Email discussion groups and listservs are still very popular within the law enforcement and financial security community. While most organizations rely heavily on modern asynchronous chat apps like Microsoft Teams and Slack, the fragmented nature of law enforcement requires the use of old-school communication techniques like email.
The two most frequent emails sent through these forums are 1) Hey, does anyone have a search warrant template for Company X? and 2) Does anyone have a real person contact for Business Y? I’ll bet a cold malt beverage at the next conference that these two questions make up 75% of all emails.
Search warrant templates are a dime a dozen. A living human that will answer the phone at an Internet Service Provider (ISP) or Financial Institution (FI) is not and are something to protect at all costs.
Search.org has one of the largest contact lists published on the open Internet. It’s well-organized and constantly updated. The maintainers are responsive to suggestions and gladly accept updates if you find their information stale.
Save the rest of us some inbox space the next time you need a contact for an Internet service or Financial Institution start with the Search.org ISP list.
https://www.search.org/resources/isp-list/
Report your loss
It is a regular occurrence that the police arrest a person for some form of serial theft, be it from vehicles, home burglaries, or shoplifting, where caches of stolen items are recovered. The police often struggle to identify the owners of much of the recovered goods. Why? Because the victims never reported their loss. They reasoned, “Someone stole out of my unlocked vehicle, it was my fault, I’ll make sure to lock my doors in the future”, and never let the police know what was stolen. The police later recover the stolen items but don’t know who it belongs too.
It is equally important to report when victimized through Internet and technology facilitated crimes for much the same reasons. And if nothing else, it assists law enforcement with accurate reporting of victimization in terms of numbers and dollar loss,
The FBI issued a public plea this week asking for victims of the Hashflare Cloud Mining service to come forward. They arrested the organizers of the group and may be able to help victims recover some of their lost investments and cryptocurrency. The investigation revealed the group collected over 31 million dollars from investors…but they haven’t an equivalent amount of claims from victims.
Yes, you got scammed. And you’ll do better next time, but take a few minutes to report it. Every so often a blind squirrel finds a nut.
Law enforcement and financial security investigators need to make sure they assist victims with reporting. Start with the Internet Crime Complain Center at https://www.ic3.gov/Home/ComplaintChoice
The victimizers get victimized
O.K., I know it’s not victimization, as we willingly walk into the restaurant and ordered the food, but the prices charged by Five Guys Burgers and Fries leave many patrons feeling like they’ve just been mugged. Now the truly victimized by the chain are their employees and everyone else who has applied for a job. The company sent letters to employees and recent job-seekers that a “security incident” in September of 2022 resulted in the loss of their personal identifiable information. The company will provide those affected with one year of free credit and “cyberscan” monitoring. I’m sure burgers and fries would be more appreciated…and more useful. https://dojmt.gov/wp-content/uploads/Consumer-Notification-Letter-783.pdf?mod=djemCybersecruityPro&tpl=cy
Go SEC!
And I’m not talking about the Bulldogs thumping the Horn Frogs.
I was consistent in my praise of the Securities and Exchange Commission (SEC) in 2022 for their diligence in addressing CyFi crime. Particularly, complicated schemes involving crypto-assets. As it appears every other agency of the federal government is faltering, or even corrupt, the SEC just keeps doing its job.
The agency has filed charges against the operator’s of the CoinDeal Co-Op alleging they defrauded “tens-of-thousands” of investors to the tune of forty-five million dollars. The SEC claims “the defendants falsely claimed access to valuable blockchain technology and that the imminent sale of the technology would generate investment returns of more than 500,000 times for investors. The money actually went to purchase luxury cars, real estate and a boat for the personal use of Chandran and the others, in addition to being misappropriated for his other businesses”. https://www.sec.gov/news/press-release/2023-2?utm_medium=email&utm_source=govdelivery
1st of the year
And for our first malicious insider report of the year… A license examiner for the Pennsylvania Department of Transportation has been charged for a scheme were he accepted money to assist non-English speakers pass various licensing exams. I’m sure he’s not the only one within the department. Particularly scary is “Police said many of Carrion’s customers, regardless of their participation in the investigation, had to be re-tested for their licenses and did not pass.” Kudos to the Pennsylvania State Police for a successful investigation. https://www.pennlive.com/news/2023/01/former-penndot-employee-arrested-in-licensing-fraud-scheme.html
The Rest…
Coinbase agreed to a $100 million settlement with the state of New York over cybersecurity lapses and their failure to comply with anti-money laundering guidelines that allowed the platform to be used for fraud, money laundering and other illicit activities. https://www.dfs.ny.gov/system/files/documents/2023/01/ea20230104_coinbase.pdf
SentinalOne looks back at 2022 to review all of the security incidents we’ve long since forgot. https://www.sentinelone.com/blog/the-best-the-worst-and-the-ugliest-in-cybersecurity-2022-edition/
If my writings are used to train AI, and then that AI is used to produce additional writings which are published by someone else, am I the victim of theft? Seth Goodin says NO. https://seths.blog/2023/01/patterns-culture-and-theft/
Cool Job
Special Investigator - Fraud. Lemonade Insurance. https://makers.lemonade.com/recipe/special-investigator--siu-remote
Cool Tool
Enumerate usernames across many websites. https://whatsmyname.app/
Irrelevant
Farmers make the best leadership consultants. https://leadership.garden/leadership-advice-from-farmers/
Long(ish) tech(ish) geek(ish) read
Abusing Gmail while abusing aliases. https://osintmatter.com/the-dark-side-of-gmail/
Thank you for opening this weeks email. I realize that your attention is finite and I appreciate you giving me some of it.
Matt
“Life is too short to spend time with people who suck the happiness out of you.”
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space are my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.