The requested URL /?p=1846 was not found on this server.Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.A West Palm Beach man is one of two individuals arrested by federal authorities Tuesday for operating an unlicensed money-transfer business that allegedly used bitcoins to launder cash for on-line criminals.Authorities arrested Anthony R. Murgio, 31, of West Palm Beach and Yuri Lebedev, 37, of Jacksonville.The men are both facing one count of conspiracy to operate an unlicensed money transmitting business and one count of operating an unlicensed money transmitting business.Murgio is also facing one count each of money laundering and willful failure to file a suspicious activity report.The money laundering charge carries a maximum sentence of 20 years in prison.Murgio is also linked to a massive hacking case in 2014 involving JP Morgan Chase, the nation’s largest bank.In a complaint filed in New York federal court, prosecutors allege that Murgio formed a bitcoin company in 2013 that laundered at least $1.8 million in the virtual currency for thousands of customers.

Attorney’s Office alleges that Murgio and Lebedev “knowingly exchanged cash for people whom they believed may be engaging in criminal activity.” Authorities said the men worked with cyber-criminals unleashing “ransomware” attacks in which victims have their computer system electronically blocked until they pay a ransom, typically in bitcoin.Murgio and Lebedev, prosecutors said, created a front company — Collectables Club Private Member Association — to hide the illegal exchange.The company lists Murgio’s home address in West Palm Beach.Murgio has been in trouble before.Records show he was arrested on felony charges in January 2012 after he allegedly stole more that $110,000 of sales tax paid by customers at his Tallahassee restaurant and lounge.Murgio received a deferred prosecution and the charges were dropped after he paid the taxes owed to the state.A graduate of Palm Beach Gardens High School, Murgio attended Florida State University and earned a marketing degree.

While at FSU, Murgio met Joshua Samuel Aaron, who is wanted on multiple felony charges connected to a penny stock scheme.Bloomberg News reported that Murgio and Aaron were both mentioned in an FBI memo from October 2014 regarding an enormous cyber-attack against JPMorgan Chase.JPMorgan said last year that 83 million customers may have had their data stolen to the hackers.The attack was so large that the Russian government was initially thought to be the perpetrator, Bloomberg reported.In his personal website, Murgio said that Aaron “showed me the ropes to on-line marketing.” Two men allegedly connected to Aaron and the penny stock scheme were arrested Tuesday in Israel.Aaron is reportedly in Russia and beyond the reach of U.S.According to the New York Times, prosecutors hope those arrested on Tuesday will provide information regarding that will lead to federal charges in the JP Morgan case.On Saturday, Mark Karpeles, CEO of bankrupt bitcoin exchange Mt.Gox, which collapsed spectacularly last year, was arrested in Tokyo on suspicion of illicitly stealing $1 million from the online financial platform, the New York Times reports.In a statement, the Tokyo Metropolitan Police said that they believed 30-year-old French national Karpeles had “unjustly inflated the balance” of an account in his name by manipulating Mt.

“He created false information that $1 million had been transferred into the account, when in fact it had not been.”From the Times:Before it filed for bankruptcy in February last year, Mt.Gox said 850,000 Bitcoins, mostly belonging to its clients, had been either lost or stolen by hackers, an amount worth more than $450 million at the time.The company also said it had lost $27 million in cash.It subsequently said it recovered 200,000 of the missing Bitcoins from an overlooked part of its computer systems.bitcoin faucet app iosWith its accounting in disarray, however, it said it could not be sure what happened to the rest, or even verify exactly how many Bitcoins it had actually held to begin with.Unanswered questions abound.earn bitcoin ptcWhere are the missing bitcoins?bitcoin china wired

Who is the real Satoshi Nakamoto?What even is a bitcoin?We may never know.Image via Youtube.The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You are Hacked.ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.ethereum possibilitiesOn Friday, The San Francisco Examiner reported that riders of SFMTA’s Municipal Rail or “Muni” system were greeted with handmade “Out of Service” and “Metro Free” signs on station ticket machines.bitcoin human trafficking),” the message read.bitcoin out of sync fix

The hacker in control of that email account said he had compromised thousands of computers at the SFMTA, scrambling the files on those systems with strong encryption.The files encrypted by his ransomware, he said, could only be decrypted with a special digital key, and that key would cost 100 Bitcoins, or approximately USD $73,000. inbox after reading a news article about the SFMTA incident.The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. , which also was protected by the same secret question and answer.Copies of messages shared with this author from those inboxes indicate that on Friday evening, Nov.25, the attacker sent a message to SFMTA infrastructure manager Sean Cunningham with the following demand (the entirety of which has been trimmed for space reasons), signed with the pseudonym “Andy Saolis.” “if You are Responsible in MUNI-RAILWAY !

All Your Computer’s/Server’s in MUNI-RAILWAY Domain Encrypted By AES 2048Bit!We have 2000 Decryption Key !Send 100BTC to My Bitcoin Wallet , then We Send you Decryption key For Your All Server’s HDD!!”One hundred Bitcoins may seem like a lot, but it’s apparently not far from a usual payday for this attacker.20, hacked emails show that he successfully extorted 63 bitcoins (~$45,000) from a U.S.-based manufacturing firm.The attacker appears to be in the habit of switching Bitcoin wallets randomly every few days or weeks.“For security reasons” he explained to some victims who took several days to decide whether to pay the ransom they’d been demanded.A review of more than a dozen Bitcoin wallets this criminal has used since August indicates that he has successfully extorted at least $140,000 in Bitcoin from victim organizations.,” and that this email address is tied to many search results for tech help forum postings from people victimized by a strain of ransomware known as Mamba and HDD Cryptor.

Copies of messages shared with this author answer many questions raised by news media coverage of this attack, such as whether the SFMTA was targeted. account show a financial relationship with at least two different hosting providers.The credentials needed to manage one of those servers were also included in the attacker’s inbox in plain text, and my source shared multiple files from that server.KrebsOnSecurity sought assistance from several security experts in making sense of the data shared by my source.Alex Holden, chief information security officer at Hold Security Inc, said the attack server appears to have been used as a staging ground to compromise new systems, and was equipped with several open-source tools to help find and infect new victims.“It appears our attacker has been using a number of tools which enabled the scanning of large portions of the Internet and several specific targets for vulnerabilities,” Holden said.“The most common vulnerability used ‘weblogic unserialize exploit’ and especially targeted Oracle Corp.

server products, including Primavera project portfolio management software.” According to a review of email messages from the Cryptom27 accounts shared by my source, the attacker routinely offered to help victims secure their systems from other hackers for a small number of extra Bitcoins.In one case, a victim that had just forked over a 20 Bitcoin ransom seemed all too eager to pay more for tips on how to plug the security holes that got him hacked.In return, the hacker pasted a link to a Web server, and urged the victim to install a critical security patch for the company’s Java applications.“Read this and install patch before you connect your server to internet again,” the attacker wrote, linking to this advisory that Oracle issued for a security hole that it plugged in November 2015.In many cases, the extortionist told victims their data would be gone forever if they didn’t pay the ransom in 48 hours or less.In other instances, he threatens to increase the ransom demand with each passing day.

The server used to launch the Oracle vulnerability scans offers tantalizing clues about the geographic location of the attacker.That server kept detailed logs about the date, time and Internet address of each login.A review of the more than 300 Internet addresses used to administer the server revealed that it has been controlled almost exclusively from Internet addresses in Iran.Another hosting account tied to this attacker says his contact number is +78234512271, which maps back to a mobile phone provider based in Russia.But other details from the attack server indicate that the Russian phone number may be a red herring.For example, the attack server’s logs includes the Web link or Internet address of each victimized server, listing the hacked credentials and short notations apparently made next to each victim by the attacker.Google Translate had difficulty guessing which language was used in the notations, but a fair amount of searching indicates the notes are transliterated Farsi or Persian, the primary language spoken in Iran and several other parts of the Middle East.

User account names on the attack server hold other clues, with names like “Alireza,” “Mokhi.” Alireza may pertain to Ali Reza, the seventh descendant of the Islamic prophet Muhammad, or just to a very common name among Iranians, Arabs and Turks.The targets successfully enumerated as vulnerable by the attacker’s scanning server include the username and password needed to remotely access the hacked servers, as well as the IP address (and in some cases domain name) of the victim organization.In many cases, victims appeared to use newly-registered email addresses to contact the extortionist, perhaps unaware that the intruder had already done enough reconnaissance on the victim organization to learn the identity of the company and the contact information for the victim’s IT department.The list of victims from our extortionist shows that the SFMTA was something of an aberration.The vast majority of organizations victimized by this attacker were manufacturing and construction firms based in the United States, and most of those victims ended up paying the entire ransom demanded — generally one Bitcoin (currently USD $732) per encrypted server.

Emails from the attacker’s inbox indicate some victims managed to negotiate a lesser ransom.China Construction of America Inc., for example, paid 24 Bitcoins (~$17,500) on Sunday, Nov.27 to decrypt some 60 servers infected with the same ransomware — after successfully haggling the attacker down from his original demand of 40 Bitcoins.Other construction firms apparently infected by ransomware attacks from this criminal include King of Prussia, Pa.based Irwin & Leighton; CDM Smith Inc.in Boston; Indianapolis-based Skillman; and the Rudolph Libbe Group, a construction consulting firm based in Walbridge, Ohio.It’s unclear whether any of these companies paid a ransom to regain access to their files.The data leaked from this one actor shows how successful and lucrative ransomware attacks can be, and how often victims pay up.For its part, the SFMTA said it never considered paying the ransom.“We have an information technology team in place that can restore our systems and that is what they are doing,” said SFMTA spokesman Paul Rose.

“Existing backup systems allowed us to get most affected computers up and running this morning, and our information technology team anticipates having the remaining computers functional in the next two days.” As the SFMTA’s experience illustrates, having proper and regular backups of your data can save you bundles.But unsecured backups can also be encrypted by ransomware, so it’s important to ensure that backups are not connected to the computers and networks they are backing up.Examples might include securing backups in the cloud or physically storing them offline.It should be noted, however, that some instances of ransomware can lock cloud-based backups when systems are configured to continuously back up in real-time.That last tip is among dozens offered by the Federal Bureau of Investigation, which has been warning businesses about the dangers of ransomware attacks for several years now.For more tips on how to avoid becoming the next ransomware victim, check out the FBI’s most recent advisory on ransomware.