Reboot It! Episode 47 - With Rick Hayes and Benny Karnes - Swift and is Facebook Eavesdropping on you?


Upcoming Conferences

When: November 18-20
Where: Charleston, WV 
CFP is Open!
Tickets are on sale!

DerbyCon 6
When: September 21-25, 2016
Where: Louisville, KY
CFP is Open!


North Korea fingered in Swift payments systems cyber heists

“CYBER ATTACKS on the Swift payment system have been linked to North Korea by security researchers following an analysis of the malware code that showed similarities with malware used in attacks since 2009.

This would not be the first time that North Korea has been implicated in criminal activity. The country's leadership has been linked with a high-quality counterfeiting operation and the mass production and distribution of methamphetamine.

Analysis by security firm Symantec indicates that a hacking group called Lazarus is behind the attacks. The group was responsible for a number of sophisticated attacks on targets in the US and South Korea.

"Symantec believes that distinctive code shared between [malware] families, and the fact that Backdoor.Contopee [linked with Lazarus] was being used in limited targeted attacks against financial institutions in the region, means that these tools can be attributed to the same group," the firm said.

"Backdoor.Contopee has been used by attackers associated with a broad threat group known as Lazarus. Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea.”

Facebook using people’s phones to listen in on what they’re saying, suggests professor
“Facebook could be listening in on people’s conversations all of the time, an expert has claimed.

The app might be using people’s phones to gather data on what they are talking about, it has been claimed.

Facebook says that its app does listen to what’s happening around it, but only as a way of seeing what people are listening to or watching and suggesting that they post about it. 

The feature has been available for a couple of years, but recent warnings from Kelli Burns, mass communication professor at the University of South Florida, have drawn attention to it.

Professor Burns has said that the tool appears to be using the audio it gathers not simply to help out users, but might be doing so to listen in to discussions and serve them with relevant advertising. She says that to test the feature, she discussed certain topics around the phone and then found that the site appeared to show relevant ads.”

All your disk image are belong to us, says US appeals court (Arstechnica):

Court says all your files are ripe for seizure—Fourth Amendment doesn't apply.

The government can prosecute and imprison people for crimes based on evidence obtained from their computers—even evidence retained for years that was outside the scope of an original probable-cause search warrant, a US federal appeals court has said in a 100-page opinion paired with a blistering dissent.

The 2nd US Circuit Court of Appeals ruled that there was no constitutional violation because the authorities acted in good faith when they initially obtained a search warrant, held on to the files for years, and built a case unrelated to the original search.

The case posed a vexing question—how long may the authorities keep somebody's computer files that were obtained during a search but were not germane to that search? The convicted accountant said that only the computer files pertaining to his client—who was being investigated as part of an Army overbilling scandal—should have been retained by the government during a 2003 search. All of his personal files, which eventually led to his own tax-evasion conviction, should have been purged, he argued.

Eric Holder says Edward Snowden performed a 'public service' (Slashdot)
Original (CNN):

From Slashdot: Former U.S. Attorney General Eric Holder says Edward Snowden performed a "public service" by triggering a debate over surveillance techniques, but still must pay a penalty for illegally leaking a trove of classified intelligence documents. "We can certainly argue about the way in which Snowden did what he did, but I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made," Holder told David Axelrod on "The Axe Files," a podcast produced by CNN and the University of Chicago Institute of Politics. "Now I would say that doing what he did -- and the way he did it -- was inappropriate and illegal," Holder added. "I think that he's got to make a decision. He's broken the law in my view. He needs to get lawyers, come on back, and decide, see what he wants to do: Go to trial, try to cut a deal. I think there has to be a consequence for what he has done." "But," Holder emphasized, "I think in deciding what an appropriate sentence should be, I think a judge could take into account the usefulness of having had that national debate."

MySpace And Tumblr Accounts Leaked From 2013 Breaches (Dark Reading):
Dark Reading: 

From Dark Reading: Timing of release of hacked details from different sites may be deliberate, says researcher.

Social networking sites MySpace and Tumblr were reportedly breached several years ago but stolen IDs of millions via the attacks were recently put up for sale, reports BBC. The details were leaked only last month when news broke of 167 million LinkedIn account details being available online after a 2012 hack.

It's unclear whether the timing of these leaks were planned or coincidental, according to BBC, and whether there are more to come.

Security researcher Troy Hunt said there must be "some catalyst" behind the releases and adds that millions of IDs from adult dating site Fling have also been put on sale now, although Fling was hacked way back in 2011.

The Tumblr dump is "just a list of emails," according to news site Motherboard, and available at a lower price, while around 360.2 million MySpace accounts are on offer at a higher price. Account status of Tumblr, Fling and LinkedIn can be checked at the data dump on Hunt’s Have I Been Pwned.

Got $90,000? A Windows 0-Day Could Be Yours:

How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.

So-called “zero-day” vulnerabilities are flaws in software and hardware that even the makers of the product in question do not know about. Zero-days can be used by attackers to remotely and completely compromise a target — such as with a zero-day vulnerability in a browser plugin component like Adobe Flash or Oracle’s Java. These flaws are coveted, prized, and in some cases stockpiled by cybercriminals and nation states alike because they enable very stealthy and targeted attacks.

The $90,000 Windows bug that went on sale at the semi-exclusive Russian language cybercrime forum exploit[dot]in earlier this month is in a slightly less serious class of software vulnerability called a “local privilege escalation” (LPE) bug. This type of flaw is always going to be used in tandem with another vulnerability to successfully deliver and run the attacker’s malicious code.

TeamViewer User Claims Accounts Hacked, Service Goes Offline With Server Issues
TeamViewer is a remote desktop connection software that allows users to share screens and allow remote access from anywhere in the world. In the past 24 hours, many customers have made unverified claims that their computers were maliciously accessed by hackers. According to these sources, hackers are using TeamViewer to access the computers late at night, out of standard USA working hours, and accessing bank accounts using saved browser passwords, or installing forms of ransomware. As of 12 p.m. Wednesday, the TeamViewer website was offline, with their Twitter being the only form of comment so far from the company. TeamViewer later stated that these claims of hacking attacks were not related to the website outage.

Some users who use two-factor authentication have still experienced malicious logins. Other tips include using passwords unique to TeamViewer and using a combination of uppercase and lowercase letters, numbers, and symbols.

Other Links
Breached Passwords Leak Look-Up Sites
Leaked Source -
Breached or Clear -

Digital Forensic Cyber Camp (July 12-14)
Digital Forensic Cyber Camp (June 28-30)