AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/20/2020

1 – Georgia election server showed signs of tampering, expert says

A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked. The server was left exposed to the open internet for at least six months, a problem the same expert discovered in August 2016. It was subsequently wiped clean in mid-2017 with no notice, just days after election integrity activists filed a lawsuit seeking an overhaul of what they called the state’s unreliable and negligently run election system.


2 – The Secretive Company That Might End Privacy as We Know It

Until recently, Hoan Ton-That’s greatest hits included an obscure iPhone game and an app that let people put Donald Trump’s distinctive yellow hair on their own photos. Then Mr. Ton-That — an Australian techie and onetime model — did something momentous: He invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security. His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared.


3 – Apple shared customer data with US government in a record-high 90% of cases, even as Trump administration complains it’s not doing enough

Apple announced in a report Friday that it received a record-high 3,619 requests from the US government for users‘ account information in the first half of 2019, up 36% from the previous six-month period. Apple said it complied with 90% of those requests, which generally asked for customers‘ iTunes or iCloud account details and occasionally their iCloud data. Apple’s report comes amid its battle with the US government over privacy, which was reignited this week after it refused an FBI request to unlock a mass shooter’s iPhones. The report paints a stark contrast to the government’s efforts to paint Apple as unhelpful in assisting law enforcement’s‘ investigations.


4 – The FBI will brief state officials in future election hacks

As the 2020 presidential election nears, the Federal Bureau of Investigation announced on Thursday that it would start notifying states when local election systems are hacked in an effort to make elections more secure. Before, the bureau would only notify the owners of the breached equipment of cyberattacks, which were typically counties and local governments with less capacity to respond. The FBI’s announcement comes after months of criticism from lawmakers and election officials who feared the agency was failing to brief states of possible threats, The Wall Street Journal reported Thursday. In a call with reporters, an FBI official also said the bureau will not notify election technology vendors of breaches.


5 – EU considers banning facial recognition technology in public spaces

The European Union is debating a potential ban on the use of facial recognition technologies in public areas. Facial recognition-equipped systems, such as those found in mobile devices and cameras, are advocated by law enforcement as a way to track missing persons and as useful tools in criminal investigations. However, critics say this technology is susceptible to abuse and its use without the consent of the general public undermines our right to privacy. 


6 – A hacker is patching Citrix servers to maintain exclusive access

Attacks on Citrix appliances have intensified this week, and multiple threat actors have now joined in and are launching attacks in the hopes of compromising a high-value target, such as a corporate network, government server, or public institution. In a report published today, FireEye says that among all the attack noise it’s been keeping an eye on for the past week, it spotted one attacker that stuck out like a sore thumb. This particular threat actor was attacking Citrix servers from behind a Tor node, and deploying a new payload the FireEye team named NotRobin.


7 – WeLeakInfo.com Domain Name Seized

Today, the Federal Bureau of Investigation and the U.S. Department of Justice announced that they have seized the internet domain name weleakinfo.com.  The announcement was made by U.S. Attorney Jessie K. Liu of the District of Columbia and Special Agent in Charge Timothy M. Dunham of the FBI’s Washington Field Office. The website had claimed to provide its users a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts.  The website sold subscriptions so that any user could access the results of these data breaches, with subscriptions providing unlimited searches and access during the subscription period (one day, one week, one month, or three months).


8 – FAU Research Reveals Internet Crime Becoming More Sophisticated and Persistent in Florida and Other Large States

Internet crimes are becoming more sophisticated and persistent in Florida and several of America’s other most populous states, including California, New York, Texas, Virginia and North Carolina, according to research from Florida Atlantic University’s Center for Forensic Accounting. The researchers identify the top states as having the largest victim monetary losses and number of victims, and their report shows online crime trends in the last four years before 2019 (2015 to 2018) for the six top states with the highest internet crime activity.


9 – Army (websites) defeated, but for the greater good

Normally the U.S. Army would not tout the success of an attacker, but in the case of Hack the Army 2.0 bug bounty program the service proudly announced 146 vulnerabilities were found. The platoon-sized unit of white hat hackers, 52 individuals, found the valid vulnerabilities while investigating 60 publicly accessible Army websites, including army.mil, .goarmy.mil, and the Arlington Cemetery website. The helpful hackers hailed from the U.S., Canada, Romania, Portugal, Netherlands, and Germany earned a total of $275,000 for their efforts. “Participation from hackers is key in helping the Department of Defense boost its security practices beyond basic compliance checklists to get to real security.


10 – Israeli spyware firm fails to get hacking case dismissed

An Israeli judge has rejected an attempt by the spyware firm NSO Group to dismiss a case brought against it by a prominent Saudi activist who alleged that the company’s cyberweapons were used to hack his phone. The decision could add pressure on the company, which faces multiple accusations that it sold surveillance technology, named Pegasus, to authoritarian regimes and other governments that have allegedly used it to target political activists and journalists.


11 – Chinese man arrested after making $1.6 million from selling VPN services

Chinese authorities are continuing their crackdown against sellers of unauthorized and unregistered VPN software inside the country’s borders, especially against VPN services that are advertised as capable of bypassing the country’s Great Firewall technology. Arrests have been going since mid-2017, but Chinese authorities appear to have landed their biggest catch at the end of 2019. According to a report from Litchi News, Chinese police from the city of Taizhou have arrested a 29-year-old man that they claim has made a fortune by selling VPN services. The suspect, identified only by the pseudonym of Gao, operated a VPN service to bypass the country’s Great Firewall since mid-2016.


12 – 70,000 Tinder Photos Of Women Just Got Dumped On A Cyber-Crime Forum

More than 70,000 photos of Tinder users are being shared by members of an internet cyber-crime forum, Gizmodo has learned, raising concerns about the potential for abusive use of the photos. Ominously, only women appear to have been targeted. Aaron DeVera, a researcher at the cybersecurity firm White Ops, told reporters they discovered the images on a website known for trading in malicious software. (We aren’t disclosing the website’s name for obvious reasons.) The dump is also accompanied by a text file containing some 16,000 unique Tinder user IDs, which could be the total number of users affected.


13 – December cyber attack costs New Orleans $7 million, so far

A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update. At 5 a.m. on December 13, New Orleans was becoming the latest victim in a long string of ransomware attacks directed as U.S. municipalities, throwing the state of Louisiana’s most populous city into a state of emergency. Employees were told to disconnect all computer systems, including servers, and halt all work. The attackers had made no ransom demands, suggesting the attack was meant to disrupt the city and dent its economy. However, this is not confirmed.

Related Posts