Threats Without Borders - Issue 201
Cybercrime Investigation Newsletter, week ending September 22, 2024
Is a Virtual Private Network operator responsible for the traffic that runs through the network? Who should be accountable: the server owner/admin or the company that provides the hardware and network connections?
A recent discussion led me down the rabbit hole of creating and operating my own VPN server on a digital hosting platform. It’s really quite easy. In fact, Claude provided me the step-by-step instructions. It is so easy; even a guy who writes trash on the Internet can do it!
And inexpensive. You can lease virtual server space for less than ten dollars per month. Less than five in some cases.
So, if I stand up a VPN and allow some of my friends to use it, or a lot of my friends, or even publish the connection details in a forum, hey, I’m a generous guy, am I responsible for the conduct of anyone who uses that server? My intent is pure. I just wanted my gamer friends and me to be safe while communicating online. Don’t you know Big Brother is watching?
Logs? Don’t know anything about them. I didn’t think I should turn that feature on when configuring the VPN software. No logs = no user data.
Let’s take this one step further.
Is the person running a Tor node responsible for all the criminal activity conducted through the entire network? A criminal act could be transacted through their server at any moment, and honestly, they know that when they bring the node online.
Who is liable for victimization that occurs through a service providing masked or anonymized access to the Internet? Is it solely on the individual user of the service or the person providing the technology?
Wait, one more… is the technology provider responsible for policing all the activity their network facilitates? What if they don’t?
Wait, wait…just one more. Telegram has been coerced into sharing user phone numbers and IP addresses when served with legal orders. What if they decide not to keep logs?
Some News…
This open-source developer reveals how an attacker hijacked GitHub notification emails to impersonate Github security to deceive him into downloading malware. https://ianspence.com/blog/2024-09/github-email-hijack/
In this well-done threat intel share, Trustwave explains why criminals are moving to PaaS (Phishing as a Service) platforms. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/why-do-criminals-love-phishing-as-a-service-platforms/
Cofense warns about a sophisticated phishing scam impersonating HR departments and urges employees to review a revised employee handbook. The email uses a sense of urgency and official language to trick recipients into clicking a malicious link, leading them to a fake login page designed to steal their Microsoft credentials. The danger of this phishing attempt is that it closely resembles a legitimate email from HR and lacks the warning signs we instruct employees to watch for. https://cofense.com/blog/threat-actors-continue-to-utilize-hr-related-phishing-tactics
What's worse: mass surveillance from profiteering corporations or any solution the government offers? The Federal Trade Commission (FTC) has released a report detailing widespread user surveillance by social media and video streaming companies, particularly of children and teens. The report highlights concerns about data retention, sharing practices, targeted advertising, and lack of adequate protections for children and teens. The FTC calls for comprehensive federal privacy legislation, stricter data policies, and enhanced protections for teens and children on these platforms. https://www.ftc.gov/system/files/ftc_gov/pdf/Social-Media-6b-Report-9-11-2024.pdf
Using the Arc browser? Maybe reconsider. https://kibty.town/blog/arc/
I’ve occasionally dreamed of revenge, but reporting someone as a terrorist… is next level. A man from Philadelphia pleaded guilty to making a fake bomb and mass shooting threats related to a fantasy football dispute. He learned his nemesis was traveling to Norway for a semester abroad, so he called the Norwegian National Police to report the guy was coming with the intent of mass shooting. https://www.cbsnews.com/philadelphia/news/fantasy-football-bomb-mass-shooting-threats-guilty/
Malwarebytes reveals a scam targeting Walmart customers through malicious Google Ads. Scammers impersonate Walmart customer service using fake shopping lists and phone numbers. Victims are accused of money laundering and threatened with arrest, then pressured to transfer money into Bitcoin wallets. https://www.malwarebytes.com/blog/scams/2024/09/walmart-customers-scammed-via-fake-shopping-lists-threatened-with-arrest
Two scammers who used the online monikers of Anne Hathaway and VersaceGod, have been charged in a $230 million cryptocurrency scam. They are said to have used mixers, exchanges, VPNs, and pass-through wallets to launder the stolen funds, which of course, were spent on cars, jewelry, and travel. https://www.justice.gov/usao-dc/pr/indictment-charges-two-230-million-cryptocurrency-scam
Cool Job
Senior Principle Investigator, Cyber-Enabled Fraud - FINRA. https://finra.wd1.myworkdayjobs.com/en-US/FINRA/job/Boca-Raton-FL-Job-Posting/Senior-Principal-Investigator--Cyber-Enabled-Fraud-Group---All-FINRA-Locations_R-008413
Cool Tool
Open source document scanner for the iPhone. https://github.com/pencilresearch/OpenScanner?tab=readme-ov-file or download from the App store - https://apps.apple.com/us/app/open-scanner-pdf-scanning/id6578414558
Cyber Basics
With the introduction of the iPhone 16, Apple is moving towards the JPEG XL as its image file format of choice.
JPEG XL is a modern image format that provides better compression efficiency. It can produce smaller file sizes while maintaining high image quality, making it perfect for web use and saving bandwidth. Unlike older formats like JPEG and PNG, it supports lossy and lossless compression, offering flexibility for different use cases. JPEG XL is also future-proof, as it supports wide color gamuts, high dynamic range (HDR), and animations while remaining backward compatible with existing JPEGs.
Investigations concern: Android doesn’t support JPEG XL and Microsoft Windows requires third-party software tools to interact with the file format.
Irrelevant
Update your Apple HomePod (yes, you need to update it) https://www.cultofmac.com/how-to/how-to-get-the-latest-homepod-software-update
Be more decisive! https://www.psychologytoday.com/us/blog/fixing-families/202409/have-a-hard-time-making-decisions-how-to-be-more-decisive
Special Notice
Organizations in Pennsylvania: The new provisions of Pennsylvania’s Breach of Personal Information Notification Act go into effect this week (September 26, 2024).
https://www.attorneygeneral.gov/bpina/
Sign Off
Thank you for finding Issue 201 of the newsletter. Someone linked Issue 200 in a Reddit post, resulting in several new subscribers. Thank you, kind person, and welcome to new readers!
If you enjoy the content, please consider sharing the newsletter with your connections.
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or preventing or investigating technology-enabled fraud, theft, or money laundering.
sketchplanations.com
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.