Archive for July 31, 2020

BREAKING: Florida Teen Busted For Epic Twitter Hack [UPDATE: Three Charged]

Posted in Commentary with tags on July 31, 2020 by itnerd

Today is the day for breaking news. ABC News is reporting that a Florida teen has been arrested in relation to the epic Twitter hack from earlier this month:

The 17-year-old Tampa resident, who was arrested Friday, was hit with 30 felony charges in connection with the hack, according to Hillsborough State Attorney Andrew Warren.

“These crimes were perpetrated using the names of famous people and celebrities, but they’re not the primary victims here,” Warren said in a statement. “This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that.” 

The Florida teen was the “mastermind” of the hack, according to a statement from Warren’s office.

That kind of implies that other arrests are coming or perhaps have already been made. Either way, this is huge. Expect more news to come shortly.

UPDATE: Here’s more. A Justice Department release has three people charged in connection to this hack. We only know of one that was arrested (the 17 y/o) in Florida. So I have to assume that the other two are still outstanding.

BREAKING: Microsoft Is Said To Be In Talks To Buy TikTok’s US Operations

Posted in Commentary with tags on July 31, 2020 by itnerd

From the “I didn’t see this coming” department comes this news that Microsoft is looking to buy TikTok’s US operations:

Amid reports that President Donald Trump plans to order TikTok’s parent company, ByteDance, to sell the social-media app’s US operations, Microsoft has emerged as a potential buyer.

News of the talks was reported first by Fox Business Network’s Charles Gasparino on Friday and later by The New York Times and Bloomberg.

In a statement to Business Insider, a TikTok representative said, “While we do not comment on rumors or speculation, we are confident in the long-term success of TikTok.” Microsoft declined to comment.

Well, this is one hell of a plot twist. Clearly I shouldn’t have any plans for this evening as this is an evolving story. Buckle up!

BREAKING: Trump To Sign Executive Order To Force ByteDance To Divest Itself Of TikTok Related Operations In The US

Posted in Commentary with tags on July 31, 2020 by itnerd

According to Bloomberg, the Chinese owned social media network TikTok may be about to face a ban of sorts in the US as President Trump is looking to sign an executive order to force its US operations out of Chinese hands:

President Donald Trump plans to announce a decision ordering China’s ByteDance Ltd. to divest its ownership of the popular U.S.-based music-video app TikTok, according to people familiar with the matter.

The U.S. has been investigating potential national security risks due to the company’s control of the app, and Trump’s decision could be announced as soon as Friday.

Spokespeople for the White House and Treasury Department didn’t immediately respond to requests for comment. A TikTok spokesperson couldn’t be reached for comment.

I wonder just how this will be achieved and most importantly, if China will allow it even assuming that the US administration can pull this off somehow. It’s all very sketchy to me. But I suppose we’ll find out shortly.

BREAKING: Canada Releases COVID-19 Tracing App

Posted in Commentary with tags , on July 31, 2020 by itnerd

The Government of Canada has just released its COVID-19 tracing app today. Called COVID Alert, the app is now available for download for iOS and Android users. It uses the Exposure Notification API developed by Apple and Google which you can read about here. And it was built by Shopify and BlackBerry.

The whole point of the app is that if enough people download it, like 60% or more, then the app will alert you if you have been potentially exposed to someone who has tested positive COVID-19. The app doesn’t use GPS to determine this. Instead it uses Bluetooth to keep track of users of the app that you come across and it is completely anonymous.

For Android, you need to have Android 6 or higher, and for iOS you need iOS 13.5 or later. I’ve downloaded it and it looks simple and easy to use. It also does a good job of explaining the purpose of the app and how it works. I for one hope that as many people across Canada download and use the app so that it will help Canada to flatten the curve and keep it flat.

UPDATE: Here’s a video about the app:

In Depth: KABN

Posted in Commentary on July 31, 2020 by itnerd

KABN knows the importance of online identity.  Our Identity is what makes us unique, but since the inception of the Internet, digital identity has been an afterthought.  With today’s acceleration of online commerce, education, healthcare, government and other services, digital identity and the data that surrounds it is online “gold”.  KABN also believes that ownership of identity is a basic human right and individuals should be the primary beneficiary of any use of their identity.

  • In the “real world,” it’s easy to prove who you are either by visual or traditional identity verification.  It’s a process that most people are accustomed to following.  Most people carry their wallets and keyring to hold their Identity documents and access items (keys) for their valuables (home, car). 
  • In the “online world,” it’s not that easy to prove that “you are you”.  Identity verification is managed on a site-by-site basis and users are required to deliver sensitive documents to unknown 3rd parties, potentially compromising the value of their identity and increasingly exposing themselves to the risk of identity fraud. As more and more services are offered online and more people, especially Millennials and Gen Z’s, spend their lives (play, shop, educate, work) online, it makes it is equally important to have your identity verified in the online realm. Also, every organization has a slightly different way of managing identity.  Some just want your credit card information.  Some may want private identity information, requiring consumers to trust vendors without knowing how their information is stored, used, or who has access to it. There is a lot of “friction” with this, as the process is continually repeated from organization to organization, effectively reducing the value of a person’s private documentation and making them susceptible to identity theft.
  • Proving identity online is not easy. KABN changes all that with KABN ID and Liquid Avatar, and  a suite of services  (KABN ID, LIQUID AVATAR, PEGASUS FLYTE VISA CARD, AND KABN KASH) that starts with a verified, bank grade digital identity that is controlled and managed by the user, is reusable and transportable and, best of all, FREE to consumers.  This process supports both commercial clients and consumers by making it easier to verify, manage and engage with known users. 
  • KABN ID, is a reusable, Always On, compliant, biometrically-based, identity verification and validation platform that forms the engine of the KABN Network.
  • Liquid Avatar, Liquid Avatar – www.liquidavatar.com  isa digital image-based “wallet and keyring” platform that allows usersto manage their digital identity.
  • Pegasus Flyte Visa Card, an approved prepaid Visa card that includes a Mobile Banking Wallet that supports both digital and traditional currencies.
  • KABN KASH, a robust loyalty and engagement platform with cashback and card-linked programs.

HOW IT WORKS:

By visiting www.liquiavatar.com or using the Liquid Avatar App, a user can create a fully custom-designed representation of themselves (character, fantasy, icon, etc.) that can be used online, through email, text, social media, games, and on the web to represent themselves as a person.  Liquid Avatars will work with email, text and social media and across virtually every device, platform and network.

Liquid Avatars are powered by KABN ID, providing users with a reusable, verified digital identity platform powered by blockchain-based technology and biometrics (facial recognition and eventually other factors, like voice, fingerprint, etc.), ensuring that no two Avatars are ever the same and also giving each person easy to use, complete and secure control over their image and connected information.    

Liquid Avatar is applicable to 100% of the online consumer and business markets

There are a host of use cases including:

  • Identity Fraud Reduction – to prove that a user is the intended recipient of any service or offering through multi-factor authentication that includes biometrics.
  • Purchase Validation for eCommerce – confirming that the user is authorized to use credit cards and other payment methods.
  • eSports and Online Gaming – verifying prizing, players and cross-referencing multiple accounts.
  • Information / Data Services – creating aggregated public information to generate offers and solutions exclusively for Liquid Avatar users.
  • Education – verifying that registered students are those actually taking classes, completing work and exams, and receiving academic credit.
  • Government – supporting local, state and national government initiatives.
  • Healthcare – creating privacy, record transfer/sharing and portability.

KABN creates verified, validated online identities that are:

Reusable – Individual users are provided with a KABN ID and don’t have to share/reshare private documents with any KABN partners (about 20 partners and growing)

Always On – KABN ID holders are continuously monitored for AML (anti-money laundering) and Adverse media changes and we can provide our partners with any change to an individual user’s status.

Customer controlled / benefits – KABN ID creates value for its individual users by letting them benefit and control the value propositions that they see based on their aggregated, permission based public identity.  KABN delivers offers and opportunities that fit their public profile, including owned, partnered and 3rd party programs and other data-supported, revenue-driven services.  KABN’s Liquid Avatar program “gamifies” the portability of digital identity.

Guest Post: Darktrace Email Finds: Two WeTransfer Impersonation Attacks Caught By AI

Posted in Commentary with tags on July 31, 2020 by itnerd

By: Dan Fien, Director of Email Security Products for the Americas, Darktrace

In recent months, Antigena Email has seen a surge in email attacks claiming to be from file sharing site WeTransfer. These attacks attempt to deploy malware into a recipient’s device and further infiltrate an organization. 

This is a common technique deployed by attackers, who find success in masquerading behind the trusted brands of well-known SaaS vendors. Darktrace has recently seen similar attacks leveraging both QuickBooks and Microsoft Teams

Incident one

This email was directed at an employee in the accounts department of a leading financial services organization in the APAC region. 

Figure 1: An interactive snapshot of Antigena Email’s user interface.

The subject line of this email – “We sent you an invoice via WeTransfer” – is typical of a solicitation attack. Hidden behind a button reading ‘Get your files’ was a webpage that contained malware but displayed a login page. If a user entered their username and password in an attempt to access this ‘invoice’, the malware would harvest their credentials and send them to the attacker.

Figure 2: The fake login page, branded as Microsoft Excel, which would have likely sent the credentials to a spreadsheet controlled by the attacker.

This attack bypassed the other security tools in place, but was detected by Antigena Email due to a number of anomalies that when stitched together unmistakably reveal a threat.

Figure 3: Antigena Email’s dashboard reveals the true sender of the email.

Critical for Antigena Email’s detection of this attack was that the email contained an anomalous link. It would be highly unusual for WeTransfer to link to SharePoint – a direct competitor – in their emails. The AI also recognized that neither the employee in the accounting department, nor anyone else in the organization, had previously visited the domain in question, and deemed this email to be 100% anomalous. These details, along with other characteristics of the URL, gave Darktrace’s AI reason to tag this email with the ‘suspicious link’ tag, prompting Antigena Email to double lock the offending link and hold the message back from the recipient’s inbox.

Incident two

A second incident leveraging WeTransfer’s name was detected just a week later at a law firm in Europe. This email was more sophisticated and even more convincing, appearing to come from the legitimate WeTransfer domain. However, it still set off over a dozen Darktrace models, again prompting Antigena to lock links and hold the email back.

Figure 4: An interactive UI snapshot of the second email.

This attack went a step further. Whereas in the previous scenario the attacker simply changed the personal name, leveraging <noreply[.]com>, here the attacker manipulated the headers to make the email appear to come from the WeTransfer domain. 

Recent research that will be further unveiled at BlackHat indicates there could be as many as 18 different methods to mislead common email verification checks like Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). Some of these techniques may be as simple as including two FROM lines in an email header, which may result in a mail server verifying the first FROM header while the email client displays the second FROM address. As a result, an email sent from an attacker’s mail server can be verified as coming from a legitimate address – in this case <noreply@wetransfer[.]com.

The familiarity of the apparent sender of this email is reflected in the ‘Depth’ and ‘Width’ scores below of 19 and 47 respectively, indicating moderate communication history. However, Antigena Email reveals that the true sender is from a rare domain, and one that is unrelated to WeTransfer.

Figure 6: The metrics of the second email.

Darktrace’s AI also detected two suspicious links within the email that were considered highly anomalous given previous communication between WeTransfer and the client. And importantly – the absence of a WeTransfer link!

Figure 7: Two links in the email were considered highly anomalous and threatening

These unusual links combined with the recognition of a spoofing attempt prompted Antigena Email to deem this email as 100% anomalous and intervene, protecting the recipient — and business — from harm. Despite this second email attack employing more sophisticated attack methods, allowing it to evade legacy email tools and closely resembling a legitimate email, Darktrace’s AI was able to recognize an even wider array of indicators that prompted it to hold the email back.

To learn more about Antigena Email, click here >