Insights For Success

Strategy, Innovation, Leadership and Security

Police

Operation Green Heart targets online currency counterfeit buyers

GeneralEdward KiledjianComment
Image courtesy of Europol

Image courtesy of Europol

A massive Europe wide operation took place between November 19 until December 6th, arresting 235 suspects in 13 countries. The operation confiscated 1,500 Euro banknotes, drugs, weapons, computers, phones, bitcoin, etc.

This operation was made possible after a 33-year old counterfeiter was arrested in June 2018 by Austrian police in the city of Leoben. The counterfeiter was producing 10,20 & 50 Euro banknotes and it is believed he had successfully offloaded over 10,000 (worth ~ $500,000 EUR) notes before being arrested. The counterfeit notes were sent out using regular mail, so as not to arouse suspicion.

The counterfeiter is believed to have designed the notes on his own computer. He printed them himself and made them look authentic using (suspected) Chinese made holograms. Depending on the quality of the prints, the price varied from 15-40% of the notes face value.

Aldia.cat also reports that data from an FBI/Europol raid on another Darknet seller specializing in weapons, drugs and fake money also contributed valuable information to Operation Green Heart.

The operation involved raids on 300 dwellings across Europe: 178 in Germany, 28 in France, 20 in Austria and others in Spain (Madrid, Velncia, Las Palmas de Gran Canaria, Tenerife, Barcelona, Sevilla, Granada, etc) , Croatia, Cyprus, Finland, Ireland and the Netherlands.

One of the suspects arrested in Munich still had 14 counterfeit notes with him.

The moral of the story is that good policing can cut through the anonymity of TOR, so criminals beware.

Sources:

Pokemon Go players targeted in robbery & police issue safety tips

GeneralEdward KiledjianComment

Pokemon Go is an incredible phenomenon encouraging people to get outside, walk and socialize. For all its faults, it has tones of positive attributes. The challenge (and what keeps the game interesting), is the fact you never know where Pokemon are going to pop up. 

Here is the stampede that ensued when a rare Vaporeon Pokemon showed up in central park. Notice the guy that just leaves his car in the middle of the road and rushes in.

While its a great game, many get too enthralled in the game and forget to stay alert and aware of their surroundings. This is why we have heard of a handful of issues from injuries to theft. Now the Ottawa police are urging Canadians to stay alert after an attempted theft Wednesday (reported by the Winnipeg Free Press).

Police say a 24-year-old woman and a 23-year-old man were using their phones to play the augmented-reality game in the area near Ottawa city hall around 1:30 a.m. on Wednesday.

Ottawa police say two suspects approached the players and one of them grabbed the man’s phone and fled. They say the man ran after the suspect to an area where the suspect was arrested by military police, who turned him over to Ottawa police.
— Ottawa Police

Due to the unprecedented success of this game, police agencies have started blogging safety tips for players. The Regina Police have an interesting blog post

The Irving Police department released a hilarious Pokemon Go safety video

The moral of the story is go outside, have fun but stay alert.

IOS 8 means Apple can't unlock your device for law enforcement

technologyEdward KiledjianComment

The slow and consistent Snowden leaks about how everything we do is monitored, recorded and analysed is freaking some people out. And this extra customer push may be what was needed to finally improve on-device security for our most personal devices (aka smartphones).

Apple announced (link) that IOS 8 is a big move for IOS device security because it is now "technologically impossible" to access data stored on a passcode or TouchID locked device. Apple says they can no longer bypass device security. It is important to note that this only applies for on device information (contact, pictures, recordings, etc), anything stored in the cloud is fair game and can be handed over to authorities with a warrant or NSL.

Obviously law enforcement isn't too thrilled about this new hurdle because it (they claim) makes it easier for criminals to perform their nefarious activities and hide.

Why did Apple do this? Because if they can't technically provide the information, then they can  no longer be compelled to do so by a court. It reduces workload for them and improves customer perception. 

Now for the bad news. Renown security analyst Jonathan Zdziarski discussed these new measures on his blog (link) but threw in an important caveat :

What’s left are services that iTunes (and Xcode) talk to in order to exchange information with third party applications, or access your media folder. Apple wants you to be able access your photos and other information from your desktop while the phone is locked – for ease of use. This, unfortunately, also opens up the capability for law enforcement to also use this mechanism to dump:

- Your camera reel, videos, and recordings
- Podcasts, Books, and other iTunes media
- All third party application data

Existing commercial forensics tools can still acquire these artifacts from your device, even running iOS 8. I have tested with my own private forensics tools, as well, and confirmed this. I dumped all of my third party application data (including caches, databases, screenshots, etc), as well as my camera reel and other media… all within a few minutes and from my locked iPhone running iOS 8 GM.

There is one big caveat though, but it’s not a big problem for law enforcement. This technique requires access to a trusted pairing record on a desktop / laptop machine that is paired with your phone, and as of iOS 8 requires physical access to the phone. What does this mean? This means that if your’e arrested, the police will seize both your iPhone and all desktop / laptop machines you own, and use files on the desktop to dump and access all of the above data on your iPhone. This can also be done at an airport, if you are detained.
— Jonathan Zdziaski

I don't want to undersell what Apple has done. Apple has helped make IOS users much safer by fixing many of the security issues present in IOS7. The above note by Jonathan is something to keep in mind. If you want to maintain the highest level of security protection, never connect your iPhone to a PC. 

Skype is spying on your instant messages

SecurityEdward KiledjianComment

A couple of weeks ago, a group of hackers accused Skype (now owned by Microsoft) of changing its underlying architecture to make eavesdropping easier.

It is still unknown if Skype/Microsoft can intercept your voice calls but reading their privacy policy, it is clearly written that they can and do comb through instant messages (which is stores for 30 or more when permitted by law) sent via the Skype service.

The reason voice interception is unknown is the use of a common legal term called “includes but is not limited to” which means they list some services they monitor but reserve the right to monitor others. We also know that Skype “co-operates with law enforcement agencies as is legally required and technically feasible,” so assume anything you IM via Skype may be used by them or handed over to law enforcement.

ZDNet’s Steven J. Vaughan-Nichols goes on to say “There is no reason to believe that they can’t record our  Skype voice calls as well,” “Therefore, any person or business who is concerned with their communication privacy should stop using Skype and look for an alternative.”

Interesting when these types of privacy concerns surface and get confirmed. User beware.

Read More