Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting “online dating” programs — affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of more than 80,000 automated female Twitter accounts has been pimping the same dating scheme and ginning up millions of clicks from Twitter users in the process. Not long after I published Inside a Porn-Pimping Spam Botnet, I heard from researchers at ZeroFOX, a security firm that helps companies block attacks coming through social media. Zack Allen, manager of threat operations at ZeroFOX, said he had a look at some of the spammy, adult-themed domains being promoted by the botnet in my research and found they were all being promoted through a botnet of bogus Twitter accounts. Those phony Twitter accounts all featured images of attractive or scantily-clad women, and all were being promoted via suggestive tweets, Allen said. Anyone who replied was ultimately referred to subscription-based online dating sites run by Deniro Marketing, a company based in California. This was the same company that was found to be the beneficiary of spam from the porn botnet I’d written about in June. Deniro did not respond to requests for comment. “We’ve been tracking this thing since February 2017, and we concluded that the social botnet controllers are probably not part of Deniro Marketing, but most likely are affiliates,” Allen said. ZeroFOX found more than 86,262 Twitter accounts were responsible for more than 8.6 million posts on Twitter promoting porn-based sites, many of them promoting domains in a swath of Internet address space owned by Deniro Marketing (ASN19984). Allen said 97.4% of bot display names had the pattern “Firstname Surname” with the first letters of each name capitalized, and each name separated by a single whitespace character that corresponded to common female names. The accounts advertise adult content by routinely injecting links from their twitter profiles to a popular hashtag, or by @-mentioning a popular user or influencer on Twitter. Those profile links are shortened with Google’s goo.gl link shortening service, which then redirects to a free hosting domain in the dot-tk (.tk) domain space (.tk is the country code for Tokelau — a group of atolls in the South Pacific). From there the system is smart enough to redirect users back to Twitter if they appear to be part of any automated attempt to crawl the links (e.g. by using site download and mirroring tools like cURL), the researchers found. They said this was likely a precaution on the part of the spammers to avoid detection by automated scanners looking for bot activity on Twitter. Requests from visitors who look like real users responding to tweets are redirected to the porn spam sites. Because the links promoted by those spammy Twitter accounts all abused short link services from Twitter and Google, the researchers were able to see that this entire botnet has generated more than 30 million unique clicks from February to June 2017. [SIDE NOTE: Anyone seeking more context about what’s being promoted here can check out the Web site datinggold[dot]com [Caution: Not-Safe-for-Work], which suggests it’s an affiliate program that rewards marketers who drive new signups to its array of “online dating” offerings — mostly “cheating,” “hookup” and “affair-themed” sites like “AdsforSex,” “Affair Hookups,” and “LocalCheaters.” Note that this program is only interested in male signups.] Allen said the Twitter botnet relies heavily on accounts that have been “aged” for a period of time as another method to evade anti-spam techniques used by Twitter, which may treat tweets from new accounts with more prejudice than those from established accounts. ZeroFOX said about 20 percent of the Twitter accounts identified as part of the botnet were aged at least one year before sending their first tweet, and that the botnet overall demonstrates that these affiliate programs have remained lucrative by evolving to harness social media. “The final redirect sites encourage the user to sign up for subscription pornography, webcam sites, or fake dating,” ZeroFOX wrote in a report being issued this week. “These types of sites, although legal, are known to be scams.” Perhaps the most well-known example of the subscription-based dating/cheating service that turned out to be mostly phony was AshleyMadison. After AshleyMadison’s user databases were plundered and published online, the company admitted that its service used at least 70,000 female chatbots that were programmed to message new users and try to entice them into replying — which required a paid account. “Many of the sites’ policies claim that the site owners operate most of the profiles,” ZeroFOX charged. “They also have overbearing policies that can use personally information of their customers to send to other affiliate programs, yielding more spam to the victim. Much like the infamous ‘partnerka’ networks from the Russian Business Network, money is paid out via clicks and signups on affiliate programs” [links added]. Although the Twitter botnet discovered by ZeroFOX has since been dismantled, it not hard to see how this same approach could be very effective at spreading malware. Keep your wits about you while using or cruising social media sites, and be wary of any posts or profiles that match the descriptions and behavior of the bot accounts described here. For more on this research, see ZeroFOX’s blog post Inside a Massive Siren Social Network Spam Botnet. from https://krebsonsecurity.com/2017/07/porn-spam-botnet-has-evil-twitter-twin/
0 Comments
A greater number of ATM skimming incidents now involve so-called “insert skimmers,” wafer-thin fraud devices made to fit snugly and invisibly inside a cash machine’s card acceptance slot. New evidence suggests that at least some of these insert skimmers — which record card data and store it on a tiny embedded flash drive — are equipped with technology allowing them to transmit stolen card data wirelessly via infrared, the same communications technology that powers a TV remote control. Last month the Oklahoma City metropolitan area experienced rash of ATM attacks involving insert skimmers. The local KFOR news channel on June 28, 2017 ran a story stating that at least four banks in the area were hit with insert skimmers. The story quoted a local police detective saying “the skimmer contains an antenna which transmits your card information to a tiny camera hidden somewhere outside the ATM.” Financial industry sources tell KrebsOnSecurity that preliminary analysis of the insert skimmers used in the attacks suggests they were configured to transmit stolen card data wirelessly to the hidden camera using infrared, a short-range communications technology most commonly found in television remote controls. Here’s a look at one of the insert skimmers that Oklahoma authorities recently seized from a compromised ATM: In such an attack, the hidden camera has a dual function: To record time-stamped videos of ATM users entering their PINs; and to receive card data recorded and transmitted by the insert skimmer. In this scenario, the fraudster could leave the insert skimmer embedded in the ATM’s card acceptance slot, and merely swap out the hidden camera whenever its internal battery is expected to be depleted. Of course, the insert skimmer also operates on an embedded battery, but according to my sources the skimmer in question was designed to turn on only when someone uses the cash machine, thereby preserving the battery. Thieves involved in skimming attacks have hidden spy cameras in some pretty ingenious places, such as a brochure rack to the side of the cash machine or a safety mirror affixed above the cash machine (some ATMs legitimately place these mirrors so that customers will be alerted if someone is standing behind them at the machine). More often than not, however, hidden cameras are placed behind tiny pinholes cut into false fascias that thieves install directly above or beside the PIN pad. Unfortunately, I don’t have a picture of a hidden camera used in the recent Oklahoma City insert skimming attacks. Here’s a closer look at the insert skimmer found in Oklahoma: A source at a financial institution in Oklahoma shared the following images of the individuals who are suspected of installing these insert skimming devices. As this skimming attack illustrates, most skimmers rely on a hidden camera to record the victim’s PIN, so it’s a good idea to cover the pin pad with your hand, purse or wallet while you enter it. Yes, there are skimming devices that rely on non-video methods to obtain the PIN (such as PIN pad overlays), but these devices are comparatively rare and quite a bit more expensive for fraudsters to build and/or buy. So cover the PIN pad. It also protects you against some ne’er-do-well behind you at the ATM “shoulder surfing” you to learn your PIN (which would likely be followed by a whack on the head). It’s an elegant and simple solution to a growing problem. But you’d be amazed at how many people fail to take this basic, hassle-free precaution. If you’re as fascinated as I am with all these skimming devices, check out my series All About Skimmers. from https://krebsonsecurity.com/2017/07/thieves-used-infrared-to-pull-data-from-atm-insert-skimmers/ It’s Patch Tuesday, again. That is, if you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe’s got a new version of its Flash Player available that addresses at least three vulnerabilities. The updates from Microsoft concern many of the usual program groups that seem to need monthly security fixes, including Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange. According to security firm Qualys, the Windows update that is most urgent for enterprises tackles a critical bug in the Windows Search Service that could be exploited remotely via the SMB file-sharing service built into both Windows workstations and servers. Qualys says the issue affects Windows Server 2016, 2012, 2008 R2, 2008 as well as desktop systems like Windows 10, 7 and 8.1. “While this vulnerability can leverage SMB as an attack vector, this is not a vulnerability in SMB itself, and is not related to the recent SMB vulnerabilities leveraged by EternalBlue, WannaCry, and Petya.” Qualys notes, referring to the recent rash of ransomware attacks which leveraged similar vulnerabilities. Other critical fixes of note in this month’s release from Microsoft include at least three vulnerabilities in Microsoft’s built-in browser — Edge or Internet Explorer depending on your version of Windows. There are at least three serious flaws in these browsers that were publicly detailed prior to today’s release, suggesting that malicious hackers may have had some advance notice on figuring out how to exploit these weaknesses. As it is accustomed to doing on Microsoft’s Patch Tuesday, Adobe released a new version of its Flash Player browser plugin that addresses a trio of flaws in that program. The latest update brings Flash to v. 26.0.0.137 for Windows, Mac and Linux users alike. If you have Flash installed, you should update, hobble or remove Flash as soon as possible. To see which version of Flash your browser may have installed, check out this page. The smartest option is probably to ditch the program once and for all and significantly increase the security of your system in the process. An extremely powerful and buggy program that binds itself to the browser, Flash is a favorite target of attackers and malware. For some ideas about how to hobble or do without Flash (as well as slightly less radical solutions) check out A Month Without Adobe Flash Player. If you choose to keep Flash, please update it today. The most recent versions of Flash should be available from the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). Chrome and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates in and/or restart the browser to get the latest Flash version). A green arrow in the upper right corner of my Chrome installation today gave me the prompt I needed to update my version to the latest. Chrome users may need to restart the browser to install or automatically download the latest version. When in doubt, click the vertical three dot icon to the right of the URL bar, select “Help,” then “About Chrome”: If there is an update available, Chrome should install it then. As always, if you experience any issues downloading or installing any of these updates, please leave a note about it in the comments below. from https://krebsonsecurity.com/2017/07/adobe-microsoft-push-critical-security-fixes-11/ Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company has acknowledged. The breach may have jeopardized customer credit card accounts as well as biometric data, Avanti warned. According to Tukwila, Wash.-based Avanti’s marketing literature, some 1.6 million customers use the company’s break room self-checkout devices — which allow customers to pay for drinks, snacks and other food items with a credit card, fingerprint scan or cash. Sometime in the last few hours, Avanti published a “notice of data breach” on its Web site. “On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.” Avanti said it appears the malware was designed to gather certain payment card information including the cardholder’s first and last name, credit/debit card number and expiration date. Breaches at point-of-sale vendors have become almost regular occurrences over the past few years, but this breach is especially notable as it may also have jeopardized customer biometric data. That’s because the newer Avanti kiosk systems allow users to pay using a scan of their fingerprint. “In addition, users of the Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk’s biometric verification functionality,” the company warned. On Thursday, KrebsOnSecurity learned from a source at a law firm that the food vending machine in its employee lunchroom was no longer able to accept credit cards. The source said his firm’s information technology personnel told him the credit card functionality had been temporarily disabled because of a breach at Avanti. Another source told this author that Avanti’s corporate network had been breached, and that Avanti had made the decision to turn off all self-checkouts for now — although the source said customers could still use cash at the machines. “I was told that about half of the self-checkouts do not have P2Pe,” the source said, on condition of anonymity. P2Pe is short for “point-to-point encryption,” and it’s a technological solution that encrypts sensitive data such as credit card information at every point in the card transaction. In theory, P2Pe should to be able to protect card data even if there is malicious software resident on the device or network in question. Avanti said in its notice that it had shut down payment processing at some locations, and that the company was working with its operators to purge infected systems of any malware from the attack and to take steps to “substantially minimize the risk of a data compromise in the future.” THE MALWAREOn Friday evening, security firm Risk Analytics published a blog post that detailed an experience from a customer who shared a remarkably similar experience to the one referenced by the anonymous law firm source above. Risk Analytics’s Noah Dunker wrote that the company’s technology on July 4 flagged suspicious behavior by a break room vending kiosk. Further inspection of the device and communications traffic emanating from it revealed it was infected with a family of point-of-sale malware known as PoSeidon (a.k.a. “FindPOS”) that siphons credit card data from point-of-sale devices. “In our analysis of the incident, it seems most likely that the larger vendor was compromised, and some or all of the kiosks maintained by local vendors were impacted,” Dunker wrote. “We’ve been able to identify at least two smaller vendors with local operations that have been impacted in two different cities though we are not naming any impacted vendors yet, as we’ve been unable to contact them directly.” KrebsOnSecurity reached out to Risk Analytics to see if the vendor of the snack machine used by the victim organization he wrote about also was Avanti. Dunker confirmed that the kiosk vendor that was the subject of his post was indeed Avanti. Dunker noted that much like point-of-sale devices at many restaurant chains, these snack machines usually are installed and managed by third-party technology companies, adding another layer of complexity to the challenge of securing these devices from hackers. Dunker said Risk Analytics first noticed something wasn’t right with its client’s break room snack machine after it began sending data out of the client’s network using an SSL encryption certificate that has long been associated with cybercrime activity — including ransomware activity dating back to 2015. “This is a textbook example of an ‘Internet of Things’ (IoT) threat: A network-connected device, controlled and maintained by a third party, which cannot be easily patched, audited, or controlled by your own IT staff,” Dunker wrote. ANALYSISCredit card machines and point-of-sale devices are favorite targets of malicious hackers, mainly because the data stolen from those systems is very easy to monetize. However, the point-of-sale industry has a fairly atrocious record of building insecure products and trying to tack on security only after the products have already gone to market. Given this history, it’s remarkable that some of these same vendors are now encouraging customers to entrust them with biometric data. Credit cards can be re-issued, but biometric identifiers are for life. Companies that choose to embed biometric capabilities in their products should be held to a far higher security standard than those used to protect card data. For starters, any device that requests, stores or transmits biometric data should at a minimum ensure that the data remains strongly encrypted both at rest and in transit. Judging by Avanti’s warning that some customer biometric data may have been compromised in this breach, it seems this may not have been the case for at least a subset of their products. I would like see some industry acknowledgement of this before we start to see more stand-alone payment applications entice users to supply biometric data, but I share Dunker’s fear that we may soon see biometric components added to a whole host of Internet-connected (IoT) devices that simply were not designed with security in mind. Also, breaches like this illustrate why it’s critically important for organizations to segment their internal networks, and to keep payment systems completely isolated from the rest of the network. However, neither of the victim organizations referenced above appear to have taken this important precaution. To illustrate this concept a bit further, it may well be that the criminal masterminds behind this attack could have made far more money had they used the remote access they apparently had to these Avanti devices to push ransomware out to Microsoft Windows computers residing on the same internal network as the payment kiosks. from https://krebsonsecurity.com/2017/07/self-service-food-kiosk-vendor-avanti-hacked/ B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems. The acknowledgment comes just days after KrebsOnSecurity reached out to the company for comment on reports from financial industry sources who said they suspected the cinema chain has been leaking customer credit card data to cyber thieves for the past two years. Headquartered in Gladstone, Missouri, B&B Theatres operates approximately 400 screens across 50 locations in seven states, including Arkansas, Arizona, Florida, Kansas, Missouri, Mississippi, Nebraska, Oklahoma and Texas. In a written statement forwarded by B&B spokesman Paul Farnsworth, the company said B&B Theatres was made aware of a potential breach by a local banking partner in one of its communities. “Upon being notified we immediately engaged Trustwave, a third party security firm recommended to B&B by partners at major credit card brands, to work with our internal I.T. resources to contain the breach and mitigate any further potential penetration,” the statement reads. “While some malware was identified on B&B systems that dated back to 2015, the investigation completed by Trustwave did not conclude that customer data was at risk on all B&B systems for the entirety of the breach.” The statement continued: “Trustwave’s investigation has since shown the breach to be contained to the satisfaction of our processing partners as well as the major credit card brands. B&B Theatres values the security of our customer’s data and will continue to implement the latest available technologies to keep our networks & systems secure into the future.” In June, sources at two separate U.S.-based financial institutions reached out to KrebsOnSecurity about alerts they’d received privately from the credit card associations regarding lists of card numbers that were thought to have been compromised in a recent breach. The credit card companies generally do not tell financial institutions in these alerts which merchants got breached, leaving banks and credit unions to work backwards on their own from those lists of compromised cards back to a so-called “common point-of-purchase” (CPP). In addition to lists of potentially compromised card numbers, the card associations usually include a “window of exposure” — their best estimate of how long the breach lasted. Two financial industry sources said initial reports from the credit card companies said the window of exposure at B&B Theatres was between Sept. 1, 2015 and April 7, 2017. However, a more recent update to this advisory shared by my sources shows that the window of exposure is currently estimated between April 2015 and April 2017, meaning cyber thieves have likely been siphoning credit and debit card data from B&B Theatres customers for nearly two years undisturbed. Malicious hackers can steal credit card data from organizations that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic stripe. Thieves can then use that data to clone the cards and use the counterfeit cards to buy high-priced merchandise from electronics stores and big box retailers. The statement from B&B Theatres made no mention of whether their credit card systems were set up to handle transactions from more secure chip-based credit and debit cards, which are far more difficult and expensive for thieves to counterfeit. Under credit card association rules that went into effect in 2015, merchants that do not have the ability to process transactions from chip-based cards assume full liability for all fraudulent charges on purchases involving chip-enabled cards that were instead merely swiped through a regular mag-stripe reader at the point of purchase. If there is a silver lining in this breach of a major silver screens operator, perhaps it is this: One source in the financial industry told this author that the breach at B&B persisted for so long that a decent percentage of the cards listed in the alerts his employer received from the credit card companies had been listed as compromised in other major breaches and so had already been canceled and re-issued. from https://krebsonsecurity.com/2017/07/bb-theatres-hit-in-2-year-credit-card-breach/ In February 2017, authorities in the United Kingdom arrested a 29-year-old U.K. man on suspicion of knocking more than 900,000 Germans offline in an attack tied to Mirai, a malware strain that enslaves Internet of Things (IoT) devices like security cameras and Internet routers for use in large-scale cyberattacks. Investigators haven’t yet released the man’s name, but news reports suggest he may be better known by the hacker handle “Bestbuy.” This post will follow a trail of clues back to one likely real-life identity of Bestbuy. At the end of November 2016, a modified version of Mirai began spreading across the networks of German ISP Deutsche Telekom. This version of the Mirai worm spread so quickly that the very act of scanning for new infectable hosts overwhelmed the devices doing the scanning, causing outages for more than 900,000 customers. The same botnet had previously been tied to attacks on U.K. broadband providers Post Office and Talk Talk. Security firm Tripwire published a writeup on that failed Mirai attack, noting that the domain names tied to servers used to coordinate the activities of the botnet were registered variously to a “Peter Parker” and “Spider man,” and to a street address in Israel (27 Hofit St). We’ll come back to Spider Man in a moment. According to multiple security firms, the Mirai botnet responsible for the Deutsche Telekom outage was controlled via servers at the Internet address 62.113.238.138. Farsight Security, a company that maps which domain names are tied to which Internet addresses over time, reports that this address has hosted just nine domains. The only one of those domains that is not related to Mirai is dyndn-web[dot]com, which according to a 2015 report from BlueCoat (now Symantec) was a domain tied to the use and sale of a keystroke logging remote access trojan (RAT) called “GovRAT.” The trojan is documented to have been used in numerous cyber espionage campaigns against governments, financial institutions, defense contractors and more than 100 corporations. Another report on GovRAT — this one from security firm InfoArmor — shows that the GovRAT malware was sold on Dark Web cybercrime forums by a hacker or hackers who went by the nicknames BestBuy and “Popopret” (some experts believe these were just two different identities managed by the same cybercriminal). GovRAT has been for sale on various other malware and exploit-related sites since at least 2014. On oday[dot]today, for example, GovRAT was sold by a user who picked the nickname Spdr, and who used the email address [email protected]. Recall that the domains used to control the Mirai botnet that hit Deutsche Telekom all had some form of Spider Man in the domain registration records. Also, recall that the controller used to manage the GovRAT trojan and that Mirai botnet were both at one time hosted on the same server with just a handful of other (Mirai-related) domains. According to a separate report (PDF) from InfoArmor, GovRAT also was sold alongside a service that allows anyone to digitally sign their malware using code-signing certificates stolen from legitimate companies. InfoArmor said the digital signature it found related to the service was issued to an open source developer Singh Aditya, using the email address [email protected]. Interestingly, both of these email addresses — [email protected] and [email protected] — were connected to similarly-named user accounts at vDOS, for years the largest DDoS-for-hire service (that is, until KrebsOnSecurity last fall outed its proprietors as two 18-year-old Israeli men). Last summer vDOS got massively hacked, and a copy of its user and payments databases was shared with this author and with U.S. federal law enforcement agencies. The leaked database shows that both of those email addresses are tied to accounts on vDOS named “bestbuy” (bestbuy and bestbuy2). The leaked vDOS database also contained detailed records of the Internet addresses that vDOS customers used to log in to the attack-for-hire service. Those logs show that the bestbuy and bestbuy2 accounts logged in repeatedly from several different IP addresses in the United Kingdom and in Hong Kong. The technical support logs from vDOS indicate that the reason the vDOS database shows two different accounts named “bestbuy” is the vDOS administrators banned the original “bestbuy” account after it was seen logged into the account from both the UK and Hong Kong. Bestbuy’s pleas to the vDOS administrators that he was not sharing the account and that the odd activity could be explained by his recent trip to Hong Kong did not move them to refund his money or reactivate his original account. A number of clues in the data above suggest that the person responsible for both this Mirai botnet and GovRAT had ties to Israel. For one thing, the email address [email protected] was used to register at least three domain names, all of which are tied back to a large family in Israel. What’s more, in several dark web postings, Bestbuy can be seen asking if anyone has any “weed for sale in Israel,” noting that he doesn’t want to risk receiving drugs in the mail. The domains tied to [email protected] led down a very deep rabbit hole that ultimately went nowhere useful for this investigation. But it appears the nickname “spdr01” and email [email protected] was used as early as 2008 by a core member of the Israeli hacking forum and IRC chat room Binaryvision.co.il. Visiting the Binaryvision archives page for this user, we can see Spdr was a highly technical user who contributed several articles on cybersecurity vulnerabilities and on mobile network security (Google Chrome or Google Translate deftly translates these articles from Hebrew to English). I got in touch with multiple current members of Binaryvision and asked if anyone still kept in contact with Spdr from the old days. One of the members said he thought Spdr held dual Israeli and U.K. citizenship, that he would be approximately 30 years old at the moment. Another said Spdr was engaged to be married recently. None of those who shared what they recalled about Spdr wished to be identified for this story. But a bit of searching on those users’ social networking accounts showed they had a friend in common that fit the above description. The Facebook profile for one Daniel Kaye using the Facebook alias “DanielKaye.il” (.il is the top level country code domain for Israel) shows that Mr. Kaye is now 29 years old and is or was engaged to be married to a young woman named Catherine in the United Kingdom. The background image on Kaye’s Facebook profile is a picture of Hong Kong, and Kaye’s last action on Facebook was apparently to review a sports and recreation facility in Hong Kong. Using Domaintools.com [full disclosure: Domaintools is an advertiser on this blog], I ran a “reverse WHOIS” search on the name “Daniel Kaye,” and it came back with exactly 103 current and historic domain names with this name in their records. One of them in particular caught my eye: Cathyjewels[dot]com, which appears to be tied to a homemade jewelry store located in the U.K. that never got off the ground. Cathyjewels[dot]com was registered in 2014 to a Daniel Kaye in Egham, U.K., using the email address [email protected]. I decided to run this email address through Socialnet, a plugin for the data analysis tool Maltego that scours dozens of social networking sites for user-defined terms. Socialnet reports that this email address is tied to an account at Gravatar — a service that lets users keep the same avatar at multiple Web sites. The name on that account? You guessed it: Spdr01. Daniel Kaye did not return multiple requests for comment sent via Facebook and the various email addresses mentioned here. In case anyone wants to follow up on this research, I highlighted the major links between the data points mentioned in this post in the following mind map (created with the excellent and indispensable MindNode Pro for Mac). from https://krebsonsecurity.com/2017/07/who-is-the-govrat-author-and-mirai-botmaster-bestbuy/ |
ABOUT MEHi my name is Anthony I am 32 years old from Houston. I am working in local store selling electronic devices. I have been interested in eclectronics since childhood and I like to reacd about it. Archives
April 2019
Categories |