Threats Without Borders - Issue 184
Cybercrime Investigation Newsletter, Week ending May 26, 2024
Microsoft has introduced a new feature called Recall in Windows 11, designed to help users easily find and access information they need from their past activities on their devices. This AI-powered feature uses machine learning algorithms to record and index user activity, allowing users to search for specific content using natural language queries.
Recall works by recording and storing snapshots of user activity on the device, including Screen captures of apps, websites, and documents, File and folder names, Conversations and messages, Browser history, and App usage. Recall takes periodic snapshots of your screen activity every few seconds. These snapshots are analyzed using image recognition and natural language processing to allow you to search for and retrieve past content using text descriptions or visual cue.
Wait, what? Yes, the computer will take screenshots of your work and create a searchable archive of your computer usage. Imagine EVERYTHING you do on your computer being memorialized as an image!
I’d be giddy about this feature if I was still working cases as a digital forensics practitioner. It’s a gold mine of digital evidence. The holy grail.
Its potential for abuse is terrifying to a cybersecurity practitioner and shocking to anyone who cares about privacy.
Recall is an opt-in feature available only on new Copilot+ PCs with dedicated AI hardware. At least for now.
Shall we finally move to Linux?
The News…
A Dark Web seller claims to have developed malware that will exploit 99% of ATMs in Europe and 60% of machines worldwide. “If the claims are true, this malware poses a significant threat to the global banking industry. The ATM malware can target machines manufactured by multiple leading vendors, including Diebold Nixdorf, Hyosung, Oki, Bank of America, NCR, GRG, and Hitachi.” https://securityaffairs.com/163732/malware/eu-atm-malware.html
I’ve got to be honest…I read about 1/4 of this article before I zoned out. VPN provider Mullvad has A LOT to say about the “war on encryption.” I’m sure there’s an equal amount of conspiracy theory and truth in this article, I couldn’t get into either. https://mullvad.net/en/why-privacy-matters/going-dark
Docusign is a great product and continues to grow in popularity. Of course, that’s exactly why the bad guys are targeting its users. Abnormal Security discusses the surge in phishing attacks and provides examples and actionable intelligence. https://abnormalsecurity.com/blog/cybercriminals-exploit-docusign
The Federal Communications Commission (FCC) has proposed a $6 million fine for a company that used AI to clone President Biden's voice and used it for robocalls during the New Hampshire primary. You have to wonder if the hefty fine is the result of the robocall violation or the misuse of the President’s voice. https://www.fcc.gov/document/fcc-proposes-6-million-fine-deepfake-robocalls-around-nh-primary
Lin Rui-siang, ran the Incognito cybercrime market, extorted his own site’s users, and offered himself as a crypto-crime expert to train law enforcement. A story so crazy it has to be true. https://www.wired.com/story/lin-rui-siang-incognito-market/
Seven postal workers were charged with the theft of mail from a postal facility in Rhode Island. “A supervisor and six workers collaborated to remove mail from a United States Postal Service distribution center in Providence, sorting, separating and concealing mail they believed to contain cash, checks or gift cards, officials said. One defendant was caught with a backpack of stolen mail that included over $1.3 million worth of checks” https://apnews.com/article/rhode-island-postal-theft 6f77927834017f6f0bf1e0e4763b9828
Q1 Cyber Threat Landscape Report from Kroll. https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q1-2024-threat-landscape-report-insider-threat-phishing-evolve-under-ai
An alert teller at a Wisconsin bank recognized the man in front of her was attempting an “account takeover” and summoned the police. Kudos to the Elm Grove Police Department, whose quick action resulted in the arrest of five! https://www.gmtoday.com/the_freeman/news/five-men-charged-in-alleged-money-laundering-scheme-at-area-banks/article_8d55f64e-aece-5a49-9a90-7de3994bfd88.html
Cool Job
Director of Fraud Mitigation - Newfold Digital. https://web.wd1.myworkdayjobs.com/ExternalCareerSite/job/United-States---Remote/Director--Fraud-Mitigation_R8943
Cool Tool
Find a live camera - anywhere in the world. https://www.earthcam.com/
Create a visual dashboard for Nmap. https://hackertarget.com/nmap-dashboard-with-grafana/
Relevant
Is college worth it? Pew Research crunched the numbers to find out. https://www.pewresearch.org/social-trends/2024/05/23/is-college-worth-it-2/
Irrelevant
One thing we actually do well in Pennsylvania is make unhealthy snacks. The state leads the way in Potato chip production—why? https://www.atlasobscura.com/articles/pennsylvania-potato-chips
Sign Off
I hope everyone had a restful long weekend and took a few minutes to reflect on why the “holiday” exists.
Thank you for reading another issue, and double-thanks to those who shared the newsletter with someone else.
Matt
I thank God for my life
And for the stars and stripes
May freedom forever fly, let it ring.
Salute the ones who died
The ones that give their lives so we don't have to sacrifice
All the things we love
Like our chicken fried
- Zack Brown
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.