At a glance.
- Conti, and its double-extortion threat to privacy.
- Retail scam and credit card fraud.
- Hacktivist hits Citizen neighborhood watch app.
A closer look at Conti.
BlackBerry offers an in-depth examination of Conti ransomware, the threat responsible for some of the largest cyberattacks across the globe over the past year, notably this month’s unprecedented attack on Ireland’s Health Service Executive. Conti’s availability as Ransomware-as-a-Service (RaaS) has bolstered its popularity as a threat of choice, and Conti has been used in double-extortion operations as well, a growing ransomware trend in which threat actors exfiltrate data with the threat of publishing it if their ransom demands are not met. Conti functions by first striking a machine’s volume shadow copies in order to minimize the possibility of system recovery and then scanning the device for openings through which to spread across the network. Earlier this month, the Conti threat group released a decryptor key capable of unlocking encrypted files and restoring systems hit by the ransomware, offered for a ransom of €20,000,000.
Retail malware scam leads to credit card fraud.
Security Week reports that the US Justice Department has indicted twenty-two individuals for using credit, debit, and gift card credentials that were stolen in a malware operation. Using point-of-sale malware in four hundred store locations of a major retailer, threat actors exfiltrated more than three million payment cards. The hackers then sold the stolen data for $4 million in bitcoin to a cybercriminal, who sold it off to thousands of others, the twenty-two defendants among them. Each individual could face up to twenty years in prison for wire fraud and two years consecutively for aggravated identity theft.
Hacktivist protests Citizen’s problematic business model.
In response to the recent controversial actions of neighborhood watch app Citizen, a hacktivist has published a dataset from the app on the dark web, Vice reports. On a website the hacker named "The Concerned Citizen's Citizen Hack,” they posted a cache of 1.7 million incidents scraped from the app, including URLs for 1.5 million clips stored on Citizen's servers, and even COVID-19-related user data Citizen had mistakenly posted.
The move comes in reaction to Citizen CEO Andrew Frame’s decision to offer a reward for the capture of the arsonist responsible for a recent California fire, which resulted in the accusation of an innocent man. As Vice explains, Frame fueled a $30,000 bounty hunt on the app in the hopes that it would end in the arrest of the culprit live on Citizen’s streaming platform. Frame is quoted as stating, “The more courage we have, the more signups we will have. Go after bad guys, signups will skyrocket.” Users identified a potential suspect, and photos and details about the man flooded the app. Even one of Citizen’s own employees noted that the company was acting in violation of its own terms of service, which prohibit "posting of specific information that could identify parties involved in an incident," but the search continued until police finally arrested the true arsonist, who was unfortunately not the person Citizen’s users had been tracking.
Though the data published by the hacktivist are already technically public, releasing it en masse should give the press greater insight into the company’s business practices. And, of course, it compromises the privacy of those who've become enmeshed in the app, whether as users or subjects.