Threats Without Borders - Issue 210
Cybercrime Investigation Newsletter, week ending November 24, 2024
Anecdotally, the second most common question asked in online investigator forums and email groups concerns acquiring data from cellular phone providers. I say second because the most frequent question is, "Hey, I need a warrant go-by for company X." Regardless, three other investigators requested the same warrant in the past week, and five other investigators shared samples.
Anyway, back to the need to acquire data from cell phone companies. I consider myself pretty smart in most things cyber and networking, but cellular technology is mostly beyond me. Or at least, I’ve never put much effort into learning it. I understand the technology at a high level, but I'm out once you get down-in-the weeds of tower-to-handset connections, packet transfers, and geolocation by tower sector.
Most investigators and cybersecurity professionals are probably in a similar situation.
And it’s about to get more complicated: Enter Starlink Direct to Cell!
Starlink now offers voice and text services to all LTE mobile devices along with Internet data connectivity. Or as they call it; A Cellphone Tower in Outer-Space.
So, almost every cell phone is about to become a satellite phone.
Add learning Satellite Technology to your to-do list.
https://www.starlink.com/business/direct-to-cell
The News…
The Wall Street Journal published a compelling article titled “We can’t quit paper checks, and that’s a gold mine for scammers.” Unfortunately, it’s behind a paywall. If you know someone with a WSJ subscription or can bypass the wall, I’d suggest you read it. https://www.wsj.com/finance/banking/paper-checks-fraud-scam-banks-9e4fb940
A modified and limited version of the WSJ article was published on MSN. https://www.msn.com/en-us/money/personalfinance/we-can-t-give-up-paper-checks-and-that-s-a-gold-mine-for-scammers/ar-AA1ulAvI
Lenderman says Quishing, I say QRishing. Tomato, tomato, I guess. Regardless of what you call it, it's a significant concern for the cybersecurity community. The Cisco Talos team believes malicious QR codes have become a “significant” problem, with 60% of emails containing QR codes being malicious. These codes can bypass anti-spam filters and lead to phishing pages, malware, or other harmful sites. The issue is that QR codes are displayed as images, making it difficult for anti-spam systems to identify and filter them. https://blog.talosintelligence.com/malicious_qr_codes/
Maybe try this on a Toyota? A lime-green Huracan is going to get noticed. Hackers stole MLB star Kris Bryant's $200,000 Lamborghini Huracan by compromising the email of the transport company and rerouting the car to a different destination in Las Vegas. The car was recovered a week later, and the investigation led to multiple suspects' arrest and other stolen vehicles' recovery. https://www.carscoops.com/2024/11/high-tech-thieves-steal-mlb-players-lamborghini-huracan/
The Justice Department seized PopeyeTools, an illicit website and marketplace dedicated to selling stolen credit cards and other tools for cybercrime and fraud. Three administrators were charged with conspiracy to commit access device fraud, trafficking access devices, and soliciting another person to offer access devices. https://www.justice.gov/opa/pr/justice-department-seizes-cybercrime-website-and-charges-its-administrators
Regular readers of Tw/oB know that its author is an enthusiastic commentator on Distributed Denial of Service Attacks (DDoS). These attacks have posed a significant threat over the last decade, with escalating volume and sophistication. According to Cloudflare, DDoS attacks grew exponentially: a 20x increase in bits per second from 2013 to 2024, a 10x increase in packets per second from 2015 to 2024, and a 70x increase in requests per second from 2014 to 2024. The largest attacks increased from Gigabits per second (Gbps) to Terabits per second (Tbps), peaking at 5.6 Tbps in 2024. Cloudflare has mitigated over 14.5 million DDoS attacks since 2024, averaging 2,200 attacks per hour, underscoring the need for strong defenses against these evolving threats. https://blog.cloudflare.com/bigger-and-badder-how-ddos-attack-sizes-have-evolved-over-the-last-decade/
Lawfare Institute, a staunch supporter of the deep state, published an article declaring that encryption tools are “needed now more than ever” to protect us from the deep state. It’s all so confusing; I wonder what has changed their view? https://www.lawfaremedia.org/article/end-to-end-encryption-is-a-critical-national-security-tool
A company has created an AI tool that sounds like an elderly grandmother, designed to keep phone scammers on calls to waste their time. It stated that the tool has been successful in keeping numerous scammers on calls for up to 40 minutes at a time, frustrating them with meandering stories and explanations about their tech use, as well as providing false personal information and made-up bank details. https://www.msn.com/en-us/news/technology/ai-tool-that-sounds-like-a-grandmother-created-to-waste-phone-scammers-time/ar-AA1u2LrN?cvid=1A4DA147A2E54
Marketing Director steals $870,000 from the local visitor’s bureau. How does this happen? I know how it happens, but how does it happen? I assume others worked there, like a CEO or Board of Directors, or even a treasurer or business manager. Three-quarters of a million dollars over six years? Good grief…say it all together now…where were the controls? https://www.pennlive.com/news/2024/11/ex-marketing-director-of-central-pa-visitors-bureau-accused-of-stealing-870k.html
The future of CISA is uncertain (Google “CISA and Rand Paul"). As a government entity, I have mixed feelings about the agency, but I like Jen Easterly and believe she has been a good steward of the organization. https://www.nextgov.com/people/2024/11/cisa-director-jen-easterly-depart-inauguration-day/401036/
Attackers bypass traditional email filters and endpoint protections by embedding malicious links within Google Docs, leveraging the inherent trust associated with the service. This report from EclecticIQ details a phishing campaign targeting the telecommunications and financial sectors, leveraging Google Docs and free Weebly websites to deliver malicious links and bypass security measures. https://blog.eclecticiq.com/financially-motivated-threat-actor-leveraged-google-docs-and-weebly-services-to-target-telecom-and-financial-sectors
DFIR
Understanding the security impacts of iOS 18’s inactivity reboot
Cool Job
Enterprise Risk Manager - Toast Capital. https://careers.toasttab.com/jobs/enterprise-risk-manager-fintech-boston-massachusetts-united-states
Fraud Manager - Kish Bank. https://workforcenow.adp.com/mascsr/default/mdf/recruitment/recruitment.html?cid=7d0b3f55-7098-4f20-892a-25021f205941&ccId=19000101_000001&type=MP&lang=en_US&jobId=503876
Cool Tool
This site provides several good tools for cryptocurrency investigations, including a “wallet watch” where you’ll receive an email when there is an activity within the target wallet. https://cryptocurrencyalerting.com/
OSINT or hacking? It’s a fine line. Search for Hosts, CVEs & Exposed Buckets/Files: https://search.odin.io/
Irrelevant
File this under Obvious: Man who stole $500 in Red Bull Energy Drinks leads police on 120 MPH chase. https://www.firstalert4.com/2024/11/22/man-charged-with-stealing-shopping-cart-red-bull-leading-ofallon-police-120-mph-pursuit/
Sign Off
Welcome to our new subscribers! I’m thrilled to have you here. I understand how valuable your attention is, and I truly appreciate that you’re choosing to read this newsletter.
It’s Thanksgiving week, and I plan to spend the holiday being thankful, something I haven’t always done in the past. I hope you will too. Enjoy your time with friends and family.
See you all next week!
Matt
“GOOD JUDGMENT COMES FROM EXPERIENCE, AND A LOT OF THAT COMES FROM BAD JUDGMENT”
Published every Tuesday, Threats Without Borders offers original commentary and educational pieces related to cybercrime investigations and information security topics. We also summarize and comment on news articles concerning active threat intelligence for the financial industry. The newsletter interests everyone tasked with cybersecurity or involved in preventing or investigating technology-enabled fraud, theft, or money laundering.
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.