Customer portal
Articles Tagged with

SOS Intelligence

"JISC"/
Product news

“Cost-effective and timely threat intelligence”

JISC are the UK higher, further education and skills sectors’ not-for-profit organisation for digital services and solutions.

They are:

  • Dedicated entirely to the sectors’ individual and collective needs
  • Not a vendor: they deal with and/or work with vendors and publishers on the collective behalf
  • Not for profit: every pound is used for the sectors’ benefit
  • Objective, but not unbiased: they put the sectors’ interests above all else

We are delighted that JISC have chosen to use SOS Intelligence for their threat intelligence and are looking forward to working closely with them in the future.

“SOS Intelligence has provided us with cost-effective and timely threat intelligence. The dark web monitoring and alerting allows us to reassure and help our customers to mitigate potential attack vectors on their infrastructure. The platform is easy to use, with manageable alerting. SOS Intelligence has fantastic customer support and is always meeting our never-ending requirements with feature requests being implemented in record time.”

David Batho Head of protective services at Jisc

SOS Intelligence works with businesses, organisations and MSSPs.

"SOS
Product news

An essential MSSP Cyber Threat Tool

When we set out to develop and launch SOS Intelligence, we knew that one of our markets was MSSP providers.

As Gartner succinctly puts it, a managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.

Increasingly though, it’s all about Cyber Threats and Dark Web Threat Intelligence.

We are seeing more and more interest in what we do, especially real time breach alerting and reputation monitoring, plus the ability for MSSPs to use us on the behalf of their clients.

Our solution is ideal for managing your customer keywords with our bulk management tools, customer alert filtering and sub-customer dashboards. Once your customers are on boarded you can get started adding their monitoring keywords, receiving and responding to alerts and reviewing customer alerting performance.

One of most recent MSSP clients was kind enough to send this to us:

We have been looking for an intelligent and cost-effective means of Digital Risk Monitoring for our clients for a number of months. Having now implemented the SOS Intelligence solution, we are pleased we have explored a white-label service designed for MSSPs to provide digital risk monitoring.

Easy to use, constantly being improved and with terrific support, we are already seeing a steady stream of information which is benefitting our clients.

Director of Services for a UK MSSP

If you work for a MSSP, then please click here now to book a demo.

Photo by FLY:D on Unsplash

"SOS
Investigation, Ransomware

A Special Investigation exposing a ransomware group’s clear-web IP and their duplicate identities

Intro

Before we dive into this investigation it’s worth to just spend a brief moment to describe the Apache Server-Status page.

The Apache Server Status page is a diagnostics and metrics page provided by the mod_status module. When mod_status is enabled a metrics page is served via localhost on the /server-status path. 

This page is typically served via localhost only. It offers diagnostic information about the Apache service and client requests. It shows the full request URI and client IP information.

Serving this page in production, outside of localhost would be considered an information disclosure vulnerability and could offer an attacker information about client requests, essentially anything disclosed in a POST request URI or GET request. 

In the scope of Tor onion services where a Tor service is published it will inherently expose all localhost services to the entirety of Tor – therefore any services designed to be protected by the typically non externally routeable local loopback interface become externally accessible.

Locating Onions with Server-Status Pages

We must first export a list of all onions we are aware of that have server-status pages. One of the tasks we perform when crawling an onion service is to identify interesting paths and services. We perform a check for common directories such as server-status along with many others.

This process is identical to a directory enumeration, except for being far more optimised to ensure crawler performance is prioritised.

Therefore using our path API we are able to query for all onions we’ve found and that are operational with server status pages:

server path search for server-status pages API

We find that there are 1,370 results with server-status pages:

Search results JSON export

The next task is to compile a list of all known (relatively current) ransomware blogs. We do this by merging our own lists, those we’ve found via OSINT and other published ransomware group site lists.

Of those we find a total of 71 onion unique addresses, these include v2 and v3 onions.

Now we have a relatively straightforward task of cross-checking our server-status results against this list to see what ransomware group sites have server-status pages, if any.

We do this with a very simple bash script that uses the grep tool:

Checking out output we see that there are in total only 3 ransomware blogs/group sites:

Arvin Club, Haron & Midas

Checking the first, Arvin Club:

We see that the server status page presents a vhost of localhost, not much to go by!

We also note that the server is running Ubuntu and is located in the UTC time zone.

Haron Server-Status Page

Checking the Haron server-status page we see that again the vhost is localhost, the server is running Debian and the time zone is Moscow Standard Time (MSK)

Lastly, checking the Midas server status page:

Midas Server-Status Page

We see a VHOST that is not localhost, this time it shows as “Becquerel.selectel.ru”

A server running Debian and a time zone of Moscow standard time.

Becquerel.selectel.ru

The hostname exposed in the servers-status page for the Midas shows that the web server running the Midas blog is being hosted by Selectel a Russian cloud hosting company:


For at least a short period of time the clear web portion of the Midas blog was exposed to the internet allowing Google to crawl and index the server-status page. 

The Google Cache is of a AWS IP, Germany “3.70.39.23” . According to the Google Cache entry the server was exposed at least up to 27th of September 2021 likely some time before that date, possibly after the 2nd of October 2021. 

How are we sure that this cache entry is the Midas blog web-server? 

It could very likely have been another server if Selectel reprovision hostnames. The evidence contained in the server-status client requests for the Becquerel host cache page are unique to the files found on the current Midas blog. 

Identical files requested in the Google Cache as what exists on the Midas blog web server

We can say with strong certainty that the cache entry, the clear-web IP and hostname all belong to the Midas web server and that the host is current and operational. 

Linking Midas to Haron and Avaddon

Reviewing the client request on refresh revealed some interesting paths. These paths point to image and file locations. Further investigation of these paths uncovered content that is shared or identical to both the Haron and Midas blogs. 

For example…

Haron test.jpg image

Midas test.jpg image

Artist: https://twitter.com/JarekMadyda

Midas Victim file [redacted]

Identical victim file on the Haron web server

Midas Mess directory

Mess directory

Identical but older Mess directory on the Haron web server

Haron mess directory

There is significant cross referencing between folder structures and files to show that the Midas web blog is a copy of the Haron web blog, if we go by the last modified date stamps on all of the files we have been able to observe across both blog sites. 

Not only do the sharing of files and file structure suggest that this is the same group/operator but both web sites have each other’s logos.

Further, we can see logo “development” taking place with logo names such as “newlogo2.png” and “finalLogo.png”. We propose it would be very unusual for one seemingly competing group to have another group’s logo on their web server and indeed for them to have each others!

The curious case of Avaddon

On the topic of logos. Investigation showed that both Haron and Midas contained the logo file for Avaddon Ransomware group:

There were rumours that not only Haron / Midas were the same group but that there were links with Haron to Avaddon.

Forum post on the Dublikat (Duplicate) dark web forum:

“Haron is built on code copied from other ransomware. So, the researchers noticed the following “parallels”: to create binaries, Haron uses the old ransomware builder Thanos; The ransomware site, where victims are asked to negotiate and pay the ransom, is almost identical to Avaddon’s site (as is the site for leaking stolen data); the ransom letter contains large snippets of text copied from a similar Avaddon note; Haron’s server contains icons and images previously found on the official Avaddon website. What all these similarities are connected with is still unclear. The researchers believe that the Haron operators may have hired one of the former Avaddon members, but they clearly did not have access to the source code of the Avaddon ransomware.”

Translated.

We are now able to shed a bit more light on this forum post. It would seem that not only did Haron share resources, images text and icons but so does Midas now too, since it is just a copy of the Haron blog.

Although Avaddon is now defunct and their onion address is no longer valid we’ve been able to extract a html cache of their page from our index. 

Making minor changes to the HTML code, to refacing the Midas and Haron onion address we’ve effectively been able to “resurrect” the old Avaddon website.

Minor html updates to the Avaddon historic html source:

These minor updates allowed us to load the html source and have the page render in an almost exact way it would have done in the past.

Avaddon website resurrected loaded locally from a file:

And this is because the file and folder structure of the Haron / Midas websites still contain the original logo CSS and other content that were made for the Avaddon ransomware group website.

We are therefore able to put forward the claim supported by the evidence in this article that all previous suggestions that these groups were interlinked do appear to be correct.

We’ve confirmed the following Clear Web IPs for both Haron and Midas, both hosted by Selectel Russia:

45.146.164.58 – Midas

45.93.201.176 – Haron

This proves our assumption that the blogs are hosted on separate VMs both hosted at Selectel.

"MI6"/
Opinion

MI6 to work with more tech companies

In his first speech as the new MI6 boss, Richard Moore has made it very clear that they need to work with innovative technology companies to help protect the UK in the future. He spoke at The International Institute for Strategic Studies today.

“I cannot stress enough what a sea change this is in MI6’s culture, ethos and way of working, since we have traditionally relied primarily on our own capabilities to develop the world-class technologies we need to stay secret and deliver against our mission”.

Guardian
Richard Moore

He emphasised how we are living through times where adversaries are feeling emboldened and have greater than-ever resources. He said how our world is being transformed by digital connectivity, increases in data and computer power.

He said he is paid to look at the threats and he said that the cyber attacks are growing exponentially.

His mission as Chief is to oversee the modernisation of MI6 and investing in the skills that they need in the digital age and partner with the right people and companies to help them stay ahead of our adversaries.

What we do here at SOS Intelligence, Dark Web Threat Intelligence plays a small, but important role in enabling companies and organisations to monitor what is happening on the Dark Web.

Focus on cyber threats

MI6’s focus on cyber threats is nothing new. They explicitly list this on their website:

The world increasingly interacts digitally through cyber space. Alongside the many benefits, it leaves individuals, organisations and governments open to cyber risks. These include the possibility of hostile cyber intrusions or attacks against the UK and the UK’s interests. The National Security Strategy identifies this as one of the four main areas of security risk to the UK.

Working as part of a cross-government effort, including GCHQ and it’s National Cyber Security Centre (NCSC), MI5 and law enforcement, SIS provides secret intelligence to help protect the UK from current and future cyber threats. These can come from a range of cyber actors, such as malign states, terrorists and/or criminals.

MI6
"Ransomware"/
Ransomware, The Dark Web

Keeping track of the CL0P ransomware group

We’ve been featured again over on ITPro. This time it’s about the latest CL0P ransomware group and the news that they have been busy compromising Swire Pacific Offshore (SPO). They announced it had fallen victim to a cyber attack with “some confidential proprietary commercial information” along with personal information believed to be stolen.

ITPro. article

Sadly, this is an all to common occurrence and one which is increasing in frequency.

If you are concerned about your cyber security and need to monitor the Dark Web, then please schedule a demo. The best 30 minutes you’ve ever spent cold possibly be a slight exaggeration, but you never know!

You can also follow us on Twitter – @sosintel

Photo by Oxa Roxa on Unsplash.

"SOS
Product news

We are on the Cyber Runway

Plexal has announced the 108 cyber startups joining the Cyber Runway accelerator and we are delighted to have been chosen!

Cyber Runway is the UK’s most diverse community of cyber founders and entrepreneurs.

Cyber Runway has been designed to address some of the biggest challenges facing cybersecurity, such as diversity and inclusion and regional representation, and support the most promising innovators at various stages of growth. 

The full membership list confirms that Cyber Runway will not only be the largest cyber startup accelerator in the UK, but the most diverse community of cyber founders in the country. 

The cohorts are solving challenges like ransomware, cyber fraud, cyber-physical threats to critical national infrastructure, cloud security, improving threat intelligence and boosting education using emerging technologies such as AI, quantum and cloud security. 

45% of Cyber Runway members are female-led startups and 52% are run by founders from black, ethnic or minority backgrounds.

You can see a list of Grow members including us here.

Plexal has ensured inclusivity is at the heart of Cyber Runway by including under-represented groups in the design and delivery of the programme. Members will also have access to a diverse mentor pool of investors and industry experts. 

50% of member companies are based outside of London and the South East of England. From Ashford to Yeovil, members and their teams are based across the country and Cyber Runway will be delivered in person and virtually to maximise nationwide reach.   

The Cyber Runway membership represents some of the most innovative and high-potential cyber startups currently operating in the UK. Members include scaleups such as CybSafe, which raised £5m earlier this year for its security awareness software, SECQAI, which uses quantum technology and AI to combat cyber threats, Yorkshire-based Bob’s Business, which delivers cyber training, insurtech startup Regulativ.ai, which aims to disrupt cyber regulatory compliance, and Hack The Box, which raised £7m in April for its online cybersecurity training platform.

Member

Cyber Runway programme

Backed by the Department for Digital, Culture, Media and Sport and delivered by Plexal in partnership with CyLon, Deloitte and CSIT (the Centre for Secure Information Technologies), Cyber Runway will be an intensive six-month programme. Three distinct streams will deliver dedicated curricula for cyber startups based on their growth phase: Launch, Grow and Scale. 

Launch: 20 entrepreneurs will get support with launching their business, building a minimum viable product and creating a network. 

Grow: 68 startups and SMEs will get business support to help them address their growing pains, access funding and achieve commercial success. 

Scale: 20 scaleups will access support (including 1:1 mentoring) to help them grow rapidly in the UK and around the world. 

Cyber Runway has replaced and consolidated three DCMS-funded programmes: HutZero, Cyber 101 and Tech Nation’s cyber accelerator for startups. 

The accelerator is designed to strengthen the UK’s cyber ecosystem and accelerate the growth of a new generation of breakthrough cyber startups to improve national security, stimulate innovation and drive economic growth. 

Cyber Runway: member benefits

The 108 member companies will receive:

  • business masterclasses (both virtual and in person)
  • mentoring, engineering support from CSIT and access to CSIT’s data and testing centre
  • technical product development support
  • opportunities to connect with international cyber hubs 
  • regional events 
  • connections to investors and corporates to fuel growth

“We are delighted to have been selected to be a part of the Cyber Runway accelerator programme, we are excited to be participating in the excellent programme and to network with fellow cohorts. The Plexal team has put a lot of hard work into the programme and it shows. Many thanks to the team for making us feel so welcome.”

Amir Hadzipasic, CEO and Founder SOS Intelligence

“This is a golden age for the UK cyber startup ecosystem. Cyber startups are attracting record levels of investment and both the government and global tech giants are coming to British cyber companies to adopt emerging cyber technologies. The scale of Cyber Runway is testament to the enormous potential within the cyber startup community and will help stimulate the supply of innovative cyber solutions that will be needed by the economy and society. 

However, Cyber Runway is also specifically designed to address some of the challenges facing cyber startups as they scale. Our three programmes will connect cyber founders to the mentors, investors and corporates they need to accelerate their growth and access diverse talent. This is a significant moment for UK cyber and I have every confidence that the collaboration between the government and the private sector to create Cyber Runway will make the cyber ecosystem more successful, innovative and inclusive.”

Saj Huq, director of innovation at Plexal.

For more information on SOS Intelligence, please schedule a demo here.

"Stop
Tips

New 159 Fraud Number launches

A new service launched today aimed at helping prevent what is sadly a growing menace – scam calls and people being defrauded.

People who think they are being defrauded on the phone are encouraged to stop, hang up and call 159. Any real bank or person will not mind you doing this. A scammer *will* mind and will always try and keep you on the phone.

It has been launched in conjunction with a number of major banks and phone service providers, including HSBC, Barclays, BT and Kcom.

A growing threat

Scams and financial fraud are increasing at an unprecedented rate. They have become a fast-moving and industrialised business.

Criminals stole over £1.26bn through fraud and scams in 2020. There were over 80,000 instances of fraud reported by UK telecommunications companies in 2019 as well.

The challenges presented by the COVID-19 pandemic have presented new opportunities for scammers to exploit. There were 149,946 reported Authorised Push Payment scams in 2020 – up 22% from 2019. These are scams where victims are conned into making a payment to a scammer who has posed as genuine and gained their trust. These scams often use legitimate platforms to reach victims, borrowing the credibility of the platforms and services they abuse.

Banks and financial institutions are making great efforts to stops frauds and scams. In 2020 that they stopped £1.6bn of attempted unauthorised transactions.

Stop Scams UK website

Having listened to a number of features about this on the radio today, it is always deeply troubling to hear about people losing money to scammers and fraudsters.

People think that they will be clever enough or switched on enough to know when it is happening to them, but in a lot of cases, the criminals are being incredibly devious and can trick you into transferring money.

In one instance, the scammers pretended to be not only the bank, but also the bank’s fraud prevention team PLUS sent official looking text messages at the same time from a spoofed number.

How does the new number work?

If you think someone is trying to trick you into handing over money or personal details…

…Stop, hang up and call 159 to speak directly to your bank.

Last year criminal gangs stole over £470m by pretending to be your bank or other service provider.

159 is the memorable, secure number that contacts you directly to your bank if you think you’re being scammed.

159 works in the same way as 101 for the police or 111 for the NHS. It’s the number you can trust to get you through to your bank, every time.

159 will never call you. Only a fraudster will object to you calling 159.

How does 159 work?

How SOS Intelligence plays a part in preventing fraud

SOS Intelligence provides Real Time Threat Intelligence for everyone. We are not connected with fighting scam phone calls directly but we are actively fighting fraud online with our service.

Often scam callers use details they may have obtained online, often from breaches of popular services which are then sold on the Dark Web. We monitor keywords, key phrases and email addresses in realtime on the Dark Web and offer a free option to monitor an email address you use when signing up. As a result, you get alerted when your data / email address is out there on the Dark Web.

Sadly businesses and organisations don’t know until too late when their data has been compromised. We prevent that from happening.

It’s really good to see this new service launch.

"Cyber
Product news, The Dark Web

Automating Cyber HUMINT Collection

This blog post will attempt to give a high-level overview of how we go about automating typically manual Cyber HUMINT ( “a category of intelligence derived from information collected and provided by human sources.”) collection. 

Significant elements of this blog will have to be described in general, non-specific, terms or redacted. Due to the nature of the work that we do, keeping our tradecraft methods, tactics and techniques private is important. The methods employed by us are not only commercially sensitive but over disclosure of specific details may render the methods ineffective.

Automating Cyber HUMINT Collection - SOS Intelligence
Screenshot of SOS Intelligence showing OSINT search

OSINT Source Selection

OSINT source collection SOS Intelligence
OSINT source

A fair amount of thought and research goes into selecting our OSINT (Open Source INTelligence) sources. For the most part, ideal collection sources would be ones that offer an API (Application Programming Interface) for information scraping and do so without significant restrictions. 

For example, Pastebin with a paid account grants access to a reasonable scraping API. Using this API we’ve been able to create a custom collection to download each paste, analyse it for relevant customer keywords and, if any matches found, store the paste & alert our customers.

In most cases, however, paste sites typically have no available APIs. Where these sites have a rolling list of new pastes posted, and those pastes can be enumerated & are publicly accessible, further development of a custom collection is required. 

An automated process is used to periodically check for new and available pastes, fetch those pastes in a raw format where possible, perform keyword matching and store where needed. A significant number of paste sites that we collect from, either on the internet or Dark Web, fall into this category. Generally there are no significant technical challenges other than the creation of a bespoke collection for each specific source type.

SOS Intelligence
URL code

As a general rule, for websites that do not have any specifically designed automated collection or scraping method, we apply a high degree of courtesy and do not aggressively scrape the site. 

Since the paste enumeration and paste collection is a fairly lightweight process, and given that pastes in general are uploaded every so often, there is no need for any aggressive polling of a target site.

SOS Intelligence
Lightweight and courteous collection

Authenticated Access

Member only Dark Web Forum
Member only forums

Some of the sources we collect from are closed, member only, Dark Web or internet hacking forums. Without going into too much detail as to how accounts are created on these forums, an account is essential since we must be able to access topics and posts as well as a roll of recent posts. 

In most cases forums helpfully provide a feed of new content by way of RSS (Really Simple Syndication) feed. This can in part, like an API, assist in the creation of a custom automated collection for that source. An additional caveat to this being that the collector passes credentials to the forum so as to appear to be a “logged in” user, e.g. simply viewing posts or browsing the forum. 

A good 30% of all the OSINT sources we collect from are authenticated. To maintain continuous automated collection, we ensure that we have a sufficiently well stocked array of back up accounts for each of the forums we collect from.

Bot Protection Bypass

In some cases the sources we collect from deploy DDoS or Bot Protection. The purpose of this is typically not to prevent scraping or automated collection but more to prevent the site from high volume denial of service attacks. 

The bypass for this defence varies depending on the source. In some cases, for example collection from Doxbin, we employed a CloudFlare challenge bypass method that essentially consists of:

  • Detecting the browser challenge.
  • Solving the challenge.
  • Passing the challenge answer back and obtaining a cookie.
  • Passing the cookie over to the collection processes to begin automated collection. 
  • Detecting when the cookie expires, ensuring any further challenge request are solved.
CloudFlare challenge bypass method
Bot Bypass
CloudFlare challenge bypass method
CloudFlare challenge bypass method

Even when fairly advanced bot/browser verification defences have been deployed by the target source, these have thus far all been mitigated and not prevented our automated OSINT collection. 

As for the Doxbin example, the challenge of bypassing their new bot protection was significant and on balance, considering the quality of the OSINT source, might not have been warranted. It was, however, still a challenge that couldn’t be left unmatched! 

CAPTCHA (Human Verification)

Raid Forums CAPTCHA
Raid Forums CAPTCHA

Automated solving of CAPTCHAs is tricky and is probably the toughest bypass we’ve had to solve so far. The amount of detailed technical information that we can share for how we go about bypassing CAPTCHA is very limited. However, it runs along similar lines to the browser challenge process, whereby detection of a CAPTCHA and the solving of it are tied into the automated collection functions. 

So far there are very few OSINT sources that employ this type of challenge and we’ve been able to mitigate these in all cases whilst maintaining automated collection.

Old school CAPTCHA
Old school challenge!

Staying Undetected

As with the above topic, it is tricky to discuss and share in any level of detail our methods for remaining “undetected“. However, in general we ensure that the accounts we use do not raise any significant cause for concern to the forum operators. 

In most cases, accounts with no post count after a number of months (or sooner!) are deleted. This means that our accounts must have some level of interaction with the forum, however minimal, to ensure their persistence. 

We try, wherever possible, to use Tor to access content. This helps preserve our anonymity in as much as not pinning our collectors down to one location. We also ensure we rotate things like user agents and other fingerprints to ensure relative anonymity. 

Then important aspect to blending in with the noise is ensuring that collection is not overly aggressive and not overly routine. We achieve this by randomising the frequency and timings of either enumeration of new posts, fetching / viewing posts or pastes. The key is to appear sufficiently “human“. This has afforded us the ability, in some cases, to collect with the same account for a year or more without administrator intervention. 

Detecting Faults

This can be even more challenging than bypassing CAPTCHA challenges. The goal for us is to ensure we have sufficiently robust detections for whenever a logged in session expires; a challenge pass expires; the very likely and common scenario of an overloaded website itself going offline or a Tor circuit is struggling. 

To ensure the best chance of successfully reaching a website over Tor, we employ a number of load balanced Tor routers that are themselves proxied and balanced to cater for our crawling services and automated collection. 

But things do go wrong, Tor is not the most reliable tool so our collection processes that utilise it have sufficient retry intervals and “back-off” intervals programmed into them. Should one of our requests result in a gateway time out the system will simply retry, hoping it is balanced to a less utilised Tor relay. 

At times we do get detected and blocked by forum administrators. In such instances, the system will attempt to detect any “authentication loops” and select another account to continue automated collection with. 

Some of the fault detection is relatively simple, such as enumerating how many pages a collection source has and iterating through each page until all pages have been collected.

SOS Intelligence Cyber HUMINT
Collection source
SOS Intelligence Cyber HUMINT
SOS Intelligence Cyber HUMINT

The process is not always perfect, but we try to monitor it and optimise wherever possible. We spend a lot of time on the initial development phases of a collection ensuring that all possibilities, within reason, are accounted for and once a collection goes into production that any following “cat and mouse” changes required are as minimal as possible. 

We hope this gives an insight into how SOS Intelligence works. We have a number of plans available and if you would like to schedule a demo, please click here.

Thanks for reading!

Amir

PS If you enjoyed this, we think you also enjoy An investigation into the LinkedIn data sale on hacker forums.

"SOS
Opinion

SOS Intelligence featured on BBC website

The headline is a scary one, but absolutely accurate.

How your personal data is being scraped from social media

Joe Tidy, Cyber security reporter, BBC News

Joe Tidy recently got in touch after we published our blog post last week, An investigation into the LinkedIn data sale on hacker forums.

We spoke at length about the data sale and the conflicting theories of how it was sourced. Joe has now written up his news article which you can read here and where we were featured.

The chief executive and founder of SOS Intelligence, a company which provides firms with threat intelligence, Amir Hadžipašić, sweeps hacker forums on the dark web day and night. As soon as news of the 700 million LinkedIn database spread he and his team began analysing the data.

Mr Hadžipašić says the details in this, and other mass-scraping events, are not what most people would expect to be available in the public domain. He thinks API programmes, which give more information about users than the general public can see, should be more tightly controlled.

“Large-scale leaks like this are concerning, given the intricate detail, in some cases, of this information – such as geographic locations or private mobile and email addresses. 

“To most people it will come as a surprise that there’s so much information held by these API enrichment services. 

“This information in the wrong hands could be significantly impacting for some,” he said.

Amir Hadžipašić, BBC News

We’d be very interested to speak to anyone who thinks they’ve been impacted by this.

Sadly, the vast majority of people won’t be aware that this can happen and also won’t be aware when a leak occurs. This is precisely where SOS Intelligence comes in.

We offer a free plan for anyone which takes seconds to set up and always monitoring of the email address you use on the Dark Web. What are you waiting for? You can sign up here.

1 2 21 22 23 24
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound