DOCSLIB.ORG

Sentencing Table and Relevant Links for Lulzsec, Anonymous and Other Hackers* (Compiled by Maya Richman)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Sentencing Table and Relevant Links for LulzSec, Anonymous and Other Hackers* (compiled by Maya Richman) * Work in progress. Please check back at original link for updates and send corrections to [email protected] or Maya Richman <[email protected]> * Web defacements, SQL Injections, and Hacking Legal Name Handle Date of Sentence Prison Relevant Links Other Details & Country of Sentence Fine Sentence Residence (months) *see “Other Details” for time actually served Andrew Weev 3/18/13 73,000 US42 http:// He had faced up to 10 years in Aumheimer www.theguardian.com/ prison. Lawyers are appealing USA technology/2013/jan/24/ on the grounds he did not hack hacking-us-government- anything and should be not be cyber-crackdown charged under CFAA. http:// www.huffingtonpost.com/ 2013/03/18/andrew-weev- auernheimer_n_2900387.ht ml Darren Pwnsaus 07/16/13 5000 0 http:// Indicted in March 2012, Martyn e and Euro www.irishexaminer.com/ released by Irish police, unclear Ireland 10/08/13 ireland/fbi-irish-duo-are-top- what FBI legislative action will hackers-186280.html be taken for LulzSec activity. http://www.rte.ie/news/ Pled guilty on July 16, 2013 to 2013/1008/479105-fg- one count of hacking for website-hackers-spared-jail- defacing Fine Gael and paid sentences/ 5000 fine on October 08, 2013. Judge only fined him. http:// www.informationweek.com/ security/attacks/lulzsec- hackers-evade-irish-jail-time/ 240162429 Donncha palladiu 07/16/13 5000 0 http:// Released by Irish police, unclear O'Cearrbhail m and Euro www.irishexaminer.com/ what FBI legislative action will Ireland 10/08/13 ireland/fbi-irish-duo-are-top- be taken for luzlsec activity. hackers-186280.html Pled guilty on July 16 2013 to http://www.rte.ie/news/ one count of hacking for 2013/1008/479105-fg- defacing Fine Gael website 2013 website-hackers-spared-jail- and paid 5000 fine on October sentences/ 08, 2013. Judge only fined him. http:// www.informationweek.com/ security/attacks/lulzsec- hackers-evade-irish-jail-time/ 240162429 Hector Sabu Delayed N/A N/A http://arstechnica.com/tech- Delayed until after Hammond’s Monsegur policy/2013/08/fbi-still- case. LulzSec turned informant. USA needs-hector-sabu-monsegur- sentencing-delayed-again/ http://www.dailydot.com/ news/lulzsec-hacker-sabu- sentence-delayed-fbi/ Jeremy Anarchao 11/15/13 N/A N/A http:// Sentencing on November 15th. Hammond s www.theguardian.com/ USA technology/2013/may/29/ hacking-stratfor-hammond- guilty http://www.rollingstone.com/ politics/news/jeremy- hammond-pleads-guilty-to- stratfor-hack-20130528 Jake Davis Topiary 5/14/13 0 1.2 http:// 38 days in prison. Sentenced to www.informationweek.com/ 24 months in a young offender security/attacks/lulzsec- institution, of which 12 must be hackers-sentenced-in-london/ served, and electronically tagged 240155060 for 21 months http://thehackernews.com/ 2013/05/lulzsec-hackers-to- Received Serious Crime be-sentenced-for.html Prevention Order that will http:// impose various restrictions on www.huffingtonpost.com/ their behavior. 2011/08/01/jake-davis- alleged-lulzsec- hacker_n_914753.html http://arstechnica.com/tech- policy/2013/05/the-cutting- edge-of-cybercrime-lulzsec- hackers-get-up-to-32-months- in-jail/ http://rt.com/news/lulzsec- sentence-jail-davis-376/ Cody Recursio 4/19/13 605,663 12 http://www.justice.gov/usao/ Ordered to serve one year of Kretsinger n US cac/Pressroom/ home detention and to perform USA 2013/102.html 1,000 hours of community http:// service. www.huffingtonpost.ca/ 2013/04/18/cody-kretsinger- lulzsec-hacker- sentence_n_3113290.html http://www.reuters.com/ article/2013/04/18/us-usa- lulzsec-hacker- idUSBRE93H10K20130418 Raynaldo Neuron 8/8/13 605,663 12 http://classic.slashdot.org/ He faced a maximum of 15 years Rivera US story/13/08/09/132227 in prison but received 13 months USA http://www.dailydot.com/ home detention and 1000 hours crime/reynaldo-rivera-sony- of community service. hack-lulzsec-prison-sentence/ http://www.scmagazine.com/ lulzsec-sony-pictures- attacker-sentenced-to-year- in-jail-huge-fine/article/ 307077/ Mustafa Al- Tflow 5/14/13 0 20 http:// 2 year suspended sentence, 300 Bassam www.informationweek.com/ hours of community service UK security/attacks/lulzsec- hackers-sentenced-in-london/ Received Serious Crime 240155060 Prevention Order that will http://thehackernews.com/ impose various restrictions on 2013/05/lulzsec-hackers-to- their behavior. be-sentenced-for.html http://arstechnica.com/tech- policy/2013/05/the-cutting- edge-of-cybercrime-lulzsec- hackers-get-up-to-32-months- in-jail/ Hingnio Wormer 8/24/13 14,062.17 27 https://www.fbi.gov/ Free in the lead-up to his Ochoa US sanantonio/press-releases/ sentencing. USA 2012/galveston-man- sentenced-to-federal-prison- for-computer-hacking Ryan Kayla/ 5/14/13 0 30 http:// Posed as a 16-year-old girl, Ackroyd KMS www.informationweek.com/ accused of taking the lead on UK security/attacks/lulzsec- researching and executing many hackers-sentenced-in-london/ of the group's hacks. 240155060 Received Serious Crime http:// Prevention Order that will www.theguardian.com/ impose various restrictions on technology/2013/may/16/ their behavior. lulzsec-hacktivists-longest- jail-sentences-hacking http://arstechnica.com/tech- policy/2013/05/the-cutting- edge-of-cybercrime-lulzsec- hackers-get-up-to-32-months- in-jail/ Ryan Cleary ViraL 5/14/13 0 32 https:// Although he spent 16 months in UK www.informationweek.com/ remand, he was not released due security/attacks/lulzsec- to pending psychiatric hacker-ryan-cleary-to-be- evaluations following charges release/240156590 involving child pornography. http:// www.theguardian.com/ In addition, given 5 year serious technology/2011/jun/22/ crime prevention order. ryan-cleary-charged-lulzsec- hacking Received Serious Crime http://arstechnica.com/tech- Prevention Order that will policy/2013/05/the-cutting- impose various restrictions on edge-of-cybercrime-lulzsec- their behavior hackers-get-up-to-32-months- in-jail/ John Kahuna 9/12/13 227,000 36 http://www.dailydot.com/ Free in the lead-up to his Anthony US news/anonymous-hacker- sentencing, unlike Hammond. Borell III kahuna-sentence/ USA http:// www.huffingtonpost.com/ 2013/09/12/john-anthony- borell-iii- sentenced_n_3916101.html DDoS Actions Jake Birchall N/A 1/24/13 0 0 http://www.theguardian.com/ Adjourned. He did not hack UK technology/2013/feb/01/ but is said to have DDoSed anonymous-teenage-hacker Paypal. http://www.dailymail.co.uk/ news/article-2272064/ Anonymous-Jake-Birchall-walks- free-court-multi-million-pound- losses-PayPal.html Peter Gibson Peter 1/24/13 0 6 http://www.theguardian.com/ For PayPal DDoS campaign UK technology/2013/jan/24/ (no hacking) anonymous-hackers-jailed-cyber- attacks http://thehackernews.com/ 2013/05/lulzsec-hackers-to-be- sentenced-for.html Ashley Nikon Elite 1/24/13 0 7 http://www.theguardian.com/ Said to have had a lesser role Rhodes technology/2013/jan/24/ in the PayPal DDoS campaign UK anonymous-hackers-jailed-cyber- (no hacking) attacks http://thehackernews.com/ 2013/05/lulzsec-hackers-to-be- sentenced-for.html Christopher Nerdo 1/24/13 0 18 http://www.theguardian.com/ Found guilty of conspiring to Weatherhead technology/2013/jan/24/ impair the operation of UK anonymous-hackers-jailed-cyber- computers between August 1, attacks 2010, and January 22, 2011. (DDoS related not hacking) *Not all members of LulzSec have been identified or sentenced. The Paypal 14 still remain in legal limbo and in the US 13 other individuals have been indicted for Operation Payback—a series of DDoS campaigns between September 2010 and December 2010. .
Recommended publications
  • (U//Fouo) Assessment of Anonymous Threat to Control Systems

    (U//Fouo) Assessment of Anonymous Threat to Control Systems

    UNCLASSIFIED//FOR OFFICIAL USE ONLY A‐0020‐NCCIC / ICS‐CERT –120020110916 DISTRIBUTION NOTICE (A): THIS PRODUCT IS INTENDED FOR MISION PARTNERS AT THE “FOR OFFICIAL USE ONLY” LEVEL, ACROSS THE CYBERSECURITY, CRITICAL INFRASTRUCTURE AND / OR KEY RESOURCES COMMUNITY AT LARGE. (U//FOUO) ASSESSMENT OF ANONYMOUS THREAT TO CONTROL SYSTEMS EXECUTIVE SUMMARY (U) The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting inDustrial control systems (ICS). This proDuct characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) in coordination with the other NCCIC components. (U//FOUO) While Anonymous recently expressed intent to target ICS, they have not Demonstrated a capability to inflict Damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methoDs, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web‐based applications and windows systems) by employing tactics such as denial of service. Anonymous’ increased interest may indicate intent to Develop an offensive ICS capability in the future. ICS‐CERT assesses that the publically available information regarding exploitation of ICS coulD be leveraged to reDuce the amount of time to develop offensive ICS capabilities. However, the lack of centralized leadership/coordination anD specific expertise may pose challenges to this effort. DISCUSSION (U//FOUO) Several racist, homophobic, hateful, and otherwise maliciously intolerant cyber and physical inciDents throughout the past Decadea have been attributeD to Anonymous, though recently, their targets and apparent motivations have evolved to what appears to be a hacktivist1 agenda.
  • About the Sony Hack

    About the Sony Hack

    All About the Sony Hack Sony Pictures Entertainment was hacked in late November by a group called the Guardians of Peace. The hackers stole a significant amount of data off of Sony’s servers, including employee conversations through email and other documents, executive salaries, and copies of unreleased January/February 2015 Sony movies. Sony’s network was down for a few days as administrators worked to assess the damage. According to the FBI, the hackers are believed have ties with the North Korean government, which has denied any involvement with the hack and has even offered to help the United States discover the identities of the hackers. Various analysts and security experts have stated that it is unlikely All About the Sony Hack that the North Korean government is involved, claiming that the government likely doesn’t have the Learn how Sony was attacked and infrastructure to succeed in a hack of this magnitude. what the potential ramifications are. The hackers quickly turned their focus to an upcoming Sony film, “The Interview,” a comedy about Securing Your Files in Cloud two Americans who assassinate North Korean leader Kim Jong-un. The hackers contacted Storage reporters on Dec. 16, threatening to commit acts of terrorism towards people going to see the Storing files in the cloud is easy movie, which was scheduled to be released on Dec. 25. Despite the lack of credible evidence that and convenient—but definitely not attacks would take place, Sony decided to postpone the movie’s release. On Dec. 19, President risk-free. Obama went on record calling the movie’s cancelation a mistake.
  • Sample Iis Publication Page

    Sample Iis Publication Page

    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
  • “Hacktivists” Strike Back

    “Hacktivists” Strike Back

    SECUrITY AGENCE FRANCE-PRESSE Supporters of Wikileaks founder Julian Assange “Hacktivists” Strike Back wear Guy Fawkes masks Cyber attacks on financial institutions serve as they demonstrate against his arrest in as a warning sign Amsterdam in December 2010. The “Hacktivist” in december 2010, the websites of international financial services gi- group “Anonymous” has ants Visa, Mastercard and PayPal were temporarily shut down, victims adopted the Guy Fawkes of a coordinated cyber attack dubbed Operation Payback by its per- image as its public face. petrators. “Hacktivists” who support wikileaks and its founder Julian assange attacked after the companies terminated service and disabled donations to the website. The economic impact of the attack remains unclear and the tar- geted companies denied suffering consequential losses. but the attackers, using the names “anon” and “anonymous,” demonstrated the ability of cyber attacks to infiltrate and damage businesses and government agencies. A modern form of protest Amazon, the online retailer that hosted Anonymous didn’t protest by chanting slogans Wikileaks on its servers, was the first to pull out. or waving signs — it struck against Wikileaks’ Visa, MasterCard and PayPal soon followed, perceived enemies in the spirit of the virtual essentially crippling Wikileaks’ ability to accept world they share. Wikileaks, whose raison d'être is donations that support publishing efforts. The exposing classified or confidential government cyber attacks started soon after. or corporate information, is under pressure When Anonymous staged its attack in the vir- from the United States and other governments tual world, it used a favorite weapon of the cyber after leaking more than 250,000 U.S.
  • Bank & Lender Liability

    Bank & Lender Liability

    Westlaw Journal BANK & LENDER LIABILITY Litigation News and Analysis • Legislation • Regulation • Expert Commentary VOLUME 17, ISSUE 6 / AUGUST 1, 2011 Expert Analysis Once More Into the Breach: Are We Learning Anything? By Cynthia Larose, Esq. Mintz Levin Cohn Ferris Glovsky & Popeo I’m a guy who doesn’t see anything good having come from the Internet. … [The Internet] created this notion that anyone can have whatever they want at any given time. It’s as if the stores on Madison Avenue were open 24 hours a day. They feel entitled. They say, “Give it to me now,” and if you don’t give it to them for free, they’ll steal it. –Sony Pictures Entertainment CEO Michael Lynton, May 14, 20091 How ironic. This comment two years ago by Lynton created a minor firestorm and drove him to post a lengthy rebuttal on The Huffington Post,2 but at the time, Lynton was referring to content piracy, not data breaches. Given the events since Sony’s massive data breaches in April3 (and subsequent breaches in May and June), he might as well as have been referring to user informa- tion held by Sony and its various properties. As a matter of fact, the Sony Pictures hackers said, “Sony stored over 1 million passwords of its customers in plain text, which means it’s just a matter of taking it.”4 Since the April PlayStation Network breach that exposed more than 100 million user accounts, Sony has been hacked more than 10 times. Sony Europe,5 Sony BMG Greece,6 Sony Thailand,7 Sony Music Japan8 and Sony Ericsson Canada9 all suffered some intrusion and compromise of user information.
  • The 2014 Sony Hack and the Role of International Law

    The 2014 Sony Hack and the Role of International Law

    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
  • Risk Report Back in October 2016, Dyn Encountered a Massive DNS Ddos Attack That Knocked

    Risk Report Back in October 2016, Dyn Encountered a Massive DNS Ddos Attack That Knocked

    Dyn DNS Cyberattack By Bryce Kolton 12/7/2016 | INFO 312 Introduction On October 21st 2016, a terabit sized attack took down internet connectivity for users across the globe. Over three waves, millions of users were interrupted during main business hours. The attack targeted Dyn (pronounced “dine”), a company that in part provides Domain Name Service registration for websites. Companies affected included Amazon, BBC, CNN, Comcast, Fox, GitHub, Netflix, PayPal, Reddit, Starbucks, Twitter, Verizon, Visa, Wikia and hundreds more. Credit card terminals were inoperative, news sites unavailable, and users unable to reach some of the internet’s most popular websites. The internet ground to a halt for several hours, with major Fortune 500 companies among those affected. The focus of this risk management report will be the cyberattack at large; The background, causes, previous mitigations, response, still present risks, and recommendations after one of the largest cyberattacks ever recorded. Understanding the Domain Name Service As an illustrative example, let’s say you want to visit a new grocery store your friend just told you about, “Sya’s Grocery.” You know the name, but you need to find the physical address. By using a service like Google Maps, you can transcribe the human-readable name into the destination. The Domain Name Service works much the same way, but for URLs. When you type in “google.com,” your computer is clueless to the ‘real address’ it’s supposed to go to. That’s where DNS steps in: your device asks its closes DNS server “Who is ‘google.com’?” If the server doesn’t know, it’ll pass the request along until it finds a server that does.
  • Attack on Sony 2014 Sammy Lui

    Attack on Sony 2014 Sammy Lui

    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
  • List of Targets of Arrested Computer Hackers 6 March 2012

    List of Targets of Arrested Computer Hackers 6 March 2012

    List of targets of arrested computer hackers 6 March 2012 The five computer hackers charged in New York Tribune and Los Angeles Times, using on Tuesday and a sixth who pleaded guilty are misappropriated login credentials. accused of involvement in some of the most notorious hacking incidents of the past 18 months. -- February 2011: A cyberattack on private computer security firm HBGary that involved the The following are some of the cyberattacks in theft of 60,000 emails from HBGary employees and which the two Britons, two Irishmen and two the HBGary chief executive, as well as defacing his Americans allegedly played a role as members of Twitter account. Anonymous, Lulz Security or associated groups: -- April-May 2011: A cyberattack on a Fox -- December 2010: Operation Payback. Distributed Broadcasting Company website that involved the denial of service (DDoS) attacks by members of theft of names, dates of birth, telephone numbers, Anonymous on the websites of MasterCard, email and residential addresses for more than PayPal and Visa in retaliation for their refusal to 70,000 potential contestants on the Fox television accept donations for WikiLeaks. In a DDoS attack, show the "X-Factor." a website is bombarded with traffic, slowing it down or knocking it offline completely. -- May 2011: A cyberattack on Sony Pictures Entertainment that revealed the passwords, email -- January 2011: Defacing a website of the Irish addresses, home addresses and dates of birth of political party Fine Gael after accessing computer 100,000 users of the www.sonypictures.com servers in Arizona used to maintain the website, website and a subsequent online attack against www.finegael2011.com.
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX

    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
  • Forces Shaping the Cyber Threat Landscape for Financial Institutions

    Forces Shaping the Cyber Threat Landscape for Financial Institutions

    SWIFT INSTITUTE SWIFT INSTITUTE WORKING PAPER NO. 2016-004 FORCES SHAPING THE CYBER THREAT LANDSCAPE FOR FINANCIAL INSTITUTIONS WILLIAM A. CARTER PUBLICATION DATE: OCTOBER 2, 2017 The views and opinions expressed in this paper are those of the authors. SWIFT and the SWIFT Institute have not made any editorial review of this paper, therefore the views and opinions do not necessarily reflect those of either SWIFT or the SWIFT Institute. 1 Contents I. Executive Summary II. Introduction III. Consumer fraud: New defenses and mobile banking are transforming the landscape a) New defenses are transforming consumer fraud and carding b) As consumer bank fraud becomes harder, business customers are being targeted c) Mobile malware is the new frontier of consumer bank fraud d) ICT4C: Financial inclusion is creating new threats in the developing world IV. Targeted Attacks on Bank Networks: What is changing? a) Attackers are becoming more sophisticated, persistent b) Law enforcement still struggling to keep up c) Banks in Asia are top targets d) Vectors of compromise – new twists on old themes. e) Attacks are changing V. Conclusion: More Threats, More Complexity, More Sophistication 2 I. Executive Summary Financial institutions have long been the leading targets for cybercrime, but the tools and tactics used are changing. New technologies are increasingly incorporated into financial networks and the broader internet, transforming the attack surface that adversaries can exploit. The incentives for attackers are also shifting, forcing banks to face more numerous and sophisticated adversaries. And as cyber awareness grows in the financial sector and firms continue to invest billions in new defenses, attackers are changing their approaches to stay one step ahead.
  • FUNDING HATE How White Supremacists Raise Their Money

    FUNDING HATE How White Supremacists Raise Their Money

    How White Supremacists FUNDING HATE Raise Their Money 1 RESPONDING TO HATE FUNDING HATE INTRODUCTION 1 SELF-FUNDING 2 ORGANIZATIONAL FUNDING 3 CRIMINAL ACTIVITY 9 THE NEW KID ON THE BLOCK: CROWDFUNDING 10 BITCOIN AND CRYPTOCURRENCIES 11 THE FUTURE OF WHITE SUPREMACIST FUNDING 14 2 RESPONDING TO HATE How White Supremacists FUNDING HATE Raise Their Money It’s one of the most frequent questions the Anti-Defamation League gets asked: WHERE DO WHITE SUPREMACISTS GET THEIR MONEY? Implicit in this question is the assumption that white supremacists raise a substantial amount of money, an assumption fueled by rumors and speculation about white supremacist groups being funded by sources such as the Russian government, conservative foundations, or secretive wealthy backers. The reality is less sensational but still important. As American political and social movements go, the white supremacist movement is particularly poorly funded. Small in numbers and containing many adherents of little means, the white supremacist movement has a weak base for raising money compared to many other causes. Moreover, ostracized because of its extreme and hateful ideology, not to mention its connections to violence, the white supremacist movement does not have easy access to many common methods of raising and transmitting money. This lack of access to funds and funds transfers limits what white supremacists can do and achieve. However, the means by which the white supremacist movement does raise money are important to understand. Moreover, recent developments, particularly in crowdfunding, may have provided the white supremacist movement with more fundraising opportunities than it has seen in some time. This raises the disturbing possibility that some white supremacists may become better funded in the future than they have been in the past.