Mar-a-Lago intruder had instant-malware-inflicting thumb drive

By Lisa Vaas

It turns out that Yujing Zhang, the Chinese woman arrested when she tried to enter President Donald Trump’s private Mar-a-Lago club in Palm Beach, Florida, on 30 March, had a number of suspicious devices in her hotel room – as in, tools good for inflicting malware and spying, and more than $8,000 in cash, all suggesting that she was here for espionage.

As it was, she was carrying four cellphones, a thumb drive containing malware, and other electronics when she breached security at President Trump’s private Florida club. In getting past multiple security checkpoints, she first told US Secret Service agents that she was bound for the hotel’s pool.

Then, supposedly confused by a language barrier that came and went as Zhang used and then apparently forgot competent, nuanced English, Mar-a-Lago staff thought she might be the daughter of a club member with the same last name – one that’s common in China. Next, Zhang told Secret Service agents that she was headed for some kind of United Nations Chinese American Association event that night… or, as she said in her next version, a “United Nations Friendship Event” between the US and China.

As the Miami Herald reports, during a bond hearing in a Florida federal court on Monday, federal prosecutor Rolando Garcia said that a search of Zhang’s room yielded still more gadgetry: a “signal-detector” device used to reveal hidden cameras, USD $7,500 in $100 bills, $663 in Chinese currency, nine USB drives, five SIM cards and other electronics.

…and no swimsuit.

CNN quoted Garcia during the hearing, which was held to determine whether Zhang would be released on bail:

She lies to everyone she encounters.

Zhang was charged with two counts: making false statements to federal authorities and a misdemeanor offense of entering a restricted area without authorization. She hasn’t been charged with offenses that could be associated with international spying, but an FBI counterintelligence squad is investigating the incident as part of a broader investigation into Chinese espionage, and prosecutors are treating Zhang’s case as a national security matter, sources told the Miami Herald.

Read more at https://nakedsecurity.sophos.com/2019/04/10/mar-a-lago-intruder-had-instant-malware-inflicting-thumb-drive/

Two robocallers fined $3m for Google listings scam

By Danny Bradbury

Two robocall scammers have been fined over $3 million in a US court for defrauding small businesses. The pair pretended to represent Google and falsely took unwitting business owners’ money in return for the promise of better search results.

Judge Cecilia Altonaga fined Dustin Pillonato and Justin Ramsey, owners of Pointbreak Media, LLC and Modern Source Media LLC, $3,367,666.30 for their robocalling campaign.

According to a court affidavit filed last May, they used their robocall system to phone small businesses offering Google listing ‘claiming and verification’ services. They said that they were affiliated with Google and warned them that their businesses would be removed from Google search results unless they paid up. It was, in short, a shakedown. As in, ‘nice search ranking you’ve got there. It’d be a shame if something happened to it.’

They went further, though, trying to upsell the victims with extra services like higher rankings on certain keywords. When victims paid up, they got nothing.

To add insult to injury, this pair even called people on the FTC’s National Do Not Call Registry, which is the system that it set up to protect consumers from nuisance calls.

Pointbreak Media had already drawn attention from Bank of America Merchant Services, according to the affidavit, which closed the company’s account in October 2017 due to predatory services, scare tactics, and high chargeback rates. It added:

Point Break then wrote itself hundreds of checks, without authorization, using prior or existing customer checking account data.

Read more at https://nakedsecurity.sophos.com/2019/04/10/robocall-search-engine-scammers-get-3m-fine/

Two teens charged with jamming school Wi-Fi to get out of exams

By Lisa Vaas

Two 14-year-old boys have been charged with jamming their school’s Wi-Fi network to get out of taking exams, authorities said on Monday.

According to NJ.com, the New Jersey high school freshmen have been charged with computer criminal activity and conspiracy to commit computer criminal activity. School officials reportedly notified police on Thursday after a week of the Wi-Fi network having been forced to crash multiple times.

According to NorthJersey.com, Capt. Dennis Miller said that school officials at Secaucus High reached out to the Secaucus Police Department to notify them that the two students were part of a “scheme where they would disrupt the school’s WiFi service upon demand.”

Their names haven’t been released, given that they’re minors. The boys were released to their parents and are expected to appear in juvenile family court in Jersey City at an unknown date.

Schools Superintendent Jennifer Montesano said on Monday that the Wi-Fi is back up and is running just fine. She didn’t give details, but she did say that an investigation found two students “who may have been involved in the disruption of our system.”

How did they do it?

Some students told NJ.com that they believe the boys were using a Wi-Fi interrupter program or app to crush the school’s routers with traffic in a denial of service (DoS) attack – an attack that caused the network to fail when students tried to log on to do classwork or take online exams.

The news outlet talked to a junior at Secaucus High who said that she learned about the Wi-Fi being down when a friend told her that she’d asked one of the suspects to jam the signal during an exam.

Read more at https://nakedsecurity.sophos.com/2019/04/10/two-teens-charged-with-jamming-school-wi-fi-to-get-out-of-exams/

Knock and don’t run: the tale of the relentless hackerbots

By Matt Boddy

If you have an IoT device in your home, you could be receiving an average of 13 login attempts to these devices per minute.

That’s what I found in my latest research project. Over the past 3 months, I’ve setup and monitored 10 honeypots located across 5 different continents. These have been waiting patiently for SSH login attempts to better understand how often you face cybercriminals knocking at your network’s metaphorical front door.

Once I’d set up the honeypots, it took no time at all for the hackers to begin their login attempts. In one instance, a device was attacked less than one minute after deployment, in others it took nearly two hours before login attempts began. But once the login attempts started, the attacks were relentless and continuous. In total, I saw more than 5 million attempted attacks on all my honeypots, over the 30-day period they were live.

But that wasn’t all I found.

Default usernames and passwords

The research revealed that a lot of the login attempts monitored on these honeypots were using default usernames and passwords of devices that the average person would find in their home.

I saw default username and password combinations for routers, CCTV cameras and NAS devices, and combinations like the username pi with the password raspberry popping up together many times over.

This is the default username and password combination for Raspbian, which is a distribution of Linux designed for the Raspberry Pi.

Read more at https://nakedsecurity.sophos.com/2019/04/09/knock-and-dont-run-the-tale-of-the-relentless-hackerbots/