Similar Posts
WASHINGTON – Chinese hackers who tapped into Verizon’s system targeted phones used by Republican presidential candidate Donald Trump and his running mate JD Vance, the New York Times reported on Oct 25, citing people familiar with the matter.
The newspaper said investigators were working to determine what communications, if any, were taken.
The Trump campaign was made aware this week that Trump and Mr Vance were among a number of people inside and outside of government whose phone numbers were targeted through the infiltration of Verizon phone systems, it added.
The campaign did not immediately respond to a request for comment.
The Trump campaign was hacked earlier this year. The US Justice Department charged three members of Iran’s Revolutionary Guards Corps with the hack and trying to disrupt the Nov 5 election. REUTERS
WASHINGTON – The woman who dubbed herself the “Crocodile of Wall Street” and “Razzlekhan” in rap videos was ordered to serve 18 months behind bars for helping her hacker husband launder cryptocurrency he stole from the Bitfinex exchange.
Heather Morgan, 34, was sentenced on Nov 18 in Washington federal court. Last week, her husband, Ilya Lichtenstein, got five years in prison for his role in the scheme, which stemmed from his 2016 hack of the exchange and the theft of Bitcoin currently worth billions of dollars. Both pleaded guilty last year.
Morgan wasn’t involved in the hack, and her husband said he recruited her to help hide the loot he’d stolen. They could have faced more prison time, but he agreed to aid the United States in other crypto prosecutions and she persuaded him to cooperate with the authorities.
The Verge, which called her “crypto’s most embarrassing rapper”, said she made crypto-themed rap videos under the name Razzlekhan. The whole story is expected to be immortalized in a Netflix documentary series and a film called Dutch & Razzlekhan, the tech news website said.
According to prosecutors, Morgan and Lichtenstein engaged in complex money-laundering techniques, including creating accounts under fictitious identities, moving the stolen proceeds in small amounts, and breaking up the trail of transactions by depositing and withdrawing funds from crypto exchanges and darknet markets. They purchased nonfungible tokens, gold and Walmart gift cards, court records show.
At the time of the hack, the stolen Bitcoin was worth about US$71 million (S$95 million). Now it’s valued in the billions of dollars as the price of Bitcoin has surged from US$580 to more than US$90,000. The couple laundered 21 per cent of what was stolen in the Bitfinex hack, according to the government. BLOOMBERG
NEW YORK – T-Mobile’s network was among the systems hacked in a damaging Chinese cyber-espionage operation that gained entry into multiple US and international telecommunications companies, The Wall Street Journal reported on Nov 15, citing people familiar with the matter.
Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of a months-long campaign to spy on the cellphone communications of high-value intelligence targets, the Journal added, without saying when the attack took place.
“T-Mobile is closely monitoring this industry-wide attack,” a company spokesperson told Reuters in an email.
“At this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information.”
It was unclear what information, if any, was taken about T-Mobile customers’ calls and communications records, according to the WSJ report.
On Nov 13, The Federal Bureau of Investigation (FBI) and the US cyber watchdog agency Cisasaid China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies.
Earlier in October, the Journal reported that Chinese hackers accessed the networks of US broadband providers, including Verizon Communications, AT&T and Lumen Technologies, and obtained information from systems the federal government uses for court-authorized wiretapping.
Beijing has previously denied claims by the US government and others that it has used hackers to break into foreign computer systems. REUTERS
WASHINGTON – The mastermind behind one of the biggest-ever Bitcoin heists was ordered to serve five years in prison for conspiring with his social-media rapper wife to launder money he stole by hacking into the Bitfinex exchange and grabbing cryptoassets now worth billions of dollars.
Ilya “Dutch” Lichtenstein was sentenced in Washington on Nov 14, after he and his wife, Heather Morgan, pleaded guilty last year in a scheme to hide proceeds from the 2016 hack. Morgan, known as “Razzlekhan” in her rap videos, will be sentenced Nov 18. The government recommended an 18-month sentence for her.
Lichtenstein, 37, faced as long as 20 years behind bars. But the government cited his substantial assistance that “has benefited numerous investigations.” The Bitfinex hack resulted in the theft of 119,754 Bitcoin worth about US$71 million (S$23 million) at the time. But since then, the token has surged from US$580 in 2016 to more than US$90,000 this week, boosting the value of the assets to billions.
“This is so massive, it is not comparable to other crypto crimes” based on its scale and complexity, US District Judge Colleen Kollar-Kotelly said before sentencing. Lichtenstein carried out his scheme over several years, which undermines defense claims that his actions were “impulsive,” the judge said.
Lichtenstein, a “highly skilled computer expert,” used several hacking techniques to gain access to the Bitfinex network, and then, in August 2016, fraudulently authorised more than 2,000 transactions to move Bitcoin to a cryptocurrency wallet he controlled, the government said.
He and his wife used sophisticated and meticulous money-laundering techniques to hide the stolen proceeds, including setting up accounts under fictitious identities, moving funds in small amounts, and breaking up the trail of transactions by depositing and withdrawing funds from crypto exchanges and darknet markets. They bought nonfungible tokens, gold and Walmart gift cards, according to the government.
Lichtenstein “became one of the greatest money launderers that the government has encountered in the cryptocurrency space,” prosecutors wrote in an October sentencing memo. “If the defendant were to take what he has learned from this prosecution and incorporate it into a future money laundering scheme, he would be even better-equipped to conceal his activity while monetizing his crimes,” they wrote.
Since his plea last year, Lichtenstein has assisted the government in other criminal cases, including as a government witness in a money-laundering trial involving a mixing service called Bitcoin Fog.
Other hacks
While Lichtenstein had no official criminal history before his arrest in 2022, the Bitfinex hack wasn’t his first, the government said. As a juvenile, he experimented with hacking and financial fraud, and around 2015, he illegally transferred a small amount of PayCoin, an alternative form of virtual currency, prosecutors said. The following year, he stole about US$200,000 from a virtual currency exchange, the government said.
But he also worked in legitimate businesses. While in college, Lichtenstein ran a digital marketing agency from his dorm, and after graduation, a software company he co-founded grew to 30 employees, the government said.
“His decision to use his skills for criminal ends is thus particularly disappointing, but it gives hope for continued successful rehabilitation,” prosecutors said in the sentencing memo.
Morgan attended her husband’s sentencing, along with Lichtenstein’s family. Lichtenstein expressed remorse to the judge and pledged that he would use his skills to help with cybersecurity. “I can make a real difference in the fight against cybercrime,” he said.
He asked that his wife avoid prison time. “Heather is only involved in this case because of me,” he said. BLOOMBERG
SINGAPORE – A group of Singapore Sports School students were caught and punished in November for creating and circulating deepfake nude images of their female schoolmates.
Their actions have ignited discussions about how the young – especially young girls – can best protect themselves from such online harms, and how they can respond if they are victimised by deepfakes.
This is, of course, a global issue.
In South Korea, for instance, a Telegram channel with more than 220,000 members was reportedly used to create and share AI-generated pornographic images.
In its 2023 Survey on Online Harms in Singapore, non-profit group SG Her Empowerment (SHE) reported that 9 per cent of the 1056 Singaporean residents older than 15 surveyed experienced image-based sexual abuse, including via altered images or videos.
Yet, SHE’s Safeguarding Online Spaces survey, also conducted in 2023, found that four in 10 young people reported low awareness of self-help tools for online harms, while five in 10 reported low awareness of legal recourse options.
If you are unsure where to go and what to do if you have been targeted by deepfakes, here are some answers by experts to pressing questions you might have.
Q: What’s the first thing to do if I become the target of deepfake nudes?
A: The most important first step is to document evidence, said experts interviewed.
Taking screenshots of posts or videos, recording links or URLs, and saving messages and timestamps all go a long way when reporting the incident to authorities or social media platforms.
Singapore University of Technology and Design Professor Roy Lee, who specialises in artificial intelligence, emphasised that while the knee-jerk reaction may be to report the image or video as soon as possible to have it removed, recording as much evidence as possible serves crucial purposes.
He said: “Harmful content can be deleted, altered or moved by the perpetrator, making it difficult to prove that the incident occurred. Screenshots act as a timestamped record, ensuring that the evidence is not lost.
“Platforms and authorities (also) often require concrete evidence when investigating cases of online harm. Having screenshots can strengthen the case and increase the likelihood of action being taken against the offender.”
But even if you don’t take a screenshot, all is not lost.
Centre head for SheCares@SCWO Support Centre Lorraine Lim said that “law enforcement will do their best to investigate using the information available” and “police may collaborate with platforms to retrieve relevant data if possible”.
A: Experts say you should report harmful content to the social media platform that is hosting it. Many platforms have policies against such content, and each has its own mechanisms for reporting.
Director of advocacy and research at the Association of Women for Action and Research (Aware) Sugidha Nithiananthan said: “Familiarising yourself with online platforms’ policies for reporting and removing harmful content beforehand can save precious time if you need to act quickly.”
For instance, Facebook and Instagram include a ‘Report’ link on nearly every post for users to report content that violates policy. WhatsApp only allows users to report other users and groups, but not individual messages. Conversely, Telegram users can only flag individual messages and images.
You should also make a police report if you have been targeted by deepfake nudes or have been the victim of online harms. A police spokesperson told The Straits Times that these harms may fall under a variety of offences including the Protection from Harassment Act (Poha) and sexual-and-voyeurism-related offences.
If there is no urgency, you are advised to visit the nearest police station or file a police report online if the matter does not require immediate police attention.
While in-person reporting at the police station allows officers to ask questions that provide helpful and relevant context, some victims may be too distressed to share their experience verbally, and typing an online report might be more comfortable for them.
Investigation officers will follow up on submitted reports to gather additional details when necessary.
Q: What are my next steps if I want to pursue legal action against the perpetrators?
A: There are laws within the Penal Code, Films Act and Poha that exist to protect victims of deepfake nudes and other forms of image-based sexual abuse.
Experts said that those who want to pursue immediate legal action should file a protection order under Poha – a court order that protects victims of harassment by prohibiting perpetrators from continuing harassment behaviour.
Director of Guardian Law Liane Yong explained that Poha protects victims by criminalising behaviour or communication that both intentionally and unintentionally “causes harassment, alarm or distress”.
To file a court order, one must be at least 21 years old; applications for all victims below 21 must be done through an older representative.
Before filing a court order, those targeted should complete a pre-filing assessment on the Community Justice and Tribunals System (CJTS) e-platform to determine the complexity of their cases. This will determine the e-platform (CTJS for simplified cases or eLitigation for more complex cases) that victims submit their applications to.
Victims must then submit applications to the respective e-platforms. Applications generally include details about the harassment, relevant evidence and information about the types of remedies sought. Application fees range from $30 to upwards of $100 based on the platform and type of claim.
A: You can reach out to trusted adults – parents and teachers – for support. Many non-profit organisations also provide emotional, legal and technical support for victims of such online harm.
The SheCares@SCWO support centre is Singapore’s first support centre for online harms. It provides free legal advice through clinics with volunteer lawyers, free counselling support and even accompanies victims down to the police station to file police reports if need be.
Similarly, the Aware Sexual Assault Care Centre provides support for victims, including a free legal clinic, assistance with gathering evidence, filing police reports or Magistrate’s complaints, and applying for Poha court orders.
Q: How do I avoid becoming a victim of deepfake nudes and other online harms?
A: “With advanced technology such as AI tools becoming widely available and easier to use, anyone with an online presence is vulnerable, so it’s important to exercise caution when navigating the online world,” said Ms Lim.
She advised limiting who can see posts through privacy settings and avoiding sharing highly personal information such as full names or addresses. She also warned young people to be wary of unfamiliar follower requests and suspicious behaviour on social media.
Ms Lim said: “Be aware of overly-friendly accounts, or accounts that are quick to offer gifts or offers that are too good to be true.”
“Love-bombing tactics – providing excessive attention, making grand gestures or offering exorbitant gifts, pushing for commitment or exhibiting controlling behaviour – are a sign that something is wrong.”
But while these steps may help reduce your chances of becoming a victim, it always remains a possibility.
Ms Nithiananthan said: “There is very little a person can do to entirely protect themselves from violence and harm, both online and offline.
“When we place too much emphasis on the victim protecting herself, we imply that it is her duty to avoid this abuse. It is this type of thinking that downplays the accountability of perpetrators and wrongly shifts focus to the victim’s actions.”
Experts agreed that over-focusing on what an individual can do to protect themselves may make victims believe that what they experienced was their fault, and stand in the way of them making official reports.
Prof Lee said one of the best ways to reduce deepfakes and online harms is the act of reporting harmful content itself.
“Reporting… contributes to preventing harm to the next potential victim.
“I encourage victims to take action – for themselves and for the community. Together, we can improve online safety if each of us stands up against malicious content.”
We spend so much of our lives online but have we thought about what will happen to our digital trails and assets when we die?
It is a question that came up for husband-and-wife content creators Muhammad Alif Ramli and Liyana Syahirah Ismail Johari.
They realise, for example, if no clear instructions are left behind, not knowing the passwords or about dormant accounts on long-forgotten platforms can pose problems.
It is especially important, given Mr Alif’s medical history.
When Mr Alif was 10, he was diagnosed with rhabdomyosarcoma, a soft tissue cancer. He underwent multiple chemotherapy cycles and nine surgical operations, which the 28-year-old described as a “close-to-death experience”, before he recovered.
In the fourth episode of The Straits Times’ docuseries Let’s Talk About Death, Mr Alif and Ms Liyana, 27, seek help from experts to consolidate their digital assets.
They speak to a cyber security expert to find out how to best manage their passwords. They also talk to a lawyer who specialises in digital assets to look into protecting their social media accounts, which may generate revenue in the future.
Finally, Mr Alif and Ms Liyana also attempt to write their wills with the help of artificial intelligence tools, with the key question being: Will they be valid under syariah law?
Let’s Talk About Death is a five-episode docuseries that follows several millennials and their loved ones as they navigate end-of-life planning, and it starts honest conversations about death and dying well.