Category: Uncategorized

The app maker's database wasn't protected with a password, leaving exposed its users' most private information.

Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server.

The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.

But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data.

The database appears to only contain records on the app's Android users.

The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet. The data was only secured after several attempts to contact Fitusi, who acknowledged the security lapse this weekend. The server has since been secured, but Fitusi did not respond when we asked for comment.

ZDNet obtained a portion of the database to verify.

Each record contains a basic collected data, including the user's full name, email addresses, and how many days the app was installed. Each record also included a user's precise location, including their city and country.

Other records are significantly more detailed. The app has a free version, which per its privacy policy collects more data than the paid version, which the company uses to monetize with advertising.

More complete records also include the device's IMSI and IMEI number, the device's make and model, its screen resolution, and the device's specific Android version.

A large portion of the records also included the user's phone number and the name of their cell phone provider, and in some cases their IP address and name of their internet provider if connected to Wi-Fi. Many records contain specific details of a user's public Google profile, including email addresses, dates of birth, genders, and profile photos.

We also found several tables of contact data uploaded from a user's phone. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. It's not clear for what reason the app uploaded email addresses and phone numbers of contacts on users' phones.

Several tables contained lists of each app installed on a user's device, such as banking apps and dating apps.

It's not unusual for on-screen keyboards to have wide-ranging access to some of the highest levels of Android permissions. Android will warn users that keyboards "may be able to collect all the text that you type, including personal data like passwords and credit card numbers." AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access.

For its part, AI.type says on its website that user's privacy "is our main concern." Any text entered on the keyboard "stays encrypted and private," says the company.

But the database wasn't encrypted. We also found evidence that text entered on the keyboard does get recorded and stored by the company, though to what extent remains unclear.

The company also promises to "never share your data or learn from password fields," but we saw one table containing more than 8.6 million entries of text that had been entered using the keyboard, which included private and sensitive information, like phone numbers, web search terms, and in some cases concatenated email addresses and corresponding passwords.

Bob Diachenko, head of communications at Kromtech Security Center, warned of the dangers of using free apps.

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online," he told ZDNet. "This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user."

"It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices," he added.

"It is clear that data is valuable and everyone wants access to it for different reasons," he said. "Some want to sell the data they collect, others use it for targeted marketing, predictive artificial intelligence, and cyber criminals want to use it to make money in more and more creative ways."

From:http://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/

The attackers behind this form of file-encrypting malware -- which has similarities with Locky -- think that if the victim can set their own price, they're more likely to pay.

A new form of ransomware, which shares similarities with Locky, allows its victims to negotiate the price for retrieving their encrypted files.

Scarab ransomware was first uncovered in June, but during November, it was suddenly distributed in millions of spam emails, according to researchers at Fortinet. The emails were distributed by Necurs, the botnet infamous for spreading the highly-successful Locky ransomware.

The file-encrypting malware is deployed when the victim runs a VBScript application contained within a malicious email, which retrieves Scarab from payload websites. Researchers at PhishMe said the script contains similarities to the mechanism used to deliver Locky.

Those behind Scarab have also chosen to fill the source code of the ransomware with what appear to be references to Game of Thrones character Jon Snow.

Once installed and executed on the victim's computer, the malware will connect to a website that provides the attacker with the victim's IP address and other machine information -- likely to aid the attacker in keeping track of victims.

Even if the machine is taken offline during the process, the ransomware still encrypts the files with the .scarab file extension and presents the victim with a ransom note.

But rather than demanding a set fee to release the files, the attackers behind Scarab ask the victims to email them in order to negotiate a payment in bitcoin -- the cryptocurrency often used by attackers to collect ransom payments.

The use of an email address suggests the attackers aren't as sophisticated as those behind other forms of ransomware. However, they do seem to be working to the theory that if they allow the victim to set their own price for the ransom, they're more likely to receive a payment.

"The negotiation process encouraged by the Scarab ransomware is particularly interesting. While entering into negotiations definitely makes it more likely that a ransom of some kind will be paid, it also allows them to fluctuate demands depending on the value of bitcoin at that time," said Aaron Higbee, co-founder and CTO of PhishMe.

Researchers suggest the rise in the value of bitcoin has played a part in the shift to using this tactic. A fee of around one bitcoin was often set as the ransom demand during 2016, when the value of bitcoin was under $1000. At the time of writing, one bitcoin is worth over $16,000.

Attackers are likely to understand the average victim isn't going to have the funds to pay this fee, so by allowing the victim to suggest a price, those behind Scarab are more likely to guarantee a payday for their criminal work.

Those behind Scarab also attempt to show they can be trusted to hold up their end of the malicious deal with the use of a common tactic of ransomware distributors: offering to decrypt some files for free. They also provide instructions on how to obtain bitcoin in order so that they can receive payment from victims.

However, these aren't acts of community spirit. The attackers are criminals who are looking for profit by extorting a payment out of the unfortunate victim -- a reality hammered home by the ransom note, which says: "Decryption of your files with the help of third parties may cause an increased price." The attackers also add that by trying to use decryption tools, the victim "can become a victim of a scam".

Researchers are currently unsure if Scarab will be a temporary ransomware campaign -- like Jaff -- or if it will become a long-standing threat like Locky.

From:http://www.zdnet.com/article/this-ransomware-asks-victims-to-name-their-own-price-to-get-their-files-back/

Ride-sharing company reveals 380,000 in Singapore were affected by the massive data breach that compromised 57 million accounts globally, but says no fraud or misuse has been tied to these users.

Uber says an estimated 380,000 users in Singapore were impacted by the 2016 data breach that compromised 58 million accounts globally, but finds no incidents of fraud related to the attack.

The ride-sharing operator posted a statement on its website Friday with the update, noting that the figure was "an approximation rather than an accurate and definitive count". The number was determined from data extracted from its app or online site and based on codes assigned to specific countries, which might not always correspond with where the user actually lived, it explained.

Uber said it had taken "immediate steps to secure the data" when the breach was uncovered and blocked further unauthorised access. It added that affected customers need not take any action since there was no indication the breach had resulted in any fraudulent transactions.

"Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, or dates of birth were downloaded," it said. "We have seen no evidence of fraud or misuse tied to the incident. We are monitoring the affected accounts and have flagged them for additional fraud protection."

Reports emerged last month that some customers in Singapore found charges made to their Uber accounts and credit cards for rides they never took, including transactions made in the UK and US and in foreign currencies. The company said then that these were not linked to the global data breach, since details related to credit card numbers or bank account numbers were not believed to have been compromised in the attack.

Uber admitted to have concealed the data breach for more than a year, paying off hackers US$100,000 to delete the data and keep quiet about the incident.

In a note commenting on Uber's latest statement in Singapore, Sanjay Aurora, Asia-Pacific managing director for security vendor Darktrace, said the onus was on companies to safeguard their customers' data.

"The reality is that there is only so much individuals can do. Ultimately, the responsibility lies with the companies that are entrusted with users' sensitive data to defend it against cyberattacks," Aurora said.

"Time and time again, we have seen attacks of this scale--and larger--plague the news. The reality is that such breaches, whether Uber, Equifax, or Yahoo, could have been resolved at an early stage [and] well before real damage was done," he said, touting the need for artificial intelligence in helping companies identify and combat security threats.

Singapore authorities had said they were investigating Uber's security incident and would determine if the US company had breached local data protection laws. They also underscored the need for Uber to be transparent and to cooperate with local authorities.

From:http://www.zdnet.com/article/uber-says-data-breach-compromised-380k-users-in-singapore/

The classified data was later collected by Kaspersky software running on the staffer's home computer.

A former National Security Agency hacker has admitted to illegally taking highly classified information from the agency's headquarters, which was later stolen by Russian hackers.

Nghia Pho, 67, a Maryland resident who worked for the NSA's Tailored Access Operations, the agency's elite hacking unit, entered a guilty plea on Friday to charges of willful retention of national defense information.

The Justice Dept. confirmed the news in a statement on Friday. The New York Times was first to report the news.

Documents released by the Justice Dept. accuse Pho of removing top secret information from the agency over a five yer period through March 2015.

Pho held some of the highest levels of security clearance at the agency, including sensitive compartmented information and "need to know" clearance, reserved for only a fraction of the agency's staff.

Although the documents don't make it clear exactly what specific classified data and records were taken -- beyond hard copy and digital files stored in Pho's residence -- several earlier reports have pointed to hacking tools developed for offensive operations launched by the NSA, such as targeting foreign networks and systems for conducting surveillance.

News of the breach was first reported by The Wall Street Journal earlier this year, which said hackers working for Russian intelligence had obtained classified NSA data.

The hackers targeted the then NSA employee in 2015 when he opened the classified work on his home computer running Kaspersky antivirus software. Russian hackers are said to have targeted the employee after they identified the NSA files through the antivirus software.

The company's founder Eugene Kaspersky previously said he believes that his company's products were exploited to obtain files from Pho's computer.

Kaspersky admitted to collecting and uploading the classified data to its servers in Moscow, but only after several kinds of malware were found on Pho's computer. (Other antivirus products often upload suspicious data to its servers to analyze.)

Kaspersky, a Moscow-based security company, has repeatedly denied working with the Kremlin to conduct espionage. Eugene Kaspersky told ZDNet this week that his company would "move the business out" of the country if the Russian government asked it to spy.

Pho is expected to be sentenced in April, where he may receive the maximum sentence of ten years in prison. According to the Times, prosecutors are not asking for more than eight years.

The case is one of several major breaches at the NSA since the Edward Snowden disclosures in 2013.

Pho is among three employees to be charged, including Harold Martin, an NSA contractor, who was indicted for removing terabytes of secret data from the agency's headquarters, and Reality Winner, another contractor, who was indicted this year for leaking classified secrets to news site The Intercept.

Another major breach of data included the agency's trove of highly classified hacking tools, which were later used to launch a large scale, global ransomware attack. Earlier this year, hackers used the tools to silently infect Windows computers with a backdoor to then launch the WannaCry ransomware.

This week, ZDNet revealed the fifth and most recent breach of NSA data in as many years, including new details about the Ragtime surveillance program, which targets Americans' data.

From:http://www.zdnet.com/article/former-nsa-staffer-pleads-guilty-after-classified-data-theft/

The UK's controversial mass surveillance legislation will have to be tweaked to comply with EU law, but critics say the changes don't go far enough.

The UK government has been forced to revise parts of its controversial surveillance legislation.

Under the Investigatory Powers Act 2016, nicknamed the 'Snoopers Charter', communications companies can be required to retain customers' communications data for up to 12 months. The government describes communications data as the who, where, when, how, and with whom of a communication, but does not include what was written or said.

But in December last year the European Court of Justice (ECJ) ruled that the powers of the UK's surveillance legislation were too wide and did not comply with EU law.

In response to the ECJ ruling, the government now plans to make a number of changes, such as introducing a new independent body to authorise communications data requests. Previously, senior police were able to authorise requests.

The use of communications data will also be restricted to investigations into serious crime that would carry a sentence of six months or more. To get access to web surfing data, authorities need to be investigating a crime that carries a sentence of at least a year.

Additional safeguards will be added that must be taken into account before a Data Retention Notice can be given to a telecoms company, and it will be made clearer when people should be notified if their data is accessed.

However, the government insisted that the judgment does not apply to the retention or acquisition of data for national security purposes "as national security is outside of the scope of EU law". A consultation on the changes is underway, and will run for the next seven weeks.

The UK government argues that communications data is used in 95 percent of serious and organised-crime prosecutions, and has figured in every major counter-terrorism investigation over the last decade. Critics argue that rather than introducing surveillance of the entire population, the authorities would be more effective by targeting suspects more closely.

In a statement, privacy campaigners the Open Rights Group (ORG) called the change a "major victory".

"Adding independent authorisation for communications data requests will make the police more effective, as corruption and abuse will be harder. It will improve operational effectiveness, even if less data is used during investigations and trust in the police should improve," said the ORG's executive director Jim Killock.

The ORG and other privacy campaigners met with the government this week, and Home Office staff warned that without communications data, police would have to rely on more intrusive surveillance techniques. But Killock said it's better to have suspects placed under targeted surveillance measures, rather than having the population at large kept under tabs through retained communications data.

"The world has trade offs, and we would suggest that this is a good one," he said.

From:http://www.zdnet.com/article/snoopers-charter-government-forced-to-backtrack-on-data-access/

Tens of thousands of customers of the credit repair service are believed to be affected.

The National Credit Federation (NCF) has become the latest in a long list of companies to leave the sensitive, private data of customers exposed for all to see online.

According to Chris Vickery, UpGuard Director of Cyber Risk Research, the Tampa, Fla.-based credit repair firm left 111GB of internal customer information on an Amazon Web Services S3 cloud storage bucket configured to allow public access without restriction.

In a blog post, Vickery said the discovery was made on Oct. 3, 2017.

Information on the server, potentially impacting tens of thousands of customers, included customer names, addresses, dates of birth, driver's license and Social Security card scans, credit blueprints containing detailed financial histories, and full credit card and bank account numbers.

In addition, credit reports from Equifax, Experian, and TransUnion were found in the repository, and in some cases, multiple copies were discovered.

This is a huge amount of information which could be used by frausters and criminals to conduct identity theft and destroy their victim's finances.

In order to access this information, all anyone needed to do was to enter the repository's URL and download the files they wanted.

"National Credit Federation data was left entirely accessible to anybody accessing the repository's URL, highlighting the vital urgency for enterprises to secure their data and validate their configurations against any such exposures," the security researcher said. "This highly concentrated level of exposure, thoroughly revealing customer credit history several times over, serves to highlight the myriad dangers a single exposure can unleash."

It is possible that up to 47,000 NCF customers have been impacted. The researcher says that the bucket's subdomain, "crm-mvp," likely refers to either customer relationship or customer record management, and the contents appear to back this theory as there are 47,000 files -- most of them PDF and text files -- which contain the information of customers.

"A conservative estimate of the number of NCF customers affected by this exposure would be below forty thousand individuals, all of whom needed help in restoring their finances," Vickery says. "In short, these are people who needed and asked for assistance in getting their lives back on track, and were repaid, through a process still unknown, by having the information they furnished revealed online."

Until UpGuard notified NCF of the discovery, the repository was in a state of constant update.

However, there is no indication at the moment that any attackers found and exploited this security failure.

This is far from the first time that deeply sensitive and confidential information concerning US citizens has been leaked online.

Earlier this year, credit giant Equifax admitted to a data breach, which exposed the data of roughly 145 million customers, including names, social security numbers, birth dates, home addresses and some driving license details, eventually costing the company $87.5 million in damage control.

Last year, a US government subcontractor, Potomac Healthcare Solutions, used an unsecured server to hold sensitive details belonging to active military healthcare professionals, which Vickery found to be open for the world to see.

In related news, this week, the contents of a hard drive belonging to a division of the US National Security Agency (NSA) was exposed online. The virtual disk image contained over 100GB of data relating to a military project dubbed "Red Disk," and was left on an unlisted but public Amazon Web Services server.

From:http://www.zdnet.com/article/national-credit-federation-leaked-us-citizen-data-through-unsecured-aws-bucket/

The company says evidence of "unauthorized access" has appeared during a recent investigation.

PayPal's recently-acquired payment processor TIO Networks has revealed that up to 1.6 million customers have had their information stolen in a recent data breach.

Last week, the Vancouver, Canada-based TIO Networks said that following the suspension of operations, evidence has been uncovered of a data breach due to "unauthorized access."

In a statement, the company said that unknown attackers were able to gain access to "locations that stored personal information of some of TIO's customers and customers of TIO billers."

In total, up to 1.6 million customers may have had their information leaked, which could include personally identifiable information (PII) or potentially financial data.

No details on the type of information exposed have yet been revealed; however, PayPal says the unauthorized access was "ongoing."

PayPal acquired TIO Networks in July 2017 in a deal worth $238 million. TIO Networks operates under PayPal's umbrella but acts as a separate company, processing over $7 billion in consumer bill payments in 2016, supporting roughly 16 million customer bill pay accounts.

In November, PayPal announced the suspension of TIO Networks' operations due to "PayPal's discovery of security vulnerabilities on the TIO platform and issues with TIO's data security program that do not adhere to PayPal's information security standards."

TIO's platform, thankfully, has not been integrated into PayPal's business, which means users of the latter have not been impacted by the latest disclosure.

PayPal launched an internal investigation into the newly-acquired firm's business and hired a third-party cyberforensics company to review the TIO bill payment platform after suspending operations, revealing the data breach.

TIO Networks has begun notifying those potentially impacted by the security issue and Paypal has signed up credit reporting agency Experian to provide free monitoring for 12 months to customers which have been verified as victims.

"At this point, TIO cannot provide a timeline for restoring bill payment services, and continues to recommend that you contact your biller to identify alternative ways to pay your bills," TIO Networks says. "We sincerely apologize for any inconvenience caused to you by the disruption of TIO's service."

From:http://www.zdnet.com/article/paypals-tio-networks-reveals-data-breach-impacted-1-6-million-users/

The government-backed broadcaster has confirmed that data from an unsecured repository was exposed.

The Australian Broadcasting Corporation (ABC) has accidentally leaked sensitive data from at least two unsecured Amazon Web Services (AWS) S3 repositories, according to Kromtech Security Center.

The government-backed broadcaster has confirmed in a statement that it was notified of the data leak on November 16, and said its technology teams acted promptly to solve the issue.

Kromtech CIO Bob Diachenko wrote in a blog post that the security firm discovered a "trove of data" connected to ABC Commercial -- the broadcaster's commercial arm that looks after the marketing and retailing of ABC products and services worldwide -- after conducting an online search of poorly set up cloud computing sites.

Exposed data included information regarding "production services and stock files that should not have been publicly available online," according to Diachenko.

The exposed files contained thousands of emails, logins, and passwords for ABC Commercial users to access content; requests for licensed content from media producers worldwide; secret access key and login details for other repositories, with advanced video content; and 1,800 daily MySQL backups "from 2015 to present".

The unsecured repositories were detected in that state just a week after AWS introduced new S3 encryption and security features for users, Diachenko noted.

"Security can not be ignored anymore and and it is not just an organization's reputation but the real data of customers, partners, or vital business information that is at stake with each new data breach," Diachenko wrote.

This is not the first time the ABC has accidentally exposed sensitive data. Back in 2010, it sent an email to players of its augmented reality game Bluebird, saying that their names, email addresses, and passwords were available for download via an archive for almost a month.

In 2013, ABC's website was also hacked deliberately by an individual that went by the handle 'Phr0zenMyst", which lead to the details of 50,000 users being exposed online, such as usernames, email addresses, and password hashes.

ZDNet has reached out to the ABC to learn whether users whose information was exposed were notified of the leak, and the steps the broadcaster has taken since learning of the unsecured repositories.

From ：http://www.zdnet.com/article/australian-broadcasting-corporation-confirms-s3-data-leak/

The Australian government department has confirmed the data compromise related to staff profiles from its previous credit card management system provided by Business Information Services.

The Australian Department of Social Services (DSS) has confirmed the third-party breach of its previous credit card management system, with data reportedly exposed by Business Information Services over an 11-year period containing the names, usernames, work phone numbers, work email addresses, and system passwords of department employees.

As first reported by the Guardian, DSS CFO Scott Dilley had written to 8,500 current and former employees warning them of the breach back in early November, explaining there was "a data compromise relating to staff profiles within the department's credit card management system prior to 2016".

It is reported that Business Information Services advised the department the data was "open" from the period spanning June 2016 through October 2017, and related back as far as 2004 through to 2015.

The letter from Dilley, according to the Guardian, blames "the actions of the department's third-party provider" and says the compromise "is not a result of any of the department's internal systems".

"The data has now been secured," Dilley is quoted as writing in the letter sent to DSS staff, adding also there was "no evidence" of improper use of the data or the department's credit cards.

A spokesperson for DSS told ZDNet that on October 3, 2017, the department was notified by the Australian Signals Directorate of the compromise.

The Australian Cyber Security Centre (ACSC) immediately contacted Business Information Services to secure the information and remove the "vulnerability" within hours of notification, the spokesperson added.

They also said DSS has been working with the ACSC and the Office of the Australian Information Commissioner (OAIC) in response to the breach, with around 2,000 current staff and 6,500 former employees notified.

According to DSS, this vulnerability has been contained and the department is "working" with Business Information Services to "ensure effective arrangements are in place, and to support affected staff".

Last year, a 1.74GB MySQL database backup containing 1.3 million rows and 647 different tables from the Australian Red Cross Blood Service's DonateBlood.com.au website was found to be publicly available.

The data originated from an online donor application form that contained details including name, gender, address, email, phone number, date of birth, country of birth, blood type, and other donation-related data, as well as appointments made.

An investigation from the OAIC found that a file containing information relating to approximately 550,000 prospective blood donors was saved to a publicly accessible portion of a webserver managed by a third party provider, Precedent Communications.

The data breach occurred without the authorisation or direct involvement of the Blood Service, and was outside the scope of Precedent's contractual obligations to the Blood Service.

In February next year, organisations in Australia will need to disclose incidents involving personal information, credit card information, credit eligibility, and tax file number information of individuals that would put them at "real risk of serious harm" under the country's impending data breach notification laws.

The new laws mandated under the Privacy Amendment (Notifiable Data Breaches) Act apply only to companies covered by the act, and therefore see intelligence agencies, small businesses with turnover of less than AU$3 million annually, and political parties exempt from disclosing breaches.

The following May, the General Data Protection Regulation (GDPR) will come into play, requiring organisations around the world that hold data belonging to individuals from within the European Union (EU) to provide a high level of protection and explicitly know where every ounce of data is stored.

Under Australia's data breach notification laws, organisations have 30 days to declare the breach; under the GDPR, organisations have 72 hours to notify authorities after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If an Australian organisation has an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU, they are bound by the GDPR requirements, should the breach be related to any of the above.

From ：http://www.zdnet.com/article/department-of-social-services-says-it-has-contained-data-breach-vulnerability/

The tech giant and law enforcement agency will share intelligence on the latest cyberthreats.

Cisco and Interpol have announced a new agreement to share threat data on cybercriminal activities.

On Tuesday, the tech giant and international law enforcement agency said that sharing threat intelligence between the parties will be the "first step" in jointly tackling today's cybercrime.

Modern consumers and businesses are facing more and more digital threats every day.

Hardly a week goes by that we do not hear of a severe data breach resulting in the loss of consumer data, highly sophisticated phishing schemes designed to infiltrate corporate networks or ransomware campaigns that encrypt individual systems and demand blackmail payments in return for lost information.

The situation is getting no better, and there is arguably a skills gap in the cybersecurity industry. To make as much of a dent, government and law enforcement agencies should work with cybersecurity specialists to at least attempt to get on top of the problem and shut down major criminal enterprises.

Such a concept is no stranger to Europol, for example, which operates in Europe together with law enforcement to eradicate ATM fraud, black box schemes, and the takedown of Dark web websites used to buy illegal drugs, weaponry, and more.

Interpol is also on the scene, training police in different countries to identify cybercriminal schemes across the Dark web, as well as working with banks and financial institutions to detect fraud and criminal schemes worldwide.

Now, working together with Cisco under the agreement, signed in Singapore at Interpol's headquarters, the agency's global cybercrime center will work with Cisco to create a coordinated approach to data sharing in order to improve threat detection and lay the groundwork for future projects.

Cisco says the agreement supports the "organization's programs targeting both 'pure cybercrime' and cyber-enabled crimes," and also assists European countries with identifying cybercriminal schemes and the threat actors behind them.

"As cybercrime continues to escalate around the world, defenders from both the public and private sectors must meet the threat with equal force," said John Stewart, SVP and Chief Security and Trust Officer at Cisco. "Visibility and comprehensive threat intelligence across the cyber domain are critical to enable detection, analysis, and protection against emerging threats."

"We are pleased to collaborate with Interpol to exchange threat intelligence and find other knowledge-sharing opportunities to fight cybercrime globally," the executive added.

This is not the first time Interpol has reached out to a cybersecurity firm for help in tracking down cybercriminals.

In 2014, the agency inked a three-year deal with Trend Micro. Under the terms of the deal, Trend Micro gave Interpol access to its Threat Intelligence Service, alongside additional resources and tactical information. Trend Micro also agreed to assist in a cybercrime investigation training program.

In June, Europol and European law enforcement swept across six countries to take down the leaders of a cybercriminal ring which specialized in selling remote access Trojans (RATs), hacking tools, and software designed to circumvent traditional antivirus solutions.

From ：http://www.zdnet.com/article/cisco-europol-team-up-to-share-cybercriminal-threat-data/