Israeli defense minister Naftali Bennett describes Iran as an Octopus that spreads its influence across the middle-east through its long tentacles. Mr. Bennett is the original proponent of the "Octopus Doctrine" declaring the only way to successfully beat an octopus is to target its head. "When the tentacles of the octopus strike you, do not fight only against tentacles, but strike the head also". Life comes from the head not the tentacles.
The Biden administration has outlined a new strategy for combating ransomware and cybercrime as detailed in this Wall Street Journal article. The administration plans to target the financial infrastructure of ransomware gangs hoping to remove the financial incentive of cyber-criminality.
Targeting the financial systems is just striking at one of the tentacles. You may cut it off but seven more exist and as you battle those the injured one will grow back.
It seems the Octopus Doctrine is apropos. If we want to truly combat cybercrime we need to attack the head - the governments that allow safe harbor to the major cybercrime groups. These groups conduct business without fear of interference, or repercussions, because they are protected by nation states. As long as they play by the rules of the host government, of course.
Until we directly strike the enablers, we're just hacking at tentacles.
https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336?mod=djemalertNEWS
____________________________________________________________________________
Not love, probably fraud
The FBI’s Internet Crime Complaint Center (IC3) is confirming what those of us on the front lines have been seeing…you have a better chance of finding fraud on an online dating application than love. From January 1, 2021 — July 31, 2021, IC3 received over 1,800 complaints, related to online romance scams, resulting in losses of approximately $133,400,000. And that is probably only half of the true damage. People victimized through romance scams are usually so embarrassed by the betrayal they rarely report it. https://www.ic3.gov/Media/Y2021/PSA210916Main 2
At what price point
Law enforcement in southern California worked a sting operation on an organized retail theft group targeting TJ Max and Marshals stores and recovered over 2 million dollars in stolen merchandise. It’s hard to believe you can steal that much merchandise from these stores, as the ones I go to rarely have that much inventory that would be considered worthy of stealing. Of course, maybe thats because all of the good stuff has been stolen before I get there! I wonder how they calculate the dollar value of recovered goods? Is that 2 million dollars at retail price or 2 million dollars at discount store price? https://www.msn.com/en-us/news/crime/dollar2m-in-stolen-goods-found-4-arrested-in-tj-maxx-fence-operation/ar-AAOp8qI
Phone a fraud
A Bethlehem, PA teenager has been charged with using compromised credit cards to make unauthorized purchases and possessing the personal identifiable information of 236 persons on his cell phone. The article questions why there was a 15 month delay between the time when the phone was seized and the time of arrest. I’m willing to guess that is how long it took to get a forensic examination of the phone…or crack the PIN code that secured phone. Mobile forensic capacity is at a premium in law enforcement with most agencies waiting months (and months) for services. https://www.pennlive.com/crime/2021/09/pa-teen-charged-with-236-counts-of-id-theft-after-cops-find-information-on-his-cell-phone.html
Pineapple anyone?
There has been quite a bit written about a new Wi-Fi attack over the past week and I’m note sure if the researchers are just behind the times or I’m not understanding the exploit. As described, the method dubbed “SSID Stripping,” enables attackers to create an Access Point (AP) that appears to have the exact same name as a legitimate network. This sounds a lot like what the WiFi Pineapple by Hak5 has been doing for years. The flaw affects Windows, iOS and macOS, Android, and Ubuntu. https://aireye.tech/2021/09/13/the-ssid-stripping-vulnerability-when-you-dont-see-what-you-get/
The Rest…
A comprehensive explanation of how DKIM, DMARC, and SPF protocols work to secure email services and keep your employees from getting phished…obviously the technology isn’t “fool” proof. https://www.socinvestigation.com/what-are-spf-dkim-and-dmarc-protection-against-spoofing-and-phishing/
The entire Department of Justice for South Africa has been encrypted in a ransomware attack. The entire network. Seriously. https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/
The fake covid-19 vaccine card business is BOOMING! https://blog.checkpoint.com/2021/09/14/amid-vaccine-mandates-fake-vaccine-certificates-become-a-full-blown-industry/
AT&T lost over 200 Million Dollars due to a fraud scheme that spanned seven years. Malicious insiders facilitated the fraud! https://www.bleepingcomputer.com/news/security/atandt-lost-200m-in-seven-years-to-illegal-phone-unlocking-scheme/
____________________________________________________________________________
Cool Tool
Google dork to search the most popular paste web services. Just copy and past in a Google search tab - of course, replace the Your Search Term with your actual search term - keep the parentheses.
“YOUR SERCH TERM” site:pastebin.com | site:paste2.org | site:pastehtml.com | site:slexy.org | site:snipplr.com | site:snipt.net | site:textsnip.com | site:bitpaste.app | site:justpaste.it | site:heypasteit.com | site:hastebin.com | site:dpaste.org | site:dpaste.com | site:codepad.org | site:jsitor.com | site:codepen.io | site:jsfiddle.net | site:dotnetfiddle.net | site:phpfiddle.org | site:ide.geeksforgeeks.org | site:repl.it | site:ideone.com | site:paste.debian.net | site:paste.org | site:paste.org.ru | site:codebeautify.org | site:codeshare.io | site:trello.com
____________________________________________________________________________
“SUCCESS IS LIKING YOURSELF, LIKING WHAT YOU DO, AND LIKING HOW YOU DO IT.” - someone smarter than me
____________________________________________________________________________
One of my favorite events of the year is the OSDFCon - Open Source Digital Forensic Conference - that is held every year by Basis Technology (the company behind Autopsy and Cyber Triage). I’ve attended the conference live several times and virtually last year. This year the conference will again be held in a virtual format and it’s FREE! https://www.osdfcon.org/
____________________________________________________________________________
Thank You so much for opening and reading this weeks newsletter. I realize the immense competition for your time and the fact that you gave me a few minutes is meaningful.
See you next Tuesday.
Matt