Suspected Hacker from 2012 LinkedIn Data Leak Arrested

Earlier this month Czech police arrested a Russian man, known as Yevgeniy Nikulin, in Prague suspected of various cyber hacks in the United States including the 2012 LinkedIn’s data leak.

This one was very interesting because as far as I could tell, Yevgeniy committed no crimes in or against Czech Republic yet the Czech police were still working with the FBI through Interpol.

Interpol is an international criminal police organization that facilities communication between law enforcement in different countries and makes it easier to overcome language or cultural barriers to more effectively capture criminals. Among other things, Interpol keeps a list of internationally wanted criminals. Yevgeniy was posted on the Interpol website.

Currently, Yevgeniy is still in Prague awaiting a decision from the Prague Municipal Court on whether or not they should extradite him to the United States. What is especially interesting about this is the responses from Russian leadership/administration:

Russian foreign ministry official, Konstantin Dolgov: “[We] will be insisting that he is not extradited to the U.S.”

Russian Embassy in Prague: “[We are] taking every effort to protect the interests of the Russian citizen. We’re working with his lawyer. Russia does not recognize the practice of extraterritorial jurisdiction that the United States is imposing throughout the world.”

Not quite an admission and not quite a denial. Nonetheless, it’s very interesting (but not surprising) seeing two world powers disagree with each other like this. I look forward to the extradition decision the Prague court will make.

No More Ransom: Law Enforcement and IT Security Teams Up

Ransomware is a type of malware that infects a user’s system, encrypts part or all of the system, and displays some kind of message demanding payment from the user for decryption. The No More Ransom Project is a recently launched EU-Dutch based IT Security group working on teaming up with Intel Security and various Law Enforcement agencies (13 currently) throughout the world to fight ransomware.

They provide various free guides and educational resources to teach people what ransomware is, how it works, and how to defend against it. They even have a free decryption tool for victims of ransomware attacks of the most well known viruses. During their first two months of being active they managed to decrypt data for more than 2,500 victims and keep more than $1 million of ransom out of the hands of cyber criminals.

This was interesting to me because it got me thinking about what partnerships between private industry cybersecurity groups and law enforcement agencies look like. I imagine one example could involve law enforcement confiscating computer systems from known cyber crime groups and handing them off to a private industry cybersecurity group.

Those two groups in coordination remind me of when the FBI asked for Apple’s help in unlocking the iPhone of one of the San Bernardino shooters. Apple took a stance and decided to not cooperate as much as legally possible. Ultimately, the FBI ended up, allegedly, unlocking the iPhone without Apple’s help. I’ve always perceived that, at least in the United States, tech culture is significantly defined by an anti-government attitude, especially when it comes to surveillance. No More Ransom tackles a malware issue that is different from surveillance issues so the situation is a little different but interesting nonetheless.

Would the FBI join or support a group like No More Ransom in an official capacity? How likely is this to happen when they have their own division dedicated to cyber crime specifically like ransomware?

Law Enforcement Use Of Sting Ray

The Electronic Frontier Foundation and the Senate have recently called upon the FCC to take action on the use of Sting Ray cell tower simulators. Law enforcement have used Stingray devices to pinpoint the location of a criminal they are searching for. Stingrays use often jams the airwaves and has an indiscriminate affect on every citizen in the surrounding area. Federal law mandates that every consumer device that emits an electromagnetic signal be approved by the FCC. This is meant to ensure that these airwaves stay usable by other citizens without major interference. Law Enforcement use of Stingrays flies directly in the face of that.

I think things like this are pretty relevant in terms of internet communication. Law enforcement has to get a warrant to get data from cellular service providers but this takes a lot more time than just using a Stingray. When they want data from ISPs, they also have to get a warrant but it makes me wonder if there is a Stingray equivalent for ISPs. It also makes me wonder if they can intercept cell phone traffic, which supposedly is very secure, what else could they intercept? Wifi traffic? Bluetooth traffic?

We’ve mentioned IoT a few times and its rising prominence over the past few years. As it becomes more relevant and popular, in what ways will Law Enforcement use Stingrays or Stingray-like devices to capture IoT traffic to conduct its investigations? IoT could potentially have vital life sustaining medical or other mission critical applications in the future. Stingray use has proven to inadvertently blocked 911 calls. It’s not hard to imagine what could also happen to IoT devices of the future. There are plenty of FCC laws against this type of wireless interference. Despite this, the FCC still certified the sale of Stingrays specifically to Law Enforcement. With a vague warrant system currently in place, Stingrays end up getting used for minor non-violent crimes. Does this set a precedent for future wireless communications devices? Who watches the watchman?

Opera VPN and Internet Privacy

Opera recently released an updated version of its web browsing software with the option for free Virtual Private Network (VPN) browsing through Opera’s servers. VPN differs from traditional web browsing by routing all if the user’s traffic through an external server instead if creating a direct connection. The major advantage, and Opera’s primary reason for providing free VPN, is privacy. VPN connections are designed to be secure and encrypt all traffic whether the traffic is already secured by https or not. Additionally, VPN inadvertently allows users to obscure their true IP address.

If my IP address was 128.173.54.29, any website I connect to would see that I am connecting from the Virginia Tech campus and that I am in Blacksburg, VA. If I were using Opera’s VPN service however, the websites I connect to would only see an Opera IP address located wherever in the world the Opera server hosting my VPN is located. There would be no easy way for a website to locate where I am connecting from.

There can be legitimate non-privacy reasons to use a VPN. Virginia Tech has a VPN service available that students and professors need to use when they are off campus to download from VT Network Software, access online library services, or use Virginia Tech’s various research subscriptions to access academic papers. It can also be used in ways it wasn’t intended to be used. For example, a student or professor trying to access Netflix’s US catalog from a foreign country could circumvent Netflix’s regional restrictions by simply connecting to Virginia Tech’s VPN.

There are a few concerning things about Opera’s service. The traffic from all Opera users using this VPN service will end up in Opera servers. That will generate a lot of bandwidth. How is Opera paying for all that bandwidth? As Randy Marchany said in his guest lecture to our class, “If you aren’t paying, you are the product.” What will Opera do with the log data from all that traffic? Second, if Opera is keeping log data, can they be trusted to keep it private? If the goverment comes knocking for whatever legitimate, or even illegitimate, reason, how hard will Opera fight to keep its user data private?