Information Technology

A former US Army contractor has been sentenced for stealing data belonging to the military to conduct benefit fraud, leading to the theft of millions of dollars.

The US Department of Justice (DoJ) named Fredrick Brown of Las Vegas, Nevada, as a former medical records technician who had access to the Armed Forces Health Longitudinal Technology Application, an electronic records system used to manage military-affiliated medical records.  Between July 2014 and September 2015, the 40-year-old stole the personal identifying information (PII) of over 3,300 individuals, including “at least eight general officers, as well as numerous disabled veterans,” the DoJ says. Military dependents and civilian employees of the Department of Defense (DoD) were also involved in the security breach. Disabled veterans were targeted due to their “receipt of greater service-related benefits,” US prosecutors added.  After accessing the system, in order to get around security protocols, Brown took screenshots of his computer screen and these copied records were passed on to other members of the ring. Information including names, Social Security numbers, military IDs, dates of birth, and contact information was stolen.  There are four co-conspirators, the DoJ says, and this valuable data was transferred to co-defendant Robert Wayne Boling, who is based in the Philippines, and others.

The PII was enough to be used to fraudulently apply for benefits through DoD and Veterans Affairs services. In total, financial losses experienced by the victims are estimated to be at least $1.5 million.  Brown pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit money laundering in October 2019. He has now been sentenced to 151 months (12.5 years) behind bars. The judge presiding the sentencing, Chief Judge Orlando Garcia of the US District Court for the Western District of Texas, also requires Brown to pay back $2,331,639.85 in restitution and to submit to three years of supervised release.  Boling and another suspect, Trorice Crawford, allegedly recruited individuals to act as money mules who would accept the funds and transfer them on. Crawford has been sentenced to 46 months in prison and has been ordered to pay back over $100,000.  “The defendant brazenly preyed on and victimized US servicemembers and veterans, many of whom were disabled and elderly,” commented US Attorney Ashley Hoff. “As part of our mission, we strive to protect these honorable men and women from fraud and abuse. If fraudsters target our servicemembers and veterans, we will seek to identify them and hold them accountable.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The UK’s centre for offensive cyber operations aimed at disrupting nation-state hacking groups, cyber criminals and other online threats against national security is set for a permanent home in Samlesbury, Lancashire.   First announced last year, the National Cyber Force (NCF) is a joint venture by the Ministry of Defence (MoD) and intelligence service GCHQ and brings together intelligence, cyber and security personnel from the MoD and GCHQ, along with staff from secret intelligence service MI6 and the Defence Science and Technology Laboratory (DSTL). It’s the first time staff from each body will be united under one unified command.  

ZDNet Recommends

The NCF’s new permanent site in Samlesbury, just outside Preston – and already home to a BAE Systems military aircraft factory – puts it just a short journey from GCHQ’s Manchester office. The force will also work with law enforcement and international partners to help counter a range of national security threats in what’s described as a “legal, ethical and proportionate way”.  SEE: What is cyberwar? Everything you need to know about the frightening future of digital conflict Previously disclosed offensive cyber operations carried out by the UK include a sustained cyber campaign against Daesh in 2016, as well as using cyberattacks against ISIS propaganda networks in 2018. It’s hoped that the potential for offensive cyber operations could dissuade hostile forces from conducting their own campaigns against the UK.  “The National Cyber Force will help confront aggressive behaviour from malign actors, and demonstrate that Britain is investing in next-generation defence capability to protect our people and help our friends counter cyber threats. It sends a powerful message to our allies and adversaries alike,” said Foreign Secretary Liz Truss.  However, while the government is keen to promote the NCF as a body that can help protect the UK from cyberattacks, particularly those by hostile nation states, there are limits to what it can do. One of the largest, most significant cyberattacks to hit the UK in recent years was the WannaCry ransomware attack, which disrupted significant portions of the National Health Service – it’s unclear how the NCF could’ve prevented this attack, if at all. 

“The National Cyber Force will do many good, useful things,” Ciaran Martin, professor of practice at the University of Oxford’s Blavatnik School of Government – and former director of the NCSC – said in a tweet.   “But the NCF couldn’t & wouldn’t have stopped something like Wannacry. To imply that it could is to set it up to fail. Need realism in the offensive cyber debate,” he added.  SEE: A cloud company asked security researchers to look over its systems. Here’s what they foundThe announcement of a permanent headquarters for the National Cyber Force comes at a time when cybersecurity appears to be high on the international political agenda. The threat of ransomware has caused significant disruption all this year and the White House is set to convene a 30-country meeting this month to address cybersecurity issues.   MORE ON CYBERSECURITY More

It’s actually so much easier than you might imagine to train for a well-paid career in the tech industry. Even just one of the six certification exams covered in The All-in-One Microsoft, Cybersecurity & Python Exam Prep Training Bundle is enough to make your resume shine among masses of competing job applicants.

ZDNet Recommends

The “Python MTA 98-381 Complete Preparation Course” will teach you the basics of computer programming, so you’ll learn how to code the right way, using less time with improved efficiency and maximum productivity. And you can actually be ready to pass the PCEP Certified Entry-Level Python Programmer Certification Exam in just seven days with “PCEP: Certified Entry-Level Python Programmer Certification Prep Course”. In “MTA 98-361 Software Development Fundamentals Preparation Course”, you’ll find out how to build custom functions, automate programming tasks, and much more. By the end of this class, you’ll have the skills to land a job in IT software development.The skills you learn in “ITIL 4 Certification Exam: A Complete Preparation Masterclass to Master ITIL” will help you to understand your customers better, improve management of your resources and increase productivity. You’ll also learn how to manage risk without disrupting your service or, worse, sabotaging it accidentally.”CySA+ Cybersecurity Analyst Certification Preparation Course” is a student favorite; they rated it an impressive 4.8 out of 5 stars. It covers cyber incident response, threat and vulnerability management, security architecture, and toolsets. Instructor Dr. Chris Mall is supremely well-qualified to teach it with a Ph.D. in Computer Science, Software Development, as well as multiple professional certifications in information technology.If your website exists in Europe, it is essential to have a comprehensive understanding of GDPR. And that’s what you’ll get from the “GDPR CIPP/E Certification Complete Preparation Course”.Just one of these certifications is enough to qualify you for a new well-paid tech career. It won’t be long before you’ll be checking out new iPhones and gaming accessories bargains.

You really don’t want to pass up the opportunity to equip yourself with in-demand tech skills when you can get an additional 40% off the already low $29 sale price of The All-in-One Microsoft, Cybersecurity & Python Exam Prep Training Bundle for a limited time during our VIP Sale by using the coupon code VIP40.

ZDNet Academy More

Whenever I’m asked for things that are a must-have, a YubiKey is on the top of my list no matter what platform or operating system people are using — Windows, Mac, or Linux, Android or iOS.It doesn’t matter.Everyone needs a YubiKey.

see also

Best VPN services

Virtual private networks are essential to staying safe online — especially for remote workers and businesses. Here are your top choices in VPN service providers and how to get set up fast.

Read More

So, what is a YubiKey?A YubiKey is the ultimate line of defense against having your online accounts taken over. And with prices starting at $45, it’s one of those indispensable gadgets for the 21st century.A hardware authentication device made by Yubico, it’s used to secure access to online accounts, computers, and networks. The Yubikey 5 Series look like small USB flash drives and come in a range of different connectors — USB-A, USB-C, and USB-C and Lightning combo. There are versions that also include support for NFC.It offers two-factor authentication (also known as multi-factor authentication or two-step verification) for hundreds of online services, from Facebook, Google, and Twitter, to more specific services such as Coinbase, Salesforce, and Login.gov. Your YubiKey can also be used to secure password storage services such as Bitwarden, Password Safe, and LastPass.

The YubiKey 5 Series keys support a broad range of protocols, such as FIDO2/WebAuthn, U2F, Smart card, OpenPGP, and OTP. Having a YubiKey removes the need, in many cases, to use SMS for two-factor authentication — a method that has been shown to be insecure.If your online accounts are keeping something that you can’t afford to lose, a Yubikey makes perfect sense. I’ve been using YubiKeys for years now, and they have been flawless and foolproof.While one YubiKey is enough to get started with, I have several. Not only does this give me a backup in case I lose one (I haven’t yet!), but if I pick a couple with different connectors (say the USB-C/Lightning and a USB-A with NFC), this gives me the flexibility to log into accounts across a range of devices.
YubiKey 5 NFC

This YubiKey features a USB-A connector and NFC compatibility.

YubiKey 5C NFC

This Yubikey features a USB-C connector and NFC compatibility.

YubiKey 5Ci

This Yubikey features a USB-C connector and a Lightning connector for the iPhone.

Yubico FIDO Security Key NFC

A cheaper version of the Yubikey, this one is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. Use this to secure your login and protect your Gmail, Dropbox, Outlook, Dashlane, 1Password, accounts, and more.Note that this YubiKey is not compatible with LastPass, which requires a YubiKey 5. Always check for compatibility with the services you want to use before buying. More

iOS 15 is a treasure trove of new features to explore. One awesome new feature could help prevent you from losing your iPhone.Called Separation Alerts, what this does is that it can alert you if you leave one of your devices behind by sending a message to other devices that you have with you.This feature is part of the Find My app, so to find it you need to make your way into the app.Once there, tap on Devices at the bottom. Tap into a device and look under Notifications for Notify When Left Behind (note that not all Apple hardware currently supports this feature). ×img-1612.jpgOne there, you can activate it, as well as creating exclusion zones where you won’t get notifications (your home is automatically added, but there may be other places where you walk away from your devices).It’s that simple.Now if you accidentally leave behind a device, it will attempt to alert you by sending a message to your other devices.

Separation Alerts also work for AirTags, as well as third-party accessories that support Apple’s ‌Find My‌ network. More

Coinbase is sending out breach notification letters to thousands of users after they discovered a “third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform.” First reported by The Record, the letters say at least 6,000 Coinbase customers had funds removed from their accounts.”In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox. While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor,” Coinbase told affected customers in the letter. “We have not found any evidence that these third parties obtained this information from Coinbase itself. Even with the information described above, additional authentication is required in order to access your Coinbase account. However, in this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account. Once in your account, the third party was able to transfer your funds to crypto wallets unassociated with Coinbase.”

Coinbase has faced significant backlash and criticism since a groundbreaking report from CNBC this summer found that thousands of people had suffered from similar account takeovers and saw money vanish from their accounts.When they contacted Coinbase for help, they were either ignored or hit with flippant responses that it was not the company’s fault they lost money. For some time Coinbase had no customer service at all. One couple, Mindaugas and Loreta from Horsham, Sussex, UK, lost more than $20,000 in a Coinbase phishing scam. The two said scammers pretended to work for Binance and Coinbase before breaking into the couple’s account and transferring their cryptocurrency to a private wallet. 

The couple contacted researchers with CyberNews for help after their attempts to get help from Coinbase were ignored. “At first, we thought it might be some kind of mistake or a glitch. But since their knowledge base had no option that covered any bugs or glitches, we decided to inform Coinbase that my husband’s account has been compromised. But all we got back was a password reset request,” Loreta said.The scammers doubled down on the attack, sending them a password reset for the Binance platform, where the couple also had purchased cryptocurrency. The scammer called the couple to gain their account information for Binance. “He said ‘We see that you have an account at Binance and since Coinbase and Binance are sister companies…’ And that’s when I saw he was trying to dupe us. Next thing I hear, he’s telling us to prove our identity either by transferring £5,000 from our Binance account to Coinbase or by giving them our Binance authentication code so that they can transfer the missing £15,000 to my husband’s Binance account,” Loreta said, noting that after this incident they called the police.”We’re still waiting for an answer. And since ‘only’ £15,000 was stolen, we’re not very hopeful that the police will do anything about it. Right now, all we hope for is that Coinbase takes a hard look at their security procedures and improves them so that situations like ours don’t happen to others.”Edvardas Mikalauskas, senior researcher at CyberNews, told ZDNet that through investigating the case of the couple, they found that the cryptocurrency had been laundered through a series of wallets that made it impossible to figure out where they went. Mikalauskas said hundreds, if not thousands, of cases like Mindaugas’ occur every day and noted that while crypto wallets are unlikely to have the same robust security procedures as a bank, Coinbase could introduce better suspicious or malicious behavior detection techniques and more robust measures to protect user accounts. “For example, banks commonly use AI to spot malicious behavior and automatically block transactions that look suspicious, then contact the customer for verification. These threat detection techniques should then be supplemented with better customer support relating to account breaches and takeovers, to help customers deal with the issues that result from a scam,” Mikalauskas said. “I wish Coinbase had a protection system in place to refund the lost crypto.”In its breach notification letters, Coinbase said it has updated its SMS Account Recovery protocols so that the authentication process cannot be bypassed. For the 6,000 US victims referenced in the letter, Coinbase said it would be depositing funds into their accounts equal to the value of the currency removed from their account at the time of the incident. “Some customers have already been reimbursed — we will ensure all customers affected receive the full value of what you lost. You should see this reflected in your account no later than today,” Coinbase said.But in addition to the cryptocurrency that was stolen, Coinbase said the cybercriminals who accessed the accounts also saw personal information like names, email addresses, home addresses, dates of birth, IP addresses for account activity, transaction history, account holdings and balances.Some accounts may have had information changed as well, Coinbase admitted. They have set up a phone support line at 1 (844) 613-1499 to help those who may have questions. They will also provide free credit monitoring for an undisclosed amount of time for those affected. Coinbase noted that it is still investigating the incident and is speaking with law enforcement about the issue.  More

The Justice Department has sentenced a former medical records technician for the US Army after he was caught accessing personal information from US veterans and using the data to steal millions from benefits sites. Fredrick Brown, a 40-year-old from Las Vegas, was sentenced to more than 12 years in prison after pleading guilty to conspiracy to commit wire fraud and conspiracy to commit money laundering charges. Brown’s actions led to $1.5 million in losses after he targeted more than 3,300 members of the US military community through a multinational fraud ring. Brown worked with four other people to defraud both service members, their dependents and civilians employed by the Department of Defense.As a civilian medical records technician and administrator with the US Army at the 65th Medical Brigade, Yongsan Garrison in South Korea, Brown admitted to stealing names, Social Security numbers, military ID numbers, dates of birth and contact information for thousands of military members between July 2014 and September 2015.While logged into the base’s electronic health records database, he took photos of his computer screen and sent the photos to Robert Wayne Boling Jr., who was based in the Philippines. From there, Boling Jr. and others used the information to access DOD and Veterans Affairs benefits sites and steal millions of dollars.

“Rather than honoring those servicemembers and veterans who sacrifice for them, the defendant and his co-conspirators targeted and stole from these brave men and women in a years-long fraud scheme. Such conduct is an affront to the United States and will not be tolerated,” said the Justice Department’s Brian Boynton. US Attorney Ashley Hoff noted that many of those targeted in the scheme were disabled or elderly because they receive more service-related benefits.In addition to his prison sentence, Brown was ordered to pay $2,331,639.85 in restitution. The Justice Department said 34-year-old Trorice Crawford had also been charged in 2020 in connection to the crime.  More

The White House plans to convene a 30-country meeting this month to address cybersecurity, President Biden said in a statement Friday. The topics of the meeting, Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains. “We are bringing the full strength of our capabilities to disrupt malicious cyber activity, including managing both the risks and opportunities of emerging technologies like quantum computing and artificial intelligence,” Biden said. The first cybersecurity meeting will be held virtually, CNN reports. The meeting follows a series of dramatic cybersecurity incidents over the past year, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers.Following the Kremlin-backed SolarWinds attack, cyber attacks became a major part of talks between Biden and Russian president Vladimir Putin over the summer. In late July, Biden said that a major cyber reach could lead to “a real shooting war.”

In addition to mobilizing multi-national cybersecurity initiatives, the Biden administration has taken steps to improve cyber resiliency domestically. “The Federal government needs the partnership of every American and every American company” to address cybersecurity, Biden said Friday. “We must lock our digital doors — by encrypting our data and using multifactor authentication, for example—and we must build technology securely by design, enabling consumers to understand the risks in the technologies they buy.”Back in August, Biden secured promises from major tech companies, such as Google, Apple and Microsoft, to spend significant sums improving the nation’s cyber resiliency. In May, the president issued a cybersecurity executive order requiring federal agencies to modernize their cyber defenses. The Biden Administration earlier this year also launched a 100-day initiative to improve cybersecurity across the electric sector. More