Archive for FBI

Zeppelin Ransomware Advisory Issued By The FBI and CISA

Posted in Commentary with tags , on August 23, 2022 by itnerd

The CISA and FBI have put out an advisory on Zeppelin ransomware that is very much reading. The advisory goes into great detail about how the ransomware works and includes some threat mitigation strategies.

Dr Darren Williams, CEO and Founder of BlackFog has this comment to share:

     “Zeppelin ransomware, a fairly well-known malware strain has been in known use since 2019, often to target a wide range of businesses and critical infrastructure organizations. Zeppelin actors have been known to request ransom payments in Bitcoin, with initial amounts ranging from several thousand dollars to over a million dollars.

Zeppelin’s unique attack path is such that the FBI have observed the attackers executing the malware multiple times in the network, leaving a great big sting on the victim, who needs multiple unique decryption keys to combat the attack.

Attacks on hybrid working companies are nothing new, however it is crucial that employees remember they play a part in protecting themselves and the employer, too.

Attacks from vectors such as Zeppelin often start with a simple phishing email – employers must ensure they educate and remind their employees on cyber security best practices, to minimize attack risk. Standard, good cyber hygiene practice is essential here: remembering to regularly change passwords and use MFA as a basic practice. That said, if a threat actor wants to find their way in, they will! What matters is the data they were able to obtain and leave with…

Most cybercriminal gangs aim for extortion – organizations should also consider anti-data exfiltration to block the attacker and prevent data from being exfiltrated.”

I strongly suggest that you read this advisory because if the FBI and the CSI put out an advisory on this, you need to take it seriously.

FBI Says To Businesses To Stop Using Windows 7

Posted in Commentary with tags , on August 5, 2020 by itnerd

The Federal Bureau of Investigation sent a private industry notification (PIN) on Monday to partners in the US private sector about the dangers of continuing to use Windows 7 after the operating system reached its official end-of-life (EOL) earlier this year:

“The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status,” the agency said. “Continuing to use Windows 7 within an enterprise may provide cyber criminals access in to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. “With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target,” the FBI warned. The Bureau is now asking companies to look into upgrading their workstations to newer versions of the Windows operating system.

The FBI is right. With no security updates coming for this operating system from Microsoft, anyone who is still using Windows 7 is a prime target for cybercriminals. Thus if you are still using Windows 7 for whatever reason, it is in your interest to move to Windows 10 to keep yourself safe. I know that transitioning to a new OS is not a painless process. But it is the right thing to do if you want to stay safe. Microsoft has a blog post that has suggestions on how to make that transition here that can help.

Seeing As The FBI Has Unlocked An iPhone 11, Why Do They Need Apple’s Help To Unlock An iPhone 5 & 7?

Posted in Commentary with tags , , on January 16, 2020 by itnerd

Following up on the latest Apple v. FBI fight where the FBI wants Apple to unlock an iPhone 5 and 7 that belongs to a suspect in a terror incident, despite they fact that the FBI has the ability to do this on their own without Apple’s involvement, comes news that the FBI has apparently got the capability to unlock an iPhone 11 which has far higher levels of security than the iPhone 5 and 7 that they want Apple to unlock:

Last year, FBI investigators in Ohio used a hacking device called a GrayKey to draw data from the latest Apple model, the iPhone 11 Pro Max. The phone belonged to Baris Ali Koch, who was accused of helping his convicted brother flee the country by providing him with his own ID documents and lying to the police. He has now entered a plea agreement and is awaiting sentencing.

Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the device was locked. Mabjish also said he was unaware of any way the investigators could’ve acquired the passcode; Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware. The search warrant document obtained by Forbes, dated October 16 2019, also showed the phone in a locked state, giving the strongest indication yet that the FBI has access to a device that can acquire data from the latest iPhone. 

So given the facts above, why precisely does the FBI need Apple’s help to unlock an iPhone 5 and 7 given that they’ve unlocked something way more sophisticated from a security standpoint?

They don’t need Apple’s help. This is simply a stunt to get Congress to force companies like Apple to weaken the encryption on smartphones, computers, or anything else so that they can have access to them at any time for any reason. Or put another way, the FBI wants a backdoor into your device. As I have mentioned before, this is a bad idea. And as reports like these come out that show that this is an incredibly cynical attempt to push a political agenda, I would hope that the blowback that results makes those who are pushing this political agenda think twice.

The Latest Apple v. FBI Fight Shows That We Need A Middle Ground For Situations Like This

Posted in Commentary with tags , , on January 14, 2020 by itnerd

Yesterday a story hit news that the FBI via US Attorney General William Barr is demanding the help of Apple to unlock the phone of a Saudi citizen who went on a deadly shooting last month at a naval air station in Pensacola, Fla. that killed three and wounded eight.

“This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence,” Mr. Barr said. He called on technology companies to find a solution and complained that Apple had provided no “substantive assistance,” a charge that the company strongly denied on Monday night, saying it had been working with the F.B.I. since the day of the shooting.

Here’s what Apple said in response:

In a statement Monday night, Apple said the substantive aid it had provided law enforcement agencies included giving investigators access to the gunman’s iCloud account and transaction data for multiple accounts.

The company’s statement did not say whether Apple engineers would help the government get into the phones themselves. It said that “Americans do not have to choose between weakening encryption and solving investigations” because there are now so many ways for the government to obtain data from Apple’s devices — many of which Apple routinely helps the government execute.

So it seems like we are headed towards another FBI v. Apple fight. But let’s be clear. What this is all about is to ensure that the FBI or any other law enforcement agency or government can access any smart phone for any reason any time they want. While I understand that the FBI among others wants to protect people from any threat that exists, I don’t believe that this gives them the right to say that the rights of citizens get over-ridden because of this. I say that because if you look at Attorney General Barr’s statement, he wants technology companies to “find a solution” to allow him and those underneath him to get whatever it is they want at will. And it’s safe to say that they want backdoors into iOS, Android, or whatever OS they see fit that gets them past whatever security or encryption that the device in question has. Giving any government a backdoor into any OS is a bad idea as governments tend to have pretty poor track records of keeping stuff like that out of the wrong hands. Which means when the backdoor leaks out, we’re all screwed. This is on top of the potential privacy issues that could be at play.

Thus here’s my ask of everyone that is involved. Tech companies and governments need to find some sort of middle ground for situations like this. One where the needs of both sides are represented and nobody, especially you and I, loses. Because having each of them at their respective extreme ends of the spectrum isn’t working for either party. And as a result this fight will simply keep going on and on with no real resolution. Or worse yet, a government will simply take some draconian action to get what they want and inadvertently affect their citizens in a negative way. And neither of those are desirable outcomes.


Cost To Unlock An iPhone If You’re The FBI: $900K USD

Posted in Commentary with tags , on May 8, 2017 by itnerd

It’s now come to light that the FBI paid $900K USD to a group of iPhone hackers (likely Cellebrite) to unlock the iPhone that belonged to the San Bernardino shooter according to Senator Diane Feinstein had inadvertently given out the number during the Senate Judiciary Committee hearing with FBI Director James Comey. Let me supply you with the visual evidence below. Feinstein’s oops moment comes at the 2 hour and 55 minute mark:


What’s interesting about this is that they paid $900K to get absolutely nothing as nothing of value was found on the phone. And started a legal war with Apple in the process because Apple refused to unlock the phone. Not to mention that The Associated Press, Vice Media, and USA Today have taken the FBI to court over the the fact that the law enforcement agency isn’t serving up details on this topic. Thus I have to wonder if this was all worth it in the end.

FBI Says That Method Used To Access iPhone Only Works On A Few Models

Posted in Commentary with tags , on April 7, 2016 by itnerd

Here’s a couple of interesting pieces of info that FBI director James Comey dropped in a speech at the Biennial Conference at Kenyon University that CNN attended. First he said this about the tool that was used to access the iPhone 5c of San Bernardino shooter Syed Farook:

“The people we bought this from, I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting it, and their motivations align with ours,” he said.

So that adds some validity to the use of a tool from Cellebrite who specializes in this sort of thing. He also said this:

The FBI director also said the purchased tool worked only on a “narrow slice of phones” that does not include the newest Apple models, or the 5S.

I think I know why that might be the case. Anything that uses the Apple A7 processor or newer has something called the “secure enclave” which is defined as follows in this Wikipedia article:

The A7 also includes an area called the “Secure Enclave” that stores and protects the data from the Touch ID fingerprint sensor on the iPhone 5S and iPad mini 3. The security of the data in the Secure Enclave is probably enforced by ARM’s TrustZone/SecurCore technology.

If you really want to go in depth on this, Apple has a guide that goes into a lot of techy nerdy detail here [Warning: PDF]. Page 7 is where you want to start reading about the “secure enclave” (though I found the entire document to be very intersting. But my thinking is that the “secure enclave” that is part of the A7 or newer chips makes it difficult if not next to impossible (at least at present) for Cellebrite or anyone else to hack into an iPhone. Thus, it leads me to believe that the fist time a iPhone 5S or higher needs to be unlocked by the FBI, Apple’s lawyers are going to get a phone call.

Help The FBI To Find 250 Sextortion Victims

Posted in Commentary with tags , on July 11, 2015 by itnerd

Here’s the good news. Lucas Michael Chansler is a 26-year-old sexual predator that was sentenced to 105 years in prison after pleading guilty to multiple counts of child pornography production. The reason why this scumbag is in jail is because he tricked roughly 350 teenage girls from 26 states into giving him explicit pictures of themselves by posing as a teen boy and befriending them online before threatening to distribute the photos on social media. That’s where the bad news starts. There are 250 victims that the FBI has not been able to identify.

That’s where you come in. The FBI has posted a list of aliases, email addresses, MySpace accounts and AIM logins that this scumbag used. So if you suspect that you, or someone you know, may have been victimized by this scumbag, contact the FBI or NCMEC right away. Because it’s really important that these victims are found and given the help that they need.

To highlight how important this is, watch this video with FBI Special Agent Larry Meyer who is the man responsible for taking this scumbag off the streets:

Source Of Apple Device IDs Revealed: NBC

Posted in Commentary with tags , , , on September 10, 2012 by itnerd

You might recall that a ton of device IDs linked to Apple devices that threaten iDevice users everywhere. The FBI denied that they were the source for this leak. And it turns out that they were telling the truth. NBC has the source identified:

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company’s own database. The analysis found a 98 percent correlation between the two datasets.

“That’s 100 percent confidence level, it’s our data,” DeHart said. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

At least the company behind this is taking responsibility for this. But it also really goes to the heart of what Antisec said last week. Whatever. It’s still a clear and present danger to iDevice users out there. That’s something that still needs to be addressed.

Hacker Group antisec Claims Hack Of FBI Laptop Proves FBI Tracking Apple Users [UPDATED]

Posted in Commentary with tags , , , on September 4, 2012 by itnerd

Here’s something that will not make Apple users freak. I’ll let the Toronto Star tell you the details:

Internet activists claim to have hacked more than 12 million identification codes for Apple devices from an FBI agent’s laptop and have posted instructions on online bulletin board Pastebin on how to access one million of the user IDs.

Known as the Anti Security Movement, or Antisec, the group said on a Twitter account belonging to the Anonymous “hacktivist” collective that many of the IDs come complete with the device owner’s personal information.

In a blog post Tuesday that included attacks on security agencies, Antisec said it withheld information such as names, phone numbers and addresses, but left enough for “users to search for their devices.”

The group did not indicate that bank account numbers or passwords were included.

“During the second week of March 2012 a Dell Vostro notebook used by supervisor special agent Christopher K. Stangl from FBI regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,” Antisec said in the post.

“Some files were downloaded from his desktop folder; one of them with the name of NCFTA_iOS_devices_intel.csv turned out to be a list of 12,367,232 Apple iOS devices including unique device identifiers (UDIDs), user names, name of device, type of device, Apple push notification service tokens, zipcodes, cellphone numbers, addresses, etc.”

Antisec said it published the alphanumeric IDs to call attention to the possibility that the FBI had used or was planning to use the information to track citizens.

The FBI was quick to deny this. Here’s what the CBC said:

“The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed,” the agency said in a statement Tuesday afternoon.

“At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

So the question is, whom do you believe? It really doesn’t matter as even if this is half true, it’s something to be concerned about. If you want to see if you’re on the list, you may want to start here for what the group posted. Advance warning, it’s not for the average person. Hopefully someone will take this data and come up with an easy way to search it.

UPDATE: My wish has been granted. Here’s an easy way to see if you’ve been affected.