The US Border Patrol maintains a massive traveler database. Chinese data on cybercriminal markets. Researchers uncover a vendor impersonation operation.

In one look.

  • The US Border Patrol maintains a massive database of traveler data.
  • Increased demand for Chinese data in cybercriminal markets.
  • Researchers uncover a vendor impersonation operation.

The US Border Patrol maintains a massive database of traveler data.

Over the summer, U.S. Customs and Border Protection (CBP) informed congressional staff that government officials had compiled a massive body of data collected from up to 10,000 devices. emails seized each year from travellers, most of whom are unrelated to any crime. Congress has now learned that thousands of Border Patrol agents have access to the database, known as the Automated Targeting System, without a warrant, and the data is retained for fifteen years. The Washington Post reports that in a letter to CBP Commissioner Chris Magnus, Senator Ron Wyden of Oregon called for heightened privacy standards and criticized the agency for “allowing indiscriminate digging into private records.” Americans”. While CBP’s collection of traveler data isn’t new, the newly revealed details have privacy advocates concerned about the violation of Americans’ rights against unreasonable searches and seizures.

CBP officials declined to share details about how many phone records of Americans are in the database, how many searches were performed, or how long the data was collected, but the CBP spokesperson, Lawrence “Rusty” Payne, said the agency was running “frontiers.” searches of electronic devices in accordance with statutory and regulatory authorities” and ensures that searches are “conducted in a manner that is judicious, responsible and consistent with the public trust”. Indeed, a 2018 CBP directive stated that officers should only withhold information relating to immigration, customs, or “other enforcement matters” unless they have probable cause. , but CBP officials admitted that the default search configuration is often to download all data, regardless of need. Moreover, this practice raises questions about the extent to which passengers understand what happens to their data. Faiza Patel, senior director of the Liberty and National Security Program at the Brennan Center for Justice, said, “It’s not just what you say or do that DHS cares about, it’s what everyone you know said and done… And when you have 2,700 people with access, you have very little control over how they use that information.

Increased demand for Chinese data in cybercriminal markets.

In July, the data of about 1 billion Chinese citizens was offered for sale on a major underground cybercriminal forum after the alleged breach of the Shanghai police database, and since then, according to Bloomberg, there has been has had an increase in the publication of Chinese personal data on popular dark sites. Website Infringement Forums. Shortly after the leak, Singaporean cybersecurity firm Group-IB found around 290 million records on the Breach Forums online marketplace, and in August a vendor offered the data of nearly 50 million users of the Shanghai compulsory health code system for the price of 4,000 dollars. Prior to the alleged Shanghai police leak, Group-IB says there were three China-related databases traded on the Breach forums, and that grew to seventeen after the leak in July. IB Group researcher Feixiang He told Bloomberg, “The forum has never seen such an influx of Chinese users and interest in Chinese data. The number of attacks against Chinese users may increase in the near future. Although the nature of these forums makes it difficult to verify the authenticity of these datasets, the increased interest in Chinese data leaks highlights the amount of data that authorities collect from citizens through the vast network of government surveillance, and how vulnerable that data might be to theft. .

Researchers uncover a vendor impersonation operation.

Email security firm IRONSCALES reports the discovery of a database of corporate email credentials used by cybercriminals to spoof Microsoft Office 365 login pages to facilitate spoofing attacks. identity of suppliers. Such operations are used to trick companies into paying fraudulent invoices, with the funds going into the attackers’ pockets instead. In this case, it appears that the criminals are also using the credentials to carry out business email compromise attacks, using the affected accounts to defraud other businesses or individuals, or to launch takeover attacks. of account. In this case, attackers sent phishing emails targeting real estate agents, real estate attorneys, title agents, buyers and sellers, then used emails to spoof First American real estate sellers Financial Corporation and United Wholesale Mortgage.

Data breach reported at Uber.

Uber is investigating a breach of its systems, reports The New York Times. Yesterday the company said in a Tweeter from his @/Uber_Comms account, “We are currently responding to a cybersecurity incident. We are in contact with law enforcement and will post additional updates here as they become available.

The Times reports that the breach appears to have compromised a slew of Uber systems, with the hacker sending the Times images of “email, cloud storage and code repositories.” Sam Curry, a security engineer at Yuga Labs who was in contact with the hacker, says: “They have pretty much full access to Uber. It’s a total compromise, from what it looks like. The threat actor allegedly compromised a worker’s account on the company’s internal messaging service, Slack, saying, “I am announcing that I am a hacker and that Uber has suffered a data breach “. Two employees who were not authorized to speak publicly about the situation said they were told not to use Slack and that other internal systems were inaccessible. The breach used phishing and social engineering, texting a worker to convince him to send a password that would allow the hacker access.

An Uber spokesperson said the breach is being investigated by the company and law enforcement officials are being contacted. CyberWire has a roundup of industry reaction here.