Former NSA Employee Pleads Guilty to Espionage! ๐Ÿ˜ฑ

Oct 26 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that dunks on cybercriminals like Luka Doncic dunked on rooki Wembanyama last night. Welcome to the NBA, son! #GotGame

  • ๐Ÿ”’ Ex-NSA employee could get life after pleading guilty to espionage charges ๐Ÿ•ต๏ธโ€โ™‚๏ธ

  • ๐Ÿ’ป Grammarly, Vidio, and Bukalapak users beware: 0Auth flaws discovered ๐Ÿ”Ž

  • ๐ŸŽญ More malvertising, this time on Facebook: Warnings of hostile takeovers ๐Ÿ˜ˆ

Russia, Russia, Russia! ๐Ÿ‘€๐Ÿ™ˆ

๐Ÿ”’ Former NSA Employee Pleads Guilty to Espionage! ๐Ÿ˜ฑ

In a story brimming with irony, Jareh Sebastian Dalke, a 31-year-old former Information Systems Security Designer at the NSA, has pleaded guilty to attempting to send classified defence information to Russia. ๐Ÿ˜ฎ

Dalke, who had Top Secret clearance, confessed to using an encrypted email account between August and September 2022 to share excerpts from three classified documents with someone he believed was a Russian agent. ๐Ÿ•ต๏ธโ€โ™‚๏ธ But, surprise, surprise! The recipient turned out to be an undercover FBI agent! ๐Ÿ•ต๏ธโ€โ™€๏ธ

He even asked for $85,000 in exchange for his secret data, claiming it was valuable to Russia. ๐Ÿ˜ฌ

The information Dalke shared included details about the NSA's plans and threat assessments related to U.S. defense and Russia's offensive capabilities. ๐Ÿ˜จ

The daring exchange took place at Union Station in Denver, Colorado, and Dalke was arrested right after the transfer. ๐Ÿ˜ฒ

Now, he's awaiting sentencing on April 26, 2024, and could face life in prison. ๐Ÿ˜ณ

Stay tuned for more updates on this intriguing espionage case! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”๐Ÿš”

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

And these are just the flaws we know Auth ๐Ÿ˜ฌ

๐Ÿšจ Critical Security Flaws in OAuth Services! ๐Ÿ˜ฑ

Major online platforms like Grammarly, Vidio, and Bukalapak have recently addressed security issues in their Open Authorization (OAuth) systems. These vulnerabilities, found between February and April 2023, could have potentially allowed hackers to snatch access tokens and compromise user accounts. ๐Ÿ˜ฌ

What is OAuth and Why is it Important? ๐Ÿค”

OAuth is a widely used standard for cross-application access, permitting websites to access data from other sites without needing your passwords. When security breaches happen in OAuth, it can lead to identity theft, financial fraud, and access to sensitive personal data. ๐Ÿ˜จ

Vidio: A Token Verification Gap ๐ŸŽฅ

Issue: Lack of token verification could let attackers use access tokens from a different App ID, potentially leading to a full account takeover.

Bukalapak: Token Verification Problems ๐Ÿ‘ฅ

Issue: Similar token verification issues via Facebook login could result in unauthorised account access.

Grammarly: A Different Vulnerability ๐Ÿ“

Issue: While not susceptible to token reuse, attackers could alter an HTTP POST request to substitute a secret code with an access token, potentially accessing the victim's documents.

These issues have since been resolved, but it's a reminder to stay vigilant about online security. ๐Ÿ›ก๏ธ Remember folks, always use strong passwords and enable two-factor authentication when possible! ๐Ÿ”

Stay safe and protect your digital life! ๐Ÿ’ป๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Donโ€™t fall Facebook, line, and sinker ๐Ÿ˜

๐Ÿšจ Beware of Criminals Hijacking Facebook Business Accounts! ๐Ÿ˜ฑ

Criminals are targeting Facebook business accounts, running their ad campaigns using someone else's money. This not only results in financial losses but also damages your reputation. Here's what you need to know!

The Money-Driven World of Social Media Advertising ๐Ÿ’ฐ

Facebook and other social media platforms thrive on advertising revenue. The more money you invest in an ad campaign, the wider your reach. Criminals want a piece of this pie without getting caught, so they hijack other people's business accounts. If these accounts get blocked, they simply move on to the next victim.

The Bait: Approaching Victims ๐Ÿ“ฉ

Criminals use direct messaging to approach their targets, often posing as representatives of well-known companies seeking advertising partners. They seem legit, making it difficult to spot their intentions.

The Deceptive Download ๐Ÿ’ป

Victims are enticed to download a document, seemingly packed with marketing materials. Among these files hides a malicious one. Opening it is where the trouble begins.

The Data Theft Operation ๐Ÿ•ต๏ธ

This malicious file steals session cookies, passwords, and token data from various browsers. The stolen data is sent to the attackers via Telegram.

The Scary Part: "Persistence" ๐Ÿง

The malware ensures its survival by creating a startup script, allowing it to run every time the system boots up.

The Victim's Nightmare ๐Ÿ˜ซ

With stolen account access, criminals launch their own ad campaigns, promoting everything from scams to malware downloads. The victim is left to bear the costs and deal with the aftermath.

๐Ÿ›ก๏ธ Top Tips:

  • Log Out: Don't stay permanently logged into your Facebook account.

  • Multi-Factor Authentication: Use it for added security.

  • Stay Sceptical: Never click on unsolicited links.

  • Password Managers: Use them instead of the browser's "remember password" feature.

Stay vigilant and protect your business accounts from these cunning criminals! ๐Ÿ’ป๐Ÿ›ก๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles