Category Archives: Cybercrime

Legislation of criminal jurisdiction over online texts should be changed

The acquittal of writer Kaur Kender, accused of producing child pornography, because he wrote his text abroad that is therefore not subject to Estonian legislation shows that laws need to be taken into conformity with the digital age,” finds Jaan Ginter, professor of criminology at the University of Tartu.

Tallinn Circuit Court acquitted Kender a week ago because he was in Michigan, USA when his infamous short story “UNTITLED 12” was published, while the server of publisher nihilist.fm is located in the United Kingdom. Kender was beyond the reach of Estonian laws.

When a digital-age person with no knowledge of the law reads the court’s decision, they will find it very surprising Kaur Kender’s case does not fall in the jurisdiction of Estonian courts at all. Kender’s text was aimed at the Estonian market. [..] The location of a digital services provider – the location of computers used to offer the service – should not matter these days. [..] No one, including myself, has given comprehensive thought to what the criminal jurisdiction of online texts could be; however, it is clear laws are evolving, and that the location of the server cannot be the decisive factor.

Links:
https://news.postimees.ee/4281829/kender-s-case-points-to-necessity-of-changes

RIA Cyber Security Report 2016

The Estonian version of the report was released already in March.

One interesting piece of information disclosed in the report is the case of targeted attack against the SCADA system used at Viru Keemia Grupp AS. The case was also widely covered in Estonian media.

In 2016, traffic bearing the hallmarks of malware was spotted in the computer network of Viru Keemia Grupp (VKG), an Estonian group of oil shale, power and public utility companies. Software experts found the Mimikatz malware in the VKG office network, used in Windows systems to extract identity credentials (such as passwords, password hashes etc.). [..] Upon further investigation, it was found that a workstation in the SCADA monitoring segment was infected. The workstation was then removed from the network. Network traffic and examples of malware found on computers all pointed to a targeted attack. The malware and control server used have been linked to the APT28 cyber espionage group.

The report also includes RIA position statement on technology backdoors:

From Estonia’s perspective, strong encryption is vital for ensuring trust in the state’s digital services, as all of the e-services provided by the government and many private sector e-services are based on strong encryption (Estonian digital identity). In the longer term, building in backdoors would thus reduce trust in the digital state, but trust is an extremely important value for Estonia. As a result, Estonia has not supported building backdoors into e-services, and the objective and function of RIA continues to be to ensure the high level of trust in Estonian digital identity.

Links:
https://www.ria.ee/en/ria-cyber-security-more-important-than-ever.html
https://www.ria.ee/public/Kuberturvalisus/RIA_CSA_2017.PDF

Hacking systems protected by a simple password might not be an offense

Oskar_Gross

Oskar Gross, the manager of recently opened Cyber Crime Unit of Central Criminal Police writes in an opinion piece that Estonian legislation is at times more primitive than the actual cybercrime. Therefore, there may be a weird situation where hacking an account that is protected with a simple password such as “1234” is not an offense.

In the last commented edition of the Penal Code, the lawmaker rather boldly attempted to define the legal handling of computer systems’ passwords and security issues related to recovering password, and the end result is problematic in several aspects.

Penal Code has an important section §217 “Illegal obtaining of access to computer systems” which aims to penalize unauthorized access to computer systems. The commented edition of Penal Code clarifies that unauthorized access is not in case of amazingly simple passwords, such as “admin”, “123456” and “qwerty”, because such passwords can be guessed by an attacker or found from “the top worst passwords” on the Internet.

In short, this section comment says: “If you have a weak password, the access to your data is allowed.”

Links:
http://geenius.ee/uudis/arvamuslugu-kas-konto-parooliga-1234-avalik

Poorly secured WiFi router abused to sent SMS messages to paid numbers

wifi_sms_abuse

Thanks to a poorly secured WiFi network, in a few days cyber-criminals where able to cause nearly EUR 1,000 bill to the dining place BURKS in Tallinn.

EMT WiFi router’s admin account was accessed and SMS messages were sent out to paid numbers (some Latvian numbers and Mobile parking). Seems like it was possible because router used mobile Internet and allowed to send out the messages.

Links:
http://tarbija24.postimees.ee/3456355/reporter-ee-video-kehvasti-turvatud-wifi-vork-toi-soogikohale-kopsaka-arve

Tax refund scammers use the name of the Estonian Tax and Customs Board

emta_tax_return_phishing

“Today I received an email from deklaratsioon@emta.ee. Already at the beginning it seemed doubtful that such letter would come in November. However, even more bizarre became the thing when I opened the link from this email. It is obvious that this email seeks to scam out of naive people their credit card details – card number, CVV2 code” a person who received the letter writes in her Facebook post.

Links:
http://kasulik.delfi.ee/news/uudised/hoiatus-tulumaksu-tagastusest-teavitav-e-kiri-voib-lihtsameelse-rahast-lagedaks-teha?id=72992171

A public lecture by Mikko Hyppönen at Estonian IT College

Mikko Hypponen at Estonian Information Technology College

On 13 October 2015 at 12.00pm, Mikko Hyppönen, the world renowned information security expert, whose presentations always contain ample examples of topical information security incidents and events that have endangered the privacy of Internet users will be delivering a public lecture at the IT College.

Links:
http://www.itcollege.ee/en/blog/2015/09/15/mikko-hypponen-top-specialist-of-information-security-will-be-delivering-a-public-lecture-at-the-it-college/
https://www.youtube.com/watch?v=UXSAaVx2EOo
http://uudised.err.ee/v/eesti/724d4692-24ba-48ee-ab60-b81221fbc79b/
http://news.err.ee/v/scitech/8067fe55-f06f-47be-aefa-38a2a1b834e2/

Estonian police to set up cyber crime unit

cybercrime

The Estonian Police and Border Guard Board is in a process of forming a dedicated cyber crime unit to deal with crimes that target information technology. The unit will start in 2016 and will employ 8 experts, working under the Central Criminal Police department. It will be put in charge of the cases where the criminal motive has been to harm computers or IT. The unit will also support other police departments with know-how and skills.

Links:
http://news.err.ee/v/scitech/911d2814-b121-4c59-9d39-2c7b5d8668a6

Two Estonian companies received Bitcoin extortion letters

dd4bc_extortion_letter

According to the Police and Border Guard Board, at least two Estonian companies have become victims of the latest cyber-attack, in which they also received an email demanding Bitcoins. The cyber-criminals threatened in the emails that should they not received Bitcoins, more serious attacks will follow.

In both cases, the denial-of-service (DoS) attack was first committed against the official web pages of the respective companies. The businessmen then got an email which specified the account and deadline for transferring the Bitcoins – to avoid a more deadly ambush. According to police representative, the cyber-attack lasted for about an hour. However, the attackers have not carried through their threats, despite the entrepreneurs not giving in to Bitcoin demands. The police have started a criminal investigation.

Took a year for Estonian criminals to try out the business plan.

Its not yet known who is behind the attack and extortion. Similar cases in Estonia have not been seen before, but the rest of the world is familiar and law enforcement agencies in various countries cooperate to apprehend the criminals. The extortion letters are sent by organized criminals who call themselves “DD4BC”.

Searching by “DD4BC” shows that in the last months several organizations in various countries have received Bitcoin extortion letters from group calling themselves DD4BC. However, these might as well be Estonian criminals going under DD4BC handle.

Links:
http://news.err.ee/v/scitech/09f4d9ae-dd8e-499f-aaf1-f56d9e9188b9
http://epl.delfi.ee/news/eesti/hakkerid-noudsid-runnakutega-ahvardades-bitcoine?id=71475581
https://www.politsei.ee/et/uudised/uudis.dot?id=446825

Investigators disclose best disguised cybercrime in years

cybercrime

This was no classical computer fraud investigation. In this criminal case, the police has no crime notice by any person or foreign bank suffering loss of money. That was what the fraud was built upon: to act unnoticed and avoid being seen by investigators.

Generally speaking, credit card fraud and the obtaining of other people’s credit card data in specialised internet forums is nothing extraordinary. Still, the activity Sergei is accused of was a long step forwards when it comes to conspiracy – for he got his cards data from forums to enter which an invitation was needed from the inner circle.

Getting caught was supposedly avoided by so-called virtual machines used to hide themselves while making purchases with credit cards of strangers. In theory, this was supposed to be the perfect crime. To leave no evidence, all parties involved used encrypted data communication between themselves. The criminal idea as such was simple: purchase at full price for other people’s money, and to resell at considerably lower prices.

To avoid being linked with the goods, he ordered these to post offices in some European countries. Like Germany, Austria, Czech Republic, Sweden of Finland. Mainly the latter. Individuals hired by Sergei’s closest assistant travelled to get the goods; stuffing their luggage full of laptops, the marched off to an airplane.

The article does not tell why the super disguised crime failed.
Probably the guys attracted the attention by selling too cheap goods.

Links:
http://news.postimees.ee/3061473/cyber-investigators-disclose-best-disguised-crime-in-years

The hands of the Prosecutor’s Office remain short when catching foreign cyber criminals

prokuratuur_logo

In the interview prosecutor tells how foreign requests for legal aid are too expensive and take too much time so that victims cannot actually rely on the police or prosecutor’s office in e-crime cases which are below EUR 1000 or EUR 5000 (in case of UK). Nigeria and USA are called bad. Former for obvious reasons, the latter because US laws are helpless for investigating the cybercrimes. Germany has been praised because they sometimes still prosecute cybercrooks.

Links:
http://www.sakala.ajaleht.ee/3046067/prokuratuuri-kaed-jaavad-piiritaguseid-kaaperdajaid-puudes-vaga-luhikeseks