2020: A Facebook user's Odyssey?

Join us on a journey to try to solve the mystery behind the advertisers who have uploaded our personal data to Facebook but with whom we've never interacted with before.

👀 Key findings:

👉🏼 In summer 2019, we noticed that "unknown" companies had been uploading our data to Facebook and we decided to send Data Subject Access Requests (DSARs) to find out more.

👉🏼 This ended up being a lengthy and tedious process, involving requests to fill in unnecessary forms or being asked to provide more data than needed as well as other obstacles to the proper and smooth exercise of our data access rights.

👉🏼 Eventually, we managed to shed some light on the "Facebook advertisers mystery" by finding out more about the involvement of third parties in the process.

👉🏼 However, our investigation demonstrates the need to continue challenging this opacity overall and Facebook's less than adequate transparency

👉🏼 As a result of this investigation some companies reviewed their practices and we have written to Facebook to demand changes.

👉🏼 Read more:
https://privacyinternational.org/long-read/3857/2020-facebook-users-odyssey

#DeleteFacebook #fb #privacy #mydata #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group’s Tools

👀 Summary:

👉🏼 In October 2019 Amnesty International published a first report on the use of spyware produced by Israeli company NSO Group against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui. Through our continued investigation, Amnesty International’s Security Lab identified similar evidence of the targeting of Omar Radi, a prominent activist and journalist from Morocco from January 2019 until the end of January 2020.

👉🏼 Evidence gathered through our technical analysis of Omar Radi’s iPhone revealed traces of the same “network injection” attacks we described in our earlier report that were used against Maati Monjib. This provides strong evidence linking these attacks to NSO Group’s tools.

👉🏼 These findings are especially significant because Omar Radi was targeted just three days after NSO Group released its human rights policy. These attacks continued after the company became aware of Amnesty International’s first report that provided evidence of the targeted attacks in Morocco. This investigation thus, demonstrates NSO Group’s continued failure to conduct adequate human rights due diligence and the inefficacy of its own human rights policy.

👀 Introduction:

In October 2019 Amnesty International published the report “Morocco: Human Rights Defenders Targeted with NSO Group’s Spyware”, where we detailed the targeting of Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui using surveillance technology produced by the company NSO Group. In this current report, Amnesty International now reveals that Omar Radi, another prominent human rights defender and journalist from Morocco was also targeted using NSO Group’s tools.

👉🏼 Read more:
https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/

#morocco #journalist #spy #nso
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

80,000 printers are exposing their IPP port online

Printers are leaking device names, locations, models, firmware versions, organization names, and even WiFi SSIDs.

For years, security researchers have warned that every device left exposed online without being protected by a firewall is an attack surface.

Hackers can deploy exploits to forcibly take control over the device, or they can just connect to the exposed port if no authentication is required.

Devices hacked this way are often enslaved in malware botnets, or they serve as initial footholds and backdoors into larger corporate networks (Russian hackers already use this technique).

However, despite this being common knowledge among cyber-security and IT experts, we still have a large number of devices that are left exposed online unsecured.

👉🏼 Open IPP Report – Exposed Printer Devices on the Internet:
https://www.shadowserver.org/news/open-ipp-report-exposed-printer-devices-on-the-internet/

👉🏼 Read more:
https://www.zdnet.com/article/80000-printers-are-exposing-their-ipp-port-online/

#leak #breach #hacked #exposed #iot #ipp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Google billionaire Sergey Brin has a secret charity that sends ex-military staff into disaster zones on a superyacht

Global Support and Development is made up of ex-military men and Brin’s former bodyguards. But their mission isn’t warfare.

Sergey Brin, Google cofounder and world's eighth-richest person, has a secret disaster-response team according to a report by The Daily Beast.

The Daily Beast's investigation found Brin was the sole donor to a disaster charity called Global Support and Development (GSD). The Beast identified Brin as the company's sole donor through a California court filing.

The company, almost half of whose staff are ex-military, arrives at disaster areas on a superyacht called "Dragonfly" to clear debris and use high-tech solutions to assist victims. GSD is headed up by Grant Dawson, an ex-naval lieutenant who was one of Brin's personal security detail for years.

The idea for GSD was apparently sparked in 2015 when the yacht's captain was sailing past Vanuatu, which had just been hit by Cyclone Pam. The captain contacted Brin to ask if anything could be done to help, and Brin in turn got in touch with Dawson.

Dawson said in a speech in 2019 about GSD: "So I grabbed a number of Air Force para-rescue guys I'd been affiliated with from the security world, and a couple of corpsmen out of the [Navy] Seal teams [...] We raided every Home Depot and pharmacy we could find and on about 18 hours' notice, we launched."

https://www.msn.com/en-us/news/technology/google-billionaire-sergey-brin-has-a-secret-charity-that-sends-ex-military-staff-into-disaster-zones-on-a-superyacht/ar-BB15OPax

👉🏼 Read more:
https://www.thedailybeast.com/google-co-founder-sergey-brin-has-a-secret-disaster-relief-squad

👉🏼 Read more 🇩🇪:
https://www.welt.de/wirtschaft/article210137503/Spezialtruppe-aus-Ex-Navy-Seals-Die-geheimen-Katastrophenhelfer-des-Sergey-Brin.html

#google #brin #GSD #disaster #response
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Tools for encryption and anonymity - Germany and Europe need to step up to their responsibility

Much of the funding of projects for the technical implementation of digital freedoms is threatened by the Trump Government. It is now time for Germany and Europe to step into the breach and provide adequate and sustainable funding for the development ecosystem. A commentary.

The continuing erosion of the political and legal protection of civil liberties has led to a situation where freedom of information and communication and the right to privacy and anonymity become increasingly dependent on technology. Digital self-defence has many facets: anonymisation tools such as Tor, end-to-end encryption such as WireGuard or Signal, securing website access with LetsEncrypt or the tools for reproducible builds, which ensure that the software you install has actually been created from source code that someone has checked for security holes. This ecosystem of software and infrastructure has grown exponentially since the Snowden revelations.

Many of these projects have one thing in common: Their development is funded by the US government, often with money from the Open Technology Fund (OTF). Some projects like Tor also receive money from the US State Department and other US government agencies. But why would the US government fund technology development that makes life difficult for the NSA intelligence agency?

💡
https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1

👉🏼 Read more:
https://netzpolitik.org/2020/germany-and-europe-need-to-step-up-to-their-responsibility/

👉🏼 Read more 🇩🇪:
https://netzpolitik.org/2020/jetzt-sind-deutschland-und-europa-in-der-verantwortung/

#germany #eu #usa #NSA #OTF #encryption #anonymity
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Darknetdiaries - Triton

A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world.

🎧 https://darknetdiaries.com/episode/68/

#darknetdiaries #triton #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

👀 Indicators on Stalkerware 👀

Indicators of compromise on Stalkerware applications for Android

💡 What Is Stalkerware?
👉🏼 https://stopstalkerware.org/what-is-stalkerware/
👉🏼 https://youtu.be/zLtfoCw16Z0

💡 Safety Toolkit - Below is some important information regarding Stalkware. If you need immediate help, please see our list of Resources.
👉🏼 https://stopstalkerware.org/get-help/

💡 Indicators on Stalkerware - Indicators of compromise on Stalkerware applications for Android
👉🏼 https://github.com/Te-k/stalkerware-indicators

‼️ If you or someone you know is concerned about potential spying, monitoring, or stalking, trust your instincts and find a safe way to learn about your local resources and options. Please note that if you think someone may be monitoring your device, that person would be able to see any searches for help or resources. If you’re concerned about this, use another device – one that the person has not had physical access to – when reaching out for information or assistance. If you are in immediate danger, contact your local authorities. ‼️

👉🏼 Read more:
https://netzpolitik.org/2020/how-security-researchers-are-working-to-expose-stalkerware-on-your-phone/

#stalkerware #android #help #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Millions of Telegram Users’ Data Exposed on Darknet

Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet.

Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet.

A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday.

According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes.

About 40% of entries in the database should be relevant
Telegram has reportedly acknowledged the existence of the leaked database to Kod.ru. The database was collected through exploiting Telegram’s built-in contacts import feature at registration, Telegram reportedly said.

Telegram noted that the data in the leaked database is mostly outdated. According to the report, 84% of data entries in the database were collected before mid-2019. As such, at least 60% of the database is outdated, Telegram declared in the report.

Additionally, 70% of leaked accounts came from Iran, while the remaining 30% were based in Russia.

https://kod.ru/darknet-sliv-baza-telegram-jun2020/

👉🏼 Read more:
https://cointelegraph.com/news/millions-of-telegram-userss-data-exposed-on-darknet

#tg #telegram #leak #breach #database #exposed #darknet
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Exclusive: Trump administration says Huawei, Hikvision backed by Chinese military

WASHINGTON (Reuters) - The Trump administration has determined that top Chinese firms, including telecoms equipment giant Huawei Technologies and video surveillance company Hikvision (002415.SZ), are owned or controlled by the Chinese military, laying the groundwork for new U.S. financial sanctions.

Washington placed Huawei and Hikvision on a trade blacklist last year over national security concerns and has led an international campaign to convince allies to exclude Huawei from their 5G networks.

A Department of Defense (DOD) document listing 20 companies operating in the United States that Washington alleges are backed by the Chinese military was first reported by Reuters.

The DOD document also includes China Mobile Communications Group (0941.HK) and China Telecommunications Corp [CTTTC.UL] as well as aircraft manufacturer Aviation Industry Corp of China [SASADY.UL].

The designations were drawn up by the Defense Department, which was mandated by a 1999 law to compile a list of Chinese military companies operating in the United States, including those “owned or controlled” by the People’s Liberation Army that provide commercial services, manufacture, produce or export.

https://www.cnbc.com/2020/06/25/trump-administration-says-huawei-hikvision-backed-by-chinese-military.html

👉🏼 Read more:
https://www.reuters.com/article/us-usa-china-military-exclusive/exclusive-trump-administration-says-huawei-hikvision-backed-by-chinese-military-idUSKBN23V309

👉🏼 🇩🇪:
https://www.golem.de/news/us-verteidigungsministerium-neue-us-liste-erlaubt-beschlagnahmung-von-huawei-eigentum-2006-149311.html

#usa #china #huawei #hikvision #Trump #ToddlerTrump
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

TikTok seems to be copying and pasting your clipboard with every keystroke

A new privacy feature in iOS 14 has revealed that TikTok is copying the contents of your clipboard with every keystroke. The new feature – called paste notifications – shows that TikTok is inspecting the clipboard with each new keystroke, and it’s possible that they’re also grabbing the contents and storing it for later to be sent off with the other information that TikTok phones home with. This discovery was tweeted by Jeremy Burge and is demonstrated in this Video.

https://twitter.com/jeremyburge/status/1275896482433040386

👉🏼 Read more:
https://www.privateinternetaccess.com/blog/tiktok-seems-to-be-copying-and-pasting-your-clipboard-with-every-keystroke/

#TikTok #DeleteTikTok #privacy #PoC
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Operationalizing Research Access in Platform Governance - What to learn from other industries?

Behind the somewhat bulky title there' s a study of the University of Amsterdam together with AlgorithmWatch. Among other things, it is about how platforms should make their data available to researchers, how this is compatible with the basic data protection regulation and what role models exist.

👉🏼 PDF:
https://algorithmwatch.org/wp-content/uploads/2020/06/GoverningPlatforms_IViR_study_June2020-AlgorithmWatch-2020-06-24.pdf

#research #AlgorithmWatch #amsterdam #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Boston becomes largest city on East Coast to ban face surveillance

The Boston City Council today voted unanimously to pass a ban on city government use of face surveillance technology, becoming the second largest city in the world to do so. Boston now joins five other Massachusetts municipalities—Springfield, Cambridge, Northampton, Brookline, and Somerville—which passed bans over the past year.

https://nypost.com/2020/06/25/boston-bans-police-from-using-facial-recognition-tech/

👉🏼 Read more:
https://www.aclum.org/en/news/victory-boston-becomes-largest-city-east-coast-ban-face-surveillance

#face #surveillance #boston #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

1. Introduction
WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Recently Evil Corp has changed a number of TTPs related to their operations further described in this article. We believe those changes were ultimately caused by the unsealing of indictments against Igor Olegovich Turashev and Maksim Viktorovich Yakubets, and the financial sanctions against Evil Corp in December 2019. These legal events set in motion a chain of events to disconnect the association of the current Evil Corp group and these two specific indicted individuals and the historic actions of Evil Corp.

2. Attribution and Actor Background
We have tracked the activities of the Evil Corp group for many years, and even though the group has changed its composition since 2011, we have been able to keep track of the group’s activities under this name.

2.1 Actor Tracking
Business associations are fairly fluid in organised cybercrime groups, Partnerships and affiliations are formed and dissolved much more frequently than in nation state sponsored groups, for example. Nation state backed groups often remain operational in similar form over longer periods of time. For this reason, cyber threat intelligence reporting can be misleading, given the difficulty of maintaining assessments of the capabilities of cybercriminal groups which are accurate and current.

As an example, the Anunak group (also known as FIN7 and Carbanak) has changed composition quite frequently. As a result, the public reporting on FIN7 and Carbanak and their various associations in various open and closed source threat feeds can distort the current reality. The Anunak or FIN7 group has worked closely with Evil Corp, and also with the group publicly referred to as TA505. Hence, TA505 activity is sometimes still reported as Evil Corp activity, even though these groups have not worked together since the second half of 2017.

👉🏼 Read more:
https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/

#WastedLocker #ransomware #EvilCorp
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

🎧 Big big DDoS. Evolving malware families. (More) privacy by default. A superseding indictment in the US case against Julian Assange. The EU reviews two years of GDPR. 🎧

Akamai’s report on the record-setting DDoS attack it stopped this week. Glupteba GLOOP-tib-yeh and Lucifer malware strains described. Apple and Google move their defaults in the direction of greater privacy. The US designates Huawei and Hikvision as controlled by China’s military. A superseding indictment in Julian Assange’s case. The EU looks at GDPR and likes what it sees. REvil gets ready to sell stolen data. David Dufour from Webroot with tips on navigating new workplace realities. Our guest is David Sanger, author of The Perfect Weapon - War, Sabotage, and Fear in the Cyber Age. And the Navy recruiting campaign that wasn’t.

https://thecyberwire.com/podcasts/daily-podcast/1117/notes

#thecyberwire #DDoS #Assange #GDPR #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES
📡@FLOSSb0xIN

Investigation report: Mobile phone data extraction by police forces in England and Wales

After massive criticism, the English data protection authority has taken a close look at the topic of mobile phone evaluations. The result: The police take too much data from the phones and store it for too long - often without a legal basis.

The British data protection authority ICO criticises the way law enforcement agencies deal with the smartphones of victims in England and Wales. For the 64-page investigation report (PDF), the authority had consulted law enforcement agencies, civil society groups and victims' associations. The investigation was preceded by numerous complaints from individuals and a report by Privacy International.

Mobile phones now store a large part of our lives, from address books to private photos and our private communications. In addition to this data, which often extends over long periods of time, phones store much more: browser histories, geodata, used Wifi's, health data and often the passwords and access data of their owners. This makes the phone one of the most interesting data sources for law enforcement agencies today.

👉🏼 PDF:
https://assets.documentcloud.org/documents/6953083/ICO-Phone-PD-Report.pdf

👉🏼 Digital stop and search: how the UK police can secretly download everything from your mobile phone
https://privacyinternational.org/report/1699/digital-stop-and-search-how-uk-police-can-secretly-download-everything-your-mobile

Read more 🇩🇪:
https://netzpolitik.org/2020/england-polizei-handyauswertung-untersuchung/

#surveillance #ICO #uk #police #PrivacyInternational #study #wales #netpolitics
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Lenovo is specifically and deliberately hiding Israeli regional locales (hebrew, and ar-il) to Apps, unless the user has set their country to Israel. It looks like they originally just hid it in China, but the expanded.

👉🏼 https://twitter.com/deletescape/status/1276507939738714113?s=20

#lenovo #china #israel #hebrew #apps #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets.

According to court documents, Kenneth Currin Schuchman, a resident of Vancouver, and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide.

Dubbed Satori, Okiru, Masuta, and Tsunami or Fbot, all these botnets were the successors of the infamous IoT malware Mirai, as they were created mainly using the source code of Mirai, with some additional features added to make them more sophisticated and effective against evolving targets.

Even after the original creators of the Mirai botnet were arrested and sentenced in 2018, many variants emerged on the Internet following the leak of its source code online in 2016.

👉🏼 Read more:
https://thehackernews.com/2020/06/ddos-botnet-hacker-jailed.html

#usa #Satori #IoT #DDoS #botnet #DubbedSatori #Okiru #Masuta #Tsunami #Fbot #malware #hacker
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

TikTok Reverse Engineered: What Was Discovered Will Make You Delete It ASAP

Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use. 👉🏼 https://t.me/BlackBox_Archiv/978 👈🏼

Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior."

However, this isn't the first time that the TikTok app has come under fire for how it handles private data. Roughly two months ago, redditor Bangorlol posted a thread talking about the disturbing details he found while reverse-engineering the app. The app, which has already drawing negative attention as a potential spying platform for the Chinese government, came under scrutiny for a number of shady practices.

Right off the bat, Bangorlol accused the app of being a "data collection service that is thinly-veiled as a social network." After sifting through TikTok's code, this is what Bangorlol found:

💡 Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)

💡 Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)

💡 Everything network-related (ip, local ip, router mac, your mac, wifi access point name)

💡 Whether or not you're rooted/jailbroken

💡 Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC

💡 They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

👉🏼 Read more:
https://hothardware.com/news/tiktok-reverse-engineered-beware-privacy

#TikTok #DeleteTikTok #privacy #ourdata
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider

“Cyberbunker” refers to a criminal group that operated a “bulletproof” hosting facility out of an actual military bunker. “Bullet Proof” hosting usually refers to hosting locations in countries with little or corrupt law enforcement, making shutting down criminal activity difficult. Cyberbunker, which is also known as “ZYZtm” and “Calibour”, was a bit different in that it actually operated out of a bulletproof bunker. In September of last year, German police raided this actual Cybebunker and arrested several suspects. At the time, Brian Krebs had a great writeup of the history of Cyberbunker.

According to the press release by State Central Cybercrime Office of the Attorney General over 2 petabytes of data were seized including servers, mobile phones, hard drives, laptops, external storage and documents. One of the sites, C3B3ROB, seized by the state criminal police listed over 6000 darknet sites linked to fraudulent bitcoin lotteries, darknet marketplaces for narcotics (with millions of Euros in net transactions for Marijuana, Hashish, MDMA, Ecstasy), weapons, counterfeit money, stolen credit cards, murder orders, and child sexual abuse images [2].

Several individuals involved with Cyberbunker are currently undergoing a criminal trial in Germany. To pay for legal expenses, the principles behind Cyberbunker sold the Cyberbunker IP address space to the Dutch company Legaco. Legaco agreed to route the Cyberbunker IP address space to one of our honeypots for two weeks, to allow us to collect some data about any remaining criminal activity trying to reach resources hosted by Cyberbunker.

The IP address space included 185.103.72.0/22, 185.35.136.0/22, and 91.209.12.0/24, which comes down to about 2300 IP addresses. We collected full packets going to the IP address space and set up listeners (mostly web servers) on various ports.

💡 Links:
https://krebsonsecurity.com/2019/09/german-cops-raid-cyberbunker-2-0-arrest-7-in-child-porn-dark-web-market-sting/

https://gstko.justiz.rlp.de/de/startseite/detail/news/News/detail/landeszentralstelle-cybercrime-der-generalstaatsanwaltschaft-koblenz-erhebt-anklage-gegen-acht-tatve/

https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640

👉🏼 Read more:
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/

#cyberbunker #analysis
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Facebook boycott: View the list of companies pulling ads

A growing list of companies say they'll join an advertiser boycott on Facebook in protest of what they say are the site's failures to stop the spread of hate.

In a statement to CNN on Friday, Carolyn Everson, vice president of Facebook's global business group, responded by saying, "We deeply respect any brand's decision and remain focused on the important work of removing hate speech and providing critical voting information. Our conversations with marketers and civil rights organizations are about how, together, we can be a force for good."

👉🏼 Here's what we know about the companies that have joined the boycott:
https://edition.cnn.com/2020/06/28/business/facebook-ad-boycott-list/index.html

#DeleteFacebook #StopHateForProfit
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

Govt bans 59 Chinese apps including TikTok as border tensions simmer in Ladakh

As tensions along the Line of Actual Control (LAC) with China continues, the Government of India has decided to ban on 59 Chinese apps, including Tik Tok.

The government of India has decided to ban 59 apps of Chinese origin as border tensions simmer in Ladakh after a violent, fatal face-off between the Indian and Chinese armies. The list of apps banned by the government includes TikTok, which is extremely popular.

The government announced the ban on the 59 Chinese apps (full list below) Monday night. The government said these apps were engaged in activities that were prejudicial to the sovereignty, integrity and defence of India.

A government press release announcing the ban stated: "The Ministry of Information Technology, invoking it’s power under section 69A of the Information Technology Act read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules 2009 and in view of the emergent nature of threats has decided to block 59 apps since in view of information available they are engaged in activities which is prejudicial to sovereignty and integrity of India, defence of India, security of state and public order".

The press release further said that the Ministry of Information Technology has received "many representations raising concerns from citizens regarding security of data and risk to privacy relating to operation of certain apps".

👉🏼 Read more:
https://www.indiatoday.in/india/story/centre-announces-ban-chinese-apps-privacy-issues-1695265-2020-06-29

#china #india #apps #privacy #TikTok #DeleteTikTok
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox