Compiled by Walt Manning
CEO, Techno-Crime Institute
newsletter@technocrime.com
https://technocrime.com
This newsletter is distributed to everyone on our mailing list and provides links and insights regarding techno-crimes, investigations, security, and privacy.
Contents in this issue:
- US Marshals Service becomes latest law enforcement agency hit by hackers
- 4 Best Browsers for 100% Privacy & 4 to Avoid
- 10 dark web monitoring tools
- Judge in Colombia Conducts Court Hearing in the Metaverse
- How I Broke Into a Bank Account With an AI-Generated Voice
- Scammers are creating fake receipts — and a digital shoplifting boom
- Scheduled Speaking Engagements
______________________________________________
US Marshals Service becomes latest law enforcement agency hit by hackers
(Feb. 28, 2023)
https://therecord.media/us-marshals-service-becomes-latest-law-enforcement-agency-hit-by-hackers/
Yet another law enforcement agency has become a victim of ransomware. I’ve seen examples of other police departments, cities, and government agencies that have been hit over the past several years, with resulting high costs and disruptions to service.
But also think about the type of data stored on law enforcement servers and the implications for active investigations, current informants, witnesses, or crime victims.
“The U.S. Marshals Service said it was struck by ransomware last week in an attack that affected systems holding sensitive law enforcement data and personally identifiable information related to several suspects.
No ransomware group has taken credit for the attack, but the hackers stole employee information, legal documents, administrative data, and more.
The U.S. Marshals Service is in charge of the witness protection program, protecting judges and transporting prisoners. Sources told NBC News that the breach did not involve data from the witness protection program.”
The other potential issue with data breaches like this one is that it can take much longer than you realize to discover how long the attackers were already in a network and the volume of exposed data involved.
According to one study, it took an average of 287 days to detect a data breach and 80 days to contain it.
Considering the circumstances, the general public may never know the full extent of this breach.
______________________________________________
4 Best Browsers for 100% Privacy & 4 to Avoid
(Jan. 1, 2023)
https://privacyaustralia.net/best-secure-browser/
Everyone uses a browser for surfing the Internet. You probably have a favorite, or you may just use the browser that came installed on the device you use to access the network.
But all browsers are not the same. You may not realize how much information is being collected by a browser or what information the browser could provide to the websites you visit.
This might be a crucial aspect of operational security for investigators. You don’t just need to protect your privacy, but also ensure the confidentiality of data related to your investigations.
How confident are you about the security and privacy of your browser, and what can you do?
This interesting article from Will Ellis of PrivacyAustralia has some good basic information. But I encourage you to do your own research and to choose your browsers carefully.
You may want to consider using multiple browsers: one browser for social media (especially Facebook), a different browser for personal use, and yet another for any activity related to your investigations or research.
The browser for investigative activity should not collect any information, or track anything related to your activities.
“Did you know that every time you go online, your browser leaves a ton of information about you behind?
Most browsers have a built-in geo location.
Some websites, like streaming services, will request information about your connection information. They can use this to determine the website content to serve you.
You already know that your social media accounts are tracking you as you visit sites on the Internet. That’s why they are free. They get paid by selling you advertisers.
Your browser will record information about the hardware you are using and the operating systems you have installed. This is to make sure that the web information you see will actually work on your device. Your browser will also record any extensions or add-ons you have connected as well as the service provider you are using.”
Could your browser be tracking things about you that you would rather keep confidential?
You owe it to yourself and your clients to know about these risks, so you’ll be more confident about your security and privacy.
______________________________________________
10 dark web monitoring tools
(Feb. 21, 2023)
https://www.csoonline.com/article/3688550/10-dark-web-monitoring-tools.html#tk.rss_all
Do you or any of your clients need to research the darknets for stolen business or personal information?
If so, would you even know where to start or what to recommend to someone else?
Darknet research is not something every investigator knows much about or is prepared to do.
We will be publishing a course about darknets within the next few weeks. Since you’re a member of our mailing list, somebody will notify you about what it covers and when it is available.
But in the meantime, if you’re unsure why you might need this type of research, this article by Tim Ferrill in CSOOnline can give you a great place to start.
“The dark web is the place where every CISO hope their company’s data will not end up. It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, or other confidential corporate information.
Gaining operational intelligence on what data these sites are offering is critical to defending cybercriminals using compromised accounts to enable attacks, commit fraud, or conduct campaigns using spear phishing or brand spoofing. The dark web is also a source of intelligence on the operations, tactics, and intent of criminal groups. Tools that monitor the dark web for compromised data are available for these purposes.”
I also discuss “Darknets: What You Need to Know” in my book Techno-Crimes and the Evolution of Investigations. The bonus materials web page (to which only readers have special access) contains more information. If you want to learn more about the book, please visit the Book Sales Page.
______________________________________________
Judge in Colombia Conducts Court Hearing in the Metaverse
(Feb. 24, 2023)
https://www.cryptotimes.io/judge-in-colombia-conducts-court-hearing-in-the-metaverse/
You’ve all probably read a lot about the “metaverse” recently, but many investigators don’t understand what it is or what it will mean for future investigations.
I’ve already seen crimes occurring in virtual worlds and multi-player online games, and this trend will only continue to grow.
But have you ever thought about testifying in virtual reality?
The following is from a fascinating article in The Crypto Times by Vismaya V.:
“The Colombian court essentially made history in the metaverse. The Administrative Court of Magdalena successfully held a hearing in the Metaverse on February 15, 2023, presided over by Judge María Victoria Quiñones Triana.
Judge Quiñones stated, ‘The metaverse constitutes a technological tool that can facilitate access to the administration of justice. The use of information technology in the development of judicial proceedings has the essential purpose of facilitating and expediting these processes [of executing justice]’.”
And, if you might be attending a VR court session, you might be forced to learn about and even experience this technology.
Virtual reality has also been used to conduct virtual tours of crime scenes for jurors in court, along with training for first responders.
Last October, Interpol created the first metaverse specifically designed for law enforcement, and they are now looking at the possibility of conducting investigations in virtual worlds.
However, new research suggests that eye and hand-tracking in virtual reality might be capable of identifying individuals, similar to using other biometric data such as gait analysis that can even identify people wearing a disguise.
Will you be ready for investigations in the metaverse?
______________________________________________
How I Broke Into a Bank Account With an AI-Generated Voice
(Feb. 23, 2023)
https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-with-an-ai-generated-voice
I’m seeing a lot of articles and social media posts about artificial intelligence and new tools like ChatGPT.
The technology involving the use of AI to clone or mimic a voice has been around for several years. The versions that I’ve tested usually sound robotic, like some of the chatbots you interact with when you call customer service or with smart assistants like Siri.
But AI is getting better, and it’s much easier to clone someone’s voice and then make the cloned voice say almost anything…and with better expression.
We’ve already seen fraud using voice cloning, and I suspect these crimes will only continue growing.
Do any of your financial institutions or investment brokerages use voice recognition to verify identity?
After reading this article from Vice.com by Joseph Cox, you might wonder if this technology will still be good enough to keep up with AI:
“Banks across the U.S. and Europe use this sort of voice verification to let customers log into their account over the phone. Some banks tout voice identification as equivalent to a fingerprint, a secure and convenient way for users to interact with their bank. But this experiment shatters the idea that voice-based biometric security provides foolproof protection in a world where anyone can now generate synthetic voices for cheap or sometimes at no cost. I used a free voice creation service from ElevenLabs, a powerful AI-voice company that has already been used to dox and harass specific people.
Now, that abuse can extend to fraud and hacking. Some experts I spoke to after doing this experiment are now calling for banks to ditch voice authentication altogether, although real-world abuse at this time could be rare.”
I’ve used the ElevenLabs product, and I created a clone of my own voice after submitting a sample of only a couple of minutes.
Their AI gives you interesting flexibility to adjust the quality of the voice, including variable levels of expression. I could then type in any text and for my AI voice to say.
For someone who heard the AI voice track by phone, or who doesn’t know me well, I thought it was very good, and better than most of the products I’ve tried.
I agree that the amount of fraud using this technology isn’t significant today, but don’t forget that technology is changing exponentially.
Soon, you may not be able to believe everything you hear.
______________________________________________
Scammers are creating fake receipts — and a digital shoplifting boom
(Feb. 16, 2023)
https://restofworld.org/2023/fake-receipts-scammers-digital-shoplifting/
Mobile payment apps, scannable QR codes, and convenience are all factors creating a new type of “digital shoplifting.”
- “The apps used for scamming are easily available online.
- Criminals use and sell makeshift apps designed exclusively to craft fake vouchers and scam restaurants, taxi drivers, and online retailers.
- The companies behind the apps, their users, and experts agree there is a problem, but no one is taking full responsibility.”
Today, this type of fraud only appears in certain South American countries…but where will it appear next?
______________________________________________
As I’ve said many times, technology is changing faster than anyone can keep up with.
The techno-criminals have already evolved.
It’s time for investigators to catch up!
______________________________________________
Scheduled Speaking Engagements
I’ll speak at the 34th ACFE Global Fraud Conference in Seattle, Washington, on Monday, June 12th, at 3:25 pm. The presentation title is “Digital Alibis: Will You Be Able to Extract the Truth from a Digital Mirage?”
I’m scheduled to give an all-day training seminar about various aspects of techno-crime investigations on Wednesday, September 20th, for the ACFE Las Vegas Chapter in Las Vegas, Nevada. Contact me if you would like more details regarding the specific topics.
______________________________________________
The Techno-Crime Newsletter is a free monthly newsletter providing information and opinions about techno-crimes, cybersecurity tools and techniques, privacy, and operational security for investigators. To subscribe or to read past issues, see The Techno-Crime Newsletter Archive web page.
Please feel free to forward this newsletter to anyone who will find the information interesting or useful. You also have our permission to reprint The Techno-Crime Newsletter, as long the entire newsletter is reprinted.
Walt Manning is an investigations futurist who researches how technology is transforming crime and how governments, legal systems, law enforcement, and investigations will need to evolve to meet these new challenges. Walt started his career in law enforcement with the Dallas Police Department and then went on to manage e-discovery and digital forensics services for major criminal and civil litigation matters worldwide. He is the author of the thought-provoking book Techno-Crimes and the Evolution of Investigations, where he explains why technology will force investigations to evolve. Walt is an internationally recognized speaker and author known for his ability to identify current and impending threats from technology and advise his clients and audiences about ways to minimize their risk. In addition to many published articles, he has been interviewed and widely quoted in the media as an expert on topics related to technology crime and investigations.
Copyright © 2023 by The Techno-Crime Institute Ltd.
