Threats Without Borders - Issue 191
Cybercrime Investigation Newsletter, week ending July 14, 2024
Everything has to be so hard. That’s why complex organizations struggle with cybersecurity.
When you break it down, secure procedures and systems fail to be implemented because of bureaucracy, overhead, and ego. We’ll blame it on budgets, but in reality, it’s a competition for resources, a form of politics that comes down to egos. Throw in a little of “let’s schedule a meeting for that” and “that’s not my job” and you have the perfect environment for… nothing. Yep, nothing will get done.
Don’t believe me? Suggest a change within your organization.
Nothing.
I’ve been thinking a lot lately about how to overcome resistance to change and streamline the process. How do we bring competing business units together to enable positive organizational change? How do we reduce friction and eliminate pinch points?
See, that’s where the bad guys beat us every time. They don’t have budgets, change-review boards, or hold meetings to schedule meetings. They pivot on a dime and transform to embrace the circumstances of the present environment.
Nimble and agile versus bloated and pretentious.
Watching other companies fall like dominoes should bring everyone in line. Right?
Nothing.
Carrier-grade Network Address Translation (CGNAT) is a technology Internet Service Providers (ISPs) use to conserve IPv4 addresses by allowing multiple users to share a single public IP address. CGNAT allows ISPs to assign private IP addresses to customers instead of unique public IP addresses. Multiple users' private IP addresses are translated to a single public IP address when accessing the Internet. This is done through a large-scale NAT device that simultaneously manages the address translations for thousands of users.
To remind you, private IP addresses are reserved for use within a private network and are not routable on the public Internet. These private IP addresses enable internal devices to communicate with each other while using a NAT device to share a single public IP address for external communication. This technology conserves the limited number of public IP addresses and provides an additional layer of security by keeping internal network traffic separate from external networks.
CGNAT makes it difficult to identify individual users based solely on IP address, as multiple subscribers share the same public IP. This challenges law enforcement as investigating online crimes becomes more complex when a single IP address is associated with numerous users.
Where is the investigator most likely to encounter Carrier Grade Network Address Translation? Cell towers. Almost all cellular phone towers are running GGNAT - AKA Tower Routers.
Some News…
The Verge believes “it’s never been easier for cops to break into your phone”. https://www.theverge.com/24199357/fbi-trump-rally-shooter-phone-thomas-matthew-crooks-quantico-mdtf
The Justice Department seized two domain names and 968 social media accounts linked to a Russian-operated bot farm. This AI-enhanced operation spread disinformation in the U.S. and globally, aiming to promote Russian government objectives. The bot farm used fictitious profiles, often posing as U.S. individuals, to disseminate pro-Russia narratives, particularly regarding the conflict in Ukraine. https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners
A new phishing toolkit called FishXProxy poses a significant cybersecurity threat. The toolkit provides cybercriminals with advanced features, making it easier to create sophisticated phishing campaigns that are difficult to detect and take down. FishXProxy's features include its antibot system, Cloudflare integration, inbuilt redirector, page expiration settings, cross-project user tracking, and offline HTML smuggling attachments. This toolkit will lower the bar for criminals looking to get into the phishing game. https://slashnext.com/blog/new-fishxproxy-phishing-kit-lowers-barriers-for-cybercriminals/
A caregiver from Bensalem, Pennsylvania, was sentenced to 12-24 months in county jail for faking a cancer diagnosis and stealing from women she cared for. She pleaded guilty to charges including financial exploitation of an older adult, identity theft, and access device fraud. Kudos to the investigators with the Newtown Township Police Department! https://www.abc27.com/pennsylvania/pennsylvania-con-artist-who-faked-cancer-diagnosis-stole-from-patients-families-sentenced/
The Justice Department seized two domain names and searched 968 social media accounts linked to a Russian-operated bot farm, which spread disinformation. The organizers used AI to create fictitious profiles that promoted Russian government objectives, often posing as individuals in the United States. https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners
AT&T suffered a data breach affecting “nearly all” of its customers. Hackers exploited a vulnerability in cloud data giant Snowflake, where AT&T stored customer data, leading to the theft of phone records, including call and text logs. The breach occurred between May 2022 and October 2022, exposing sensitive information such as phone numbers, call durations, and cell site locations. While the content of calls and texts wasn't compromised, the stolen metadata poses a substantial risk to customer privacy. AT&T is notifying affected customers and cooperating with law enforcement to apprehend those responsible. AT&T customers should be prepared for an increase SMS text message attacks. https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/
Cool Job
Lead Fraud Instructor - FICO. https://fico.wd1.myworkdayjobs.com/en-US/External/job/Work-from-Home-United-States/Lead-Fraud-Instructor_29561
Cool Tool
Run virtual machines on your iPhone. https://getutm.app/
DigiKam 8.4.0 is released. https://www.digikam.org/news/2024-07-14-8.4.0_release_announcement/
Irrelevant
How to deal with an opinionated co-worker (or newsletter writer) https://hbr.org/2024/07/when-a-coworker-keeps-giving-you-unsolicited-advice
Sign Off
People who live in places with nice weather year-round don't understand the concept of summer, or the need to embrace it while you have it. Because soon enough, you'll be back to long pants, puffy jackets, and that brutal bone-chilling wind. You won't see the sun for days, and white stuff will fall from the sky every time you have somewhere you need to be.
So for my readers in the northeast and upper mid-west, spend an extra minute by the pool this week. Sit on the porch a little longer. Extend that walk in the fresh air a bit further. Yes, it’s been hot, but the dark, cold sky of the long northern winter will soon return, and you’ll long for a moment of warmth.
Matt
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.