Hacking High Tech Cars 

Tech-loaded-cars-crimeshop

Hackers Infiltrating Cars Since 2010

Cristal M Clark 

If you are anything like me, you love new tech, especially if we can access it hands free in our motorized transports. Let’s face it, technology makes our everyday lives easier. A new standard for new cars is to develop them and sell them full of modern technology which comes with a lot of risk because it actually gives cybercriminals endless ways to access the vehicle and take over your car.

IntSights-crimeshop

Cybersecurity firm IntSights recently released,Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features, which just so happens to be a study on how hackers are managing to get into cars and do a decent amount of damage.

What’s worse is that they have been doing just that since roughly 2010.

The report states; “The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought.”

That’s right, apparently originally no one actually took the threat as seriously as they should have. You see back in the day, cars were considered way, way, waaaay too difficult to hack into and not worth the amount of time and energy required. 

Hackers-CrimeShop

Welcome to 2019, where people are struggling worldwide, where you get paid more to break laws, as cars have added things like Wi-Fi, GPS, and other features, the amount of ways to attack have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods.

“IntSights discovered easy-fo-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.” 

And some of you think puffer laws are here to protect us, these days you don’t even need to leave your car running unattended for it to be stolen, all thanks to modern technology.

Car-Hacking-Crimeshop

The IntSights report also pointed out that most car hacking tools can in fact, be found on websites or forums like Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat, which provide a wealth of information, tools, code grabbers, and tutorials. There are also a bevy of Russian sites offering help like forum.grabbs.org, Migalki.pw, and Chipadla.ru. IntSights went onto say that the most popular method involves attacking a car’s CAN protocol, which can give a hacker full access to all of the vehicle’s functions.

“The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it. However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer’s backend system, to which many modern cars are connected.”

Hackers could gain access through car companies too, because those companies now communicate with vehicles through applications that send information to them. If there is a breach of the car company’s servers, like we see in the news for pretty much any company these days, a cybercriminal could easily access the information shared between the company servers and the vehicle’s brain. 

Hackers have also been able to load malware onto a car owner’s phone, through phishing campaigns or fake apps, and infect vehicles that way. Cybercriminals have even had success manipulating cellular networks through built in SIM cards, which car companies use to extract real-time information and update firmware. 

If you think that is bad, think again because cybercriminals have also been able to attack a car’s Remote Keyless System, which allows owners to open and start their vehicle without a key. The key fob technology used for this system is decades old and is considered tough to crack, but a new generation of code grabbers has allowed car thieves to either outright mimic the signals or intercept them. 

hacker

While all of this seems like an unimaginable nightmare, I can assure you that it is not. Like it or not, if you are connected with your car, refrigerator, coffee maker, security system, pretty much anything these days, you are at risk of being hacked. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Hacker’s Selling MD Info on the Dark Web

Dark-Web-crimeshoop

Doctor’s Fall Prey to Hackers

Cristal M Clark

Everything seems to be for sale these days in terms of one’s identity and worldwide, governments are unable to both prevent it, let alone stop it once the proverbial ball starts rolling.

dark-web-hackers-sell-doctor-information-crimeshop

In what some are calling a deeply disturbing new trend, hackers are selling the identities of doctors for $500 on the dark web. The hackers are obtaining all the details needed to pose as a medical professional by targeting, employees, hospitals and other healthcare organizations, which possess all of the highly valuable data. In case you are wondering about the employee bit; employees are every organizations biggest liability and some cases employees are sending information through non secured email channels, texts, WhatsApp, in public and the like. Case in point, Clinica here in Colorado has a rather rampant issue with its medical staff sharing patient records, which include doctor information, utilizing the likes of Gmail rather than its internal email system as reported by employee BB, who is stationed in Lafayette, CO. Then we have as we all should be very well aware of, the hacking into and holding hostage of networks, which of course contain virtually all the needed information. Hackers compromises the corporate network of a healthcare provider to find administrative paperwork that would support a forged doctor’s identity and patient information. A process that becomes even easier once hackers see staff sharing information through non-secured email like in the case of Clinica.

The cyber criminals are then able to use the stolen information to forge the identities of doctors in order to submit fraudulent insurance claims or obtain prescriptions for controlled drugs like opioids that will in turn be sold on the black market or on the streets.

Hackers-sell-doctor-information-clinica-crimeshop.jpg

Documents on sale include malpractice insurance documents, medical diplomas, board recommendations, medical doctor licenses, and DEA licenses. This was uncovered by researchers at cyber security firm Carbon Black, who tracked the shifting patterns of cyberattacks towards medical organizations as well as personal medical records and hacked health insurance company login information.

Tom Kellermann, chief cyber security officer at Carbon Black: “This is a relatively new trend, the price is warranted when you consider what can be done with the data. Cyber criminals can use this information to facilitate insurance fraud, as well as submit prescriptions for controlled substances like opioids. These can then be sold on the black market at a steep profit.”

This information is generally cheaper to obtain, with forged prescriptions costing between $10 and $120 on the dark web and insurance login information costing as little as $3.25 per record.

doctor-credentialing-crimeshop

The researchers called for “extreme vigilance” on the part of security teams working to protect healthcare institutions. Which is desperately needed, honestly. The employee who informed me about medical staff sending patient records through Gmail also took it upon himself to share sensitive patient information with me on multiple occasions, the fact that the CFO of the organization fell for an email scam costing the organization thousands, and the inner workings of the software that they utilize. This type of information sharing with anyone is a cybercriminals wet dream if you will.

The world however, as in our worlds governments need to make it easier for all individuals to change ones credentialing if you will once someone’s identity has been compromised, new identification numbers, new licenses, etc. because by default, by keeping all of that information the same and simply flagging it, you still allow for the crimes under which the original licenses, identification numbers were committed, to continue on.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Cybercriminals Procuring High Net Worth Victims Using LinkedIn

sextortion-evolved-crimeshop

LinkedIn Used for Sextortion Scams

Cristal M Clark

Sometimes human nature is so utterly predictable it’s not even remotely funny, for instance those that are a rather bit unfaithful while in a relationship. The fear of getting caught is just as exciting to them as the fear of losing the relationship is. I’ve asked people before why they did it if they are so afraid of losing the relationship, most once you peel back the layers use excuses so as to explain or really justify it by making the spouse or partner out to be the one that pushed them to do it, by not giving attention, or for refusing some sort of sexual endeavor, yet in the end they really had not a single good reason for having an affair other than, they are manipulative and selfish individuals who required more attention than your average individual with the very real motive being nothing more or less than pure selfishness, the need for gratification without taking time to think of others.

It is not just men either, it is both men and women. If you look carefully you will find a certain psychology of those that are prone to have affairs or who just bounce from partner to partner seeking nothing more than sexual gratification.

cybercriminals_crimeshop

Now is the time capitalize on that if anyone was wondering.

sextortion1-CrimeShop

These day’s cybercriminals are capitalizing on just that and targeting high-net-worth individuals utilizing LinkedIn, striking up online emotional relationships, then cashing in in what is referred to as a sextortion scam because they know the older a person is, the potential for a higher salary to be earned follows. After said online relationship is formed or established rather and on solid ground, the cybercriminals then threaten to reveal details of the affair with the victim’s partner unless a ransom is paid in bitcoin.

bitcoin2_crimeshop.jpg

And people are in fact paying, which in some cases does them no real good in the end.

According to researchers who have been studying the gangs for the last 7 months, these cybercriminals are creating gangs, utilizing recruiting methods with accompanying salaries just like an average every day business would. Some of those salaries being offered are up somewhere around the $300K annually and for new hires who have programming skills, those salaries are being paid to the tune of roughly $1,094,940.00 annually, which shows that these organizations are in fact, making enough money to pay high salaries to those that join them. They then target lawyers, doctors, corporate executives and anyone else with high salaries.

linkedin-crimeshop

The most fruitful playground to find these victims just so happens to be LinkedIn which attracts more higher paid professionals. Think about it, if you are looking at Facebook or Twitter, you might not truly know what someone does for a living but you get to LinkedIn and it’s basically that individuals’ entire professional history right up to their current title and for whom they work sometimes relationship status are also found on LinkedIn.

social-media-crimeshop

Then of course the other social media platforms are used so as to learn more personal details with regards to the target and as you might imagine they might even be able to find the individual perusing dating sights. The problem is usually two parts for any victim.

People tend to share it all using social media, which means that you are giving someone including scammers and cybercriminals a real good insight into your inner workings, emotionally and psychologically, they can figure someone out in less time than it takes me to get through a single cup of coffee and that is generally in under two minutes. They can tell everything about the intended target, are they happy in the relationship, are they happy yet daring and willing to risk it all? Do they have children, where do they like to eat, shop, take in a weekend getaway? Couple all of that with something like a data breech, such as passwords, or a data breech from our app’s which often share information about us across a multitude of platforms and it can make an extortion attempt even more profitable.

Cybercriminals are upping the stakes and utilizing multiple social media and dating platforms in efforts to target and make money off of their victims. Sadly, our expectations are that we will be protected from such things and the reality is that we simply cannot be protected by our government or the very social media platforms, it is our choice as individuals after all to post everything that we do, so in a sense, we actually are, partially responsible whenever our information is leaked and then utilized in a scam.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop