Information Technology

Big changes are afoot in the ad-sponsored web, and the browser has become a key battleground for end-user privacy. While Chrome is by far the most widely used browser in the world, there are alternative browsers and ways to improve your privacy when using Chrome.Unfortunately, there’s no easy way yet to ensure total privacy through browsers, according to Dr Lukasz Olejnik, an independent privacy researcher and consultant, who led a large scale study in 2009-2011 that found web browsing histories can be used by online ad companies to fingerprint individual browsers over time. Researchers from Firefox-maker Mozilla emulated his study in 2020 with 52,000 Firefox users, which confirmed Olejnik’s findings. They warned that Google’s and Facebook’s tighter grip on online advertising today makes the practice of re-identification through browsing histories an even more pressing privacy problem today. ZDNet sought some exert tips from Olejnik, who these days is working on privacy-related specifications for the World Wide Web Consortium (W3C), including those connected to Google’s controversial Privacy Sandbox in Chrome and its related FLoC (Federated Learning of Cohorts) substitute for third-party cookies, which Google plans to block in 2022. FLoC is being trialed now with some Chrome users in the US and other markets except Europe, where Google recently admitted FLoC might not be compatible with the EU’s General Data Protection Regulation (GDPR).  But FLoC won’t solve the problem of browser fingerprinting. “Fingerprinting is here to stay and the removal of third-party cookies indeed does not impact on this technique,” says Olejnik. 

Easy to install, a burden to manage

In the past, security-conscious people advised others to disable JavaScript in the browser, but Olejnik tells ZDNet this is a sledgehammer approach for the web today. “Disabling JavaScript today is a no-go because almost every website depends on it. Disabling it would make the web essentially unusable,” says Olejnik.  One example is that today Google won’t let users who disable JavaScript to sign in to Google Accounts such as Gmail and YouTube.His recommended workaround for people wanting more privacy is to install the NoScript extension for Firefox, Chrome and Chromium-based browsers like the new Microsoft Edge. NoScript offers a more selective way to deal with invasive scripts and malware attacks that rely on JavaScript.   “In very simple ways users may easily decide which websites would be able to include what component, executing JavaScript or not,” he says. However, he warns NoScript may be “quite cumbersome” since it takes time to click-through to decide which websites should be allowed what. “But it is worth it,” he adds.  “Disabling scripting on weird or random sites is the biggest impact. Scripting is responsible for most of the most important privacy risks. It is also responsible for the delivery of some web browser exploits. So not having scripting on by default may actually save you from being hacked,” says Olejnik.   Of course, there are other approaches users can take too, including using a browser other than Chrome. To this end, Olejnik suggests it is wise to use several browsers for different tasks.Pros:   Freely available for Firefox, Chrome and Chromium-based browsers    Protects against the most common privacy and security threats on the web   Doesn’t collect your web history Cons:   A bit cumbersome to set up the allow list

View Now at NoScript

NoScript Chrome Extension

Is this really the most privacy-focused browser?

Brave is a Chromium-based browser that by default blocks ads, fingerprinting and ad-trackers. Brave in February announced it had passed 25 million monthly active users, which is still a fraction of Chrome’s 2 billion users across desktop and mobile. Brave’s business model relies on privacy-protecting ads that can pay publishers and users with Basic Attention Tokens (BAT) when users pay attention to ads. It also recently acquired Tailcat to launch Brave Search, so it can provide a privacy-focussed alternative to Google Chrome and Google Search.  The Chromium-based browser is headed up by Brendan Eich, a key designer of the JavaScript programming language and a co-founder of Mozilla and Firefox. Brave’s privacy record isn’t unblemished. Eich in 2020 apologized to customers after being caught sharing default autocomplete answers with an affiliate cryptocurrency exchange. Still, a recent study by Professor Douglas J. Leith at Trinity College at the University of Dublin rated Brave as the most private browser over Google Chrome, Mozilla Firefox, Apple Safari, and Chromium-based Microsoft Edge.Leith looked at how much browsers communicate to each browser maker’s backend servers. Brave did not use any identifiers allowing the IP addresses to be tracked over time, and did not share details of web pages visited with its backend servers. By contrast Chrome, Firefox and Safari tagged telemetry data with identifiers linked to each browser instance. Brave has removed a ton of Google code from its version of Chromium to improve user privacy and has also come out hard against Google’s FLoC ID proposal, which is beginning to roll out to Chrome users but will not been enabled in Brave.  Brave has several privacy-enhancing settings with options to block third-party ad trackers, a toggle for upgrading unsecured connections to HTTPS, cookie blocking and fingerprinting blocking. Users can adjust these in Settings with in the Shields and Privacy and security sections.     Despite alarm over FLoC, Olejnik says it is preferable to third-party cookies from a privacy standpoint, but he’s holding off judgement until he sees the final design. FLoC is a type of fingerprint designed to replace third-party cookies. In this scheme, Google assigns a FLoC ID to clusters of Chrome users with similar interests, allowing for some privacy by letting individuals ‘hide within crowds’, as Google put it, while still delivering targeted ads to advertisers. Still, Olejnik found the initial implementation of FLoC can leak users web browsing histories, so taking cover in the crowd might not actually work as intended yet.”If I had to choose between third-party cookies or FLoC, I would choose FLoC. But it all depends on the final design and configuration. Care must be exerted in the design to avert the risk of data leaks,” Olejnik says. “In my tests of the initial version, I verified that leaks of web browsing histories are indeed possible. But I am sure that the final solution would have to have some privacy settings designed and implemented. In current testing FloC, this is not the case.”Pros:   Privacy-focussed by default    Not in the traditional online ad business   A fast experience Cons:   No obvious negatives but issues in the past show it is not perfect

View Now at Brave

Probably the best privacy-preserving browser on the web

Chrome’s security and patching make it the most secure browser available today, but when looking solely at privacy, Olejnik rates Mozilla Firefox as the best of the pack. So, for those using a multi-browser strategy to improve privacy, Firefox is a must-have. One of Firefox’s most important privacy features is Enhanced Tracking Protection. Mozilla has also borrowed Tor techniques to block browser fingerprinting and, despite its declining monthly active user numbers (it’s at 220 million today, down from 250 million a year ago), Firefox developers are on a constant quest to improve tracking-prevention features, such as its work on browser data storage that can be used for tracking users across the web, which goes beyond just stored cookies and targets multiple caches.  Firefox is rich with choices to customize the browser for privacy by typing about:preferences#privacy in the address bar. The “standard” Enhanced Tracking Prevention blocks social media trackers, cross-site tracking cookies, and blocks tracking in private windows, cryptominers, and fingerprinting scripts. There is a “strict” mode too that might break some sites, but there are ways to whitelist Enhanced Tracking Protection for trusted sites. And for those with the time, Mozilla provides a way to customize the privacy feature.    The other option for Firefox fans is Firefox Focus, a privacy-focussed browser for iOS and Android that blocks ad trackers and has a built-in ad blocker.    And if you’re against Chrome’s FLoC, Mozilla this week told Digiday that it too would oppose the fingerprinting technique and won’t be implementing it in Firefox.   “We are currently evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time,” a Mozilla spokesperson said.”We don’t buy into the assumption the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising,” they added. Pros:   Firefox has invested a lot into Enhanced Tracking Prevention    No interest in profiting from online ads   Trusted by 220 million users Cons:  Despite a major overhaul Firefox is still losing users  Mozilla is pushing its read-it-later service Pocket through Firefox 

View Now at Mozilla

Is an extension from a privacy search engine the answer?

DuckDuckGo, a privacy-focused search engine, is a vocal supporter of consumer’s privacy rights and in January hit a milestone of reaching 100 million user search queries in a day.DuckDuckGo and the rise of encrypted messaging app Signal, shows there is a growing appetite for privacy-focussed alternatives to tech giants like Facebook and Google. Still, DuckDuckGo’s daily search numbers are minuscule compared to Google’s five billion daily search queries. DuckDuckGo’s Privacy Essentials extension for Chrome, Firefox and Microsoft’s new Edge has been installed by four million Chrome users. Its reputation is built on the idea it does not collect user data but can provide the same search results as those that do collect user data. In a seeming reaction to Google’s unchallenged dominance in search, some browser makers such as the To web-anonymizing project, made DuckDuckGo the default search engine to ship with its Firefox-based browser. DuckDuckGo was founded by entrepreneur Gabriel Weinberg as a self-funded project in 2008. The DuckDuckGo extension was also quick to block Google’s FLoC fingerprinting identifier.  And the company is a founding member of the Global Privacy Control (GPC) standard (which is still being hashed out) as an answer to consumer privacy protections under the California Consumer Protection Act (CCPA) and Europe’s General Data Protection Regulation (GDPR).But it is browser extension and, like all software, there are vulnerabilities that crop up. In March, researchers discovered a cross-site scripting flaw in the DuckDuckGo Privacy Essentials that could allow an attacker to observe all websites that the user is visiting. Fortunately DuckDuckGo fixed the flaw fairly swiftly for both Chrome and Firefox.  ProsSupported on Chrome, Chromium-based browsers and FirefoxDuckDuckGo appears to have a solid commitment to user privacy If you don’t like FLoC, it blocks it automaticallyConsIt’s a software extension and that creates another avenue for security flaws to creep in 

View Now at DuckDuckGo

The wild card for online privacy

Microsoft Edge, being based on Google’s Chromium project, is now available for Windows 10, macOS and  Linux. Microsoft was rated the worst browser for privacy by Professor Leith because of how often it sent identifiers, including IP address and location data to Microsoft servers — even worse than Google Chrome. Microsoft told ZDNet it was just diagnostic data that can be easily disassociated from the device ID. Microsoft confessed its collection does include information about websites visited but said this information is not used to track users browsing history or URLs specifically tied to the user. Windows 10 telemetry data collection shows Microsoft can be clumsy on privacy despite Microsoft president Brad Smith’s principled statements on the use of facial recognition in public arenas. Microsoft also has an interesting take on Google’s FLoC. A Microsoft spokesperson told ZDNet it does not support fingerprinting because users can’t consent to it. It is however developing its own alternative to FLoC called PARAKEET, which has similar goals to FLoC, like retargeting browsers over time.”Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That’s also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. Recently, for example, we were pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the final iteration but is an evolving document,” Microsoft said.Microsoft PARAKEET proposal says it supports an “ad-funded web because we don’t want to see a day where all quality content has moved behind paywalls, accessible to only those with the financial means.”While Microsoft’s Bing search engine may not be widely-used, it does own LinkedIn and that brand’s online ad division brought in $2.58 billion in revenue in quarter ending December 2020 quarter, up 23% year on year, making up about 5% of Microsoft’s total $43.1 billion in revenue for that quarter. Microsoft has never claimed to be a guardian of end-user privacy but it does at least provide a support page explaining what data Edge collects and why Microsoft collects it. Pros:   It’s not Google Chrome    Edge is gaining new features rapidly Cons:  It has a burgeoning online advertising business  Microsoft’s position on FLoC is ambiguous 

View Now at Microsoft

Are there other browsers worth considering?

Another great choice for improving your privacy on the web is the Tor browser, which is based on Mozilla’s Firefox Extended Support Release (ESR). It’s been tweaked to help users use the Tor anonymizing network — a collection of distributed nodes versus a more centralized design like a VPN service. The Tor browser’s default search engine is DuckDuckGo.While it isn’t a mainstream browser choice, the Tor browser is a well-regarded browser for people who don’t want to be tracked across the web and it gets updated on a monthly basis by the Tor Project. However, page loads in the Tor browser can be slower and some sites might not work due to the architecture of the Tor network. Using the Tor browser for Google Search, for example, might require going through additional CAPTCHA challenges to prove you’re not a bot. Page loads are also noticeably slower on streaming services like Netflix. Nonetheless, the Tor browser is worthy addition for people who use multiple browsers to get life done on the web.   

ZDNet Recommends More

Credit: Microsoft
Just weeks after announcing plans to shut down its Azure Blockchain as a Service offering, Microsoft is back with another Blockchain-powered take on the idea with its Azure Confidential Ledger service. Microsoft officials took the wraps off the public preview of Azure Confidential Ledger on the first day of its virtual Build 2021 developer conference on May 25.

Microsoft Build 2021

Azure Confidential Ledger, like the Azure Blockchain Service, builds on the idea that blockchain is a distributed ledger. Microsoft’s Azure Confidential Ledger (ACL) adds an extra layer of security and scalability on top of blockchain. ACL uses the Azure Confidential Computing Platform, meaning an instance of ACL runs in a dedicated and fully attested hardware-backed enclave. ACL is built on top of the Confidential Consortium Framework (CCF), which Microsoft officials showed off publicly in 2017. At that time, officials said the Coco (short for “confidential consortium”) Framework was meant to work with any ledger protocol and work on any operating system and hypervisor that supports a compatible Trusted Execution Environment (TEE), or secure area of a processor. The Framework was designed to be used on-premises and/or in various vendors’ clouds, officials said. Microsoft officials said ACL works well when users need audit logging and tracking of highly sensitive admin operations. They suggested that healthcare, financial and retail, information technology, supply chain monitoring and any business where contracts and deeds need to be exchanged securely would all be good candidates for ACL. I asked Microsoft if ACL should be considered the replacement for Azure Blockchain as a Service and got no direct reply. Instead, a spokesperson said “We are asking (Azure Blockchain Service) customers to transition to the ConsenSys Quorum Blockchain Solution. As industry dynamics have changed, we made the decision to shift our focus from a product-oriented offering to a partner-oriented solution.”  Update (May 25). And here’s the direct reply on positioning of ACL, courtesy of a spokesperson:”Azure Confidential Ledger doesn’t replace Azure Blockchain Service but is another distributed ledger that can be used by customers who want the maximum level of privacy afforded to them. With Azure Confidential Ledger, customers can take advantage of Azure’s Confidential Computing to harness the power of secure enclaves when setting up the distributed blockchain network. In comparison, ConsenSys Quorum Blockchain Service is built on ConsenSys Quorum, an open source technology that is fully compatible with Azure Blockchain Service and will provide a seamless migration experience for users.”  More

Attacks on control processes, such as systems in industrial settings, are on the rise with common and unsophisticated methods being employed to compromise them. 

On Tuesday, FireEye’s Mandiant cyberforensics team released a report exploring attack rates on control processes, particularly those supported by operational technology (OT). While control process attacks may have once been viewed as complex due to access requirements, the need for malware designed to compromise proprietary industrial technologies, or the task itself of disrupting a control process to create a predictable effect, vulnerable, internet-facing OT endpoints are now offering a wider attack surface. Mandiant’s Keith Lunden, Daniel Kapellmann Zafra, and Nathan Brubaker said that there is an increasing frequency of “low sophistication” OT attack attempts and the firm has observed hackers with “varying levels of skill and resources” using “common IT tools and techniques to gain access to and interact with exposed OT systems.” Solar energy panel networks, water control systems, and building automation systems (BAS) have been targeted, and while critical infrastructure entities are on the list, the same techniques are being used against academic and private residency internet-of-things (IoT) devices, too.  According to the team, the general trend against OT systems appears to be based on attackers trying to wrestle control of vast numbers of open endpoints for “ideological, egotistical, or financial objectives,” rather than a wish to cause severe damage — such as by taking control of a core infrastructure asset.  Over the past few years, the researchers have observed OT assets becoming compromised through a variety of methods, including remote access services and virtual network computing (VNC). 

However, the “low-hanging fruit” many attackers are going for are graphical user interfaces (GUI) — including human machine interfaces (HMI) — which are, by design, intended to be simple user interfaces for controlling complex industrial processes. As a result, threat actors are able to “modify control variables without prior knowledge of a process,” Mandiant says.  Another trend of note is hacktivism, propelled by widely available and free tutorials online. Recently, the researchers have seen hacktivist groups bragging in anti-Israel/pro-Palestine social media posts that they have compromised Israeli OT assets in the renewable and mining sectors.  Other low-skilled threat actors appear to be focused on notoriety, however, with little knowledge of what they are targeting.  In two separate cases, threat actors bragged about hijacking a German rail control system — only for it to be a command station for model train sets — and in another, a group claimed they had broken into an Israeli “gas” system, but it was nothing more than a kitchen ventilation system in a restaurant.  Despite these gaffes, however, successful attacks against critical OT assets can have serious ramifications. After all, we only need to consider the panic-buying and fuel shortages across the US caused by the ransomware outbreak at Colonial Pipeline as an example.  “As the number of intrusions increase, so does the risk of process disruption,” Mandiant says. “The publicity of these incidents normalizes cyber operations against OT and may encourage other threat actors to increasingly target or impact these systems. This is consistent with the increase in OT activity by more resourced financially-motivated groups and ransomware operators.” The researchers recommend that whenever it is possible, OT assets should be removed from public, online networks. Network hardening, security audits including device discovery should be conducted on a frequent basis, and HMIs, alongside other assets, should be configured to prevent potentially hazardous variable states.  The risk of OT compromise has not gone unnoticed by federal agencies. In July, the US National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning of attacks against critical infrastructure through vulnerable OT.   The agencies said legacy OT devices, internet connectivity, and modern attack methods have created a “perfect storm.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyberattacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident.The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast’s fuel – caused disruption to operations and led to gas shortages, demonstrating how cyberattacks can have physical consequences.

ZDNet Recommends

Colonial paid almost $5 million for the key required to unlocked the encrypted systems.SEE: Network security policy (TechRepublic Premium)The significant disruption caused by the attack and the high cost of the ransom payment appears to have been a wake-up call for organisations – a new report by IT association ISACA suggests that just over two-thirds (67%) of IT professionals expect their organisations to take new precautions in light of the Colonial Pipeline attack. Ransomware has been a major cybersecurity threat for some time and shows no sign of slowing down: 84% of those surveyed by ISACA said they believe ransomware attacks will become more prevalent during the second half of 2021.”The growth of this attack type is relentless, and its targets are indiscriminate: large or small, public or private, any and all industry sectors,” said Chris Cooper, member of ISACA’s emerging trends working group.

“From the recent Colonial Pipeline attack to the Metropolitan DC Police Department and numerous small and medium enterprises, there has been a barrage of high-profile ransomware incidents around the globe in the past month alone,” he added.But despite the ransomware threat, 38% of respondents say their company has not conducted any ransomware training for their staff, something that could potentially lead to issues in the event of a ransomware attack – or even lead to a ransomware attack itself.SEE: Ransomware just got very real. And it’s likely to get worseTo help protect against ransomware attacks, ISACA has several recommendations for organisations to take.They include testing for incoming phishing attacks, in order to prevent malicious emails that could be the first step in a ransomware campaign from arriving in inboxes, preventing the email from becoming a risk to users and the wider company in the first place.Organisations should also apply security patches on a timely basis in order to prevent cyber criminals from exploiting known vulnerabilities as a means of compromising the network.MORE ON CYBERSECURITY More

The Agrius hacking group has shifted from using purely destructive wiper malware to a combination of wiper and ransomware functionality — and will pretend to hold data to ransom as a final stage in attacks. 

In an analysis of the threat group’s latest movements, SentinelOne researchers said on Tuesday that Agrius was first spotted in attacks against Israeli targets in 2020. The group uses a combination of its own custom toolsets and readily available offensive security software to deploy either a destructive wiper or a custom wiper-turned-ransomware variant.  However, unlike ransomware groups such as Maze and Conti, it doesn’t appear that Agrius is purely motivated by money — instead, the use of ransomware is a new addition and a bolt-on to attacks focused on cyberespionage and destruction.  Furthermore, in some attacks traced by SentinelOne when only a wiper was deployed, Agrius would pretend to have stolen and encrypted information to extort victims — but this information had already been destroyed by the wiper.  Agrius “intentionally masked their activity as a ransomware attack,” the researchers say, while actually engaging in destructive attacks against Israeli targets.  The researchers suspect the group is state-sponsored. 

During the first stages of an attack, Agrius will use virtual private network (VPN) software while accessing public-facing apps or services belonging to its intended victim before attempting an exploit, often through compromised accounts and software vulnerabilities.  For example, a vulnerability in FortiOS, tracked as CVE-2018-13379, has been widely used in exploit attempts against targets in Israel.  If successful, webshells are then deployed, public cybersecurity tools are used for credential harvesting and network movement, and malware payloads are then deployed.  Agrius’ toolkit includes Deadwood (also known as Detbosit), a destructive wiper malware strain. Deadwood was linked to attacks against Saudi Arabia during 2019, thought to be the work of APT33.  Both APT33 and APT34 have been connected to the use of wipers including Deadwood, Shamoon, and ZeroCleare.  During attacks, Agrius also drop a custom .NET backdoor called IPsec Helper for persistence and to create a connection with a command-and-control (C2) server. In addition, the group will drop a novel .NET wiper dubbed Apostle. IPsec Helper and Apostle appear to be the work of the same developer.  In a recent attack against a state-owned facility in the United Arab Emirates, Apostle appears to have been improved and modified to contain functional ransomware components. However, the team believes it is the destructive elements of ransomware — such as the ability to encrypt files — rather than the financial lure that Agrius is focusing on during development.  “We believe the implementation of the encryption functionality is there to mask its actual intention — destroying victim data,” the researchers say. “This thesis is supported by an early version of Apostle that the attacker’s internally named ‘wiper-action’. This early version was deployed in an attempt to wipe data, but failed to do so possibly due to a logic flaw in the malware. The flawed execution led to the deployment of the Deadwood wiper. This, of course, did not prevent the attackers from asking for a ransom.” SentinelOne says that no “solid” connections to other, established threat groups have been made, but due to Agrius’ interests in Iranian issues, the deployment of web shells with ties to Iranian-built variants, and the use of wipers in the first place — an attack technique linked to Iranian APTs as far back as 2002 — indicate the group is likely to be of Iranian origin. 

Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

An investigation into the Hydra marketplace has revealed surging transaction volumes and a thriving — albeit illicit — cryptocurrency ecosystem.  On Tuesday, Flashpoint and Chainalysis jointly released a report into Hydra, a marketplace in the dark web.  At its inception in 2015, Hydra was well-known for the sale of narcotics, but as time has gone on, the market has expanded to include stolen credit card data, counterfeit documents including IDs, fake banknotes, and cyberattack services, among other offerings.  Annual transaction volumes have climbed year-over-year, going from an estimated $9.4 million in 2016 to at least $1.37 billion in 2020.  Cryptocurrency is often used by cybercriminals in underground marketplaces to maintain a degree of anonymity and purchase goods and launder proceeds, such as funds obtained through theft, illegal goods sales, or ransomware payouts. However, the underlying blockchain technology, as analyzed by the researchers, can still reveal something about transaction rates. The team says that in its three most recent years, Hydra has grown by roughly 624% year-over-year, making it potentially one of the more popular criminal marketplaces at present.  The market, which only serves Russian speakers, has managed to avoid more than a short period of downtime or seizure by law enforcement — at least, for now. 

Hydra keeps its users in line and has stringent seller requirements, which could be an important aspect of the marketplace’s illicit success. Since at least July 2018, Hydra operators have demanded that at least 50 successful sales are made before withdrawals are allowed, and an eWallet account containing at least $10,000 has to be maintained.  When it comes to the cryptocurrency exchanges handling transactions to and from Hydra, Chainalysis deems many “high-risk” as they do not enforce Know Your Customer (KYC) regulations. Most are located in Russia, and overall, only a small percentage of transactions are funneled through cryptocurrency platforms generally associated with legitimate trading.  Over 1,000 unique deposit addresses and transactions upwards of $7 million, thought to be linked to Hydra, have been recorded.  Withdrawals, too, are set through payment services and exchanges “exclusively or primarily based in Russia and [in] Russian-friendly Eastern European countries,” according to the report. Hydra requires sellers to convert their profits into fiat, Russian currency. 

Despite the iron fist imposed on sellers, Hydra accounts are still highly sought after. The researchers say a new sub-market has sprung up in recent times to obtain access to established seller accounts, as well as users attempting to skirt around Hydra’s fiat currency withdrawal requirements — just for a cut of the profit. Stores are being sold for up to $10,000.  Law enforcement agencies have seized and closed down dark web marketplaces ranging from Silk Road to DarkMarket. However, at least for now, Hydra continues to facilitate the sale of illegal goods and services.  In January, Europol took down DarkMarket, a platform facilitating traders between roughly half a million users. An Australian citizen, suspected of being the website’s operator, has since been arrested.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A drug dealer’s enjoyment of Blue Stilton cheese led to his capture and a sentence of over 13 years in prison.  Carl Stewart, a Liverpool resident, was identified after he shared an image of cheese purchased at a UK supermarket.  The 39-year-old shared his delight in the purchase over Encrochat, an encrypted messaging service, under the handle “Toffeeforce.” However, in his glee, he did not realize that the photo provided vital clues to the police — namely, fingerprints which were then analyzed by investigators. 
Merseyside Police
Merseyside police say that Stewart was a drug dealer who used to supply “large amounts” of class A and B drugs. 

Stewart was identified and arrested. He pleaded guilty to conspiracy to supply cocaine, heroin, MDMA, and ketamine, as well as the charge of transferring criminal property. The former drug dealer was sentenced at Liverpool Crown Court on May 21 to 13 years and six months in prison.  “Carl Stewart was involved in supplying large amounts of class A and B drugs, but was caught out by his love of Stilton cheese, after sharing a picture of a block of it in his hand through Encrochat,” commented Detective Inspector Lee Wilkinson. “His palm and fingerprints were analyzed from this picture and it was established they belonged to Stewart.”

Stewart is the latest to be prosecuted following “Operation Venetic,” an investigation into the use of Encrochat by criminal groups to avoid being identified.  Encrochat, closed down by the police in July last year when its servers were seized, provided encrypted, instant messaging and mobile phones based on a subscription and custom operating system.  Agencies have been working since 2016 to close the operation down, and after partners in France and the Netherlands infiltrated the platform, data shared across the network was monitored for months and has since been handed over to Europol and international law enforcement. The UK’s National Crime Agency (NCA) says that roughly 60,000 users have been identified worldwide and approximately 10,000 of them are based in the country.  Merseyside police claim that “all” of these users are involved in “coordinating and planning the supply and distribution of drugs and weapons, money laundering and other criminal activity.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Does it feel like you’ve been updating your iPhone continuously for weeks now? That’s because you have! And now iOS 14.5 has given way to iOS 14.6, so it’s time to go through the whole process again.iOS 14.6 brings a number of new features:The ability to share Apple Card with up to five people (13 years and up), with features added to track expenses, manage spending with optional limits and controls. Each person also builds a credit history.For podcasts, there’s now subscription options for channels and individual shows.On the AirTag and Find My front, Apple has added an option to Lost mode to add an email address instead of a phone number for AirTag and Find My network accessories. Another updates that now AirTag will show a partially masked phone number when tapped with an NFC-capable device.A new feature added to accessibility allows Voice Control users to unlock their iPhone for the first time after a restart using only their voice.There is also a raft of se fixes:Unlock with Apple Watch may not work after using Lock iPhone on Apple WatchReminders may appear as blank linesCall blocking extensions may not appear in SettingsBluetooth devices could sometimes disconnect or send audio to a different device during an active calliPhone may experience reduced performance during startup

That last one is interesting, and may be the reason behind the poor benchmark performance for some handsets running iOS 14.5.1.There are also over 30 security fixes contained in this update, and while none seem to be being actively used by attackers, this update isn’t something that you should put off installing for too long.Grab those updates by going to Settings > General > Software Update.Also out is iPadOS 14.6, watchOS 7.5, tvOS 14.6, macOS Big Sur 11.4, Safari 14.1.1, as well as security updates for macOS Mojave and Cataline.Better get busy updating!

Apple Event More