Australian Man Wanted by the FBI Busted in Italy for Scamming Vulnerable People

Don't miss my latest CSO piece which details a new water system breach by the Cyber Army of Russia in the small town of Stanton, TX, underscoring the threats water facilities face.

Check out our sponsor, Anchore. which helped bring you today's issue:

Anchore enables organizations to secure software supply chains and automate compliance to save time and reduce risk. Built for cloud-native applications and air-gapped environments, organizations can generate SBOMs and fix vulnerabilities while maintaining continuous government and industry compliance.

Italian police arrested an Australian man wanted by US FBI investigators for his alleged involvement in an international computer scam that used call center fake computer repair operations to defraud the elderly and other vulnerable victims of up to $US31 million ($46 million).

The unnamed man, identified by police as “an Italo-Australian,” had been wanted by police for more than three years.

He was arrested by border police at Malpensa Airport in Milan after he landed on a flight from Singapore on Friday.

“The charges relate to a scam, dating back some time, that affected a large number of people, especially the elderly and the particularly frail,” Italian police said in a statement.

Interpol alerted airport police on the suspect’s movements and his potential transit through Italy.

Border police acted on an arrest warrant issued by the North Carolina District Court following a lengthy investigation into the online scam by the Federal Bureau of Investigation and experts from Italy’s cyber police at the Italian Embassy in Washington, DC. He was arrested as soon as he disembarked from his international flight.

Police said the Australian was carrying several thousand euros in cash, several computers, credit cards, and two watches of significant value when he was arrested at Malpensa.

He was transferred to Busto Arsizio prison, 35 kilometers north of Milan. He is expected to appear before a magistrate within 48 hours before a formal request is made for his extradition to the US to face computer fraud, damaging computer security, and money laundering charges.

Under US law, the man could face up to 30 years in prison if found guilty of defrauding more than ten victims over the age of 55. (Josephine McKenna / Sydney Morning Herald)

Related: GBHackers, Herald, La Milano, The 420

The Internet Archive suffered a third cyber incident, with many users who had previously contacted Internet Archive support receiving an email informing them about another security incident, one related to the Internet Archive’s Zendesk instance.

The email, apparently sent by someone who abused a compromised Zendesk token, read, “It’s dispiriting to see that even after being made aware of the breach two weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their GitLab secrets.” 

“As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018,” the hacker added. “Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine—your data is now in the hands of some random guy. If not me, it’d be someone else.”

These messages came from a zendesk.com email address known to have been used for support and other purposes by the Internet Archive. (Eduard Kovacs / Security Week)

Related: Internet Archive, Forbes, Help Net Security, Tech News Day, The Cyber Express, The Register

According to a US Department of Homeland Security document first obtained by national security transparency nonprofit Property of the People, Chinese companies are “using People’s Republic of China state support to quickly and cheaply enter the emerging US utility battery energy storage industry and create supply chain dependencies on China.”

The document asks that any suspicious activity be reported.

It alleges three companies—Contemporary Amperex Technology Co. Limited (CATL), Build Your Dreams (BYD), and Ruipu Energy Co. Ltd. (REPT)—have “benefited from the various forms of state support and leveraged this to further business strategies for gaining US market share.”

The report says it builds on previous documents that analyzed Chinese “state-supported firms’ use of noncompetitive tactics in the electric vehicle and battery supply chains.”  (Zeyi Yang / Wired)

According to documents and technical reports, Russian spies were watching Georgia’s government and major companies in a comprehensive espionage and hacking campaign over the years, scooping up information and gaining powers to potentially sabotage critical infrastructure.

Russian intelligence penetrated the Foreign Ministry, Finance Ministry, Central Bank, and key energy and telecommunications providers between 2017 and 2020. It also accessed Georgian electricity companies, oil terminals, media platforms, and government departments.

A vital gateway for energy and trade routes linking Europe and Asia, Georgia has been central to the East-West geopolitical struggle for at least two decades. Just how central is now more apparent before the country elections on Saturday.

The US and the EU labeled a recent Georgian government crackdown targeting civil society groups as “Kremlin-inspired” and have accused Russia of targeting the country with cyberattacks before. The government sparked mass protests in May by reviving a “foreign agent” law to monitor outside influence on non-governmental organizations and the media. (Alberto Nardelli and Ryan Gallagher / Bloomberg)

A group of security researchers from the University of California, San Diego (UCSD) and Nanyang Technological University in Singapore revealed a new attack called Imprompter that secretly commands an LLM to gather users' personal information from chats and send it directly to a hacker.

The attack uses an algorithm to transform a prompt given to the LLM into a hidden set of malicious instructions. An English-language sentence telling the LLM to find personal information someone has entered and send it to the hackers is turned into what appears to be a random selection of characters.

In reality, this nonsense-looking prompt instructs the LLM to find a user’s personal information, attach it to a URL and quietly send it back to a domain owned by the attacker—all without alerting the person chatting with the LLM. The researchers detail Imprompter in a paper published today.

The eight researchers behind the work tested the attack method on two LLMs, LeChat by French AI giant Mistral AI and Chinese chatbot ChatGLM. In both instances, they found they could stealthily extract personal information within test conversations—the researchers write that they have a “nearly 80 percent success rate.”

Mistral AI tells WIRED it has fixed the security vulnerability—with the researchers confirming the company disabled one of its chat functionalities. A statement from ChatGLM stressed it takes security seriously but did not directly comment on the vulnerability. (Matt Burgess / Wired)

Related: Imprompter.ai, Imprompter PDF

Cryptographic analysis by ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed that several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to security issues that could expose user data to malicious actors.

The researchers revealed issues with the Sync, pCloud, Icedrive, Seafile, and Tresorit services, which are collectively used by more than 22 million people.

The analysis was based on the threat model of an attacker controlling a malicious server that can read, modify, and inject data at will, which is realistic for nation-state actors and sophisticated hackers.

The ETH Zurich researchers found serious vulnerabilities in all five products, including implementations allowing malicious actors to inject files, tamper with data, or gain access to user files.

The researchers notified Sync, pCloud, Seafile, and Icedrive of their findings on April 23, 2024, and contacted Tresorit on September 27, 2024, to discuss potential improvements in their particular cryptographic designs. (Bill Toulas / Bleeping Computer)

Related: Broken Cloud Storage

The Tapioca Foundation has offered a $1 million bounty to an attacker who stole $4.7 million from its decentralized finance protocol in what it has called a “social engineering attack.”

The group offered $1 million in Tether, which it said was “significantly higher than the normal 10%” in bounties, in exchange for the attacker returning the remaining $3.7 million.

 The attack compromised the ownership of the vesting contract for its Tapioca DAO Token (TAP) and the USDO stablecoin.

The attacker was able to claim and sell vested TAP and “added a minter to infinite mint USDO and drain” a liquidity pool for USDO and USDC. (Jesse Coghlan / Cointelegraphan attacker a $1 million bounty )

Related: DL News, CoinMarketCap, CryptoSlate

The US is investigating the leak of two top-secret documents that show Israel's military preparations for an expected strike on Iran prepared were leaked by the National Geospatial-Intelligence Agency.

Neither document indicates Israel’s potential targets, and one cautioned that the agency’s analysts “cannot definitely predict the scale and scope of a strike on Iran.” 

The reports describe the types of aircraft and munitions the Israeli military is expected to use in an attack, which the documents say could come without additional warning. 

Adding to US concerns, the classified assessments were disseminated by a pro-Iran site, Middle East Spectator, which says it received them from an anonymous source. Middle East Spectator describes itself as an “open-source news aggregator” staffed by independent journalists. A number of Middle East officials and experts say it is known for promoting pro-Iranian information. 

 The leak raised concerns among some Israeli officials about the US's ability to protect closely held information that affects its ally. (Michael R. Gordon and Dustin Volz / Wall Street Journal)

Related: USA Today, New York Times, CNN, Reuters, Daily Sabah

An appeal from Cynthia

It's lovely that you've read this far in today's Metacurity, but it would be beautiful if you could support Metacurity's continued delivery of top infosec developments with an upgrade subscription. Thank you.

Magnetic X, a top decentralized exchange on the XRP Ledger (XRPL), successfully repelled a recent distributed denial-of-service (DDoS) attack.

According to the exchange, the DDoS attacker wanted a ransom payment of several thousand Tether (USDT). However, instead of paying the ransom, the exchange chose to "expand and upgrade" its system.

The exchange says that its services have been reconfigured and scaled to handle "millions of requests." (Alex Dovbnya / U Today)

Related: Coinpedia

TikTok owner ByteDance fired an intern for allegedly sabotaging an internal artificial intelligence project.

ByteDance said it had dismissed the person in August after they “maliciously interfered” with training artificial intelligence (AI) models used in a research project.

The company commented on the intern's sacking after rumors circulated widely on Chinese social media over the weekend. In a statement posted on its news aggregator service, Toutiao, ByteDance said that an intern in the commercial technology team had been dismissed for serious disciplinary violations, according to a translation.

It added that its official commercial products and its large language models, the underlying technology for generative AI, had not been affected.

The company said that reports and rumors on social media contained exaggerations, including the scale of the disruption. ByteDance said this included rumors that as many as 8,000 graphical processing units, the chips used to train AI models, were affected and that losses were in the tens of millions of dollars.

ByteDance said it had informed the intern’s university and industry associations about their conduct. (Jasper Jolly / The Guardian)

Related: Cybernews, TechNode, WION, South China Morning Post, Benzinga, Tech in Asia, NewsBytes, BBC News

Best Thing of the Day: A Chance to Serve Your Country

The US Defense Department is considering asking chief technology officers and other senior tech professionals to take up high-ranking positions in the military reserves to help with short-term projects in cybersecurity, data analytics, and other areas.

Worst Thing of the Day: You Rented Hackers How Many Times?

While it's excellent that hackers have learned to retrofit now-defunct Redbox kiosks to play Doom, unfortunately, a California-based programmer named Foone Turing was able to grab an unencrypted file from the internal hard drive containing a file that showed the emails, home addresses, and the rental history for either a fraction or the whole of those who previously used the kiosk.

Closing Thought