AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/05/2021

Virginia lawmakers unanimously approve bill that bans facial recognition technology

In February, Virginia lawmakers from both parties unanimously approved a bill that would restrict the use of facial recognition technology. Right now, law enforcement agencies across the state can use this technology without the knowledge of local or state leaders. Your images could be in these systems without you even knowing it. Under the bill, any law enforcement agency using facial recognition technology must stop, and they can only get approval to use it if they seek special permission from the legislature beginning July 1. Democratic Delegate Lashrecse Aird was one of the bill’s lead sponsors. She said she drafted the bill after an investigation found some gang detectives in Norfolk were using a controversial facial recognition app called Clearview AI to identify suspects in criminal investigations without city leaders knowing.


US DOJ: Phishing attacks use vaccine surveys to steal personal info

The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information. Attackers promise potential victims cash or prizes for filling out the fake surveys. Instead, they only harvest the filled-out personally identifiable information to fuel fraud schemes involving identity theft. “Consumers receive the surveys via email and text message and are told that, as a gift for filling out the survey, they can choose from various free prizes, such as an iPad Pro,” the DOJ said. “The messages claim that the consumers need only pay shipping and handling fees to receive their prize. Victims provide their credit card information and are charged for shipping and handling fees, but never receive the promised prize. “Victims also are exposing their personally identifiable information (PII) to scammers, thereby increasing the probability of identity theft.”


DeepDotWeb Administrator Admits Darknet Conspiracy

A website owner who received millions of dollars in kickbacks for connecting internet users to Darknet marketplaces has pleaded guilty in a US court to conspiracy to commit money laundering. Thirty-seven-year-old Brazil resident Tal Prihar owned and operated DeepDotWeb along with his co-defendant and fellow Israeli national, 34-year-old Michael Phan. Established in 2013, the site not only provided general information about the Darknet, but also featured links to specific sites where users could buy illegal firearms, malware, stolen financial data, illicit drugs, and other contraband. Every time a user clicked on one of the links, which cannot be found via regular search engines, Prihar and Phan received a payment. In total, hosting the links illegally earned the pair approximately $8.4m, according to court documents. “Tal Prihar today acknowledged his leadership role in operating a web site that served as a gateway to numerous dark web marketplaces selling fentanyl, heroin, firearms, hacking tools and other illegal goods,” said Acting US. Attorney Stephen Kaufman for the Western District of Pennsylvania in a statement released March 31. 


Phone numbers for 533 million Facebook users leaked on hacking forum

A threat actor has published the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum. According to samples reviewed by The Record today, the leaked data includes information that users posted on their profiles. Information leaked today includes Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and anything else users might have entered in their profiles. Furthermore, the database also contains phone numbers for all users, information that is not always public for most profiles. A cursory review from The Record found multiple phone numbers for users that had not made their number public on the site.


These Companies Track Millions Of Cars

If the police know a car has General Motors OnStar on board, they know they can ask America’s largest carmaker to hand over the vehicle’s location information from the internet-connected safety and security system. They can do the same with any business that stores so-called telematics information, which includes not only a vehicle’s whereabouts, but also more specific data, such as how fast a car is traveling or for how long it is idle. In previously undisclosed uses of that power, in the last 18 months Customs and Border Protection (CBP) and Immigrations Customs Enforcement (ICE) officials demanded location data from three companies who collectively track the movements of tens of millions of vehicles every day: GM OnStar, Geotab and Spireon. The cases show not only that immigration agencies have yet another valuable tool to help locate unknown individuals of interest, but also highlight how car systems constantly collect location and car use information from a vehicle, data that can be provided to the government when it makes a valid request.

Related Posts