AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/02/2021

Check if your photos were used to develop facial recognition systems with this free tool

If you’ve uploaded any photos to the web in recent years, there’s a good chance they’ve been used to build facial recognition systems. Developers routinely train facial recognition algorithms on images from websites — without the knowledge of the people who posted them. A new online tool called Exposing.AI can help you find out if your photos are among the snaps they’re scrapped. The system uses information from publicly available image datasets to determine if your Flickr photos were used in AI surveillance research. Just enter your Flickr username, photo URL, or hashtag in the website’s search bar and the tool will scan through over 3.5 million photos for your pics. The search engine checks whether your photos were included in the datasets by referencing Flickr identifiers such as username and photo ID. It doesn’t use any facial recognition to detect the images.

 

Amazon’s Ring has teamed up with over 2,000 police and fire departments

Ring’s police collaborations didn’t slow down in 2020 despite controversies — if anything, they ramped up. The Financial Times reports that the Amazon-owned smart home security brand now has 2,014 police and fire department partnerships in the US, with 1,189 of them added in 2020. Montana and Wyoming are the only two states where Ring doesn’t have some kind of alliance. Those departments are making use of the team-ups, too. Ring said that departments requested videos for over 22,335 incidents in 2020. There wasn’t comparable 2019 data, but some first responders were busier than others. Milwaukee police, for instance, requested videos for 431 incidents just in the second half of 2020 due to a high level of homicides. While users gained more control over Ring video sharing in 2020 and just recently got end-to-end encryption, some of the privacy issues with these partnerships remained the same.

 

Fonix ransomware gives up life of crime, apologizes

Ransomware gangs deciding to pack their bags and leave their life of crime is not new, but it is a rare thing to see indeed. And the Fonix ransomware (also known as FonixCrypter and Xinof), one of those ransomware-as-a-service (RaaS) offerings, is the latest to join the club. Fonix was first observed in mid-2020, but it only started turning heads around September-October of that year. Believed to be of Iranian origin, it is known to use four methods of encryption—AES, Salsa20, ChaCha, and RSA—but because it encrypts all non-critical system files, it’s slower compared to other RaaS offerings. This isn’t the first time a ransomware group has displayed a conscience—that is assuming we take their word they will continue to “use our abilities in positive ways”.

 

Data breach exposes 1.6 million Washington unemployment claims 

Washington’s State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. The Office of the Washington State Auditor (“SAO”) states that they suffered a data breach after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.  “SAO is advised that an unauthorized person was able to exploit a software vulnerability in Accellion’s file transfer service and gain access to files that were being transferred using Accellion’s service. Accellion stated that they believe the unauthorized access occurred in late December of 2020.” “Other customers of this Accellion service were similarly impacted. SAO is currently seeking a full understanding of the timeline of the incident and the status of Accellion’s investigation and the investigation by law enforcement. At this time, SAO does not have enough information to draw conclusions about the timing or full scope of what took place.”

 

Russian hack brings changes, uncertainty to US court system

Trial lawyer Robert Fisher is handling one of America’s most prominent counterintelligence cases, defending an MIT scientist charged with secretly helping China. But how he’ll handle the logistics of the case could feel old school: Under new court rules, he’ll have to print out any highly sensitive documents and hand-deliver them to the courthouse. Until recently, even the most secretive material — about wiretaps, witnesses and national security concerns – could be filed electronically. But that changed after the massive Russian hacking campaign that breached the U.S. court system’s electronic case files and those of scores of other federal agencies and private companies. The new rules for filing sensitive documents are one of the clearest ways the hack has affected the court system. But the full impact remains unknown. 

 

Don’t post a photo of your COVID-19 vaccination card on social media, BBB warns

If you have received your COVID-19 vaccine, that’s great! Just make sure not to share an image of your vaccination card on social media, the Better Business Bureau says. Sure you may want to share the news with your friends, but by sharing an image of your card, you could be making yourself more susceptible to identity theft. Or, you could be helping scammers create false versions of your card, according to the BBB. Your vaccination card will have your full name, birthdate and other information about where you received your vaccine, which is all valuable information that you’ll want to keep private. “Sharing your personal information isn’t the only issue. Scammers in Great Britain were caught selling fake vaccination cards on eBay and TikTok. It’s only a matter of time before similar cons come to the United States and Canada. Posting photos of your card can help provide scammers with information they can use to create and sell phony ones,” the BBB said in a release.

Related Posts