Month: August 2023

Scammers are targeting the French fines authorities website

Bangaly Koita 1 year ago

The website https://www.amendes.gouv.fr is the only governmental website for online payment of fines issued by the French authorities.

The website contains confidential, PII, financial information and others. In case of any data stolen or breached; it could cause several damages.

I found out many suspicious domains mimicking the website. The suspicious domains are located in different location through the world.

Let’s share with you the investigation.

Some suspicious domains:

amende-gouv-login[.]fr

amende-pv-service[.]com

antai-gouv-amendes[.]net

antais-gouv[.]com

xn--rglementamendes-bnb[.]fr Puny   réglementamendes[.]fr

servicesamendes[.]info

ksocampaign[.]com

the domains mentioned above are some of the domains mimicking the online fines payment.

Among those domains, the domain ksocampaign[.]com paid my attention.

While investigating, I found the following email address “yakuzahn2.gmail.com” in the DNS OSA records which could be the administrator email address.

ksocampaign.com - Current DNS records and Full DNS Report (securitytrails.com)

 

I took the email address and checked through Google search and the information below was found.

Like you see, the email address is associated to a website used to unlock the websites that were hacked by the Iranian Locker group.

dhs.edu.bt - urlscan.io 

At this point, we came to the following conclusion:

The domain ksocampaign[.]com might belong to the Iranian threat actor or the person behind the email address “yakuzahn2.gmail.com”.

The intention of the threat actor behind the phishing campaign or the threat actor mimicking the online payment website is to get the users credentials and credit cards information from the users.

 

Best tools to protect the whistleblowers and journalists online

Bangaly Koita 1 year ago

Imagine that you want to report a big financial corruption in your country or organization, the best way to safely report such information is to use a trustworthy and anonymous tool. There are many tools nowadays for such activities but the best and most secured are the following we are going to share with you in this article.

A few years back, it was quite easy to report such activity by making just a call, but nowadays, such way of doing is not secured anymore as the service providers record all the calls and also listen to them. Below we will share with you, the best tools used by the whistleblower and journalists to stay online safe and share the information without any risk.

  1. Share and accept documents securely (securedrop.org)

SecureDrop is an open source used by whistleblower to anonymously send and receive documents to journalists.

  1. Whonix - Superior Internet Privacy

Whonix is used for privacy and anonymity over the Internet.

The tool works with TOR to fully anonymize your connection. 

  1. Tor Project | Download

Tor is a browser used for maintaining the privacy over the internet. It can be used to access the DarkWeb. The TOR browser is based on onion routing to bring more privacy over the network.

  1. Tails - How Tails works

Tails is a portable OS that protect against surveillance and censorship by anonymity and privacy.

  1.  OnionShare

OnionShare is an open-source tool used to securely share files, chat, host websites using TOR browser.

  1. EQS Integrity Line - the secure whistleblowing hotline | integrityline.com

EQS Integrity Line is a whistleblower tool used by the EU to securely and anonymously allow the employees to raise wrongdoing such as discrimination, human abuse.

  1. GlobaLeaks - Free and Open-Source Whistleblowing Software

GlobalLeaks is a customizable open source that enable anyone to set up and maintain a secure whistleblowing platform.

  1. ObscuraCam: The Privacy Camera - Guardian Project

ObscuraCam Helps you to share photos and videos while protecting the privacy of people.

The tool can be used to blur faces and remove camera and location metadata with the privacy camera app.

  1. Haven: Keep Watch (BETA) – Apps on Google Play

Haven is a device sensor that provide monitoring and protection of physical spaces.

The tool can be used to detect motion, sound, vibration and light surrounding your environment.

  1. Dangerzone: Convert potentially dangerous documents into safe PDFs

Dangerzone is used to securely open a PDF files, office documents, images by converting into a safe PDF file.

In conclusion, you as a whistleblower or journalist, should always think about protecting the information that you hold in the most secure way. Before using any tool, verify how the data are protected and the privacy is maintained.

You may have missed

Windows files system you should never whitelist in your environment

Bangaly Koita 3 weeks ago

New update in URLSCAN to detect malicious domains

Bangaly Koita 3 months ago

How to securely open a file

Bangaly Koita 8 months ago

Payoutproject[.]com the biggest scam ever on social media Facebook, twitter, TikTok, Instagram

Bangaly Koita 10 months ago

How to use a proxy server for free over the internet

Bangaly Koita 10 months ago