Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber websites. Show all posts
Online Safety
Cyber Security Cyber websites CyberCrime CyberThreat ICE Online Safety

ICE Expands Online Surveillance With Tool Tracking 200+ Websites

 


To ensure the safety of citizens throughout the world, and to enforce immigration laws, the Department of Homeland Security and Immigration and Customs Enforcement (ICE) have always relied heavily on social media monitoring as an essential component of their respective operations. As an integral part of the agency's “enhanced screening” protocols, which are applied to foreign nationals upon their arrival in the United States, such monitoring has been an integral part of the agency's programs for several years. 

In addition to enforcing the protocols at borders and international airports, even visitors who are visiting the country for a limited period are subject to them. As part of its extensive surveillance efforts, ICE has utilized a range of technological tools. These techniques include purchasing location information from third-party data brokers, accessing utility bill databases, and utilizing other information sources to track undocumented immigrants. 

In addition to gathering vast amounts of personal information, these methods enable the agency to conduct enforcement activities that are aimed at improving the quality of life of Americans. Recent developments have shown that ICE has adopted a new, advanced surveillance tool that is capable of continuously gathering, organizing, and analyzing information from various online platforms. As reported by Joseph Cox for 404 Media, this tool combines data from several social media services and websites to expand the capability of ICE in terms of digital surveillance.

In the course of implementing this technology, Immigration and Customs Enforcement (ICE) is taking steps to improve its monitoring and data-gathering strategies in response to the threat that the agency is facing. The agency is preparing to expand its efforts to monitor and analyze online discourse as part of its digital surveillance efforts. These initiatives will be focused on individuals who are expressing negative opinions about the agency or making threats against its personnel. 

A recent request for information issued by ICE in November called for private sector companies that can improve the organization's monitoring capabilities to aid it in countering an increasing number of external threats, which are being spread through social media and other online platforms. As part of its 15-page statement outlining its objectives, the agency detailed the requirements for a specialized contractor to conduct extensive online monitoring as part of their monitoring efforts. 

In order to identify potential risks, it would be the responsibility of the selected entity to scan social media networks, publicly accessible online databases, the deep web, and the dark web. As part of ICE's efforts to pinpoint and assess potential threats, it has specified the need for advanced analytical tools such as geolocation tracking, psychological profiling, and facial recognition to assist in this process. These increased monitoring efforts have resulted in increased scrutiny of individuals who have consistently made negative statements about ICE or who have mentioned specific immigration enforcement personnel on social media. 

Through this initiative, the agency is showing its commitment to strengthening its security measures through enhanced digital surveillance and intelligence collection techniques. It was in November, just after Trump's electoral victory, when Immigration and Customs Enforcement (ICE) announced multiple solicitations on federal procurement websites, seeking contractors for enhancing, upgrading, and expanding its technological capabilities so that it can better track, monitor, and monitor noncitizens. 

Trump's administration has been supporting the ICE agency despite its history of violating human rights, mistreating its detainees, and committing misconduct within its detention facilities and deportation operations. In his campaign, Trump promised that he would implement large-scale deportations, which he promptly carried out during his presidency. His administration took action within a couple of days after taking office by authorizing nationwide immigration enforcement operations, robbing ICE of restrictions on its activities in sensitive locations, including schools, hospitals, and places of worship. This policy shift enabled the department to take effective action against immigration violations everywhere. 

There was also the passage of the Laken Riley Act during the same time these measures were taking place, which gave ICE the authority to deport individuals convicted of minor offences, such as shoplifting, regardless of whether conviction had been obtained or not. As a result of bipartisan support, ten senators and 48 members of the House of Representatives voted in favour of this legislation, which has been criticized for undermining due process rights. As ICE is poised to expand its surveillance apparatus, policy changes are not the only factor driving it. 

Additionally, private contractors have financial interests that are influenced by these entities as they strive to maximize profits. These entities are motivated by profit and wish to broaden enforcement mechanisms, which in turn increases the number of people being monitored and detained. A growing anti-immigrant sentiment has sparked concern among advocacy organizations and civil society organizations about the protection of immigrant communities in the United States. 

A growing number of activists and civil society groups are now focusing on exposing and challenging the growing surveillance infrastructure, a system that has been built over the past decade, and which is being reinforced by an administration that has used incendiary rhetoric against immigrants and activists, calling them threats to the country. ICE’s Expanding Surveillance Network and Private Sector Involvement The growth of electronic monitoring within immigration enforcement has made BI Inc., an organization that has a $2.2 billion contract with Immigration and Customs Enforcement (ICE) that is set to expire in July, one of the major beneficiaries of the expansion of electronic monitoring. 

The BI Inc., as the only provider of electronic monitoring devices for ICE, has a crucial role to play in implementing the agency’s surveillance programs as its exclusive provider of electronic monitoring devices. This company is owned and operated by a subsidiary of the GEO Group, the world's largest private prison corporation. They operate multiple immigration detention facilities that are contracted by the Department of Immigration and the Department of Homeland Security. Geo Group's involvement in political financing has also been heavily emphasized, with $3.4 million contributed to political campaigns in 2024 by Geo Group, of which $3.4 million went to the Make America Great Again super PAC. 

Last year, the company also spent $1.03 million on lobbying activities, directing a substantial amount ($340,000) in favour of policies that relate to immigration enforcement and alternatives to detention, a sector in which BI Inc. has long held a dominant position. Legal Challenges and Privacy Concerns Surrounding ISAP There have been several advocacy groups that are urging more transparency regarding ICE's Intensive Supervision Appearance Program (ISAP), which uses electronic surveillance rather than detention facilities to place immigrants under electronic surveillance. These groups include Just Futures Law, Mijente, and Community Justice Exchange. 

There have been some organizations that have sued ICE to obtain information regarding the type of data collected and the way it is used, but after examining the agency's response to these questions, they concluded in 2023 that the agency had not provided adequate assurances regarding the protection of data and privacy in ISAP. ICE’s Use of Facial Recognition Technology ICE has been using facial recognition software since 2020. 

They contracted Clearview AI, which is famous for scraping images from social networks and the internet without the consent of the individuals involved. By matching this data to names and cross-referencing it with law enforcement databases, the police can identify individuals suspected of crime. As a result of Clearview AI's practices being questioned in multiple jurisdictions, the EU has imposed a ban on its operations in the EU due to violations of the General Data Protection Regulations (GDPR), which govern data collection and use. 

Numerous lawsuits have been filed against the company claiming that the company has engaged in unlawful surveillance practices in the United States. A $2.3 million contract with Clearview AI ended in September 2023, and it has not yet been decided whether or not the agency has renewed the contract or will continue to utilize the software in another manner. Moreover, Clearview AI has not only been in legal battles, but has also been actively lobbying against legislation that would regulate both its operation and the operation of data brokers as well. 

Growing Concerns Over ICE’s Surveillance Expansion With the increasing use of electronic monitoring and facial recognition technology by ICE, concerns remain regarding privacy violations, data security, and ethical implications that are associated with these technologies as they continue to expand their surveillance infrastructure. It is important to note that the agency relies on private companies with vested financial interests, which further emphasizes the complexity of immigration enforcement and civil liberties in a digital age.
Read more »
Supply-chain
Cyber Attacks Cyber Hijack Cyber websites CyberCrime Cyberhackers JFrog Security malicious PyPI python Software Supply-chain

22,000 PyPI Packages Affected by Revival Hijack Supply-Chain Attack

 


It has been discovered that hackers can distribute malicious payloads easily and efficiently through the package repository on the PyPI website by using a simple and troublesome exploit. A JFrog security researcher has discovered a new supply chain attack technique using which they can attack PyPI repositories (Python Package Index) that can be used to hack them. 

Hundreds of thousands of software packages can potentially be affected by this attack technique and countless users could be affected as a result. A technique known as "Revival Hijack," exploits a policy loophole by which attackers may re-register the names of packages that have been removed from PyPI by their original developers and hijack the names themselves once the packages have been removed from PyPI. 

As part of an attack against the Python Package Index (PyPI) registry, a new supply chain attack technique has been uncovered in the wild, which is designed to infiltrate downstream organizations by exploiting the PyPI registry. There is an attack vector called "Revival Hijack" which involves the registration of a new project with a name that matches a package that has been removed from the PyPI platform which may then serve as an attack vector. 

If a threat actor manages to do this, then they will be able to distribute malicious code to developers who pull updates periodically. A software supply chain security firm named JFrog, which specializes in software supply chain security, has codenamed this attack method Revival Hijack, claiming to be able to hijack 22,000 existing PyPI packages, which in turn will result in hundreds of thousands of malicious packages being downloaded. 

There are more than 100,000 downloads or six months' worth of activity on the affected packages and are more susceptible to exploits. A very common technique used by Revival Hijack is to take advantage of the fact that victims are often unknowingly updating once-safe packages without being aware that they have been altered or compromised. Further, CI/CD machines are set up with a mechanism for automatically installing package updates so that they can be applied right away. 

A similar attack technique was discovered by Jfrog earlier this year, which is one of several different attacks that adversaries have been developing in recent years to try and sneak malware into enterprise environments using public code repositories like PyPI, npm, Maven Central, NuGet, and RubyGems, and to steal sensitive data. As a part of these attacks, popular repositories have often been cloned and infected, poisoning artifacts have been used, and leveraged leaked secrets such as private keys and database certificates have been revealed. 

According to JFrog researchers Brian Moussalli and Andrey Polkovnichenko, there is a much higher risk here than in previous software supply chain hacks that relied primarily on typosquatting and human error to distribute malicious code throughout software websites. When a developer decides to delete a project from PyPI, they are given a warning about the potential repercussions that may arise, including the Revival Hijack scenario that could occur. 

The dialogue warns that deleting this project will give the name of the project to anyone else who uses PyPI", so please refrain from doing so. In this scenario, the user will be able to issue new releases under the project name as long as the distribution files have not been renamed to match those from a previously released distribution. According to the motive of the attacker, the "Revival Hijack" attack vector can result in hundreds of thousands of increments as a result of the attack, depending on the motive. 

As far as exploiting this technique is concerned, it can be applied to exploiting abandoned package names to spread malware. Researchers observed this in action with the hijack of the "pingdomv3" package, which was detected by research teams. This package has been given the version number 0.0.0.1 to avoid a dependency confusion attack scenario, in which developer packages would be pulled by pip upgrade commands when they were run as a part of the upgrade process. 

In addition, it is worth noting that Revival Hijack has already been exploited in the wild, by an unknown threat actor called Jinnis who introduced a benign version of a package titled "pingdomv3" on March 30, 2024, just two days after the original package's owner (cheneyyan) removed it from PyPI. There has been a report that says the new developer has released an update containing a Base64-encoded payload, which checks for the presence of the "JENKINS_URL" environment variable, and if it exists, executes an unknown next-stage module retrieved from a remote server after checking for the appearance of the "JENKINS_URL." environment variable. 

Although JFrog proposed this precaution as a preventative measure, over the last three months it has received nearly 200,000 downloads both manually and automatically, proving that the Revival Hijack threat is very real, the security company announced. In making an analysis of this data, JFrog reported that there are outdated jobs and scripts out there that are still searching for the deleted packages, as well as users who manually downloaded these packages due to typosquatting. 

Depending on how the hijacked packages are hijacked, the adversaries may attach a high version number to each package, which will cause the CI/CD systems to automatically download the hijacked packages believing they are the latest version. This will ultimately cause a bug to develop, JFrog explained. As a result of the company's recommendation, PyPI has effectively prohibited the reuse of abandoned package names as well.

Some organizations use PyPI that need to be aware of this attack vector when updating to new versions of the package, JFrog warns. There is a non-public blacklist maintained by PyPI, which prevents certain names from being registered on new projects, but most deleted packages don't make it to that list because there is a non-public blacklist maintained by PyPI. It was due to this that the security firm took indirect measures to mitigate the "Revival Hijack" threat and added the most popular of the deleted and vulnerable packages to an account named security_holding under which they could be monitored. 

As a result of the researchers changing the version numbers of the abandoned packages to 0.0.0.1, they make sure that it does not affect active users while updating the packages. As a result, the package names are preserved and are not susceptible to theft by malicious actors who may want to use them for offensive purposes. The third month later, JFrog discovered that the packages in their repository seemed to have been downloaded by nearly 200,000 people due to automatic scripts or user errors. There are a lot more risks involved in "Revival Hijack" than the standard typosquatting attacks on PyPI. 

This is because users pulling updates for their selected projects for which they have permission do not make mistakes when doing so. It's best to mitigate this threat by utilizing package pinning to stay on a known secure version, verify the integrity of the package, audit its contents, and watch for any changes in package ownership or unusual updates.
Read more »
Subscribe to: Posts (Atom)