US liquor giant hit by ransomware – what the rest of us can do to help

By Paul Ducklin

US hard liquor giant Brown-Forman is the latest high-profile victim of ransomware criminals.

Even if the company’s name doesn’t ring a bell, some of its products are well-known to spirits drinkers world-wide: Brown-Forman is a multi-billion dollar business that owns Jack Daniel’s whiskey, Finlandia vodka and other global brands.

It’s a multi-billion dollar business, headquartered in Louisville, Kentucky – a US state that’s famous for American whiskey, better known as bourbon – and you can see why today’s big-money ransomware crooks might go after a company of that size and sort.

According to business media site Bloomberg, which claims to have received an anonymous tip-off from the crooks behind the attacks, the ransomware crooks involved are the infamous REvil or Sodinokibi gang.

Read more at https://nakedsecurity.sophos.com/2020/08/18/us-liquor-giant-hit-by-ransomware-what-the-rest-of-us-can-do-to-help/

Tor and anonymous browsing – just how safe is it?

By Paul Ducklin

An article published on the open-to-allcomers blogging site Medium earlier this week has made for some scary headlines.

Written as an independent research piece by an author going only by nusenu, the story is headlined:

How Malicious Tor Relays are Exploiting Users in 2020 (Part I)

[More than] 23% of the Tor network’s exit capacity has been attacking Tor users

Loosely speaking, that strapline implies that if you visit a website using Tor, typically in the hope of remaining anonymous and keeping away from unwanted surveillance, censorship or even just plain old web tracking for marketing purposes…

…then one in four of those visits (perhaps more!) will be subject to the purposeful scrutiny of cybercriminals.

That sounds more than just worrying – it makes it sound as though using Tor could be making you even less secure than you already are, and therefore that going back to a regular browser for everything might be an important step.

So let’s look quickly at how Tor works, how crooks (and countries with strict rules about censorship and surveillance) might abuse it, and just how scary the abovementioned headline really is.

Read more at https://nakedsecurity.sophos.com/2020/08/13/tor-and-anonymous-browsing-just-how-safe-is-it/

Facial recognition – another setback for law enforcement

By Paul Ducklin

So far this year, the use of facial recognition by law enforcement has been successfully challenged by courts and legislatures on both sides of the Atlantic.

In the US, for example, Washington State Senate Bill 6280 appeared in January 2020, and proposed curbing the use of facial recognition in the state, though not entirely.

The bill admitted that:

[S]tate and local government agencies may use facial recognition services in a variety of beneficial ways, such as locating missing or incapacitated persons, identifying victims of crime, and keeping the public safe.

But it also insisted that:

Unconstrained use of facial recognition services by state and local government agencies poses broad social ramifications that should be considered and addressed. Accordingly, legislation is required to establish safeguards that will allow state and local government agencies to use facial recognition services in a manner that benefits society while prohibiting uses that threaten our democratic freedoms and put our civil liberties at risk.

And in June 2020, Boston followed San Fransisco to become the second-largest metropolis in the US – indeed, in the world – to prohibit the use of facial recognition.

Even Boston’s Police Department Commissioner, William Gross, was against it, despite its obvious benefits for finding wanted persons or fugitive convicts who might otherwise easily hide in plain sight.

Gross, it seems, just doesn’t think it’s accurate enough to be useful, and was additionally concerned that facial recognition software, loosely put, may work less accurately as your skin tone gets darker:

Until this technology is 100%, I’m not interested in it. I didn’t forget that I’m African American and I can be misidentified as well.

Read more at https://nakedsecurity.sophos.com/2020/08/11/facial-recognition-another-setback-for-law-enforcement/

Business Email Compromise – fighting back with machine learning

By Paul Ducklin

If you’re interested in artificial intelligence (AI) and how it can be used in cybersecurity…

…here’s a DEF CON presentation you’ll like, coming up this weekend!

DEF CON is perhaps the ultimate “come one/come all” hackers’ convention, now in its 28th year, and it famously takes place in Las Vegas each year in a fascinating juxtaposition with Black Hat USA, a corporate cybersecurity event.

Black Hat, where tickets cost thousands of dollars, runs during the week, and then DEF CON, where tickets are just a few hundred dollars, takes over for the weekend that follows, resulting in what can only be described as a Very Massive Week for those who attend both.

At least, that’s how it was last year, and for many years before that.

This year is different, of course – holding a physical conference and running all the many DEF CON Villages would have been impracticable due to coronavirus social distancing regulations, if it would even have been possible at all. (Though you would surely have seen the funkiest facemasks ever!)

The DEF CON Villages are breakout zones at the event where likeminded researchers gather to attend talks and discussions in research fields all the way from Aerospace, Application Security and AI to Social Engineering, Voting Machines and Wireless.

But DEF CON doesn’t give up easily and, like many other events in 2020, has gone virtual, wittily dubbing this year’s event DEF CON 28 SAFE MODE.

Read more at https://nakedsecurity.sophos.com/2020/08/07/business-email-compromise-fighting-back-with-machine-learning/

Porn blast disrupts bail hearing of alleged Twitter hacker

By Paul Ducklin

One of the alleged Twitter hackers faced a bail hearing in a Florida court yesterday.

ICYMI, the Twitter hack we’re referring to involve the takeover of 45 prominent Twitter accounts, including those of Joe Biden, Elon Musk, Apple Computer, Barack Obama, Kim Kardashian and a laundry list of others with huge numbers of followers.

The hacked accounts were then used to send out bogus Bitcoin investment messages along the lines of “pay in X bitcoins, get 2X back!”, although as an investigator in the criminal case wryly pointed out in his affidavit, “No bitcoin was ever returned, much less doubled.”

Amongst other things, the alleged crooks are said to have ended up with more than $100,000 of bitcoins sent in by trusting Twitter users who’d been duped by the upbeat messages that apparently came from celebrities.

As you can imagine, given current coronavirus concerns, even though the hearing took place before the court, not all the participants were actually in the courtroom.

Instead, the courtroom was hooked up to a Zoom meeting that was, it seems, not adequately secured against – how shall we put this? – external interference…

…with sadly predictable results.

Zoombombers, as they’ve become known, are miscreants who join in Zoom calls not to participate but to disrupt, something that’s all too easy if the call is set up with the same sort of implicit behavioral trust that everyone expects in face-to-face meetings.

Read more at https://nakedsecurity.sophos.com/2020/08/06/porn-blast-disrupts-bail-hearing-of-alleged-twitter-hacker/