Rewterz Threat Alert – Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials
April 10, 2020Rewterz Threat Advisory – CVE-2020-3952 – VMWare vCenter Server Information Disclosure vulnerability
April 13, 2020Rewterz Threat Alert – Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials
April 10, 2020Rewterz Threat Advisory – CVE-2020-3952 – VMWare vCenter Server Information Disclosure vulnerability
April 13, 2020On Friday night at 12:15 AM our Threat Intelligence team published an advisory regarding Pakistani mobile user data being sold on the dark web for a hefty amount of money. Following this news, a lot of speculation started arising and questions were raised so we are releasing this official statement to address those.
_
On Friday evening, false rumors started flowing around showing a clear net website Raid Forums and showing an ad which looked similar to the original ad on the dark web. We believe this ad to be a replica of a dark web posting. It’s a normal practice to post something from the dark web to clear net so that normal audiences can fall prey to it and scammers can make easy money this way. Scammers and cyber criminals are always finding ways for financial gains and this is one way of doing that. You can find multiple websites on clear net that advertise the same information as on the dark net and look exactly the same. Read Brian Krebs article to know more about how Pakistani criminals impersonated some of the most popular and well known online stores that sell stolen credit cards and made an impressive living from the scam.
_
Later that night, the ad on Raid Forums was taken down and the seller even changed his name. Raid Forums is a low tier forum, which means a forum either full of lechers and scammers or a replica built by law enforcement agencies to trap cyber criminals. Whereas, the ad that we reported earlier is still active on the dark web and the price tag is still the same.
_
So here are some of the questions raised:
_
What is the authenticity of the news?
_
Threat Intelligence can not verify 100% authenticity of information from the dark web but for everyone to understand why, let’s first discuss a little about the dark web and how it actually works. The terms deep web and dark web are sometimes used interchangeably, but they are not the same. Deep web refers to anything on the internet that is not indexed by search engines. The dark web is a subset of the deep web that is intentionally hidden, an area of the internet that is only accessible with specific browser software, such as Tor or I2P, so it is not easily accessible.
_
We do not deny that scams may happen on the dark web but here, the seller is a VIP member which means he has paid some money and/or has invested significant time on the forum to establish such a reputation. This establishes some level of authenticity in his claim, just by the nature of how the dark web forums work.
_
One step further, to ensure its legitimacy, we baited the seller to show us some part of the data, after building trust. We verified the legitimacy of the data made available to our team and cross referenced it against known personal details to see if the information is correct or not.
_
Globally, cybersecurity companies provide similar threat intelligence services and they break such news all the time. Questions about authenticity are hardly raised because this is how Threat Intelligence works. Rewterz has been in the cybersecurity business for the last 15 years and reporting such news without any basis would have served us no purpose.
_
How recent is the data?
_
We don’t know the exact age of the data. But in our humble opinion, recency of the data is completely besides the point in this case. The sole reason behind releasing this advisory publicly was to inform the users that their data has been breached and to highlight the data privacy and consumer rights issues in Pakistan. Also the information released is not something that frequently changes. People have the same CNIC for life and same address and mobile number for a long period of time.
_
Nonetheless, even if the data is not from 2020, reporting it was a responsibility because some organization / organizations in Pakistan were breached (recently or in the past) and the news was not disclosed to the public. Facebook – Cambridge Analytica scandal surfaced in 2018 whereas that data was misused two years ago in the presidential elections 2016. Not reporting an old breach does not help anyone because this way companies will keep on getting breached under the radar and user data will get into criminals hands without anyone noticing.
_
The right question to ask was “how are companies handling user data and what should happen in case of a breach”? “‘What kind of access to user data is given to third parties and for what purpose”? “If personal information can be leaked, what else can be leaked (conversation history, messages, calls)”? “Which organization was actually breached and what are they doing to ensure this doesn’t happen again”? “Do we have any laws to protect user data and to hold companies accountable for our data privacy”? “What other organizations have been breached in the past and did they notify their users about the data breach”?
_
Let’s ask the right questions and take Pakistan towards a cyber security mindset. If we don’t ask the right questions, companies will always have a reactive approach towards cyber security rather than a proactive approach. Data is an asset. It’s our asset and we need to create awareness to keep it private and protected. If we don’t ask the right questions, our data will be misused in ways we can’t imagine.
_
Now is the time!