Threats Without Borders - Issue 152
Cyber-Financial Crime Investigation Newsletter, Week ending October 15, 2023
Six subscribers hit the unsubscribe button this past week. Five of them were on Tuesday shortly after the newsletter was published. I don’t know why these readers chose to unfollow the newsletter, but I’ll assume it was because of my closing salutation.
My wife suggested that people are so tired of politics that maybe I should have kept worldwide political conflict out of newsletter about cybercrime and fraud investigation.
She’s right.
Maybe those readers are pro-Putin and offended by my support of Ukraine. Maybe they are anti-semites offended by my support of Israel. Maybe they are just tired of politics.
I’ll take wise counsel and refrain from making political statements that are outside of the scope of the newsletter.
But I don’t think I’ll miss these particular subscribers.
Welcome to Issue 152 of the Threats Without Borders Newsletter.
News
I found this posted on the leak-site of the Everest ransomware group. Yes, they are actively recruiting your employees to sell their access credentials. This would be a good time to bring that long-shelved insider threat program to fruition.
Google explains how they defeated a 398 million requests-per-second DDOS (dedicated denial of service) attack. Holy-moly. Consider that for a moment - 398,000,000 requests directed to a single web resource in the time it takes you to say “one-thousand-one”. https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
Speaking of Google, they are replacing passwords with passkeys on all Gmail accounts. The release explains you will be prompted to implement the new security feature the next time you log-in to the account. I logged-out and logged-in to my account several times but couldn’t get the feature to trigger. https://blog.google/technology/safety-security/passkeys-default-google-accounts/
Better late than never. Pennsylvania based convenience store chain, Rutters, has agreed to a $1 Million dollar settlement for a database breach that occurred - in 2019. I’m sure the delay was because of Covid (insert sarcasm here). The data leaks happened over a nine-month span in 2018 and 2019 consisting of 272 days, involving 79 store locations, and 1,365,995 payment cards. https://www.pennlive.com/business/2023/10/rutters-to-pay-1m-in-settlement-with-pa-attorney-generals-office.html
The United States Attorney’s Office for the Southern District of Florida has filed charges against seventeen (17) employees of the Broward County Sheriff’s Office for pandemic relief fraud. The crazy thing is they appear to be all separate actions. The accused all acted independently of each other - not in a coordinated action. It just so happened they all worked at the same place. What are chances of that? https://www.justice.gov/usao-sdfl/pr/seventeen-broward-sheriffs-office-employees-charged-covid-19-pandemic-relief-fraud
I’ll have the Nashville hot chicken sandwich combo…hold the card fraud, please. Ten employees of an Indiana Hardee’s have been criminally charged with fraud and money-laundering. The group would photograph drive-through customers credit cards and later use them to fund inmate debit cards. https://www.nbcchicago.com/news/local/10-charged-in-14k-fraud-scheme-targeting-drive-thru-customers-at-nw-indiana-fast-food-restaurant/3245648/
A Chinese national attending Penn State University has been charged in connection to a scheme to steal cash from an elderly couple through a tech-support scam. The student responded to the victim’s home posing as a federal agent sent to retrieve money that needed to be “cleaned”. I wonder how the Chinese courts deal with people who do this? https://www.pennlive.com/news/2023/10/penn-state-student-from-china-charged-in-attempt-to-scam-money-from-pa-couple.html
Three dozen stalking victims have joined a class-action lawsuit against Apple claiming AirTags are to blame. The suit claims, "What separates the AirTag from any competitor product is its unparalleled accuracy, ease of use and affordability. With a price point of just $29, it has become the weapon of choice of stalkers and abusers.” https://arstechnica.com/tech-policy/2023/10/apple-airtags-triggered-explosion-of-stalking-reports-nationwide-lawsuit-says/
Irrelevant
Get yourself a new job - https://www.themuse.com/advice/43-resume-tips-that-will-help-you-get-hired
Cool Job
Director - Investigations and International Security. The National Football League. https://hdmm.fa.us6.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX/requisitions/preview/230453/
Cool Tool
Inspect that exif - https://exiftool.org/ (The GOAT - new version release)
Web-based tool for quick work - https://exifdata.com/
How about sharing the newsletter with a colleague? I need to replace six subscribers!
“IF YOU LIVE OFF A MAN’S COMPLIMENTS, YOU’LL DIE OFF HIS CRITICISM.” - someone wiser than me.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
This newsletter offers valuable information that you have used your time to gather the facts and links so your readers only need to “click” and have that info at their fingertips. You have every right to make a statement that I do not feel was political it was from your heart and was a humanity issue for you the owner of this newsletter. You will not miss those subscribers but they will miss your info!