AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – 06/07/2019

A gang in New York allegedly spent the past seven years using the ripped-off identities of cellphone subscribers to steal $19 million worth of iPhones, according to a now-unsealed complaint originally filed by federal prosecutors at the end of April 2019. The six defendants have been charged with felony counts of mail fraud, conspiracy, and aggravated identity theft. New York City Police Department (NYPD) detective Armando Coutinh, from the NYPD-FBI Joint Major Theft Task Force, said in the complaint that the ring of alleged fraudsters kept it up from at least 2012 to the present, selling new devices – mostly iPhones – through fencing operations.


2 Global cryptocurrency task force closes in on sophisticated tax cheats

A global sweep of cryptocurrency tax avoidance schemes is imminent, with the number of active lines of inquiry set to nearly double – or so says a coalition of money laundering investigators from the US, Australia, Britain, Canada, and the Netherlands. J5, a team of five countries formed by the US Internal Revenue Service to fight cryptocurrency-powered crimes such as tax fraud, has 60 open investigations, but the Sydney Morning Herald reports it’s now considering additional 50. The crew also confirmed they’ve shared more data between themselves since their efforts began last July than in the entire past decade.


3 Another Hacker Selling Access to Charity, Antivirus Firm Networks

A threat actor observed on underground hacker forums peddling internal network access to various entities claims to have breached the infrastructure of notable organizations such as UNICEF and cybersecurity companies Symantec and Comodo. The hacker uses the online name Achilles and offers to sell details for a way in for modest prices, between $2,000 and $5,000, depending on the value of the target. Their activity jumped over the past seven months particularly in Fall 2019 and Spring 2019. This appears to be a different threat actor than Fxmsp, who advertised access to antivirus companies with offices in the U.S., namely Symantec, McAfee, and Trend Micro. While Fxmsp is believed to be a group of Russian-speaking hackers, the new seller speaks English and may be Iranian.


4 The Clever Cryptography Behind Apple's 'Find My' Feature

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours. "Now what’s amazing is that this whole interaction is end-to-end encrypted and anonymous," Federighi said at the WWDC keynote. "It uses just tiny bits of data that piggyback on existing network traffic so there’s no need to worry about your battery life, your data usage, or your privacy."


5 OMB Publishes Memorandum on U.S. Federal Data Strategy

"Data is the new oil," said mathematician Clive Humby in 2006 when designing a supermarket clubcard. But like crude oil, it is what can be extracted (in this case, information) that is truly valuable and drives both government and business. For information to be valuable, it must come from as much accurate data as possible. This is the purpose of the U.S. Federal Data Strategy — to allow cross-state federal agencies to combine and share federal data safely and securely; to turn siloed federal data into Big Federal Data. On June 4, 2019, the Office of Management and Budget published its framework (PDF) for the Federal Data Strategy. At the same time, the Federal Data Strategy development team published a draft one-year Action Plan (PDF) open for public comment until July 5, 2019. The hope is that within five to ten years of one-year plans, the Federal Data Strategy will be in full operation.


6 Amazon CEO Bezos says robotic hands ready for prime time in next 10 years

Jeff Bezos, Amazon.com Inc’s chief executive and founder, said on Thursday he expects the challenge of building robots for commercial use that can grasp items as efficiently as human hands will be solved in the next 10 years. The remark, made on stage at Amazon’s “re:MARS” conference in Las Vegas, underscored how technology is being developed that one day could take care of essential tasks in retail warehouses currently carried out by humans, namely the stowing and picking up of customer orders.


7 State Department proposes new $20.8 million cybersecurity bureau

The State Department has sent to Congress a long-awaited plan to reestablish a cybersecurity-focused bureau it says is key to supporting U.S. diplomatic efforts in cyberspace. The State Department’s new plan, obtained by CyberScoop, would create the Bureau of Cyberspace Security and Emerging Technologies (CSET) to “lead U.S. government diplomatic efforts to secure cyberspace and its technologies, reduce the likelihood of cyber conflict, and prevail in strategic cyber competition.” The new bureau, with a proposed staff of 80 and projected budget of $20.8 million, would be led by a Senate-confirmed coordinator and “ambassador-at-large” with the equivalent status of an assistant secretary of State, who would report to the Undersecretary of State for Arms Control and International Security. The idea comes nearly two years after then-Secretary of State Rex Tillerson announced he would abolish the department’s cybersecurity coordinator position and put its support staff under the department’s economic bureau.


8 Software vendor may have opened a gap for hackers in 2016 swing state

A Florida election software company targeted by Russians in 2016 inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election, according to a document reviewed by POLITICO and a person with knowledge of the episode. VR Systems, based in Tallahassee but with customers in eight states, used what’s known as remote-access software to connect for several hours to a central computer in Durham County, N.C., to troubleshoot problems with the company's voter list management tool, the person said. The software distributes voter lists to so-called electronic poll books, which poll workers use to check in voters and verify their eligibility to cast a ballot.


9 University of Chicago Medicine says some donor, patient information mistakenly exposed

The personal information of some University of Chicago donors and patients was mistakenly exposed, the U. of C. health system has confirmed. University of Chicago Medicine acknowledged the data exposure in a statement Monday after an independent security researcher notified it of the problem. That researcher, Bob Diachenko, posted information about the issue Monday on a cybersecurity news and consulting services website and on Twitter. The exposed information was part of a database that contained nearly 1.7 million records, Diachenko said. U. of C. Medicine spokeswoman Ashley Heher said in an email Tuesday that the database contained information from “substantially fewer individuals” than 1.7 million, but declined to be more specific. One person can be linked to more than one record.


10 AMCA Healthcare Hack Widens Again, Reaching 20.1M Victims

The hack of the American Medical Collection Agency (AMCA), a third-party bill collection vendor, continues to expand, now impacting 20.1 million patients across three laboratory services providers. In the wake of revelations that the personal data of 12 million patients from Quest Diagnostics had been potentially compromised by an infiltration of AMCA systems, another 7.7 million patients from LabCorp were shown on Wednesday to be impacted. And, 400,000 victims from OPKO Health have been now been added to the tally as of Thursday. The exposed information includes personally identifiable information such as names, addresses and dates of birth, but also payment data. All three companies are clinical laboratories offering blood tests and the like, and all three relied on AMCA to process a portion of their consumer billing.


11 Riviera Beach computer shut down due to hacking; fix may cost $1 million

During a special meeting called to address the city's complete computer shutdown, interim Information Technology Manager Justin Williams delivered the continuing bad news. "As of right now, everything is down," Williams said, confirming that the problem is lasting longer than city officials predicted last week when the problem began early May 29. All of the city's email and every department's computer system have been paralyzed since last Wednesday after what is just now being revealed as some type of hacking event. "An email got in. Someone clicked on an email. There was an intrusion. As soon as we became aware of it, we went and locked everything down," said Williams in answer to a councilman's question. Williams said the intrusion was so bad they could not risk turning any of the city's computers back on for fear of the virus spreading further.


12 Jewish dating app JCrush exposed user data and private messages

A security lapse at JCrush, a dating app designed for the Jewish community, left a database open without a password, exposing sensitive user records and private messages to anyone who knew where to look. The site’s backend database had around 200,000 user records, according to security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with TechCrunch and wrote up their findings at vpnMentor. None of the data was encrypted, the researchers told TechCrunch. We obtained a sample of the records to verify. From what we saw, the records contained the user’s name, gender, email address, IP address and geolocation, as well as their city, state and country, date of birth, sexual preferences, religious denomination and photos they use on JCrush.


13 Google confirms that advanced backdoor came preinstalled on Android devices

Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. Once installed, Triada's chief purpose was to install apps that could be used to send spam and display ads. It employed an impressive kit of tools, including rooting exploits that bypassed security protections built into Android and the means to modify the Android OS' all-powerful Zygote process. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers.


14 Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware

Malware distributors have setup a site that impersonates the legitimate Cryptohopper cryptocurrency trading platform in order to distribute malware payloads such as information-stealing Trojans, miners, and clipboard hijackers. Cryptohopper is a trading platform where users can build models that will be used for automated trading of cryptocurrency on various markets. In a new campaign discovered by malware researcher Fumik0_, attackers have created a replica of the Cryptohopper trading platform site that when visited will automatically download a Setup.exe executable as shown below.


15 MIT’s robot boats can self-assemble to build bridges, stages or even markets

MIT researchers have created a new autonomous robot boat prototype — which they have named “roboats” to my everlasting glee — that can target and combine with one another Voltron-style to create new structures. Said structures could be bigger boats, but MIT is thinking a bit more creatively — it envisions a fleet of these being able to join up to form on-demand urban infrastructure, including stages for concerts, walking bridges or even entire outdoor markets. The roboats would of course be able to act as autonomous water taxis and ferries, which could be particularly useful in a setting like Amsterdam, which is why MIT teamed up with Amsterdam’s Institute for Advanced Metropolitan Solutions on this. Equipped with sensors, sub-aquatic thrusters, GPS, cameras and tiny computer brains, the roboats can currently follow a pre-determined path, but testing on newer 3D-printed prototypes introduced a level of autonomy that can accomplish a lot more.


16 Hackers reportedly stole nearly $10M worth of Ripple (XRP) in GateHub hack

Another day, another cryptocurrency heist. Hackers have breached over 100 Ripple $XRP4.4% (XRP) Ledger wallets managed by service provider GateHub. If that wasn’t bad enough, additional reports suggest the attackers have siphoned off more than $100 million worth of XRP. “Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and immediately started monitoring network activity, and conducted an extensive internal investigation,” wrote GateHub chief Enej Pungercar. Unfortunately, the company has yet to identify what caused the issue. GateHub say it’s in the process of reviewing the suspicious activity, but no official conclusions have been posted at the time of writing.


Related Posts