1. DeepDotWeb Defendants Used Bitcoin to Hide Criminal Proceeds, Say Feds by John Biggs

Authorities apprehended two Israeli citizens to kick off the week, alleging they were involved in DeepDotWeb, a now-shuttered resource that provided news, reviews, and updates on the dark web. The two apparently made over $15 million via a kickback scheme in which they received funds for giving dark web exchanges business, laundering their money through Bitcoin. An attorney presiding over the case called it “the single most significant law enforcement disruption of the dark net to date,” on Monday. According to the indictment, the pair, who both resided in Brazil, started the website in 2013 and operated it until April 24, when it was seized by the FBI and DOJ:

Read more

2. Alleged FIN7 hacking director Andrii Kolpakov set to be extradited to the U.S. by Jeff Stone

One of the three suspected members of the FIN7 cybercrime group, arrested in Europe last year, may be extradited to the U.S. CyberScoop News, which cites a conversation with the lawyer of the suspect, Andrii Kolpakov, says he could be extradited soon. FIN7, one of the more prolific cybercrime groups of late, of course were linked to attacks against 100 organizations, 3,600 business locations, and the theft of 15 million payment cards. The group is referred to as FIN7 by FireEye but Carbanak by other threat researchers; for what it's worth FireEye refers to the backdoor that FIN7 uses as CARBANAK. Separate from the Kolpakov news, we got another reminder this week that the group has continued on without him. Flashpoint said in March that attackers were using new malware, SQLRat, to compromise machines. Kaspersky Lab said on Wednesday that its observed a campaign that used the same TTPs as FIN7 to carry out spear-phishing attacks against financial entities and companies in one African country.

Read more

3. Limit How Long Google Keeps Your Data With This Overdue Setting by Lily Hay Newman

Just like Facebook last week, Google this week made privacy and security a focus of its big I/O developer conference, hyping up its new Android OS, and giving Google users some much needed flexibility when it comes to how long the tech behemoth can store their data. New settings unveiled by the company allow users to decide whether Google can keep their data for: Three months or 18 months. Google technically debuted the tool last week but discussed them, along with some of the company's other privacy initiatives, at the conference on Tuesday. Users can go to the Web & App Activity section of their Google account and decide whether Google can keep users' web and app activity until they want to delete it manually, keep for 18 months - then delete automatically, or keep for three months - then delete automatically.

Read more

4. Freedom Mobile server leak exposed customer data by Zack Whittaker

A cache of unencrypted data belonging to customers of the Canadian wireless telecom Freedom Mobile was found on an unexposed server this week and eventually, secured. While not widely known outside Canada the cell network is the country's fourth largest, with over 1.5 million customers. Only a fraction of those, 15,000, were affected by the breach. According to TechCrunch, which was briefed on the leak by two researchers, customer names, email addresses, phone numbers, postal addresses, dates of birth, customer types, and account numbers were out in the open. The company fixed the issue, which ironically stemmed from a logging system used by the company to sniff out errors in its systems, in a week’s time.

Read more

5. Baltimore Recovering From Second Ransomware Attack by Scott Ferguson

Despite reports - like this one via the FBI last week - that suggest that ransomware is declining, it's still a very palpable threat. The city of Baltimore appears to be the latest victim; the city's information systems and municipal services were hit mid-Tuesday and remained down as of early Friday. The culprit? A relatively unknown strain of ransomware, at least to this reporter, named RobbinHood. "The FBI is investigating this certain incident and has confirmed that it is a fairly new variant and it's quite aggressive. Right now, technicians are trying to remediate the root cause to find out what's been impacted and affected. And we can say with confidence that public safety systems are up and operational," the city's CIO Frank Johnson told a crowd at a press conference Tuesday. A closer look at the ransomware’s specs, via the always informative Lawrence Abrams, found that the ransomware will stop 181 Windows services, disconnect all network shares, then encrypt files with the following name format: Encrypted_[randomstring].enc_robbinhood. Assuredly, there'll be more to come on this.

Read more