Stepping away from CyFi Crime for a moment, Apple has recently announced they will begin scanning images for child sexual assault material (CSAM) before they are saved to the customers iCloud storage. This will be done automatically through hash signatures not an actual person review each photo. That would be resource prohibitive and exhaustive. Still, it pushes the boundary. Both in technology and ethics. I am torn. As a member of the Internet Crimes Against Children Task Force (ICAC), I applaud the initiative and see its immense value in the effort to protect children. As a forward thinking technologist and libertarian - I’m fearful.
In reality though, this is already being done. Internet Service Providers are already comparing images passing through their servers to a CSAM database maintained by the National Center for Missing and Exploited Children.
But Apple is taking the program to the next level.
Kyle Rankin, Chief Security Officer for Purism, wrote a thoughtful editorial titled “The Internet of Snitches”. His concerns are valid. Yes, the goal is to protect children and end the scourge of CSAM, but at what cost to personal liberty. Because it’s not going to end at scanning a mathematical calculation of your vacation photos.
https://puri.sm/posts/internet-of-snitches/
All World has all the Cardz
To promote their new online carding shop, the admins of the All World Cards forum released the fullz for one million credit cards. The accounts were allegedly compromised between 2018 and 2019, but research shows some of the cards are still valid. The Cyble Research Team reviewed the dump and estimates that 20% of the cards are still good. You can find a complete list of the financial institutions involved here. https://www.bleepingcomputer.com/news/security/one-million-stolen-credit-cards-leaked-to-promote-carding-market/
Reverse OSINT?
Brian Krebs writes about a new service that allows the user to see how intelligence services can trace their cryptocurrency transactions. The service is considered “antianalysis”. Krebs writes “Tom Robinson, co-founder of blockchain intelligence firm Elliptic, said Antinalysis is designed to help crypto money launderers test whether their funds will be identified as proceeds of crime by regulated financial exchanges.”. https://krebsonsecurity.com/2021/08/new-anti-anti-money-laundering-services-for-crooks/
Fraud up…prosecutions down…
The Transactional Records Access Clearinghouse at Syracuse University studied the rate of white collar crime prosecution so far for 2021 and compared the numbers over the past twenty-years. The data shows the continued downward trend of criminal prosecutions for business crimes and fraud. The numbers and analysis are solid, but I disagree with their assertion that the numbers continue to fall because fraud offenses are in decline. Maybe not being reported, maybe not being recognized, maybe not being investigated, but there certainly isn’t a decline in fraud offenses. https://trac.syr.edu/tracreports/crim/655/
What I just said…
Contrasting the above referenced TRAC report, TransUnion issued a report detailing their analysis of global fraud for the second quarter of 2021. The report shows the overall rate of suspected online fraud attempts jumped by 16.5% worldwide compared with the same period in 2020, and U.S.-based incidents grew by a similar percentage, 17.1%. And the study shows the cybercriminals are moving away from traditional targets and attacking gaming and leisure businesses. The U.S. gaming industry felt a 261% surge in fraud over the past year. https://www.cnbc.com/2021/08/11/cyber-fraud-shifts-to-gaming-travel-and-leisure-report-finds.html
The Rest…
FINCEN fines BitMEX $100 Million for BSA violations. https://www.fincen.gov/news/news-releases/fincen-announces-100-million-enforcement-action-against-unregistered-futures
A rather lengthy and detailed analysis of the legality of ransomware payments. A must read for anyone who investigates ransomware incidents or counsels business leaders dealing with an attack. https://www.lawfareblog.com/ransomware-payments-and-law
Are you a T-Mobile subscriber? You might be pwnd! The company is confirming an early report of a data breach. https://www.vice.com/en/article/y3d4dw/t-mobile-confirms-it-was-hacked
DKIM, DMARC, and SPF, oh my. Alex Blackie reviews email security. You need to read this if you use your own domain for email. https://www.alexblackie.com/articles/email-authenticity-dkim-spf-dmarc/
Cool Tool
The worlds largest database of cellular towers:
“Ignore what others may be thinking of you, because they aren’t” - someone smarter than me.
The world is crazy right now and I appreciate that you took a few minutes to read this newsletter. Thank You for your attention.
Matt