#AxisOfEasy 260: The Newest Anti-Tracking Tool That Checks If You’re Being Followed

Weekly Axis Of Easy #260

Last Week’s Quote was  “There is no distinctly American criminal class – except Congress.” was by Mark Twain.  There were many correct guesses, but Mike got it first! 

This Week’s Quote:  “The improver of natural knowledge absolutely refuses to acknowledge authority, as such. For him, skepticism is the highest of duties; blind faith the one unpardonable sin.” … by???

THE RULES:  No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize:
First person to post the correct answer gets their next domain or hosting renewal on us.

This is your easyDNS #AxisOfEasy Briefing wherein our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

In this issue:

  • The Newest Anti-Tracking Tool That Checks if You’re Being Followed
  • Amazon’s Acquisition of the Roomba Is Dangerous
  • Beware of fake Cloudflare protection screens Optimizing for Featured Snippets
  • The FIOD Arrest Tornado Cash Developer After US Sanctions on Crypto Mixer Firm
  • Over a Thousand of VNC Exposed to the Internet With Increasing of Attacks
  • Conti Operators Keeping a Low Profile While Using Cybercrime as Cover
  • Show Your Support for Member Nominees in CIRA Board Election

Elsewhere online

  • Disinformation in Elections creates fear over hacker collaborations
  • Developers are Alerted by GitHub Dependabot On Vulnerable Actions
  • BEC Attacks Fueled by Ransomware Data Theft Plague
  • Domain Registrars Deny Outgoing Transfers of Legal Domains
  • Here’s what JavaScript commands get injected through an in-app browser

The Newest Anti-Tracking Tool That Checks if You’re Being Followed

Last year, a federal agent called Matt Edmondson got a call for help from a friend who was worried that someone might have been tailing them when they were meeting a confidential informant who had links to a terrorist organization. After not finding any tracking tools that could help, he decided to simply build his own. Edmonson built the Raspberry Pi-powered system, that can sit in a car or be carried around. It scans for nearby devices and sends an alert if the same phone is detected multiple times in 20 mins, basically telling you if a car is tailing you. The system was built for $200, and was to be presented at the Black Hat security conference in Las Vegas.

Recently, the number of ways people can be tracked by domestic abusers or stalkers has skyrocketed and this can either be software- or hardware-based. Tools like Stalkerware or Spyware can be installed directly into people’s phones, giving attackers access to their personal information, while trackers like Apple’s Airtags can be used to track people’s location in real time.

The anti-tracking tool’s software is run by a Raspberry Pi 3, with a Wi-Fi card looking for nearby devices. A small waterproof case protects the system and is powered by a portable charger. The alerts are shown via a touchscreen and it may be a sign that you’re being tailed. The device runs Kismet, a wireless network detector for smartphones and tablets, which searches for wireless connection.

Read: https://www.wired.com/story/this-anti-tracking-tool-checks-if-youre-being-followed/


Amazon’s Acquisition of the Roomba Is Dangerous

Amazon’s latest acquisition on its surface appears to build on a theme of smart homes and automation – but could it belie a more pernicious agenda of home surveillance?

Read: https://www.theatlantic.com/ideas/archive/2022/08/amazon-roomba-irobot-acquisition-monopoly/671145/


Beware of fake Cloudflare protection screens

A new attack vector spreading is the use of WordPress hacks to hijacking vulnerable websites and then displaying a fake Cloudflare DDoS Protection screen to the site’s visitors. People are already used to seeing these, and routinely solve the captcha to gain access to the site. The fake screens prompt the user through a series of steps that has them download malware and install a Remote Access Tool (RAT) on their computer.

See: https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

And: https://www.bleepingcomputer.com/news/security/wordpress-sites-hacked-with-fake-cloudflare-ddos-alerts-pushing-malware/


Optimizing for Featured Snippets

In 2014, Google launched featured snippets so users can obtain info without clicking on an external site. Some people considered a featured snippet a win; others believed it hurt traffic, as it usually replaces a page 1 listing. Getting a featured snippet is an important goal for many merchants but optimizing for snippets is not the same. To be featured, a page needs to be ranked on page 1, and featured snippets answer questions concisely via short paragraphs or lists. However, knowing which queries to answer is no easy job, so it is essential to optimize for featured snippets. 

Research: This can be done through Google searches; many third-party tools can help, and knowing competitors’ featured snippets can give you a better understanding of opportunities. However, snippets are fluid, and what appears today might vanish tomorrow or change depending on the researcher.

Focus on intent: A snippet’s appearance can also identify the best format. This is where researching competitors’ snippets becomes helpful. It’s important to remember to never copy a competing answer; try to understand it and create an even better version of it.

Consistency: One web page could generate a dozen featured snippets, so making featured snippet optimization a routine is good. Create content including definitions, Q&As, and factual answers, and add the numbers, dates, names, and lists of everything. Starting these sections with H2 and H3 headings will steer Google correctly, as well as identifying the keywords and noting the best answer format for each one.

Read: https://www.practicalecommerce.com/seo-for-featured-snippets


The FIOD Arrest Tornado Cash Developer After US Sanctions on Crypto Mixer Firm

The FIOD (Dutch Fiscal Information and Investigation Service) announced the arrest of a 29-year-old man in Amsterdam on August 10th, due to his connection with the U.S. Treasury sanctions on Tornado Cash. The anonymous person is a primary suspect for his involvement in concealing criminal financial flows and facilitating money laundering through mixing cryptocurrencies via Tornado Cash. According to press releases, the Financial Advanced Cyber Team (FACT) of the FIOD started investigating Tornado Cash last June, stating that multiple arrests haven’t been ruled out and that the suspect was brought before the examining judge.

“In the cryptocurrency domain, the FIOD stands for a safe in finances in the Netherlands and investigates with effect and impact,” the FIOD wrote on its website. FACT has suspected that Tornado Cash has been used as a bridge to commit illegal activity, concealing large-scale money flows through online thefts of cryptocurrencies, even including funds stolen through hacks by a group allegedly associated with North Korea. FACT has also suggested that since 2019, Tornado Cash has achieved at least $7bn. The Public Prosecutor’s Office leads the Netherlands Tornado Cash investigation for serious fraud, environmental crime, and asset confiscation. Recently, a joint research between Belgian and Dutch police contributed to dismantling an organized crime group that stole millions of euros from their victims.

Read: https://www.infosecurity-magazine.com/news/dutch-authorities-arrest-tornado/


Over a Thousand of VNC Exposed to the Internet With Increasing of Attacks

The Cyble (dark web intelligence firm) has reported an increase in cyberattacks aimed at VNC (virtual network computing), whose graphic desktop-sharing system relies on the Remote Frame Buffer (RFB) protocol.

Despite the risk associated with VNC exposure, Cyble has found more than 8,000 internet-accessible instances of VNC with disabled authentication, warning of a spike in attacks targeting port 5900. The threat intelligence firm is located in China, Sweden, the United States, Spain, and Brazil, and the top attacking countries include the Netherlands, Russia, and Ukraine.

Some of these exposed VNCs are part of organizations with dubious infrastructure sectors like water treatment plants, manufacturers, and research facilities. Cyble states that it could identify various HMI (human-machine interface), SCADA systems, and workstations connected via VNC and internet-accessible.

Exposing VNCs to the internet increases the likelihood of a cyberattack that can include ransomware, data theft, and cyber espionage. Attackers can compromise such systems, allowing them to shut down industrial control systems (ICS) and disrupt the supply chain, which can lead to access to sensitive data that can be used to further compromise ICS systems.

Even though remote access to IT/OT infrastructure can come in handy, if the security measures are implemented improperly, it can lead to high losses and significant accidents. Internet-exposed VNCs that lack authentication facilitates attackers to access a victim’s network and create chaos.

Read: https://www.securityweek.com/thousands-vnc-instances-exposed-internet-attacks-increase


Conti Operators Keeping a Low Profile While Using Cybercrime as Cover

The Conti group might have publicly announced that operations were stopped after the ContiLeaks. However, that doesn’t mean the group has totally disappeared. Researchers from Intel 471 have observed actors supporting Conti’s  move in different directions within the cybercrime underground since the announcement in May 2022.

Some of these actors have taken some side projects, taking advantage of segments of Conti’s previous operations, such as network access and data theft, while others have apparently formed alliances with other Ransomware-as-a-service (RaaS) groups, building relationships that were cultivated during Conti’s existence. Whatever path they might have chosen, they’re still focused on profiting and staying out of law enforcement custody.

After managing various underground businesses, people associated with Conti have become independent contractors through skills and schemes previously used to support Conti’s operations. The Black Basta ransomware gang has given signals of overlap with tactics, techniques, and procedures (TTP). Their data leak logs, payment sites, and recovery portals are very similar to Conti’s. BlackByte is another ransomware variant that overlaps its own operations and Conti and can delete volume shadow storage by resizing it. Through these similarities, Intel 471 states that BlackByte is probably a rebranded Conti operation “to maximize its previous data extortion schemes and give affiliates a ransomware variant that will align with their TTP.”

Read: https://intel471.com/blog/using-cybercrime-as-cover-how-conti-operators-are-lying-low

Show Your Support for Member Nominees in CIRA Board Election

The CIRA Board elections are coming again and the format is the same. The CIRA Nomination Committee unveils a slate of candidates (not announced yet) while the at-large membership can also nominate candidates to the ballot.

Right now we’re in the “show of support” phase, where member nominated candidates are required to gather 20 shows of support in order to get on the ballot. This is the route I took to get elected to the Board, back in the day.

This year’s member nominees are listed here: https://www.cira.ca/about-cira/board-governance-and-transparency/board-directors-election/member-nominees

And I can vouch for two of them:

Matt Gamble: is up for re-election and I’ve been serving with him on the Internet Society Canada Chapter board for a few years now. Matt knows the relevant telecomm and internet policies combined with the technical background to match.

Graeme Bunton: from Tucows has been a valuable contributor and advocate on behalf of registrars and registrants via the RRSG Registrar Stakeholder Group that deals with  ICANN.

You’ll need your CIRA member login/password which should have been emailed to you by CIRA – all .CA registrants are qualified for CIRA membership.

Show your support now, and then get ready for the actual vote in September

Read: https://www.cira.ca/about-cira/board-governance-and-transparency/board-directors-election


Elsewhere Online


Disinformation in Elections creates fear over hacker collaborations

Read: https://www.politico.com/newsletters/weekly-cybersecurity/2022/08/15/election-disinformation-fears-loom-over-hacker-confab-00051695


Developers are Alerted by GitHub Dependabot On Vulnerable Actions

Read: https://thehackernews.com/2022/08/github-dependabot-now-alerts-developers.html


BEC Attacks Fueled by Ransomware Data Theft Plague

Read: https://www.infosecurity-magazine.com/news/ransomware-data-theft-fuelling-bec/


Domain Registrars Deny Outgoing Transfers of Legal Domains

Read: https://freespeech.com/2022/08/01/double-red-alert-domain-registrars-seek-power-grab-to-deny-outgoing-transfers-of-legal-domains-they-dislike/


Here’s what JavaScript commands get injected through an in-app browser

Read: https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser


Previously on #AxisOfEasy

If you missed the previous issues, they can be read online here:






5 thoughts on “#AxisOfEasy 260: The Newest Anti-Tracking Tool That Checks If You’re Being Followed

  1. I wanted to venture a guess that it was Alexander Agassiz or his father Louis Agassiz. Alexander being my first choice.

Leave a Reply

Your email address will not be published. Required fields are marked *