Greetings to those out there near and remote! This SKY ECC newsletter comes to you from my remote office and leads with a COVID-19 story from an infosec perspective, along with some other big stories on privacy in the digital age:
- Phishing scams around coronavirus are skyrocketing
- The EARN IT Act is an attack sending encryption experts into orbit
- The “Like of the Year” Facebook scam is taking off
- The CIA Vault 7 leak trial really blew up in the agency’s face
- Whisper, the “private” chat app, had their flaws exposed…explosively
I have been talking about digital security for 6+ years, but today I also want you to be safe in the real world. SKY ECC customers have the world’s most secure messaging platform in their hands. They can safely communicate remotely to maintain social distancing to discuss the discrete aspects of their business with confidence that nothing will leak. Use this tool to fight what we face.
Phishing scams use big events as leverage to get clicks. The COVID-19 pandemic is no different. Scammers are sending emails spoofing the World Health Organization (WHO) with health alerts asking for credentials to login for the information, or to download an attachment.
Get all of your information from the WHO website, your political leaders, and your local health authority. Be suspicious of any email on COVID-19 asking for info from you as what you can read everything on the internet without the need login-to-view or download-to-read.
Breaking news: A UNICEF email phishing scam is making the rounds as well. Share with people who are prone to falling for this.COVID-19 email #phishing scams are circulating rapidly. One strain imitates the WHO, the other UNICEF. Ignore these emails and visit their website yourself for information Click To Tweet
2. EARN IT Act attacks encryption
The USA’s EARN IT Act currently going through the legislative prodding process is a disguised attack on encryption. The bill is best summarized by noted cryptographer Matthew Green in this block of text recently tweeted by @Sky_ECC:
The Police Foundations President’s Honour Roll graduate writing this (Me! Matthew!) contends that are ways to fight child endangerment while still allowing people to communicate privately with encryption. This bill needs close scrutiny.
Like any of these stories? Tweet our official account:
3. Facebook “Like of the Year” scam
Another phishing attack is targeting Facebook users by telling them they’ve won a fake contest for liking a Facebook page. The email promises big rewards…but only if you process the funds through an online currency exchange. The exchange steals your banking details.
The social engineering which makes it work is the Facebook like is for a page victims have actually liked. Stay vigilant.
4. CIA Vault 7 hacking tools trial
The CIA Vault 7 hack revealed the CIA’s powerful hacking tools on Wikileaks. The trial of the alleged leaker–Josh Schulte–has revealed some disturbingly poor online security measures from the CIA:
- The password for the server with the tools was 123ABCdef.
- The password for the super-secret database of tools was mysweetsummer.
- Passwords were often shared over chat apps.
Those passwords don’t meet my own strength requirements for my silliest forum accounts. As for sharing over chat apps, I asked our talented social media manager to not share the Twitter password for SKY ECC with me over chat. Your company, and you personally, have to learn from this and improve your passwords.
5. Whisper “private” chat app exposes data
Whisper is a chat app/messaging board where people “anonymously” share their deepest secrets. Here’s a rated PG example:
The message looks anonymous, except a recent database flaw exposed:
- Age, ethnicity, and gender data
- Hometown, nickname, and group memberships users shared
- Location data such as the school, workplace, or neighborhood the message came from
That’s all the data a hacker needs to start a blackmail campaign. Look to our Comparisons page to see how other chat apps fail basic data security like Whisper has here.
Links to stories mentioned:
- Coronoa virus email scam
- Facebook “Like of the Year” Scam
- CIA Vault 7 weak passwords
- Learn about the EARN IT Act
- Whisper “secret” chat app flaws
Posts from SKY ECC this month!
There were no new posts this month as Sky HQ is hard at work to bring you something new. From myself and the SKY GLOBAL team to all out there:
01010000 01101100 01100101 01100001 01110011 01100101 00100000 01100010 01100101 00100000 01110011 01100001 01100110 01100101
Check in with the SKY ECC blog to learn more about private digital communications.We need private, encrypted and protected chat for remote work now more than ever. Click To Tweet