THE TIBERIUM BLOG - recent events, threats, and all things cyber

Don’t F**k With DemoCats

Before we get started this week, we would like to wish everyone well during these times of stress and turbulence.

Of course, the hackers (mwahahaha) of the world have been preparing for lockdown nearly as much as the gamers since they realised that taking things apart is fun.

As we discussed last week, the organised crime fraternity with their  ‘cyber resources’ continues to turn the confusion, fear, uncertainty and doubt to their advantage.

Of course, most cyber enthusiasts professional or otherwise have their hearts in the right place and are more than happy to put their services to good use, especially if dead hard problems need to be solved late at night with pizza and caffeine drinks.

A great example of this was documented in the Netflix series Don’t Fu** with Cats: Hunting An Internet Killer. If you haven’t seen this series, it covers events following a crowd-sourced amateur investigation into a series of animal cruelty acts committed by Canadian Luka Magnotta, culminating in his murder of International student Jun Lin.

The takeout from a cyber perspective is that computer types (pro and more serious) have amazing tenacity, commitment, the ability to work in teams with people they do not know IRL. In Real Life in case anybody reading doesn’t know. We don’t want to be like these HiFi sales types  and, for the most part, a moral compass.

The reason for this scene being set is that, unless you were spending a few weeks dead for tax reasons or hiding in a bunker, you would have seen the events that unfolded in the Capitol on January 6th this year with a highly organised ‘insurgent’ violent protest.

As we mentioned in last week’s blog, the fact that this activity was not prepared or planned for appropriately by law enforcement advised by accurate intelligence, available publicly as it happens, is astonishing. Initial reports seem to suggest that this was seemingly down to incompetence more than conspiracy à la Hanlon’s razor “never attribute to malice that which is adequately explained by stupidity”.

XKCD Conspiracy comic

After the event, the FBI ‘reached out’ (yes, yes; in the manner of The Four Tops) to the American public to help identify the perpetrators.

Step forward an army of Internet sleuths (in this case developers). Spoiler alert – if you are thinking of planning and executing armed insurgence, do not do it online.

The loonies behind this attempted coup organised their activities on a social media platform called Parler, taken off air by AWS, Google and Apple.

However, before this happened, the aforementioned good guys realised that Parler had an identification verification check (‘verified citizen’). To become verified, the user had to submit a picture of their Drivers Licence (front and back). As we speak, doors are knocking, collars felt and identified activists placed on no-fly lists.

Exploiting the Parler site was apparently not that difficult because regular users had Administrative rights, leading to the creation of millions of accounts for a lifetime of admin access by the unstoppable cavalry.

Reddit post
Reddit Parler post

The rest is history; at least we hope so. A summary of activity is below.

As we move to cloud-based technologies, often very quickly (scrums, sprints, use of third party libraries and so on), the basics are so very important. Stand out issues which often come back to haunt organisations of all sizes (technology and perhaps more important, processes) include:

  • Administrative privileges
  • Management of Joiners, Movers, Leavers
  • Misconfiguration of data stores (Blobs, Buckets, Wells, Lakes etc.)
  • Poor patching of Internet-facing hosts
  • Controls between tiers of servers
  •  Dedicated connections from your business to the trusted environment
  • And many more

Tiberium’s managed services (UK SOC MSSP) include securing your systems in the cloud as part of the on-boarding process.

After on-boarding, protected by our automated outcomes which reduce response times enormously, security scoring identifies areas of concern and illustrates progress. Supported by a team of security experts with extreme real-world experience, we can advise you on effectively prioritising your investments in both effort and budget.

In the current environment, we cannot make you a coffee face to face, but we do have our very own blend (hackers do as hackers do) and would be happy to share some with you to make a virtual meeting more lively.

If you would like to discuss our services or try our fantastic coffee, please contact us.

Tiberium coffee

Footnote: Obviously, shutting down ‘free speech’ is a big deal on account of the Constitution. We are not political here and are purely interested in how the site was breached.

Researching this blog we looked at exceptions to the First Amendment  and find it very interesting.

Share on: