Pete Recommends Weekly highlights on cyber security issues, January 9, 2022

Editor’s Note: 2022 marks the 5th continuous year of this column by Pete Weiss. Each week Pete shines a spotlight on current cybersecurity and privacy issues critical to government, corporate, and academic sectors as well to your personal time online. LLRX is fortunate to deliver Pete’s expertise to you weekly, free, inclusive of an archive of all his columns. As we move forward into a year replete with InfoSec challenges, you can rely on this column to keep you abreast of information critical to your work and to the decisions about your online time. And as a bonus to bring a bit of levity to otherwise serious matters – via Metafilter – Stevie Martin and Lola-Rose Maxwell make sketches about the frustrations of dealing with technology, work, and everyday situations, like verifying that you’re not a robot, buying food online, working “for exposure”, every time you try and go on a website, when you forget your password, trying to print something and others. Enjoy, and please remain vigilant.

Subject: China harvests masses of data on Western targets, documents show
Source: WaPo via beSpacific

Washington Post: “China is turning a major part of its internal Internet-data surveillance network outward, mining Western social media, including Facebook and Twitter, to equip its government agencies, military and police with information on foreign targets, according to a Washington Post review of hundreds of Chinese bidding documents, contracts and company filings. China maintains a countrywide network of government data surveillance services — called public opinion analysis software — that were developed over the past decade and are used domestically to warn officials of politically sensitive information online. The software primarily targets China’s domestic Internet users and media, but a Post review of bidding documents and contracts for over 300 Chinese government projects since the beginning of 2020 include orders for software designed to collect data on foreign targets from sources such as Twitter, Facebook and other Western social media…”

Subject: 6 Ways to Delete Yourself From the Internet
Source: Wired

Depending on when you were born, there’s a good chance you’ve spent either several decades online or have never known an offline world. Whatever the case, the internet and its advertising giants know a huge amount about your life. Amazon, Facebook, and Google all have reams of data about you—including your likes and dislikes, health information and social connections—but they’re not the only ones. Countless murky data brokers that you’ve never heard of collect huge quantities of information about you and sell it on. This data is then used by other companies you’ve likely never heard of to nudge you into buying more stuff. On top of that, all your ancient web forum comments and ill-advised social media posts are still out there, waiting to turn you into a milkshake duck.

At this stage it’s going to be very difficult to completely delete yourself from the internet, but there are some steps you can take to remove a lot of it. Removing personal information and deleting accounts is a fiddly process, so it’s better to break it down into a few smaller steps and tackle them over time.

Subject: Feds Step Up Cybersecurity Support for State Governments
Source: Route Fifty

Forty-two advisers have been appointed or are in the process, with eight states still needing federal-level coordinators. The Cybersecurity and Infrastructure Security Agency is actively working to help states strengthen their cybersecurity efforts by setting up a 50-state network of federal cybersecurity coordinators, one per state.
In November, then-CISA Executive Director Brandon Wales told the House Oversight and Reform Committee his agency had already hired 36 coordinators. As of the end of December, that had increased to 37, with another five positions going through selection processing, according to Laura Delaney, CISA’s deputy assistant director for the Integrated Operations Division.

“The CISA cybersecurity state coordinators play a central role in threat information sharing with state partners, but this also occurs through each State Fusion Center that typically includes several other federal partners, as well as the Multi-State Information Sharing and Analysis Center,” or MS-ISAC, Delaney said in an email….topics:

Subject: 70 investors lose $50 million to fraudsters posing as broker-dealers
Source: BleepingComputer

A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020.56-year-old Allen Giltman and his co-conspirators created fraudulent sites advertising various investment opportunities (primarily the purchase of certificates of deposit) to solicit money from investors via the internet.

“The Fraudulent Websites advertised higher than average rates of return on the CDs, which enhanced the attractiveness of the investment opportunities to potential victims,” according to court documents.

“At times, the fraudulent websites were designed to closely resemble websites being operated by actual, well-known, and publicly reputable financial institutions; at other times, the fraudulent websites were designed to resemble legitimate-seeming financial institutions that did not exist.”

They promoted the fraudulent investment sites via ads on Google and Microsoft Bing search results for searches, including phrases such as “best CD rates” or “highest CD rates.”

During their fraud schemes, they used various means to hide their true identities, including virtual private networks (VPNs), prepaid gift cards to register web domains, prepaid phone and encrypted apps to communicate with their targets, and fake invoices to explain the large wire transfers they received from their victims.

“To date, law enforcement has identified at least 150 fraudulent websites created as part of the scheme,” the Justice Department said today.


Subject: To catch an insurrectionist: Facebook and Google are helping the FBI find January 6 rioters
Source: Vox Recode

“Social media has become a place where investigators, more and more often, are getting formally trained to look for evidence … on a regular basis,” said Adam Wandt, professor at John Jay College of Criminal Justice and cybercrime investigations expert.

While those accused of taking part in the riot posted plenty of evidence on various platforms, tracking that goes on underneath the surface can also be used against them in the coming months and years. Though controversial, law enforcement has used some of these methods of tracking and data collection in the Capitol insurrection investigation.

For example, the FBI admits to using commercial facial recognition technology systems, including Vigilant Solutions and Clearview AI, which scrape the internet for photos, rather than relying on license photos and mugshots. Stephen Chase Randolph was identified by using an “open source facial recognition tool” that matched a photo of him on his girlfriend’s Instagram page. Randolph is accused of assaulting a police officer and rendering her unconscious. He has pleaded not guilty.

Subject: Fake COVID test sites in Philly: How to spot them and why they’re dangerous
Source: On top of Philly news

The Philadelphia Department of Health is warning residents to beware another potential pandemic-related scam. Yeah, Philly Fighting COVID deja vu.Health officials sent out a notice Monday afternoon saying they’d caught wind of some small pop-up tents offering free COVID testing in Center City. With tests so hard to come by, on its surface that sounds like a good thing. Problem is, staffers were allegedly lying about what agency they’re from, and requesting unusual amounts of personal information.

Getting tested at an unverified site can pose risks. The company that’s likely running Philly’s sketchy sites has had some issues in the past, according to news reports. In Chicago, people have been asked to pay out of pocket for tests (which are legally required to be covered by insurance). You can’t be sure unaffiliated organizations will give accurate results — and you don’t know what they’ll do with your personal info once you hand it over.

The Philly Health Department maintains an online database of legitimate testing sites, but it doesn’t necessarily have every single one. “Sometimes partners will set up testing events without notifying us,” said spokesperson James Garrow.

Staff at the tents were also asking some patients for social security numbers, according to the Inquirer. Another big red flag. You should not have to hand that over in order to get tested.

Fake testing sites have been a thing since the beginning of the pandemic; the FTC put out a warning about it back in April 2020.

What do I do if I see one?

If you’re not sure about a site, you can ask the staffers who they’re affiliated with and then give that company a call. You can also reach out to the Health Department to ask if a site is real, at 215-685-5488 or [email protected].

Subject: FBI: Hackers target US defense firms with malicious USB packages
Source: Bleeping Computer

The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices.The attackers are mailing packages containing ‘BadUSB’ or ‘Bad Beetle USB’ devices with the LilyGO logo, commonly available for sale on the Internet.

The packages have been mailed via the United States Postal Service (USPS) and United Parcel Service (UPS) to businesses in the transportation and insurance industries since August 2021 and defense firms starting with November 2021.

FIN7 operators impersonate Amazon and the US Department of Health & Human Services (HHS) to trick the targets into opening the packages and connecting the USB drives to their systems.

Since August, reports received by the FBI say that these malicious packages also contain letters about COVID-19 guidelines or counterfeit gift cards and forged thank you notes, depending on the impersonated entity.

After the targets plug the USB drive into their computers, it automatically registers as a Human Interface Device (HID) Keyboard (allowing it to operate even with removable storage devices toggled off). It then starts injecting keystrokes to install malware payloads on the compromised systems.


Subject: The Internet is Held Together With Spit & Baling Wire
Source: Krebs on Security

Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones.

Based in Monroe, La., Lumen Technologies Inc. [NYSE: LUMN] (formerly CenturyLink) is one of more than two dozen entities that operate what’s known as an Internet Routing Registry (IRR). These IRRs maintain routing databases used by network operators to register their assigned network resources — i.e., the Internet addresses that have been allocated to their organization.

The data maintained by the IRRs help keep track of which organizations have the right to access what Internet address space in the global routing system. Collectively, the information voluntarily submitted to the IRRs forms a distributed database of Internet routing instructions that helps connect a vast array of individual networks.

There are about 70,000 distinct networks on the Internet today, ranging from huge broadband providers like AT&T, Comcast and Verizon to many thousands of enterprises that connect to the edge of the Internet for access. Each of these so-called “Autonomous Systems” (ASes) make their own decisions about how and with whom they will connect to the larger Internet.

Regardless of how they get online, each AS uses the same language to specify which Internet IP address ranges they control: It’s called the Border Gateway Protocol, or BGP. Using BGP, an AS tells its directly connected neighbor AS(es) the addresses that it can reach. That neighbor in turn passes the information on to its neighbors, and so on, until the information has propagated everywhere…

Posted in: Big Data, Civil Liberties, Criminal Law, Cybercrime, Cybersecurity, Data Mining, Financial System, Human Rights, Legal Research, Privacy, Social Media