Pete Recommends – Weekly highlights on cyber security issues, April 30, 2022

Subject: Shut Stalkers Out of Your Tech
Source: Consumer Reports

People facing domestic abuse can take these steps to lock down their devices and eliminate stalkerware

People who are in or have left abusive relationships face very clear threats, including physical violence, sexual violence, emotional abuse, and verbal aggression. They may also come to realize they are being spied on or stalked—in person or virtually on their computers, phones, and connected devices. It can be frightening, but Consumer Reports has compiled a list of ways you can take back control.

Security and domestic violence experts say it’s critical to figure out how an abuser may be accessing information you haven’t shared, such as your physical location, who you’ve been speaking to, or details of personal conversations.

“You’re basically approaching the whole situation like you’re a detective,” says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.

People may assume that an abuser has installed stalkerware on their devices when the real explanation is simpler, says Toby Shulruff, senior technology safety specialist at the National Network to End Domestic Violence. “The more common thing is that all of these everyday features of our phones are used for monitoring,” she says.

See also:

More on Digital Security & Privacy

Subject: Anomaly 6 Tracked NSA and CIA Spies as Product Demo: Report
Source: Gizmodo

Anomaly 6 claims to be able to track billions of mobile phones, including those belonging to some of America’s top spy agencies.There exists an underworld data broker market devoted to auctioning off your information to the highest bidder. It’s an industry populated by professional creeps who buy and sell mobile data collected via invasive if legal means, often from nosy apps. A new report shows that one such company demonstrated just how creepy it could be by spying on some of America’s three letter agencies to show off its product.

The Intercept and Tech Inquiry report that a little-known Virginia data firm called Anomaly Six, or A6, displayed its surveillance capabilities by tracking mobile phones used by employees of the National Security Agency and the Central Intelligence Agency. The company reportedly uses highly accurate GPS data purchased from mobile apps to triangulate when and where a specific phone user is at any given time. This, along with other collected data points, allows the company to track 3 billion devices in “real time,” marketing materials viewed by the outlets suggests.

The Intercept has not independently verified A6’s capabilities, nor has Gizmodo. However, the firm’s supposed capabilities have been written about before. A previous investigation by The Wall Street Journal showed that A6 had embedded tracking software in hundreds of mobile apps as a means of collecting location data on millions of phone users.

Filed: TechPrivacy and Security

Subject: Cyber Command awards nearly $60M contract for ‘hunt forward’ operations
Source: FedScoop

U.S. Cyber Command has awarded a nearly $60 million contract to Sealing Technologies to provide equipment to conduct defensive cyber operations abroad on the networks of partner nations, the company announced Thursday.Specifically, the award is for so-called hunt-forward operations, which involve physically sending defensively-oriented cyber protection teams from the Cyber National Mission Force to foreign nations to hunt for threats on their networks at the invitation of host nations.

Sealing Technologies’ prototyped solution was awarded funding through an other transaction authority agreement (OTA) through the Defense Innovation Unit, the company said.

The equipment will support automated deployments, configurations and data flows for cyber ops. It is modular in self-contained units that can be carried on commercial aircraft, according to the company.

Recently, working with industry and academia, Cyber Command was able to develop new kits for hunt-forward operations that allow them to observe malicious cyber activity on more networks faster, Holly Baroody, deputy to the commander of the Cyber National Mission Force, said during an event hosted by AFCEA’s D.C. chapter Wednesday. v

“Through our hunt-forward operations, we’re able to detect and identify adversary malware and techniques, often before it’s used against the United States … We go where the intelligence tells us there’s a shared threat to our homeland,” Baroody said. “We then share that with the partner nation so that they can take the necessary steps to secure their networks. We also share our findings with other government partners like FBI, DHS CISA, as well as private industry, arming them with the information to bolster the defense of our homeland.”

Since 2018, Cyber Command has deployed teams more than 28 times to 15 nations on over 50 networks, Baroody said, including to Ukraine and NATO countries to bolster defense against Russian cyberattacks.

-In this Story-
Cyber Command, cyber national mission force, hunt forward, other transaction agreements (OTAs), persistent engagement, Sealing Technologies



Subject: How QR codes work and what makes them dangerous – a computer scientist explains
Source: The Conversation via LLRX

Among the many changes brought about by the pandemic is the widespread use of QR codes, graphical representations of digital data that can be printed and later scanned by a smartphone or other device.

QR codes have a wide range of uses that help people avoid contact with objects and close interactions with other people, including for sharing restaurant menus, email list sign-ups, car and home sales information, and checking in and out of medical and professional appointments.

QR codes are a close cousin of the bar codes on product packaging that cashiers scan with infrared scanners to let the checkout computer know what products are being purchased.

Bar codes store information along one axis, horizontally. QR codes store information in both vertical and horizontal axes, which allows them to hold significantly more data. That extra amount of data is what makes QR codes so versatile.

Are QR codes dangerous?

QR codes are not inherently dangerous. They are simply a way to store data. However, just as it can be hazardous to click links in emails, visiting URLs stored in QR codes can also be risky in several ways.

The QR code’s URL can take you to a phishing website that tries to trick you into entering your username or password for another website. The URL could take you to a legitimate website and trick that website into doing something harmful, such as giving an attacker access to your account. While such an attack requires a flaw in the website you are visiting, such vulnerabilities are common on the internet. The URL can take you to a malicious website that tricks another website you are logged into on the same device to take an unauthorized action.

Article topics:

Subject: White House announces new action plan addressing usage of drones

April 25 (UPI) — The White House on Monday released its first national plan to address potential illegal activities by drones meant to protect airspace, privacy and civil rights.

The Domestic Counter-Unmanned Aircraft Systems National Action Plan seeks an expansion of safeguards regarding the use of drones where the law has not caught up with technology and called on Congress to fill in current legal and law enforcement gaps.

“UAS serve many beneficial commercial and recreational purposes,” the White House said in a statement. “As has been the case with many technological advances, they can also be exploited for pernicious purposes.

“To protect our homeland and prevent their growing use from threatening the safety and security of our people, our communities and our institutions, this Counter-UAS National Action Plan will set new ground rules for the expanding uses of UAS and improve our defenses against the exploitation of UAS for inappropriate or dangerous purposes.”

The administration said it wants to create a National Counter-UAS training center to increase training accessibility and promote interagency cross-training and collaboration and an incident tracking database to have a better understanding of the overall domestic threats by drones.

Subject: ‘Hack DHS’ program identifies 122 vulnerabilities across networks
Source: FCW

On Monday, the Department of Homeland Security announced 450 researchers working in its first-ever “Hack the DHS” bug bounty program identified at least 122 vulnerabilities, 27 of which were considered “critical.”

Launched in December, the program had vetted security researchers and ethical hackers probe select external DHS systems for vulnerabilities, with the potential to receive up to $5,000 for their finds. According to DHS, the agency awarded $125,600 to researchers in the first of what will be a three-phase program that aims to better inform federal agencies and other public sector organizations about the pros and cons of bug bounty programs.

“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” DHS Chief Information Officer Eric Hysen said in a statement. “We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.”



Subject: Report: Four Cybercrime Statistics To Watch
Source: Nextgov

Romance scams are on the rise and so is blockchain hacking.

Romance scams are on the rise and cryptocurrency hackers are getting more effective at stealing from blockchain platforms, according to a report released this week by security platform Atlas VP.

The report shines a light on four cybercrimes that escalated over the past calendar year. Chief among them: Scammers carried out romance scams on a wider scale than ever before, costing Americans at least $350 million in 2021. Romance scams were particularly effective on those aged 60-69, and were part of substantial rises in fraud carried out among Americans, according to the Federal Trade Commission.

In total, the report documents $12 billion in cryptocurrency stolen by hackers in the past decade. The report states that up to 40% of the funds stolen during the past decade were executed through fake cryptocurrency exchanges.


Subject: Google adds more ways to remove yourself from Search results
Source: Android Central

Protect yourself from doxxing and hacking.

What you need to know

  • Google now lets you remove personal contact info from Search results that could be used to dox private citizens.
  • You can remove your email, address, and phone number if you can prove “Explicit or implicit threats” based on this information being public.
  • Publicly posted log-in credentials are now also removable.
  • It already allowed you to remove Search results for SSNs, financial information, and photos of documents.
  • Removing these from Google Search does not remove them from the site itself.

Google used to have a fairly rigid standard for what private citizens could object to in its Search results: credit card numbers, bank account IDs, or photos of your handwritten signatures, for example. Now, it has expanded its list of objectionable personal content so you can better protect yourself from 21st-century threats.

Subject: Amazon Workers Can Now Keep Cell Phones at Work
Source: Gizmodo

The company announced that workers in its operations facilities will be able to keep their phones with them permanently.

Following a deadly incident in an Illinois warehouse and internal pressure, Amazon has decided to allow employees in all its operations facilities worldwide to keep their personal cell phones with them permanently while at work.

As reported by Motherboard, and confirmed by Gizmodo, Amazon announced the policy change in its internal employee scheduling app on Wednesday. While it had previously banned cell phones in the workplace, the company changed its stance and allowed employees to keep their phones on them during the pandemic. Amazon had plans to reinstate the ban in January 2022 but scrapped them after a tornado struck its Edwardsville, Illinois warehouse last December, killing six workers.

Subject: Best Reverse Image Search Tool: Google, Bing, Pixsy, Tineye
Source: Gizmodo

From fake news to fake profiles, it’s important to know where the images that you’re looking at online have come from—and there are several different tools around to do just that. Whether you want to know where in the world a particular place is, who created a certain piece of digital art, or if the dating profile you’re looking at is showing an actual, real life person, here’s how to go about it.

Posted in: Blockchain, Civil Liberties, Communications, Cybersecurity, Economy, Privacy, Reference Resources, Search Engines, Search Strategies