#CyberSecurityPulse: Oops, I Went Running and I Published Information From Secret Locations

ElevenPaths    6 February, 2018

The popular fitness tracking app Strava proudly published a 2017 heat map showing activities from its users around the world, but unfortunately, the map revealed locations of the United States military bases worldwide. Strava which markets itself as a “social-networking app for athletes” publicly made available the global heat map, showing the location of all the rides, runs, swims, and downhills taken by its users, as collected by their smartphones and wearable devices like Fitbit. Since Strava has been designed to track users’ routes and locations, IUCA analyst Nathan Ruser revealed that the app might have unintentionally mapped out the location of some of the military forces around the world, especially some secret ones from the United States.

However, information from cartographic systems on facilities of interest to the defense, such as military bases, has always been available. Subject to errors or inaccuracies, but always available given the inability of governments to limit their dissemination. In this sense, this type of information has been used to perpetrate attacks, to the point that India raised in 2009 the closure of Google Earth as a measure to avoid attacks like those in Bombay.

From the point of view of privacy, Strava is not the only platform that exposes information of its users by default. Endomondo also allows to know habits, schedules and health status of its users. Or, a few years ago, with the default configuration of Twitter, you could know where the tweets of a user were published. Or, for example, with Tinder it is possible to locate our objective, knowing what area it is in, when it will work, what routes it takes or if it is in the city. This case is another demonstration of the need to evaluate the level of information exposed from an organization and more if it is about facilities of interest for the defense and to include this threat as part of the counterintelligence plans of an organization.

More information at The Hacker News

Top Stories

100s of ETH Stolen After Bee Token ICO Email List Hacked

Investors who were eagerly waiting for their opportunity to join the Bee Token ICO were robbed for 100s of ETH. Scammers managed to get their hands on the Bee Token mailing list and sent out a phishing email stating that the ICO was now open, followed by an Ethereum address to send their contributions to. To try and entice people to send their ETH, the scammers also stated that they had formed a surprise partnership with Microsoft and would be giving participants a 100% bonus for all contributions in the next 6 hours. If that wasn’t a big enough red flag, the scammers guaranteed that the value of Bee Token would double within 2 months, or your would receive your Ethereum back.

More information at The Ripple Cryptocurrency

Tech Firms Let Russia Probe Software Widely Used by U.S. Government

Major global technology providers SAP, Symantec and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found. In order to sell in the Russian market, such as the energy and financial sectors, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers. But the Pentagon is not alone in expressing concern. Private sector cyberexperts, former U.S. security officials and some U.S. tech companies told Reuters that allowing Russia to review the source code may expose unknown vulnerabilities that could be used to undermine U.S. network defenses.

More information at Reuters

Rest of the Week´s News

South Korea Warns of Flash Zero-Day Flaw Exploited by North Korea

According to the alert published by the KISA, the vulnerability affects the latest Flash Player version and earlier. The zero-day vulnerability could be exploited by an attack by tricking victims into opening a document, web page or email containing a specially crafted Flash file. According to the researcher Simon Choi the Flash Player zero-day has been exploited by North Korea since mid-November 2017. The attackers exploited the zero-day vulnerability in attacks aimed at South Korean individuals involved in research activity on North Korea.

More information at KISA

WannaMine: The Sophisticated Cryptominer that Spreads Via NSA EternalBlue Exploit

WannaMine is a Monero cryptocurrency miner that hijacks a system’s CPU cycles to mine. This fileless malware leverages advanced tactics and techniques to maintain persistence within a network and move laterally from system to system. First, WannaMine uses credentials acquired with the credential harvester Mimikatz to attempt to propagate and move laterally with legitimate credentials. If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017.

More information at CrowdStrike

Someone Stole Almost Half a Billion Dollars From Coincheck

Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets (nearly $420 million in NEM tokens and $112 in Ripples). The digital-token exchange has already reported the incident to the law enforcement authorities and to Japan’s Financial Services Agency to investigate the cause of the missing tokens.

More information at Coincheck

Further Reading

Leaked Memo Suggest NSA and US Army Compromised Tor, I2P, VPNs and Want to Unmask Monero Users

More information at Security Affairs

JenX Botnet Leverages Grand Theft Auto Videogame Community to Infect Devices

More information at Chromium

Operation PZChao: A possible Return of the Iron Tiger APT

More information at Bitdefender


Leave a Reply

Your email address will not be published.