Would you consider this

to be a secure communication platform for sensitive critical tips?

The Fran Burns Iguazu  does.


Submit a tip.

Tip goes ?

Isolated tip link shows a visit from

What does this tell us?

Following links unshielded?

Fran is using comcast?

Fran has farmed out tip reading.

The tip was forwarded to a ?




Qubes OS – Wikipedia, the free encyclopedia

Qubes implements a Security by Isolation approach.[10] The assumption is that there can be no perfect, bug-free desktop environment. Such an environment counts millions of lines of code, billions of software/hardware interactions. One critical bug in any of these interactions may be enough for malicious software to take control over a machine.[11][12]In order to secure a desktop, a Qubes user should take care of isolating various environments, so that if one of the components get compromised, the malicious software would get access to only the data inside that environment.[13]In Qubes, the isolation is provided in two dimensions: hardware controllers are isolated into functional domains (GUI, network and storage domains), whereas the user’s digital life is decided in domains with different levels of trust. For instance: work domain (most trusted), shopping domain, random domain (less trusted).[14] Each of those domains is run in a separate virtual machine.Qubes is not a multiuser system.

Source: Qubes OS – Wikipedia, the free encyclopedia

Inside the economics of hacking – The Washington Post

The questionable: The ‘zero-day’ market Then there’s the “zero-day market” that trades on the private sale of previously unknown vulnerabilities, but generally to governments who look to exploit them for surveillance capabilities. These private sales can offer a heftier price tag than traditional bug bounty programs because the clientele includes intelligence agencies with practically unlimited budgets.This is where Zerodium’s iOS competition comes in. The company is set up to be a middleman that pays independent hackers for new ways to break the security of major software products, and then sells that information to government agencies and major corporations at a premium.Spy agencies value this sort of information because they can use it to get around security measures put in place by software makers to perform digital surveillance. Government hacking is becoming increasingly sophisticated as tech companies, and Apple in particular, have expanded their offerings of strong forms of encryption that prevent even the companies themselves from being able to unlock devices and the content of communications, even when served with a warrant.

Source: Inside the economics of hacking – The Washington Post

Proxie Groups

While tracking a suspected Iran-based cyber-threat group known as Threat Group 2889, Dell SecureWorks’ CTU uncovered an extensive network of fake LinkedIn profiles, which has been created to help the threat actors target potential victims through social engineering.

These convincing profiles form a self-referenced network of 25 seemingly established LinkedIn users. But when analyzing what’s associated with the fake accounts, the CTU found that there were 204 legitimate LinkedIn accounts also in the network. Most of them belong to individuals in the Middle East, while the others are located in North Africa and South Asia—and are likely targets of TG-2889. Most work in the telecommunications, government and defense sectors.

The 25 faux LinkedIn accounts fall into two categories: Fully developed personas (leader accounts) and supporting personas.

“It is clear that TG-2889 invested substantial time and effort into creating and maintaining these personas,” CTU noted.

Leader persona accounts are fully completed and include educational history, current and previous job descriptions, and, sometimes, vocational qualifications and membership of LinkedIn groups. Of the eight identified, six have 500 connections and of the remaining two, one has 275 connections and the other 46 connections. Of the eight leader profiles, five purport to work as recruiters for Teledyne, Northrop Grumman and Airbus Group. The remaining three leaders purport to work for Doosan and Petrochemical Industries Co.

The others are far less developed. They all use the same basic template, having five connections and a simple description of one job.

CTU found that profile photographs for three of the supporter personas appear elsewhere on the internet associated with different, seemingly legitimate, identities. Open Source research on the 17 supporter personas failed to confirm that any of the identities were genuine.

The network allows the threat actors to establish a relationship with targets by contacting them directly, or by contacting one of the target’s connections. It may be easier to establish a direct relationship if one of the fake personas is already in the target’s LinkedIn network. Five of the Leader personas also claim to be recruitment consultants, which would provide a pretext for contacting targets. TG-2889 likely uses spearphishing or malicious websites to compromise victims, and established trust relationships significantly increase the likelihood of these tactics being successful.

The CTU believes TG-2889 is the same threat group that security firm Cylance calls theOperation Cleaver team. As the CTU explained in an analysis:

“Based on strong circumstantial evidence, in Cylance’s December 2014 Op CLEAVER report , they documented how the Cleaver team used the TinyZbotmalware (a password stealer, keystroke logger, multi-functional trojan) and  disguised it as a resume application that appeared to allow resumes to be submitted to the U.S. industrial conglomerate Teledyne. According to Cylance, the Cleaver team also used the [certain] domains, which reference companies associated with many of the fake Linked profiles discovered by CTU researchers.Those domains were:; and The CTU believes that TG-2889’s LinkedIn activity is the initial stage of the Op CLEAVER’s fake résumé submitter malware operation.”

Dell SecureWorks notified LinkedIn of the 25 fake profiles, and LinkedIn immediately took the profiles down. Additionally, Dell SecureWorks notified all of the organizations, whose brand, was being used in the scheme and notified law enforcement. However, recent updates to profile content, such as employment history, suggest that TG-2889 regularly maintains these fake profiles. The persona changes and job alterations could suggest preparations for a new campaign, and the decision to reference Northrup Grumman and Airbus Group may indicate that the threat actors plan to target the aerospace vertical.

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

Rombertik is a complex piece of malware with several layers of obfuscation and anti-analysis functionality that is ultimately designed to steal user data.  Good security practices, such as making sure anti-virus software is installed and kept up-to-date, not clicking on attachments from unknown senders, and ensuring robust security policies are in place for email (such as blocking certain attachment types) can go a long way when it comes to protecting users.  However, a defense in depth approach that covers the entire attack continuum can help identify malware and assist in remediation in the event that an attacker finds a way to evade detection initially.

via Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors.

via Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors.

A (Secure) Chat with WikiLeaks

The Cryptosphere

WikiLeaks The Truth Will Win via РЕН ТВ | Новости on Twitter WikiLeaks The Truth Will Win via РЕН ТВ | Новости on Twitter

Today’s article comes to us from Interwebs Security correspondent Tyler L. Jones. It is his first appearance in the Cryptosphere.

WikiLeaks is at it again.

This time, in an effort to provide a method of secure communication between themselves and whistleblowers, they have developed what they claim is a secure chat system that anyone can connect to; upon connecting, you will begin a near-immediate conversation with a staff member at WikiLeaks. Today, I tried this new service out. The results were both interesting and hilarious; but, we’ll get to all of that in due time.

Here’s the Facebook announcement that started this adventure.

Immediately upon connecting to their secured chat service, I was met with the following message: “Welcome to our chat system. Someone will shortly join the chat and talk with you. Clicking destroy chat will entirely destroy this encrypted chat immediately. Closing…

View original post 650 more words