Tag Archives: Google

Microsoft and Google Got Phished for £77 Million

The title reminds me of the slightly twisted Freddy Got Fingered movie, and this tale is almost as bizarre. Two of the worlds biggest technology giants Microsoft and Google were taken by a sophisticated phishing scam to the tune of $100,000,000, yes ONE HUNDRED MILLION DOLLARS!, or £77,000,000 of the Queens own British Pounds. 

This goes to show not even biggest more resourceful in the tech sector are immune to cyber attacks and internet fraudsters. Exact details, are not clear, but it would smell of insider information to me. It was reported a 48 yr old Lithuanian Man called Evaldas Rimasauskas tricked both Google and Microsoft into sending him more than $100,000,000 via Wire Transfers to settle bogus invoices. 

The details are a little light, on the hows, but he basically impersonated Quanta Computer, which is a Taiwanese Electronics manufacturer, which has most of the tech world as clients including Apple, Google, Facebook and many more. The questions I’m curious about are how did he know exactly what the invoices look like, how was he able to deliver it in the same way as usual and are wire transfers the usual method, lots of questions which won’t be answered.

Purely speculation on my part but my guess is he had some sort of inside information thus he knew what the invoice looks like and what sort of things to include, how big to make the dollar value and more. 

The end result is Mr Rimasauskas was charged with Wire Fraud, Aggravated Identity Theft and Money Laundering. The latter offence is interesting given the statements from both tech giants. 

Crime May Pay

Given he was charged with Money Laundering, and there is a wedge of cash missing it shows Rimasauskas may have hidden some away. Facebook said “We recovered the bulk of the funds.”, when dealing with many millions, bulk makes it sound like a significant chunk were missing.  Googles statement on the other hand says “We recouped the funds and we’re pleased this matter is resolved.”, seems they got it all back.

Exactly how much is Bulk, breaking it down to smaller numbers. If someone steals 1,000 from me, and I get 975 back, I would say I got it back. If I got 900 back, I’d say I got most of it back, if I got 800 back, I’d say I got the bulk of it back. Extrapolate this to $50,000,000, and many millions could be missing from facebooks slice. 

Premium Domain

This is an instance where one of the sites I helped build were subject to a similar scam on the Quanta side. Their clients had been told many many times that only emails from their domain name were official, anything else they should ignore, this was even in the boiler plate and header of the email. Along with details of the account holders name, the account handlers name, and other information included in every email. 

At some point in 2014 I think, someone was sending fake invoices to clients, mostly for small amounts £30-100 as I recall. Not a single one paid up because the emails didn’t match templates, and the domain they used were were wrong. The company had educated their clients to spot an email/invoice which didn’t add up. 

This maybe a good lesson and opportunity to strengthen your own security… maybe buy a new premium domain which can’t be spoofed, and include a footer/boilerplate with all your emails to help clients. However when even Facebook and Google, who are market leaders in technology, and even make products which are meant to help protect against online scammers, get tricked, it paints a grim picture for your average user.

There is a more in depth story about this on Fortune, well worth a read. Google Laptop image by Caio.

Android O Joins Ransomware Battlefield

Android O by Symantec

Android O by Symantec

I read an interesting article about Android O and its joining the battlefield against Ransomware but first I’m addressing the big issue, well not really THE big one but still a sticking point. Lots of people are second guessing Android O’s name I’m still banking on Android Oreo with an Android KitKat style tie in deal. Lots of others are saying it will be Oatmeal Cookie because Orea is a trade mark, but that didn’t stop them with Kitkat. My second guess would be Opal Fruit but that’s also another tie in. I don’t know if Opal is global or not, and in lots of parts of the world Opal is a car company, so less than ideal. 

Back on the topic of Ransomware, Google has decided certain vendors are cretins and not heeding their security warnings and utilising protective features so staring with Android 8.0 (Oreo :P), they are going deprecate (remove) certain things and give us another some beastly weapons. Android 8.0 is due to be released early in the last quarter of 2017. Google will be killing the following Window Types: TYPE_SYSTEM ALERT, TYPE_SYSTEM_ERROR and TYPE_SYSTEM_OVERLAY. 

These are basically urgent or critical windows which appear on top of any other running window, think of Windows modal pop ups where you MUST click to close it, or something like a Blue Screen of Death message that sort of thing. These are the window types which Ransomware often use to lock users out of their devices. 

Permission Classifications

Previously there were only two classifications for permissions, which were Normal Permissions and Dangerous Permissions. Normal permissions were simple things like access the phones IR Sensor, Alter the Time Zone, Set A Wallpaper. Dangerous Permissions are like Access the Camera, Use the Microphone or get phones GPS Location etc. 

Google introduced a third class which they called “Above Dangerous“, really should have been called “Toxic Waste” or “Radioactive” to drive home the danger. As it happens it wouldn’t have made a huge difference since many OEMs decided not to move the toxic permissions into the Above Dangerous category. OEMs are people like Samsung with Touchwhiz and HTC with Sense and the various others who modify Android to their own front end. 

Normal Permissions the Android OS could grant with no interaction from the user, Dangerous Permissions you get the pop up at install time or when needed and had to OK it. Above Dangerous permission requests needed 100% human interaction, apps which required it had to do so by providing instructions where you had to physically go into android settings and carry out the action yourself. Some OEM’s decided this were a hassle to users, and users would prefer paying Ransom in Bitcoins (BTC) to criminals instead.

Google Nuclear Weaponry

Google has been introducing a series of weaponry against Ransonware, in the previous release Android Nougat (7.0) google disabled applications from being able to programmatically change a phones PIN, Security Codes and Passwords. They have now introduced another bunker busting nuke, in case anything does manage to get through and try to lock your screen. The notification bar will always be accessible along with a button which will kill any application trying to hold the screen.

The evidence shows that Ransomware Criminals don’t bother trying to circumvent Googles moves to block them, instead the criminals choose to target older versions. Worst hit are versions Lollipop (5.0) and below, the older the version of android the more targeting it. Jellybean, Ice Cream Sandwich and KitKat are the hardest hit. This would show Google is slowly nailing all the hatches shut.