Federal Rules of Evidence Have Changed Simplifying the Authentication of Electronic Evidence

In December 2017 an amendment was made to Rule 902 Federal Rules of Evidence, specifically relating to the process for authenticating Electronically Stored Information (ESI).  Until this amendment was passed, now included as subsections 13 and 14, litigants had to have any electronic evidence authenticated through trial testimony.  This was an expensive process.  While our company has taken on quite a bit of eDiscovery work, being asked to testify as an expert witness was rare due to the time and cost involved for litigants.

The new Subsection 14 reads:

Read more...

More Records Exposed - Database Found on Google Cloud Server

This case is particularly unfortunate as it represents both the intense desires entities have for our personal information and likely the more concerning problem of lax security protocols.

This instance revolves around a Voter database of approximately 154 million records.  As anyone who does genealogy knows, voter databases are considered public records and offer a great deal of information to family researchers.  However, not all voter information is included in the published records. Most states have similar laws dictating the portion of the voter registration that is public vs private; below is a general list, if you'd like to know the specifics for your state go to your state's Secretary of State website, it should have a link to voter information.  Public information typically consists of your name, address, party affiliation and date of birth.  The original application, social security number, and driver's license number are not to be released.

Depending on where you live additional information might also be collected: Education, Gun Ownership, Marital Status to name a few.  We live in a world of data and the more data someone has on you the more targeted they can be with their advertising or more nefarious scams.

The database that has just been discovered also came with a lot of additional information not typically seen in voter databases, including Facebook profile URLs, information on children, and email addresses.

Chris Vickery / MacKeeper - Sample Database Screenshot

Chris Vickery / MacKeeper - Database Screenshot

The compromised database was discovered by security professional Chris Vickery.  From MacKeeper it is reported that when Mr. Vickery found the database "it was configured for public access with no username, password or other authentication required."  With further research Mr. Vickery was able to determine that the database was owned by data brokerage company L2.  L2 was very responsive when contacted and had the database taken down and secured.

Bruce Willsie of L2 sent Mr. Vickery the following response: "Thank you for finding this and thank you for giving us the opportunity to respond.  We very quickly identified the national client, informed them immediately and they took down the site as quickly as they could.  The client told us that they were hacked, the firewall was taken down and then the probing began.  This was an old copy (from about a year ago) of the national file and it had only a very small number of our standard fields.  Needless to say, the client is doing its own research now to determine the extent of the incursion.  I’ve asked that they report back to us with their findings and their plan for hardening their system in the future.  It’s unfortunate and, again, we greatly appreciate your discovery of the problem."

While steps are being taken to rectify the open database, it cannot be under emphasized the damage that may have already been done by this database being open to the public.

As a part of his research Mr. Vickery also queried the server's log file.  What he discovered is very concerning considering the nature of the information contained in the database. On April 11th of this year the server logged a Serbian IP address, 89.216.31.2.  Serbian IP addresses are under RIPE jurisdiction and querying RIPE lists this IP address as "Fixed IP for cable modem customers".  What the person did when accessing the database are either unknown or not being released. Copying the full database for sale on the black market, would be the worst case scenario, but is also most likely what occurred.

As individual's value lies in the data collected on them, there is a good chance someone no one wants having information on them, now knows a great deal more than they should!

Read more...

Yes It Is A Scam - Don't Call That Number!

Recently we've had several people come to us having been hit by a nasty piece of Adware.  This particular pop-up is insidious as it's a two part pop-up, see the attached screenshot.  First you have the large underlying pop-up with the information that says "Call XXX-XXX-XXXX immediately."

nytimes_bad NEW NEW

Also take notice of the "24/7 Unmatched Service and Support".  With a quick glance you might mistake for the image for a Windows logo, but upon further inspection they don't match.

Not_Windows Not Windows Logo        Windows Proper Windows Logo

Next take a look at the smaller pop-up on top of the large one; this one serves two purposes, first is to reiterate you must call them NOW and second is to amp up the fear, "Possibly Privacy Breach and Computer Error Detected Due to Suspicious Activity Found On Your Computer.".

But in all of the fear that your computer may now be breached most people over look a very important piece of information found in this example in the upper left, but could be found in any number of locations depending on what service the Adware is being served through.

Adware

"Ads by Click2Save"  Wait!?!  What?!?  This pop-up is nothing more than a paid for advertisement???  Exactly, it's nothing more than a scam to get you call that number and have one of two scenarios play out.  Either they are going to try and gain access to your personal information in order to steal it or they are going to try and sell you fake software or services that you don't actually need, at a cost to you of hundreds of dollars.

(See our article on the similar tech support phone scam at Tech Support Scams - Don't Be A Victim.)

So you find yourself with this pop-up on your screen, you've realized it's fake, you're not going to be calling these thieves, but how do you get the pop-up to go away?  As if the ad itself isn't bad enough, this is one of those Ads that is bound and determined to stay with you.  Clicking on the "X" seems to take most people into an irritating loop where the two windows continually to appear, one on top of the other.  With testing we have been able to successfully close the Ad by simultaneously clicking the "X" and pressing "Esc".  If that doesn't work try going to your task manager and forcing the browser to shut down, End Task, that way.  If that still doesn't work you may be left with the only option of shutting down your computer.

Once you've successfully closed the Ad you've likely avoided any danger, but you can always take it to a local computer company, like Top Speed Computer Service, to make sure no damage has been done.  Pass along to your friends and family to make sure they are not victimized by this scam either!

What to do if you've been scammed?

First if you’ve found this article and are still on the line with them hang up now and cut off their remote access.  If you’re unsure how to cut their remote access, the sure fire way is to restart your computer.

If you've already had this happen, called them, given them access to your computer, paid them money or not, there are several places you should report them to.   File complaints with the FTC, Fraud.Org the National Consumers League, your local Attorney General, and if you’ve been defrauded of money your local law enforcement as well.  Fraud.Org is an especially good one to file with as they work to share information with many jurisdictions.  Local law enforcement is harder as they really only deal locally and scams like this work on a global scale not a local one.

You will also want to have your computer checked out by a local technical company in case anything malicious was installed on your computer during the so called technical support.

It is always advisable to do business with a local computer company, you never know what you're going to find on the other end of that Internet / phone connection!

Read more...

Is Breaking A Password Really Like Mr. Robot?

Have you been locked out of an account due to entering the wrong password too many times? That was rhetorical; unless your password is "password" (and it better not be) everyone has managed to lock themselves out. Even someone using "password" can manage it if they don't realize Caps Lock is on. But here's the real question - why don't hackers get locked out when attempting to get into their victim's accounts?

If you've been watching USA's new serious Mr. Robot you might be under the belief that, like Elliott, hackers research you and then using a well thought out plan they try passwords that include information about your birth date, family, pets, sports teams, nicknames, address/phone numbers, etc until they find the magic combination to your password.  That scenario doesn't hold water when you look at the facts of an account lockout - it doesn't matter if it's you or a hacker if the lockout says 5 tries and you're locked out, that's what's going to happen.  Even the few variables listed above amount to thousands of options.

So how do hackers do it?

One way is to get your system infected with spyware that steals your usernames and passwords and send them back to the hacker.  Typically the person stealing the passwords will not be the person using them, although in Orange County California in 2008 a student used spyware to steal administration usernames and passwords in order to change his grades.  More often the person stealing them plans on selling your usernames and passwords to others for use later.  In this case the hacker is dependent on people to get infected with their spyware hence the number of usernames and passwords they acquire can be hit or miss, less passwords equates to a smaller payday.  To assure themselves of a larger number of passwords to sell they employ the next method.

The second mothed is what is called an offline attack.  You have an online account, your account information along with thousands of others is stored on that company's server; that company is taking proper security measures and all the stored account information is encrypted.  Along comes a hacker who steals that encrypted file.  Once the hacker has the encrypted file he begins using a variety of tools against the encryption.  This process has absolutely nothing to do with a trial and error process of figuring out your password.  The hacker patiently waits as his tools work away on those passwords until they are revealed.  The longer it takes for the original company to discover the breach, then the theft of the file, followed by the disclosure to their users, the longer the file has value.  From there the hacker will work to sell his ill-gotten information and move on to the next breach.

rainbowtable

So there it is in a nutshell and once again TV and movies have steered you wrong when it comes to the real life of a hacker. But how fun would it be if they showed the reality of a hacker who starts his computer working against the encrypted file then walks away for a while - not exactly must see TV.

Read more...
Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844

Email: info@tsis.net

Physical Address:

8755 Technology Way

Suite J

Reno, NV 89521

Log in or Sign up