Be our Valentine: The IT Privacy and Security Weekly Update for the week ending February 14th., 2023


For our special Valentine’s day edition, we have a couple of golden heartfelt stories at opposite ends of the gift-giving spectrum.

We have an update on a final breakup that seems to have dragged on and on.

There is some insight into how North Korea funds its cyber attacks, and seemingly everything else going on in the Democratic People’s Republic of Korea.

We have a couple of stories on the gathering and distributing of your personal data that might make you see red…

And finally, a red roses poem, written by a special contributor.


Love is all around. Let’s go find it!

US: Romance costs

In a Data Spotlight, the U.S. Federal Trade Commission estimated in a report last week that nearly 70,000 people reported a romance scam in 2022 and the reported losses hit $1.3 billion last year.

  • 34% of those losses were tied to cryptocurrency-related romance scams.

  • Another 27% involved victims sending money through bank wire transfers or other payment methods.

  • The reported monetary loss was $4,400 per victim.

Ok those were the stats for those looking for love, but for those who have found it we still have some shocking numbers to share

  • For starters, anyone going on a date on the Feb. 14 holiday can expect to pay top dollar for a table for two. Restaurants, which have been under pressure since the very start of the pandemic, are charging more for meals to combat ongoing staffing challenges and higher food costs.

  • The price of a good steak, in particular, spiked 154%.

  • The average price for a dozen roses jumped 22% from last year.

  • Assorted chocolates are 9% higher.

  • Imported champagne, which is already more expensive than other sparkling wines, rose to $53 a bottle, up roughly 18% from a year before, according to alcohol-delivery service Drizly.

The average price of table wine, on the other hand, is up just 2.5%.

So what’s the upshot for you? Only gold prices have stayed near the US$1,800 an-ounce mark (due to other economic factors).

So ladies and gentlemen, if you want to get your partner something that has not been ravaged by inflation, go for the gold!

US: Even your favorite fizzy drink is leaking your data.

Pepsi Bottling Ventures, America’s largest manufacturer and distributor of Pepsi-Cola beverages, said its network had been breached by threat actors who took off with a handful of personal and financial information.

According to the breach notification letter sent to consumers, the breach, successfully executed by deploying info-stealing malware, happened around December 23, 2022. Pepsi hadn’t discovered the criminal activity until January 10.

The list of information stolen is long and scary. It varies by individual, but it may have included first and last names, home and email addresses, financial account data, including a limited number of passwords, PIN codes, or other access numbers.

Additionally, the crooks stole driver’s license numbers, ID cards, social security numbers and passport information, digital signatures, limited medical history, and health insurance information.

So what’s the upshot for you? Change your password immediately and you receive an e-mail from Pepsi offering 1 year of free monitoring take it, but then ask yourself what happens after 1 year? The baddies still have all your data and can use it at their leisure. This is worse than getting cola up your nose.

Global: A new video shows how much more data Windows 11 sends compared to older versions

"The PC Security Channel used Wireshark to analyze network activity on two clean Windows installations

  • Windows 11 connected to many third-party servers and services, most of which do nothing but ad tracking, without asking the customer
  • Windows XP only connected to Windows Update out of the box
  • Windows 11 has more capabilities than Windows XP, but it also connects to third-party servers without permission
  • Microsoft is trying to monetize its customers as much as possible with Windows 11”

So what’s the upshot for you? When Tom’s Hardware (a hardware and software review site) contacted Microsoft, their spokesperson argued that flowing data is common in modern operating systems “to help them remain secure, up to date, and keep the system working as anticipated.”

“We are committed to transparency and regularly publish information about the data we collect to empower customers to be more informed about their privacy.”

Expect the EU to weigh in on this behavior with some serious fines.

Global: Wait, Isn’t that already gone?

Internet Explorer 11 was never Windows 10’s primary browser – that would be the old, pre-Chromium version of Microsoft Edge.

But IE did continue to ship with Windows 10 for compatibility reasons, and IE11 remained installed and accessible in most versions of Windows 10 even after security updates for the browser ended in June of 2022.

That ends today, as Microsoft’s support documentation says that a Microsoft Edge browser update will fully disable Internet Explorer in most versions of Windows 10, redirecting users to Edge.

So what’s the upshot for you? Who knew?

Global: NameCheap’s Email Hacked To Send Metamask, DHL Phishing Emails

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients’ personal information and cryptocurrency wallets.

The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails.

When recipients began complaining on Twitter, Namecheap CEO Richard Kirkendall confirmed that the account was compromised and that they disabled email through SendGrid while they investigated the issue.

Namecheap published a statement Sunday night stating that their systems were not breached but rather it was an issue at an upstream system that they use for email.

"We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients.

As a result, some unauthorized emails might have been received by you," reads a statement issued by Namecheap.

“We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.”

In a statement, Twilio’s SendGrid refutes NameCheaps’ allegations.

So what’s the upshot for you? Confused as to what is going on?

Somewhere one of these two is letting mail come through a system that is often not blocked by businesses, because of their own use of the product.

Unfortunately, until a source of the leak is identified this situation puts everyone who might be tempted to click at risk.

KP/US: North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn

North Korea is deploying ransomware in the healthcare sector to supplement cyber ops against the U.S. and South Korean governments, according to a joint alert released Thursday from multiple U.S. and South Korean agencies.

Furthermore, the alert from the National Security Agency, and FBI, among others warn that North Korea is using the illicit cryptocurrencies obtained from the attacks to support state-backed espionage operations that target U.S. defense networks and the defense industrial base.

The joint release is just the latest warning from U.S. government officials that ransomware attacks originating in North Korea have grown into a U.S. national security crisis.

Many cyber officials and lawmakers have called for additional regulations to ensure healthcare organizations are implementing proper cybersecurity protections to help defend against the ongoing scourge of ransomware.

So what’s the upshot for you? By this point it appears the whole Democratic People’s Republic of Korea (DPRK) economy, from nuclear missile testing to basic infrastructure is now being funded by hacking and ransomware activities.

US: 200m American records compromised in top data broker breaches

Data brokers sit on a treasure trove of personal data, including demographic details, court and criminal records, and Social Security Numbers. The biggest data broker hack ever led to the exposure of nearly 180 million user records.

“No data breach is small if it includes your data,” a data privacy tool Incogni, powered by Surfshark, said after analyzing the most significant data breaches between 2012-2021.

The analyzed ten hacks of data brokers affected 445 million user records. The US came as the most affected country, with nearly 210 million American records exposed.

Essentially, data brokers are companies that collect, process, and sell or distribute personal information.

According to Incogni, the traded data might occasionally be very personal and include full demographic and contact information, court and criminal records, financial information, and even Social Security numbers.

In some cases, data brokers even collect info on family members and business associates.

So what’s the upshot for you? Back in 2020 of the 506 registered, US-based data brokers 23 (4.5%) had been breached. And yes, these are the latest yearly figures available.)

FR: David Guetta uses AI to get that Eminem sound

OK first, who is David Guetta? Pierre David Guetta is a French DJ and music producer.

He has over 10 million albums and 65 million single sales globally, with more than 10 billion streams.

In 2011, 2020, and 2021, Guetta was voted the number one DJ in the DJ Mag Top 100 DJs poll.

He started this adventure on one AI program by saying “Write some lyrics in the style of Eminem”

He took those lyrics to another AI program and had them sung in the voice of Eminem. The Twitter link plays a portion.

… And now perhaps will play the result for you at his next concert

So what’s the upshot for you? He promises that the Eminem clip won’t be released commercially.

US: A Researcher Tried To Buy Mental Health Data. It Was Surprisingly Easy.

Sensitive mental health data is for sale by little-known data brokers, at times for a few hundred dollars and with little effort to hide personal information such as names and addresses, according to research released Monday.

The research, conducted over the span of two months at Duke University’s Sanford School of Public Policy, which studies the ecosystem of companies buying and selling personal data, consisted of asking 37 data brokers for bulk data on people’s mental health.

Eleven of them agreed to sell information that identified people by issues, including depression, anxiety, and bipolar disorder, and often sorted them by demographic information such as age, race, credit score, and location.

The researchers did not buy the data, but in many cases received free samples to prove that the broker was legitimate, a common industry practice.

The study doesn’t name the data brokers.

Some of the brokers were particularly cavalier with sensitive data.

One made no demands on how the information it sold was used and advertised that it could offer names and addresses of people with “depression, bipolar disorder, anxiety issues, panic disorder, cancer, post-traumatic stress disorder, obsessive-compulsive disorder, and personality disorder, as well as individuals who have had strokes and data on theirs races and ethnicities,” the report found.

So what’s the upshot for you? In the US “The industry appears to lack a set of best practices for handling individuals’ mental health data, particularly in the areas of privacy and buyer vetting.” the report found.

RU: Influence Networks In Russia Misled European Users, TikTok Says

original NYT story paywalled.

Last summer, 1,704 TikTok accounts made a coordinated and covert effort to influence public discourse about the war in Ukraine, the company said on Thursday.

Nearly all the accounts were part of a single network operating out of Russia that pretended to be based in Europe and aimed its posts at Germans, Italians, and Britons, the company said.

The accounts used software to use local languages that amplified pro-Russia propaganda, attracting more than 133,000 followers before being discovered and removed by TikTok.

TikTok disclosed the networks on Thursday in an in-depth report that examined its handling of disinformation in Europe, where it has more than 100 million users, noting that conflict in Ukraine “challenged us to confront a complex and rapidly changing environment.”

The social media platform compiled the findings to comply with the European Union’s voluntary Code of Practice on Disinformation, which counts Google, Meta, and Twitter among its other signatories.

TikTok offered a detailed look into its operations as it tried to demonstrate its openness in the face of continued regulatory scrutiny over its data security and privacy practices.

As a newer platform, TikTok is “in a unique position to innovate in the search for solutions to these longstanding industry challenges,” Caroline Greer, Tiktok’s director of public policy and government relations, said in a blog post on Thursday.

The company did not say whether the accounts had ties to the Russian government.

In its report, covering mid-June through mid-December 2022, TikTok said it took down more than 36,500 videos, with 183.4 million views, across Europe because they violated TikTok’s harmful misinformation policy.

The company removed nearly 865,000 fake accounts, with more than 18 million followers between them (including 2.3 million in Spain and 2.2 million in France).

There were nearly 500 accounts taken down in Poland alone under TikTok’s policy banning impersonation.

Early in the fighting in Ukraine last year, the company said, it noticed a sharp rise in attempts to post ads related to political and combat content, even though TikTok does not allow such advertising.

So what’s the upshot for you? This behavior makes a positive change for TikTok!

US: The FBI’s most controversial surveillance tool is under threat

An existential fight over the US government’s ability to spy on its own citizens is brewing in Congress.

And as this fight unfolds, the Federal Bureau of Investigation’s biggest foes on Capitol Hill are no longer reformers merely interested in reining in its authority.

Many lawmakers, elevated to new heights of power by the recent election, are working to dramatically curtail the methods by which the FBI investigates crime.

New details about the FBI’s failures to comply with restrictions on the use of foreign intelligence for domestic crimes have emerged at a perilous time for the US intelligence community. Section 702 of the Foreign Intelligence Surveillance Act (FISA), the so-called crown jewel of US intelligence, grants the government the ability to intercept the electronic communications of overseas targets who are unprotected by the Fourth Amendment.

That authority is set to expire at the end of the year. But errors in the FBI’s secondary use of the data – the investigation of crimes on US soil – are likely to inflame an already fierce debate over whether law enforcement agents can be trusted with such an invasive tool.

Central to this tension has been a routine audit by the Department of Justice’s (DOJ) national security division and the office of the director of national intelligence (ODNI) – America’s “top spy” – which unearthed new examples of the FBI failing to comply with rules limiting access to intelligence ostensibly gathered to protect US national security.

Such “errors,” they said, have occurred on a “large number” of occasions.

A report on the audit, only recently declassified, found that in the first half of 2020, FBI personnel unlawfully searched raw FISA data on numerous occasions.

In one incident, agents reportedly sought evidence of foreign influence linked to a US lawmaker.

In another, an inappropriate search pertained to a local political party.

In both cases, these “errors” were attributed to a “misunderstanding” of the law, the report says.

At some point between December 2019 and May 2020, FBI personnel conducted searches of FISA data using “only the name of a US congressman,” the report says, a query that investigators later found was “noncompliant” with legal procedures.

So what’s the upshot for you? The number of “mistakes” the FBI made in obtaining, reviewing, and retaining data gives cause for everyone in the US to push for the end of this particular “crown jewel”.

Global: "Prepping for the “Cryptopocalypse”

“The waiting time for general purpose quantum computers is getting shorter, but they are still probably decades away.”

But “The arrival of cryptanalytically-relevant quantum computers that will herald the cryptopocalypse will be much sooner — possibly less than a decade.”

It is important to note that all PKI-encrypted data that has already been harvested by adversaries is already lost.

We can do nothing about the past; we can only attempt to protect the future… [T]his is not a threat for the future — the threat exists today.

Adversaries are known to be storing encrypted data with the knowledge that within a few years they will be able to access the raw data. Oh, and BTW the US does this too, big time.

This is known as the ‘harvest now, decrypt later’ threat.

Intellectual property and commercial plans — not to mention military secrets — will still be valuable to adversaries when the cryptopocalypse happens.

The one thing we can say with certainty is that it definitely won’t happen in 2023 — probably.

That probably comes from not knowing for certain what stage in the journey to quantum computing has been achieved by foreign nations or their intelligence agencies — and they’re not likely to tell us.

Nevertheless, it is assumed that nobody yet has a quantum computer powerful enough to run Shor’s algorithm and crack PKI encryption in a meaningful timeframe.

It is likely that such computers may become available as soon as three to five years. Most predictions suggest ten years.

Note that a specialized quantum computer designed specifically for Shor does not need to be as powerful as a general-purpose quantum computer — which is more likely to be 20 to 30 years away… “Quantum computing is not, yet, to the point of rendering conventional encryption useless, at least that we know of, but it is heading that way,” comments Mike Parkin, senior technical engineer at Vulcan Cyber.

Skip Sanzeri, co-founder and COO at QuSecure, warns that the threat to current encryption is not limited to quantum decryption.

“New approaches are being developed promising the same post-quantum cybersecurity threats as a cryptographically relevant quantum computer, only much sooner,” he said.

"It is also believed that quantum advancements don’t have to directly decrypt today’s encryption. If they weaken it by suggesting or probabilistically finding some better seeds for a classical algorithm (like the sieve) and making that more efficient, that can result in a successful attack.

And it’s no stretch to predict, speaking of predictions, that people are going to find ways to hack our encryption that we don’t even know about yet."

Steve Weston, co-founder and CTO at Incrypteon, offers a possible illustration. “Where is the threat in 2023 and beyond?” he asks. “Is it the threat from quantum computers, or is the bigger threat from AI? An analysis of cryptoanalysis and code-breaking over the last 40 years shows how AI is used now, and will be more so in the future.”

The article warns that “the coming cryptopocalypse requires organizations to transition from known quantum-vulnerable encryption (such as current PKI standards) to something that is at least quantum-safe if not quantum secure.” (The chief revenue officer at Quintessence Labs tells the site that symmetric encryption like AES-256 “is theorized to be quantum-safe, but one can speculate that key sizes will soon double.”)

“The only quantum secure cryptography known is the one-time pad.”

So what’s the upshot for you? Ok so psychologically preparing for this, imagine all your deepest shared secrets publicly readable. Now might be a good time for that Valentine’s day drink.

HK: How Valentine’s Day could turn into fools gold.

Over the past 18 months, we’ve tracked an ever-expanding and evolving family of fraud rings using fake mobile applications and communications over popular messaging platforms to lure victims into investment schemes, using emotional appeals, curated images and media, and well-scripted manipulations alongside well-developed mobile app infrastructure to gain the confidence of victims and walk them slowly into giving up their personal savings.

The first scammer I engaged approached me much in the same way as the liquidity mining scam we previously documented—via Twitter direct message. In fact, I left the DM untouched for nearly a month in my requests before engaging with it on October 3.

I told the scammer I was a cybersecurity threat researcher and that I investigated scams. “So you’re a cop?” the scammer asked.

When I replied in the negative, the conversation quickly turned to investments—in this case, the gold market.

When I picked up the message thread again, the scammer moved the conversation off Twitter, first asking if I used WhatsApp. I said that I didn’t, but I used Telegram. She said that was also good, and requested my account name.

Their Telegram account had a visible phone number listed with a UK mobile provider. A check of carrier information showed the number was with a carrier providing 3G legacy support and WiFi dialing—essentially making it a VoIP provider.

“Chen” told me that “her” uncle had taught her how to do short-term trading on the London spot gold market. While not taking an obvious hard-sell approach, pretty much everything the scammer messaged about was “gold trading”.

I asked some questions about the market platform she used. She provided a name, and I did a quick web search for it.

Thanks to some good search engine optimization—including fake reviews posted on a foreign exchange tracking site– the fraud site appeared above the site of the legitimate company that the scam was impersonating–a Japanese banking company. The site appeared to provide foreign exchange and commodity trading services.

The scammer told me there were no taxes on this investment, that they were included in the trading fees and she had never paid taxes on the trades in Hong Kong.

One thing she was telling the truth about was her location. I passed a tracking token via our chat and confirmed she was on an iOS device in Hong Kong.

The scammer continued to engage with me, telling me about silver deals and other fiction. I then expressed interest in learning more about what “she” was doing—so I could start collecting further technical details.

Surprised and happy about my sudden interest, “Chen” directed me to download the mobile app from the fake website, not the official Google Play, Apple App Store, or Microsoft Store.

Windows and Android apps were simple downloads.

But for iOS, installation required accepting an enterprise mobile management profile connecting my (test) phone to a server in China – a huge red flag, but one that many users could be socially engineered to ignore.

After a few lessons in how to set up trades, profit-taking points, and loss limits—each of which the scammer guided me through with screenshots matching the time of our discussion– the scammer offered to introduce me to her “uncle” to guide me through setting up a real account and getting trading tips.

“Uncle Martin Richard” had quite the (fictional) pedigree—the scammer claimed “he” was a former Goldman Sachs analyst.

“Uncle Martin Richard” told me to register an account through yet another scam host page.

It mimicked a Know-Your-Customer style registration, requesting photos of government ID. The site also had animated snow in the background, and a picture of downtown Chicago (recognizable by the Navy Pier and a few other landmarks):

Once a “real” account was set up, “Uncle Martin Richard” said, I would be able to deposit money and start executing trades at his direction.

“Uncle Martin Richard” Telegram message forecasting gold market swing… Purported insider information from “Uncle Martin Richard” priming for a big investment.

The “Uncle Martin Richard” Telegram account, unlike the “Chen” account, used a US number registered through Peerless Network, another voice over Internet protocol (VoiP) provider.

So what’s the upshot for you? This particular scam operation was not as polished as others from a social engineering standpoint.

The efforts to engender a relationship were limited to a few photos and a video sent to establish the false identity. At one point the “uncle” began responding in Chinese to questions in English.

broken heart with gold

But the technical sophistication of the websites and the mobile apps may have been enough to convince some victims to transfer cash into their fake exchange after which, they just disappear.

Anywhere: When the rellies ask

“Jill and her boyfriend Hans met online and they’d been dating for over a year.

When she introduced Hans to her uncle, he seemed fascinated by the fact that they met over the Internet.

He asked Hans what kind of line he had used to pick her up.

Ever the geek, Hans naively replied, ‘fiber optic, I think.'” —

So what’s the upshot for you? Happy Valentine’s day

Our Quote of the week, this week, is a poem: “Roses are red, violets are blue, if you don’t update your antivirus, your computer will be too!” - ChatGPT

That’s it for this week. Stay safe, stay secure, don’t forget the flowers, and see you in se7en.