Man linked to TheDarkOverlord sentenced to 3 years in jail

Sam Wildman reports that a Wellingborough, U.K. man who has been linked to TheDarkOverlord has been sentenced to jail for three years, but for crimes that do not appear to be the work of the blackhat hacking collective.
Crafty Cockney, whose real name is Nathan Wyatt, had pleaded guilty in September to 20 counts of fraud by false representation, two counts of blackmail and one count of possession of an identity document with intent to deceive (a false passport). Among the charges that he confessed to was using his dead stepfathers credit card for months to make fraudulent purchases.
Selfie of Nathan Wyatt, aka Crafty Cockney, taken approximately 5 years ago. Provided by Wyatt.
As I reported last year, on September 24, 2016, Wyatt was arrested on suspicion of Computer Misuse Act offences for allegedly attempting to broker the sale of what he claimed were pictures of Pippa Middleton that had been hacked from her iPhone. He was later released without any charges stemming from that incident, and he never publicly identified who the actual hacker was who had hacked Middletons iPhone. He repeatedly denied that he was the hacker.
As Wildman explains, however, once law enforcement seized Wyatts computer and other devices, they found evidence of other crimes, including his attempt to extort money from an unnamed law firm for the return of files he had allegedly obtained by using malware. You can read more of Wildmans coverage on Northamptonshire Telegraph.
The Daily Mail provides some interesting additional details, including that the ransom letter to the law firm was signed Regards, The Dark Overlords. It is difficult to imagine the hacking group getting their name wrong, so if that was not a typo by the news outlet, then there may be some reason to wonder whether the extortion attempt really was by the TheDarkOverlord or if it was just Wyatt trying to capitalize on any fear their brand might generate.  Neither Wyatt nor any spokesperson for TheDarkOverlord have ever claimed to this journalist that Wyatt was ever any kind of core member of the hacking collective.

Although Wyatt may or may not have been a core member of TDO, the judge sentencing him seems to have recognized that Wyatt is likely responsible for many more crimes than were charged. According to Richard Spilletts report in the Daily Mail, Judge Martin Griffiths sounded somewhat skeptical that Wyatt had been held to account for everything: A rather more sceptical mind would say there was a great deal more to this behaviour than there is in these counts. He reportedly added: I consider this was a sophisticated piece of offending by you.
云计算,需要为客户提供网站访问情况的详细统计分析功能,服务商也需要从中分析用户行为,用以发现问题和改善服务质量,不过小心随着人们的隐私保护意识得以加强,会挑战相关的用户数据搜集和保存条款。
Wyatt has not been charged criminally in the U.S. (or at least no charges have been made public as yet), but he has been linked to hacks by TheDarkOverlord of one or more Georgia clinics.
At various times, Wyatt told this journalist about a phone call he was supposed to make to a hacking victim to pressure him to pay the ransom demanded by TheDarkOverlord. As best as this journalist could determine, that victim was Athens Orthopedic Clinic. But did Wyatt actually make the phone call or not?
At one point, he claimed to this journalist that although he was supposed to make the call and had told his contact from TheDarkOverlord that he had made it, he hadnt made it. DataBreaches.net was never able to obtain any direct communication with the clinic owner, and therefore does not know whether he claimed to have received any corresponding call, but here is the recording of the call that Wyatt informed me was his work. It was uploaded to YouTube on July 10, 2016, and if you cannot make out what hes saying, the transcript indicates that he was talking to someone named Jim. James Kayo is the owner of the Athens Orthopedic Clinic.
Wyatt had also linked to the recording in a post on a now-defunct AlphaBay forum.
兴业太阳能(00750)授出1200万份购股权
In addition to allegedly making a call to pressure a U.S. hacking victim into paying ransom, Wyatt allegedly served other functions for TheDarkOverlord, including setting up bank accounts in the U.K. where U.S. victims would then wire ransom payments.
Somewhat amazingly, perhaps, information obtained by DataBreaches.net revealed that Wyatt actually opened at least one of those accounts in 2016 using his real name. He also seems to have used his live-in partners real name for another one of the accounts. Although she, too, had been charged criminally in some matters, his partner was later acquitted after no evidence was reportedly produced by prosecutors at trial.
It is not clear whether Wyatt might be eligible for parole at some point or if he will have to serve the entire three years in jail.  Perhaps someone more familiar with the U.K. criminal justice system can address that question. And as to whether he will ever face charges over any U.S. crimes, I guess well all have to just wait and see.
提升信息安全?如何才能短平快?当然是进行信息安全意识培训啦!

猜您喜欢

企业信息安全建设的思考
职业健康、环境保护、安全生产
网络安全法宣传视频系列001《网络安全法》背景知识
父亲逛街认出被拐儿子将其解救 三人获刑
CONNECTND EPEOPLES
海外出差,保障员工安全,化解文化冲突需强化出国培训:

Average Employee Manages Nearly 200 Passwords

Average Employee Manages Nearly 200 PasswordsBut single sign-on support lacks in over 50% of the most popular websites and services used by workers.Employees use an average of 191 passwords to enter 154 times in a given month, racking up an estimated 36 minutes of password data entry during that time, according to a report released today.
The Password Exposé report, based on aggregated and anonymized data from over 30,000 LastPass customers, found that other industry reports often underestimate the number of credentials used and put the figure closer to an average of 27 passwords per employee.
网络安全法普法宣传 004《网络安全法》的突出亮点
In addition to enterprise apps, employees often use dozens of other apps while at work, such as advertising and analytics platform apps as well as demonstration apps, the report notes.
Meanwhile, companies and employees do not get full relief by using single sign-on (SSO) technology.
Although a number of enterprise apps have SSO capabilities, more than 50% of the most popular websites and services, such as Box, MailChimp, and LinkedIn, do not support SSO out of the box, the report states.
As a result, companies are left to put a business password manager in place to ensure all of those websites and services are “captured” and managed by IT policies, says Rachael Stockton, director of product strategy at LastPass.
Password vaults with multifactor authentication are enabled in 26.5% of the companies included in the report, a level that lacks broad enough adoption to offset the problems that enterprises face with passwords, according to the report.
“Multifactor authentication isn’t supported widely enough across Web services, and isn’t adopted frequently enough by businesses, to offset the risks that passwords pose,” Stockton says. “While the business community is moving in the right direction, change is happening too slowly. Until universal coverage with multifactor authentication (or even behavioral or contextual authentication) is available, companies need to invest in strengthening the password-protected services in use across the entire organization.”
Another recent study found that while corporate America’s use of passwords remains prevalent, multifactor authentication is showing some signs of growth in the enterprise. Javelin Strategy & Research’s 2017 State of Authentication Report found 100% of enterprises continue to use passwords, despite industry calls to ditch them all together or at least bolster security through a combination of passwords and other measures, such as biometrics and public key infrastructure.
您只需每半月抽出大半个小时时间,和我们一起回顾过去两周业界发生的重要信息安全事件,相信我们不同于传统媒体的专业化点评也会开拓您的信息安全管理视野,丰富您的信息安全管理知识。
Password vaults also grow exponentially, the study found. The average employee starts with 20 credentials in their password vault and within three months that number doubles, according to the report. LastPass, in a report from last year, found that 91% of users were aware of the risks of reusing passwords, yet 61% continued with the practice.
Business and Personal Password Use IntermingledRoughly half of the top 36 popular websites that employees access for work are consumer solutions, such as Dropbox, Google, and Evernote, the report states. But the owners of these accounts are likely the employees, even though sensitive work-related data is likely stored on these accounts.
“The line between ‘business’ and ‘personal’ apps is a blurry one. People are often using personal accounts in the workplace, and may even be doing work or sharing work data in those personal accounts,” says Stockton.
The report also points to a recent Ovum study that found 23% of workers will use their social media credentials to log in to business systems and applications, as well.

“It was very surprising to learn that businesses were allowing access to their data through sites protected only by personal passwords that they have no control over,” Stockton adds.
In citing the problems with this practice, Stockton says the first one is control. When an organization allows an employee to log in via Facebook, then it is leaving all the password policy control, such as two-factor authentication, password rotation, and number of characters to the end user and raises the risk that a weak password is protecting access to critical business data, she says.
The second risk, Stockton observes, is that social media credentials are often reused and not very secure.
“If one social media website has a security incident, there’s increased risk that attackers will find re-used credentials to access corporate accounts,” she says. “You are basically outsourcing the password security for your company to another website.”
Related Content:
Why Relaxing Our Password Policies Might Actually Bolster User Safety
PassGAN: Password Cracking Using Machine Learning
30% of Major CEOs Have Had Passwords Exposed
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
不断出现的安全事故、客户的安全顾虑、法律法规遵循的压力,让信息安全专家和管理团队疲于奔命、甚至极度痛苦。

猜您喜欢

…"黄金周"后恢复正常生活:结束旅行开始工作_《参考消息》官方网站
移动科技及持续性威胁推动信息安全管理创新
网络安全法宣传视频系列001《网络安全法》背景知识
北师大将在厦门办美术公益营
IGRAI WHENITWASAGAME
信息安全动漫如何防范假冒WiFi热点