Desenmascara.me in Riyadh, Saudi Arabia

Vision 2030 is a unique transformative economic and social blueprint that is opening Saudi Arabia to the world. 

"Our country is rich in its natural resources. We are not dependent solely on oil for our energy needs. Gold, phosphate, uranium, and many other valuable minerals are found beneath our lands. But our real wealth lies in the ambition of our people and the potential of our younger generation. They are our nation’s pride and the architects of our future."

Saudi Vision 2030

Under this program, @athack, the biggest infosec conference in Saudi Arabia was born. 

It had a comprehensive agenda with speakers all over the world so the Saudis don´t need to go outside to see on stage to gurus like Bruce Schneier, successful entrepreneurs like Robert. M. Lee, the people hacker Jenny Radcliffe, or the Hacker Jayson E. Street.

In total around 250 international security professionals worldwide were brought to the event. I had the extraordinary opportunity to assist to the @Hack Arsenal

In the @Hack Arsenal area I had the chance along many other security researches to demoed the tools we are working on.

The fraud in Arabia Saudi is aligned with the worldwide metrics, increasing constantly. 

I did show some last minute examples with fraudulent websites which popped up in my Twitter stream as Advertisements of Fraudulent websites!

Also with some Fraudulent websites in Arabic which I had no idea what they were about but someone from the public thankfully did clarify it to me :-)

It seems the audience got interested in the topic. 

After the session there were quite a few interesting questions and interactions with the audience:

I have had the opportunity to met new and quite interesting people, to learn a bit more about other cultures and the Islam, and even I did an interview for the Saudi Federation for Cybersecurity, Programming and drones, one of the main organizers in partnership with other entities :)

There is great young talent in Saudi Arabia and everyone has faith on the Saudi Vision 2030. Saudis know the importance of learning programming, soon it will be as important as learning to read and write. Part of their strategy is to create one programmer out of very 100 Saudi nationals by 2030, in addition to encouraging innovation and creativity and achieving global leadership. This was our grain of salt to support their vision. 

Thank you toolswatch team and to all the arsenal presenters for such a great experience!

I have to say it has been an impressive experience to visit the Kingdom of Saudi Arabia and to felt the warm and kindness of their people. Hats off to the organization of atHack!! 

Facebook refuses to drive scammers off its platform because it generates billions of dolars per year in revenue from Deceptive Facebook Ads

 The title of this post is the response to this other article "Facebook does not worry about the online counterfeiting fraud".

Recently I became aware that Facebook (or Meta) has been served with a lawsuit accusing it of actively soliciting and assisting scammers for its own financial gain and to users detriment.  

The whole document is worth a read for pearls like below:

4. Facebook has done much more than passively create and maintain a platform on which scammers can brazenly target users with scams. According to internal Facebook documents, and current and former Facebook employees and contractors recently interviewed by various investigative journalists at prominent publications,4 Facebook actively solicits, encourages, and assists scammers in numerous ways. On the revenue side, according to these investigations, Facebook’s sales teams have presented at conferences heavily attended by known scammers, socialized with known scammers for business development purposes, and met revenue quotas by encouraging known scammers to continue buying Facebook ads. Facebook’s sales teams have also been aggressively soliciting ad sales in China and providing extensive training services and materials to China-based advertisers, despite an internal study showing that nearly thirty percent (30%) of the ads placed by China-based advertisers — estimated to account for $2.6 billion in 2020 ad sales alone — violated at least one of Facebook’s own ad policies. 

5. On the enforcement side, according to these investigations, Facebook has affirmatively directed employees and contractors tasked with monitoring Facebook’s platform for deceptive ads to (i) ignore ads placed by hacked Facebook accounts and pages, as long as Facebook gets paid for these ads, and (ii) ignore violations of Facebook’s Ad Policies, especially by Chinabased advertisers (since Facebook “want[s] China revenue”). 

6. In October 2020, the Federal Trade Commission (“FTC”) reported that about 94% of the complaints it collected concerning online shopping fraud on social media identified Facebook (or its Instagram site) as the source.5   

Let's see how this lawsuit ends up.

Fraude de inversion con altos rendimientos eliminado a traves de desenmascara.me

Este tipo de scam en ingles es conocido como "High Yield Investment program". Basicamente es un esquema ponzi online. Ahora con el tema de Crypto es uno de los mas populares, pero lleva años en Internet. 

Como funciona?, recientemente me llego este correo de un usuario de desenmascara.me. Veámoslo de primera mano:

La web tenia esta apariencia:

Tras analizarla con desenmascara.me corrobore a través de metadatos que es fraudulenta. Ademas, ciertos patrones de datos de esta web se han incluido en el servicio de desenmascara.me para mejorar la detección de paginas fraudulentas con similares características.

Adicionalmente se ha incluido en VirusTotal, para avisar a la comunidad:

Esta web estaba activa desde hace meses:

El hecho de que ninguna otra compañía detecte todavía la web como fraudulenta, indica que este tipo de fraude, pese a estar en crecimiento, no es tenido en cuenta por la industria de la seguridad de la información. Ello puede ser a que este tipo de actividades fraudulentas pertenece mas al campo del crimen financiero. En este aspecto, existen buscadores, no muy amigables, todo hay que decirlo, como el que proporciona la CNMV. Dicha web tampoco estaba en el punto de mira de los reguladores de mercado:

Por ultimo, viendo el exito que tuve con la eliminacion de otra web fraudulenta que habia estafado mas de $25000 a 40 personas en tres dias, he solicitado tambien la eliminacion de dicha web.

En menos de 2 horas ha sido eliminada:

Si tienes los contactos o recursos adecuados para ayudarme a desmantelar este tipo de fraudes a escala, no dudes en ponerte en contacto conmigo.

Desenmascara.me ha impedido un fraude que llevaba acumulados mas de $25.000 en tres días

desenmascara.me el servicio online gratuito para detectar si una pagina web es fraudulenta o no a conseguido frustrar un fraude que en 3 días había estafado mas de $25.000 a 40 personas.

Todo empezó a través de este correo que llego a mi buzón:

Me llegan bastantes correos de gente que tiene dudas ante gestiones online potencialmente fraudulentas o que han sido estafadas y piden consejo. Reviso mails por encima y para optimizar tiempo respondo a los que veo más interesantes y que puedan servir para mejorar el servicio de desenmascara.me. Si deseas ponerte en contacto conmigo con garantía absoluta de que te responda, puedes hacerlo a través del servicio MyPublicInbox.

A dicho usuario le conteste para que me indicase a que pagina web se refería:

Dicho usuario me contesto sin hacer uso de muchas palabras:

Comprobé dicha web en desenmascara.me y a través de diversos criterios del análisis de metadatos fue clasificada como fraudulenta. Abajo se puede ver el mensaje de fraudulenta a través del uso del plugin de Chrome.

Dicha web fraudulenta se aprovechaba del nombre de un conocido proyecto de Blockchain (polkastarter.com). Dicha técnica se denomina Brandjacking. Una vez la web había sido clasificada como fraudulenta, notifique al usuario:

En este momento, también observe que la web fraudulenta estaba alojada sobre una plataforma de hosting que suele ser muy colaborativa en cuanto a la petición de eliminación de paginas fraudulentas, algo que no suele ser muy habitual por temas legales, y como no, de negocio. Así que me puse en contacto con ellos para notificarles que estaban alojando una pagina web fraudulenta. Mi sorpresa fue mayúscula cuando me respondieron a los pocos minutos indicando que dicha web había sido eliminada tras mi solicitud.

Así que con ese sentimiento de alegría y adrenalina que te da el trabajo bien hecho, notifique tambien al usuario que me había informado de dicha web:

Mi sorpresa final vino cuando dicho usuario me contesto:

Identificar a la persona titular de la web es ya asunto de las fuerzas policiales. 

El servicio de desenmascara.me es un recurso gratuito para ayudar a cualquier persona a saber si una pagina web es fraudulenta o no.

Tengo muchas ideas en la cabeza para evitar este tipo de fraudes a escala. Pero para ello necesito los contactos adecuados en instituciones y cuerpos policiales, algo que he intentado pero sin mucho éxito todavía. No dudes en ponerte en contacto conmigo si crees que puedes ayudar. Muchas gracias.

Rogue websites: Domain registrars have a duty to disconnect

This is quite a controversial topic thus this post is a placeholder for law/GDPR related articles on this topic.

Article 1)

"The German BGH decision confirms that domain registrars have a duty of care to disconnect domains used by websites dedicated to copyright infringement. It is interesting that the BGH did not see domain registrars as access providers, but still applied the duties of care for access providers to them. This needs to be welcomed as a clarification of open legal issues not only in Germany. That said, it would have been good if the BGH had referred some of the open EU law questions to the CJEU. We will have to wait for another day for a final decision on Union law." 

Rogue websites: Domain registrars have a duty to disconnect, says German BGH. Decision available in German.

Article 2)

The General Data Protection Regulation (GDPR) was adopted by the European Union (EU) and took full

effect on 25 May 2018. Which are the effects to its policy?

Source: WHOIS Contact Data Availability and Registrant Classification Study