Pete Recommends – Weekly highlights on cyber security issues, September 25, 2021

Subject: IRS’ plans for cracking cryptocurrency wallets
Source: GCN

Over the past decade, the emergence and rapid adoption of cryptocurrencies have led many to hold their assets in cryptowallets, purpose-built software and devices that store the public and private cryptographic keys to track ownership of cryptocurrencies so users can send, receive and store digital currency.

While cryptocurrencies and wallets are legal, they are often used in ransomware attacks, where criminals demand payment in virtually untraceable Bitcoin. Even if a hardware cryptowallet — one of the most secure wallet types that is often used for storing large amounts of cryptocurrency — is submitted as evidence in a criminal investigation, law enforcement has no way to access the data if its owner is unwilling or unable to unlock the wallet.

Now, the IRS’ Criminal Investigation unit will be working to unlock cryptocurrency wallets so investigators can more easily track the movement of cryptocurrencies and potentially recover stolen assets and prevent theft of digital currency.

IRS will be working with VTO Inc., a Colorado-based firm specializing in device forensics, to research and develop techniques for gaining access to cryptowallets by exploiting hardware, software and firmware vulnerabilities that may exist in the secure devices.

Subject: Admin of DDoS service behind 200,000 attacks faces 35 yrs in prison
Source: BleepingComputer

At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations.32-year old Matthew Gatrel of St. Charles, Illinois, ran two websites that allowed paying users to launch more than 200,000 DDoS attacks on targets in both the private and public sector.

Booter service and bulletproof server hosting.


Subject: Mozilla VPN boosted with multi-hop, blocking and custom DNS features
Source: gHacks Tech News

Mozilla introduced new privacy features to its VPN service, Mozilla VPN, earlier this week. The organization launched Mozilla VPN back in June 2020 in select regions and has expanded the availability since then.Mozilla partnered with Mullvad, a Swedish company, and uses the company’s infrastructure for its own Mozilla VPN product.

Mozilla VPN lacked some of the features of Mullvad’s own VPN client, such as support for multi-hop connections or the integrated content blocker.

The update that Mozilla released this week introduces support for these features in the VPN client.

Mozilla’s official blog highlights the three new privacy features.

Other Firefox articles RSS:

Subject: How Cryptocurrency Can Keep Americans Free
Source: NYTimes via RISKS Digest – “Gabe Goldberg” <[email protected]>

In recent months, we’ve seen payment processors, web hosts and other corporations brazenly take coordinated action in lock-step with government priorities to financially freeze out disfavored businesses online. The elimination of a sitting president from social media, whatever its perceived merit or rationale, opened the door to a regime where those who can cancel and suspend accounts do so at whim and in unison. This logic has led directly from one payment platform, Stripe, zapping away Donald Trump to a much bigger one, PayPal, blacklisting customers to purify its user base. Feeding the beast makes it stronger…

Subject: Facebook rebukes WSJ over investigation on the platform’s ability to harm, ‘toxic’ impact
Source: ZDNet

Facebook has criticized a series of investigations published by the Wall Street Journal as containing “deliberate mischaracterizations” which “confer egregiously false motives to Facebook’s leadership and employees.”Recently, the WSJ has published “The Facebook Files,” a set of articles based on a review of the social media giant’s internal documents, research, draft presentations, and online employee discussions.

Among the reports is an allegation made by the news outlet that the company knows its platforms — including Facebook and Instagram — are “riddled” with flaws that “cause harm, often in ways only the company fully understands” and these alleged issues are known all the way up to the chief executive, Mark Zuckerberg.

Among its reports, the WSJ says that changes made by Facebook to its algorithms three years ago to improve user connectivity and well-being made the platform “angrier” instead, with staff members warning of the potential damage being done. Changes were then allegedly resisted due to concerns surrounding declining user engagement.

In addition, the publication says that researchers inside Instagram have found that the app is “harmful” and “toxic” for some younger users; in particular, teenage girls.

In response, former UK politician and now Facebook Vice President of Global Affairs Nick Clegg said in a blog post on Saturday that the series “contained deliberate mischaracterizations of what we are trying to do, and conferred egregiously false motives to Facebook’s leadership and employees.”

Previous and related coverage

RSS Security feed:

Subject: Landlords Use Secret Algorithms to Screen Potential Tenants. Find Out What They’ve Said About You
Source: ProPublica

When you apply for housing, some screening companies plug your personal details into algorithms and rate you as a potential tenant. These scores can have a huge impact on your life when you’re trying to get approved for an apartment.

In this guide, you’ll find answers to the following questions:

Do I have a tenant score?

How can these scores affect me?

Where do I find my score?

My score is bad. What can I do to improve it?

What should I know when I apply for housing in the future?

How do I request my score from a screening company?

The company won’t turn over my score. What can I do?

How can I help ProPublica investigate tenant scores?

Subject: Massive Troll Farms Revealed to Be Operating on Facebook

A report has found that troll farms, dedicated to peddling misinformation, were able to reach over 100 million Americans.

Jeff Allen, a former senior-level data scientist at Facebook who authored the report, said the following: “This is not normal. This is not healthy. We have empowered inauthentic actors to accumulate huge followings for largely unknown purposes.”

Social media businesses used to hide behind Section 230, a US law that declared social media companies to be separated from their users posts. For example, if someone posted COVID-19 misinformation on a social media platform, that platform would not be at risk.

However, that veil is starting to disappear, as judges are beginning to rule for exemptions from Section 230, putting pressure on social media to police their content.

Subject: Phishing attacks: Police make 106 arrests as they break up online fraud group
Source: ZDNet

Police have dismantled an organised crime group linked to the Italian mafia which defrauded hundreds of victims through phishing attacks and other types of online fraud.The joint operation was led by the Spanish National Police (Policía Nacional), with support from the Italian National Police (Polizia di Stato), Europol and Eurojust and has resulted in 106 arrests across Spain and Italy. According to Europol, the crime operation used phishingSIM swapping and BEC attacks and it’s estimated that this led to profits of around €10 million ($11.7 million) during last year alone.Described as “very well organised”, the group included a number of experts in computer crime tasked with creating phishing domains and carrying out cyber fraud. Other individuals involved in the criminal network included money mules and money laundering experts, including experts in cryptocurrency….
Topic: Security

Subject: Senators Call on FTC to Conduct Privacy Rulemaking
Source: EPIC

Nine Democratic Senators led by Senator Richard Blumenthal have called on the Federal Trade Commission to conduct a rulemaking process to “protect consumer privacy, promote civil rights, and set clear safeguards on the collection and use of personal data in the digital economy.” “Americans’ identities have become the currency in an unregulated, hidden economy of data brokers that buy and sell sensitive information about their families, religious beliefs, healthcare needs, and every movement to shadowy interests, often without their awareness and consent,” the Senators said. Senators Schatz, Wyden, Warren, Coons, Luján, Klobuchar, Booker, and Markey joined Senator Blumenthal on the letter. EPIC has long urged the FTC to impose clear privacy obligations on companies that collect and use personal data, including by exercising the Commission’s underused rulemaking power. In 2020, EPIC filed a petition with the FTC calling on the Commission to conduct a rulemaking on the use of artificial intelligence in commercial settings. “By defining unfair and deceptive practices ex ante, and with specificity, a trade regulation rule would make it easier for the FTC to take action against parties that harm consumers,” EPIC explained.

Subject: Crypto funding for Palestine’s Hamas nears $1 million and far outstrips hauls for other militant groups, Coinbase says
Source: Markets Insider
  • Palestinian Islamist group Hamas has raised nearly $1 million in crypto donations, Coinbase said on Tuesday.
  • Hamas made staggering fundraising efforts in comparison to other militant groups, research found.
  • The group began to seek crypto funds in January 2018 using a single donation address, but later provided new addresses.

Research conducted by the team, using data across various blockchains, found Hamas raised nearly $1 million in cryptocurrencies, mostly in bitcoin.
“This is likely because Hamas actively solicits donations primarily in the form of BTC on their website and related Telegram channels,” Coinbase said.

The team noted that periods of geopolitical conflict correlated to a boost in crypto donations for the nationalist group, specifically in May 2021 when Israel and Hamas were engaged in the worst violence in the region since 2014. But those funds may have been confiscated as Israel said in July that it had been seizing crypto wallets believed to be controlled by Hamas, but didn’t specify how many had been seized.

As a crypto exchange that works with global law enforcement agencies to track down illicit crypto operations, Coinbase said it plans to prevent such fundraising tactics through three steps:

Coinbase said unlawful activity accounted for less than 1% of activity in the crypto space in 2020, and is not a greater concern for the crypto-economy than the traditional financial system.

Subject: Ninth Circuit Says Warrantless Search of Google Files Automatically Reported to Police Violated Fourth Amendment
Source: EPIC

The Ninth Circuit announced today police violated a defendant’s Fourth Amendment rights when they warrantlessly searched files that Google automatically reported using a proprietary algorithm designed to detect child sexual abuse material (“CSAM”). Prosecutors in the case, United States v. Wilson, had argued that the police officer’s search of the defendant’s files did not violate the Fourth Amendment because Google, a private party, had conducted the initial search. The district court agreed, finding that there was a “virtual certainty” that the files Google sent to police were identical to files previously identified by a Google employee as CSAM. But no Google employee reviewed the defendant’s files before sending them to police—instead, Google automatically forwarded the files to law enforcement after a proprietary algorithm matched the files to previously-identified CSAM images. EPIC filed an amicus brief in the Ninth Circuit appeal to explain that prosecutors had failed to show that the proprietary Google algorithm reliably matched images. EPIC also urged the court to narrowly apply the private search exception. The Ninth Circuit found that the police search “allowed the government to learn new, critical information” and “expanded the scope of the antecedent private search because the government agent viewed Wilson’s email attachments even though no Google employee—or other person—had done so.” The Ninth Circuit also echoed EPIC’s amicus brief: “on the limited evidentiary record, the government has not established that what a Google employee previously viewed were exact duplicates of Wilson’s images.” The decision in this case diverges from previous federal appeals and state court decisions on the issue and may lead the Supreme Court to review the important privacy implications of mass automatic file scanning programs.

Subject: Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
Source: The Hacker News

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.

“BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators.”

Phishing-as-a-service differs from traditional phishing kits in that unlike the latter, which are sold as one-time payments to gain access to packaged files containing ready-to-use email phishing templates, they are subscription-based and follow a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft.

Subject: Microsoft Exchange protocol can leak credentials
Source: The Register

A flaw in Microsoft’s Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances.The upshot is that your Exchange-connected email client may give away your username and password to a stranger, if the flaw is successfully exploited. In a report scheduled to be published on Wednesday, security firm Guardicore said it has identified a design blunder that leaks web requests to Autodiscover domains that are outside the user’s domain but within the same top-level domain (TLD).

As Guardicore explained in a report provided to The Register, the client parses the email address – say, [email protected] – and tries to construct a URL for the configuration data using combinations of the email domain, a subdomain, and a path string as follows:


Subject: Leading Cyber Officials Favor Fines Over Subpoenas to Enforce Incident Reporting
Source: Nextgov<cybersecurity/2021/09/leading-cyber-officials-favor-fines-over-subpoenas-enforce-incident-reporting/185579/

Three of the nation’s top cybersecurity leaders asked lawmakers to use fines in crafting legislation that would require private-sector entities to report incidents like ransomware and other cyberattacks. “I do think a compliance and enforcement mechanism is very important here,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly. I know some of the language talks about subpoena authority. My personal view is that is not an agile enough mechanism to allow us to get the information that we need to share it as rapidly as possible to prevent other potential victims from threat actors. So I think that we should look at fines.”

The effort to mandate some form of incident reporting for companies gained momentum after a string of major breaches, including those at government contractor SolarWinds—where nine federal agencies were affected—and at Colonial Pipeline, which temporarily upended fuel supply to much of the East Coast as ransomware attackers held their systems hostage.


Subject: NSA, Other Federal Agencies Are Using Ad Blockers
Source: Gizmodo

Ad blockers. Maybe you love them, maybe you don’t think about them at all, but chances are, you know someone that’s using them. And it turns out a growing number of those people are in the federal ranks.Motherboard was first to report on a new letter Oregon Sen. Ron Wyden sent to the Office of Management and Budget (OMB) on Wednesday that describes some of the federal agencies deploying ad-blocking tech alongside a pretty reasonable request for those agencies not currently on board: Use a damn ad blocker. Please.

“I have pushed successive administrations to respond more appropriately to surveillance threats, including from foreign governments and criminals exploiting online advertising to hack federal systems,” Wyden wrote the letter. And indeed, thanks to massive scandals like Cambridge Analytica and the smaller privacy scandals that just keep on coming in its wake, it looks like some agencies finally agree that targeted ads are terrifying. In 2018, the National Security Agency (NSA) issued public guidance urging its ranks to block “unnecessary advertising web content.” In January of this year, the Cybersecurity and Infrastructure Security Agency (CISA) put out similar guidance for all federal agencies, urging officials to use ad blockers to protect against malware-laden ads, in particular.

“Adversaries can use carefully crafted and tailored malicious ads as part of a targeted campaign against a specific victim, not just as broad-spectrum attacks,” CISA’s guide reads….


Posted in: AI, Competitive Intelligence, Congress, Criminal Law, Cybercrime, Cybersecurity, Economy, Financial System, Privacy, Search Engines, Social Media