by Mike Holcomb
Checkout previous OSINT posts here
Nov 27 2024
Mar 11 2023
Looking to enhance your Linux skills? Practical examples to build a strong foundation in Linux – credit: Ramesh Nararajan
*******************************************
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks
InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services
Jan 31 2023
Jan 23 2023
The Ohio-based airline, CommuteAir, responsible for the incident confirmed the legitimacy of the data to the media.
The No Fly List and other sensitive files were discovered by Maia Arson Crimew, a Swiss security researcher and hacker, while searching for Jenkins servers on Shodan.
A Swiss hacker by the name of Maia Arson Crimew discovered an unsecured server run by the Ohio-based airline, CommuteAir, a United Express carrier. The hacker claims they found the server while searching for Jenkins servers on Shodan, a specialized search engine used by cybersecurity researchers to locate exposed servers and misconfigured databases on the Internet.
After a while of skimming through the files, Crimew claimed to have found a file labelled “NoFly.csv,” which turned out to be a legitimate U.S. no-fly, terrorist watch list from 2019.
The 80-MB exposed file, first reported on by the Daily Dot, is a smaller subset of the U.S. government’s Terrorist Screening Database, maintained and used by the DOJ, FBI, and Terrorist Screening Center (TSC).
With over 1.5 million entries, the file contains the first names, last names, and dates of birth of people with suspected or known ties to terrorist organizations.
This should not come as a surprise, since the US (along with China) topped the 2021 list of countries that exposed the most misconfigured databases online.
The leak of the No Fly List should not be a jaw-dropper, as in August 2021, the US government’s secret terrorist watchlist with two million records was exposed online. However, the watchlist was exposed on a misconfigured server hosted on a Bahrain IP address instead of a US one.
As for the latest breach, CommuteAir confirmed the legitimacy of the data, stating that it was a version of the federal no-fly list from approximately four years ago. CommuteAir told the Daily Dot that the unsecured server had been used for testing purposes and was taken offline before the Daily Dot published their article.
They have also reported the data exposure to the Cybersecurity and Infrastructure Security Agency (CISA).CommuteAir further confirms that the server did not expose any customer information, based on an initial investigation. However, the same cannot be said for the safety of the employees’ data.
On the other hand, the hacker, Crimew claims in their report to have found extensive personally identifiable information (PII) about 900 of the crewmates including their full names, addresses, phone numbers, passport numbers, pilot’s license numbers and much more. User credentials to more than 40 Amazon S3 buckets and servers run by CommuteAir were also exposed, said crime.
The list contained notable figures such as the Russian arms dealer Victor Bout who was recently freed in exchange for the WNBA star Brittney Griner. Since the list contained over 16 potential aliases for him, many other entries in the list are likely aliases of the same person and the number of individuals is far less than 1.5 million.
Certain names on the list also belong to suspected members of the IRA, the Irish paramilitary organization. The list contained someone as young as 8 years old, based on their birth date, according to crime.
The majority of the names, however, appeared to be of Arabic or Middle Eastern descent, along with Hispanic and Anglican-sounding names. The entire dataset is available on the official website of DDoSecrets, upon request.
Although it is rare for this list to be leaked and is considered highly secretive, it is not labelled as a classified document due to the number of agencies and individuals that access it.
In a statement to the Daily Dot, TSA stated that it was “aware of a potential cybersecurity incident with CommuteAir, and we are investigating in coordination with our federal partners.”
1,001 REASONS YOU MIGHT BE ON THE NO FLY LIST: 1,001 Reasons You Might Be On The No Fly List
Feb 02 2022
The internet is making the world a much smaller place over the period, allowing millions of users throughout the globe to interact and share digital information, ushering the rest of the world into the ‘digital world.’
Open-source intelligence (OSINT) in the digital world describes all the public data you can access and view.
Images are also incredibly helpful in an OSINT investigation since they can reveal what a target seems like, where the target has been, or any devices that were used.
Researchers can utilize pics to create the intelligence image, discover equipment used to capture photographs, determine where and when photos were taken, and determine if a social media profile relates to a target utilizing search engines and free resources.
This article is a list of tools and tips. It will show you how to look for, obtain, extract, and analyze digital photos.
Table of Contents
Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools