Table of Contents

  1. Surveillance
    1. ToTok, an Emirati messaging app that has been downloaded to millions of phones, is the latest escalation of a digital arms race.
    2. NSA's Backdoor Key from Lotus Notes (2002)
  2. Privacy
    1. What we know about you when you click on this article
    2. Avast and AVG Firefox Extensions Added Back to Mozilla Addons Site
  3. Malware
    1. MyKings Cryptomining Botnet Leverages EternalBlue Flaw
    2. Mozi, Another Botnet Using DHT
  4. Crime
    1. Islands restaurants breached
    2. Champagne French Bakery Cafe
    3. Defend Against SIM Swapping

Surveillance

ToTok, an Emirati messaging app that has been downloaded to millions of phones, is the latest escalation of a digital arms race.

It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype. But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones. ToTok responded by saying due to technical dificulties the app is unavailable to some users in the google and apple stores.

NSA's Backdoor Key from Lotus Notes (2002)

Before the US crypto export regulations were finally disolved the export version of Lotus Notes used to include a key escrow / backdoor feature called differential cryptography. The idea was that they got permission to export 64 bit crypto if 24 of those bits were encrypted for the NSA's public key. The NSA would then only have the small matter of brute-forcing the remaining 40 bits to get the plaintext, and everyone else would get a not-that-great 64 bit key space (which probably already back then NSA would have had the compute power to brute force also, only at higher cost). Hacker news discussion.

Privacy

What we know about you when you click on this article

Vox has written an article explaining the data they collect and how media companies like themselves need to do this in order to survive.

Avast and AVG Firefox Extensions Added Back to Mozilla Addons Site

Mozilla has allowed the AVG and Avast Online Security extensions back into their addons site after the extensions reduced the amount of tracking data being sent to Avast's and AVG's servers. At the beginning of December, Mozilla removed the Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice extensions from the Firefox addons site after it was discovered that they were sending a large amount of user tracking data to Avast.

Malware

MyKings Cryptomining Botnet Leverages EternalBlue Flaw

The MyKings botnet, which has been spreading cryptominers and other malware over the last three years, continues to grow in sophistication and now uses steganography techniques to hide malicious code updates, according to a new analysis from Sophos Labs. EternalBlue is a U.S. National Security Agency exploit tool leaked by the Shadow Brokers gang in April 2017, which eventually gave the WannaCry ransomware its worm-like capability to spread from device-to-device.

Mozi, Another Botnet Using DHT

Mozi Botnet relies on the DHT protocol to build a P2P network, and uses ECDSA384 and the xor algorithm to ensure the integrity and security of its components and P2P network. The sample spreads via Telnet with weak passwords and some known exploits

Crime

Islands restaurants breached

Islands Restaurants was alerted to a potential payment card issue, immediately started an investigation, and took steps to end unauthorized access to our payment card network. A leading computer forensic firm was engaged, and a thorough investigation was conducted to determine what occurred and what restaurant locations and time frames were involved. Islands notified the card networks and provided information to support an investigation by law enforcement. The malware was designed to look for data read from the magnetic stripe of a payment card as it was being routed through the system. Data in the magnetic stripe includes the cardholder name, card number, expiration date, and internal verification code. In some instances, the malware only identified the portion of the magnetic stripe that contained payment card information without the cardholder name.

Champagne French Bakery Cafe

Champagne French Bakery Café was alerted to a potential payment card issue, immediately started an investigation, and took steps to end unauthorized access to our payment card network. A leading computer forensic firm was engaged, and a thorough investigation was conducted to determine what occurred and what restaurant locations and time frames were involved. Champagne Bakery notified the card networks and provided information to support an investigation by law enforcement. The malware was designed to look for data read from the magnetic stripe of a payment card as it was being routed through the system. Data in the magnetic stripe includes the cardholder name, card number, expiration date, and internal verification code. In some instances, the malware only identified the portion of the magnetic stripe that contained payment card information without the cardholder name.

Defend Against SIM Swapping

How to defend yourself against SIM swapping attacks.