Threats Without Borders - Issue 198
Cybercrime Investigations Newsletter, week ending September 1, 2024
More physical world crime than cyber but still technology-related. Police Departments are seeking video footage from Tesla vehicles parked near crime scenes, as they are equipped with outward-facing cameras.
Sentry Mode is a feature on Tesla vehicles designed to provide an extra layer of security when parked. It utilizes the car's external cameras and sensors to monitor its surroundings and detect potential threats.
When Sentry Mode is activated, the car's cameras and sensors continuously monitor the surrounding area. The system will trigger an alert if they detect suspicious activity like someone approaching the vehicle or trying to break into it. This alert can take the form of an audible alarm, visual warning, and smartphone notification for the owner.
Sentry Mode also records video footage of the incident. The feature records noise and movement around the vehicle when empty and locked, storing the video in a USB drive in the glove box.
Police must serve search warrants on Tesla drivers individually to access camera footage, unlike self-driving cars where police subpoena the tech company. Police have obtained warrants to tow Teslas to ensure they don't lose video evidence when they can’t locate a vehicle's owner or the owner is unwilling to cooperate. Of course, voluntarily turning over the video footage to the owner is the easiest response for all involved.
This trend indicates the increasing role of mass surveillance in crime-fighting, including the use of cameras, license-plate scanners, security doorbells, and precise cellphone tracking.
For those of you working a crime scene, add Teslas vehicles to your potential evidence search list.
https://www.sfchronicle.com/crime/article/tesla-sentry-mode-police-evidence-19731000.php
Anyone for the Over/Under on how long until the first “I need a warrant to seize a Tesla” post on Kip Loving’s forum?
Some News…
Yeah, we don’t joke about deadly diseases or use them as bait for phishing awareness campaigns. As the person responsible for running my company’s phishing awareness and testing program, I’ve learned that some topics are too taboo to use as bait. The counter-argument is those are precisely the themes the attackers will use. Yes, that is correct, but HR and senior management don’t want to hear it. And I’d like to keep my job a bit longer. Deadly diseases capable of throwing the world into a pandemic is absolutely one of those off-limit themes. Someone at the University of California Santa Cruz (UCSC) didn’t get the message, though, and sent out a phishing simulation email that used a false claim about an Ebola virus case on campus. Turmoil and panic ensued. Obviously. https://www.bitdefender.com/blog/hotforsecurity/university-criticised-for-using-ebola-outbreak-lure-in-phishing-test/
Netskope Threat Labs has uncovered a large-scale QR code phishing campaign using Microsoft Sway. It saw a 2,000-fold increase in attacks in July 2024, primarily targeting users in Asia and North America, focusing on technology, manufacturing, and finance sectors. The campaign tricked users into scanning QR codes to steal Microsoft 365 credentials, using tactics like transparent phishing and Cloudflare Turnstile to boost effectiveness. https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-massive-qr-code-phishing-campaign/
Trend Micro published its Mid Year 2024 Cybersecurity Threat Report with powerful insights. https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/pushing-the-outer-limits-trend-micro-2024-midyear-cybersecurity-threat-report
A Pennsylvania man is accused of stealing $224,000 from his church over 14 years. Ironically, the funds were stolen from the church's Good Samaritan fund, set up to help people in need. The problem, as always, was that Reed had unrestricted access to the church's finances for 14 years and had been assuring the board that everything was in order. Say it all together now, “We were the controls?”. https://www.cbsnews.com/pittsburgh/news/man-accused-of-stealing-nearly-225000-from-st-john-lutheran-church-in-carnegie/
The FBI and CISA published a joint advisory warning about the rising threat of the ransomware group RansomHub, which has been linked to over 210 attacks since February. The group, known for targeting various sectors and exploiting vulnerabilities, poses a significant risk to organizations. They steal data and encrypt systems, demanding ransoms with deadlines ranging from 3 to 90 days. The agencies urge victims to report incidents and emphasize the importance of cybersecurity measures. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
Make sure you’re logging into the real Canva site! Attackers have been caught setting up fake Canva home pages. https://www.malwarebytes.com/blog/scams/2024/08/fake-canva-home-page-leads-to-browser-lock
HYAS warns about the increasing threat of phishing attacks targeting political donations as the US election approaches. Cybercriminals are creating fake domains that mimic legitimate donation websites to deceive donors and steal their money. The report highlights a specific phishing site, actsblue[.]com, impersonating the legitimate platform actblue[.]com. Notice the S in the spoof? It also lists other suspicious domains registered with similar configurations, suggesting a coordinated effort by threat actors. https://www.hyas.com/blog/special-bulletin-us-election-phishing-alert
CISA unveiled its new cyber incident reporting portal. https://myservices.cisa.gov/irf
Cool Tool
Search for usernames across 2000 websites. https://www.user-searcher.com/
Cool Job
Compliance and Sanctions Manager - FIFA World Cup2026. https://jobs.fifa.com/en/postings/ed6cc4ab-4f97-444c-864d-060b71fa199f
Basics
Cyber-dependent crimes rely on networked information and communications technology, mainly via the Internet. Without the Internet, committing these offenses would not be possible. Example: Network intrusions ie: hacking, or Distributed Denial of Service (DDOS) attacks. The crime can occur only within the cyber realm.
Cyber-enabled crimes are facilitated by Internet technologies but are not dependent on them. They can exist in a non-cyber form, and even if the networked technologies were removed, the crime could still take place locally and more likely on a one-to-one basis. Being cyber-enabled allows these crimes to be carried out at scale with less capital and sometimes with fewer criminal staff than would be needed for similar crimes offline. Example: Using a phishing email to collect a victim’s banking credentials and then logging into the account and transferring funds. You could still trick a person into providing access to their bank account through in-person conversation and then walk into the bank and initiate a transfer.
Cyber-assisted crimes differ from cyber-dependent and cyber-enabled crimes as they only utilize networked digital technologies in the course of criminal activity, which would occur regardless. Example: Using Google Maps rather than a paper map to research a potential victim’s location.
Irrelevant
Zinc leaves a terrible taste in your mouth and probably won’t prevent a cold. https://www.cochranelibrary.com/web/cochrane/content?templateType=full&urlTitle=%2Fcdsr%2Fdoi%2F10.1002%2F14651858.CD014914.pub2&doi=10.1002%2F14651858.CD014914.pub2&type=cdsr&contentLanguage=
Really Irrelevant
Cats of the Internet - All of them. https://catsoftheweb.com/
Sign Off
I trust you all enjoyed your holiday off. I’m not giving up on Summer yet, but it’s a loose grip.
Thank you for reading another issue of the Threats Without Borders newsletter. Please remember that you can always contact me by replying to the email that delivered the newsletter. Pithy comments and snark are always welcome, hate is accepted on a case-by-case basis.
Have a great week.
Matt
“YOU’RE NEVER TOO IMPORTANT TO BE NICE TO PEOPLE” - even if you publish an email newsletter.
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Report grammar errors HERE
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinion and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.
cybercrime cybersecurity investigations cyber cyficrime aml fraud financial crime
Just a random thought. If just owning a particular type of vehicle creates a risk that police will get a warrant for the whole car, because I happened to park near a place where a crime happened, I'm very unlikely to want that kind of car. And let's face it, some detectives will start with the warrant rather than asking nicely, first.
Not that I could possibly pay for a Tesla anyway but I now have one more reason not to even consider it.