Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Illegal spying. Show all posts

Law Enforcement is Spying on Thousands of U.S. Citizens' Mail

 

The Washington Post reported on Monday that federal law enforcement authorities have long received information about certain Americans' mail via a little-known U.S. Postal Service operation known as the "mail covers program.” While officials argue that the program is solely used to investigate criminal activities, it appears to be widely used, with some Americans claiming to have been targeted by the program despite having done nothing unlawful. 

The mail covers program prevents outside agencies from opening a person's mail, but it does allow them to look at the information printed on the outside of letters and packages. According to a previously leaked program document, a "mail cover" is an "investigative tool employed to record data appearing on the outside of a mailpiece." For obvious reasons, this could still provide quite a lot of information regarding an individual under surveillance. 

The FBI, IRS, Department of Homeland Security, and the Postal Service's own investigative department, the United States Postal Inspection Service, have all requested information. However, the Washington Post claims that "state and local police forces" have also used the program. The good news for investigators—and the bad news for the rest of us—is that accessing the contents of the mail label is not subject to a judge's approval or a court order.

How often is the program used? The answer is quite a lot. A recent audit of the program revealed that the Post Office authorised more than 158,000 information requests over a four-year period. Meanwhile, recent information provided to legislators who were intrigued about the programme revealed that police agencies made "an average of about 6,700 requests per year," the Post writes. Those same legislators, including Ron Wyden (D-Ore.) and Elizabeth Warren (D-Mass.), have taken it upon themselves to ask for further transparency and better controls on the program. 

The program pales in comparison to another well-known mail-tracking program, Mail Isolation Control and Tracking, which is believed to photograph the exteriors of every item of mail that passes through the United States Postal Service. This program is allegedly designed for routing and organisation, but it can also be utilised for law enforcement purposes.

Chinese Gadget: A Potent Tool to Spy on UK Citizens

 

Our smartphones, the websites we visit, and CCTV cameras are harvesting invaluable data about our lives by tracking every move we make hundreds of thousands of times per day. A large portion of this data is stored in China. This idea is terrifying. 

The Chinese-owned video-sharing app TikTok has software that can access our most private information, according to a cybersecurity company's demonstration last week. It's the newest and most concerning illustration of how technology constantly monitors us, endangering both our civil freedoms and the security of the country.

According to Asian Light International, China is "weaponizing" microchips placed in smart bulbs, refrigerators, vehicles, and credit cards to spy on you. Three Chinese firms, Quectel, Fibocom, and China Mobile, already control 54% of the worldwide device market and 75% of the connection industry.

Clients of the three Chinese companies include Tesla Motors, Dell, Lenovo, HP, and Intel, as well as Sumup, a company that processes credit card payments. According to Asian Lite International, devices with modules include laptop computers, voice-activated smart speakers, smart watches, smart energy metres, fridges, light bulbs, and other appliances that can be operated via an app. They also include body-worn police cameras, doorbell cameras, and security cameras, as well as bank card payment terminals, cars, and even hot tubs.

The modules gather information and then broadcast it over 5G networks, allowing China to track the movements of intelligence targets like people, weapons, and supplies while also using the gadgets for industrial espionage. In the UK, there are already millions of them in use. 

A report by Charles Parton, a former diplomat who advised parliament on China, claims that "trojan horse" technology poses a "widespread" threat to Britain's national security. Parton worked in China, Taiwan, and Hong Kong for 22 years of his diplomatic career. He has provided China-related advice to the Foreign Office, the European Union, and the Commons Foreign Affairs Committee.

Senior MPs have expressed concerns about the "widespread presence" of cellular IoT modules, according to the report, which claims that ministers have entirely failed to comprehend the harm they bring. It urges ministers to act right away to prevent the sale of Chinese-made cellular IoT in the UK before it's too late. 

Charles Parton stated, "We are not yet aware of the hazard. China has recognised a chance to control this market, and if it succeeds, it will be able to collect a lot of data and compel other nations to depend on them." 

According to a report released on Monday by Washington-based consultancy OODA, the potential threat to national security posed by Huawei products used in mobile infrastructure is greater than the threat posed by Chinese-made components in mobile phone masts. As a result, the government has decided to outlaw these products. Cellular IoTs, or Internet of Things, are tiny modules that are employed in everything from advanced weapon systems to smart refrigerators to track usage and transmit information to the owner and frequently the manufacturer utilising 5G.

Espionage has a lot of potential. According to Asian Light International, the research recommends monitoring American arms sales activity in conjunction with artificial intelligence and machine learning to handle enormous amounts of data. In order to track visiting ministers during advance security sweeps, it can also be used to identify and address royal and diplomatic protection personnel. 

Even seemingly innocent uses of the equipment, like farm gear, might enable the Chinese identify weak points in Western supply chains, like low crop harvests, and subsequently undercut British providers. gaining market share, increasing reliance on Chinese goods in the West. The West would become totally dependent on China for the supply of the crucial component if China were allowed to establish a monopoly on the manufacture of the equipment, which is subsidised by the Chinese government to make them less expensive than Western competitors, according to Asian Lite International. 

According to the OODA report, government assets should be thoroughly audited to determine whether equipment needs to be replaced and that task be delegated to corporations working in sensitive industries like defence by the end of 2025.

The Most Controversial Surveillance Device Used By The FBI Is In Danger

 

Congress is currently embroiled in a heated debate about the US government's ability to spy on its own citizens. And as this battle develops, the Federal Bureau of Investigation's fiercest adversaries on Capitol Hill are not simply reformers merely looking to curtail its power. The recent election has given a number of legislators greater power, and they are now attempting to significantly limit how the FBI investigates crimes. 
 
At a critical juncture for the US intelligence community, new information on the FBI's violations of limitations on the use of foreign intelligence for domestic offences has come to light. The government is allowed to intercept the electronic communications of foreign targets who are not covered by the Fourth Amendment under Section 702 of the Foreign Intelligence Surveillance Act (FISA), the so-called crown jewel of US intelligence. 

At the end of the year, that authorization will expire. However, mistakes in the FBI's secondary use of the data—the investigation of crimes committed on US soil—are expected to fuel an already ferocious discussion about whether law enforcement officials can be trusted with such an invasive instrument.

A routine audit by the Department of Justice's (DOJ) national security division and the office of the director of national intelligence (ODNI), America's "top spy," has been key to this conflict because it has uncovered new instances of the FBI breaking regulations limiting access to intelligence purportedly gathered to safeguard US national security. They claimed that there have been "many" instances of such "errors."

According to an audit assessment that was just recently made public, FBI agents often searched raw FISA data without authorization in the first half of 2020. Agents apparently looked for evidence of foreign influence connected to a US politician in one instance. In another, a local political party was the subject of an improper search. According to the report, these "mistakes" were caused by "misunderstandings" of the legislation in both instances. 

The report claims that between December 2019 and May 2020, FBI agents searched FISA databases using "only the name of a US congressman," a search that was later determined to be "noncompliant" with legal requirements. However, some searches were "overly broad as constructed," according to investigators, even though they were "reasonably likely to return foreign intelligence information." 

In a another incident, the FBI conducted searches using "local political party names" despite the fact that a relationship to foreign intelligence was "not reasonably likely." The DOJ offered an explanation for the mistakes, claiming that FBI agents "misunderstood" the search protocols and that they were "thereafter reminded of how to correctly apply the query guidelines." These are the errors that, in the end, will be used as ammo in the upcoming conflict to curtail the FBI's authority. 

Although disturbing, the misuse, according to Elizabeth Goitein, senior director of the Brennan Center for Justice's national security programme at the New York University School of Law, was totally anticipated. "The door is opened to monitoring based on race, religion, politics, or other inadmissible characteristics," she claims when the government is permitted to access Americans' private communications without a warrant. 

Raw Section 702 data contains unredacted information about Americans, as it is considered to be "unminimized" even though a significant portion of it is derived "downstream" from internet businesses like Google. High-level approval is needed to "unmask" it for spy agencies like the CIA and NSA. But the FBI routinely goes through unminimized data during investigations, as well as frequently before launching them, in a practice that privacy and civil liberties attorneys have dubbed a "backdoor search." In order to allay concerns, the US Congress changed FISA to need a court order in cases that are only criminal in nature. But it was revealed years later that the FBI had never requested authorization from the judge. 

Following disclosures that a secret court had approved a wiretap on a former campaign assistant of then-presidential nominee Donald Trump in October 2016, as part of the FBI's investigation into Russian election interference, FISA eavesdropping came under increased Republican scrutiny. Despite the fact that there were multiple FBI mistakes, the wiretap application was hastily accepted even though an inspector general's report later established sufficient grounds for the investigation. 

The FISA Amendments Act initially passed Section 702 in 2008, and it was more recently extended until December 31, 2023—notably, it is not used to authorise the wiretap itself. To further extend the authority, Congress must take a vote by the end of the year. With Republicans like Jim Jordan, a leading FBI critic, opposing a prompt reauthorization, and the Biden administration pressing for one, this deadline will undoubtedly spark a debate about government monitoring that will last the rest of the year. 

As per research by Demand Progress, the recently revealed blunders are not the first in FBI history. According to declassified court papers, the bureau is suspected of carrying out thousands of illegal searches beginning in 2017 and continuing at least until 2019. For instance, the Foreign Intelligence Surveillance Court stated in a 2018 memorandum that the FBI's minimization methods, "as they have been executed," were inconsistent with neither the FISA standards nor the Fourth Amendment itself. 

Additionally, it has disregarded rules that were approved in 2018 and called for a court order before using Section 702 data for domestic criminal investigations. Prior to November 2020, an oversight review revealed, for example, that the FBI had carried out 40 searches without the required authorization. These searches covered a variety of topics, including organised crime, health care fraud, public corruption, and bribery.

An earlier DOJ audit, which was declassified in August 2021, revealed that, in one case, an intelligence analyst had carried out "batch queries" of FISA-acquired data at the FBI's request, using the personal information of "multiple current and former United States government officials, journalists, and political commentators." Although the analyst made an effort to delete the US material, it claimed that occasionally they "accidentally failed" to do so.

Critical Baicells Device Vulnerability Could Make Telecom Networks Vulnerable to Spying

 

Baicells Technologies is a US-based manufacturer of 4G and 5G telecommunications equipment. According to the company, more than 100,000 of its base stations have been installed in 64 different nations worldwide. 

A serious flaw in wireless communication base stations made by Baicells Technologies can be used to take full control of voice and data traffic or to disrupt telecom networks, the latest report revealed. 

Rustam Amin, a threat analyst, has found that at least a few of Baicells' Nova base station products are vulnerable to a serious command injection flaw that can be remotely exploited without authentication by sending specially crafted HTTP requests to the targeted device.

Amin said that by making use of the weakness, known as CVE-2023-24508, an attacker may be able to execute shell commands with root capabilities and seize total control of a device. The researcher explained that a device might be quickly shut down by an attacker in order to interrupt operations. A targeted network's phone calls and traffic might also be completely under their control. Phone numbers, IMEIs, and location data might all be obtained by a hacker.

However, carrying out such an assault is not a simple task and necessitates in-depth familiarity with the targeted network. Amin informed SecurityWeek that there are more than 1,150 internet-accessible devices, most of which are situated in the United States. On January 24, Baicells released a warning to let clients know about the flaw. 

The researcher reported that the vendor responded quickly to his notification and quickly released a patch. The impacted base stations are Nova 227, 233, 243, and 246. With the introduction of version 3.7.11.3, the security flaw has been fixed. Although other items may also be compromised, the vendor's advice only lists Nova products as being affected. 

Last week, a warning about CVE-2023-24508 was released by the US Cybersecurity and Infrastructure Security Agency (CISA). Amin recently found several flaws that might be used to manipulate traffic signals in the Econolite EOS traffic controller software.

El Salvador Government is Employing Pegasus to Spy on Journalists

 

The warning came in August 2020. I was instructed to meet him at six o'clock at night in a deserted parking lot in San Salvador by a reliable source. He had my number but didn't want to leave a trail, so he reached me through a friend instead. He instructed me to leave my phone in the car when I got there, stated Nelson Rauda Zablah, a Salvadoran journalist whose work has been featured in the New York Times, the BBC, the Los Angeles Times, and the Economist among other publications. 

Moreover, he informed me as we walked that the negotiations between the president of El Salvador and the renowned MS-13 gang were the reason my colleagues at the Salvadoran news outlet El Faro were being watched. 

Although this may seem like a terrifying movie scene, several journalists from Central America have actually experienced it. Many people in my profession go about their daily lives with the sense that they are being watched, putting their phones away before meetings, utilizing encrypted messaging and email apps, communicating in code, and never sharing their real-time location. 

I wouldn't understand what my source meant in full until more than a year later. Not only were my colleagues being followed as they looked into that story. They had frequently been the targets of Pegasus, a type of weapons-grade espionage software, along with at least 18 other El Faro members, including myself. The shiny new toy of the Israeli spyware company NSO Group is called Pegasus. The Citizen Lab and other forensic analysis firms discovered that the Pegasus attacks in El Salvador began in June 2020 and persisted through November 2021. This technique was used to spy on 35 journalists and members of civil society in total. 

When you have the Pegasus virus, spies essentially have a duplicate of your phone. They have access to everything, including your private photos, texts, transactions, and app choices and usage. I had to take action when the surveillance was detected, which included closing my family group chat and uninstalling my financial apps. 

For journalists, this implies that spies can listen in on all of our phone calls and chats with sources. I was attacked while pursuing and publishing personal footage of President Nayib Bukele's siblings discussing the Bitcoin Law in El Salvador with foreign businessmen before it went into law. As my colleagues Carlos Martnez and Gabriela Cáceres continued to divulge additional information concerning the government's interactions with gangs and a related criminal investigation, they were hacked. I could continue forever. 

After the assaults, journalism has become much more challenging. Several sources jokingly returned our calls after the hacking was made public by wishing any decent people listening to a good day. However, a lot more people only picked up the phone to tell us to stop calling, and the majority of them didn't even answer. One person told me that he now knew why his wife had been let go from her government job, according to a source. I was miserable. Guilty. Powerless. 

Above all else, Pegasus makes you feel helpless. We think the infections in El Faro occurred as a result of a "zero-click exploit," which means we didn't even click on a fake link to let the spies in. Just now, they got in. Get a new phone, and change your number; they'll just break in there, too. 

However, we didn't want to be helpless. We shared our tale with press organizations worldwide. We appeared on TV, attended press conferences, and filed a complaint with the attorney general's office in El Salvador. Therefore, 14 of my coworkers at El Faro and I have chosen to sue NSO Group while being represented by the Knight First Amendment Institute at Columbia University. 

We're not in it for the money, I can tell you of that; otherwise, we wouldn't be independent journalists. This is a development of our ongoing efforts in El Salvador to expose corrupt government officials. We are taking this action in the United States because El Salvador's coopted institutions have run out of legal options. 

Additionally, this is not just for us. The gadgets of over 450 law-abiding men and women from all around the world whose devices had been compromised by NSO Group's Pegasus were listed by the Israeli newspaper Haaretz in April. Many of them don't reside in nations or occupations where they can file lawsuits. 

However, someone must. Executives of the NSO shouldn't be able to wash their hands after using their apparatus to harm journalists. In a practical sense, NSO let loose the hounds to hunt us down. And now we're retaliating.

Northeastern University Students Hack Under-Desk Spying Tools Installed to Track Their Activities

 

The COVID-19 pandemic has made surveillance more pervasive than ever in schools, universities, and much of daily life over the past few years. However, graduate students at Northeastern University successfully organized and thwarted an attempt to implement intrusive monitoring devices that were covertly hidden under desks at their institution back in October. 

At the school's Interdisciplinary Science & Engineering Complex (ISEC), a building utilized by graduate students and the location of the "Cybersecurity and Privacy Institute" that researches surveillance, Senior Vice Provost David Luzzi put motion sensors beneath every desk at the beginning of October. 

According to a blog post by Max von Hippel, a Privacy Institute PhD candidate who wrote about the situation for the Tech Workers Coalition's newsletter, these sensors were installed at night—without student knowledge or consent—and when students were asked for an explanation, they were told this was part of a study on "desk usage." 

When academic institutions compete for access to facilities, those with the best funding or who receive the most grant money tend to prevail. It may make sense for the university to attempt and investigate how desks are used in order to increase or optimize access to the ISEC because it is a wonderful building, the computer science department brings in a lot of money, and they get to use it a lot. 

But according to Von Hippel, since workstations are assigned and badges are needed to enter the rooms, desk utilization can already be monitored. Instead, he thinks the sensors were used as an excuse by the building's owner, the administration, to eject computer science students who don't make as much use of it as other students might. 

Students started to voice concerns about the sensors as a result, and Luzzi responded by sending an email that attempted to answer the concerns made by students. 

“In order to develop best practices for assigning desks and seating within ISEC, the Office of the Provost will be conducting a study aimed at quantifying the usage of currently assigned seating in the write-up areas outside of the labs and the computational research desks,” the email reads. “The results will be used to develop best practices for assigning desks and seating within ISEC (and EXP in due course).” 

An unplanned listening session was held in the ISEC after that email. Luzzi urged graduate students present at this initial listening session to "trust the university since you trust them to grant you a degree." Luzzi said that "we are not performing any scientific here" as a further justification for the choice to forego requesting IRB permission. 

After that, the Privacy Institute students—who focus on researching surveillance and undoing its negative effects—started removing the sensors, hacking into them, and creating an open-source manual to help other students do the same. Students at the Privacy Institute discovered that contrary to Luzzi's claims, the gadgets were only moderately secure and the data was not encrypted. 

"The way that this facility's students, including myself, obtain publications is by examining the shortcomings of systems like these. They could not have chosen a better group of students to figure out why their study was flawed, so we explain what's awful about them and why they don't work," von Hippel added. 

Students hacked the devices and then sent an open letter to Joseph E. Aoun, the president of the university, and Luzzi requesting that the sensors be taken down because they were intimidating, a part of a poorly designed study, and were used without IRB approval despite the fact that human subjects were the focus of the purported study. 

“Resident in ISEC is the Cybersecurity and Privacy Institute, one of the world’s leading groups studying privacy and tracking, with a particular focus on IoT devices. To deploy an under-desk tracking system to the very researchers who regularly expose the perils of these technologies is, at best, an extremely poor look for a university that routinely touts these researchers’ accomplishments. At worst, it raises retention concerns and is a serious reputational issue for Northeastern,” the letter reads. 

Then there was another listening session, this time just for professors, and Luzzi argued that since the devices "don't perceive humans in particular, they sense any heat source," they are not subject to IRB approval. Later, more sensors were taken out and placed in a "public art piece" that read "NO" in the foyer of the building. 

In response to the open letter, which has gained widespread distribution and hundreds of signatures, as well as ongoing complaints and sensor removals, Luzzi then issued an email arranging for another listening session to address students and faculty. By all accounts, that listening session was a complete failure. 

In a transcript of the event that Motherboard reviewed, Luzzi tries to allay worries that the study is intrusive, carelessly executed, expensive, and probably unethical. When a faculty member reveals that the Institutional Review Board (IRB), which ensures that the rights and welfare of human research subjects are protected, never received any submissions, he claims that they submitted a proposal to the IRB, only to concede that this never happened. 

Luzzi also made an effort to brush off the issues as being unique to the Privacy Institute because "your lived experience is more desk-centric" as opposed to other graduate students. 

Von Hippel then posted on Twitter what quickly gained popularity, detailing the complete sequence of events from the covert installation of the sensors to the listening session that day. After removing the sensors, Luzzi sends one final email reading: 

"Given the concerns voiced by a population of our graduate students around the project to gather data on desk usage in a model research building (ISEC), we are pulling all of the desk occupancy sensors from the building. For those of you who have engaged in discussion, please accept my gratitude for that engagement."

This was a particularly enlightening experience because it demonstrates that monitoring need not be ongoing and that those who are impacted by it can work together to eliminate it. Von Hippel claims that the department of computer science is overrun with union members, which contributes in part to their success. The majority of the engaged students were not members of an established NLRB union, as were the graduate students at the university in general. However, graduate students are in a good position to put pressure on colleges when they make unreasonable or immoral demands.















































































































Germany Accuses Egypt of Spying at COP27

 

German officials have lodged a complaint with the Egyptian government over covert surveillance by the country’s security agents at the COP27 World Climate Conference. 

According to the German Press Agency (DPA), the host country’s security agents have secretly monitored, photographed, and filmed events held at the German pavilion inside the summit venue in the Red Sea resort of Sharm el Sheikh. 

Prior to the incident on November 12, German police warned its speakers of potential security threats that could arise from their participation at the conference. 

"We expect all participants in the U.N. climate conference to be able to work and negotiate under safe conditions. This is not just true for the German but for all delegations, as well as representatives of civil society and the media," Germany's Foreign Ministry issued a statement following the security breach incident. 

Egypt Thwarts Spying Accusations 

Egyptian security sources thwarted the claims, telling DPA that personnel was only present for the safeguarding of foreign seminars and activities for the UN team, and their role as Egyptians was limited to security outside the halls and in the city. 

However, delegations from multiple nations told DPA that Egyptian security personnel had been forced on being a part of closed sessions as well. 

"It is very obvious that the Egyptian authorities are monitoring human rights activities. The only reason they haven't used physical violence yet is that we're in an UN-controlled area," Hossam Bahgat, founder of the Egyptian human rights organization EIPR, stated. 

The UN also acknowledged that some security agents were from the national police and said it was investigating the complaints.

Egypt's shady history 

The issue of Human rights has always been a matter of discussion in Egypt, with President Abdel Fattah al-Sisi's government accused of holding a tight grip on the Middle East nation. 

According to multiple media reports, thousands of individuals, including human rights activists, journalists, students, opposition politicians, businesspeople, and peaceful protesters have been arbitrarily detained. 

Many dissenters are subjected to unfair trials and mistreatment or torture by the Egyptian government. Due to deplorable prison conditions, many have fallen sick and even died. To safeguard the rights of these individuals, neither Human Rights Watch (HRW) nor Amnesty has offices in Egypt. However, a ban on the HRW website, in place for years, was only lifted a few days ago.

PseudoManuscrypt Malware Proliferating Similarly as CryptBot Targets Koreans

 

Since at least May 2021, a botnet known as PseudoManuscrypt has been targeting Windows workstations in South Korea, using the same delivery methods as another malware known as CryptBot. 

South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published, "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot and is being distributed. Not only is its file form similar to CryptBot but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen."
  
According to ASEC, approximately 30 computers in the country are compromised on a daily basis on average. PseudoManuscrypt was originally discovered in December 2021, when Russian cybersecurity firm Kaspersky revealed details of a "mass-scale spyware attack campaign" that infected over 35,000 PCs in 195 countries around the world. 

PseudoManuscrypt attacks, which were first discovered in June 2021, targeted a large number of industrial and government institutions, including military-industrial complex firms and research in Russia, India, and Brazil, among others. The primary payload module has a wide range of spying capabilities, enabling the attackers virtually complete access over the compromised device. Stealing VPN connection data, recording audio with the microphone, and capturing clipboard contents and operating system event log data are all part of it. 

Additionally, PseudoManuscrypt can access a remote command-and-control server controlled by the attacker to perform malicious tasks like downloading files, executing arbitrary instructions, log keypresses, and capturing screenshots and videos of the screen. 

The researchers added, "As this malware is disguised as an illegal software installer and is distributed to random individuals via malicious sites, users must be careful not to download relevant programs. As malicious files can also be registered to service and perform continuous malicious behaviours without the user knowing, periodic PC maintenance is necessary."

Iranian Hackers Employed a New Marlin Backdoor in a Surveillance Operation 

 

Iranian hackers are using the New Marlin backdoor as part of a long-running surveillance operation that began in April 2018. ESET, a Slovak cybersecurity firm, linked the attacks, entitled "Out to Sea," to a threat actor known as OilRig (aka APT34), firmly linking its actions to another Iranian group known as Lyceum as well (Hexane aka SiameseKitten).

Since 2014, the hacking organization has attacked Middle Eastern governments as well as a range of industry verticals, including chemical, oil, finance, and telecommunications. In April 2021, the threat actors used an implant dubbed SideTwist to assault a Lebanese company. 

"Victims of the campaign include diplomatic institutions, technological businesses, and medical organizations in Israel, Tunisia, and the United Arab Emirates," according to a report by ESET.

Lyceum has previously conducted campaigns in Israel, Morocco, Tunisia, and Saudi Arabia to single out IT companies. Since the campaign's discovery in 2018, the Lyceum infecting chains have developed to drop many backdoors, starting with DanBot and progressing to Shark and Milan in 2021. Later attacks, utilizing a new data harvesting virus dubbed Marlin, were detected in August 2021. 

The hacking organization discarded the old OilRig TTPs, which comprised command-and-control (C&C) connections over DNS and HTTPS. For its C2 activities, Marlin relies on Microsoft's OneDrive API. ESET identified parallels in tools and tactics between OilRig's backdoors and those of Lyceum as "too numerous and specific," stating the initial access to the network was gained through spear-phishing and management applications like ITbrain and TeamViewer. 

"The ToneDeaf backdoor connected with its C&C primarily over HTTP/S, but featured a secondary route, DNS tunneling, which did not work effectively," the researcher indicated. "Shark has similar problems, with DNS as its primary communication channel and an HTTP/S secondary one which isn't working." 

Marlin randomly selects the executable code's internal structure, denying the attacker a comprehensive assessment of instruction addresses needed to build the intended exploit payload. The findings also revealed the usage of several folders in a backdoor's file menu for sending and receiving data from the C&C server, the concurrent use of DNS as a C&C communication route while also utilizing HTTP/S as a backup communication mechanism.

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

US Pressures Its Allies against the Usage of Chinese Firm Huawei’s Technology; Suspects the Products to Spy on Other Countries




The US pressures its allies to not utilize Chinese firm Huawei's innovation to assemble the new 5G networks as its authorities are worried that China could be utilizing the Huawei products to spy on different nations.

"It's a hugely complex strategic challenge," said GCHQ chief Jeremy Fleming, all the while giving accentuation on the requirement for better cyber-security practices in the telecoms industry. In spite of the fact that the National Cyber Security Centre - some part of GCHQ - said a few weeks earlier that any hazard presented by the company could be overseen.

The vast majority of the UK's mobile companies, for instance Vodafone, EE and Three are known to have been working with Huawei on 5G, yet as of now they are anticipating the results of a government review, due in March or April, that will further choose to decide whether or not they'll be permitted to proceed with it.

An on-going report from the Royal United Services Institute said it would be "naive" and "irresponsible" to permit Huawei the access.

 “We have to understand the opportunities and threats from China's technological offer - understand the global nature of supply chains and service provision, irrespective of the flag of the supplier. Take a clear view on the implications of China's technological acquisition strategy in the West, and help our governments decide which parts of this expansion can be embraced, which need risk management, and which will always need a sovereign, or allied, solution." Said Fleming in his speech at an event in Singapore.

Focusing on the requirement for more grounded cyber-security over the telecoms sector, Fleming stated: "Vulnerabilities can and will be exploited. But networks should be designed in a way that cauterises the damage."

Since 5G is critical to the UK government therefore in order to guarantee that Britain stays competitive as a country, as per Gartner senior research director Sylvain Fabre, “They are reviewing the situation, in a way that hasn't been done in the past, but it sounds like all options are still on the table," he told the BBC.

Meanwhile the US is seeking after criminal allegations against Huawei and its CFO, Meng Wanzhou. Talking at a round table at Portable World Congress in Barcelona on the 24th of February, Huawei's rotating chairman, Guo Ping, says that,

"Huawei needs to abide by Chinese laws and also by the laws outside China if we operate in those countries. Huawei will never, and dare not, and cannot violate any rules and regulations in the countries where we operate."

A New App That Can Help You Spy On Your Contacts via Whatsapp


There is no doubt that WhatsApp is hands down the most used instant messaging service today and there's no messaging app that can match it in terms of users on-board.

But unfortunately, the app has called for a host of hacks that basically allows a person to spy on any of their friends or family via WhatsApp without them having any knowledge of it.

This new creepy app  "Chatwatch"  helps an individual to do  this is by making use of the online or offline status feature of WhatsApp's to tell users how often their friends check the app and also estimates as to when they go to bed every day -- potentially making it an invasive app.

"Find out when they went to bed, how long they slept… Even compare chat patterns between people you know, and we will tell you the probability of them talking to each other during the day, using Artificial Intelligence," Chatwatch notes on its website.

Now what’s more distressing is that all this comes at a time when Facebook users are busy uninstalling apps they got connected with long ago via "Facebook log-in" after the social media platform, which also owns WhatsApp, was hit by a major data breach.

It's a creepy new trick that the app's developers hope will bring more attention to how Facebook handles our data, along with how other companies access and analyse it," tech website LifeHacker reported. "It's also likely that WhatsApp will find a way to block Chatwatch soon. So if you want to spy on your friends expose Facebook's privacy issues, you should try it soon," it added.

Chatwatch generally requires 24 hours before it can generate certain insights but even if you’ve disabled the ‘Last Seen’ feature in your account settings, it’ll still be able to figure out your WhatsApp activity quiet easily.

"Chatwatch" is currently available on Android platform and the developers are reportedly working on a web-based version as well. The app was first launched on iOS devices but it was later taken off from the Apple App Store. For reasons unknown to the website, it further adds that Apple has suspended their app from the app store, but they are working on a web version to launch as soon as possible, and appealing the decision with Apple.