Category Archives: Cybercrime

Law enforcement bodies ask social media to open end-to-end encryption (E2EE) for them

Interesting. Does these almost same-time publications are a coincidence? I tend to doubt it.
 
Both law enforcement bodies in Europe and Australia publicly turn to the private market, with focus on Social Media, asking it to ease its end-to-end encryption (E2EE), so law enforcement can read relevant data, for law enforcement reasons.
 
In my view this can mostly one of two:
1. Law enforcement has a real problem here
2. Law enforcement has the ability to overcome end-to-end encryption (E2EE) so they use these publications to pretend to be helpless against it, hence building the criminals/enemies confident that these platforms are safe for them, so they will act freely in them and so the law enforcement bodies will be able to spy on them
 
If it is the first reason – then I think it looks like we are escalating towards a clash.
 
News article
“Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases”
 
The Europol post about it
 
The declaration (PDF file)
 
News article
“The director general of Australia’s lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism.”

Possibly a new scam email using a vulnerability finding / bug bounty theme

This one is new. I found only two other mentions of similar things, at Reddit.
It looks like an introductory email towards some kind of possible scam, related to vulnerability finding / bug bounty.
It was sent to the privacy email of this blog.

Subject:
Uncovering Security Vulnerabilities in Your Application

From:
Robert Davis <[email protected]>

Body:
Hello,

I trust you’re well.

I’ve identified potential security issues in your application, aiming to ensure user safety. These vulnerabilities could impact functionality and compromise user security. I’d appreciate a suitable channel to share more details, facilitating a prompt review and resolution by your team.

If you have a Bug Bounty program, kindly provide information. If not, consider my commitment to enhancing digital platform security.

Looking forward to your response.

Best Regards,

Robert Davis

Cyber attacks are more certain than fire and theft risks for businesses

The insurance company Aviva conducted a research about cyber risks and one of its main conclusions was:
… the research found that businesses are 67% more likely to have experienced a cyber incident than a physical theft and almost five times as likely to have experienced a cyber attack as a fire.
 
If the numbers are real and it not just a PR to sell more cyber insurance – then I think it is a landmark in the history of information security – a major “upward” step in the risks ladder, getting closer to certainty in the probability scale.
 
As I always say – much of our work in cybersecurity is not technical, it is fighting repression, the mentality pushback by humans we work with about dealing with digital risks, and this research may help us by having a statistical evidence that cyber risks are not accidental, they are intentional (be it either a personal or generic targeting) and they are bound to happen, to only question is if we will do something about it.