Category: Tracking

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running.

Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders. They don’t wear the tracking device, but many of their bodyguards do.

From Slashdot:

Apple and Google have launched a new industry standard called “Detecting Unwanted Location Trackers” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking.

This seems like a good idea, but I worry about false alarms. If I am walking with a friend, will it alert if they have a Bluetooth tracking device in their pocket?

Consumer Reports is reporting that Facebook has built a massive surveillance network:

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data. The Markup helped Consumer Reports recruit participants for the study. Participants downloaded an archive of the previous three years of their data from their Facebook settings, then provided it to Consumer Reports.

This isn’t data about your use of Facebook. This data about your interactions with other companies, all of which is correlated and analyzed by Facebook. It constantly amazes me that we willingly allow these monopoly companies that kind of surveillance power.

Here’s the Consumer Reports study. It includes policy recommendations:

Many consumers will rightly be concerned about the extent to which their activity is tracked by Facebook and other companies, and may want to take action to counteract consistent surveillance. Based on our analysis of the sample data, consumers need interventions that will:

  • Reduce the overall amount of tracking.
  • Improve the ability for consumers to take advantage of their right to opt out under state privacy laws.
  • Empower social media platform users and researchers to review who and what exactly is being advertised on Facebook.
  • Improve the transparency of Facebook’s existing tools.

And then the report gives specifics.

Ahoy! There's trouble in the South China Seas as Filipino organisations fail to secure their systems, we take a close look at Google IP protection, and we take a look at just how so much genetic profile data leaked out of 23andMe. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.

Pay attention to the techniques:

The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in nearly every facet of their lives. Online shopping, car sales, carrying a cellphone, drives along city streets and amateur genealogy all played roles in an investigation that was solved, in the end, as much through technology as traditional sleuthing.

[…]

At that point, investigators decided to try genetic genealogy, a method that until now has been used primarily to solve cold cases, not active murder investigations. Among the growing number of genealogy websites that help people trace their ancestors and relatives via their own DNA, some allow users to select an option that permits law enforcement to compare crime scene DNA samples against the websites’ data.

A distant cousin who has opted into the system can help investigators building a family tree from crime scene DNA to triangulate and identify a potential perpetrator of a crime.

[…]

On Dec. 23, investigators sought and received Mr. Kohberger’s cellphone records. The results added more to their suspicions: His phone was moving around in the early morning hours of Nov. 13, but was disconnected from cell networks ­- perhaps turned off—in the two hours around when the killings occurred.

Ransomware attacks have become a growing concern in recent years, with cybercriminals targeting individuals, businesses, and even government organizations. The ability to track these attacks is crucial for mitigating their impact and ensuring appropriate response measures are taken. In this article, we will explore various strategies and techniques to effectively track ransomware attacks, enabling organizations to enhance their cybersecurity defenses and minimize the potential damage caused by such malicious activities.

Establish a Robust Monitoring System: Implementing a robust monitoring system is fundamental to detecting and tracking ransomware attacks. By utilizing advanced security tools and technologies, organizations can continuously monitor their networks, endpoints, and servers for any suspicious activities or indicators of compromise. Intrusion detection and prevention systems, network traffic analysis tools, and security information and event management (SIEM) solutions are among the key components to consider.

Stay Informed with Threat Intelligence: Leveraging threat intelligence sources is vital for tracking ransomware attacks. Organizations should subscribe to reputable threat intelligence feeds and information-sharing platforms, such as industry-specific forums and government agencies’ cybersecurity bulletins. These sources provide up-to-date insights on emerging ransomware variants, attack techniques, and indicators of compromise, allowing organizations to stay one step ahead of potential threats.

Analyze Malware Samples: When a ransomware attack occurs, analyzing the malware samples involved can provide valuable information for tracking and responding to the incident. Security teams should utilize specialized malware analysis tools and sandboxes to dissect the ransomware, identify its unique characteristics, and determine its behavior patterns. This analysis can assist in understanding the attack vector, identifying possible origins, and developing countermeasures.

Monitor Dark Web and Underground Forums:The dark web and underground forums are known hotspots where cybercriminals trade ransomware, discuss attack strategies, and negotiate ransom payments. Tracking these platforms can yield vital information regarding ongoing ransomware campaigns and potentially lead to identifying the attackers. However, engaging with these forums should only be done by trained professionals, as it involves significant risks and potential legal implications.

Collaborate with Law Enforcement Agencies: Reporting ransomware attacks to law enforcement agencies is crucial for tracking and investigating cybercriminals. Organizations should establish relationships with local and international law enforcement entities, such as national cybercrime units or specialized agencies. Sharing relevant information and indicators of compromise with these authorities can aid in identifying the attackers, disrupting their operations, and potentially retrieving encrypted data.

Engage with Cybersecurity Communities: Active participation in cybersecurity communities and information-sharing platforms is an effective way to track ransomware attacks. By collaborating with other security professionals and researchers, organizations can benefit from collective knowledge and expertise. These communities often share insights, threat intelligence, and best practices, allowing for a better understanding of the evolving ransomware landscape and potential tracking techniques.

Implement Robust Incident Response Procedures: Having well-defined incident response procedures in place is essential for efficiently tracking and mitigating ransomware attacks. Organizations should establish an incident response team, including individuals from various departments, such as IT, legal, and communications. The team should be well-versed in handling ransomware incidents, conducting forensic investigations, and coordinating remediation efforts to minimize the impact and prevent further spread.

Conclusion:

Tracking ransomware attacks requires a multi-faceted approach that combines proactive monitoring, collaboration with law enforcement agencies, leveraging threat intelligence, and engaging with cybersecurity communities. By implementing these strategies and techniques, organizations can enhance their ability to detect, track, and respond effectively to ransomware incidents. Staying informed, investing in robust security systems, and fostering strong partnerships within the cybersecurity ecosystem are key to mitigating the risks posed by ransomware attacks and protecting critical data and systems.

The post How to Track Ransomware Attacks: A Comprehensive Guide appeared first on Cybersecurity Insiders.