Apr 22, 2016

Panama Papers – How Hackers Breached the Mossack Fonseca Firm

Introduction

The Panama Papers are a huge trove of high confidential documents stolen from the computer systems of the Panamanian law firm Mossack Fonseca that was leaked online during recently.
It is considered the largest data leaks ever, the entire archive contains more than 11.5 Million files including 2.6 Terabytes of data related the activities of offshore shell companies used by the most powerful people around the world, including 72 current and former heads of state.
Figure 1 – Data Leaked (Source: Süddeutsche Zeitung)
To better scale the dimension of the data leaks, let’s compare the dimension of the stolen data to the size of archives disclosed after other

Mar 23, 2016

Android Forensic Logical Acquisition

Introduction

The following is a demonstration of how we will create an Android Emulator; then we will go through needed steps to acquire a logical image of the system and how we can start forensically analyzing it.
In mobile forensic world (depending on the OS, the OS version, and the device) there are in general three main acquisition techniques:
  • Direct acquisition
  • Logical acquisition
  • Physical acquisition
The direct acquisition technique can be performed if the seized device is either not locked or the PIN/Password/Pattern lock is known by the investigator, this way every data available to the user is available to the examiner via the usual user interface(UI). The only “disturbing” point is that if relying on only this method, system files, systems logs or system partition is not accessible.
The logical acquisition is a bit-by-bit copy of a given logical storage, (the storage may refer to user data partition as well as system data partition), and this acquisition method produces

Feb 13, 2016

How Malware Detects Virtualized Environment (and its Countermeasures)

Virtual Machines are usually considered a good way to analyze malware as they can provide an isolated environment for the malware to trigger but their actions can be controlled and intercepted. However, modern age malware detects their environment in which they

Jan 28, 2016

Cellphone Surveillance: The Secret Arsenal

StingRay and the cellphone surveillance

In a previous post, I detailed the technologies used to track mobile devices, with a specific reference to the StingRay IMSI-catcher (International Mobile Subscriber Identity).
An IMSI-catcher is a surveillance solution used by law enforcement, military and intelligence agencies for telephony eavesdropping, it is the technology used for intercepting mobile phone traffic and tracking movements of mobile phone users.
An IMSI catcher runs a Man in the Middle (MITM) attack acting as a bogus mobile cell tower that sits between the target mobile phone and the service provider’s real towers.
The only way to prevent being tracked by an IMSI catcher is using specific