America – Under Attack

Cristal M Clark 

Back in 2015, 2016 and 2017 I started talking about cyber security and cyber attacks, I mention that in a sense, a severe enough cyber attack i.e. one that takes out an entire electrical grid or one that could shut a major hospital or government down was essentially an act of terrorism, an act of war. People would laugh it off or tell me with pure disgust that I couldn’t possibly know what I was talking about. 

And now? Well here we are looking at that very possibility. 

According to John C Inglis the National Cyber Security Director, a cyberattack is typically considered an act of war when it achieves the same amount of damage as a kinetic weapon which includes things like loss of health safety or national security. But it goes further than that, when it shuts down an entire industry, city, hospital, cuts off the cash flow of a major business, bank or corporation for an extended period of time, it threatens the lives of Americans. 

And here we are, we are seeing an increase in cyber attacks that take entire systems offline for not days but months. 

You’d be kidding yourself if you didn’t believe other governments throughout the world are not playing a hand in all of this and yes including our own, what’s good for the goose is good for the gander. 

Essentially, this will inevitably cause a war somewhere, here, another country, either way war will happen if we are unable to wipe out this threat altogether. 

The sad truth is, that is much easier said than done. Researchers are finding new threats, backdoors and holes every minute of every day. 

John Inglis warned a House Committee back in November about this and he is not wrong in that warning. With these attacks running rampant all over, we do face the very real threat of war. 

So what do we do? 

We can lecture businesses all we want about reducing the risk, tell them until we are blue in the face, it’s not going to help. 

Perhaps, now would be an appropriate time to enter into some sort of accord, a peace treaty if you will with other world leaders with regards to cyber attacks. We have done this in the past with nuclear weapons and other things, it seems that this one is bad enough that we should be considering and working towards some sort of treaty until nations can better protect themselves from these attacks individually and we can all stand together to fight them and prosecute as a world those that are using cyber attacks as a way to watch the world burn. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

Drug Dealers Delightfully Roaming Streets Thanks to Ransomware Attack


Stuart Florida Police Department 

Cristal M Clark

Ransomware is everywhere and when it hits a business, hospital or municipality crucial information is always lost. In this case which would be the 7th of its kind, crucial case files were lost in an April 2019 ransomware infection causing US prosecutors to drop 11 narcotics cases against 6 suspected drug dealers.

Those drug dealers were let go and are now delightfully roaming the streets, presumably dealing more drugs. 

The evidence in some 11 cases could not be recovered following a ransomware attack that hit the Stuart police department, some of which were photo and video evidence, they were able to recover only some of the missing data from backups, just not quite enough. 

Detective Sergeant Mike Gerwan with the Stuart Police Department said that the dropped cases included charges for possession of meth, possession of cocaine, selling narcotics, manufacturing narcotics, and delivering narcotics, among other charges. 

Which is a huge loss for US prosecutors but it’s not the only one in recent history. 

Starting in 2017, an infection from the Osiris ransomware caused the Cockrell Hill, Texas police department lost 8 years worth of evidence, yes 8 years. Then in May of 2018 the Riverside, Ohio police lost 10 months worth of cases after a ransomware infection. Who can forget Atlanta, the entire city was hit with a ransomware infection back in March of 2018 causing the city’s police department to lose just about 2 years of police car dash-cam video evidence. 

Aside from the Stuart police department in 2019, 3 police departments reported losing crucial information due to ransomware attacks. The Georgia State Patrol, Georgia Capitol Police, and the Georgia Motor Carrier Compliance Division were hit with a ransomware attack which brought down the dash cams in July of 2019. Police car laptops and dash-cams remained down for more than a month following the attack. 

Then again in July of the same year, the Police in Lawrenceville, Georgia were hit and lost case-related files and bodycam footage, no one knows just how much intel they lost because of so many conflicting reports which range from just a tiny bit of to months and years worth of intel. 

Then in December 2019 – The St. Lucie County Sheriff’s Office in Florida lost a week’s worth of emails and evidence following a ransomware infection.

The ability to hit a police department in a ransomware attack is huge, it is an effective way to guarantee a payment with the promise to restore the files, but the reality is that most files are never restored. 

These types of ransomware attacks will continue simply because we have to date no real protection from them because by the time they hit it’s too late. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter


PGA Held for Ransom

PGA Championship - Preview Day 2

Hackers Hit PGA with Ransomware Attack


Not even golf is safe from the likes of ransomware, the PGA has been hit with an attack demanding a nice bitcoin payout.


On Tuesday someone hacked into the PGA servers, days before the scheduled 8/9/2018 PGA Championship locking out the golf association.

Naturally, the hackers want some bitcoin should the PGA want to regain access to its servers, which may or may not mean that regardless of whether the PGA pays the ransom that they will ever be able to actually regain access to any and all files that were stored.

Yep, you read that right because typically this type of ransom attack renders whatever had been stored on the servers permanently inaccessible.

Have no fear tournament, the championship will still go on as planned.

It’s not a huge loss for the PGA as most of the information stored on the servers being held for ransom would don’t share private user data and its replaceable.


All in all, it could be worse, Comcast gave a gift to their subscribers in that a recent security flaw ended up exposing partial addresses and the social security numbers of what is estimated to be 26M Comcast customers.

Funny how I never saw that on the channel lineup.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter


Hackers Targeting Your Office Gossip?


Those Instant Message Services Aren’t so Private

Traditionally, when you think of a hacker being able to obtain your information, you might think that you somehow ended up innocently installing some form of malware which in turn opened up your work or home network to hackers.


Which is pretty true, and one type of service we rarely think about are those instant messaging services used by many within the corporate world these days.

The amount of information your employees share on those unmanaged services is actually a lot more critical to an organization’s inner workings that one might really think.

What that opens any organization up to is a ransomware attack.

Using intel gleaned from an instant messaging service, hackers can obtain some pretty important details about an organization’s inner workings, it’s projects, it’s client base, how much money is involved with particular contracts and deals and they can even obtain details with regards to both current past employees.

Many of these instant messaging programs used are more often than not are not entirely secure and not that, they are not managed by a member of management much less a member of IT if an organization has an IT department.

Truthfully and also sadly, employee’s who partake in the fine art of office gossip using these types of services do not think about the vast amount of information they are gossiping about or sharing with one another much less, that the information could potentially be used in some future ransomware attack on the organization, it’s employee, bank, customer, etc.

Hackers are no longer using stolen intel to just simply steal things like bank account information, they are using information in order to take an organization’s entire network for hostage.


Ransomware attacks saw a surge of 2,500% in just 2017 alone.


Slacks one of the most popular messaging services used in offices these days admitted back in March that they found and patched a vulnerability that would have given hackers full access to chat histories, shared files among other critical data. Chat logs from your workforce can be a valuable and rich source of intel to any hacker worth his weight in gold.

That is a pretty big deal, one which will continue to be a growing concern because hackers do not suddenly get stupid, fix one vulnerability and another will be found, usually by hackers first.

So how does an organization get around this type of situation?

Easy get rid of things like instant messaging programs in your office and force your employees to keeping that office gossip, at the water cooler.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter


Ransomware now hitches a ride with mobile banking trojans


Coming soon to a mobile banking app near you


Researchers from Kaspersky Lab have discovered at least 2 Android trojans that steal financial information and login credentials, now just in time for the holidays, double as file-encrypting ransomware programs.

Faketoken, one of the programs whose primary function was to generate fake login screens for more than 2,000 financial applications in order to steal login credentials, with the added bonus of being able to display phishing pages in order to steal credit card information, and read and send text messages, added a new and improved bonus feature.

The creators of Faketoken back in July added the ability to encrypt user files stored on the phone’s SD card and they also have since released thousands of builds with the very same functionality.

According to researchers at Kaspersky Lab “Once the relevant command is received, the Trojan compiles a list of files located on the device corresponding to the given list of 89 extensions and encrypts them.”

Faketoken is disguised to look like many popular apps and games, once installed, it creates repeated prompts that bug the user repeatedly to input necessary permissions.

Which most people eventually give at one point or another.

Another mobile banking trojan, Tordow 2.0 that has the ability to encrypt files, make phone calls, control SMS messages, download and install programs, steal login credentials, access contacts, encrypt files, visit web pages, manipulate banking data, remove security software, reboot devices, rename files, and act as ransomware.

Tordow 2.0, which is available through third-party app stores, again disguised as a popular app, contains a pack of exploits that it utilizes in order to gain root privileges on the infected devices.

So far Faketoken has managed to infect devices in 27 countries, most of which are located in Germany, Ukraine, Thailand, and Russia. 


It is only a matter of time before the rest of the world starts to see these types of mobile banking trojans that are complete with ransomware.

File-encrypting ransomware has never really been popular until now with mobile devices because generally everything on a mobile device is backed up to a cloud.

With hackers becoming more and more daring, creative and clever, you can be sure to find these types of mobile banking ransomware trojans heading to an app near you sometime in the near future.

Banks are going to need to do more in terms of informing customers of when and why mobile apps are updated but more importantly mobile apps on the app stores need to be checked and managed a lot better than they are today.

Users are the ultimate enabler regardless of banks and the app stores.

I cannot tell you how many times users at my current job and my past jobs, who will bring me a laptop, macbook, Android phone, iPhone, iPad or tablet that has some type of app installed that is causing them a headache.

10 times out of 10, when I ask the user if they checked the app’s that they had installed before installing them, the answer is always no, after being given the glazed over, blank, deer in headlights look.

Users ultimately need to start to check apps prior to installing them.

It is only a matter of time before these types of mobile ransomware trojans become more and more popular as users ditch desktops and opt for more mobile friendly ways to function through everyday life.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter