This month I am breaking with tradition of a single cyber topic for the newsletter and instead providing two individual security topics of interest that crossed my email inbox over the course of this month. I hope you enjoy!

The 4th Amendment, Data Privacy, and a Radio Shack Robbery

This November, the Supreme Court took up a case, Carpenter vs. United States, in which citizen privacy protections surrounding the 4th amendment is being tested and debated. According to Jeff Rosen, president of the National Constitution Center, “Carpenter could be the most important electronic privacy case of the 21st century.”

Timothy Ivory Carpenter was sentenced to 116 years in jail for a series of armed robberies. He was caught through geolocation cell phone services given to prosecutors without a warrant but instead through the “Stored Communications Act” which only requires “specific and articulable facts showing that there are reasonable grounds to believe” that records at issue “are relevant and material to an ongoing criminal investigation”.

Many tech companies have filed amicus curiae briefs in this case including Apple, Facebook, Microsoft and Google, seeking to defend US citizen rights under the 4th amendment. The net consequence of this Supreme Court ruling may provide greater protection of US Citizens privacy under the 4th amendment hopefully strengthened, clarified, and updated to reflect the technological realities of our 21st century connected world.

Ransomware causing havoc through sophisticated Malware, Botnets and Phishing Attacks

Version 3 of Scarab, a sophisticated ransomware tool for hackers, has been released and is targeting .com businesses globally with assistance from a Necurs Botnet 12.5 million. This version makes recovery from such attacks even more difficult by deleting commonly used 3rd party recovery tools including Shadow Volume Copies and many default Windows recovery features. Some of the most recent social engineering phishing attacks purport to send you scanned images from various printers and copiers (Lexmark, HO, Epson, and Canon) as shown below.

Below is a sample phishing email from Outlook that is one example of this updated and devastating ransomware phishing attack emails.

Example of Scarab Ransomware Email posing as Scan File

Phishing Turing Test: ask yourself these 6 questions; answer yes to 2 or more and you’re probably being phished!

  1. Was I expecting this email?
  2. Does the email urge some action?
  3. Does the sending email address seem out of place or incorrect?
  4. Was the email addressed to generically? (i.e.: Dear Valued Customer:)
  5. When you hover over the embedded links, do they seem strange or incorrect?
  6. Are there Spelling, Grammar, or punctuation mistakes in the email?

Thank you for your readership. Please feel free to share this article with friends, family, and colleagues.

Article Sources:

https://blog.knowbe4.com/massive-phishing-attack-on-businesses-with-evil-new-ransomware-strain
http://www.scotusblog.com/case-files/cases/carpenter-v-united-states-2/
http://www.fedbar.org/Resources_1/Federal-Lawyer-Magazine/2009/The-Federal-Lawyer-November-and-December-2009/Features/Consent-and-Discovery-Under-the-Stored-Communications-Act.aspx?FT=.pdf
https://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics-for-2017.html