Estonian Citizen Pleads Guilty to Computer Fraud and Abuse

At least 60 devices and internet routers were compromised in Alaska

ANCHORAGE – An Estonian national pleaded guilty today in the District of Alaska to two counts of computer fraud and abuse.   

According to court documents, Pavel Tsurkan, 33, operated a criminal proxy botnet by remotely accessing and compromising more than 1,000 computer devices and internet routers worldwide, including at least 60 victims in Alaska. He used the victims’ devices to build and operate an Internet of Things (IoT)-based botnet dubbed the “Russian2015” using the domain Russian2015.ru. He modified the operation of each compromised internet router so it could be used as a proxy to transmit third-party internet traffic without the owners’ knowledge or consent. He then sold access to global cybercriminals who channeled their traffic through the victims’ home routers, using the victims’ devices to engage in spam campaigns and other criminal activity. The Alaska victims experienced significant data overages even when there were no home computers connected to the victims’ home networks. The data overages resulted in hundreds to thousands of dollars per victim.   

“Today’s cybercriminals rely on increasingly sophisticated techniques to hijack computers and personal electronic devices for their criminal activities. Botnets like the ‘Russian2015’ are a dangerous threat to all Americans and today’s guilty plea demonstrates we can and will hold accountable foreign cybercriminals and their enablers,” said Acting U.S. Attorney Bryan Wilson, District of Alaska. “Our success in disrupting this botnet was the result of a strong partnership between private industry experts and law enforcement.”

Tsurkan is scheduled to be sentenced on November 10, 2021 and faces a maximum penalty of 10 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI’s Anchorage Field Office is investigating the case with support from GCI and Palo Alto Networks Unit 42. The FBI’s New Haven, Connecticut, Field Office provided assistance during the investigation.

Assistant U.S. Attorney Adam Alexander and Trial Attorney Alden Pelker of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.

Press release from: https://www.justice.gov/usao-ak/pr/estonian-citizen-pleads-guilty-computer-fraud-and-abuse

‘Have I Been Pwned’ Code Base Now Open Source

Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.

Have I Been Pwned (HIBP), the free website used by millions to check whether their credentials have been compromised, has open sourced its code base, founder Troy Hunt announced today.

Hunt first mentioned plans to open source the HIBP code base last summer. Now, as requests for the website’s Pwned Passwords approach 1 billion per month, he has confirmed it is officially open source via the .NET Foundation, an independent 501(c) nonprofit organization.

Hunt also announced today that HIBP will receive compromised passwords discovered as part of FBI investigations. The website will provide officials with a way to feed the passwords into HIBP and surface them via the Pwned Passwords tool, he explained.

Source: https://beta.darkreading.com/threat-intelligence/-have-i-been-pwned-code-base-now-open-source

False Positive Vulnerability Report on Events Manager

The popular calendar plugin Events Manager was reported as containing a Cross-Site Scripting vulnerability, which turned out to be a false positive (no such vulnerability). Several vulnerability reporting sites are still listing it as vulnerable, and if you have it installed you may have been notified.

However, it is not an actual problem and you can safely continue using version 5.9.8.1 or later.

Russian Cybercrime Boss Burkov Gets 9 Years

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its members some of the most elite Russian cybercrooks.

Aleksei Burkov of St. Petersburg, Russia admitted to running CardPlanet, a site that sold more than 150,000 stolen credit card accounts, and to being a founder of DirectConnection — a closely guarded underground community that attracted some of the world’s most-wanted Russian hackers.

As KrebsOnSecurity noted in a November 2019 profile of Burkov’s hacker nickname ‘k0pa,’ “a deep dive into the various pseudonyms allegedly used by Burkov suggests this individual may be one of the most connected and skilled malicious hackers ever apprehended by U.S. authorities, and that the Russian government is probably concerned that he simply knows too much.”

Burkov was arrested in 2015 on an international warrant while visiting Israel, and over the ensuing four years the Russian government aggressively sought to keep him from being extradited to the United States.

Full article: https://krebsonsecurity.com/2020/06/russian-cybercrime-boss-burkov-gets-9-years/

Vulnerability Disclosures Drop in Q1 for First Time in a Decade

And now for some good news:

Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.

The number of vulnerabilities reported publicly dropped in the first quarter of 2020 for the first time in at least a decade, falling nearly 20% to 4,968 compared with the same quarter last year, according to an analysis published on Thursday by Risk Based Security.

Full story at https://www.darkreading.com