I remember hearing the first tower was struck like it was yesterday. I remember Howard Stern announcing the news (he was on FM radio back then) and wondering if it was part of a bad joke. I remember who I was with and how the POS 1995 Chevrolet Caprice we were driving skipped a gear. I remember the instructor of the Intoxylizer 5000 breath testing instrument training class we were enrolled in turning on a television so we could watch the news. Very little training went on that day but we all received our Breath Test Operator certificates anyways. And even more important, we received a new reality. Never Forget!

Check out the robots.txt page on your favorite website, or maybe a least favorite website. Webcrawlers of Google, Bing, and DuckDuckGo, are essentially robots set loose to scour the Internet for information. These collectors catalog and index the data so it’s available for you upon request.

The robots.txt page of a website is usually the first page a crawler hits to obtain the permissions established by the site owners. As described by Cloudflare, “think of a robots.txt file as being like a "Code of Conduct" sign posted on the wall at a gym, a bar, or a community center: The sign itself has no power to enforce the listed rules, but "good" patrons will follow the rules, while "bad" ones are likely to break them and get themselves banned”.

Not every web designer includes a robot.txt page but the ones that do usually tip their hand with the established rules. The pages that are marked “disallow” mean the site owners are protective of the content and don’t want it cached by the search engines. Many times these pages will also be excluded from the site menus. Pay attention to these pages when conducting investigations.

To access the robot.txt file just append the main website URL with “/robot.txt” after the root domain. For example the robots.txt page of CNN is located at: https://www.cnn.com/robots.txt and the one for Fox News is https://www.foxnews.com/robots.txt. This works on almost all root domains. Check out https://www.cia.gov/robots.txt.

The robots.txt page will also direct the crawlers to the sitemap of the website. This is useful during investigations as you will find pages not listed on the published site menus. Sitemaps are usually written in XML and URL can be copied and pasted into your web browser.

Yes, the newsletter was sent a bit early this week so I could travel to ResponderCon. Find me if you’re here are also. https://respondercon.io/

Financial Services Extortion

OK, this article is rather technical and a sales pitch for their services, but Akamai does a really good job explaining how and why attackers are hitting financial service providers with dedicated denial of service attacks (DDOS). The company proposes the attacks are being directed at financial service providers to influence investment decisions. https://www.akamai.com/blog/security/ddos-in-financial-services

No rhyme or reason

The decision making of the United States Attorney’s Office to accept or decline a case always amaze me. Especially when it comes to fraud and financial cases. They will turn down cases for tens-of-thousands of dollars but then turn around and accept a case where the loss is minimal. I’m not saying the $16,000 this guy stole should be excused and he certainly should be held liable, but in the tale of pandemic relief fraud it’s peanuts. Good on them for taking this case and I hope it’s a trend that continues. https://www.pennlive.com/news/2022/09/pa-man-admits-illegally-receiving-16k-in-federal-jobless-benefits.html

Repeat after me…

I will not give my money to a Youtube dancer who promises a 35% return! Now say it again. A Youtuber from Taiwan who goes by the name “Nutty” pulled the ultimate exit scam to get away with an estimated 55 million USD. Authorities say over 6,000 people gave Nutty money to invest after being promised to see returns of up to 35 percent if they wired through cash. She is gone and so is their money. https://nypost.com/2022/08/31/youtuber-nutty-natthamon-khongchak-wanted-for-defrauding-followers/

Shutting schools down

And not because of Covid! The FBI, CISA, and MS-ISAC, issued a joint advisory concerning a new strain of ransomware that is targeting the education sector, specifically K-12 schools. The operators of the Vice Society ransomware strain obviously learned from the outrage of the past few years when Covid restrictions shut down schools. Administrators are going to do whatever it takes to keep the kids in class and that whatever is likely a huge ransom payment. https://www.cisa.gov/uscert/ncas/alerts/aa22-249a

Cool Jobs

Program Manager - Online Fraud Prevention: Apple https://jobs.apple.com/en-us/details/200394268/ww-program-manager-retail-online-fraud-prevention

Senior Fraud Investigator - Sandy Spring Bank https://sandyspringbank.csod.com/ats/careersite/JobDetails.aspx?site=1&id=2605

Cool Tools

https://www.osintcombine.com/reverse-image-analyzer - inspect that image

Every way to write text - https://yaytext.com/

Irrelevant

Starbucks got in trouble for restricting seating and restrooms, so they opened their spaces up to everyone - even non-customers. This created more problems as the homeless and mentally unstable made themselves right at home. Starbucks has a new plan - get rid of seating and restrooms altogether! https://www.inquirer.com/real-estate/commercial/starbucks-coffee-public-bathroom-restroom-downtown-20220908.html

Thanks for opening this weeks email and reading my prattle for another issue.

Matt

“Don’t drive faster than your headlights shine” - someone wiser than me.

What's this Newsletter about