OSINT, August 2022: a Surge of Disinformation Attacks, New Cybercrime Actors, Iran Adopts Cryptocurrency, a New Type of Deanonymization Attacks.

U.N. is Under Disinformation Attack

The U.N. Security Council has called for drastic measures to safeguard their twelve global peacekeeping missions against disinformation and misinformation campaigns spreading throughout social media.

In a recent statement , the organization emphasized the need to "improve the culture of strategic communications across civilian, military and police components" to protect the civilians and 90,000 peacekeepers connected with the operations. Addressing the council, U.N. Secretary-General Antonio Guterres stated that modern criminals, guerrillas, and terrorists are not only using weapons to undermine regional stability but also misinformation, disinformation, and hate speech tactics.

One example of how corrosive disinformation can quickly spread occurred recently in Mali. A fabricated letter claiming that U.N. peacekeepers were in league with local armed groups went viral on WhatsApp before feeding into the national media. That instigated a widespread hostile sentiment against the peacekeepers, making their work more problematic.

The emerging picture is that modern peacekeeping missions need tools that will help them automatically flag misinformation and disinformation early to prevent them from spreading further.

We tend to think of disinformation in terms of spin - a media phenomenon that can sway public opinion and affect politics but not dissolve law and order significantly. But in the wrong circumstances, disinformation can spark civil unrest and cost lives. It is undoubtedly a time for governmental and intergovernmental organizations to take the issue seriously and implement the necessary measures to keep social threats to a minimum.

Rooting out the source of misinformation is often complicated and time-consuming. However, some more sophisticated OSINT systems can automatically identify the origin soon after dissemination. That enables authorities and organizations to monitor and control the quality of the information in circulation. Moreover, OSINT tools can conduct continual sentiment analysis to gauge the social impact of the consumed information.

Modern Cybercrime Landscape

News items abound about cyberattacks by groups such as hacking enthusiasts, small extortion organizations, or national cyber command. However,?a recent study ?from the Center for Cyber Security and International Relations Studies (CCSIRS) suggests that the landscape of cyber actors operating outside of state control is more diverse than we are inclined to believe.

Here is a short list of some of the most prominent forms of non-state actors currently in action:

• Cybercrime Syndicates;
• Hacktivists and Patriotic Hackers;
• Cyber Mercenaries;
• Nation-State Actors.

Cybercrime Syndicates.?According to the FBI , if cybercrime represented an economy, it would rank third largest in the world, following the U.S. and China, with a cost of nearly $4.2 billion in 2020 and a projected $10.5 trillion in 2025. Little wonder then that commercial cybercrime organizations have now appeared on the scene just as they would in any other booming sphere. Cybercrime syndicates have something new to commerce: cybercrime-as-a-service (CaaS). When the datasphere has no political boundaries, this pernicious new commodity has grossly fueled cyberattack proliferation worldwide.

Hacktivists and Patriotic Hackers. In the past, hacktivists mostly acted as lone wolves, meaning that the threat they posed was relatively minimal. Today, however, they have become more interconnected: organized semblances that retain a decentralized structure that frequently eludes the efforts of the law. Unlike cyber syndicates, they act out of patriotic or ideological motivations, which can be harder to distinguish from state-affiliated operatives.

Cyber Mercenaries. As the name suggests, these are professional hackers that carry out operations on a paid basis. They can act alone or as a part of organized groups which resemble private military companies in the I.T. realm. Such mercenaries can conduct reconnaissance and offensive operations, but they are not tied to any particular state or syndicate.

Nation-State Actors. These are more 'traditional' threat groups that are state-sponsored to conduct sabotage, theft, or espionage against adversary nations. For example, many North Korean hacker groups that regularly appear in news headlines are suspected of having ties with the state.

Cybersecurity professionals have their work cut out. Not only do they have to continually combat incoming threats but also spot malicious actors at the reconnaissance stage. OSINT tools enable blue teams to identify hackers and suppress future attacks effectively. Still, security specialists must be aware of the myriad forms of modern threats coming from such a diverse landscape.

Iran Adopts Cryptocurrency

Several?media reports ?that Iran has?officially approved ?using cryptocurrency nationally to circumvent U.S. sanctions.

Last month Iran made its first $10 million import cryptocurrency order as a test run. That channel might allow the country to trade through digital assets that bypass the U.S. dollar global financial system and to trade with other embargoed countries (e.g., Russia or North Korea).?

"By the end of September, the use of cryptocurrencies and smart contracts will be widely used in foreign trade with target countries," said Alireza Peymanpak, a deputy Iranian trade minister who leads Iran's Trade Promotion Organization.

The good thing for the good guys from the?Five Eyes ?is that modern OSINT software tools can trace any blockchain operation. Cryptocurrency has a public image as an "untraceable payment method." However, it is just a vast publicly available database of records of each transaction cemented in the whole chain. By the way, the U.S. Department of Justice proved that again in August by winning?a high-stakes extradition fight ?with Russia for Alexander Vinnik (BTC-e exchange).

A New Type of Deanonymization Attacks

Researchers from the New Jersey Institute of Technology warned about new methods to de-anonymize website visitors. They presented?their findings ?at the Usenix Security Symposium in Boston.?

The most wicked thing is that the attacks work against almost every popular browser, even the anonymity-focused?Tor Browser .

Targeted deanonymization attacks let a malicious website discover whether a website visitor bears a particular public identifier, such as an email address or a Twitter handle. These attacks were previously considered to rely on several assumptions, limiting their practical impact. The researchers challenged these assumptions and showed that the attack surface for deanonymization attacks is drastically larger than previously considered.?

In a nutshell, they achieved that by using the cache side channel for their attack, instead of relying on cross-site leaks. That made their attack oblivious to recently proposed software-based isolation mechanisms, including cross-origin resource policies (CORP), cross-origin opener policies (COOP) and SameSite cookie attribute. They evaluated their attacks on multiple hardware microarchitectures, multiple operating systems and multiple browser versions, including the highly-secure Tor Browser, and demonstrated practical, targeted deanonymization attacks on major sites, including Google, Twitter, LinkedIn, TikTok, Facebook, Instagram and Reddit. Their attack ran in less than 3 seconds in most cases, and could be scaled to target an exponentially large amount of users.