US Secret Service Announces Cyber Games Winner

A team of law enforcement officials from South Carolina has seized first place in a nationwide cybersecurity contest.

More than 200 teams from across the United States participated in the National Computer Forensics Institute’s (NCFI’s) Training and Cyber Games competition, which took place earlier this month.

During the event, teams of NCFI-trained local law enforcement officials joined forces with Secret Service investigators to form integrated response units. 

The units were tasked with solving a simulated cyber-attack using the specialized cybersecurity training they had received at the institute. 

“Beginning October 18, participants were presented with the simulated scenario of a ransomware attack on a hospital and charged with executing a series of technical actions to disrupt and hunt the cyber threat actors,” said a Secret Service spokesperson.

“The teams were stationed across the country within Secret Service field office locations for the competition and charged with objectives to recover and examine network evidence in an immersive virtual ransomware investigation experience.”

In a news release issued October 21, the United States Secret Service announced that first place had been awarded to a team from South Carolina’s state capital, Columbia. 

The winning group comprised representatives from the Secret Service, the 125th Cyber Protection Battalion for the South Carolina Army National Guard, the FBI Columbia field office, the South Carolina Law Enforcement Division (SLED), and the Lexington County Sheriff’s Department. 

Over the three days of the competition, this victorious blend of federal and state talent completed all 39 of the challenge’s objectives in a combined time of six hours and 15 minutes. 

“One of the hallmarks of our success as an agency in investigating complex criminal activity in cyberspace is our law enforcement partnerships that span the entire country,” said Secret Service Office of Investigations Assistant Director Jeremy Sheridan. 

“I am grateful to and proud of the integrated federal and state teams who participated in standing with us in this important and ever critical fight and remain thankful four our partners in Alabama and especially the City of Hoover who continue to make these efforts possible by hosting the NCFI facility.”

CISA Awards $2M to Cybersecurity Training Programs

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations $2m to develop cybersecurity workforce training programs. 

Award recipients NPower and CyberWarrior will use the cash injection to bring cybersecurity training to the unemployed and to underemployed communities.

CISA announced the awards yesterday to coincide with the third week of its Cybersecurity Summit, organized on the theme, “Team Awesome: The Cyber Workforce.” The awards are the first of their kind for the agency, whose mission includes recruiting diverse cybersecurity talent and building the workforce of the future.

“Addressing the cyber workforce shortage requires us to proactively seek out, find, and foster prospective talent from nontraditional places,” said CISA Director Jen Easterly.  

“CISA is dedicated to recruiting and training individuals from all areas and all backgrounds with the aptitude and attitude to succeed in this exciting field.”

The programs will focus on training underserved communities in urban and rural areas and seek to recruit traditionally underrepresented groups in the cybersecurity industry, such as military spouses, women, and people of color. 

“It’s not just the right thing to do; it’s the smart thing to do – for the mission and the country,” said Easterly.  

“We’re best positioned to solve the cyber challenges facing our nation when we have a diverse range of thought bringing every perspective to the problem.”

CyberWarrior Foundation founder Reinier Moquete said CyberWarrior will work with CISA and other stakeholders to train persons from underserved populations via a 28-week cybersecurity bootcamp program. 

“We encourage prospective students, employers and workforce stakeholders to reach out and join us in building opportunities for these individuals,” said Moquete.

NPower CEO Bertina Ceccarelli said CISA’s support will enable NPower to expand the reach of its training program across the United States. 

She said: “NPower’s cybersecurity program offers young adults and veterans the opportunity to advance their careers and deepen their specialties. This is particularly important for individuals coming from underrepresented communities that systemically lack access to those specialized skills.”

Other workforce development efforts made by CISA include the initiative and the K-12 student- and teacher-oriented Cyber Education and Training Assistance Program.

DOJ Sues Robocaller to Pay Massive Fine

The United States’ Department of Justice (DOJ) is seeking to recover a financial penalty of nearly $10m that was imposed on a man from Montana for operating malicious robocalling campaigns. 

The Federal Communication Commission (FCC) fined Libby resident Scott Rhodes $9,918,000 in January 2021 after discovering that he had illegally used caller ID spoofing with the intent to cause harm.

An investigation by the FCC found that between May 2018 and December 2018 Rhodes had made thousands of spoofed robocalls targeting specific communities with malicious pre-recorded messages.  

“The robocalls included xenophobic fearmongering (including to a victim’s family), racist attacks on political candidates, an apparent attempt to influence the jury in a domestic terrorism case, and threatening language toward a local journalist,” stated the FCC in a news release.

On Wednesday, the DOJ filed a complaint against Rhodes in the US District Court for the District of Montana that seeks to recover the financial penalty and obtain an injunction that would prevent Rhodes from committing any further violations of the Truth in Caller ID Act

The complaint accuses 52-year-old Rhodes of making 4,959 illegal robocalls in multiple states with falsified caller ID information, with the intent to cause harm. For each state he targeted, Rhodes crafted unique campaigns that referenced local events. 

Residents of Brooklyn, Iowa, were targeted with xenophobic messages referring to the arrest of an illegal alien for the murder of a local college student, Mollie Tibbetts, in July 2018. Meanwhile, victims in Charlottesville, Virginia, were harassed with robocalls based on a false conspiracy theory in an apparent attempt to influence the jury in a local murder trial. 

Rhodes harassed people in Florida and Georgia with spoofed robocalls that attacked gubernatorial candidates, while in Idaho, he robocalled residents of Sandpoint City, attacking the local newspaper and its publisher.

“It is unlawful to spoof caller ID numbers to trick consumers into answering unwanted phone calls with the intent to defraud, cause harm or wrongfully obtain anything of value,” said Acting Assistant Attorney General Brian Boynton for the Justice Department’s Civil Division. 

“The department will work with its agency partners to vigorously enforce the telemarketing laws that prohibit these practices.”

US Imprisons Bulletproof Hosting Providers

Two men from Eastern Europe have been imprisoned in the United States for helping cyber-criminals carry out cyber-attacks against individuals and financial institutions in America. 

Pavel Stassi, a 30-year-old Estonian, and 33-year-old Aleksandr Skorodumov, of Lithuania, received custodial sentences for providing bulletproof hosting services that were used to distribute malware from 2009 to 2015.

Court documents state that the two men were members of a bulletproof hosting organization founded and led by two Russian co-defendants, Aleksandr Grichishkin and Andrei Skvortsov, both aged 34.

Cyber-criminals use bulletproof hosting services because they exist to ensure the anonymity of users. According to the US Department of Justice, these criminals did more than simply turn a blind eye to what their users were up to. 

“The defendants also helped their clients evade detection by law enforcement and continue their crimes uninterrupted by monitoring sites used to blocklist technical infrastructure used for crime, moving ‘flagged’ content to new infrastructure, and registering all such infrastructure under false or stolen identities,” said the DOJ’s Office of Public Affairs in a statement released October 20. 

Inside the criminal organization, Skorodumov was a lead systems administrator, performing tasks that included managing clients’ domains and IP addresses, and providing technical assistance to help clients optimize their malware and botnets. 

Stassi was brought on board as an administrator and marketer. One of his jobs was using false and/or stolen personal information to register webhosting and financial accounts used by the organization.

In May, each member of the cyber-criminal quartet pleaded guilty to one count of Racketeer Influenced and Corrupt Organizations (RICO) conspiracy. The men admitted renting out Internet Protocol (IP) addresses, servers, and domains to cyber-criminal clients, who used them to steal banking credentials, spread malware and form botnets.

Among the malware hosted by the organization was Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which caused or attempted to cause victims based in the United States to lose millions of dollars.

On June 28 and October 20, Chief Judge Denise Page Hood of the US District Court for the Eastern District of Michigan passed custodial sentences of 24 months upon Stassi and 48 months upon Skorodumov. Grichishkin and Skvortsov are pending sentencing.