As part of our research in computer crimes, we were tasked with looking at a variety of news in the mainstream media – and see what we find. Initially this was a massive task, since obviously a large portion of the crimes today have some kind of digital aspect to them. And when using the term “crime” I use it widely – everything from activist hacking and political motives to the more financialy motivated crimes. There is also a large part of the news that are related to “unrecommended” use of the internet and digital devices.

The Dropbox Hack.

Read story on The Guardian.

When this news dropped, I had just read the headlines and immediately stormed of to change my passwords and do a “log of all devices”. I also activated the two-step authentification – which I did not think Dropbox had (stupid me breaking my own rules). I also went on the forensics chats and alerted everyone to take action. It was first after all this I went to read the entire article – and found out this was related to the 2012 hack. I of course have changed my passwords several times of natural reasons since that, so there were not really any huge crisis going on.

But – we did some reflections regarding the hack and how first NOW this information gets out. Previously (in 2012) there was only a mention of some Dropbox employees emails being the “loot” from the hack. But now, 4 years later – we learn it is 68 million users. There was a great debate around this in the forensics community, in which I will not elaborate on here.

Moving on, I did some more research on the data that were stolen. Apparantly this data consisted of email addresses and the passwords. This would be enough to get into the accounts at the time, since back then – Dropbox did not have any two-step authentification. Apparantly this hack was the Drop that made the Box run over – and made this feature become a reality. Anyways, what about the data? Well, from the information I could find online the passwords were encrypted, and the hackers would have needed some time to make the data valuable. If you had every users password, you might also for a majority of them get access to a lot of other services such as their emails, facebook accounts and so on. Not to mention the services that are using the email for access control. But then I started reflecting on how they could encrypt these passwords to even get so far. Well this is what I found.

Initially I thought – hey, what if the hackers already had an account on Dropbox, could they use their encrypted and unencrypted passwords (which they already know) to find the encryption key to unlock the rest? I would think so from a logical standpoint, and I discussed this with peers and faculty. They all agreed. But, of course – I should have turned to search engines sooner, because there I found that my “genious idea” actually were a thing. Known-Plaintext-Attack. Although I am proud to say that I invented this in my head – it is obvious this has been thought of before. The good news is that I therefore have more info to research – but from here it gets a bit blurry and technical. Some say that all encryptions based on cyphers are vulnerable to these types of attacks – but official documentation says that the type Dropbox is using – AES (Advanced Encryption Standard) – are not. Also, some says that if there are really long keys, like the ones Dropbox use (256bit) – a KPA will still take a really long time. For now, my research on this topic has to wait sine I have more pressing matters to attend to.

New type of Ransomware.

Read article on ITavisen (norwegian)

A new type of creative ransomware has surfaced, making it more difficult for novice users (which is almost all of them) to know what is going on. Apparantly, this program impersonates to be Windows Update whilst it is encrypting your files. The genious of this evil program is that the user is used to not do anything, not unplug the power, not touch any keys, until it is complete. After the encryption is done, a HTML-file is loaded to explain to the user how to pay the ransom for their files.

Browser Opera hacked.

Read article on Opera Blog

Another hack has surfaced, and this time it is the norwegian browser company Opera which has been the target. 1,7 million users details has been leaked. When I have some more time, I will investigate further on the type of data taken and how it can be used for illegal purposes.

Norwegian Businesses Attacked

Read article on Aftenposten (norwegian)

We already know that more and more businesses are being targeted by attacks, especially during the summer. This article in Aftenposten reveals that the problem are a lot bigger than expected, the hackers have gotten away with NOK 500,000,000 since new years. The reason these attacks rise during the summer, is because there are a lot of people on holiday – and temporary workers with little knowledge are taking care of important tasks. Many of these cases are typical frauds done with social engineering – but the methodology and approach are in a digital manner. In order to prevent or solve this, you will need a computer forensics investigator to help you.

Clinton emails keep causing problems.

Read article on CNN

The Clinton emails have been in the news for a long time. But this time there is some collatoral damage, and the target on this is a woman close to Clinton named Huma Abedin. Now, you might know her name from the Wiener sex-scandals, but in this case there is on a more serious topic. As Clintons right hand in several issues for many years, she has been a trusted individual doing Clintons dirty work. The evidence now points at Ms. Abedin has been securing gifts and funding for the Clinton foundation i exchange for private meetings with Hilllary whilst she were Secretary of State. This case and others related to the email hacking – will for sure be a factor in the upcoming presidential election.