Latest news with #RaphaelSatter
The Star
a day ago
- Business
- The Star
Coinbase breach linked to customer data leak in India, sources say
FILE PHOTO: A representation of the cryptocurrency is seen in front of the Coinbase logo in this illustration taken on March 4, 2022. REUTERS/Dado Ruvic/Illustration/File Photo WASHINGTON (Reuters) -Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing companyconnected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters. At least one part of the breach, publicly disclosed in a May 14 SEC filing, occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone, according to five former TaskUs employees. Three of the employees and a person familiar with the matter said Coinbase was notified immediately. The ex-employees said they were briefed on the matter by company investigators or colleagues who witnessed the incident in the Indian city of Indore, noting that the woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes. The ex-employees and person familiar with the matter said more than 200 TaskUs employees were soon fired in a mass layoff that drew Indian media attention. Coinbase had previously blamed "support agents overseas" for the breach, which it estimated could cost up to $400 million. Although the link between TaskUs and the breach was previously alleged in a lawsuit filed last week in federal court in Manhattan, details of the incident, reported here for the first time, raise further questions over when Coinbase first learned of the incident. Coinbase said in the May SEC filingthat it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUspersonnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were. TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment. (Reporting by Raphael Satter; additional reporting by Chris Prentice in New York and Munsif Vengattil in Bengaluru; editing by Chris Sanders and Richard Chang)
Yahoo
a day ago
- General
- Yahoo
Romanian pleads guilty to 'swatting' US lawmakers and top officials
By Raphael Satter WASHINGTON (Reuters) -A Romanian man has pleaded guilty to participating in a years-long series of dangerous hoax phone calls and bomb threats targeting American legislators, law enforcement leaders, and government officials, the U.S. Justice Department said Monday. In a statement, the department said that Thomasz Szabo, 26, who was extradited to the United States last year, admitted targeting more than 75 officials, four religious institutions, and multiple journalists in his campaign of intimidation. Officials said Szabo targeted private residences, including the homes and families of senior government officials. Authorities say Szabo routinely phoned in bomb threats and reports of ongoing violence or hostage situations at his targets' homes or places of work, a technique called 'swatting' because it is meant to elicit the emergency deployment of heavily armed police officers. Emails seeking comment from Szabo's lawyers were not immediately returned. Justice officials described Szabo as the leader of a group that made a series of false reports to U.S. law enforcement, including a December 2020 threat to commit a mass-shooting at New York City synagogues and a January 2021 threat to detonate explosives at the U.S. Capitol and kill then-President-elect Joe Biden. The department said that, in a two-month period alone, members of Szabo's gang targeted at least 25 members of Congress or their family members, six then-current or former senior U.S. federal officials, "including multiple cabinet-level officials," at least 13 then-current or former senior federal law enforcement officials, including the heads of multiple federal law enforcement agencies. Others targeted included members of the federal judiciary, state government officials, and members of the media. It was during that time that one of Szabo's subordinates boasted of "creating massive havoc" in the United States, the department said.
Yahoo
a day ago
- Business
- Yahoo
Coinbase breach linked to customer data leak in India, sources say
By Raphael Satter WASHINGTON (Reuters) -Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters. At least one part of the breach, publicly disclosed in a May 14 SEC filing, occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone, according to five former TaskUs employees. Three of the employees and a person familiar with the matter said Coinbase was notified immediately. The ex-employees said they were briefed on the matter by company investigators or colleagues who witnessed the incident in the Indian city of Indore, noting that the woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes. The ex-employees and person familiar with the matter said more than 200 TaskUs employees were soon fired in a mass layoff that drew Indian media attention. Coinbase had previously blamed "support agents overseas" for the breach, which it estimated could cost up to $400 million. Although the link between TaskUs and the breach was previously alleged in a lawsuit filed last week in federal court in Manhattan, details of the incident, reported here for the first time, raise further questions over when Coinbase first learned of the incident. Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were. TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment. Sign in to access your portfolio
Yahoo
a day ago
- Business
- Yahoo
Coinbase breach linked to customer data leak in India, sources say
By Raphael Satter WASHINGTON (Reuters) -Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters. At least one part of the breach, publicly disclosed in a May 14 SEC filing, occurred when an India-based employee of the U.S. outsourcing firm TaskUs was caught taking photographs of her work computer with her personal phone, according to five former TaskUs employees. Three of the employees and a person familiar with the matter said Coinbase was notified immediately. The ex-employees said they were briefed on the matter by company investigators or colleagues who witnessed the incident in the Indian city of Indore, noting that the woman and a suspected accomplice were alleged to have been feeding Coinbase customer information to hackers in return for bribes. The ex-employees and person familiar with the matter said more than 200 TaskUs employees were soon fired in a mass layoff that drew Indian media attention. Coinbase had previously blamed "support agents overseas" for the breach, which it estimated could cost up to $400 million. Although the link between TaskUs and the breach was previously alleged in a lawsuit filed last week in federal court in Manhattan, details of the incident, reported here for the first time, raise further questions over when Coinbase first learned of the incident. Coinbase said in the May SEC filing that it knew contractors accessed employee data "without business need" in "previous months." Only when it received an extortion demand on May 11 did it realize that the access was part of a wider campaign, the company said. In a statement to Reuters on Wednesday, Coinbase said the incident was recently discovered and that it had "cut ties with the TaskUs personnel involved and other overseas agents, and tightened controls." Coinbase did not disclose who the other foreign agents were. TaskUs said in a statement that two employees had been fired early this year after they illegally accessed information from a client, which it did not identify. "We immediately reported this activity to the client," the statement said. "We believe these two individuals were recruited by a much broader, coordinated criminal campaign against this client that also impacted a number of other providers servicing this client." The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment. Sign in to access your portfolio
Yahoo
a day ago
- Business
- Yahoo
'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
By Raphael Satter, AJ Vicens WASHINGTON (Reuters) -Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage. 'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security. How meaningful the effort ends up being remains to be seen. Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against. Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky. Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers. In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.' But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.' Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.' 'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said. Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information. Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities." But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
