Tag Archives: Twitter

October 24th AVIEN updates

Updates to Anti-Social Media 

The Register: Facebook, Google sued for ‘secretly’ slurping people’s whereabouts – while Feds lap it up – “Facebook and Google are being sued in two proposed class-action lawsuits for allegedly deceptively gathering location data on netizens who thought they had opted out of such cyber-stalking.”


Graham Cluley: Twitter thought Elon Musk’s bizarre tweets were evidence he’d been hacked – “It’s an odd state of affairs when the bogus Elon Musk accounts offering bitcoin giveaways appear more legitimate than the real Elon’s tweets.”

Since there’s been a spate of Bitcoin fraud tweets spoofing his account, offering to sell someone some Bitcoin may have been a tweet too far.

Updates to Cryptocurrency/Crypto-mining News and Resources

Graham Cluley: Twitter thought Elon Musk’s bizarre tweets were evidence he’d been hacked – “It’s an odd state of affairs when the bogus Elon Musk accounts offering bitcoin giveaways appear more legitimate than the real Elon’s tweets.”

Since there’s been a spate of Bitcoin fraud tweets spoofing his account, offering to sell someone some Bitcoin may have been a tweet too far.

Updates to Specific Ransomware Families and Types

BitDefender: Gamma ransomware compromises data on 16,000 patients at California hernia institute – “The attack was tied to the email address Glynnaddey@aol.com which, according to databreaches.net, is associated with Gamma ransomware (part of the Crysis ransomware family). ”

Updates to Mac Virus

 for ESET: Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users


Buzzfeed: Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme – “A BuzzFeed News investigation uncovered a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids.”

David Harley

Advertisements

Bitcoin ATMs, SIM swapping, and Twitter scam bots

Updates to Cryptocurrency/Crypto-mining News and Resources

Trend Micro’s article Malware Targeting Bitcoin ATMs Pops Up in the Underground not only talks about the very interesting ATM malware Trend has analysed, but gives some useful background about Bitcoin ATMs, indicating that criminals are extending their activities beyond cryptomining.


Brian Krebs: Hanging Up on Mobile in the Name of Security  – “An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.” The reason being, in this case at least, that mobile providers are too often tricked by scammers into transferring a victims’ service to a new SIM card and mobile phone in the possession of the scammer, not the victim.


An interesting article by William Suberg for CoinTelegraph: Researchers Reveal Network of 15K Crypto-Related Scam Bots on TwitterNew research published today, Aug. 6, has shed light on the infamous phenomenon of cryptocurrency-related Twitter accounts advertising fake “giveaways,” revealing a network of at least 15,000 scam bots.”

David Harley

Anti-social media updates: 27th July 2018

Reuters: Facebook’s grim forecast: privacy push will erode profits for years “The plummeting stock price wiped out as much as $150 billion in market capitalization and erased the stock’s gains since April when Facebook announced a surprisingly strong 63 percent rise in profit and an increase in users.” John Gruber offers terse but to-the-point commentary.

Graham Cluley: Mind your company’s old Twitter accounts, rather than allowing them to be hijacked by hackers  – “DEFUNCT FOX TV SHOW HAS ITS TWITTER ACCOUNT COMPROMISED BY CRYPTOCURRENCY SCAMMERS.” “…it appears that hackers seized control of the moribund Twitter account and gave it a new lease of life promoting cryptocurrency scams.

Lisa Vaas for Sophos: Hidden camera Uber driver fired after live streaming passenger journeys The story concerns “Jason Gargac, a (now former) driver for Lyft and Uber who decided to start livestreaming his passengers, and himself as a narrator when they weren’t there, as he drove around St. Louis…Most of those rides were streamed to Gargac’s channel on Twitch: a live-video website that’s popular with video gamers”. Original story: the St. Louis Post-Dispatch.

Also from Lisa Vaas: Crimson Hexagon banned by Facebook over user data concern – “The Wall Street Journal last week reported that Facebook is investigating whether the firm’s contracts with the US government and a Russian nonprofit tied to the Kremlin violated its policies.”

Yet another article from the prolific Ms Vaas: Names and photos of Venmo ‘drug buyers’ published on Twitter – she offers another example of data scraped from publicly available data and used inappropriately and misleadingly. A recent article by John E. Dunn describes a rather more responsible use of Venmo’s open privacy settings: Venmo users: time to hide your drug deals and excessive pizza consumption.

And another. Maybe you should just shoot over to the Naked Security site while I get on with some other work… WhatsApp limits message forwarding in response to lynchings – an indication that fake news is no joke, and can be a matter of life or (more to the point) death. In recent months, “India …  has seen dozens of mob lynchings sparked by rumors that have spread virally on social media.”

David Harley

Anti-social media: at least Twitter is doing some things right…

The Register: Brit privacy watchdog reports on political data harvests: We’ve read the lot so you don’t have to – “‘Cambridge Analytica had data ferreted away on disconnected servers, Twitter actually kicked the firm’s ads off its platform, and Facebook still has a lot of questions to answer.”

Washington Post: Twitter is sweeping out fake accounts like never before, putting user growth at risk – “Twitter suspended more than 70 million accounts in May and June, and the pace has continued in July”

Sophos: Apple and Google questioned by Congress over user tracking – “Inquiring minds want to know, for one thing, whether our mobile phones are actually listening to our conversations, the committee said in a press release.

Sophos: Facebook stares down barrel of $660,000 fine over data slurping. David Bisson notes: Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal, And Graham Cluley comments: Facebook fined a paltry £500,000 (8 minutes’ revenue) over Cambridge Analytica scandal. Quite…

Pierluigi Paganini: Timehop data breach, data from 21 million users exposed. “The company admitted that hackers obtained access credential to its cloud computing environment, that incredibly was not protected by multifactor authentication.”

David Harley

Resource updates May 1 2018

Updates to Anti-Social Media 

The Guardian: WhatsApp CEO Jan Koum quits over privacy disagreements with Facebook – “WhatsApp was built with a focus on privacy and a disdain for ads, but the Facebook-owned service is now under pressure to make money”

Selina Wang for Bloomberg: Twitter Sold Data Access to Cambridge Analytica–Linked Researcher. And commentary from Help Net.

ENISA: Strengthening network & information security & protecting against online disinformation (“fake news”) – “In this paper, ENISA presents some views on the problem of online disinformation in the EU from a Network and Information Security (NIS) perspective. A number of recommendations are presented which relate both to general NIS measures, as well as targeted measures to protect against online disinformation specifically.”

Updates to Cryptocurrency/Crypto-mining News and Resources

Coin Telegraph: Scammers Hijack Verified Twitter Account To Steal Crypto By Posing As Telegram CEO

Updates to Chain Mail Check

ESET: This test will tell you how likely you are to fall for fraud

David Harley

New information/resource page: [anti-]social media

[This article is itself the first entry on the new page Anti-Social Media.]

Like many others, I’ve been at least partially assimilated by the social media Cookie Monster. Once upon a time I opened accounts on sites like Facebook and Twitter, so as to find out about their implications for security. (Like many others in the security profession, I suspect.) They also quickly became integrated into my armoury as a means of exchanging and disseminating information, whether it’s a matter of hard data or work-oriented PR. And when friends, colleagues and fellow musicians (some people, of course, are members of two or all three of those sets!) found me on those platforms, it would have been churlish not to have accepted invitations to link up there. (Besides, you can’t tell as much about Facebook’s workings, for instance, if you don’t actually have any Facebook friends…)

However, I’ve always borne in mind the wider implications of membership of such platforms (sociological, psychological, and security-specific), and have often written on those topics. (I’ll probably look back at some of those posts and see if any of them are worth flagging here.) But with the excitement over the Cambridge Analytica, it’s self-proclaimed success at social engineering, and its alleged misuse of data harvested from social media, I can’t help but notice that people who’ve previously expressed no interest in privacy and security have started to voice concern. So I’m going to use this page to flag some news and resources of interest. Starting with a minor deluge of advice from various quarters:

David Harley

VB Seminar 2010

I spoke at the VB 2010 Seminar in London on ways that Social Engineering can affect your business’ users.

During the talk, I used some links for demos (many thanks to my good friend Dave Marcus for originally showing me a few of these). For those that are interested, here are the links:

 

Andrew Lee
AVIEN CEO

Blackhat SEO and other nuisances

The horrific Russian suicide bombings have, inevitably, generated a load of blackhat SEO (search engine optimization) attacks, not to mention Twitter profile attacks, using topical keywords to lure victims into running malicious code. I’ve blogged on that elsewhere recently – e.g. “Here come (more of) the Ghouls”, at http://www.eset.com/blog/2010/03/30/here-come-more-of-the-ghouls – so I won’t repeat myself here.

However, I hear from that nice Mr. Cluley at Sophos that there’s an awfully good paper available about “Poisoned search results: How hackers have automated search engine poisoning attacks to distribute malware”, by Fraser Howard and Onur Komili.  

It is a good paper, and it will interest a lot of the people who read this blog. And it should interest quite a few people who probably won’t read it. 😦

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://www.eset.com/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com

PleaseRobMe: too much information…

[I’ve been told that the PleaseRobMe site includes some dubious affiliation links and is in any case not being updated. I haven’t checked it myself, and the information comes from an organization that flags ‘problem’ links and suggests links to its own resources irrespective of relevance, so I suggest that you take it with the usual pinch of salt. However, I’ve disabled the link anyway: it is, after all, a very old story.  I did consider just removing the article, but it has some historical interest, and I’ve tweaked it slightly to bring it up to date. DH, 2018.]

Sometimes I think I should just stop killing myself multi-blogging and retweet Graham Cluley’s blog URLs. Like this one.

The web site he talks about (PleaseRobMe, not the Sophos blog) “…mashes together content from Foursquare and Twitter, providing an easy way for potential burglars and stalkers to find out where you are supping your cappuccino, and when you may have left your home empty…”

In fact, what the site has been doing  is auto-grabbing publicly available data from such sites and putting it all in one place, with the intention of highlighting the risk of giving away information that burglars and stalkers would find useful about your movements. Sadly, this makes it more of a miscreant-friendly resource than one useful to potential victims, since those victims-in-waiting are not very likely to come across the site.

Graham comments that it will be interesting to see if FourSquare and Twitter try to stop PleaseRobMe snarfing the data from them. We already have part of the answer to that: Mikko Hypponen reported about three hours ago that Twitter had suspended the @pleaserobme account.

There’s been a series of infomercials on UK TV recently in which “members of the public” try to interest thieves and burglars in robbing them, and a while ago there was a “reality” show in which an ex-burglar broke into people’s homes (with permission) and then lectured them on what they should have done to prevent it.

There’s would be a certain felicitous and felonious irony if PleaseRobMe were to get accused of having stolen part of their idea from these sources. 😉 In fact, though, the site is Dutch, according to the BBC, so probably not. The Beeb does cite some good advice from Charity Crimestoppers.

“Details posted online are available for the world to see; you wouldn’t hang a sign on your door saying you’re out, so why would you post it online?”

David Harley 

With all the Buzz, some education is in order

So, the not very surprising news that Google has once again attempted to launch a social networking site – following its spectacularly unsuccessful 2004 launch of Orkut (no, unless you live in Brazil or India, you won’t have heard much about it either).

The new network, called “Buzz” integrates directly into the Gmail email client. To me this just opens up lots of new ways to exploit the users – although if you are using Gmail to do anything private or confidential, you already do need to have a brain check (more-so now the NSA will be ‘helping’ to secure it). It looks like Google want some of the big dollars that Facebook and Twitter make – and of course everything will be searchable and exploitable for ad companies to target.

All the fuss around social networking has  really highlighted to me the need for good security education – we’ve moved into a new world, one where children are growing up with social networking and mobile phones etc as an integral part of life. I can’t imagine how my parents ever managed without being able to contact me by phone, or being able to look up my status on Facebook, but somehow they did. Parents have a different problem today, one of how to preserve the privacy of their families and children while taking advantage of what these new technologies offer. The sad fact is that in many cases, the kids know much more about the technology than the parents, but neither the parents or the children understand the threats. I’m often called paranoid, but it’s my belief that in some ways you can’t be too careful; our privacy and therefore our rights to a private life for ourselves and our progeny are daily being eroded by the whim of government and the campaigning of large corporations. It’s therefore refreshing that the British government has got behind a new campaign to highlight the dangers of the online world; targeting children as young as five. While the campaign understandably does focus on protection from paedophiles, the advice has wider use, though sadly it doesn’t seem to stretch to take in malware issues.

While I’m encouraged that the government is finally doing something, I’d be much happier to see a comprehensive plan in place that focuses on education in schools where security is taught as a discipline along side all IT classes. We’re a long way from that, but I (and several others who blog here) will keep tilting at that particular windmill.

Andrew Lee
CEO, AVIEN & CTO K7 Computing