from their online wallets.
PlusToken, an international decentralized crypto project of the multi-currency online wallet PlusToken, was launched in April 2018. The project was positioned by the creators as developing a team from South Korea using Samsung technology. The marketing campaign was launched in Asia (China, Japan, South Korea, Myanmar, Vietnam), a number of European countries (Germany and the UK), as well as in Russia.
In addition to the ability to store almost all the world's leading cryptocurrencies in the wallet - Bitcoin, Bitcoin Cash, Ethereum, XRP, EOS, IO, Litecoin, Doge and Dash, users were promised a fairly significant return on investment of their cryptocurrency assets - from 6% to 19% per month.
According to experts from Elementus (USA), a company that creates and promotes fintech solutions based on blockchain technology, over 800 thousand Ethereum cryptocurrency depositors have used PlusToken wallets for the entire existence of the project and stored about 10 million ETH on them.
According to the Special elaborations department of the Technopark of St. Petersburg, the PlusToken pyramid attracted about 200 thousand bitcoins, 789 thousand ETH and 26 million EOSIO. All these funds went to wallets controlled by the PlusToken team.
However, interested media write, these estimates are very preliminary, and the amount collected from investors may be much larger. So, experts say, only the Ethereum address of PlusToken stored more than 781,000 ETH, which, in terms of the exchange rate, amounts to more than $ 234 million.
The capitalization of PlusToken at the top of trading reached $ 17 billion. PlusToken was accused of fraud in March 2019, when Chinese police raided PlusToken's offices in Hunan (PRC). The head of PlusToken's Chinese unit, Chen Bo, as well as five other Chinese citizens related to the cryptocurrency wallet project, have disappeared and are on the wanted list.
Problems with the withdrawal of assets from PlusToken wallets began in late June 2019. The Chinese investors were the first to suffer, as evidenced by the entries in the PlusToken support service, which did not respond to calls, and, starting on June 29, the PlusCoin platform token exchange rate remained at the same level ($ 139,237) without hesitation.
On June 29, according to the Dailypost, six Chinese citizens suspected of participating in an Internet scam were arrested on the island of Vanuatu at the request of the Chinese authorities and deported back to China. It is possible, the publication reports that they are precisely the key figures in the PlusToken team.
To date, it is known that the organizers of PlusToken have already managed to cash out part of the bitcoins through crypto exchanges Huobi Global (Singapore) and Bittrex (USA). In particular, the Singapore cryptocurrency exchange got almost half of the funds raised for wallets - about 4.3 million ETH. The other part was transferred to one of the cryptocurrency wallets.
It was possible to track the funds of defrauded investors thanks to the cryptocurrency transaction analysis service created in the Special elaborations department of the Technopark of St. Petersburg.
According to experts, the obvious signs of the financial pyramid of the PlusToken project were tracked from the very beginning. Among them, the referral system of distribution of funds offered to investors, which is characteristic of financial pyramids and MLM marketing, and unjustifiably high monthly profit (from 6% to 19%.). The PlusToken fraudulent scheme is already being compared with the principles of organizing the BitConnect closed cryptocurrency platform. It entered the market through an ICO at the end of December 2016, and by the end of 2017, its BCC tokens have established themselves as one of the fastest growing cryptocurrencies. She guaranteed her investors a 40% return for a month. According to CoinMarketCap, in a fairly short time, BCC capitalization reached $ 2.6 billion, and the ATH rate was $ 460. But in January 2018, BitConnect unexpectedly for its investors announced the closure of the exchange and the lending program, notifying them that they would continue to provide services as a wallet, but at the same time change the format to a media platform. Immediately after this announcement, investors fell into a panic, and the BCC rate lost 96% of the cost.
It is interesting to note that in Russia until now, users have access to the PlusToken mobile wallet, which can be downloaded from the GooglePlay and AppStore stores. For the storage of their crypto assets in the wallet, Russian investors are still guaranteed a profit of 6% to 19% monthly. True, the “blog” section of PlusToken’s Russian site is currently inactive (or deleted), and all consultations are invited to receive via WhatsApp.
Source: IT News.
Washington D.C., Dec. 20, 2018 - The Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) today announced its 2019 examination priorities. OCIE publishes its exam priorities annually to promote transparency of its examination program and provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. This year, particular emphasis will be on digital assets, cybersecurity, and matters of importance to retail investors, including fees, expenses, and conflicts of interest.
OCIE is steadfast in its commitment to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that improve compliance, prevent fraud, monitor risk, and inform policy. They believe our ongoing efforts to improve risk assessment and maintain an open dialogue with market participants advance these goals to the benefit of investors and the U.S. capital markets.
This year, OCIE's examination priorities are broken down into six categories:
1. compliance and risk at registrants responsible for critical market infrastructure;
2. matters of importance to retail investors, including seniors and those saving for retirement;
3. FINRA and MSRB;
4. digital assets;
5. cybersecurity; and
6. anti-money laundering programs.
The published priorities for 2019 are not exhaustive and will not be the only issues OCIE addresses in its examinations, Risk Alerts, and investor and industry outreach. While the priorities drive OCIE’s examinations, the scope of any examination is determined through a risk-based approach that includes analysis of the registrant’s operations, products offered, and other factors.
The collaborative effort to formulate the annual examination priorities starts with feedback from examination staff, who are uniquely positioned to identify the practices, products, and services that may pose significant risk to investors or the financial markets. OCIE staff also seek advice of the Chairman and Commissioners, staff from other SEC divisions and offices, and the SEC's fellow regulators.
OCIE is responsible for conducting examinations of entities registered with the SEC, including more than 13,200 investment advisers, approximately 10,000 mutual funds and exchange traded funds, roughly 3,800 broker-dealers, about 330 transfer agents, seven active clearing agencies, 21 national securities exchanges, nearly 600 municipal advisors, FINRA, the MSRB, the Securities Investor Protection Corporation, and the Public Company Accounting Oversight Board, among others. The results of OCIE’s examinations are used by the SEC to inform rule-making initiatives, identify and monitor risks, improve industry practices, and pursue misconduct...
Source: SEC.gov
Released today, Chainalysis latest crypto crime research on $1.6B in hacks, darknet market activity, and Ethereum scams shows how they decoded each type of crime and what it means for AML compliance and investigations.
Crypto crime increased in 2018, but it made up a smaller slice of a much larger market. Indeed, according to they analysis, illicit transactions comprised less than 1% of all economic bitcoin activity in 2018, down from 7% in 2012.
Even so, crime remains a significant problem in the cryptocurrency ecosystem. Exchange hacks have generated billions of dollars in criminal proceeds, darknet market activities have netted hundreds of millions of dollars in illicit revenues, and scams targeting individuals have stolen tens of millions of dollars.
Moreover, criminal use of cryptocurrencies has become far more sophisticated. As a result, in this second edition of their Crypto Crime Report, they go deeper in analysis to seek out granular insight into three categories of criminal activity.
Then, they examine the surprising resilience of darknet markets as law enforcement takes aggressive action against them. In a report on the “whack-a-mole” problem with the darknet, they look at how transaction activity briefly subsides then quickly reroutes itself to new platforms when major darknet markets are closed down.
They also examine changing trends in Ethereum scams, where individuals are targeted, as last year’s phishing schemes lose their effectiveness and more complex Ponzi and ICO exit scams emerge to make outsized gains.
Finally, they discuss the role of cryptocurrency in the broader context of money laundering and highlight the importance of different types of services that are used to integrate illicit cryptocurrency into the clean economy...
Source: Chainalysis Research.
In Russia, announced an online service that analyzes the risks of using cryptocurrency and investigates crimes committed in this area. The development was carried out by the company "Internet-Rozysk".
The service, which was launched last year, was called the Security Intelligence Cryptocurrencies Platform. In January, an alpha version of the service appeared on the site www.ueba.su.
According to the project director Igor Bederov, the service was launched in December last year and as of January 2019, he found 46 thousand bitcoin wallets, which were given the status of "unreliable".
SICP analyzes blockchains, websites, chat rooms, and forums to identify those cyberwiches that are used in criminal schemes, such as fraud, blackmail, money laundering, and so on. Also, the development team of the platform builds interactions with market participants, public organizations and law enforcement agencies. One of the promising goals of the service creators see deanonymization of purses and assigning them the status of “trustworthy” - provided that they are not seen in the implementation of suspicious operations, and “unreliable” - if the operations that were carried out through the wallet raise doubts. At this stage, the strategic partners of the project are CipherTrace, Sentinel Protocol, Crystal, CryptoPolice, Wawes, SPb BlockChain, CryptoRussia.ru and ACISO.
The developers set themselves the task of giving users the ability to track all transactions from the moment they are sent until the moment they receive funds on the recipient’s wallet. The system should work by analogy with the methods that are now used by the financial supervision authorities. The service will identify wallets that are used for money laundering, terrorist financing and other illegal purposes. Also, the service will be able to monitor transactions on certain wallets for a long time, which will allow detecting fraudulent ICOs.
SICP is a breakthrough technology for Russian crypto-business. This prominent development will allow participants of the Russian cryptocurrency market to protect themselves from fraud, journalists said.
Note that on pre-sale, SICP tokens can be purchased at half price, and the alpha version of the service from January 9 can be connected to www.ueba.su.
Source: CryptoRussia.ru
The Belgian Financial Services and Markets Authority (FSMA) has updated their ongoing list of businesses reported to operate cryptocurrency scams. With this most recent addition of 14 websites the “blockchain blacklist” has now expanded to 113 websites to avoid.
The FSMA has been updating their blacklist throughout 2018. In March, the Brussels Times reported that Belgian tax authorities had started hunting for cryptocurrency investors. “Anyone speculating on the cryptocurrency market must pay tax of 33% on gains made, and declare these within the section ‘miscellaneous income’ on their tax return,” the Times reported.
Despite warnings from the FSMA consumers continue to log complaints regarding fraudulent activity on cryptocurrency exchanges. The FMSA has warned consumers to look out for various red flags. FSMA warns...
Source: Bitcoin, Ethereum and Blockchain News | CryptoGlobe.
Корпоративная система аналитики Транзакция Криптовалюта Актив - кибербезопасность инфраструктуры блокчейнов и антифрод в криптовалютной сфере (антискам, прозрачность, комплаенс).
Российская Федерация, Москва
Тел.: +7 (911) 999 9868
Факс:
Почта: cosatca@ueba.su
Сайт: www.ueba.su