BotConf 2019 Wrap-Up Day #3

It’s a classic issue for BotConf attendees, the last day is always a little bit stronger due to the social event organized every Thursday night. This year, we are in the French area where good wines are produced and the event took place at the “Cité du Vin”. The night was short but I was present at the first talk! Ready as usual!

Microsoft Research Team finds Password Reuse Rampant

What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan of its user and Azure AD accounts versus the three billion publicly leaked credentials for the first quarter of the year.

Identifying The Berlin Bicycle Assassin: From Moscow to Berlin (Part 1)

  • In its previous joint investigations with Spiegel, The Insider and Dossier Center, Bellingcat has reported that the person held by German authorities over the murder of Zelimkhan Khangoshvili in Berlin traveled from Moscow to Germany under a fake identity.
  • We established that the suspected assassin’s passport, issued under the name Vadim Sokolov, born 20 August 1970, was issued to a non-existing persona. We identified that the earliest reference to that identity in Russian registries was in September 2015 when this “person” received his first domestic passport, aged 45. “Vadim Sokolov” was assigned a tax identification number only in July 2019, days before applying for his Schengen visa on which he traveled to Paris, Warsaw, and then to Berlin.
  • We concluded that the issuance of valid domestic passport, tax ID and a international travel passport to a non-existing persona could not have happened without the direct involvement of the Russian state, and thus implicates Russian security services in the assassination in Berlin.
  • Spiegel reported on Tuesday that the Federal General Prosecutor Peter Frank has reached a conclusion that the Russian authorities likely ordered the Berlin murder. As a result, the Federal Prosecutor’s office is expected to take over the case from the Berlin investigative office in the next few days.
  • Spiegel also reports that the German authorities were able to identify the true identity of the killer through matching him to a Russian citizen previously wanted by the Russian state on an Interpol red notice, which however was later withdrawn. That person had been wanted over the murder of a Russian businessman in 2013.

Independently from the findings of the German authorities, our investigative team has independently verified that the real identity of the Berlin assassin who traveled under the fake identity of Vadim Sokolov is in fact Vadim Nikolaevich Krasikov. Vadim Krasikov was born on 10 August 1965, and not in 1970 as per his cover identity. In 19 June 2013, Krasikov was the key suspect in the murder a Russian businessman who had been the subject of several previous assassination attempts. The murder in Moscow was similar in many respects to the Berlin assassination – the killer had approached his target on a bicycle, had shot at him with a hand gun at close range, both in the back and in the head, and had left on his bike.

Moving on from encryption – the case for eDRM


Take control of your documents no matter where they go

By Alyn Hockey, VP Product Management

What is EDRM?

Enterprise digital rights management (eDRM or Information Rights Management, IRM) has had a rocky start to life. While it’s been around for the last 20 years and is seen as the next step on from encryption, it just hasn’t made it into mainstream use.

Identifying The Berlin Bicycle Assassin: Russia’s Murder Franchise (Part 2)

  • In the previous part of this investigation, we identified the assassin of Zelimkhan Khangoshvili as Vadim Nikolaevich Krasikov, a 54-year old Russian citizen traveling with state-issued false identity papers. Khankoshvilli, an ethnically Chechen Georgian citizen who had fought against Russia in the Second Chechen War and was linked to Georgian military intelligence, was shot and killed at close range by a cyclist in broad daylight at a park near Berlin’s Kleiner Tiergarten. We disclosed that the detained suspect had been a key suspect in a previous murder in Moscow in June 2013, where the killer had also used a bicycle to approach his victim and escape.
  • We also disclosed that Russia had terminated both domestic and international search warrants issued for Vadim Krasikov just over a year after their issuance, in mid 2015. This lifting of the warrants occurred only a couple of months before Krasikov’s fake identity papers were issued under the new, cover name of “Vadim Sokolov”.
  • Following our publication, Germany’s Federal Prosecutor announced that it is escalating the investigation to a federal level, based on its assessment that the murder was likely commissioned by representatives of the Russian state. In its public statement, the Federal prosecutor’s office confirmed the key findings presented in our previous reports., including the true identity of the suspect and the evidence for the Russian state’s involvement.

In this part of the investigation we present newly discovered evidence that at the time Russian authorities detained Vadim Krasikov – presumably around the time his search warrants were revoked in 2015 – he was wanted for a second, previously unresolved murder in Karelia. A recidivist murder charge would have resulted in a severe jail sentence, in all likelihood a life jail term. This circumstance would have aggravated his personal prospects, and, coupled with his track record as a hitman, would have made him a suitable target for recruitment by Russia’s security services.

This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about stalkerware and why it’s on the rise. Also, read about Trend Micro’s selection as a launch partner for the new Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing service, announced during AWS re:Invent 2019.

Security Expert Comments On VPN Bug Lurks In iOS, Android, Linux Distros, MacOS, FreeBSD And OpenBSD

As reported by The Register, researchers from the University of New Mexico have found a bug in the way Unix-flavored systems handle TCP connections, which could put VPN users at risk of having their encrypted traffic hijacked. CVE-2019-14899 is a security weakness that they report to be present in “most” Linux distros, along with Android, iOS, and macOS. If exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network. Once the victim connected to their VPN, the spy would be able to tamper with the TCP stream to do things like inject packets into the stream.

Phishing with a self-contained credentials-stealing webpage, (Fri, Dec 6th)

Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Not all credentials-stealing has to be done using a remote website, however.

I recently came across an interesting phishing campaign in which the scammers used a rather novel technique. The e-mail looked like a traditional payment notice phishing with a fairly usual text.

Good Day Please find attached a copy of your payment notification Kind Regards, James Watson

How to Conquer Physical Threats

When we think about threats to data security our minds usually jump to cyberattacks. But the physical threat of someone stealing or losing a device makes sensitive data just as vulnerable. Between 2005 and 2015, a startling 41% of all data breaches were caused by lost devices.This is a very real threat for the energy industry, where most infrastructure is over 30 years old and was built without present-day security features. Luckily, there’s a simple way to protect data in the energy industry from physical threats: private and secure communications solutions. A strong private, secure communications solution can protect your data from malicious insiders and outsiders – and even protect your data once a device is physically outside of the premises. Here’s how: