October 10, 2015

Gangs of Detroit: OSINT and Indictment Documents




Written by Justin, October 5th, 2015 
 
VICE News ran a story about a gang in Detroit, Michigan that was nabbed partly due to their use of social media. This of course caught my attention so I clicked the link to the indictment papers and began to have a read. I find court documents completely fascinating. It’s a weird hobby I will admit. However, I am always one of those people that likes to read more into a story, dig for background, and understand more of the peripheral players, locations and other details. Indictment papers are one of those documents that can help you do all of this. Aside from learning far more about news stories that interest you, this can be exceedingly useful if you are in law enforcement or you’re a journalist and a particular story pops up that interests you. Sometimes digging through a completely different case than one you’re currently working on can give you ideas, or help to hone some of your search skills. As well, a lot of folks taking OSINT training have a tough time finding something to apply their skills to, they can only creep on their own accounts or friends for so long before it becomes boring and repetitive.

Criminal procedure and the digital revolution



Posted on October 8, 2015 by Jan-Jaap Oerlemans in Criminal Law and Criminology, Interdisciplinary Study of the Law

 

A digital revolution has taken place for law enforcement authorities. A treasure trove of information is currently publicly available on the Internet. In addition, large amounts of information can be gathered from third parties, such as telecommunication providers, financial institutions and online service providers. Furthermore, law enforcement authorities can analyse every piece of information on seized computers with specialised software. All that information can be combined and processed and thereby provides great investigative potential for law enforcement authorities.
The Dutch legislator is currently seeking to amend (in Dutch) the Dutch Criminal Code of Criminal Procedure (DCCP) and aims to take into account the influence of Information and Communication Technology on police work.

OSINT | Introducing Gavel



I've been pretty busy lately with updating Tango to version 2.0 and working on threat_note, but, another project I started on recently was something @__eth0 and I are calling Gavel. Gavel is a set of Maltego transforms that query traffic records in each state. This project started out really ambitiously and we wanted to cover all 50 states, however, we ran into several problems. Our goal was to provide a way to look up certain data that are available in the traffic records, to include:
  • Address
  • Height
  • Weight
  • Age
  • License Plate Number
  • Car Make/Model
This is some great Open-Source Intelligence (OSINT) information available, and we wanted to make it easy to be obtained by researchers by using Maltego. As mentioned above, we ran into several problems that are preventing us from releasing it as a full blown set of transforms.

October 06, 2015

Researcher warns about Security Loopholes in Denmark's Largest Bank



Monday, October 05, 2015 Khyati Jain 

While accessing your Bank account online, Have you ever thought…

...there could be a Hacker, somewhere in the World, who is after your Money?

Maybe NO. Because, you believe that your bank offers Secure banking solution, Right?

At The Hacker News, we have reported many incidents of cyber attacks, which proves that Banks are more often being targeted by Hackers, despite robust Banking Security mechanisms.

Today we are going to talk about security of one of the Denmark's Largest Bank, reviewed by Sijmen Ruwhof, an Ethical Hacker, and IT Security Consultant.

Ruwhof recently published a blog post, “How I could Hack Internet Bank accounts of Danish Largest Bank in a few minutes”.

July 24, 2015

Ashley Madison Extortion Attack: Critical Lessons For Enterprise Cybersecurity


7/23/2015 @ 9:25AM 

Do you cheat on our spouse? Then chances are, you’re sweating bullets over the recent Ashley Madison hack. However, if you’re in enterprise IT, you should be as distressed as any cheater, regardless of how faithful to your other half you actually happen to be.
Here are the facts: earlier this week, an anonymous group of hackers going by the name The Impact Team hacked the adultery website Ashley Madison. The hackers stole large caches of data, including information about users who paid Ashley Madison to delete their data.

Before you turn up your nose with schadenfreude or rush out to buy flowers for your mate in a desperate but futile damage control gesture, consider the important lessons for all enterprise cybersecurity – regardless of business model.