The pop-up toaster as we know it first hit the shelves in 1926, under the brand name “Toastmaster.” With a familiar springy *pop*, it has ejected toast just the way we like it for nearly a century. Given that its design was so simple and effective, it’s remained largely unchanged. Until now. Thanks to the internet and so called “smart home” devices.
Toasters, among other things, are all getting connected. And have been for a few years now, to the point where the number of connected Internet of Things (IoT) devices reaches well into the billions worldwide—which includes smart home devices.
Businesses use IoT devices to track shipments and various aspects of their supply chain. Cities use them to manage traffic flow and monitor energy use. (Does your home have a smart electric meter?) And for people like us, we use them to play music on smart speakers, see who’s at the front door with smart doorbells, and order groceries from an LCD screen on our smart refrigerators—just to name a few ways we have welcomed IoT smart home devices into our households.
In the U.S. alone, smart home devices make up a $30-plus billion marketplace per year. However, it’s still a relatively young marketplace. And with that comes several security issues.
First and foremost, many of these devices still lack sophisticated security measures, which makes them easy pickings for cybercriminals. Why would a cybercriminal target that smart lightbulb in your living room reading lamp? Networks are only as secure as their least secure device. Thus, if a cybercriminal can compromise that smart lightbulb, it can potentially give them access to the entire home network it is on—along with all the other devices and data on it.
These devices make desirable targets for another reason. They can easily get conscripted into botnets, networks of hijacked computers and devices used to amplify Distributed Denial of Service (DDoS) attacks that organize the devices into an attacking host that can flood a target with so much traffic that it cannot operate. DDoS attacks can shut down websites, disrupt service and even choke traffic across broad swathes of the internet.
Remember the “Mirai” botnet attack of 2016, where hackers targeted a major provider of internet infrastructure? It ended up crippling traffic in concentrated areas across the U.S., including the northeast, Great Lakes, south-central, and western regions. Millions of internet users were affected, people, businesses, and government workers alike.
Another headline-maker was the Amazon Web Services (AWS) attack in 2020. AWS provides cloud computing services to millions of businesses and organizations, large and small. Those customers saw slowdowns and disruptions for three days, which in turn slowed down and disrupted the people and services that wanted to connect with them.
The Mirai and AWS stand out as two of the highest-profile DDoS attacks, yet smaller botnet attacks abound, ones that don’t make headlines. Still, they can disrupt the operations of websites, public infrastructure, and businesses, not to mention the well-being of people who rely the internet.
How do cybercriminals harness these devices for attacks? Well, as the case with many early IoT devices, the fault lies within the weak default passwords that many manufacturers employ when they sell these devices. These passwords include everything from “admin123” to the product’s name. The practice is so common that they get posted in bulk on hacking websites, making it easy for cybercriminals to simply look up the type of device they want to attack.
Complicating security yet further is the fact that some IoT and smart home device manufacturers introduce flaws in their design, protocols, and code that make them susceptible to attack. The thought gets yet more unsettling when you consider that some of the flaws were found in things like smart door locks.
The ease in which IoT devices can be compromised is a big problem. The solution, however, starts with manufacturers that develop IoT devices with security in mind. Everything in these devices will need to be deployed with the ability to accept security updates and embed strong security solutions from the get-go.
Until industry standards get established to ensure such basic security, a portion of securing your IoT and smart home devices falls on us, as people and consumers.
As for security, you can take steps that can help keep you safer. Broadly speaking, they involve two things: protecting your devices and protecting the network they’re on. These security measures will look familiar, as they follow many of the same measures you can take to protect your computers, tablets, and phones.
Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, use online protection software on your phone to help keep it safe from compromise and attack.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device and thousands of others just like it all share the same credentials, which makes it painfully easy for a hacker to gain access to them because those default usernames and passwords are often published online. When you purchase any IoT device, set a fresh password using a strong method of password creation, such as ours. Likewise, create an entirely new username for additional protection as well.
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts—with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way hackers who simply try and force their way into your device with a password/username combination.
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network. Also consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which will keep your signal secure.
Older routers may have outdated security measures, which may make them more prone to attack. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
In addition to fixing the odd bug or adding the occasional new feature, updates often address security gaps. Out-of-date apps and devices may have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, even better.
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.
Read trusted reviews and look up the manufacturer’s track record online. Have their devices been compromised in the past? Do they provide regular updates for their devices to ensure ongoing security? What kind of security features do they offer? And privacy features too? Resources like Consumer Reports can provide extensive and unbiased information that can help you make a sound purchasing decision.
As more and more connected devices make their way into our homes, the need to ensure that they’re secure only increases. More devices mean more potential avenues of attack, and your home networks is only as secure as the least secure device that’s on it.
While standards put forward by industry groups such as UL and Matter have started to take root, a good portion of keeping IoT and smart home devices secure falls on us as consumers. Taking the steps above can help prevent your connected toaster from playing its part in a botnet army attack—and it can also protect your network and your home from getting hacked.
It’s no surprise that IoT and smart home devices are raking in billions of dollars of years. They introduce conveniences and little touches into our homes that make life more comfortable and enjoyable. However, they’re still connected devices. And like anything that’s connected, they must get protected.
The post What is a Botnet? And What Does It Have to Do with Protecting “Smart Home” Devices? appeared first on McAfee Blog.
By 2030, experts predict that there will be 5 billion devices connected to 5G.1 For the general population, this connectedness means better access to information, communication with far-flung loved ones, greater convenience in everyday tasks … and more hours devoted to everyone’s favorite pastime: scrolling through funny online videos.
For cybercriminals, this vast mobile population fills their pool of targets with billions. And criminals are getting better at hiding their schemes, making threats to mobile devices seem nearly invisible.
When undetected, cybercriminals can help themselves to your personal information or take over your expensive mobile device for their own gains. The best way to combat criminals and protect your mobile device is to know their tricks and adopt excellent online habits to foil their nefarious plots.
Here are the tips you need to uncover these four hard-to-spot mobile threats.
Spyware’s main ability is right in the name: it spies on you. Spyware is a type of malware that lurks in the shadows of your trusted device, collecting information about your browsing habits, personally identifiable information (PII), and more. Some types, called key loggers, can keep track of what you type. The software then sends the details and movements it collects about you to the spying criminal. They can then use this information to steal your passwords and waltz into your online accounts or steal your identity.
Malicious downloads are often the origin of spyware getting onto your mobile device. The spyware hides within “free” TV show, movie, or video game online downloads; however, instead of getting the latest episode you’ve been dying to watch, your device gets spyware instead.
Have you visited risky sites recently? Is your device running slowly, overheating, or suddenly experiencing a shorter-than-usual battery life? One or all of these signs could indicate that your device is working overtime running the spyware and trying to keep up with your everyday use.
Safe downloading habits will go a long way in protecting you from spyware. While streaming from free sites is less expensive than paying a monthly membership to a legitimate streaming service, you may have to pay more in the long run to reverse the damage caused by unknowingly downloading spyware. If you’re unsure if the sites you visit are safe, a safe browsing tool like McAfee WebAdvisor will alert you to untrustworthy sites.
Malicious apps are applications that masquerade as legitimate mobile apps but are actually a vessel to download malware onto your mobile device. For example, when Squid Game was all the rage in 2021, 200 apps related to the show popped up on the Google Play store. One of these themed apps claiming to be a wallpaper contained malware.
Similar to spyware, a device infected with malware will overheat, load pages slowly despite a solid Wi-Fi connection, and have a short battery life. Also, you may notice that texts are missing or that your contacts are receiving messages from you that you never sent. Finally, your online accounts may have suspicious activity, such as purchases or money transfers you didn’t authorize.
Avoiding malicious apps requires that you do a bit of research before downloading. Even if you’re using an authorized app store, like Google Play or the Apple Store, apps with hidden malware can pass the vetting process. One way to determine if an app is risky is to look at the quality of its reviews and its number of star ratings. Approach an app with less than 100 ratings with caution. Also, read a few of the reviews. Are they vague? Are they written poorly? Cybercriminals may pad their apps with fake reviews, but they’re unlikely to spend too much time writing well-composed comments. Finally, do a background check on the app’s developer listed in the app description. If they have a criminal reputation, a quick search will likely alert you to it.
Perusing the reviews isn’t a guaranteed way to sniff out a malicious app. In 2020, McAfee discovered that one bad app had more than 7,000 reviews. To help prevent malware from taking hold of your device, consider investing in antivirus software. Antivirus software isn’t just for your desktop. Mobile devices benefit from it, too! McAfee antivirus is compatible with any operating system and offers 24/7 real-time threat protection.
A botnet is a vast collection of malware-infected devices controlled by a cybercriminal. The criminal uses their network of bots to proliferate spam or crash servers.
Malware is a broad term that encompasses dozens of specific strains of malicious software, several of which are capable of recruiting your mobile device to a cybercriminal’s army of bots. Without your knowledge, the criminal can force your phone to message your contact list or divert your device’s computing power to overload a server in a cyberattack.
All the telltale signs of malware are applicable here if your phone is part of a botnet. A botnet commander grants themselves the highest admin access to any device they take over. That means you may also see new apps on your home screen that you never downloaded or messages sent by text, email, or social media direct message that you never wrote.
Criminals recruiting devices to their botnet can embed the necessary malware anywhere malware typically lurks: in fake apps, dubious streaming and file-sharing sites, phishing emails, risky links, etc. The best way to avoid becoming a member of a botnet is to watch what you click on, stay away from risky sites, and treat any message from a stranger with suspicion.
Cybercriminals can conceal their malware within fake software updates that look official. Fake updates often pose as Microsoft updates because of the company’s huge user base. Java and Android operating system updates have also been impersonated in the past.
The common signs of malware apply to fake software updates too. Also, if a fake update was widespread, you’ll likely receive an official correspondence from the software provider issuing a patch.
The best way to avoid being tricked by a fake update is to enable automatic updates on all your devices. When your devices auto-update, you can ignore any pop-up, email, or text that urges you to click on a link to update. Auto-update is a good practice to adopt anyway, as it ensures that you have the latest software, which often means that it’s the most secure.
Another excellent habit that’ll prevent you from compromising your device with a fake software update is to always preview where links will take you. You can do this by tapping and holding the link. Check the hyperlink for typos or for pages that direct away from the organization’s official website.
Cybercriminals are getting craftier by the day, employing new tools (like ChatGPT) and new strains to trick people and infect mobile devices for their own gains. To safeguard all your devices, consider investing in a solution that’ll protect you from every angle. McAfee+ Ultimate is the all-in-one device, privacy, and security service that helps you confidently live your best online life. The proactive monitoring features stop threats in their tracks, saving you a massive headache and guarding your finances and PII. If any online scheme does compromise your identity, the Family Plan offers up to $2 million in identity theft restoration.
Mobile malware doesn’t always scream “suspicious!” As long as you arm yourself with the right tools, practice good habits, and keep your eyes peeled, you should be able to spot malicious software.
1GSMA, “The Mobile Economy”
The post 4 Mobile Malware Threats You Can’t Even See appeared first on McAfee Blog.
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”
A copy of the passport for Denis Emelyantsev, a.k.a. Denis Kloster, as posted to his Vkontakte page in 2019.
First advertised in the cybercrime underground in 2014, RSOCKS was the web-based storefront for hacked computers that were sold as “proxies” to cybercriminals looking for ways to route their Web traffic through someone else’s device.
Customers could pay to rent access to a pool of proxies for a specified period, with costs ranging from $30 per day for access to 2,000 proxies, to $200 daily for up to 90,000 proxies.
Many of the infected systems were Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers. Later in its existence, the RSOCKS botnet expanded into compromising Android devices and conventional computers.
In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet. But that action did not name any defendants.
Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog, where he went by the name Denis Kloster. The blog featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world,” and even included a group photo of RSOCKS employees.
“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
But by the time that investigation was published, Emelyantsev had already been captured by Bulgarian authorities responding to an American arrest warrant. At his extradition hearing, Emelyantsev claimed he would prove his innocence in an U.S. courtroom.
“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Emelyantsev told the Bulgarian court. “I am not a criminal and I will prove it in an American court.”
RSOCKS, circa 2016. At that time, RSOCKS was advertising more than 80,000 proxies. Image: archive.org.
Emelyantsev was far more than just an administrator of a large botnet. Behind the facade of his Internet advertising company based in Omsk, Russia, the RSOCKS botmaster was a major player in the Russian email spam industry for more than a decade.
Some of the top Russian cybercrime forums have been hacked over the years, and leaked private messages from those forums show the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted community where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the forum imploded in 2010.
A Google-translated version of the Rusdot spam forum.
Indeed, the very first mentions of RSOCKS on any Russian-language cybercrime forums refer to the service by its full name as the “RUSdot Socks Server.”
Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, Emelyantsev probably knows quite a bit about other top players in the botnet spam and malware community.
It remains unclear whether Emelyantsev made good on his promise to spill that knowledge to American investigators as part of his plea deal. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of California, which has not responded to a request for comment.
Emelyantsev pleaded guilty on Monday to two counts, including damage to protected computers and conspiracy to damage protected computers. He faces a maximum of 20 years in prison, and is currently scheduled to be sentenced on April 27, 2023.
In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for interfering in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google’s legal fees.
A slide from a talk given in Sept. 2022 by Google researcher Luca Nagy. https://www.youtube.com/watch?v=5Gz6_I-wl0E&t=6s
Glupteba is a rootkit that steals passwords and other access credentials, disables security software, and tries to compromise other devices on the victim network — such as Internet routers and media storage servers — for use in relaying spam or other malicious traffic.
Collectively, the tens of thousands of systems infected with Glupteba on any given day feed into a number of major cybercriminal businesses: The botnet’s proprietors sell the credential data they steal, use the botnet to place disruptive ads on the infected computers, and mine cryptocurrencies. Glupteba also rents out infected systems as “proxies,” directing third-party traffic through the infected devices to disguise the origin of the traffic.
In June 2022, KrebsOnSecurity showed how the malware proxy services RSOCKS and AWMProxy were entirely dependent on the Glupteba botnet for fresh proxies, and that the founder of AWMProxy was Dmitry Starovikov — one of the Russian men named in Google’s lawsuit.
Google sued Starovikov and 15 other “John Doe” defendants, alleging violations of the Racketeer Influenced and Corrupt Organizations Act (RICO), the Computer Fraud and Abuse Act, trademark and unfair competition law, and unjust enrichment.
In June, Google and the named defendants agreed that the case would proceed as a nonjury action because Google had withdrawn its claim for damages — seeking only injunctive relief to halt the operations of the botnet.
The defendants, who worked for a Russian firm called “Valtron” that was also named in the lawsuit, told Google that they were interested in settling. The defendants said they could potentially help Google by taking the botnet offline.
Another slide from Google researcher Luca Nagy’s September 2022 talk on Glupteba.
But the court expressed frustration that the defendants were unwilling to consent to a permanent injunction, and at the same time were unable to articulate why an injunction forbidding them from engaging in unlawful activities would pose a problem.
“The Defendants insisted that they were not engaged in criminal activity, and that any alleged activity in which they were engaged was legitimate,” U.S. District Court Judge Denise Cote wrote. “Nevertheless, the Defendants resisted entry of a permanent injunction, asserting that Google’s use of the preliminary injunction had disrupted their normal business operations.”
While the defendants represented that they had the ability to dismantle the Glupteba botnet, when it came time for discovery — the stage in a lawsuit where both parties can compel the production of documents and other information pertinent to their case — the attorney for the defendants told the court his clients had been fired by Valtron in late 2021, and thus no longer had access to their work laptops or the botnet.
The lawyer for the defendants — New York-based cybercrime defense attorney Igor Litvak — told the court he first learned about his clients’ termination from Valtron on May 20, a fact Judge Cote said she found “troubling” given statements he made to the court after that date representing that his clients still had access to the botnet.
The court ultimately suspended the discovery process against Google, saying there was reason to believe the defendants sought discovery only “to learn whether they could circumvent the steps Google has taken to block the malware.”
On September 6, Litvak emailed Google that his clients were willing to discuss settlement.
“The parties held a call on September 8, at which Litvak explained that the Defendants would be willing to provide Google with the private keys for Bitcoin addresses associated with the Glupteba botnet, and that they would promise not to engage in their alleged criminal activity in the future (without any admission of wrongdoing),” the judge wrote.
“In exchange, the Defendants would receive Google’s agreement not to report them to law enforcement, and a payment of $1 million per defendant, plus $110,000 in attorney’s fees,” Judge Cote continued. “The Defendants stated that, although they do not currently have access to the private keys, Valtron would be willing to provide them with the private keys if the case were settled. The Defendants also stated that they believe these keys would help Google shut down the Glupteba botnet.”
Google rejected the defendants’ offer as extortionate, and reported it to law enforcement. Judge Cote also found Litvak was complicit in the defendants’ efforts to mislead the court, and ordered him to join his clients in paying Google’s legal fees.
“It is now clear that the Defendants appeared in this Court not to proceed in good faith to defend against Google’s claims but with the intent to abuse the court system and discovery rules to reap a profit from Google,” Judge Cote wrote.
Litvak has filed a motion to reconsider (PDF), asking the court to vacate the sanctions against him. He said his goal is to get the case back into court.
“The judge was completely wrong to issue sanctions,” Litvak said in an interview with KrebsOnSecurity. “From the beginning of the case, she acted as if she needed to protect Google from something. If the court does not decide to vacate the sanctions, we will have to go to the Second Circuit (Court of Appeals) and get justice there.”
In a statement on the court’s decision, Google said it will have significant ramifications for online crime, and that since its technical and legal attacks on the botnet last year, Google has observed a 78 percent reduction in the number of hosts infected by Glupteba.
“While Glupteba operators have resumed activity on some non-Google platforms and IoT devices, shining a legal spotlight on the group makes it less appealing for other criminal operations to work with them,” reads a blog post from Google’s General Counsel Halimah DeLaine Prado and vice president of engineering Royal Hansen. “And the steps [Google] took last year to disrupt their operations have already had significant impact.”
A report from the Polish computer emergency response team (CERT Orange Polksa) found Glupteba was the biggest malware threat in 2021.
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.”
A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.
On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer.
A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog, which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.” Kloster’s blog even included a group photo of RSOCKS employees.
“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities.
“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Kloster reportedly told the Bulgarian court this week. “I am not a criminal and I will prove it in an American court.”
Launched in 2013, RSOCKS was shut down in June 2022 as part of an international investigation into the cybercrime service. According to the Justice Department, the RSOCKS botnet initially targeted Internet of Things (IoT) devices, including industrial control systems, time clocks, routers, audio/video streaming devices, and smart garage door openers; later in its existence, the RSOCKS botnet expanded into compromising additional types of devices, including Android devices and conventional computers, the DOJ said.
The Justice Department’s June 2022 statement about that takedown cited a search warrant from the U.S. Attorney’s Office for the Southern District of California, which also was named by Bulgarian news outlets this month as the source of Kloster’s arrest warrant.
When asked about the existence of an arrest warrant or criminal charges against Kloster, a spokesperson for the Southern District said, “no comment.”
Update, Sept. 24, 9:00 a.m. ET: Kloster was named in a 2019 indictment (PDF) unsealed Sept. 23 by the Southern District court.
The employees who kept things running for RSOCKS, circa 2016. Notice that nobody seems to be wearing shoes.
24Chasa said the defendant’s surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother’s maiden name.
As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. In several private exchanges on cybercrime forums, the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010.
Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, the defendant in this case probably knows quite a bit about other top players in the botnet spam and malware community.
A Google-translated version of the Rusdot spam forum.
Despite maintaining his innocence, Kloster reportedly told the Bulgarian judge that he could be useful to American investigators.
“America is looking for me because I have enormous information and they need it,” Kloster told the court, according to 24Chasa. “That’s why they want me.”
The Bulgarian court agreed, and granted his extradition. Kloster’s fiancee also attended the extradition hearing, and reportedly wept in the hall outside the entire time.
Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.