Dominic Alvieri To Post or Not To Post? That is The Censor.

Can the World survive with the Internet this way?

July 24th, 2020                  

By Dominic Alvieri     

 

Negative posts have been planted and circulated on our social media platforms by foreign sources to cause chaos.

 

              One Censor with Many Sensors. @AlvieriD

                          

The Internet is being closed. So is Freedom.

                      When do you restrict a post?

                      When do you level the playing field?

 Why would you close your countries Internet access?

 Why do you have rooms of monitors in our country?  

 Why do you have a database on me overseas? Really?       

                     

The brick wall coming up behind the Internet. 

Every day more and more censors with real time sensors are monitoring, editing, and blocking content from being viewed on various social media platforms around the world. More shocking is the daily movement towards restricting the pursuit of life and liberty itself.

When an overseas criminal is hidden behind a countries Intranet, the odds are stacked against you. Not house rules, skyscraper rules.

Call it what it is. It is not the Internet. Countries have built more controllable Intranets. Countries like China and Russia have built their own Intranet slices of the Internet to monitor and restrict their own citizens. Everyone else in the world is included. Do you think it stops there? More countries are on that list against us and against Freedom worldwide.

 

Many people died for our Freedom. United we stand strong.

Do you know the largest democracy in the world closed parts of its Internet service for several months? India is the largest democracy in the world. Why was this acceptable? Why is it acceptable? Why wasn’t there an uproar? Because you could not hear it. You could not see it because they turned off the switch. They turned off the Internet. Try to file a report in India if you do not live in India. Arcane rules and jurisdictions. I know there are great people in India that want to help. It is at a higher level that the work needs to be done and checked.

 

If you are going to post some arcane falsehood, you should be restricted. Posting a threat? Bullying? Scam? Ciao. The freedom of speech gives us the right to speak freely to a point. Your thoughts, feelings, and ideas may be expressed without fear unless you intend ill will. This is what makes our country great. Expressions of hate have replaced posts of love. Planning funerals and not celebrating birthdays.

Negative posts have been circulated on our social media platforms by foreign sources to cause chaos. 

Posts have been created with malicious intent and distributed. Fake groups and posts are purposely made to circulate an opinion and point in a direction. That is subversion. We are at cyber war now. Top world officials know. We have top security experts here in the United States with technical skills above my level of expertise at the moment who will concur with my research.

Freedom. Many people have died for this right I hold dear. Black people. White people. All colors and races. Men women and children have sacrificed for what we took for granted. You can block many, but you can not block us all.

 

The ability to opine is one in which is a given right. Having the ability to use it wisely is still a skill that many have not perfected.  

Look at the three year old pointing back overseas charging every child and parent of the world guilty of what they have been doing. Your hand still has chocolate on it from being in the cookie jar. You are caught again my dear.

The choice to post, or not to post should mainly rest on my fingers. I understand the need to block certain content. The explosive rate of censorship and malicious content placement by enemies of Freedom are unacceptable. Period.

                                     Independent Security Researcher. @AlvieriD

 

 

@AlvieriD

 

Love at First Sight, View, Post or Click?

I didn’t order the Catphish.

    By Dominic Alvieri, @AlvieriD 

Phishing. Smishing. Vishing. Catphishing. Whatever the “ing,” it is usually a scam. 

Think of it as “I’m Not Going” to fall for it. What does this have to do with cybersecurity? The scam is just getting started. 

Catphishing is pretending to be someone else. 

I decided to do a little research and signed up to three online dating sites. Individual and corporate names will be replaced. Discretion is assured during any and all investigations. 

Younger women are harassed and can be stalked online. Older men get emotionally abused and can be financially destroyed.  

It took about ten minutes after signing up when the sexy photos started flying in left and right. What was this? This was a dating site, not a hook up site, right?

Images are stolen daily online.

Scammers sent different pictures claiming to be the same woman. 

The goal is to get your ID, and your assets. Once you make contact outside of  the initial secure social site you are in trouble. The text communications can snare you into a malicious trap. They will try to get you to go to different sites they control. Clicking on scammer links or even just going to their sites can attach malware to your computer, tablet or smartphone.

The woman in the actual photo the scammer sent is unknown. The second photo is a poor quality photo stolen offline and presented as the same woman. Images are stolen online daily. This woman is not even online. It is an international trail. 

She has to make contact. It is a crowded field. The urgency is a dead give away.  Uber sexy as well. She will ask your location first, and surprisingly be close by. She will not be able to text it correctly, but happens to know you are geographically close. Google Maps, no doubt.

Examine photos in greater detail. 

 

 She will say that she wants to meet you right away. In one instance, a scammer named "Shirley" told me she loved not just my personality within the first few texts...but that she already loved me.  Just to check I asked, “What do you love about me?” My question was avoided like some people avoid wearing masks during the pandemic. It was on. I knew right away she was not real. She then text that we should meet up tomorrow, not being able to contain her excitement. I played along.

When the day comes, so does a sob story. Car problems, sick parent, travel issues. Shirley first tried to get me to help with her car. No thank you. Next. Then Shirley attempted to direct me to a pay site so that I could be verified before we meet. Creative. I reversed the role and asked to see her verification. No answer. Quick change of topic. You have to move quickly, he won’t be on the site long. Did I just say he? Yes I did. It’s a man, baby.

Forensics reveal explicit details on multiple levels. 

 I searched billions of records and could not find one image or mention of this mystery woman. Dig deeper. Tearing apart the photos revealed clues and MetaData. I stared putting together the communication trail. Spoofs along the way. This was slightly more advanced but the scammer was messy. Setting up web sites and the receipt of funds will always provide a crisper forensic trail. With authorities still in pursuit, I will not release all the details, but needless to say Shirley was not Shirley, or even a woman. 

Scammers will use any image to grab your attention. Sex sells. Last year, a scammer even dared to put an actor on his scam cryptocurrency web site as an employee. What a joke. Never take anything at face value online. Even trusted sources can have compromises.

These clowns will be caught. The proper authorities have been informed. 

The danger of online interactions.

 

 

 

This week has been filled with cybersecurity news. Highlighted by the Twitter breach and a 17 year old critical SigRed remote code execution vulnerability. A severe alert that took a back seat with all the headlines. Something does not add up with the Twitter breach. We will leave that to the powers that be. Criminals are online in many forms and constantly changing their attack vectors.

How do you protect yourself?

Do not rush into anything except staying up to date with security updates. Never give out personal details online, over the phone, or in person. Limit your clicking. Avoid email links and apps from untrusted sources. That goes for SMS text links as well. SMS text data is not encrypted. Social media links are more secure, barring an internal control breach. Do use secure end to end encryption and secure your accounts with 2FA from an app, not SMS. Try and set up at least one secure private email and number. Biometrics usually work well as an added layer of protection. Do not use Wi-Fi unless it is life or death. Turn off Bluetooth when not in use. Do net send money to anyone online you do not know well. Limit the amount of information you put on your social media accounts. Use longer chunked passwords. Do not leave your computer, tablet or smartphone unattended.  

Zero Trust is the Best Practice.

The Cyber Show. Best Practices and technology, easily explained.

Independent Security Researcher.

The Cyber Show on Blogger.

The Cyber Show YouTube Channel.

The Cyber Show on Facebook Live. 

 

 

 

SIM Swap Fraud. It just happened to me.

All my data was stolen overnight.

July 11, 2020. By Dominic Alvieri,  @AlvieriD

Other people can write about SIM Swap Fraud. I can tell you how it feels. You feel violated. Exposed. Vulnerable. Angry. I lived in New York City when you didn't always get an “I Love NY” greeting with local interactions, but I never felt vulnerable. It just isn't supposed to happen in the middle of the night without breaking into my home. My alarm or pets would have alerted me. 

I didn't have a chance.  

 

SIM Swap Fraud is not just an ID theft

It was the usual wake up routine except this morning was different. An ominous security text from my phone service provider was the first image after turning off my phone alarm. "A request to move is in progress…Calls and texts will go to your new phone/SIM card. Please call if you did not request". The text was hours ago in the middle of the night. Call you to deny the request with what. The phone service is already gone!

What do you do?

Act first and ask questions later. Call your service provider immediately. Find a way. Get your service and phone number back first. Your phone number is connected to your bank accounts, business accounts, email and social media accounts. Keep calling everyone. Every account has been compromised. 

The SIM Swap Scam is not an ordinary identity theft. It is in a class by itself. Your phone was ported to another device and all of your data has been assigned to a new SIM card as well. You have to get the phone number back. The criminal is a few hours ahead.

A SIM card basically instructs the phone to connect to a specific cellular network. The SIM Swap Scam is a socially engineered attack. They targeted the phone company representative and pretended to be me. AT&T, Sprint, T-Mobile and Verizon all claim to have “extra security”, which they do, but it is usually an additional pass code or a PIN. Better security best practice would be to package voice recognition technology to authenticate user ID. Confirming the actual loss of service or device with a call would have prevented serious damage and would have been nice.

2:58 AM. Security alert text issued and within two minutes, it is gone. My email and bank account are breached first. Go down the list of horrors. Brokerage, business, intellectual property. The recovery begins. What a forensics trail. The biggest issue was not money lost or every conversation being elsewhere, but private pictures. Private moments not meant to be on Facebook, Twitter or auctioned off by some low life on the dark web. Look at your phone. Look in your phone. It can all be stolen overnight.

How do you protect yourself? Add as much security you can with your phone provider. Private backup emails and at least one clean or unknown phone number is paramount. Basic information is already in the criminals hands. The criminal enterprise has advanced with technology. Data dumps and socially held auctions of personal and business data is being conducted right now on the dark web. No longer is it just a phish. Now it is a Spear. It can be a whaling, smishing or vishing. The list goes on.

The Cyber Show on Blogger

 

Two Factor Authorization(2FA) is a great tool, but make sure to use it correctly. Data in SMS messages is not encrypted and can be obtained without a SIM swap. Use an end to end encrypted messaging app. There are a few good ones out now. Google Authenticator is a great 2FA app. It is tokenized and adds extra security. Be careful how you set it up. I use a special set up. Do not put every account online. Use cold bank and business accounts and cold storage for any cryptocurrency. That will remove a valuable bread crumb trail for criminals. Do not place any business data, intellectual property or documents on your phone. Eliminate any app that is a risk. Do not use a password keeper. 

Protect your data. You can control and limit the information you put online or on your phone. Restrict the critical data and monitor frequently. Do not put every bit of information about your life on social media. The criminal underworld has databases on us. Criminals troll sites to gather information on their targets. It happens more and more every day. Prepare for the unexpected.   

   

Independent Security Researcher. 

                

The Cyber Show on YouTube.

The Cyber Show on Facebook Live.

The Cyber Show on Blogger.   @AlvieriD

           

 

 

 

4 Tiks with TikTok and other apps

Data Security

Silicon Valley is great at putting things into databases and basically getting them out. Technology is everywhere and consumes us all. Millions of Tweets, posts and transfers of data every minute. The data transfers in and out of those databases, along with their use is usually seamless and we don’t give it another thought. Until it is too late.

Good morning! Your daily data trail has begun. We create data daily without knowing it. Who hasn’t gone on their smartphone today? If you are relaxing at the beach or at home enjoying a cup of Joe and your daily social or email check, the trail continues. Apple and Google know where you were and what you did today and have a data trail to prove it, even if you don’t remember.

When you agree to give permission to an app access your camera, those assets are at risk. Never keep sensitive information of your camera roll.

When you agree to give permission to an app to access your microphone, you can be recorded even while not using the app.

When you log into another account with Facebook, Microsoft, Apple, etc, they track you when you use that service...and others.

 

Data safety starts with your smartphone.

 Every app requires an agreement to their terms of service and privacy policy. These documents can be tedious, but a required read. Most policies describe how the company collects and stores its data from its users and their devices, including user content and communications, IP addresses, location services, device identifiers, cookies, metadata and other sensitive personal information. We agree to these terms to use their services. Data storage and integrity are paramount. If the company has an unlocked back door to your data, you should be aware.

Facebook, Instagram, Twitter and nearly every company collects data. TikTok is no exception. Companies have to abide by laws. I am not a lawyer and this is in no way a legal opinion, but what law and jurisdiction would prevail? What if your data is rerouted to a foreign government right now? What if the United States were to force Apple or Google to release your data without a warrant?

What happens on the Internet, stays on the Internet…forever. Focus on the data you generate first. The more apps you download and use the larger your overall data footprint will be. Whatever you put on your social site is already public. Be careful not to use things like nicknames or pet names posted and then use them as passwords. That is the known information you release. The easiest way to reduce the unknown is secure your device and keep it updated.

If you do not agree with the terms of service, or where your data is stored or may be directed, then do not download or use the app. That is my best advice. I do not use many apps just because of the terms I have to agree by. If you do decide to use the app or service you can at least disable tracking options on your settings. You can try and limit the amount of data you generate, but that requires less use. Storage is up to the companies you have trusted.

 

The Cyber Show @AlvieriD

 

The four Tiks with TikTok refer to my prior research and comments specifically from corporate officials in 2018. I am not political but do have to focus on the politics involved. There have been a few instances of key logging within the app and video documentation from another researcher which I am unable to confirm at this point but does look official. Key logging is an advanced immediate transfer of data with basically a thin image layer that seems to be over your screen and instantly transfers the data you are creating. You can see it happening. The opacity of the layer is a dead giveaway. If you notice any odd phone behavior, thin layers, overheating, unknown activity...you may be releasing information or have malware on your device. The data security trail is two sided. Secure and limit what you can from your side.

Your prior data is out of your control now. Your future data footprint is up to you. You can control and limit the information you put out. Companies like Facebook, Instagram and Twitter all have your data and tracking information. You can limit the tracking. Every data point you make is immutable and will be stored on a server somewhere in the world. 

 

cnbc.com June 29, 2020. India bans TikTok and dozens of other Chinese apps over security concerns.

https://www.cnbc.com/2020/06/29/india-bans-tiktok-and-dozens-of-other-chinese-apps-over-security-concerns.html

By Jessica Bursztynsky @JBURSZ

 

The Cyber Show @AlvieriD

India has banned 59 Chinese apps this week over national security concerns. The United States and several other countries have made similar bans in the past few weeks. The Indian government is meeting this week to discuss 5G infrastructure and technology.

 

If you do not agree with the terms of service, or where your data is stored or may be directed, then do not download or use the app. That is my best advice. I do not use many apps just because of the terms I have to agree by. If you do decide to use the app or service you can at least disable tracking options on your settings. You can try and limit the amount of data you generate, but that requires less use. Storage is up to the companies you have trusted.

Your phone is a computer and contains a treasure trove of data. Secure and limit what data you generate. Keep your iOS and security features up to date. Knowing whatever you post, text or Tweet will be on a server database somewhere in the world, and may be accessed by someone else at some point in time.

 

What happens on the Internet, stays on the Internet…forever. @AlvieriD

Independent security researcher with over 15 years of experience in Cybersecurity. Current situations require keeping up with technological advances. What is current today, might be out of date by tomorrow.   @AlvieriD