Information Technology

A drug dealer’s enjoyment of Blue Stilton cheese led to his capture and a sentence of over 13 years in prison.  Carl Stewart, a Liverpool resident, was identified after he shared an image of cheese purchased at a UK supermarket.  The 39-year-old shared his delight in the purchase over Encrochat, an encrypted messaging service, under the handle “Toffeeforce.” However, in his glee, he did not realize that the photo provided vital clues to the police — namely, fingerprints which were then analyzed by investigators. 
Merseyside Police
Merseyside police say that Stewart was a drug dealer who used to supply “large amounts” of class A and B drugs. 

Stewart was identified and arrested. He pleaded guilty to conspiracy to supply cocaine, heroin, MDMA, and ketamine, as well as the charge of transferring criminal property. The former drug dealer was sentenced at Liverpool Crown Court on May 21 to 13 years and six months in prison.  “Carl Stewart was involved in supplying large amounts of class A and B drugs, but was caught out by his love of Stilton cheese, after sharing a picture of a block of it in his hand through Encrochat,” commented Detective Inspector Lee Wilkinson. “His palm and fingerprints were analyzed from this picture and it was established they belonged to Stewart.”

Stewart is the latest to be prosecuted following “Operation Venetic,” an investigation into the use of Encrochat by criminal groups to avoid being identified.  Encrochat, closed down by the police in July last year when its servers were seized, provided encrypted, instant messaging and mobile phones based on a subscription and custom operating system.  Agencies have been working since 2016 to close the operation down, and after partners in France and the Netherlands infiltrated the platform, data shared across the network was monitored for months and has since been handed over to Europol and international law enforcement. The UK’s National Crime Agency (NCA) says that roughly 60,000 users have been identified worldwide and approximately 10,000 of them are based in the country.  Merseyside police claim that “all” of these users are involved in “coordinating and planning the supply and distribution of drugs and weapons, money laundering and other criminal activity.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Does it feel like you’ve been updating your iPhone continuously for weeks now? That’s because you have! And now iOS 14.5 has given way to iOS 14.6, so it’s time to go through the whole process again.iOS 14.6 brings a number of new features:The ability to share Apple Card with up to five people (13 years and up), with features added to track expenses, manage spending with optional limits and controls. Each person also builds a credit history.For podcasts, there’s now subscription options for channels and individual shows.On the AirTag and Find My front, Apple has added an option to Lost mode to add an email address instead of a phone number for AirTag and Find My network accessories. Another updates that now AirTag will show a partially masked phone number when tapped with an NFC-capable device.A new feature added to accessibility allows Voice Control users to unlock their iPhone for the first time after a restart using only their voice.There is also a raft of se fixes:Unlock with Apple Watch may not work after using Lock iPhone on Apple WatchReminders may appear as blank linesCall blocking extensions may not appear in SettingsBluetooth devices could sometimes disconnect or send audio to a different device during an active calliPhone may experience reduced performance during startup

That last one is interesting, and may be the reason behind the poor benchmark performance for some handsets running iOS 14.5.1.There are also over 30 security fixes contained in this update, and while none seem to be being actively used by attackers, this update isn’t something that you should put off installing for too long.Grab those updates by going to Settings > General > Software Update.Also out is iPadOS 14.6, watchOS 7.5, tvOS 14.6, macOS Big Sur 11.4, Safari 14.1.1, as well as security updates for macOS Mojave and Cataline.Better get busy updating!

Apple Event More

Image: APH
The head of the Australian Security Intelligence Organisation (ASIO), Mike Burgess, has lashed out at tech giants for running interference and handing a free pass to Australia’s adversaries and “some of the worst people in our society”. “Through the use of encryption social media and tech companies are, in effect, creating a maintaining a safe space for terrorists and spies,” Burgess told Senate Estimates on Tuesday. “It’s extraordinary how corporations that suck up and sell vast amounts of personal data without a warrant or meaningful oversight can cite a right to privacy to impede a counterterrorism investigation by an agency operating with a warrant or rigorous oversight.” Unlike his counterparts at the Australian Criminal Intelligence Commission, Burgess did not go so far as to rule out all legitimate reasons for using encryption. “Encryption is a fundamental force for good as a society, we need to be able to shop, bank, and communicate online with confidence. But even a force for good can be hijacked exploited and abused,” the director-general said. “In the case of encryption, we need to recognise how it is being used by terrorist and spies. End to end encryption is degrading our ability to protect Australia and Australians from threats, from the greatest threats.” In the recent federal Budget, ASIO walked away with a 10-year, AU$1.3 billion funding boost.

Burgess said the cash would go towards “connecting the dots” via data analytics, machine learning, and artificial intelligence across a number of areas including language recognition, voice to text, language translation, image recognition, and sentiment monitoring. “Most important need for my people is to have the technologies support them in the job they do, so this will continue to be human-led, data-driven, technology-enabled,” he said. Earlier in the day, the Australian Federal Police (AFP) faced questioning on ACT Policing accessing metadata unlawfully on 1,704 occasions. Deputy commissioner Ian McCartney said the incidents were reported by the AFP, and it has started to rectify the process issues in the past couple of years. “We’ve agreed with all of the recommendations and we’re working with the Ombudsman in terms of implementation those recommendations, and we’ll report regularly back to the Ombudsman in relation to that issue,” McCartney said. The deputy commissioner then offered a lack of officer education and complex legislation as playing into the situation. “I think it’s fair to say our young investigators in the AFP, the complexity of legislation they face, and that the government’s apparatus around that is quite large, so there is an onus on the organisation which we take very seriously, to provide that education back, particularly, to our young investigators,” he said. McCartney said the requests were location requests, and therefore, were unlikely to pervert the course of justice and confined to the ACT Policing arm of the organisation. Following the Ombudsman’s investigation, compliance for ACT Policing now sits within the AFP compliance area, as well as establishing an inspectorate within its professional standards command. “We will generate a lot of our own audits — that perhaps in the past we’ve relied a little bit on the Ombudsman to do some of these — we’re going to be front-running a lot of those matters to make sure that we’re compliant on all fronts,” AFP commissioner Reece Kershaw said. Related Coverage More

Image: Getty Images
Almost 70% of Australians, regardless of their age, are concerned about their privacy when using new technology, according to a survey conducted by the Australian Communications and Media Authority (ACMA). “Such deep immersion in the online world also brings with it a range of risks and challenges — from privacy and security concerns to exposure to misinformation and disinformation, scams, online bullying, and other harms,” ACMA said. This finding arose as part of two new reports that were released by ACMA on Tuesday. The first report [PDF] provides data about the digital preferences of Australians aged 65 or over, while the second report [PDF] looks at same type of data for Australians in the 18 to 34-year-old age bracket. Both reports are aimed at providing snapshots of Australia’s digital usage and uses findings from ACMA-commissioned research undertaken by the Social Research Centre, which consisted of interviews with thousands of Australians from December 2019 to June 2020. In the first report, ACMA said Australians aged 65 or older have been connecting to the internet more than ever before, with 93% of these Australians having internet access in their homes as of June 2020. By comparison, in 2017, only 68% of these Australians had home internet access. Australians aged 65 and older are also using more devices, with the proportion of older people using five or more types of devices to go online, growing from 6% to 26% over the past four years. In a report published last month, ACMA said the use of social media by people aged 75 and over doubled from 18% to 41% from June 2019 to June 2020, which the report attributed to Australia’s COVID-19 restrictions.While the behaviours of people aged 65 or older have changed considerably, older people’s views of the digital world remain circumspect as 80% still feel overwhelmed by technological change. 72% of these Australians also feel unmotivated to find out more about these technologies, which is only a slight decrease from the 74% figure recorded in 2017.

According to the report, most Australians in the 65-and-over age bracket are engaging in online environments due to perceived or actual necessity, rather than doing so because they believe there are benefits to going online. “This research suggests that older people may be feeling somewhat ‘forced’ online — a situation that may have been accelerated by the pandemic, but also by the increasing digitisation of life in general,” ACMA said. Only 34% of Australians in this age bracket believe technology has given them more control over their lives. By comparison, 66% of the people in the 18 to 34-year-old age bracket felt that computers and technology gave them more control over their lives. This higher level of positivity about technology translated to almost half of Australians in the 18 to 34-year-old age bracket using five or more types of devices to go online as of June 2020, which is up from 30% in 2017. In addition, almost two-thirds of young people used, on average, five or more social networking sites or apps, compared to just over one-fifth of other Australians. Across the board, mobile phones were the most common device used by both young and older Australians to access the internet as of June 2020. After mobile phones, the second most used device to connect to the internet for younger Australis was laptops, while for older Australians, it was tablets. Looking at how Australians use the internet, almost 95% of Australians aged 65 and over now use email, while banking, viewing video content, and buying goods and services online have increased substantially over the past four years, where more than 60% of this demographic went online to perform these activities at least once during the first six months of 2020. Meanwhile, for Australians aged from 18 to 34, more than 90% of this demographic used the internet to perform all of these activities. Earlier this year, the Australian Bureau of Communications, Arts and Regional Research (BCARR) found that almost the same number of Australians now watch content from over-the-top (OTP) streaming services, like Netflix and Amazon Prime, when compared to those who watch free-to-air (FTA) television. As of the end of last year, 70% of Australians watched OTP content, which is almost triple the amount from 2016. By comparison, Australians have continued to watch less FTA television. In 2016, 90% of Australians consumed FTA content but this has since dropped to 82.5%. Related Coverage More

After pinning the cost of keeping Australia’s COVIDSafe app running at AU$100,000 a month in March, DTA CEO Randall Brugeaud has said the agency is almost halving its previous estimate. “I estimated AU$100,000 per month to host COVIDSafe at the last hearing, that has ended up at AU$75,094.98 per month. And we’ve made a number of performance improvements to the app over the last couple of months, which should see that sitting at about AU$60,000 per month from the first of July,” he said on Monday. “There’s been a range of tuning efforts that we’ve applied, quite considerable improvement on the backend, which is the COVIDSafe National Data Store and how the data is stored as the app is in operation.” The total cost to build and operate the app was now sitting at AU$7,753,863.38 including GST, the DTA CEO said. To the end of January, that figure was AU$6,745,322.31. “That includes a combination of development, which is the actual build of the app, and the hosting of the app. So the breakdown is, for the development of the app, AU$5,844,182.51 and the hosting is AU$901,139.80,” Brugeaud said in March. On Monday, Brugeaud also said the app had picked up 567 close contacts not found through my manual contact tracing, a large increase on the previous number of 17 contacts, and there has been 779 uploads to the National Data Store since inception last year. When introduced, Prime Minister Scott Morrison said the app would be digital sunscreen. DPS attackers tried to brute-force on MobileIron kit

Providing a little more detail on the March outage at Parliament House, Senate President Scott Ryan said the MobileIron equipment in the parliamentary network was targeted. “A malicious actor sought to access DPS network accounts through MobileIron devices using unsophisticated, brute-force tradecraft. The malicious activity lasted just under 24 hours. It was unsuccessful, and DPS networks were not compromised,” Ryan said on Monday. “Appropriate network controls were implemented, which ensured that accounts were locked down, preventing compromise. Those controls were successful in blocking the malicious actor but also impacted legitimate users’ ability to access DPS networks for several days while even more rigorous IT security arrangements were implemented.” Those controls involved taking the existing solution offline and putting into production an MDM system being piloted. “While the outage did cause significant inconvenience, the Department of Parliamentary Services put significant effort into implementing a new mobile device management system in a very short period of time. This migration had been planned well before the incident, but it was to be implemented over a three-month period,” Ryan said. “DPS staff migrated most email data to new services over the course of just three days between 27 and 31 March. Contrary to media coverage, the complexity of the migration did not extend the outage. “14 technical staff across different IT disciplines worked over the Easter long weekend to ensure the remaining migration and to provide support to parliamentarians and other users who needed assistance.” Acting secretary of DPS cybersecurity branch Gary Aisbitt said within “several hours of identifying that we were under attack”, the department had put mitigations in place to prevent “any more potential intrusions”. Under questioning from South Australian Senator Rex Patrick, Ryan tried to spell out the difference between the cyber realm and regular old household burglary. “We need to accept that such a prominent network as this is not like your house being burgled, because you don’t expect your house to be burgled every hour,” Ryan said. “In this particular world, the idea of comparing it to a break-in of your house and reporting it to the police is simply not realistic. We work with the authorities and agencies extensively to protect the network. Protection of the network is paramount. Secondary is usability of the network.” Ryan added that a “great deterrent” against cyber intrusions was not present, as there was no shortage of actors trying to access the DPS network. “There is incredible resourcing that goes into protecting this network. The agencies are actually very happy, given what happened several years ago, about what this network does, its capabilities and how it protects itself,” he said. “While it was an unsophisticated, brute force type of attack, there was no penetration of the network.” Ryan reminded the committee that simply because an unsophisticated approach was taken, did not mean the actor was unsophisticated. In February 2019, it took eight days to remove malicious actors from the DPS network. “While I do not propose to discuss operational security matters in detail, I can state that a small number of users visited a legitimate external website that had been compromised,” Ryan said at the time. “This caused malware to be injected into the Parliamentary Computing Network.” Since that time, Aisbitt said DPS has stood up a cybersecurity operations centre. “It’s a very capable cybersecurity operations centre,” he said. “Our role is to initially triage and have a look at those incidents ourselves. We get a number of attacks — for want of a better term — and they happen regularly. We triage these and at some point we decide whether we need to notify the ACSC and seek their assistance, and that occurs as par for the course.”Related Coverage More

Police have made eight arrests following operations targeting individuals suspected of sending out “smishing” texts, which aim to steal personal information and financial details by directing recipients to fake versions of trusted organisations’ websites, such as the Royal Mail.Operations across London, Coventry, Birmingham and Colchester resulted in eight men being arrested on suspicion of fraud, according to City of London police.SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)The eight suspects are believed to be involved with a smishing campaign which sent out scam texts claiming to be from Royal Mail, claiming the recipient needed to pay an outstanding postage fee for a parcel or enter their details to rearrange a delivery. Officers from the Dedicated Card and Payment Crime Unit (DCPCU), a specialist City of London and Metropolitan police unit, worked in partnership with Royal Mail and the telecoms industry as part of a ‘week of action’ which included the arrests.Devices suspected of being used in smishing scams have been seized by police and records of stolen financial details have been identified – which will allow banks to inform customers that they’ve fallen victim to fraud. “The success of these operations shows how through our close collaboration with Royal Mail, the financial services sector, and mobile phone networks, we are cracking down on the criminals ruthlessly targeting the public,” said Detective Chief Inspector Gary Robinson, the head of DCPCU.

“Ongoing investigations are now underway and we will continue to work together to bring those committing smishing scams to justice.”SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happenedSeven of those arrested have been released under investigation, with one suspect charged and remanded into custody ahead of their court appearance. Investigations are still ongoing and City of London police said they expect to make further arrests and charges.Often these phishing messages contain a link to a fake version of a legitimate website which ask for usernames and passwords or even bank details. There’s been a large rise in SMS phishing attacks over the last few months, particularly with messages claiming to be from a delivery company, as many people have been doing more online shopping during the Covid-19 pandemic.Members of the public can help investigations into smishing campaigns by forwarding suspicious texts to 7726, free of charge.MORE ON CYBERSECURITY More

GAO
Cyber insurance premiums have surged amid more frequent cyberattacks and are likely to surge in 2021, according to a General Accountability Office report.The National Defense Authorization Act for Fiscal Year 2021 included a provision for GAO to study the US cyber insurance market. GAO analyzed industry data on policies, cyber risk and insurance research and interviewed Treasury officials.According to the GAO, cyber insurance adoption is picking up. The GAO found that the take-up rate for cyber insurance rose from 26% in 2016 to 47% in 2020.Take-up rates also vary by industry. According to Marsh McLennan, among its clients, the industry sectors with the highest take-up rates in 2016–2020 included education and health care, which collect, maintain, and use significant amounts of personally identifiable information or protected health information. Sectors experiencing significant growth in take-up in that period included the hospitality and retail sectors, which commonly collect payment card information. The manufacturing sector’s take-up rate also grew significantly, as that industry became increasingly aware of potential cyberattack risks, according to industry sources.Along with that adoption, insurance brokers said that more frequent and severe cyberattacks have led to premium increases. The GAO said more than half of the respondents in its report saw prices go up 10% to 30% in late 2020.GAO noted in its report:One broker told us that minimum premiums for high-risk industries with revenues up to $5 million can range from $2,000 to $3,500 per million of limit, while other brokers said premiums on policies that target mid-size entities with revenues from less than $100 million to $250 million can average from about $5,000 to more than $10,000 per million of limit. In addition to entity and industry risk factors, premiums can differ based on the amount of a deductible or other self-insured amount, which the brokers told us had minimums from $1,000 to $5,000 for policies with a $1 million total limit. These same risk factors also can result in lower coverage limits for certain perils, such as $250,000 for social engineering and wire transfer attacks on a policy with a $1 million total limit.In addition, cyberattacks have led insurers to reduce coverage limits for some sectors including healthcare and education. The GAO report found that the cyber insurance industry faces multiple challenges such as limited historical data on losses, lack of common definitions for terms like cyberterrorism as well as differences among industries. Another issue for the industry is that businesses have limited awareness of what’s in their policies as well as limits.  More

A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords and other information from victims. Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts to distribute messages claiming to be related to payments, alongside an image posing as a PDF attachment that looks like it has information about the supposed transfer.

ZDNet Recommends

When the user opens this file, they’re connected to a malicious domain that downloads STRRAT malware onto the machine. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) The updated version of the malware is what researchers describe as “notably more obfuscated and modular than previous versions”, but it retains the same backdoor functions, including the ability to collect passwords, log keystrokes, run remote commands and PowerShell, and more – ultimately giving the attacker full control over the infected machine. As part of the infection process, the malware adds a .crimson file name extension to files in an attempt to make the attack look like ransomware – although no files are actually encrypted. This could be an attempt to distract the victim and hide the fact that the PC has actually been compromised with a remote access trojan – a highly stealthy form of malware, as opposed to a much more overt ransomware attack.

It’s likely that this spam campaign – or similar phishing campaigns – is still active as cyber criminals continue attempts to distribute STRRAT malware to more victims. Given how the malware is able to gain access to usernames and passwords, it’s possible that anyone who’s system becomes infected could see their email account abused by attackers in an effort to further spread STRRAT with new phishing emails. SEE: Ransomware just got very real. And it’s likely to get worse However, as the malware campaign relies on phishing emails, there are steps that can be taken to avoid becoming a new victim of the attack. These include being wary of unexpected or unusual messages – particularly those that appear to offer a financial incentive – as well as taking caution when it comes to opening emails and attachments being delivered from strange or unknown email addresses. Using antivirus software to detect and identify threats can also help prevent malicious emails from landing in inboxes in the first place, removing the risk of someone opening the message and clicking the malicious link.

MORE ON CYBERSECURITY More