FOGINT: Security Tools Over Promise & Under Deliver

November 22, 2024

While the United States and the rest of the world has been obsessed with the fallout of the former’s presidential election, bad actors planned terrorist plots. I24 News reports that after a soccer/football match in Amsterdam, there was a preplanned attack on Israeli fans: “Evidence From WhatsApp, Telegram Groups Shows Amsterdam Pogrom Was Organized.”

The Daily Telegraph located screenshots from WhatsApp and Telegram that displayed messages calling for a “Jew Hunt” after the game. The message writers were identified as Pro-Palestinian supports. The bad actors also called Jews “cancer dogs”, a vile slur in Dutch and told co-conspirators to bring fireworks to the planned attack. Dutch citizens and other observers were underwhelmed with the response of the Netherlands’ law enforcement. Even King Willem-Alexander noted that his country failed to protect the Jewish community when he spoke with Israeli President Isaac Herzog:

“Dutch king Willem-Alexander reportedly said to Israel’s President Isaac Herzog in a phone call on Friday morning that the ‘we failed the Jewish community of the Netherlands during World War II, and last night we failed again.’”

This an unfortunate example of the failure of cyber security tools that monitor social media. If this was a preplanned attack and the Daily Telegraph located the messages, then a cyber security company should have as well. These police ware and intelware systems failed to alert authorities. Is this another confirmation that cyber security and threat intelligence tools over promise and under deliver? Well, T-Mobile is compromised again and there is that minor lapse in Israel in October 2023.

Whitney Grace, November 22, 2024

Short Snort: How to Find Undocumented APIs

November 20, 2024

green-dino_thumb_thumb_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

The essay / how to “All the Data Can Be Yours” does a very good job of providing a hacker road map. The information in the write up includes:

  1. Tips for finding undocumented APIs in GitHub
  2. Spotting “fetch” requests
  3. WordPress default APIs
  4. Information in robots.txt files
  5. Using the Google
  6. Examining JavaScripts
  7. Poking into mobile apps
  8. Some helpful resources and tools.

Each of these items includes details; for example, specific search strings and “how to make a taco” type of instructions. Assembling this write up took quite a bit of work.

Those engaged in cyber security (white, gray, and black hat types) will find the write up quite interesting.

I want to point out that I am not criticizing the information per se. I do want to remind those with a desire to share their expertise of three behaviors:

  1. Some computer science and programming classes in interesting countries use this type of information to provide students with what I would call hands on instruction
  2. Some governments, not necessarily aligned with US interests, provide the tips to the employees and contractors to certain government agencies to test and then extend the functionalities of the techniques presented in the write up
  3. Certain information might be more effectively distributed in other communication channels.

Stephen E Arnold, November 20, 2024

E-Casino: Gambling As a Service

November 15, 2024

Gambling is a vice, but it’s also big business. Many gambling practices are illegal and if you want to stay on the right side of the law, then you should make your future gambling business complies with all ordinances. For starters, you need to pay your taxes or the IRS will shut you down. Second, read Revanda Group’s review the “Best White Label Casino Solution Providers In 2024” and see what they offer.

Revpanda Group specializes in iGaming marketing services to assist companies acquire and retain players. They use affiliate marketing strategies to draw and connect traffic with the top brands in their industry. Their entire schtick is helping iGaming companies succeed and stay on the right side of the authorities. Their article is a quick how-to start a casino with the right partners.

Revpanda suggests using a white label casino solution, which is an out-of-the-box solution to start a business:

“…one company provides everything you need, including the casino platform itself, online casino software, payment gateways, an affiliate system, and technical support. Your main responsibilities include creating a logo for the casino website and partnering with an agency for content marketing your brand to potential customers. So, choosing a white label solution is easier than starting your own business from scratch….Simply put, a white label solution provides you with a ready-to-operate casino business whereby a third party will help you maintain and handle everyday operations.”

It almost sounds too good to be true, but Revpanda doesn’t make it sound like a get rich quick scam that are haunting YouTube ads. Revpanda explains that there is upfront cost and risks associate with owning a casino:

“One thing to note is that about 40% revenue share goes to the operator and 60% goes to the platform provider. In essence, white label casino solutions offer a turnkey approach for aspiring casino operators, allowing them to launch and market their business with minimal operational burdens, while sharing revenue with the platform provider.”

The casino-via-Door Dash also recommends potential online gambling parlor operators research their white label casino solution provider recommendations to discover the best fit. They discuss what consider when deciding what provider to work with, including licensing and regulation, game variety and quality, payment solutions, customization options, customer service and support, and mobile compatibility.

Yep, GaaS is a convenience.

Whitney Grace, November 15, 2024

Grooming Booms in the UK

November 12, 2024

The ability of the Internet to connect us to one another can be a beautiful thing. On the flip side, however, are growing problems like this one: The UK’s Independent tells us, “Online Grooming Crimes Reach Record Levels, NSPCC Says.” UK police recorded over 7,000 offenses in that country over the past year, a troubling new high. We learn:

“The children’s charity said the figures, provided by 45 UK police forces, showed that 7,062 sexual communication with a child offences were recorded in 2023-24, a rise of 89% since 2017-18, when the offence first came into force. Where the means of communication was disclosed – which was 1,824 cases – social media platforms were often used, with Snapchat named in 48% of those cases. Meta-owned platforms were also found to be popular with offenders, with WhatsApp named in 12% of those cases, Facebook and Messenger in 12% and Instagram in 6%. In response to the figures, the NSPCC has urged online regulator Ofcom to strengthen the Online Safety Act. It said there is currently too much focus on acting after harm has taken place, rather than being proactive to ensure the design of social media platforms does not contribute to abuse.”

Well, yes, that would be ideal. Specifically, the NSPCC states, regulations around private messaging must be strengthened. UK Minister Jess Phillips emphasizes:

“Social media companies have a responsibility to stop this vile abuse from happening on their platforms. Under the Online Safety Act they will have to stop this kind of illegal content being shared on their sites, including on private and encrypted messaging services, or face significant fines.”

Those fines would have to be significant indeed. Much larger than any levied so far, which are but a routine cost of doing business for these huge firms. But we have noted a few reasons to hope for change. Are governments ready to hold big tech responsible for the harms they facilitate?

Cynthia Murrell, November 12, 2024

Penalty for AI Generated Child Abuse Images

November 8, 2024

Whenever new technology is released it’s only a matter of time before a bad actor uses it for devious purposes. Those purposes are usually a form of sex, theft, and abuse. Bad actors saw a golden opportunity with AI image generation for child pornography and ArsTechnica reported that: “18-Year Prison Sentence For Man Who Used AI To Create Child Abuse Images.” Hugh Nelson, the pedophile from the UK used a 3D AI software to make child sexual abuse imagery. When his crime was discovered, he was sentences to eighteen years in prison. It’s a landmark case for prosecuting deepfakes in the UK.

Nelson used Daz 3D to make the sexually explicit images. AI image algorithms use large data models to generate “new” images. The algorithms can also take preexisting images and alter them. Nelson used photographs of real children, fed them into Daz 3D, and had deepfake SA images. He also encouraged other bad actors to do the same thing. Nelson will be incarcerated until he completes two-thirds of his sentence. The judge at the trial said Nelson was a “significant risk” to the public.

Since these images are fake, one could argue that they’re harmless but the problem here was the use of real children’s images. These real kids had their visage transformed into sexually explicit images. That’s where the debate about harm and intent enters:

“Graeme Biggar, director-general of the UK’s National Crime Agency, last year warned it had begun seeing hyper-realistic images and videos of child sexual abuse generated by AI. He added that viewing this kind of material, whether real or computer-generated, “materially increases the risk of offenders moving on to sexually abusing children themselves.”

Greater Manchester Police’s specialist online child abuse investigation team said computer-generated images had become a common feature of their investigations.

‘This case has been a real test of the legislation, as using computer programs in this particular way is so new to this type of offending and isn’t specifically mentioned within current UK law,’ detective constable Carly Baines said when Nelson pleaded guilty in August. The UK’s Online Safety Act, which passed last October, makes it illegal to disseminate non-consensual pornographic deepfakes. But Nelson was prosecuted under existing child abuse law.”

My personal view is that Nelson should be locked up for the remainder of his putrid existence as should the people who asked him to make those horrible images. Don’t mess with kids!

Whitney Grace, November 8, 2024

FOGINT: Hong Kong: A Significant Crypto Wiggle

November 5, 2024

Hong Kong is taking steps to secure its place in today’s high-tech landscape. Blockonomi reports, “Hong Kong’s Bold Move to Become Asia’s Crypto Capital.” Tax breaks, regulations, and a shiny new virtual asset index underpin the effort. Meanwhile, the Virtual Asset Trading Platform regime launched last year is chugging right along. We suspect Telegram is likely to be the utility for messaging, sales, and marketing.

Writer Oliver Dale tells us:

“The Hong Kong Exchanges and Clearing Limited (HKEX) announced the launch of a Virtual Asset Index Series, scheduled for November 15, 2024. This new index will provide benchmark pricing for Bitcoin and Ether specifically tailored to Asia-Pacific time zones. The Securities and Futures Commission (SFC) is working to finalize a list of crypto exchanges that will receive full licenses by year-end. Eric Yip, executive director for intermediaries at the SFC, revealed plans to establish a consultation panel by early 2025 to maintain oversight of licensed exchanges. The regulatory framework extends beyond trading platforms. Hong Kong authorities are developing comprehensive guidelines for crypto-focused over-the-counter trading desks and custodians, with implementation expected in the coming year. For stablecoin issuers, new requirements are being introduced. Foreign fiat-referenced stablecoin providers will need to establish physical operations in Hong Kong and maintain reserves in local banks.”

Establishing a physical presence in the city is no small thing. Though Hong Kong is a culturally rich and vibrant city, we hear real estate is at a premium. That is ok, we are sure stablecoin geniuses can afford it.

Hong Kong is also working to bring AI tools to the financial sector, but there it is caught between a rock and a hard place. Though a part of China, the dense and wealthy city operates under a unique “one country, two systems” governance framework. As a result, it has limited access to both western AI platforms, like Chat GPT and Gemini, and services from Chinese firms like Baidu and ByteDance. To bridge the gap, local institutions like The Hong Kong University of Science and Technology are building their own solutions. Officials hope tax incentives will attract professional investment firms to the city.

The stablecoin policies should go into effect by the end of this year, while custodian regulations and consultation on over-the-counter trading are to be established some time in 2025.

Cynthia Murrell, November 5, 2024

FOGINT: ANKR and TON Hook Up

October 30, 2024

dino orange_thumbA humanoid wrote this essay. I tried to get MSFT Copilot to work, but it remains dead. That makes four days with weird messages about a glitch. That’s the standard: Good enough.

The buzzwords “DePIN” and “SNAS” may not be familiar to some cyber investigators. The first refers to an innovation which ANKR embraces. A DePIN is a decentralized physical infrastructure or a network of nodes. The nodes can be geographically distributed. Instead of residing on a physical server, virtualization makes the statement “We don’t know what’s on the hardware a customer licenses and configures.” There is no there there becomes more than a quip about Oakland, California. The SNAS is a consequence of DePIN-type architecture. The SNAS is a super network as a service. A customer can rent big bang systems and leave the hands on work to the ANKR team.

Why am I mentioning a start up operating in Romania?

The answer is that ANKR has cut a deal with The One Network Foundation. This entity was created after Telegram had its crypto plans derailed by the US Securities & Exchange Commission several years ago. The TONcoin is now “open” and part of the “open” One Network Foundation entity. TON, as of October 24, 2024, is directly accessible through ANKR’s Web3 API (application programming interface).

image

Telegram organization allows TONcoin to “run” on the Telegram blockchain via the Open Network Foundation based in Zug, Switzerland. The plumbing is Telegram; the public face of the company is the Zug outfit. With Mr. Durov’s remarkable willingness to modify how the company responds to law enforcement, there is pressure on the Telegram leadership to make TONcoin the revenue winner.

ANKR is an important tie up. It may be worth watching.

Stephen E Arnold, October 30, 2024

FOGINT: Telegram Game Surfs on an Implied Link: Musk, X, Crypto Game

October 29, 2024

dino orange_thumbWritten by a humanoid dinobaby. No AI except the illustration.

The FOGINT team spotted a report from Decrypt.com. The article is “Why ‘X Empire’ Telegram Players Are Complaining to Elon Musk About the Airdrop.” If you don’t recognize the Crypto and Telegram jargon, the information in the Decrypt article will not make much sense.

For crypto folks, the X Empire Telegram game is news. According to the cited article:

Telegram tap-to-earn game X Empire will launch its X token on The Open Network (TON) on Thursday, but its reveal of airdrop allocations has drawn complaints from players who say they were deemed ineligible for a share of the rewards. And some of them are telling Elon Musk about it.

From the point of view of Telegram, X Empire is another entrepreneur leveraging the Telegram platform. With each popular egame, Telegram edges closer to its objective of becoming a very important player in what may be viewed as a Web3 service provider. In fact, when the potential payoff from its crypto interests, the craziness of some of the Group and Channel controversies becomes less important to the company. In fact, the hope for a Telegram initial public offering pay day is more important than refusing to cooperate with law enforcement. Telegram is working to appease France. Pavel Durov wants to get back to the 2024 and beyond opportunity with the Telegram crypto activities.

What is interesting to the FOGINT team are these considerations:

  1. Telegram’s bots and crypto linkages provide an interesting way to move funds and befuddle investigators
  2. Telegram has traction among crypto entities in Southeast Asia, and innovators operating without minimal regulatory oversight can use Telegram to extend their often illegal interests quickly and in a novel way
  3. Telegram’s bots or automated software embody a form of workflow automation which does not require getting involved with high profile, closely monitored organizations.

FOGINT wants to point out that Elon Musk is not involved in the X Empire play. However, Decrypt’s article suggests that some game players are complaining directly to him about the “earned” token policy. This is not a deep fake play. X Empire is an example of identity or entity surfing.

Investigators can make sense of some blockchain centric criminal activities. But the emergence of in game tokens, Telegram’s own STAR token, and their integration within the Telegram platform creates a one-stop shop for online crypto activities. Cyber investigators face another challenge: The non-US, largely unregulated Telegram operating as a virtual company with an address in Dubai. France took a bold step in detaining Pavel Durov. How will he adapt? It is unlikely he will be able to resist the lure of a big payoff from the innovations embodied in the Telegram platform.

Stephen E Arnold, October 29, 2024

AI Has An Invisible Language. Bad Actors Will Learn It

October 28, 2024

Do you remember those Magic Eyes back from the 1990s? You needed to cross your eyes a certain way to see the pony or the dolphin. The Magic Eyes were a phenomenon of early computer graphics and it was like an exclusive club with a secret language. There’s a new secret language on the Internet generated by AI and it could potentially sneak in malicious acts says Ars Technica: “Invisible Text That AI Chatbots Understand And Humans Can’t? Yep, It’s A Thing.”

The secret text could potentially include harmful instructions into AI chatbots and other code. The purpose would be to steal confidential information and conduct other scams all without a user’s knowledge:

“The invisible characters, the result of a quirk in the Unicode text encoding standard, create an ideal covert channel that can make it easier for attackers to conceal malicious payloads fed into an LLM. The hidden text can similarly obfuscate the exfiltration of passwords, financial information, or other secrets out of the same AI-powered bots. Because the hidden text can be combined with normal text, users can unwittingly paste it into prompts. The secret content can also be appended to visible text in chatbot output.”

The steganographic framework is built into a text encoding network and LLMs and read it. Researcher Johann Rehberger ran two proof-of-concept attacks with the hidden language to discover potential risks. He ran the tests on Microsoft 365 Copilot to find sensitive information. It worked:

“When found, the attacks induced Copilot to express the secrets in invisible characters and append them to a URL, along with instructions for the user to visit the link. Because the confidential information isn’t visible, the link appeared benign, so many users would see little reason not to click on it as instructed by Copilot. And with that, the invisible string of non-renderable characters covertly conveyed the secret messages inside to Rehberger’s server.”

What is nefarious is that the links and other content generated by the steganographic code is literally invisible. Rehberger and his team used a tool to decode the attack. Regular users are won’t detect the attacks. As we rely more on AI chatbots, it will be easier to infiltrate a person’s system.

Thankfully the Big Tech companies are aware of the problem, but not before it will probably devastate some people and companies.

Whitney Grace, October 28, 2024

FOGINT: FBI Nabs Alleged Crypto Swindlers

October 23, 2024

Nowhere does the phrase “buyer beware” apply more than the cryptocurrency market. But the FBI is on it. Crypto Briefing reports, “FBI Creates Crypto Token to Catch Fraudsters in Historic Market Manipulation Case.” The agency used its “NexFundAI” token to nab 18 entities—some individuals and also four major crypto firms: Gotbit, ZM Quant, CLS Global, and MyTrade. The mission was named “Operation Token Mirrors.” Snazzy. Writer Estefano Gomez explains:

“The charges stem from widespread fraud involving market manipulation and ‘wash trading’ designed to deceive investors and inflate crypto values. Working covertly, the FBI launched the token to attract the indicted firms’ services, which allegedly specialized in inflating trading volumes and prices for profit. The charges cover a broad scheme of wash trading, where defendants artificially inflated the value of more than 60 tokens, including the Saitama Token, which at its peak reached a market capitalization of $7.5 billion. The conspirators are alleged to have made false claims about the tokens and used deceptive tactics to mislead investors. After artificially pumping up the token prices, they would cash out at these inflated values, defrauding investors in a classic ‘pump and dump’ scheme. The crypto companies also allegedly hired market makers like ZM Quant and Gotbit to carry out these wash trades. These firms would execute sham trades using multiple wallets, concealing the true nature of the activity while creating fake trading volume to make the tokens seem more appealing to investors.”

If convicted, defendants could face up to two decades in prison. Several of those charged have already pled guilty. Authorities also shut down several trading bots used for wash trades and seized over $25 million in cryptocurrency. Assistant US Attorney Joshua Levy stresses that wash trading, long since illegal in traditional financial markets, is now also illegal in the crypto industry.

Cynthia Murrell, October 23, 2024

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta