Threats Without Borders - Issue 177
Cybercrime Investigation Newsletter, week ending April 7, 2024
In last week's issue, I discussed the importance of security and privacy regarding web browsing. Although both factors are crucial for a safe browsing experience, it's important to recognize their differences and how they require distinct features in a web browser. For instance, a browser that prioritizes privacy might not necessarily be strong in security, and vice versa. I promised this week I would discuss the privacy and security features of the four major web browsers - Edge, Safari, Firefox, and Chrome - and reveal my personal browser preference.
I’m not one to reinvent the wheel, and as I was researching the topic, I found these two articles that cover the issue better than I ever could:
Chrome, Edge, Firefox, Opera, or Safari: Which Browser is Best For You in 2024 - https://www.pcmag.com/picks/chrome-edge-firefox-opera-or-safari-which-browser-is-best
Best Browser for Your Privacy 2023 - https://proton.me/blog/best-browser-for-privacy
I will offer you another option: Brave. I have been using the Brave Browser exclusively since its release and can’t say enough about it.
Brave's philosophy is built on the foundation of privacy, and it is committed to always ensuring user anonymity. The company's ad and tracker-blocking capabilities are central to this belief system, as they provide a strong defense against the pervasive tracking techniques used by advertisers and data brokers. By default, Brave blocks ads and trackers, safeguarding users' browsing histories and keeping their personal information secure.
Brave's privacy features are designed to protect users from sophisticated tracking techniques employed by malicious entities and privacy-trampling corporations. The browser's fingerprinting protection prevents websites from identifying and tracking users based on their unique device configurations. Additionally, script blocking provides users with granular control over the execution of scripts, minimizing the risk of exploitation by malicious actors.
The real magic of Brave is its ad blocking. The browser blocks ads by default without additional plugins or extensions. This reduces page clutter and obnoxious pop-ups and significantly increases the browser's performance. Blocking ads and trackers in the Brave browser results in faster web page loading times, improved browsing efficiency, and reduced bandwidth usage.
Brave is built on the Chromium engine, so it’s completely compatible with any extension in the Chrome store.
Give it a try. I think you’ll like it.
Some News…
I’m generally not a fan of anything published by TechCrunch, but Zach Whitaker did a good job with this article explaining how law enforcement conducts “reverse searches.” As Whitaker describes it, “So-called “reverse” searches allow law enforcement and federal agencies to force big tech companies, like Google, to turn over information from their vast stores of user data.” Whitaker is also correct in placing blame on technology companies for collecting and storing data in the first place. It's understandable that the police would come looking for evidence to solve crimes. If the evidence exists, they will try to obtain it, solving crime is kind of what they do! https://techcrunch.com/2024/04/02/reverse-searches-police-tap-tech-companies-private-data/
It’s not always cyber…the U.S. Attorney for the Southern District of New York has indicted eight men for “their participation in a multi-year scheme to steal beer — primarily Corona and Modelo shipped from Mexico — from railroad cars and beverage distribution facilities”. Yes, thefts from railroad cars…like in the old days. Don’t laugh; the heists netted them “hundreds of thousands of dollars.” https://www.justice.gov/usao-sdny/pr/eight-bronx-men-charged-participation-beer-theft-enterprise
I’m still stuck at paying ten dollars per month to search the Internet, but the more I hear about Kagi, the more likely I will open the wallet. https://www.404media.co/friendship-ended-with-google-now-kagi-is-my-best-friend/
This is self-serving, but Proton claims Microsoft’s Outlook mail application is the worst thing for personal privacy since GMail. In this article, they don’t make claims; they show the goods. The author claims, “You can’t use the new Outlook without syncing all this information with Microsoft Cloud — there is only the option to cancel, according to the developers’ forum XDA(new window). It is also configured to send login details – including usernames and passwords – directly to Microsoft servers.”. Interesting. https://proton.me/blog/outlook-is-microsofts-new-data-collection-service
You might need the 12ft Ladder to climb this pay wall, but the self-professed vigilante hacker in this article believes the United States needs to start “hacking back”. https://www.wired.com/story/p4x-north-korea-internet-hacker-identity-reveal/
U.S. Cancer Center data breach impacts over 800,000. Unfortunate. https://www.securityweek.com/us-cancer-center-data-breach-impacting-800000/
The OSINT Foundation (OSINT = Open Source Intelligence) has published their suggested Principles for OSINT Professionals. Will there be a test? https://www.osintfoundation.com/osint/Standards.asp
Kudos
Tw/oB congratulates Regulator Agent Kurt Eggly of the Michigan Unemployment Insurance Agency on winning the organization’s Office of Inspector General Special Achievement Award—for the third time, mind you. This time, Eggly identified a fraud group that filed over 600 false claims across 19 states. Kudos to you, sir! https://www.detroitnews.com/story/news/local/michigan/2024/04/06/investigator-awarded-multi-million-dollar-unemployment-fraud-ring/73228038007/
Cool Job
Senior Director of Cyber and IT Risk - BetMGM. https://www.betmgminc.com/careers/gnk=job&gni=8a7883ac8df214a5018e0f4552b82215
Cool Tool
Awesome Privacy - Your guide to finding and comparing privacy-respecting alternatives to popular software and services. https://awesome-privacy.xyz/
Irrelevant
Buying an insurance policy gives the company full rights to inspect your property at any time, including by air, without your knowledge. Who knew…those who read the fine print. https://www.wsj.com/real-estate/home-insurance-aerial-images-37a18b16?st=u7d7jxedatfxjhe&reflink=article_copyURL_share
In under the wire…
The Pennsylvania Turnpike Commission warned about a phishing campaign targeting EZ Pass users. The smishing messages “purport to be from “Pa Turnpike Toll Services” and center around urgent requests with your account that would result in a late fee if the balance does not get settled.” https://www.paturnpike.com/news/details/2024/04/07/pa-turnpike-alerts-e-zpass-users-of-phishing-scam
Sign Off
I’ll volunteer and speak at the BSides Harrisburg cybersecurity conference this Friday (April 12, 2024). Please say hi to me, and I’d be honored if you attended my talk, DARVO—The Psychological Manipulation of Ransomware Victims (Track 2 room from 3:00 - 3:30PM).
I appreciate you taking a few minutes of your week to read the newsletter.
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.