A collection point
...and some of my own.
The FBI used a Philly protester’s Etsy profile, LinkedIn, and other internet history to charge her with setting police cars ablaze Jeremy Roebuck: As demonstrators shouted, fires burned outside City Hall, and Philadelphia convulsed with outrage over the death of George Floyd, television news helicopters captured footage of a masked woman with a peace sign tattoo and wearing a light blue T-shirt setting a police SUV ablaze. More than two weeks after that climactic May 30 moment, federal authorities say they’ve identified the arsonist as 33-year-old Philadelphia massage therapist Lore Elisabeth Blumenthal by following the intricate trail of bread crumbs she left through her social media history and online shopping patterns over the years. According to filings in Blumenthal’s case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30. It showed the woman, in flame-retardant gloves, grabbing a burning piece of a police barricade that had already been used to set one squad car on fire and tossing it into the police SUV parked nearby. Within seconds, that car was also engulfed in flames. Investigators discovered other images depicting the same scene on Instagram and the video sharing website Vimeo. Those allowed agents to zoom in and identify a stylized tattoo of a peace sign on the woman’s right forearm. Scouring other images — including a cache of roughly 500 photos of the Philly protest shared by an amateur photographer — agents found shots of a woman with the same tattoo that gave a clear depiction of the slogan on her T-shirt. “Keep the Immigrants,” it read, “Deport the Racists.” That shirt, agents said, was found to have been sold only in one location: a shop on Etsy, the online marketplace for crafters, purveyors of custom-made clothing and jewelry, and other collectibles. The vendor: a New Castle, Del., dealer selling “screen printed and hand printed feminist wear.” The top review on her page, dated just six days before the protest, was from a user identifying herself as “Xx Mv,” who listed her location as Philadelphia and her username as “alleycatlore.” A Google search of that handle led agents to an account on Poshmark, the mobile fashion marketplace, with a user handle “lore-elisabeth.” And subsequent searches for that name turned up Blumenthal’s LinkedIn profile, where she identifies herself as a graduate of William Penn Charter School and several yoga and massage therapy training centers. From there, they located Blumenthal’s Jenkintown massage studio and its website, which featured videos demonstrating her at work. On her forearm, agents discovered, was the same distinctive tattoo that investigators first identified on the arsonist in the original TV video. BlueLeaks’ Exposes Files from Hundreds of Police Departments Brian Krebs: Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret data. DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.” The dates of the files in the leak actually span nearly 24 years — from August 1996 through June 19, 2020 — and that the documents include names, email addresses, phone numbers, PDF documents, images, and a large number of text, video, CSV and ZIP files. “Additionally, the data dump contains emails and associated attachments,” the alert reads. “Our initial analysis revealed that some of these files contain highly sensitive information such as ACH routing numbers, international bank account numbers (IBANs), and other financial data as well as personally identifiable information (PII) and images of suspects listed in Requests for Information (RFIs) and other law enforcement and government agency reports.” Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware In October 2019, security experts at Amnesty International’s Security Lab uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. The researchers are still investigating the attacks and found similar evidence of the attacks on Omar Radi, a prominent activist, and journalist from Morocco. “After checking his devices for evidence of targeting, Amnesty International was able to confirm that Abdessadak El Bouchattaoui was indeed targeted repeatedly with malicious SMS messages that carried links to websites connected to NSO Group’s Pegasus spyware.” Omar Radi is a Moroccan award-winning investigative journalist and activist who worked for several national and international media outlets. “Amnesty International’s Security Lab performed a forensic analysis of Omar Radi’s phone and found traces suggesting he was subjected to the same network injection attacks we first observed against Maati Monjib and described in our earlier report.” reads the report published by Amnesty International. “Through our investigation we were able to confirm that his phone was targeted and put under surveillance during the same period he was prosecuted.” On 26 December 2019, Moroccan authorities arrested Radi for a tweet he posted in April, that criticized the judicial system for upholding the verdict against protesters from the 2017 protest movement in Hirak el-Rif. Stalker Online Breach: 1.3 Million User Records Stolen Security researchers are warning players of a popular MMO game that over 1.3 million user records are being sold on dark web forums. Usernames, passwords, email addresses, phone numbers and IP addresses belonging to players of Stalker Online were found by researchers from CyberNews. Passwords were stored in MD5, which is one of the less secure encryption algorithms around. Two databases were found on underground sites as part of a dark web monitoring project undertaken by the research outfit, one containing around 1.2 million records and another of 136,000 records. “Since Stalker Online is a free-to-play game that incorporates micro-transactions, malicious actors could also make a lot of money from selling hacked player accounts on the grey market,” the researchers said. After confirming the data for sale was genuine, the researchers tried and failed to get in touch with Australian developer BigWorld Technology and its parent company, Cyprus-based Wargaming.net. Over 100 New Chrome Browser Extensions Caught Spying On Users Google recently removed 106 more extensions from its Chrome Web Store after they were found illegally collecting sensitive user data as part of a "massive global surveillance campaign" targeting oil and gas, finance, and healthcare sectors. The malicious browser add-ons were tied back to a single internet domain registrar, GalComm. "The Chrome extensions took screenshots of the victim's device, loaded malware, read the clipboard, and actively harvested tokens and user input." The extensions were downloaded nearly 33 million times over the course of three months. Earlier this February, Google removed 500 malware-ridden extensions after they were caught serving adware and sending users' browsing activity to attacker-controlled servers. Then in April, the company yanked another set of 49 extensions that masqueraded as cryptocurrency wallets to steal Keystore information. It's recommended that users review extension permissions by visiting "chrome://extensions" on the Chrome browser, consider uninstalling those that are rarely used, or switch to other software alternatives that don't require invasive access to browser activity. ‘Anonymous’ takes down Atlanta Police Dept. site after police shooting Following the fatal police shooting of Rayshard Brooks – a 27-year-old Black man who fell asleep in a fast-food drive-in lane in Atlanta and was shot while running from police who tried to tase him – hackers affiliating themselves with the Anonymous hacktivist collective may have briefly taken down the website for the city’s police department. According to the Atlanta Journal-Constitution, the APD’s site was down for about 3 hours. Crypto founder admits $25 million ICO backed by celebrities was a scam by Lisa Vaas: An ICO is an unregulated fundraising technique with a dodgy reputation that’s used by blockchain companies where cypto-currencies like Bitcoin and Ethereum are used to purchase “tokens” from a startup. If the company takes off, they’ll theoretically be worth something. Centra Tech took off, all right, but only because its founders lied through their teeth. They concocted fictional executives with imaginary credentials. Their purported CEO, Michael Edwards, was as real as his imaginary MBA from Harvard and his 20+ years of banking industry experience. Those partnerships with Bancorp, Visa, and Mastercard to issue Centra Cards licensed by Visa or Mastercard? Lies. Centra Tech’s purported license to transmit money, among other licenses, in 38 states? Completely false. Farkas – also known as RJ – pled guilty in Manhattan federal court on Tuesday to charges of conspiring to commit securities and wire fraud, according to the US Attorney’s Office for the Southern District of New York. Sentencing hasn’t been scheduled yet. Farkas, 33, pled guilty to two charges, each of which carries a maximum sentence of five years in prison. Maximum sentences are rarely handed out, but Farkas agreed to serve between 70 and 87 months and a fine of up to $250,000 in a plea deal. North Korean #COVID19 Phishing Campaign Targets Six Countries Phil Muncaster: Security researchers are warning of a multi-country North Korean phishing campaign designed to capitalize on government COVID-19 bail-out measures. The operation is being undertaken by Pyongyang’s notorious Lazarus Group, and is “designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” according to Cyfirma. The Goldman Sachs-backed cybersecurity startup said that the campaign was slated to launch over the weekend in the US, UK, India, Japan, Singapore and South Korea. First spotting evidence of the operation at the start of the month, the researchers claim to have found seven email templates impersonating government departments and institutions like the Bank of England, Singapore’s Ministry of Manpower, Japan’s Ministry of Finance and the US Department of Agriculture. The group will apparently use millions of email addresses and business contact details to target their victims via these spoofed domains. Singapore’s CERT has already issued an alert urging businesses and individuals to be vigilant and avoid clicking on links or opening attachments in unsolicited emails. Millions Of Huawei Users Suddenly Get New Mate 40 Upgrade Surprise Millions of Huawei users planning to upgrade to the Mate 40—the next flagship, due this fall, are in for a surprising delay. At least according to the Nikkei Asian Review, which has exceptional sources in Huawei’s supplier base. Huawei, it says, has told a number of suppliers “to delay production... asking for halts to production of some components for its latest Mate series of phones, also trimming orders of parts for the coming quarters.” What Is a Side Channel Attack? Andy Greenberg for Wired: Side channel attacks take advantage of patterns in the information exhaust that computers constantly give off: the electric emissions from a computer's monitor or hard drive, for instance, that emanate slightly differently depending on what information is crossing the screen or being read by the drive's magnetic head. Or the fact that computer components draw different amounts of power when carrying out certain processes. Or that a keyboard's click-clacking can reveal a user's password through sound alone. "Usually when we design an algorithm we think about inputs and outputs. We don’t think about anything else that happens when the program runs," says Daniel Genkin, a computer scientist at the University of Michigan and a leading researcher in side channel attacks. "But computers don’t run on paper, they run on physics. When you shift from paper to physics, there are all sorts of physical effects that computation has: time, power, sound. A side channel exploits one of those effects to get more information and glean the secrets in the algorithm." For a sufficiently clever hacker, practically any accidental information leakage can be harvested to learn something they're not supposed to. As computing gets more complicated over time, with components pushed to their physical limits and throwing off unintended information in all directions, side channel attacks are only becoming more plentiful and difficult to prevent. Look no further than the litany of bugs that Intel and AMD have struggled to patch over the last two years with names like Meltdown, Spectre, Fallout, RIDL, or Zombieload—all of which used side channel attacks as part of their secret-stealing techniques. The most basic form of a side channel attack might be best illustrated by a burglar opening a safe with a stethoscope pressed to its front panel. The thief slowly turns the dial, listening for the telltale clicks or resistance that might hint at the inner workings of the safe's gears and reveal its combination. The safe isn't meant to give the user any feedback other than the numbers on the dial and the yes-or-no answer of whether the safe unlocks and opens. But those tiny tactile and acoustic clues produced by the safe's mechanical physics are a side channel. The safecracker can sort through that accidental information to learn the combination. Computers aren't the only targets of side channel attacks, points out Ben Nassi, a security researcher at Ben Gurion University. They can be any secret process or communication that produces unintended but meaningful signals. Nassi points to eavesdropping methods like using the movement of gyroscopes in a hacked smartphone as microphones to pick up the sounds in a room, or a technique known as "visual microphone" that uses long-distance video of an object—say, a bag of chips or the leaves of a houseplant—to observe vibrations that reveal a conversation that happened nearby. Nassi himself, along with a group of researchers at Ben Gurion, revealed a technique last week that can eavesdrop on conversations in a room in real time by using a telescope to observe the vibrations of a hanging light bulb inside. "I’d call it a side effect," Nassi says of this broader definition of side channels that goes beyond computers or even machines. "It's a method to compromise confidentiality by analyzing the side effects of a digital or physical process." (Oh, and for now, don't worry about the lightbulb attack. The attacker has to have line of sight to the lightbulb and an absolutely enormous amount of computing on the back end to turn the data into anything even remotely useable!) Sneaky Mac Malware Is Using a Fake Flash Installer to Spread A new variant of the Shlayer trojan that plagues macOS has picked up some tricks, according to new research from security firm Intego. After it fools users into downloading it by posing as a Flash update—that part, not so new, oldest trick in the book—the malware guides victims through an installation process designed to get around protections Apple recently added to the macOS Gatekeeper feature. The trojan is being distributed through Google search results, so as always be careful what you click. 79 Netgear Devices All Have the Same Zero-Day Vulnerability Another day, another router bug. This one's a bit of a doozy though; researchers found a zero-day vulnerability affecting 79 Netgear models, affecting firmware dating back to 2007. Netgear is reportedly working on a patch, but it isn't yet available, due in part, the company told CyberScoop, to complications from the Covid-19 pandemic. In the meantime, a whole lot of devices remain at risk of takeover. Leave a Reply. |
Linking the world
Sharing is caring Archives
May 2024
Categories |