Tech Friday

posted by Brian Thomas - 

  • A new tool removes invisible data from printed documents:
    • It's been known for some time that most color laser printers embed hidden data in printed documents that can be used to trace them
    • The metadata embedded in the document may contain information such as the printer serial number and when the document was printed
    • The printers typically use patterns of very small yellow dots which are added to the output just before it's printed
    • The metadata is added to white spaces and is visible only with blue LED light and magnification
    • Peter Crean, a senior research fellow at Xerox, says his company's laser printers, copiers and multifunction workstations, such as its WorkCentre Pro series, put the "serial number of each machine coded in little yellow dots" in every printout. The millimeter-sized dots appear about every inch on a page, nestled within the printed words and margins
    • "It's a trail back to you, like a license plate," Crean says
    • Timo Richter and Stephan Escher, researchers at TU Dresden’s Chair of Privacy and Data Security, pointed to NSA whistleblower Reality Leigh Winner as an example of how the metadata can be used
    • Winner was stationed at the NSA where she printed a top-secret document regarding a Russian cyberattack US election infrastructure
    • German researchers have developed tools they claim are intended to protect whistleblowers that can find and remove the metadata
    • The TU Dresden researchers aimed to allow people to find and manipulate these dots. They discovered four separate patterns in use by most printer manufacturers
    • In collaboration with Dagmar Schönfeld and Thorsten Strufe, they created a tool named Dot Extraction, Decoding and Anonymisation (DEDA)
    • DEDA can "read" the dots in a scanned document to capture the patterns so someone can analyze the document metadata or anonymize it
    • DEDA can anonymize a scanned image by removing all the dots, or it can add more dots
    • Check out this article from 2004 that explains how the metadata is added to printed documents: https://www.pcworld.com/article/118664/article.html
  • US Director of National Intelligence warns of cyber attacks on infrastructure:
    • Director of National Intelligence Dan Coats recently warned that threat is growing for a catastrophic cyberattack on critical infrastructure 
    • Coats said "warning lights are blinking red again" and that Russia, China, Iran, North Korea and other state actors are launching daily cyberattacks on federal, state and local government agencies, US corporations, and academic organizations
    • Coats said the possibility of a "crippling cyber attack on our critical infrastructure" is rising
    • Critical infrastructure is increasingly reliant on technology and increasingly interconnected
    • A growing number of IoT devices create a new attack vector for the bad guys
    • Last year the DHS and FBI issued a joint report warning of malware attacks targeting employees of companies that operate nuclear power plants in the US
    • The "amber" alert issued is the second-highest severity level
    • The report was not clear on whether the attacks were attempting to steal industrial secrets or trying to cause damage at the plants, something like the Stuxnet attack used to damage Iranian nuclear centrifuges in 2008
    • The attacks used Spear Phishing to target engineers who work at the plants with the possible intent of gaining access to Supervisory Control and Data Acquisition (SCADA) systems
    • SCADA systems in power plants are not typically connected to networks that connect to the Internet. This is often known as "air-gapped"
    • One of the targets was Wolf Creek Nuclear Operating Corporation which runs a nuclear power plant near Burlington, Kansas
    • SCADA systems often run on older hardware and software that are more susceptible to hacking and computer viruses
    • Security experts have warned for years that hackers could attack these systems to cause physical damage
    • A 2015 study by Chatham House found nuclear control systems to be "insecure by design". The report found that some systems were not isolated from networks connected to the Internet, and some air-gapped systems were vulnerable because of the use of USB drives 
    • A spokesman for DHS said at the time: "There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks."
    • DHS has called these types of attacks "one of the most serious national security challenges we must confront."
    • The hackers have not been identified, but the report said an "advanced persistent threat" actor was responsible, which is often used to describe a nation-state attacks
    • In addition to Spear Phishing, hackers also compromised legitimate websites used by the targets, known as a "watering hole" attack. They also used "man-in-the-middle" attacks to redirect target's internet traffic through their own machines for inspection
    • We have also seen attacks such as that on the Dallas emergency alert system and ransomware in Atlanta, which is projected to cost more than $11 million to fix the impacted systems
  • Leaked passwords used in new sextortion scam: 
    • Sextortion: "a form of sexual exploitation that employs non-physical forms of coercion to extort sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion" - Wikipedia
    • Emails are being sent from hackers who claim to have compromised a target's device and used their webcam to record them watching porn
    • The email also claims to have stolen all their contacts
    • It contains the demand for a Bitcoin ransom to avoid having the video released to all your contacts
    • This particular type of Phishing attack is not new, but it has a disturbing new twist that adds authenticity. The emails say something like "I know that your password is <blah>"
    • The perpetrators likely have bought the passwords and perhaps other personal information on the Dark Web, or have stolen it
    • So far, researchers have found that while the passwords are legitimate in many cases, they are old and no longer used
    • To report sextortion contact the FBI office at 1-800-CALL-FBI or https://www.fbi.gov/
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here