Threats Without Borders - Issue 185
Cybercrime Investigation Newsletter, Week-ending June 2, 2024
Below are some browser tools that can assist you in conducting online investigations. I have included links for the Chrome Web Store, assuming that most of you use a Chromium-based browser (Chrome, Edge, Brave, ARC, Opera, Vivaldi). I recommend using the Brave browser. Additionally, most of these extensions are also available for Firefox and Safari.
The official Tineye extension – Reverse image source - finds the original source of an image. https://chromewebstore.google.com/detail/tineye-reverse-image-sear/haebnnbpedcbhciplfhjjkbafijpncjl
RevEye reverse image search – Like Tineye, only different. https://chromewebstore.google.com/detail/reveye-reverse-image-sear/keaaclcjhehbbapnphnmpiklalfhelgf?hl=en
What technology is this website running? Wappalyzer breaks it down. https://chromewebstore.google.com/detail/wappalyzer-technology-pro/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en
There are endless investigative uses for the Wayback machine. Here is the official extension. https://chromewebstore.google.com/detail/wayback-machine/fpnmgdkabkmnadcjpehmlllkndpkmiak
Download videos from Youtube, Vimeo, and everywhere else. https://chromewebstore.google.com/detail/video-downloadhelper/lmjnegcaeklhafolokijcfjliaokphfk
The best multi-platform screen recorder with an extension. https://chromewebstore.google.com/detail/nimbus-screenshot-screen/bpconcjcammlapcogcnnelfmaeghhagj?hl=en
Link Klipper - Extract all the links from a webpage and save them to a file. https://chromewebstore.google.com/detail/link-klipper-extract-all/fahollcgofmpnehocdgofnhkkchiekoo?hl=en
Session Buddy – for when you need to close out a session, save the open tabs or recover the tabs you had opened after a crash. https://chromewebstore.google.com/detail/session-buddy/edacconmaakjimmfgnblocblbcdcpbko
SingleFile – save any webpage into a single .html file (capture what a website looked like at a given point in time – and you can share it). https://chromewebstore.google.com/detail/singlefile/mpiodijhokgodhhofbcjdecpffjipkle
Tab Resize - split your screen every which way. https://chromewebstore.google.com/detail/tab-resize-split-screen-l/bkpenclhmiealbebdopglffmfdiilejc
Max Focus - Preview a link before you click it. https://chromewebstore.google.com/detail/maxfocus-link-preview/bnacincmbaknlbegecpioobkfgejlojp
Some News
I teach a "Technology Security Basics" class for my employer. In the class, I discuss the dangers of free software and advice. I explain how people offering free technology advice on the internet aren't always altruistic software engineers who just want to make the world of technology a better place. Here is a perfect example - cyber attackers using the Q/A function of Stack Overflow to trick people into installing malware. https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
A man stored 43 Bitcoins in a digital wallet to protect them from hackers and thieves. However, he ended up securing them from himself by forgetting the passcode. Fortunately, someone more skilled than him managed to crack the code and access the wallet - eleven years later. https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/
The ten most frequently stolen vehicles in the United States. It's not surprising that Hyundai and Kia are prevalent. https://www.visualcapitalist.com/top-10-most-stolen-vehicles-in-america/
They’re already using AI to manipulate Google search results to push fake websites. https://www.foxnews.com/tech/cyber-scammers-use-ai-manipulate-google-search-results
The Cisco Talos group does a deep dive into the brands exploited during phishing attacks. https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/
North Korea really likes work-from-home jobs. Especially when it’s with an American company. The U.S. DOJ alleges the North Korean government has supported thousands of skilled IT workers who used stolen or borrowed U.S. persons’ identities to get hired as domestic workers, infiltrate domestic companies’ networks, and raise revenue for North Korea. Over 300 U.S. companies have been victimized. Holy insider threat! https://www.justice.gov/opa/pr/charges-and-seizures-brought-fraud-scheme-aimed-denying-revenue-workers-associated-north
Rough couple of weeks for Live Nation/Ticketmaster. First the antitrust lawsuit and now a data breach. It’s kind of like the bully getting bullied. I’m sure I’ll have another entry on the HaveIbeenPwned database and another year of freed credit monitoring. https://techcrunch.com/2024/05/31/live-nation-confirms-ticketmaster-was-hacked-says-personal-information-stolen-in-data-breach/
And the 8K they filed with the SEC https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
Late addition - Ticketmaster breach is part of the attack on Snowflake. https://arstechnica.com/security/2024/06/ticketmaster-and-several-other-snowflake-customers-hacked/
The Federal Trade Commission released a report listing the top ten companies impersonated by cybercriminals in 2023. It’s exactly who you think it is. https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2024/05/whos-who-scams-spring-roundup
Irrelevant
Cool Job
Head of Fraud Products - Socure. https://socure.wd1.myworkdayjobs.com/en-US/SocureCareers/details/Head-of-Fraud-Products_JR192
Cool Tool
Scroll up.
The First Law of Discussion Non-Response Bias: Online Discussions tend to attract those with strong opinions because moderates are less likely to try to give their opinions. They are skewed to either side of the debate, while most people are somewhere in between. Translations: Online debates are rarely the reality.
Sign Off
Thank you for reading another issue. Unfortunately, Yahoo email is still dropping the newsletter. (If you see this) and are registered for the newsletter using a Yahoo email address, please consider an alternate. You can always return to past issues by visiting the domain page at threatswithoutborders.com. Click the “let me read it first” if you get sent to the splash page.
And as always, those who forward the newsletter to colleagues are extra special!
See you next Tuesday.
Matt
“DO MORE THINGS THAT MAKE YOU FORGET TO CHECK YOUR PHONE.”
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.