Hacking High Tech Cars 

Tech-loaded-cars-crimeshop

Hackers Infiltrating Cars Since 2010

Cristal M Clark 

If you are anything like me, you love new tech, especially if we can access it hands free in our motorized transports. Let’s face it, technology makes our everyday lives easier. A new standard for new cars is to develop them and sell them full of modern technology which comes with a lot of risk because it actually gives cybercriminals endless ways to access the vehicle and take over your car.

IntSights-crimeshop

Cybersecurity firm IntSights recently released,Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features, which just so happens to be a study on how hackers are managing to get into cars and do a decent amount of damage.

What’s worse is that they have been doing just that since roughly 2010.

The report states; “The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought.”

That’s right, apparently originally no one actually took the threat as seriously as they should have. You see back in the day, cars were considered way, way, waaaay too difficult to hack into and not worth the amount of time and energy required. 

Hackers-CrimeShop

Welcome to 2019, where people are struggling worldwide, where you get paid more to break laws, as cars have added things like Wi-Fi, GPS, and other features, the amount of ways to attack have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods.

“IntSights discovered easy-fo-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.” 

And some of you think puffer laws are here to protect us, these days you don’t even need to leave your car running unattended for it to be stolen, all thanks to modern technology.

Car-Hacking-Crimeshop

The IntSights report also pointed out that most car hacking tools can in fact, be found on websites or forums like Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat, which provide a wealth of information, tools, code grabbers, and tutorials. There are also a bevy of Russian sites offering help like forum.grabbs.org, Migalki.pw, and Chipadla.ru. IntSights went onto say that the most popular method involves attacking a car’s CAN protocol, which can give a hacker full access to all of the vehicle’s functions.

“The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it. However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer’s backend system, to which many modern cars are connected.”

Hackers could gain access through car companies too, because those companies now communicate with vehicles through applications that send information to them. If there is a breach of the car company’s servers, like we see in the news for pretty much any company these days, a cybercriminal could easily access the information shared between the company servers and the vehicle’s brain. 

Hackers have also been able to load malware onto a car owner’s phone, through phishing campaigns or fake apps, and infect vehicles that way. Cybercriminals have even had success manipulating cellular networks through built in SIM cards, which car companies use to extract real-time information and update firmware. 

If you think that is bad, think again because cybercriminals have also been able to attack a car’s Remote Keyless System, which allows owners to open and start their vehicle without a key. The key fob technology used for this system is decades old and is considered tough to crack, but a new generation of code grabbers has allowed car thieves to either outright mimic the signals or intercept them. 

hacker

While all of this seems like an unimaginable nightmare, I can assure you that it is not. Like it or not, if you are connected with your car, refrigerator, coffee maker, security system, pretty much anything these days, you are at risk of being hacked. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Tax Season Headaches and Malware Campaigns

malware_crimeshop

Cybercriminals Aim to Spoof Accounting & Payroll Firms This Tax Season

Cristal M Clark

This should not come as a total surprise to anyone, cybercriminals are aiming high this tax season by going after some pretty major accounting and payroll firms along with your hard-earned cash or tax return.

IRS-crimeshop

The deadline for filing taxes in the US is April 15 but as luck would have it, tax season just so happens to start for some well before that and well beyond that despised date here in the US. For many businesses, they actually prepare employee tax information i.e. 1099’s and W-2’s back in January of each year. Which in turn gives cybercriminals a wee jump start on launching campaigns in the hopes of robbing individuals and businesses in their tax fraud, financial fraud and identity theft schemes.

Not all that uncommon of a practice for cybercriminals, this year they just decided to go after accounting and payroll firms, thus branching out from businesses and individual tax payers. IBM X-Force researchers found 3 campaigns were attempting to deceive recipients into believing they were emailed by large accounting, tax and/or payroll services firm which carried malicious Microsoft Excel attachments with a payload familiar to us as one of the most common and effective banking Trojans: TrickBot.

trickbot_server_crimeshop

TrickBot for those who unfamiliar, is financial malware that silently infects devices for the primary purpose of stealing valuable data such as banking credentials, then follows up with wire fraud from the device owner’s account. Should your computer become infected with TrickBot, the cybercriminals operating it would then have complete control and could do virtually anything that they wish on your device, including spreading to other computers on your network and emptying your company’s bank accounts, potentially costing millions of dollars to an employer and to any firms that they are working with.

cybercriminals_crimeshop

Cybercriminals are becoming more and more brazen in their efforts to rob just about anyone and everyone that they can and legally, catching them is more difficult as each year passes because these guys learn from the mistakes of others and often times step up efforts to mask who and where they are operating from.

From an end user perspective, it’s often difficult to tell what’s real and what is not in terms of what emails are coming through, I usually advise everyone to not click on things from anyone you do not know and even if what might be sitting in your email appears to be from a known sender, if they do not email you or send links, invoices, etc, don’t click on it and report the suspicious email to the known senders company, keep your security software up to date, and report anything suspicious, ask questions, look it up online the point is, educate yourself.

Gone are the days that we can rely on the news or the government to keep us informed about every malware campaign coming at us simply because of the sheer volume of them.

Stay vigilant my friends.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

 

 

 

Cybercriminals Procuring High Net Worth Victims Using LinkedIn

sextortion-evolved-crimeshop

LinkedIn Used for Sextortion Scams

Cristal M Clark

Sometimes human nature is so utterly predictable it’s not even remotely funny, for instance those that are a rather bit unfaithful while in a relationship. The fear of getting caught is just as exciting to them as the fear of losing the relationship is. I’ve asked people before why they did it if they are so afraid of losing the relationship, most once you peel back the layers use excuses so as to explain or really justify it by making the spouse or partner out to be the one that pushed them to do it, by not giving attention, or for refusing some sort of sexual endeavor, yet in the end they really had not a single good reason for having an affair other than, they are manipulative and selfish individuals who required more attention than your average individual with the very real motive being nothing more or less than pure selfishness, the need for gratification without taking time to think of others.

It is not just men either, it is both men and women. If you look carefully you will find a certain psychology of those that are prone to have affairs or who just bounce from partner to partner seeking nothing more than sexual gratification.

cybercriminals_crimeshop

Now is the time capitalize on that if anyone was wondering.

sextortion1-CrimeShop

These day’s cybercriminals are capitalizing on just that and targeting high-net-worth individuals utilizing LinkedIn, striking up online emotional relationships, then cashing in in what is referred to as a sextortion scam because they know the older a person is, the potential for a higher salary to be earned follows. After said online relationship is formed or established rather and on solid ground, the cybercriminals then threaten to reveal details of the affair with the victim’s partner unless a ransom is paid in bitcoin.

bitcoin2_crimeshop.jpg

And people are in fact paying, which in some cases does them no real good in the end.

According to researchers who have been studying the gangs for the last 7 months, these cybercriminals are creating gangs, utilizing recruiting methods with accompanying salaries just like an average every day business would. Some of those salaries being offered are up somewhere around the $300K annually and for new hires who have programming skills, those salaries are being paid to the tune of roughly $1,094,940.00 annually, which shows that these organizations are in fact, making enough money to pay high salaries to those that join them. They then target lawyers, doctors, corporate executives and anyone else with high salaries.

linkedin-crimeshop

The most fruitful playground to find these victims just so happens to be LinkedIn which attracts more higher paid professionals. Think about it, if you are looking at Facebook or Twitter, you might not truly know what someone does for a living but you get to LinkedIn and it’s basically that individuals’ entire professional history right up to their current title and for whom they work sometimes relationship status are also found on LinkedIn.

social-media-crimeshop

Then of course the other social media platforms are used so as to learn more personal details with regards to the target and as you might imagine they might even be able to find the individual perusing dating sights. The problem is usually two parts for any victim.

People tend to share it all using social media, which means that you are giving someone including scammers and cybercriminals a real good insight into your inner workings, emotionally and psychologically, they can figure someone out in less time than it takes me to get through a single cup of coffee and that is generally in under two minutes. They can tell everything about the intended target, are they happy in the relationship, are they happy yet daring and willing to risk it all? Do they have children, where do they like to eat, shop, take in a weekend getaway? Couple all of that with something like a data breech, such as passwords, or a data breech from our app’s which often share information about us across a multitude of platforms and it can make an extortion attempt even more profitable.

Cybercriminals are upping the stakes and utilizing multiple social media and dating platforms in efforts to target and make money off of their victims. Sadly, our expectations are that we will be protected from such things and the reality is that we simply cannot be protected by our government or the very social media platforms, it is our choice as individuals after all to post everything that we do, so in a sense, we actually are, partially responsible whenever our information is leaked and then utilized in a scam.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop