Subject: IRS’ plans for cracking cryptocurrency wallets
Over the past decade, the emergence and rapid adoption of cryptocurrencies have led many to hold their assets in cryptowallets, purpose-built software and devices that store the public and private cryptographic keys to track ownership of cryptocurrencies so users can send, receive and store digital currency.
While cryptocurrencies and wallets are legal, they are often used in ransomware attacks, where criminals demand payment in virtually untraceable Bitcoin. Even if a hardware cryptowallet — one of the most secure wallet types that is often used for storing large amounts of cryptocurrency — is submitted as evidence in a criminal investigation, law enforcement has no way to access the data if its owner is unwilling or unable to unlock the wallet.
Now, the IRS’ Criminal Investigation unit will be working to unlock cryptocurrency wallets so investigators can more easily track the movement of cryptocurrencies and potentially recover stolen assets and prevent theft of digital currency.
IRS will be working with VTO Inc., a Colorado-based firm specializing in device forensics, to research and develop techniques for gaining access to cryptowallets by exploiting hardware, software and firmware vulnerabilities that may exist in the secure devices.
- Read more about the project here.
- Filed: https://gcn.com/portals/emerging-tech.aspx
- RSS: https://gcn.com/rss-feeds/emerging-tech.aspx
At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations.32-year old Matthew Gatrel of St. Charles, Illinois, ran two websites that allowed paying users to launch more than 200,000 DDoS attacks on targets in both the private and public sector.
Booter service and bulletproof server hosting.
Related Articles: Yandex is battling the largest DDoS in Russian Internet history
MikroTik shares info on securing routers hit by massive Mēris botnet
New Mēris botnet breaks DDoS record with 21.8 million RPS attack
HTTP DDoS attacks reach unprecedented 17 million requests per second
DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices
Subject: Mozilla VPN boosted with multi-hop, blocking and custom DNS features
Source: gHacks Tech News
Mozilla introduced new privacy features to its VPN service, Mozilla VPN, earlier this week. The organization launched Mozilla VPN back in June 2020 in select regions and has expanded the availability since then.Mozilla partnered with Mullvad, a Swedish company, and uses the company’s infrastructure for its own Mozilla VPN product.
Mozilla VPN lacked some of the features of Mullvad’s own VPN client, such as support for multi-hop connections or the integrated content blocker.
The update that Mozilla released this week introduces support for these features in the VPN client.
Mozilla’s official blog highlights the three new privacy features.
Other Firefox articles RSS: https://www.ghacks.net/category/firefox/feed/
Subject: How Cryptocurrency Can Keep Americans Free
Source: NYTimes via RISKS Digest
https://catless.ncl.ac.uk/Risks/32/88/#subj2.1 – “Gabe Goldberg” <[email protected]>
Subject: Facebook rebukes WSJ over investigation on the platform’s ability to harm, ‘toxic’ impact
Facebook has criticized a series of investigations published by the Wall Street Journal as containing “deliberate mischaracterizations” which “confer egregiously false motives to Facebook’s leadership and employees.”Recently, the WSJ has published “The Facebook Files,” a set of articles based on a review of the social media giant’s internal documents, research, draft presentations, and online employee discussions.
Among the reports is an allegation made by the news outlet that the company knows its platforms — including Facebook and Instagram — are “riddled” with flaws that “cause harm, often in ways only the company fully understands” and these alleged issues are known all the way up to the chief executive, Mark Zuckerberg.
Among its reports, the WSJ says that changes made by Facebook to its algorithms three years ago to improve user connectivity and well-being made the platform “angrier” instead, with staff members warning of the potential damage being done. Changes were then allegedly resisted due to concerns surrounding declining user engagement.
In addition, the publication says that researchers inside Instagram have found that the app is “harmful” and “toxic” for some younger users; in particular, teenage girls.
In response, former UK politician and now Facebook Vice President of Global Affairs Nick Clegg said in a blog post on Saturday that the series “contained deliberate mischaracterizations of what we are trying to do, and conferred egregiously false motives to Facebook’s leadership and employees.”
Previous and related coverage
- Quick, easy (and free) way to make Facebook more bearable
- Facebook is the AOL of 2021
- Facebook says Chinese hackers used its platform in targeted campaign to infect, surveil user devices
RSS Security feed: https://www.zdnet.com/topic/security/rss.xml
When you apply for housing, some screening companies plug your personal details into algorithms and rate you as a potential tenant. These scores can have a huge impact on your life when you’re trying to get approved for an apartment.
In this guide, you’ll find answers to the following questions:
How can these scores affect me?
My score is bad. What can I do to improve it?
What should I know when I apply for housing in the future?
How do I request my score from a screening company?
The company won’t turn over my score. What can I do?
Subject: Massive Troll Farms Revealed to Be Operating on Facebook
A report has found that troll farms, dedicated to peddling misinformation, were able to reach over 100 million Americans.
Jeff Allen, a former senior-level data scientist at Facebook who authored the report, said the following: “This is not normal. This is not healthy. We have empowered inauthentic actors to accumulate huge followings for largely unknown purposes.”
Social media businesses used to hide behind Section 230, a US law that declared social media companies to be separated from their users posts. For example, if someone posted COVID-19 misinformation on a social media platform, that platform would not be at risk.
However, that veil is starting to disappear, as judges are beginning to rule for exemptions from Section 230, putting pressure on social media to police their content.
Subject: Phishing attacks: Police make 106 arrests as they break up online fraud group
Subject: Senators Call on FTC to Conduct Privacy Rulemaking
Nine Democratic Senators led by Senator Richard Blumenthal have called on the Federal Trade Commission to conduct a rulemaking process to “protect consumer privacy, promote civil rights, and set clear safeguards on the collection and use of personal data in the digital economy.” “Americans’ identities have become the currency in an unregulated, hidden economy of data brokers that buy and sell sensitive information about their families, religious beliefs, healthcare needs, and every movement to shadowy interests, often without their awareness and consent,” the Senators said. Senators Schatz, Wyden, Warren, Coons, Luján, Klobuchar, Booker, and Markey joined Senator Blumenthal on the letter. EPIC has long urged the FTC to impose clear privacy obligations on companies that collect and use personal data, including by exercising the Commission’s underused rulemaking power. In 2020, EPIC filed a petition with the FTC calling on the Commission to conduct a rulemaking on the use of artificial intelligence in commercial settings. “By defining unfair and deceptive practices ex ante, and with specificity, a trade regulation rule would make it easier for the FTC to take action against parties that harm consumers,” EPIC explained.
Source: Markets Insider
- Palestinian Islamist group Hamas has raised nearly $1 million in crypto donations, Coinbase said on Tuesday.
- Hamas made staggering fundraising efforts in comparison to other militant groups, research found.
- The group began to seek crypto funds in January 2018 using a single donation address, but later provided new addresses.
Research conducted by the team, using data across various blockchains, found Hamas raised nearly $1 million in cryptocurrencies, mostly in bitcoin.
“This is likely because Hamas actively solicits donations primarily in the form of BTC on their website and related Telegram channels,” Coinbase said.
The team noted that periods of geopolitical conflict correlated to a boost in crypto donations for the nationalist group, specifically in May 2021 when Israel and Hamas were engaged in the worst violence in the region since 2014. But those funds may have been confiscated as Israel said in July that it had been seizing crypto wallets believed to be controlled by Hamas, but didn’t specify how many had been seized.
As a crypto exchange that works with global law enforcement agencies to track down illicit crypto operations, Coinbase said it plans to prevent such fundraising tactics through three steps:
Coinbase said unlawful activity accounted for less than 1% of activity in the crypto space in 2020, and is not a greater concern for the crypto-economy than the traditional financial system.
Subject: Ninth Circuit Says Warrantless Search of Google Files Automatically Reported to Police Violated Fourth Amendment
Subject: Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
Source: The Hacker News
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.
“BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators.”
Phishing-as-a-service differs from traditional phishing kits in that unlike the latter, which are sold as one-time payments to gain access to packaged files containing ready-to-use email phishing templates, they are subscription-based and follow a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft.
Source: The Register
A flaw in Microsoft’s Autodiscover protocol, used to configure Exchange clients like Outlook, can cause user credentials to leak to miscreants in certain circumstances.The upshot is that your Exchange-connected email client may give away your username and password to a stranger, if the flaw is successfully exploited. In a report scheduled to be published on Wednesday, security firm Guardicore said it has identified a design blunder that leaks web requests to Autodiscover domains that are outside the user’s domain but within the same top-level domain (TLD).
As Guardicore explained in a report provided to The Register, the client parses the email address – say, [email protected] – and tries to construct a URL for the configuration data using combinations of the email domain, a subdomain, and a path string as follows:
Three of the nation’s top cybersecurity leaders asked lawmakers to use fines in crafting legislation that would require private-sector entities to report incidents like ransomware and other cyberattacks. “I do think a compliance and enforcement mechanism is very important here,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly. I know some of the language talks about subpoena authority. My personal view is that is not an agile enough mechanism to allow us to get the information that we need to share it as rapidly as possible to prevent other potential victims from threat actors. So I think that we should look at fines.”
The effort to mandate some form of incident reporting for companies gained momentum after a string of major breaches, including those at government contractor SolarWinds—where nine federal agencies were affected—and at Colonial Pipeline, which temporarily upended fuel supply to much of the East Coast as ransomware attackers held their systems hostage.
Ad blockers. Maybe you love them, maybe you don’t think about them at all, but chances are, you know someone that’s using them. And it turns out a growing number of those people are in the federal ranks.Motherboard was first to report on a new letter Oregon Sen. Ron Wyden sent to the Office of Management and Budget (OMB) on Wednesday that describes some of the federal agencies deploying ad-blocking tech alongside a pretty reasonable request for those agencies not currently on board: Use a damn ad blocker. Please.
“I have pushed successive administrations to respond more appropriately to surveillance threats, including from foreign governments and criminals exploiting online advertising to hack federal systems,” Wyden wrote the letter. And indeed, thanks to massive scandals like Cambridge Analytica and the smaller privacy scandals that just keep on coming in its wake, it looks like some agencies finally agree that targeted ads are terrifying. In 2018, the National Security Agency (NSA) issued public guidance urging its ranks to block “unnecessary advertising web content.” In January of this year, the Cybersecurity and Infrastructure Security Agency (CISA) put out similar guidance for all federal agencies, urging officials to use ad blockers to protect against malware-laden ads, in particular.
“Adversaries can use carefully crafted and tailored malicious ads as part of a targeted campaign against a specific victim, not just as broad-spectrum attacks,” CISA’s guide reads….