Cyberweekly #106 - Sans comment

Published on Sunday, June 14, 2020

As stated last week, for the rest of June, I'll be providing a selection of stories from the news without comment or analysis. I've tried to highlight the a quote to sum up the most interesting or relevant part of the story in each case.

    Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com — Krebs on Security

    https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/

    “It is very simple to check that the note in privnoteS is sent unencrypted in plain text,” Privnote.com explained in a February 2020 message, responding to inquiries from KrebsOnSecurity. “Moreover, it doesn’t enforce any kind of decryption key when opening a note and the key after # in the URL can be replaced by arbitrary characters and the note will still open.”

    But that’s not the half of it. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address. The script apparently only modifies messages if the note is opened from a different Internet address than the one that composed the address.

    None

    Former DEA Spokesman Admits To Posing As 'Deep-Cover' CIA Agent In Fraud Scheme | HuffPost UK

    https://www.huffingtonpost.co.uk/entry/dea-spokesman-fraud-cia-doj_n_5ee25716c5b6125240fcf0b0?ri18n=true&guccounter=1&guce_referrer=aHR0cHM6Ly9jb25zZW50LnlhaG9vLmNvbS8&guce_referrer_sig=AQAAAI-TtjeYAPDtzoWNvYEPxYw6aLzxmw0RMuqlsrF89PAQ2SOROTT27Ide-BXd_P7LQ5wiua9Y47cniju2BVoln42JB--u2CZTpbTkyTcxeDuDAqJIInV50A4zadyM5LrDDsQjpohJK80y3kRKWcSIaAeRdg2SNrd1QhV2rV8bT06h

    Garrison Courtney, 44, acknowledged during a federal court hearing in Alexandria, Virginia, that he falsely claimed to be part of a “task force” that involved the CIA, other parts of the intelligence community and the Defense Department that aimed to enhance intelligence-gathering capabilities. He created a “commercial cover” to hide his false affiliation with the CIA, and had companies pay him with the expectation that they’d be reimbursed in the future.

    Courtney, the government said, “went to extraordinary lengths to perpetuate the illusion that he was a deep-cover operative” by, among other things, making people sign fake nondisclosure agreements, searching them for electronic devices, telling them they were under foreign surveillance and threatening anyone who questioned him with criminal prosecution or the revocation of their security clearance.

    None

    Pentagon intelligence employees raise concerns about supporting domestic surveillance amid protests

    https://news.yahoo.com/pentagon-intelligence-employees-raise-concerns-about-supporting-domestic-surveillance-amid-protests-194906537.html

    It was not immediately clear who may have considered having DIA employees work on monitoring domestic unrest, or under what authority, since there has been no evidence that those involved in the protests — or in criminal activity that has taken place amid the protests — have any links to foreign groups. 

    However, the second source said that the employees might be asked to support “mission requirements” for law enforcement. “Almost the entire workforce is against it, because it is not their mission,” the second source, who questioned the legality of it, told Yahoo News.

    James M. Kudla, a DIA spokesman, said the agency has not taken a role in domestic affairs. “The mission of the Defense Intelligence Agency is to provide intelligence on foreign militaries to prevent and win wars,” he wrote in a statement to Yahoo News. “Any claims that DIA has taken on a domestic mission are false. 

    “DIA has not established any task force related to the current domestic situation,” he continued.

    Kudla did confirm that DIA has set up “an internal coordination group to respond to increased and appropriate Department requests for information.”

    None

    Facebook Helped the FBI Hack a Child Predator - VICE

    https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez

    Hernandez was so notorious within Facebook that employees considered him the worst criminal to ever use the platform, two former employees told Motherboard. According to these sources, Facebook assigned a dedicated employee to track him for around two years and developed a new machine learning system designed to detect users creating new accounts and reaching out to kids in an attempt to exploit them. That system was able to detect Hernandez and tie different pseudonymous accounts and their respective victims to him, two former Facebook employees said.

    Several FBI field offices were involved in the hunt, and the FBI made a first attempt to hack and deanonymize him, but failed, as the hacking tool they used was not tailored for Tails. Hernandez noticed the attempted hack and taunted the FBI about it, according to the two former employees.

    Facebook’s security team, then headed by Alex Stamos, realized they had to do more, and concluded that the FBI needed their help to unmask Brian Kil. Facebook hired a cybersecurity consulting firm to develop a hacking tool, which cost six figures. Our sources described the tool as a zero-day exploit, which refers to a vulnerability in software that is unknown to the software developers. The firm worked with a Facebook engineer and wrote a program that would attach an exploit taking advantage of a flaw in Tails’ video player to reveal the real IP address of the person viewing the video. Finally, Facebook gave it to an intermediary who handed the tool to the feds, according to three current and former employees who have knowledge of the events.

    None

    Retired Austrian Army Colonel Found Guilty Of Spying For Russia

    https://www.rferl.org/a/retired-austrian-army-colonel-found-guilty-of-spying-for-russia/30662657.html

    A jury in Salzburg on June 9 found the retired colonel guilty of disclosing state secrets. Specifically, the court found the man guilty of operating a secret intelligence operation against Austria, betraying state secrets, and the crime of deliberately revealing military secrets.

    The charges carried a maximum sentence of 10 years in prison but he was sentenced to just three and released for time served since his arrest in November 2018.

    According to the indictment, from 1992 to September 2018 the defendant provided military secrets to Russia in exchange for 280,000 euros ($317,000).

    Defense lawyers argued he had not revealed any government or military secrets. Instead, they said he only passed on publicly available information. They said the amount he received was 220,000 euros.

    None

    Asking the Ultimate Awkward Question - Honey Dacanay - Medium

    https://medium.com/@honeygolightly/asking-the-ultimate-awkward-question-a26bbb34ec61

    The entire digital transformation movement is rife with awkward, deeply uncomfortable, but extremely important questions. But one question wins for most awkward (and most important): How much do you really want to change?

    Let’s start with this mismatch for example, in the ambitions of the digital service team and the expectations of the government or public service of the day. Here’s a textbook view of how government works (or doesn’t, but we’re not here to debate that today):

    Beautifully mechanistic, isn’t it? And here’s a hard truth for digital teams: even the most advanced digital services in the world haven’t reset this textbook view. At best, digital government teams are perceived as beacons of service delivery/implementation transformation; at worst, purveyors of fluffy “look and feel” standards and digital hipster buzzwords like “agile” and “user-centred.”

    None

    HSBC moves from 65 relational databases into one global MongoDB database

    https://diginomica.com/hsbc-moves-65-relational-databases-one-global-mongodb-database

    Historically, as per the image above, HSBC did have an application core program environment, which had most of an application's core functionality. But it couldn't have a single programme environment running for all the countries, due to the differences in data models and databases.

    As such it would have to put a country specific program environment on top of the application's core environment to fulfil each country's specific application needs. So when any country user accesses the application, it ends up having its own execution path. And then the country specific program environment and core program environment together would access the country's specific database and process the application.

    This is because each country has its own functions, fields, business logic interfaces, data rules, data life cycles and data access controls. As such, if a tweak is made to the data model, the program environment becomes incompatible with the changed data model and a new program environment would have to be stood up.

    None