Showing posts with label cyberstalking. Show all posts
Showing posts with label cyberstalking. Show all posts

August 25, 2020

Tuesday, August 25, 2020 - , No comments

3.4 million LiveAuctioneers users suffer at the hands of a data breach

On July 12 New York-based art, antiques, and collectibles online marketplace LiveAuctioneers gave their online auction users some bad news.  Their cybersecurity team confirmed, one month after the incident occured, that a recent cyber-attack on 19 June 2020 had allowed hackers to access data contained in the company's records.  That data included personal information from 3.4 million buyers and sellers including names, email addresses, mailing addresses, phone numbers, visit history, and users' encrypted passwords stored as unsalted MD5 hashes.  Thankfully sensitive credit card details were apparently not exposed to the data thieves this time around. 

While LiveAuctioneers disabled passwords on all its bidder accounts and advised users to follow the necessary steps to change any matching email/passwords on other sites, the time delay between the attack and the actual acknowledgment of the breach left many site users, on and offsite, at further risk for fraudulent transactions, identity theft and phishing via other platforms.  ARCA has learned of at least one purchaser, paying for an item purchased on LiveAuctioneers via Paypal, who inadvertently sent funds, later reimbursed via Paypal, to a third-party who was not the actual seller they assumed they were buying the item from.

The attack was apparently orchestrated by a hacker who offered the user data on a surface web hacker forum who apparently goes by the screen name Megadimarus and who listed his work title humbly as "God." Megadimarus is the same culprit responsible for the data breaches of dozens of other user data-rich websites and for those of you who want to delve further just google the pseudonym of this in-your-face-and-up-your-left-nostril attacker.

Yet, while it looks like LiveAuctioneers may have, like so many others, failed to adequately protect their user's data, the shocking truth is that oftentimes an individual's password in and of itself can be easily cracked even with salting if the salt is kept with the hashed password, as most systems do.  This is why, as a general rule people are prompted by more security-minded websites to not use weak passwords like ISolemnlySwearImUpToNoGood or FBISurveillanceVan or any combination of characters that comes straight from a dictionary and are more easily cracked.  It's also wise not to use the same passwords over and over again on multiple sites as breaches like these are far too common. 

In closing, I feel your pain.  Especially whenever I sign up for a new website with enhanced password protection protocols as my experience inevitably goes something like this:

WEBSITE: Please create your preferred password.
ME: klimt
WEBSITE: Sorry, your password must be more than 8 characters.
ME: gustav klimt
WEBSITE: Sorry, your password cannot have blank spaces.
ME: gustavklimt
WEBSITE: Sorry, your password must contain 1 numerical character.
ME: gustavklimtdiedin1918
WEBSITE: Sorry, your password must contain at least one uppercase character.
ME: gustavKLIMTdiedin1918
WEBSITE: Sorry, your password cannot use more than one uppercase character consecutively.
ME: GustavKlimtdiedin1918StupidContraryWebsite
WEBSITE: Sorry, your password must contain a special character
ME: GustavKlimtdiedin1918StupidContraryWebsiteGiveMeAccessNow$£%&!
WEBSITE: Sorry, that password is already in use.

By:  Lynda Albertson

February 19, 2014

"Riverside County Art Dealer Arrested in Federal Cyberstalking Case" (U.S. Attorney's Office Press Release Feb. 12); FBI Art Crime Team Investigating

FROM:  Thom Mrozek
Public Affairs Officer
United States Attorney's Office
Central District of California (Los Angeles) 

Issued on Wednesday, February 12 at 8:30 a.m. PST. EDS: a copy of the criminal complaint is attached. 
LOS ANGELES – The owner of a Temecula art gallery who allegedly stalked, harassed and attempted to extort several art world professionals was arrested today on federal cyberstalking charges. 
Jason White, 43, of Temecula, was arrested this morning without incident by special agents with the FBI. White’s arrest comes after federal prosecutors yesterday filed a criminal complaint that charges White with stalking, a crime that carries a potential penalty of five years in federal prison. White is expected to make his initial appearance this afternoon in United States District Court in downtown Los Angeles. 
According to the complaint, White engaged in a stalking and extortion scheme that targeted several art world professionals with whom he had had business relationships. When those business relationships ended, White posted derogatory information about his former associates on websites he had created, and then used threatening emails to demand hundreds of thousands of dollars in exchange for taking the websites down. According to the complaint, White repeatedly made extortionate demands through harassing text messages and emails, and when his demands were not met, he threatened violence.
In one part of the scheme, White targeted his former employer, an art publisher, as well as his supervisor at the art publisher’s company. After creating derogatory websites in the art publisher’s name, White allegedly sent threatening text messages to the art publisher, the publisher’s son, and his former supervisor. According to the complaint, in a text message to his former supervisor, he threatened to find her family and make her pay with “fear, anguish, and pain.” On several occasions, according to the complaint, White obtained pictures of her child and sent pictures of the child to the victim with comments such as “it will be very unfortunate if something was to happen to him.” During this time, according to the complaint, White continued to demand payment in exchange for taking down the websites he had created, and made it known to these victims that their business reputation would be ruined and that his websites would forever show up anytime anyone searched for their name on the internet. 
Late last month, White allegedly went to the Facebook page of a well-known artist represented by the art publisher and posted a picture of himself, along with a statement that he was focusing on the artist’s wife and child. White allegedly wrote that he would be waiting in the bushes to “knee cap a child.” Through the Facebook message, White told the artist, “your children are my end game.” 

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until and unless proven guilty in court. 
The case against White is being investigated by the Federal Bureau of Investigation, Art Crime Team.

CONTACT:    Assistant United States Attorney Sarah Levitt
                        Cyber and Intellectual Property Crimes Section
                        (213) 894-2579 
Release No. 14-022