Anthony Spaelti on LinkedIn: Cybersecurity / SPAM PSA: In 2024, the quickest and easiest way to avoid… (2024)

The cat-and-mouse game between law enforcement and cybercriminals selling sensitive information continues: BreachForum v2 has been seized.❓ BreachForum:Users were able to purchase hacking software, leaked sensitive data (e.g. the LinkedIn 2021 Leak was also on sale on that site), and services (i.e. paying cybercriminals to engage in illicit activities for you)📕 Origin:The forum started as RaidForums in 2015 until it was seized by law enforcement in 2022. It reopened as BreachForums in 2022 and was seized again in early 2023. It reopened in June 2023 as BreachForums V2 and was seized on May 16, 2024.🙇 Challenge:The timeline illustrates the inherent copycat issue law enforcement faces: While they were able to make arrests in each of the seizures, the forums re-spawned only months afterward.🔜 What's next?On the day of the seizure, a cybercriminal known as "USDoD" already announced the forum's re-opening as "Breach Nation" on July 4th (U.S. Independence Day); likewise, a former moderator of BreachForums also announced creating a "spin-off." This shows how easy it is to re-spawn those self-hosted "websites" on the darknet.💡But...Law enforcement seized the second and third installments of RaidForums at incredible speed, making it likely they found a way to more easily physically locate where these particular servers are in the world, or the server software that is being used has vulnerabilities law enforcement knows how to exploit and corrupt them, or there are insiders who support law enforcement, ... or something else entirely!Either way, I would not be surprised if "USDoD"'s version will not be up for long either!(P.S. Being originally from Zurich I can't help but quickly give a shoutout to Kantonspolizei Zürich for participating in this raid! 🎉)(P.P.S: The image attached is the current splash screen the FBI installed on BreachForums' darknet website. A pretty common practice, see my post here: https://lnkd.in/gVMbRZcR)

16

1 Comment

Sunday Fumbles: "I predict the Internet…will soon go spectacularly supernova and in 1996 catastrophically collapse." And even more: "In 1996, CD-ROMs through FedEx will emerge as the information superhighway."On December 4, 1995 Robert Metcalfe – the inventor of ethernet (that's basically what enables internet in your house) – published a column in Infoworld magazine titled "Predicting the Internet’s catastrophic collapse and ghost sites galore."He didn't just blast out empty words, he had a list of actually very rationale arguments, most of which didn't turn out to be catastrophic for the Internet.Two examples:Business model: Internet Service Providers are forced to continuously invest in new physical infrastructure, something a "flat rate business model" will never be able to carry.➞ He didn't foresee the ubiquitous adoption (like: everyone wants to be online) and additional government investments that make it well worth it for ISPs to expand services.Video demand: Robert was convinced that the internet's original TCP/IP infrastructure will not be able to handle video.➞ He wasn't wrong in 1995, but subsequent protocol changes and the introduction of protocols like RTP and UDP made video streaming possible without causing too much stress on the network (though to this day it remains a challenge for ISPs because it uses a lot of bandwidth).Check out the 1995 article on the Internet Archive:https://lnkd.in/grixHAcE

9

California & America, getting laid off from a 500bn company while on maternity leave should not be legal.A close friend of mine got laid off from Tesla alongside 14,000 other colleagues while on maternity leave. While layoffs are an unfortunate economic reality, especially large corporations have the opportunity to execute them fairly.How can we strive to become an equitable society that has everyone be equal parts of the workforce, but then forget about the nurturing of out next generation? That‘s disheartening. We end up with career driven couples who can‘t have kids in an ageing society that slowly vanishes from the face of the earth…. That sounds terrible.

11

4 Comments

𝐒𝐮𝐧𝐝𝐚𝐲 𝐅𝐮𝐦𝐛𝐥𝐞𝐬: "remote shopping, while entirely feasible, will flop" -- 𝑇𝑖𝑚𝑒 𝑀𝑎𝑔𝑎𝑧𝑖𝑛𝑒, 1966.In a six part essay from 1966, Time Magazine collaborated with "Futurists" to predict the year 2000. Why did Time Magazine think online shopping will flop? Simply, "because women [sic] like to get out of the house, like to handle the merchandise, like to be able to change their minds."Naturally, that quote raises a whole bunch of other questions about "developments" Time Magazine apparently didn't foresee in 1966 when it comes to equality between men and women.Check out the Essay for free in Time Magazine's archive: https://lnkd.in/ge4vbmH2

7

1 Comment

GenAI models will soon use 100% of human-produced data to train themselves.That's a HUGE number. Let's explore some fun comparisons:🙋 𝐖𝐡𝐚𝐭 𝐢𝐬 𝐡𝐮𝐦𝐚𝐧-𝐩𝐫𝐨𝐝𝐮𝐜𝐞𝐝 𝐝𝐚𝐭𝐚? Simplified, think of this term as the collective knowledge of humanity. Everything we've produced as a species that is written down, recorded, drawn, scanned, photographed, etc. digitized.💾 𝐇𝐨𝐰 𝐦𝐮𝐜𝐡 𝐝𝐚𝐭𝐚 𝐚𝐫𝐞 𝐰𝐞 𝐭𝐚𝐥𝐤𝐢𝐧𝐠 𝐚𝐛𝐨𝐮𝐭? The collective human data is estimated to be around 𝟏𝟎𝟎-𝟏𝟓𝟎 𝐙𝐞𝐭𝐭𝐚𝐛𝐲𝐭𝐞𝐬. A zettabyte is 1 billion terabytes. The entire printed collection of the US Library of Congress, the largest library in the world, is estimated at only 20 terabytes - a minuscule fraction of <1% of the total human-produced data.🌎 𝐈 𝐜𝐚𝐧'𝐭 𝐢𝐦𝐚𝐠𝐢𝐧𝐞 𝐭𝐡𝐢𝐬 𝐧𝐮𝐦𝐛𝐞𝐫. Here are some comparisons:➟ 𝐎𝐮𝐫 𝐩𝐥𝐚𝐧𝐞𝐭: Printed out on letter/A4 format paper, this data would be a stack of paper 6 billion miles high. That's enough to wrap around the earth 240,000 times.➟ 𝐎𝐮𝐫 𝐮𝐧𝐢𝐯𝐞𝐫𝐬𝐞: There are 70 sextillion (7 followed by 22 zeros) stars in the observable universe. If each star represented a byte, we're talking about 1.5-2 times the number of stars we can observe.➟ 𝐇𝐮𝐦𝐚𝐧 𝐂𝐞𝐥𝐥𝐬: The human body is made up of approximately 37.2 trillion cells. If each byte in 100 Zettabytes represented a single human cell, it would equal the total cell count of about 2.69 billion humans.➟ 𝐒𝐚𝐧𝐝 𝐆𝐫𝐚𝐢𝐧𝐬 𝐨𝐧 𝐄𝐚𝐫𝐭𝐡'𝐬 𝐁𝐞𝐚𝐜𝐡𝐞𝐬: While estimates vary, a common figure is that there are roughly 7.5 x 10^18 (7.5 quintillion) grains of sand on all the world's beaches. 100 Zettabytes, in sand grain terms, would then represent about 13,333 times more sand grains than what's found on Earth's beaches.

16

4 Comments

𝗦𝘂𝗻𝗱𝗮𝘆 𝗙𝘂𝗺𝗯𝗹𝗲𝘀: The idea of a wireless personal communicator in every pocket is "a pipe dream driven by greed."These famous words were ushered at the 1992 Motorola Tech Conference by none other than Andrew Grove. Then-CEO of Intel.As of 2024, there are an estimated ~6 billion smartphones around, almost exclusively powered by non-Intel chips.Source: NY Times 1992 article:https://lnkd.in/epHh8jGe

11

1 Comment

𝗦𝘂𝗻𝗱𝗮𝘆 𝗙𝘂𝗺𝗯𝗹𝗲𝘀: "Screw the Nano. What the hell does the Nano do? Who listens to 1,000 songs?" This was Motorola CEO Ed Zander at a conference in 2006 about Apple's new iPod Nano. Motorola's competing ROKR held a mere 100 songs at that time. The iPod Nano went on to become the most popular "mp3 player" before mp3 players fell out of fashion altogether when being fully integrated into modern smartphones.

14

1 Comment

Does your website have a /security.txt? If not, it might be time to create one. If security researches or white hat hackers find vulnerabilities on your website it's essential they have a way to contact you about it. The Internet Engineering Task Force (IETF) have issued this as information standard RFC 9116. You should store your security.txt file so it's accessible via the top-level directory /security.txt or via /.well-known/security.txt. Both are totally fine! Facebook, e.g., uses the top-level directory for the file (https://lnkd.in/gjW7hjVi) LinkedIn the .well-known directory (https://lnkd.in/gJKw_NPQ) As a start, you can use this one: # Conforms to IETF `RFC 9116` Canonical: [Link to this document] Contact: [link to a dedicated contact form, ideally not on this domain / server and/or an email address] Policy: [(optional) potentially a link to your policy, if you have one] https://lnkd.in/gKnGbJ4d

4

2 Comments

Take a break -- have a look at the "splash screens of victory" on dark websites. Dark websites are usually hosted on sub-par servers and are not accessible through regular domains. While it's hard to find the physical infrastructure these websites are hosted on, it's not impossible. One of the widest publicized seizures of dark websites was the 2013 Silk Road Marketplace takedown (see the last image). The "silk road anonymous market" sold drugs, weapons, (child) p*rnography, and everything else bad actors across the world might want. Through a relatively sophisticated dark web escrow concept, they even enabled the smooth transfer of these illegal goods & services. Since this takedown, displaying these splash screens as a sign of deterrence has become standard practice. It also signals the increased and complex cooperation between law enforcement agencies across the world. However, a big critique is that these services usually quickly spawn up again somewhere else and law enforcement would do better "imitating" these services to also track the users of these sites. But naturally, this is not always that easy (& legally possible) to do!

12

5 Comments