From: Virus Guy
One thing I'd like to know about LuminosityLink is - how exactly does it
get onto/into a system?
Email link? Browser exploit? Was it that easy to get a random
executable to load and run on remote XP/7/8 systems back in 2015?
For more info about Luminosity link, see this:
https://researchcenter.paloaltonetworks.com/2016/07/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/
Of course, the somewhat larger take-home message here (besides the fact
that we have another example of how easy it is to get malware to
remotely run (and stay hidden) on NT-based windoze (as opposed to, say,
9x/me) is the fact that Google is not your friend...
========================
Google Notifies Users Of Court-Ordered Data Demands In Secret FBI
Investigation
09/04/2018
Dozens of people, possibly more, have received an email from Google
informing them that the internet giant responded to a court-ordered FBI
demand for the release of their data, according to Motherboard, citing
several people who claim to have received the email. The notice did not
say whether Google had already released the requested information to the
FBI.
The notice appears to be related to the case of Colton Grubbs, who has
been indicted for selling a $40 remote access tool (RAT) which claims to
be able to hack and control computers remotely. Last year Grubbs pleaded
guilty to creating and distributing the hacking tool to thousands of
people.
Federal prosecutors say Colton Ray Grubbs of Stanford, Ky.
conspired with others to market and distribute the LuminosityLink RAT, a
$40 Remote Access Tool that made it simple for buyers to hack into
computers to surreptitiously view documents, photographs and other files
on victim PCs. The RAT also let users view what victims were typing on
their keyboards, disable security software, and secretly activate the
webcam on the target's computer.
Grubbs, who went by the pseudonym “KFC Watermelon,” began selling
the tool in May 2015. By mid-2017 he'd sold LuminosityLink to more than
8,600 customers, according to Europol, the European Union's law
enforcement agency. -KrebsonSecurity
Grubbs has been indicted on nine counts, including infringing on
privacy, conspiracy and causing at least $5,000 in damage. He faces up
to 25 years in prison and a fine of $750,000.
Rafael Eladio Nunez Aponte read: ‘LuminosityLink RAT' Author Pleads
Guilty — Krebs on Sec
https://t.co/T6FX8phC6W pic.twitter.com/1rDu9fgn9l
— Caroline Lopez (@carolpez_) August 18, 2018
Several users on Reddit, Twitter and HackForums have reported receiving
the email, which reads in part:
“Google received and responded to legal process issue by Federal Bureau
of Investigation (Eastern District of Kentucky) compelling the release
of information related to your Google account."
Ever seen this?! ? pic.twitter.com/1xJO1rALTh
— ??Luca Bongiorni?? (@LucaBongiorni) August 30, 2018
Contained within the email is a legal process number, which reveals that
the judge in the legal action has sealed the case.
Despite the lack of details in the email, as well as the fact that
the case is still under seal, it appears the case is related to
LuminosityLink. Several people who claimed to have received the notice
said they purchased the software. Moreover, Grubbs' case was investigate
by the same district mentioned in the Google notice.
Luca Bongiorni, a security researcher who received the email, said
he used LuminosityLink for work, and only with his own computer and
virtual machines. -Motherboard
That said, the PACER court filing system did contain an unredacted
indictment filed in Kentucky's Eastern District Court, which reads:
"Colton Grubbs together with others, knowingly and voluntarily joined
and participated in a conspiracy to commit the crime of intentionally
and without authorization accessing a computer used in or affecting
interstate or foreign commerce or communication, thereby obtaining
information from a protected computer to further a tortious and criminal
act."
The indictment also confirms that the case is related to LuminosityLink,
which "made it possible for purchasers to access and control victim
computers; to view their files, login credentials, and personal
identifying information; and to surveil and record user activity on
victim computers."
Grubbs received approximately 115 bitcoin for the software, according to
the complaint, worth approximately $845,000 at today's price, and
$134,141 in "proceeds from the felony crimes." The Feds also want
$52,482 in a JPMorgan Chase bank account, and $45,007 in cash found in
Grubbs's bedroom.
"It looks to me like the court initially ordered Google not to disclose
the existence of the info demand, so Google was legally prohibited from
notifying the user. Then the nondisclosure order was lifted, so Google
notified the user. There's nothing unusual about that per se,” said
Marcia Hoffman, a lawyer specializing in cybercrime. “It's common when
law enforcement is seeking info during an ongoing investigation and
doesn't want to tip off the target(s)."
KFC Watermelon's Skype profile (the “HF” in his Skype name is a likely
reference to HackForums, where both Luminosity RAT and Plasma RAT were
primarily sold and marketed). via Krebs
Of particular concern is that the FBI appears to be trying to "unmask"
everyone who bought the software which may or may not be considered
illegal.
“If one is just buying a tool that enables this kind of capability to
remotely access a computer, you might be a good guy or you might be a
bad guy,” Gabriel Ramsey, a lawyer who specializes in internet and
cybersecurity law, told Motherboard in a phone call. “I can imagine a
scenario where that kind of request reaches—for good or bad—accounts of
both type of purchasers.”
https://www.zerohedge.com/news/2018-09-04/google-notifies-users-court-ordered-data-demands-secret-fbi-investigation
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|