Cities across the US have established RTCCs that police say protect the rights of innocent people, but critics warn of creeping surveillance.

In the 1990s, London built the Ring of Steel—a network of concrete barriers, checkpoints, and thousands of video cameras around the historic City of London—after bombings by the Irish Republican Army. The idea was to monitor everyone entering and leaving the Square Mile, what the _The New York Times_ later called “fortress urbanism.”

After the September 11, 2001, attacks, city planners looking to defend New York from terrorism turned to London and fortress urbanism for inspiration. Fusion centers, where US law enforcement agencies share intelligence at a federal level to be analyzed and build a bigger picture of crime, had been around for a few years. But officials began asking, what if fusion centers could be localized? What if local law enforcement could analyze and gather masses of intelligence from one city?

In 2005, they answered with the first “real-time crime center” (RTCC), a sprawling network of CCTV and automatic license plate readers (ALPR) linked to a central hub in the New York Police Department headquarters costing $11 million. Since then, from Miami to Seattle, RTCCs have steadily expanded across the US. The Atlas of Surveillance, a project from the digital rights nonprofit the Electronic Frontier Foundation (EFF), which monitors police surveillance technology, has counted 123 RTCCs nationwide—and that number is rising.

Each RTCC is slightly different, but their function is the same: gather surveillance data across a city and use that to build a live picture of crime in the city. Police departments have an array of technologies available to them that span from CCTV, gunshot sensors, and social media monitoring to drones and body cameras. In Ogden, Utah, police even floated the idea of a 30-foot “crime blimp.” In many cases, images that police systems collect are run through facial recognition technology, and the data gathered is often used in predictive policing. In Pasco County, Florida, which operates an RTCC, the sheriff’s office’s predictive policing system encouraged officers to continuously monitor and harass residents for minor code violations such as missing mailbox numbers and overgrown grass.

Erik Lavigne is a detective at the Fort Worth Police Department in Texas and communications director at the National RTCC Association. He says there has been a boom in RTCCs over the past year because officers believe they help with more precise policing. He likens the scattered approach to policing in previous years to throwing out a fishnet and hoping to catch something. “For what we had at the time, that worked. But what inevitably happens is, you end up alienating the community because you're not just stopping the bad guys, you're also stopping innocent people that are just trying to live their lives,” he says. “A real-time crime center is a scalpel. We aren't catching the wrong people anymore.”

Lavigne says RTCCs are also a cheaper alternative to hiring more boots on the ground because each camera becomes, in effect, a stationary officer keeping watch over an area. Lavigne says this has proved so effective that analysts at RTCCs have been recording more crime than they can deal with, and  the Fort Worth RTCC has significantly helped decrease vehicle thefts.

Most evidence for RTCC effectiveness, however, is anecdotal, and there is a real lack of studies into how effective they really are. In Detroit, a National Institute of Justice study concluded that Project Green Light—a part of the Detroit Police Department RTCC that established cameras at more than 550 locations, including schools, churches, private businesses, and health centers—helped decrease property violence in some areas but did nothing to prevent violent and other crimes. But police departments argue they do work.

Few people know RTCCs even exist, let alone the extent of the surveillance they entail, so they can receive little public scrutiny and often operate without much oversight. There have long been concerns around how surveillance technologies could affect First and Fourth Amendment rights in the US, but Beryl Lipton, an investigative researcher at the EFF, says RTCCs “hyper-charge” these worries by collating all this data in one place.

“It’s perpetuating this mass collection of people's private information from a whole bunch of different video streams,” Lipton says. “They're really lowering the bar on the ways police can access that information … When there are these types of large databases without proper audit and oversight mechanisms, law enforcement officials and individuals can use them for their own purposes, which can be very scary.”

Regulations around the storage and usage of this data are patchy at best. For example, RTCC-collected data may be shared across jurisdictions because third parties contracted for the hardware or software will also collect data and share it, Lipton says. “Some of these companies will, in good faith, delete data in accordance with retention schedules, but we've seen them not do that,” she says. “With large databases like license plate reader databases, that information is sometimes shared without police departments realizing it and in violation of jurisdictional rules.”

While companies will argue this data is being stored securely, this is no guarantee. In 2020, hackers stole internal memos, financial records, and more from over 200 local, state, and federal agencies from web development firm Netsential, which provided data storage for fusion centers across the US. The trove of leaked data later became known as #BlueLeaks.

“There are real concerns around having this amount of information stored somewhere,” says Lipton, “I have no reason to believe these are somehow more secure systems than we have in other situations. And we know that those get breached all the time, law enforcement agencies in this country get hacked all the time.”

Lipton’s biggest worry is that this ability to follow people remotely and share that data across state lines could instead be used to target people involved in protests and political organizing, which has already happened, or those accessing reproductive health care. “Those issues become compounded because there’s the frightening ‘real time’ element to it,” she says. “That means that if you leave your house, there’s a very good chance that law enforcement could jump into a feed that is just following you around.”

In addition to police setting up their own technology, RTCCs draw on wider existing surveillance networks. Cooperation of public institutions like schools and colleges and privately owned cameras have been crucial to developing RTCCs by giving officers access to cameras that might otherwise need a warrant. In Atlanta, which has seen the number of cameras integrated into their RTCC treble to 15,329 in the past year, four higher-education institutions—Clark Atlanta University, Spelman College, Morehouse College, and the Morehouse School of Medicine—installed $700,000 worth of cameras, including five ALPRs, that were linked to the Atlanta RTCC.

Fusus, which claims to be “the most widely used & trusted Real-Time Crime Center platform in U.S. Public Safety,” sells hardware that can be connected to private CCTV cameras and linked up to the local RTCC. Fusus sells a solution that brings all the various technologies under “a single pane of glass,” as the company describes it. Through partnerships with companies that provide surveillance technology, including a $21 million investment from Axon, which produces Tasers and body cams, Fusus promises to integrate these technologies into one RTCC platform for analysts.

Police departments that use Fusus, like the Memphis Police Department, have been encouraging homeowners and local businesses to purchase fususCORE bundles—hardware that connects cameras to an RTCC—ranging from $350 to $7,300, plus an annual $150 subscription. Fusus has even gone as far as developing technology that allows Amazon’s Ring doorbells to livestream to an RTCC.

Amid a push for policing to harness new technologies and become “smarter,” Lipton is quick to point out that more technology doesn’t necessarily equal smarter. “It almost always just means that they're going to keep heavily policing poor and minority areas,” she says. Despite Lavigne’s claims that RTCCs mean the wrong people aren’t getting arrested anymore, in a recent lawsuit, the New Orleans Police Department was sued for arresting a Black man after watching him for 15 minutes through their RTCC and wrongly concluding he had a gun. The department ultimately settled for $10,000 in damages.

Lipton believes relentless surveillance is an infringement of citizens rights and would like to see the use of these technologies limited—aside from facial recognition, which she says should be banned. “There are certain elements we just shouldn't be using at all,” she says. “We should never be applying facial recognition to almost anything … As soon as you apply any really individualizing technology like that, I mean, it's kind of over for people's privacy.” Communities and organizations like EFF and ACLU have been arguing for Community Control Over Police Surveillance (CCOPS) laws that bring surveillance technologies under the control of elected officials and communities. Cities like Oakland have found success with this, but without nationwide restrictions, the rise of RTCCs will likely continue on the periphery of the public eye.

The Quiet Rise of Real-Time Crime Centers

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.

The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.

RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country.

Attack chains mounted by the group are geopolitically motivated and have employed spear-phishing emails to point victims to cloned websites hosting trojanized versions of popular software. Targets include militaries, food supply chains, and IT companies.

The latest lure documents identified by BlackBerry impersonate Ukrainian World Congress, a legitimate non-profit, ("Overview\_of\_UWCs\_UkraineInNATO\_campaign.docx") and feature a bogus letter declaring support for Ukraine's inclusion to NATO ("Letter\_NATO\_Summit\_Vilnius\_2023\_ENG(1).docx").

"Although we haven't yet uncovered the initial infection vector, the threat actor likely relied on spear-phishing techniques, engaging their victims to click on a specially crafted replica of the Ukrainian World Congress website," the Canadian company said in an analysis published last week.

Opening the file triggers a sophisticated execution sequence that entails retrieving intermediate payloads from a remote server, which, in turn, exploits Follina (CVE-2022-30190), a now-patched security flaw affecting Microsoft's Support Diagnostic Tool (MSDT), to achieve remote code execution.

UPCOMING WEBINAR

🔐 Privileged Access Management: Learn How to Conquer Key Challenges

Discover different approaches to conquer Privileged Account Management (PAM) challenges and level up your privileged access security strategy.

Reserve Your Spot

The result is the deployment of RomCom RAT, an executable written in C++ that's designed to collect information about the compromised system and remote commandeer it.

"Based on the nature of the upcoming NATO Summit and the related lure documents sent out by the threat actor, the intended victims are representatives of Ukraine, foreign organizations, and individuals supporting Ukraine," BlackBerry said.

"Based on the available information, we have medium to high confidence to conclude that this is a RomCom rebranded operation, or that one or more members of the RomCom threat group are behind this new campaign supporting a new threat group."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

RomCom RAT Targeting NATO and Ukraine Support Groups

By Waqas
The owner and administrator of the Illicit Services OSINT Tool cites the rise in illegitimate activities and exploitation as reasons for closure.
This is a post from HackRead.com Read the original post: OSINT Tool ‘Illicit Services’ Shuts Down Amidst Exploitation Concerns

In a surprising turn of events, Illicit Services (Search.illicit.services), an **OSINT** (Open-Source Intelligence) tool widely used for gathering information based on personal identifiers, has been shut down by its owner due to growing concerns of exploitation and abuse.

The platform, known for its comprehensive search capabilities covering various personal data points, has been a subject of both controversy and praise.

The owner of Illicit Services, who remains anonymous but is referred to as “Miyako Yakota,” made the decision to close the service following mounting evidence that it was being misused for illegitimate purposes rather than functioning as an effective tool for Open-Source Intelligence. The irony of the platform’s name, given the circumstances, is not lost on Yakota.

Homepage of Illicit Services (left) – Search result on Illicit Services (right) – Screenshot: Hackread.com

One of the key reasons cited by Yakota for the shutdown was the observed spike in abuse of the service, particularly within communities engaged in doxxing and **sim-swapping**. These malicious activities involve the exposure of personal information and unauthorized manipulation of phone services, respectively. By shutting down the service, Yakota aims to curtail the potential harm inflicted upon unsuspecting victims.

However, it is worth noting that Yakota acknowledged the positive aspects of Illicit Services during their announcement on the official Telegram channel. Sharing a user’s success story, Yakota highlighted the case of a non-paying roommate who was exposed for using a fake name on a lease agreement and engaging in fraudulent internship activities, leading to their eviction. Such instances, according to Yakota, shed light on the potential benefits of the platform when used responsibly.

In an unexpected twist, Yakota expressed a willingness to share the data with the Intelligence Community, specifically those allied with the United States. They clarified that while aggregated leaks shared in confidence would not be disclosed, other information would be made available for analysis. Yakota’s decision to involve the Intelligence Community underscores the need to leverage data for lawful purposes while maintaining user privacy and security.

Miyako Yakota on Telegram (Screenshot credit: Hackread.com)

The closure of Illicit Services raises questions about the wider implications of exploiting personal data and the ethical considerations surrounding the use of OSINT tools. It also highlights the responsibility of platform owners to ensure their services are not inadvertently facilitating illegal activities.

**RELATED ARTICLES**

1.  What is an OSINT Tool – Best OSINT Tools 2023
2.  CISA Publishes List of Free Cybersecurity Tools and Services
3.  Temporary Phone Number: An Essential Tool for Privacy Protection

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

OSINT Tool ‘Illicit Services’ Shuts Down Amidst Exploitation Concerns

By Habiba Rashid
The dark net, the illegal drugs, and what's next.
This is a post from HackRead.com Read the original post: Russian Dark Net Markets Dominate the Global Illicit Drug Trade: Report

**The staggering new stat show Russian-language Dark Net Markets (DNM) dominated the Illicit drug trade with over 80% of the $1.49 billion spent in 2022.**

Russian-language Dark Net Markets (DNMs) have experienced a significant surge in popularity among drug dealers and buyers, emerging as a dominant force in the global illicit drug trade, a new report suggests.

Recent data **presented** by blockchain intelligence platform TRM Labs reveals that these markets accounted for an alarming 80% of the $1.49 billion worth of illicit drugs purchased in 2022.

In order to fully understand the rise of Russian DNMs in the drug trade, one must unpack the technological advancements, socio-political factors, and evolving drug market dynamics that have contributed to their unprecedented popularity.

According to researchers, the appeal of Russian DNMs in the drug trade lies in the convenience and perceived anonymity they offer. Technological advances have made the **battle against cybercrime syndicates** all the more challenging for law enforcement, and the same encryption and anonymity tools are being used to run the dark net markets.

These underground online marketplaces allow dealers and buyers to operate covertly, challenging law enforcement investigations and arrests. The **preference for crypto transactions** and blockchain technology within DNMs has further amplified the advantage bestowed upon actors in the illicit drug trade. Loose regulations surrounding cryptocurrency payments make them an ideal tool for masking illegal exchanges.

The growing prominence of Russian-language DNMs also begs the question: how much of a free rein has the widening disconnect between the West and the Kremlin on matters of cybercrime given them?

According to BanklessTimes’ **report**, geopolitical tensions and conflicting interests have hindered collaboration, creating fertile ground for DNMs to flourish. Consequently, law enforcement agencies ability to track, apprehend, and prosecute cybercriminals has been significantly impacted.

**Impact of Russian DNM Takedown on Illicit Drug Trade**

Moreover, the shift from traditional to online markets in recent years has allowed the drug trade to flourish in the shadows of the dark net. According to the Chainanalysis **report**, four out of five of the highest-earning dark net markets in 2022 were involved in the drug trade.

Investigations and arrests that could previously be conducted within one region are now slowed by these DNMs, which provide an open market free from geographical boundaries and laws, making them highly alluring to those involved in illicit drug sales.

In April 2022, when law enforcement **shut down Hydra**, a major Russian-speaking DNM, a decline in the average daily revenue of all such markets was observed, dropping from $4.2 million before closing to $447,000 after its closure. If global efforts against Russian-language DNMs are combined, their impact would send shockwaves through the online illicit drug trade market.

**Halting Illegal Transactions**

Addressing the most nefarious darknet marketplaces starts with improved information sharing among law enforcement agencies, financial institutions, and cyber-research institutions. The global nature of the dark web makes international cooperation imperative.

During 2018 and 2019, Interpol and the European Union brought together law enforcement agencies from 19 countries, leading to the identification of 247 high-value targets and the sharing of operational intelligence required for effective enforcement.

The outcomes were promising, as these joint efforts resulted in arrests and the closure of 50 illicit dark-web platforms, including major drug markets such as the **Wall Street Market**, **Genesis**, **Alphabay**, **Hansa**, and **Valhalla**.

**RELATED ARTICLES:**

1.  Report Shows More Women Presence in Cyber Crime Forum
2.  DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web
3.  179 Dark Web vendors arrested, 500kg worth of drugs seized
4.  Military Satellite Access Sold on Russian Hacker Forum for $15K
5.  IoT Botnet DDoS Attacks Threaten Global Telecom Network, Nokia
6.  Largest Dark Web Webinjects Marketplace “In The Box” Discovered

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Russian Dark Net Markets Dominate the Global Illicit Drug Trade: Report

By Deeba Ahmed
Vade, a provider of email security and threat detection services, has released a report on a recently discovered…
This is a post from HackRead.com Read the original post: New Phishing Attack Spoofs Microsoft 365 Authentication System

Vade, a provider of email security and threat detection services, has released a report on a recently discovered phishing attack that involves the spoofing of the **Microsoft 365** authentication system.

According to Vade’s Threat Intelligence and Response Center (TIRC), the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.

TIRC researchers decoded the base64-encoded string when analyzing a malicious domain and obtained results related to **Microsoft 365 phishing attacks**. Researchers noted that requests for phishing applications were made to eevilcorponline.

Its source code, found via periodic-checkerglitchme, was similar to the attachment’s HTML file, indicating that phishers are leveraging glitch.me to host malicious HTML pages.

Glitch.me is a platform that enables users to create and host web applications, websites, and various online projects. Unfortunately, in this instance, the platform is being exploited to host domains involved in the ongoing Microsoft 365 phishing scam.

The attack begins when the victim receives an email containing a malicious HTML file as an attachment. When the victim opens the file, a **phishing page** masquerading as Microsoft 365 is launched in their web browser. On this deceptive page, the victim is prompted to enter their credentials, which the attackers promptly gather for malicious purposes.

Due to Microsoft 365’s widespread adoption in the business community, there is a significant likelihood that the compromised account belongs to a corporate user. As a result, if the attacker gains access to these credentials, they can potentially obtain sensitive business and trade information.

Additionally, according to their **report**, Vade’s researchers have also discovered a phishing attack that involves the use of a spoofed version of Adobe.

Login pages for Office 365 and Adobe phishing scams (Image credit: Vade)

Further analysis revealed that the malicious “eevilcorp” domain returns an authentication page related to an application called Hawkeye. It is important to highlight that cybersecurity experts, including Talos, have conducted assessments on the original **HawkEye keylogger** and classified it as a malware kit that emerged in 2013, with subsequent versions appearing over time.

This context is relevant because it explains why TIRC researchers were unable to establish a direct connection between the authentication page and the HawkEye keylogger.

The indicators of compromises were identified to be the following ones:

*   periodic-checkerglitchme
*   scan-verifiedglitchme
*   transfer-withglitchme
*   air-droppedglitchme
*   precise-shareglitchme
*   monthly-payment-invoiceglitchme
*   monthly-report-checkglitchme
*   eevilcorponline
*   ultimotemporeonline

This attack stands out due to the utilization of a malicious domain (eevilcorponline) and HawkEye, which is available for purchase on hacker forums as a keylogger and data-stealing tool. While Vade’s investigation is still ongoing, it is crucial for users to remain vigilant and follow these steps to prevent falling victim to a Microsoft 365 phishing scam:

*   **Check the email sender:** Be cautious of emails claiming to be from Microsoft 365 that are sent from suspicious or unfamiliar email addresses. Verify the sender’s email address to ensure it matches the official Microsoft domain.
*   **Look for generic greetings:** Phishing emails often use generic greetings like “Dear User” instead of addressing you by name. Legitimate Microsoft emails usually address you by your name or username.
*   **Analyze email content and formatting:** Pay attention to spelling and grammar mistakes, as well as poor formatting. Phishing emails often contain errors that legitimate communications from Microsoft would not have.
*   **Hover over links:** Before clicking on any links in the email, hover your mouse cursor over them to see the actual URL. If the link’s destination looks suspicious or differs from official Microsoft domains, do not click on it.
*   **Be cautious of urgent requests:** Phishing emails often create a sense of urgency, pressuring you to take immediate action. Beware of emails that claim your Microsoft 365 account is at risk or that require urgent verification of personal information.

Remember, if you suspect an email to be a phishing scam, it’s best to err on the side of caution. Report any suspicious emails to Microsoft and avoid providing personal or sensitive information unless you can verify the legitimacy of the request through official channels.

**RELATED ARTICLES**

1.  Microsoft Teams Flaw Sends Malware to Employees’ Inboxes
2.  CISA’s Sparrow.ps1 tool detects malicious activity on Microsoft 365
3.  Office 365 Phishing Protection – Is Native Microsoft Protection Safe?
4.  10 Crucial Security Tips to Reduce Data Loss in Microsoft Office 365
5.  Microsoft Dynamics 365 Customer Voice Exploited to Steal Credentials
6.  Fake supreme court subpoena phishing scam steals Office 365 credentials

New Phishing Attack Spoofs Microsoft 365 Authentication System

By Habiba Rashid
The cybercrime group has targeted financial institutions, telecoms firms, and mobile banking services, exploiting vulnerabilities to steal funds.
This is a post from HackRead.com Read the original post: Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation

The OPERA1ER group’s illicit activities have resulted in estimated losses of at least $11 million, with the potential to exceed $30 million.

In a breakthrough against cybercrime, authorities have apprehended a suspected senior member of the notorious cybercriminal organization known as OPERA1ER.

The arrest, which occurred in Côte d’Ivoire, a country in West Africa, marks a significant blow to the group’s criminal activities that have targeted financial institutions and mobile banking services across Africa, Asia, and Latin America.

The international operation, codenamed Nervone, was conducted in collaboration between INTERPOL, AFRIPOL, Group-IB, and Côte d’Ivoire’s Direction de l’Information et des Traces Technologiques (DITT).  

OPERA1ER, also identified as Common Raven, Desktop-Group, and NXSMS, has been operating since at least 2016, carrying out highly-organized attacks using sophisticated techniques such as spear-phishing campaigns, malware distribution, and large-scale Business Email Compromise (BEC) scams.

The group has targeted financial institutions, telecoms firms, and mobile banking services, exploiting vulnerabilities to steal funds. Their illicit activities have resulted in estimated losses of at least $11 million, with the potential to exceed $30 million.

The cybercriminal gang’s malicious email campaigns first came to the attention of Group-IB in 2018, when they detected spear-phishing operations responsible for spreading remote access tools and other malware.

In a collaborative effort, INTERPOL’s Cybercrime Directorate, Group-IB, and Orange exchanged intelligence, allowing authorities to track the group’s activities and identify a likely location for their operations.

Additional support was provided by the United States Secret Service’s Criminal Investigative Division and Booz Allen Hamilton DarkLabs cybersecurity researchers, who confirmed leads crucial to the investigation.

**How it occurred**

The arrest of a key suspect in Côte d’Ivoire in early June resulted from the successful coordination of international efforts. The captured individual is believed to be a senior member of OPERA1ER and was involved in attacks against financial institutions across Africa.

Authorities are confident that this arrest will have a significant impact on the group’s criminal endeavours, disrupting their network and preventing further financial losses.

In a press release, Bernardo Pillot, INTERPOL’s Assistant Director of Cybercrime Operations, commended the operation, stating,

> “Operation Nervone is a testament to what we can achieve through international collaboration and intelligence sharing. This successful operation marks a significant step in our ongoing mission to dismantle organized cybercrime networks, showcasing the power of collective action in stemming the tide against cybercrime.”
> 
> Bernardo Pillot

The successful arrest of a senior member of the OPERA1ER cybercrime group demonstrates the importance of international collaboration and the tireless efforts of law enforcement agencies and cybersecurity experts in safeguarding financial systems and protecting individuals from cyber threats.

As the fight against cybercrime continues, authorities remain dedicated to dismantling criminal networks and ensuring the security of global cyberspace.

1.  Do Kwon, Founder of Terraform Labs, Arrested in Montenegro
2.  Owner of Breach Forums Pompompurin Arrested in New York
3.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
4.  Estonian Arrested: Accused of Supplying Hacking Tools to Russia
5.  Teen among suspects arrested in Android banking malware scheme

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation

Plus: A French bill would allow spying via phone cameras, ATM skimmers target welfare families, and Japan’s largest cargo port gets hit with ransomware.

When Yevgeny Prighozin, the head of the notorious mercenary army known as the Wagner Group, staged an aborted coup against the Russian government, his brief revolt led to the deaths of 13 Russian fighter pilots and a serious blow to Vladimir Putin's sense of invulnerability. Now the fallout of that strange story has also apparently taken another casualty: the most notorious troll farm in the world, known as the Internet Research Agency.

But we'll get to that. First, Elon Musk is having a tough week. After Twitter’s baffling decision to temporarily limit the number of tweets users can read each day, Mark Zuckerberg sucker-punched the self-sabotaged platform with the launch of Threads. The Instagram-linked microblogging app surged to the top of the app store charts, gaining a staggering 30 million users in 24 hours—a clear sign that many people are willing to ignore Meta’s privacy-invading ways.

If you want to get in on the Threads action but don't want to share all your data with Meta, there's a better way: Don't join. Instead, wait until Threads connects to the broader decentralized social media ecosystem enabled by the ActivityPub protocol, which is also used by Mastodon. It should enable you to interact with Threads without signing up for an account or downloading the app. And if you're still trying to pick which Twitter alternative to jump on—or just want to see what data each platform collects—we've broken down the privacy policies of Threads, Bluesky, Mastodon, and more.

Even if you don't share your data with Meta, the information about you that's already out there is likely up for sale. But it's not just companies buying up your personal details—cops and spies are purchasing that data too. That is, unless the US Congress puts a stop to it. A bipartisan group of lawmakers has submitted an amendment to the National Defense Authorization Act, which Congress must pass each year, that would forbid intelligence agencies from buying sensitive data about Americans. The amendment has to survive a long debate before it can become law, but if Congress keeps it intact, US spies will no longer be able to buy your location data and search histories on the open market.

Finally, our partners at Grist investigated the risks posed by electric vehicle charging stations. Due to a variety of security vulnerabilities and a lack of industry standards for protecting EV chargers from hackers, both drivers and the entire power grid could be at risk.

But that's not all. Each week, we round up the security news we didn't report in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

For years, the St. Petersburg-based Internet Research Agency embodied many Americans’ worst fears of Russia’s disinformation influences across Western social media. The operation, created by Vladimir Putin ally and oligarch Yevgeny Prighozin, fueled scandals, spewed fake news, and meddled in US elections deeply enough to warrant an indictment from the Justice Department against a group of its staff and even a disruptive hacking operation from US Cyber Command targeting its network.

Now, after the US government's attempts to cripple or kill Prighozin’s troll factory, he’s managed to do it himself. In the wake of the bizarre, brief mutiny of Prighozin’s mercenary Wagner Group, contracted to take part in Russia’s invasion of Ukraine, Prighozin has been stripped of assets in Russia, including the media group of which the Internet Research Agency was a part. Initially, the troll farm sought a new owner, but Reuters reported ahead of the July 4 holiday that the infamous influence machine will instead be disbanded. Prighozin, meanwhile, was said to have been exiled to Belarus—but has now returned to Russia, according to the Belarusian president Alexander Lukashenko.

A highly controversial surveillance bill in France, making its way through the country’s parliament, would allow law enforcement to surreptitiously spy on criminal suspects via their devices’ cameras and microphones. The legislation, which would apply to smartphones, connected cars, laptops, and other devices, was passed by the French National Assembly earlier this week as part of wider changes to the French justice system. In response to criticism, French president Emmanuel Macron’s party made changes to the law that would only allow it to be used “when justified by the nature and seriousness of the crime,” only for an appropriate duration, and only for a maximum of six months, regardless of the suspected criminal conduct. Both the right and left political parties of the country continue to protest the bill.

In recent years, American credit cards have been far harder to defraud, as banks have added security features like authentication chips. But EBT cards, the debit cards provided to many of the poorest Americans in the welfare system, have lagged behind in those protections, instead continuing to store their numbers in a simple magnetic strip. The result has been millions of dollars in irreversible theft from some of the country’s most needy and vulnerable families, as captured in a _Bloomberg BusinessWeek_ feature in this week’s “Heist Issue” of the magazine. California alone, according to the report, saw an average of $10 million a month stolen in the first three months of this year. The fraud scheme is carried out by criminals who plant “skimmer” devices on grocery store point-of-sale systems and ATMs that record credit card numbers, which are then used to drain accounts of funds as soon as they’re refreshed at midnight on the first of the month. _BusinessWeek_ tells the story of a mother of five whose welfare funds were stolen in this way four times in less than a year.

The Japanese port of Nagoya—the country’s biggest cargo port. handling roughly 10 percent of its total shipping—on Tuesday revealed that it had been the victim of a ransomware attack. The attack, apparently carried out by the prolific Russia-linked ransomware group LockBit, prevented companies like Toyota from loading and unloading manufacturing components from ships and led to a traffic jam of truck drivers picking up and offloading containers at the port. To the Nagoya shipping port’s credit, however, it recovered quickly from the attack, resuming operations just two days later.

Russia’s Notorious Troll Farm Disbands

Guardrails need to be set in place to ensure confidentiality of sensitive information, while still leveraging AI as a force multiplier for productivity.

At the end of June, cybersecurity firm Group-IB revealed a notable security breach that impacted ChatGPT accounts. The company identified a staggering 100,000 compromised devices, each with ChatGPT credentials that were subsequently traded on illicit Dark Web marketplaces over the course of the past year. This breach prompted calls for immediate attention to address the compromised security of ChatGPT accounts, since search queries containing sensitive information become exposed to hackers.

In another incident, within a span of less than a month, Samsung suffered three documented instances in which employees inadvertently leaked sensitive information through ChatGPT. Because ChatGPT retains user input data to improve its own performance, these valuable trade secrets belonging to Samsung are now in the possession of OpenAI, the company behind the AI service. This poses significant concerns regarding the confidentiality and security of Samsung's proprietary information.

Because of such worries about ChatGPT's compliance with the EU's General Data Protection Regulation (GDPR), which mandates strict guidelines for data collection and usage, Italy has imposed a nationwide ban on the use of ChatGPT.

Rapid advancements in AI and generative AI applications have opened up new opportunities for accelerating growth in business intelligence, products, and operations. But cybersecurity program owners need to ensure data privacy while waiting for laws to be developed.

**Public Engine Versus Private Engine**

To better comprehend the concepts, let's start by defining public AI and private AI. Public AI refers to publicly accessible AI software applications that have been trained on datasets, often sourced from users or customers. A prime example of public AI is ChatGPT, which leverages publicly available data from the Internet, including text articles, images, and videos.

Public AI can also encompass algorithms that utilize datasets not exclusive to a specific user or organization. Consequently, customers of public AI should be aware that their data might not remain entirely private.

Private AI, on the other hand, involves training algorithms on data that is unique to a particular user or organization. In this case, if you use machine learning systems to train a model using a specific dataset, such as invoices or tax forms, that model remains exclusive to your organization. Platform vendors do not utilize your data to train their own models, so private AI prevents any use of your data to aid your competitors.

**Integrate AI Into Training Programs and Policies**

In order to experiment, develop, and integrate AI applications into their products and services while adhering to best practices, cybersecurity staff should put the following policies into practice.

**User Awareness and Education:** Educate users about the risks associated with utilizing AI and encourage them to be cautious when transmitting sensitive information. Promote secure communication practices and advise users to verify the authenticity of the AI system.

*   **Data Minimization:** Only provide the AI engine with the minimum amount of data necessary to accomplish the task. Avoid sharing unnecessary or sensitive information that is not relevant to the AI processing.
*   **Anonymization and De-identification:** Whenever possible, anonymize or de-identify the data before inputting it into the AI engine. This involves removing personally identifiable information (PII) or any other sensitive attributes that are not required for the AI processing.

**Secure Data Handling Practices:** Establish strict policies and procedures for handling your sensitive data. Limit access to authorized personnel only and enforce strong authentication mechanisms to prevent unauthorized access. Train employees on data privacy best practices and implement logging and auditing mechanisms to track data access and usage.

**Retention and Disposal:** Define data retention policies and securely dispose of the data once it is no longer needed. Implement proper data disposal mechanisms, such as secure deletion or cryptographic erasure, to ensure that the data cannot be recovered after it is no longer required.

**Legal and Compliance Considerations:** Understand the legal ramifications of the data you are inputting into the AI engine. Ensure that the way users employ the AI complies with relevant regulations, such as data protection laws or industry-specific standards.

**Vendor Assessment:** If you are utilizing an AI engine provided by a third-party vendor, perform a thorough assessment of their security measures. Ensure that the vendor follows industry best practices for data security and privacy, and that they have appropriate safeguards in place to protect your data. ISO and SOC attestation, for example, provide valuable third-party validations of a vendor's adherence to recognized standards and their commitment to information security.

**Formalize an AI Acceptable Use Policy (AUP):** An AI acceptable use policy should outline the purpose and objectives of the policy, emphasizing the responsible and ethical use of AI technologies. It should define acceptable use cases, specifying the scope and boundaries for AI utilization. The AUP should encourage transparency, accountability, and responsible decision-making in AI usage, fostering a culture of ethical AI practices within the organization. Regular reviews and updates ensure the policy's relevance to evolving AI technologies and ethics.

**Conclusions**

By adhering to these guidelines, program owners can effectively leverage AI tools while safeguarding sensitive information and upholding ethical and professional standards. It is crucial to review AI-generated material for accuracy while simultaneously protecting the inputted data that goes into generating response prompts.

How to Safely Architect AI in Your Cybersecurity Programs

When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.

When the marital infidelity website **AshleyMadison.com** learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO **Noel Biderman** was quick to point the finger at an unnamed former contractor. But as a new documentary series on **Hulu** reveals \[_SPOILER ALERT!_\], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.

The new documentary, _The Ashley Madison Affair_, begins airing today on Hulu in the United States and on **Disney+** in the United Kingdom. The series features interviews with security experts and journalists, Ashley Madison executives, victims of the breach and jilted spouses.

The series also touches on shocking new details unearthed by KrebsOnSecurity and **Jeremy Bullock**, a data scientist who worked with the show’s producers at the Warner Bros. production company Wall to Wall Media. Bullock had spent many hours poring over the hundreds of thousands of emails that the Ashley Madison hackers stole from Biderman and published online in 2015.

Wall to Wall reached out in July 2022 about collaborating with Bullock after KrebsOnSecurity published A Retrospective on the 2015 Ashley Madison Breach. That piece explored how Biderman — who is Jewish — had become the target of concerted harassment campaigns by anti-Semitic and far-right groups online in the months leading up to the hack.

Whoever hacked Ashley Madison had access to all employee emails, but they only released Biderman’s messages — three years worth. Apropos of my retrospective report, Bullock found that a great many messages in Biderman’s inbox were belligerent and anti-Semitic screeds from a former Ashley Madison employee named **William Brewster Harrison**.

William Harrison’s employment contract with Ashley Madison parent Avid Life Media.

The messages show that Harrison was hired in March 2010 to help promote Ashley Madison online, but the messages also reveal Harrison was heavily involved in helping to create and cultivate phony female accounts on the service.

There is evidence to suggest that in 2010 Harrison was directed to harass the owner of **Ashleymadisonsucks.com** into closing the site or selling the domain to Ashley Madison.

Ashley Madison’s parent company — Toronto-based **Avid Life Media** — filed a trademark infringement complaint in 2010 that succeeded in revealing a man named **Dennis Bradshaw** as the owner. But after being informed that Bradshaw was not subject to Canadian trademark laws, Avid Life offered to buy AshleyMadisonSucks.com for $10,000.

When Bradshaw refused to sell the domain, he and his then-girlfriend were subject to an unrelenting campaign of online harassment and blackmail. It now appears those attacks were perpetrated by Harrison, who sent emails from different accounts at the free email service **Vistomail** pretending to be Bradshaw, his then-girlfriend and their friends.

\[As the documentary points out, the domain AshleyMadisonSucks.com was eventually transferred to Ashley Madison, which then shrewdly used it for advertising and to help debunk theories about why its service was supposedly untrustworthy\].

Harrison even went after Bradshaw’s lawyer and wife, listing them both on a website he created called **Contact-a-CEO\[.\]com**, which Harrison used to besmirch the name of major companies — including several past employers — all entities he believed had slighted him or his family in some way. The site also claimed to include the names, addresses and phone numbers of top CEOs.

A cached copy of Harrison’s website, contact-the-ceo.com.

An exhaustive analysis of domains registered to the various Vistomail pseudonyms used by Harrison shows he also ran **Bash-a-Business\[.\]com**, which Harrison dedicated to “all those sorry ass corporate executives out there profiting from your hard work, organs, lives, ideas, intelligence, and wallets.” Copies of the site at archive.org show it was the work of someone calling themselves “**The Chaos Creator**.”

Will Harrison was terminated as an Ashley Madison employee in November 2011, and by early 2012 he’d turned his considerable harassment skills squarely against the company. Ashley Madison’s long-suspected army of fake female accounts came to the fore in August 2012 after the former sex worker turned activist and blogger **Maggie McNeill** published screenshots apparently taken from Ashley Madison’s internal systems suggesting that a large percentage of the female accounts on the service were computer-operated bots.

Ashley Madison’s executives understood that only a handful of employees at the time would have had access to the systems needed to produce the screenshots McNeill published online. In one exchange on Aug. 16, 2012, Ashley Madison’s director of IT was asked to produce a list of all company employees with all-powerful administrator access.

“Who or what is **asdfdfsda@asdf.com**?,” Biderman asked, after being sent a list of nine email addresses.

“It appears to be the email address Will used for his profiles,” the IT director replied.

“And his access was never shut off until today?,” asked the company’s general counsel Mike Dacks.

A Biderman email from 2012.

What prompted the data scientist Bullock to reach out were gobs of anti-Semitic diatribes from Harrison, who had taken to labeling Biderman and others “greedy Jew bastards.”

“So good luck, I’m sure we’ll talk again soon, but for now, Ive got better things in the oven,” Harrison wrote to Biderman after his employment contract with Ashley Madison was terminated. “Just remember I outsmarted you last time and I will outsmart and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition.”

A 2012 email from William Harrison to former Ashley Madison CEO Noel Biderman.

Harrison signed his threatening missive with the salutation, “We are legion,” suggesting that whatever comeuppance he had in store for Ashley Madison would come from a variety of directions and anonymous hackers.

The leaked Biderman emails show that Harrison made good on his threats, and that in the months that followed Harrison began targeting Biderman and other Ashley Madison executives with menacing anonymous emails and spoofed phone calls laced with profanity and anti-Semitic language.

But on Mar. 5, 2014, Harrison committed suicide by shooting himself in the head with a handgun. This fact was apparently unknown to Biderman and other Ashley Madison executives more than a year later when their July 2015 hack was first revealed.

Does Harrison’s untimely suicide rule him out as a suspect in the 2015 hack? Who is The Chaos Creator, and what else transpired between Harrison and Ashley Madison prior to his death? We’ll explore these questions in Part II of this story, to be published early next week.

Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

Tag

#intel