Bellingcat’s Online Investigation Toolkit

Welcome to Bellingcat’s freely available online open source investigation toolkit.

You can follow our work on via our website, Twitter and Facebook. (We also provide three to five day open source investigation workshops.) This is version 4.7 (May 13, 2019). The list includes satellite and mapping services, tools for verifying photos and videos, websites to archive web pages, and much more. The list is long, and may seem daunting. There are guides at the end of the document, highlighting the methods and use of these tools in further detail. We also provide tailored digital forensics workshops. Feel free to suggest tools via email (christiaantriebert@bellingcat.com) or Twitter (@trbrtc). To view an outline of the document, click “View” and then “Show document outline”. There’s also one below. The “OSINT Landscape” — a condensed version of the online investigation toolkit below — can be download in high resolution here. https://pbs.twimg.com/media/DXM63T0WsAA7E-a.jpg:large

https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA/mobilebasic

#Bellingcat #investigation #tool
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Each of us eats one credit card per week.

The particles are smaller than five millimeters and are found in food, drinking water and air. Depending on where they live and their diet, people take in five grams of microplastic every week. The big question is: How bad is this for the body?

People consume microplastics daily - through food, drinking water or just breathing. Up to five grams of these tiny particles enter the body of an earth citizen every week - depending on his or her circumstances. This is appreciated by researchers at the University of Newcastle (Australia), who have taken a closer look at existing studies on behalf of the environmental foundation WWF. By way of comparison, a credit card also weighs about five grams.

The researchers' study is based on data on microplastics - particles smaller than five millimetres - in the air we breathe, in drinking water, in salt, beer and in shellfish. According to WWF microplastics expert Caroline Kraas, microplastics, which may be recorded in other ways, was not included in the Australian analysis. The researchers also excluded fish despite available data, as it is not clear how much microplastic is eaten and how much remains in the animals' intestines.

The WWF calls for a global agreement against plastic pollution with binding targets. "If we don't want plastic in our bodies, we must prevent millions of tons of plastic waste from ending up in nature every year," said Heike Vesper, head of marine conservation at WWF Germany, according to a statement.

PDF Frauenhofer:
https://www.umsicht.fraunhofer.de/content/dam/umsicht/de/dokumente/publikationen/2018/kunststoffe-id-umwelt-konsortialstudie-mikroplastik.pdf

PDF WWF:
https://www.wwf.de/fileadmin/fm-wwf/Publikationen-PDF/WWF-Faktenblatt-Mikroplastik.pdf

Read more 🇩🇪:

https://www.welt.de/gesundheit/article195127017/Mikroplastik-Jeder-von-uns-isst-eine-Kreditkarte-pro-Woche.html

#microplastics #pollution #why #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Hongkong - Police use tear gas against demonstrators

The protests in Hong Kong against the controversial extradition law led to riots. According to eyewitnesses, police used tear gas and pepper spray against demonstrators near government buildings and tried to disperse them.

https://twitter.com/hongkonghermit?lang=en

#freehongkong #humanrights
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

A Fake Zuckerberg Video Challenges Facebook’s Rules

Two weeks ago, Facebook declined to remove a doctored video in which the speaker of the House, Nancy Pelosi, seemed to drunkenly slur her speech. Over the weekend, two British artists released a doctored video of Facebook’s chief executive, Mark Zuckerberg, as a sly comment on the spread of false information online.

Posted to the Facebook-owned social network Instagram, the video shows Mr. Zuckerberg speaking directly into the camera, boasting of nefarious motives behind his online empire.

https://www.nytimes.com/2019/06/11/technology/fake-zuckerberg-video-facebook.html

#deepfake #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 Google Workers Rise Up: Inside the Protests

Google has long had a special relationship with staff, encouraging employee input on all sorts of internal matters. For the last two decades, this approach has worked well. But after a series of controversies and protests in the last two years, some workers are openly at war with Google. This week on Decrypted, editor Alistair Barr speaks to Irene Knapp, a senior software engineer who has had a front-row seat during the tumult inside the company.

📻 https://www.bloomberg.com/news/audio/2019-06-10/google-workers-rise-up-inside-the-protests-podcast

#DeleteGoogle #bloomberg #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

As shown in the video demonstration, the researchers also developed a Proof-of-Concept (PoC) exploit that can inject a customized payload on targeted websites, and steal cookies, credentials, and other private information from an unsuspecting user.

https://thehackernews.com/2019/06/evernote-extension-hacking.html

#exploit #evernote #extension #chrome #browser #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

How Hong Kong demonstrators organised
Tens of thousands of protesters have taken to Hong Kong's streets in opposition to a bill that would allow extradition to mainland China.

The demonstrators have said they are not operating in a planned movement, but have been cooperating on the ground as they have come under pressure to disperse from security forces.

📺 https://www.bbc.com/news/av/world-asia-48622346/how-hong-kong-demonstrators-organised

Hongkong - Police use tear gas against demonstrators
📺 https://t.me/BlackBox_Archiv/429

#FreeHongKong
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

📺 Language is a Weapon

“In our time it is broadly true that political writing is bad writing” wrote George Orwell 70 years ago, and the observation remains true today. But bad writing is not just bad writing; the language employed by politicians (and their string pullers) can literally be a matter of life and death. Join James today on the podcast as he delves into the tyrants’ linguistic weapons and how we can arm ourselves against them.

📺 #CorbettReport Episode 357 – #Language is a #Weapon #video #podcast
https://www.corbettreport.com/episode-357-language-is-a-weapon/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 The “Privacy Policy” Policy

Privacy policies: most apps and websites have them, buried away somewhere. These legal documents explain how companies collect, use, and share your personal data. But let’s be honest, few of us actually read these things, right? And that passive acceptance says a lot about our complicated relationship with online privacy.

In the Season 5 premier of IRL, host Manoush Zomorodi speaks with Charlie Warzel, writer-at-large with the New York Times, about our complicated relationship with data and privacy — and the role privacy policies play in keeping things, well, confusing. You’ll also hear from Parker and Lila, two young girls who realize how gaming and personal data intersect...(...)

📻 #IRL Season 5: Episode 1 The “Privacy Policy” Policy #podcast
https://irlpodcast.org/season5/episode1/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Paypal subsidiary Venmo leaves transactions open on the Internet

The transactions including personal data can be retrieved via the API of the Venmo payment service. According to a report, a computer science student downloaded seven million transactions and published them on Github.

The Paypal subsidiary Venmo itself advertises its service as "the fun and easy way to send, spend and receive money". The transactions that are processed with the payment service are publicly viewable by default and can therefore be entertaining even for non-users. Computer science student Dan Salmon collected seven million transactions and published them on Github, Techcrunch reports. The payment service currently has around 40 million users. https://github.com/sa7mon/venmo-data

A year ago, programmer and privacy researcher Hang Do Thi Duc downloaded over 207 million records from Venmo. She prepared the data creatively and entertainingly with the project Public By Default (https://publicbydefault.fyi/). In addition to various statistics, she uses the data to tell little stories from the lives of Venmo users, for example about a married couple who go to the vet together, shop at Walmart and order certain dishes to take away. With this project, Do Thi Duc wanted to draw attention to the privacy problems of the payment service. She therefore published the data and stories anonymously and explained in instructions how users can remove the public attitude. https://www.vice.com/en_us/article/j5n8wk/public-by-default-venmo-privacy-settings

The Venmo data also inspired other projects, for example a Twitter bot called "Who buys drugs from Venmo? He searched the transaction comments for relevant keywords or emojis and then tweeted the profile pictures and user names of the Venmo users involved. The tweets have now been deleted.

https://www.golem.de/news/datenschutz-paypal-tochter-venmo-belaesst-transaktionen-im-internet-1906-141947.html

#DataPrivacy #Venmo #PaymentService #API #transaction #details #GitHub
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities

Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels.

There are patches that address most of these vulnerabilities. If patches can not be applied, certain mitigations will be effective. We recommend that affected parties enact one of those described below, based on their environment.

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

#Linux #security #FreeBSD #Kernel #vulnerabilities #netflix #patches #alert
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Thermomix from Lidl: Monsieur Cuisine Connect hacked

The insecurity of many "smart" devices is well known. Now there is a new example: A kitchen appliance that is supposedly extremely popular among customers runs on an old version of Android and, according to French hackers, can easily be converted into a monitoring device (build in mic). Even the good old "Doom" can be played on the miracle mixer.

📺 https://www.youtube.com/watch?v=WeTAwJisF3c

#Thermomix #lidl #hack #privacy
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Top 20 Public Bug Bounty Programs

The HackerOne bug bounty platform shows how quickly and to what extent Intel, PayPal & Co. distribute bonuses to security researchers.

According to the report, Verizon Media has paid out the highest total amount to date, more than $4 million. The Bug Bounty Program has been in place since early 2014 and has since worked with various security researchers to solve more than 5,000 security problems.

PayPal has paid the highest premium for a security vulnerability to date at 30,000 US dollars. These are usually vulnerabilities that attackers can exploit to execute malicious code without logging on over the Internet. If an attacker is in such a position, he could, for example, bring a web server completely under his control. So-called remote code execution gaps are the most dangerous security gaps.

The provider of Shopify e-commerce software pays out the premiums on average after two days and thus leads the rankings in this area. By way of comparison, GitLab needs an average of three months for this. Starbucks responds quickly to reported vulnerabilities and gives feedback after an hour on average.

https://www.hackerone.com/sites/default/files/2019-06/H1-718_Top%2020%20Public%20Bug%20Bounty%20Programs_V2.pdf

#pdf #BugBounty #HackerOne
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 Why Silicon Valley Is Hiring Bird Experts

A few years ago, reporter Sarah McBride noticed that a top engineer at Twitter was also an expert on the brains of birds. Then, more and more, she started seeing that many top tech companies have bird brain experts in their highest ranks⁠ -- that includes Apple, Google, Intel and a secretive startup founded by Elon Musk. This week on Decrypted, Sarah and fellow reporter Ashlee Vance set out to understand why Silicon Valley is so interested in avian minds, and what they could tell us about tech’s ability to influence our own.

📻 https://www.bloomberg.com/news/audio/2019-06-18/why-silicon-valley-is-hiring-bird-experts-podcast

#podcast #bloomberg
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 The 5G Dragnet

Telecom companies are currently scrambling to implement fifth-generation cellular network technology. But the world of 5G is a world where all objects are wired and constantly communicating data to one another. The dark truth is that the development of 5G networks and the various networked products that they will give rise to in the global smart city infrastructure, represent the greatest threat to freedom in the history of humanity.

📺 #CorbettReport Episode 358 – The #5G #Dragnet #video #podcast
https://www.corbettreport.com/5g/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Amazon wants to sell “surveillance as a service”

Amazon has filed a patent to use delivery drones as mobile surveillance cameras. These cameras will then be used as part of "surveillance as a service" to take pictures as they approach their delivery points. Customers could also request regular fly-bys of the drones.

In case Amazon’s surveillance capabilities weren’t extensive enough with its Echo, Ring, and Key products, not to mention all the data Amazon routinely collects on its customers, the company recently received a US patent to provide “surveillance as a service.”

The patent is for an “unmanned aerial vehicle”—the technical term for a drone—that “may perform a surveillance action at a property of an authorized party” and could “image the property to generate surveillance images.” Amazon suggests in its patent, filed June 12, 2015, and granted June 4 of this year, that drone-based surveillance would be superior to traditional video-camera installations that have limited range, are liable to miss things, and can be manipulated or damaged by an intruder.

https://qz.com/1648875/amazon-receives-us-patent-for-surveillance-as-a-service/

And
https://telegra.ph/Amazon-drones-could-be-used-to-spy-on-your-home-and-spot-intruders-patent-reveals-06-21

#DeleteAmazon #surveillance #cameras #drones #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Facebook usage falling after privacy scandals, data suggests

Actions such as shares and likes down nearly 20%, though user numbers still growing

Since the Cambridge Analytica scandal in April 2018, the number of likes, shares and posts has fallen by about a fifth, according to estimates by the consulting firm Mixpanel. Facebook nevertheless states that the number of its daily users* has since clearly risen to 1.56 billion people worldwide. This indicates that although many people no longer actively use Facebook, they are reluctant to leave the platform altogether - not least because of Facebook's messenger services.

Facebook usage has plummeted over the last year, according to data seen by the Guardian, though the company says usage by other measures continues to grow.

Since April 2018, the first full month after news of the Cambridge Analytica scandal broke in the Observer, actions on Facebook such as likes, shares and posts have dropped by almost 20%, according to the business analytics firm Mixpanel.

Taking that month as a baseline, total actions fell by more that 10% within a month, recovered a bit over the summer and then fell again over the autumn and winter of 2018, except for a brief rally over the period of the US midterm elections.
Likes, shares and posts on Facebook have plummeted since the Cambridge Analytica scandal of spring 2018

The decline coincided with a series of data, privacy and hate speech scandals. In September the company discovered a breach affecting 50m accounts, in November it admitted that an executive hired a PR firm to attack the philanthropist George Soros, and it has been repeatedly criticised for allowing its platform to be used to fuel ethnic cleansing in Myanmar.

Facebook’s own statistics show increases in daily and monthly active users (DAUs and MAUs), the numbers logging on to the site at least once in the respective periods, during the year ending March 2019.

In the company’s latest quarterly earnings report, published in April, it said it averaged 1.56bn DAUs in March up 8% on March 2018, and MAUs were also up 8% year on year.

The two sets of numbers can be reconciled. Anecdotal reports over the past year have suggested that while few users have deleted their Facebook accounts or stopped logging on since the scandals, many have reduced their usage.

This month a market research firm, eMarketer, reported a decline in Facebook usage in the US, saying the typical Facebook user spent 38 minutes a day on the site, down from 41 minutes in 2017.

“On top of that, Facebook has continued to lose younger users, who are spreading their time and attention across other social platforms and digital activities,” eMarketer said.

https://www.theguardian.com/technology/2019/jun/20/facebook-usage-collapsed-since-scandal-data-shows

#DeleteFacebook #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

NASA hacked because of unauthorized Raspberry Pi connected to its network

NASA described the hackers as an "advanced persistent threat," a term generally used for nation-state hacking groups.

A report published this week by the NASA Office of Inspector General reveals that in April 2018 hackers breached the
agency's network and stole approximately 500 MB of data related to Mars missions.

The point of entry was a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or going through the proper security review.
Hackers stole Mars missions data

According to a 49-page OIG report, the hackers used this point of entry to move deeper inside the JPL network by hacking a shared network gateway.

The hackers used this network gateway to pivot inside JPL's infrastructure, and gained access to the network that was storing information about NASA JPL-managed Mars missions, from where he exfiltrated information.

The OIG report said the hackers used "a compromised external user system" to access the JPL missions network.

"The attacker exfiltrated approximately 500 megabytes of data from 23 files, 2 of which contained International Traffic in Arms Regulations information related to the Mars Science Laboratory mission," the NASA OIG said.

The Mars Science Laboratory is the JPL program that manages the Curiosity rover on Mars, among other projects.

Hackers also breached NASA's satellite dish network
NASA's JPL division primary role is to build and operate planetary robotic spacecraft such as the Curiosity rover, or the various satellites that orbit planets in the solar system.

In addition, the JPL also manages NASA's Deep Space Network (DSN), a worldwide network of satellite dishes that are used to send and receive information from NASA spacecrafts in active missions.

Investigators said that besides accessing the JPL's mission network, the April 2018 intruder also accessed the JPL's DSN IT network. Upon the dicovery of the intrusion, several other NASA facilities disconnected from the JPL and DSN networks, fearing the attacker might pivot to their systems as well.

PDF:
https://oig.nasa.gov/docs/IG-19-022.pdf

https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/

#pdf #nasa #hack #raspberry
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Epic privacy fail: WeTransfer shared its users' files with the wrong people

Sharing files using the cloud is very convenient, but understandably, some people are hesitant to do so with sensitive or private information. These privacy-conscious folks may be looked at as "paranoid" by some, but you know what? As more and more breaches occur, it is becoming harder to trust the cloud with files. And so, the "tinfoil hat" wearers start to look quite sensible.

As an example, popular cloud-based file-sharing service WeTransfer has failed in epic fashion. You see, the company not only shared files with the intended recipients, but with random strangers too! Yes, that private information you didn't want seen by anyone other than your intended audience may have been viewed by the wrong person. Good lord.

The file sharing service sent the following email to impacted users:

"Dear WeTransfer user,

We are writing to let you know about a security incident in which a number of WeTransfer service emails were sent to the wrong people. This happened on June 16th and 17th. Our team has been working tirelessly to correct and contain this situation and find out how it happened.

We have learned that a transfer you sent or received was also delivered to some people it was not meant to go to. Our records show those files have been accessed, but almost certainly by the intended recipient. Nevertheless, as a precaution we blocked the link to prevent further downloads.

As your email address was also included in the transfer email, please keep an eye out for any suspicious or unusual emails you receive.

We understand how important your data is and never take your trust in our service for granted. If you have any questions or concerns, just reply to this email to contact our support team.

The WeTransfer Team"

Well, it doesn't get much worse than that, folks. I mean, look, WeTransfer had one job -- share files with the correct friggin' people! Moving forward, it will be very hard for users to trust the company. Hell, they even exposed the sender's email address, which can lead to spam and phishing attempts too. Sigh.

Are you a WeTransfer user? Will you stop using the service as a result of this blunder?

UPDATE: After BetaNews broke this news, WeTransfer shared more details on their website here. The company says it has forced some users to change passwords, meaning login credentials may have been stolen, but not definitely. They have also contacted authorities, signaling this may not be an accident, but a criminal breach.

https://wetransfer.pr.co/178267-security-notice

https://betanews.com/2019/06/21/wetransfer-fail/

#WeTransfer #sharing #cloud #privacy #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Cyber Attacks, MAGMA, FaceBorgCoin – New World Next Week

This week on the New World Next Week: cyber warfare heats up as US cyber attacks on Russia exposed; Trump streamlines GMO regulatory approval with a new executive order; and Facebook announces FedbookGlobalistShillCoin.

📺 New World Next Week #CyberAttacks #MAGMA #FaceBorgCoin – New World Next Week #Corbettreport #DeleteFacebook #video #podcast
https://www.corbettreport.com/cyber-attacks-magma-faceborgcoin-new-world-next-week/

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN