AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/10/2021

1 – Twitter’s Tip Jar Privacy Fiasco Was Entirely Avoidable

ON THURSDAY, TWITTER continued its grand tradition of embracing features users had unofficially pioneered (see also: the @-reply, the retweet, the hashtag) by instituting a Tip Jar. Enjoy someone’s tweet? Send them some money straight from the app, via the online payment processor of their choice. Simple enough. And yet, predictably, not so simple, especially for those who value their anonymity online. Within a few hours of Twitter’s Tip Jar announcement, security researcher Rachel Tobac found an unfortunate wrinkle: Sending someone money via PayPal revealed to them her home address. Not long after, former Federal Trade Commission chief technologist Ashkan Soltani discovered that using PayPal for the Tip Jar could reveal a user’s email address, even if no transaction took place. You’ve likely picked up on PayPal as the common thread here.


2 – Colonial Hackers Stole Data Thursday Ahead of Shutdown

The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter. The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, two people involved in Colonial’s investigation said. The move was part of a double-extortion scheme that is one of the group’s hallmarks. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom, said the people, who asked not to be identified because the information isn’t public.


3 – 5 fascinating facts from the Apple-Epic trial

In case you haven’t been paying attention to legal Twitter this week, a pretty big court case is going on between Apple and Epic. There’s a lot to sift through, but the crux of the matter is Epic claims Apple is leveraging its monopolistic advantage in the App Store to require developers to hand over up to 30 percent of the revenue they bring in. No one knows how the case will turn out—and whatever the result you can expect the losing party to appeal—but it has the potential to reshape the App Store as we know it. Columnist Jason Snell dissected some of the possible outcomes, but what’s clear is that there is still a long way to go before the issue is settled. But even without bombshell testimony so far, some interesting tidbits have come out of the first week of the trial.


4 – What’s Google FLoC? And How Does It Affect Your Privacy?

GOOGLE WANTS TO change the way we’re tracked around the web, and given the widespread use of its Chrome browser, the shift could have significant security and privacy implications—but the idea has been less well-received by companies that aren’t Google. The technology in question is FLoC, or Federated Learning of Cohorts, to give it its full and rather confusing name. It aims to give advertisers a way of targeting ads without exposing details on individual users, and it does this by grouping people with similar interests together: Football fans, truck drivers, retired travelers, or whatever it is. “We started with the idea that groups of people with common interests could replace individual identifiers,” writes Google’s Chetna Bindra. “This approach effectively hides individuals ‘in the crowd’ and uses on-device processing to keep a person’s web history private on the browser.” Companies including Apple are already fighting back against this kind of tracking, primarily by simply blocking it altogether without the express permission of users (Apple is taking a similar approach with apps). 


5 – US passes emergency waiver over fuel pipeline cyber-attack

The US government issued emergency legislation on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack. The Colonial Pipeline carries 2.5 million barrels a day – 45% of the East Coast’s supply of diesel, gasoline and jet fuel. It was completely knocked offline by a cyber-criminal gang on Friday and is still working to restore service. The emergency status relaxes rules on fuel being transported by road. It means drivers in 18 states can work extra or more flexible hours when transporting gasoline, diesel, jet fuel and other refined petroleum products. They are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia. Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer.


6 – Group pleads guilty to running bulletproof hosting service for criminal gangs, malware payloads

Four individuals have pleaded guilty to running a bulletproof hosting service used by criminals to launch cyberattacks. The US Department of Justice (DoJ) said that Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, alongside Lithuanian Aleksandr Skorodumov and Pavel Stassi, from Estonia, operated a bulletproof host between 2009 and 2015.  Bulletproof hosting is a service in which a private online infrastructure is offered, and operators will generally turn a blind eye to what customers use their rented domains for. Copyright infringement notices are ignored, privacy is marketed as a feature of such services, and bulletproof offerings are the go-to for criminal groups seeking the infrastructure to host malware, establish command-and-control (C2) servers, and host illegal content including malicious software and child pornography.

Related Posts