(In)secure digest: the smell of data leaks, deep fake in the Zoom and an option of becoming the nobility member for only €1000
01.09.2022
Back to blog listData leak with an unpleasant smell
Situation: ShitExpress service clients’ database was exposed.
Case study: The resource provides facilities for sending packages, containing excrement of a chosen animal to someone "whom you immensely hate" as a "joke".
In order to commit malicious act, the hacker implemented SQL-injection technique and gained access to data. The intruder didn’t make a ransom claim and even notified web site owners about the vulnerability. The retrieved data was uploaded on a forum free of charge. ShitExpress representatives confirmed BleepingComputer employees, that leaked data contained package senders’ emails and messages, which they wrote to recipients. Fortunately, for the victims, the leak didn’t contain the full set of personal data, because the resource didn’t oblige client to tell specific personal data, contenting itself with what the person was willing to report. The service representatives responded to the incident in an ironical manner: they stated, that everything happened was nothing more than “funny shit”.
Mythical encryption
Situation: JusTalk users’ messages leak dispelled the myth of end-to-end encryption of correspondence.
Case study: A database, containing JusTalk users’ messages (it should be noticed, that the service has about 20 mln. clients around the globe) was obtained by an information security specialist Anurag Sen. The access to a cloud Huawei server, located in PRC, which contained hundreds of gygabytes of data, may had been gained by anyone, who knew it’s IP-address. It contained millions of text messages and calls, sent and made by users during a few months. And as it was shown by Anurag Sen, all the data wasn’t encrypted.
The developer claims on its web site that the company ensures “secure data encryption”, highlighting, that only the user and the interlocutor can see, read and listen the messages and even JusTalk team members can’t access the data.
Tracking mobile applications
Situation: Instagram and Facebook for iOS fix users’ actions on web sites, visited via applications.
Case study: Data protection specialist Felix Krause has analyzed activities of mentioned above mobile applications when their users go to web sites. He revealed, that built-in Instagram and FB browsers fix all users’ actions – in particular, inputting of text, passwords and bank cards numbers. This becomes possible, because sites, which a user opens in the application, download Meta Pixel script. Such kinds of activities by the Meta Pixel script has yet been criticized by a number of organizations. In particular, by the American medical company Novant Health. Initially, willing to assess the effect by an advertisement campaign, Novant bosses felt comfortable with the idea to place the Meta Pixel script on web sites, where patients made an appointment to visit a doctor. However, after the threat of one million patients’ personal data leak was detected, the company representatives expressed their grievances to the developer.
“Are you really a producer”?
Situation: Fraudster made a Binance top-manager’s deepfake.
Case study: Public Relations Director of the world largest cryptocurrency exchange Binance Patrick Hillmann stated that fraudsters made his deepfake and used it during video calls in Zoom. He said, that an intruder, impersonated himself or herself as Hillmann, phoned representatives of at least four partner cryptocurrency projects. Binance cyber investigations group is working on this case, added Patrick Hillmann. As interlocutors managed to detect that the call was a fake one, deepfake was distinguishable from the original. However, the case is undoubtedly significant. Until the present moment, the task of making a deepfake in real life mode was a non-trivial one. However, technologies develop permanently and neural networks are trained as well. 
The nouveau riche nobility
Situation: Italian residents, who attempted to become citizens of a nonexistent state and receive a title of nobility, lost €400.000.
Case study: Fraudsters offered Italian residents to purchase the second citizenship – this time, of a non-existing “The Theocratic Antarctic State of St. George”. Intruders promised such benefits, as lower taxes (5%), while in Italy, according to the progressive scale, this index varies from 23 to 43%. There were two options available for purchasing – citizenship of an ordinary citizen, with price set at €200, and citizenship of a noble person – €1000. In general, intruders tricked 700 of Italian residents. Citizens transmitted about €400.000, which means, that about half of affected people wished to become members of nobility. The representatives of a false state managed to deceive not only ordinary Italians, but also officials. Ecowas Community of West African States announced the signing of an agreement with an Antarctic power. According to the mass media (the article is available by subscription), 12 pseudo-ministers of The Theocratic State of St. George are arrested, 30 ministers are still free, but under an investigation.
Elastic, is this you?
Situation: OneTwoTrip users’ database was exposed.
Case study: The security researcher Bob Diachenko has obtained OneTwoTrip freely accessible database. According to the researcher, the database had been exposed for a few days. Supposedly, the problem was with the Elasticsearch misconfigured server.
The set contained the following data:
• Email
• Name
• Passport details
• Mobile phone numbers
• Passwords
• Trip details
• Some details of payment.
The exact amount of the data leaked is still unknown. It’s also unclear yet, if the data leaked was obtained and somehow processed.
The siren song
Situation: Janet Jackson’s song have been destroying laptops.
Case study: Microsoft representative Raymond Chen shared an unbelievable fact: some laptop models broke down when the popular American singer Janet Jackson’s song was played. This issue was revealed by one manufacturer. What’s more, PCs, near which the song was played, collapsed as well. The song contained one of the natural resonant frequencies for the model of 5400 rpm laptop hard drives, used by numerous manufacturers. To solve the problem, the manufacturer added a special filter to the audio pipeline that detected and removed unwanted frequencies during audio playback – the song could no longer do any harm.
