According to an article by CNBC, the U.S. is strongly considering banning TikTok, among many other Chinese social media applications.

TikTok, described as “an application used to create short dance, lip-sync, comedy and talent videos”, is currently the #1 most downloaded Entertainment App on Apple’s App Store. The app was originally released in China in September 2016 and was subsequently released internationally a year later. The application immediately began gaining traction and is now estimated to have over 800 million active users worldwide. In addition, the popular app has been downloaded over 1.5 billion times across the App Store and Google Play.

Secretary of State Mike Pompeo told Fox News on July 7^th that the U.S. is looking into banning TikTok due to its ability to collect and store data from users’ devices and its Chinese origin. “We are taking this very seriously” stated Pompeo. When asked if a U.S. citizen should download TikTok, Pompeo said, “only if you want your private information in the hands of the Chinese Communist Party.”

In response to Pompeo’s interview, a TikTok correspondent released a statement saying “TikTok is led by an American CEO, with hundreds of employees and key leaders across safety, security, product, and public policy here in the U.S. We have no higher priority than promoting a safe and secure app experience for our users. We have never provided user data to the Chinese government, nor would we do so if asked.”

TikTok was recently banned in India, which is the app’s biggest overseas market, due to data security and privacy concerns.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

If you are in trying to authenticate web page content from a specific period in time, there may be a free tool available to help you out. In case you didn’t know, you can search the history of over 400 billion web pages on the Internet by using Archive.org’s WayBack Machine.

As Jim Calloway reports in an article posted to the Oklahoma Bar website, the helpful tool preserves the history of web pages (some 448 billion of them!) and allows users to search for websites that may have been preserved at one point in time. As pointed out in the article, the Machine scans web pages on a fairly irregular basis, but if the content in question was posted for a lengthy amount of time, you may be in luck.

If your goal is to authenticate the history of the webpage, the Internet Archive may be able to assist. For a fee, the Internet Archive will assist in authenticating printouts from the Wayback Machine, which may prove helpful in litigation. The process and fees associated with the authentication service can be found here.

For fun, we used the Wayback Machine to get a look at Google’s website shortly after its launch back in November 11^th, 1998.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Exif stands for “Exchangeable Image File Format data” and contains information about a file. Exif is commonly referred to as “data about data.”

Gerd Meissner of Security Boulevard recently reported on a release from Authentic8’s Open Source Intelligence (OSINT) team which details the analysis of Exif data from image files. The Exif data is a type of metadata about the file. Exif data can be manipulated, replaced or stripped from digital pictures, and many social media platforms strip the Exif data from images or “replace it with their own (tracking) code. One of the reasons that social media platforms strip this data is “to protect member privacy and prevent abuse,” and another reason is that “Exif data can be used to hide malware in image files.” A review of file metadata can often reveal information about a specific file that a standard user would be unable to see. In some cases, Exif data can reveal the modification made to the photos, such as editing in photo editing software.

Exif data from a digital image can contain information such as dates, times, file size, location details, and much more. The release from Authentic8 walks through some the processes of using specific software to analyze the Exif data. In an example using a tool called Exiftool, the analysis of a photo revealed information about the image file such as the date and time that the original image was created, which is not always apparent to a user especially if a photo has been moved or copied. Additionally, Exiftool revealed the make and model of the camera used to capture the photo. In the test image, it was determined that the make of the device used to take the photo was Apple and the camera model was an iPhone 6s. The Exif data can even reveal which camera lens was being used on the iPhone. In this case the Exif data reveals that the back camera lens was used to take the picture. Other information such as the latitude and longitude can be found in Exif metadata as well. In this test case, the latitude and longitude coordinates can be plotted in a GPS software tool like Google Earth or can even be typed in to Google Maps and the approximate location of where the photo was taken can be determined.

Other fields, such as if the camera flash was fired when a picture was taken, can be determined. Depending on the device used to take the photo, information about the specific device can be determined from the Exif data. With a test photo that was analyzed, it was determined that it was taken using an iPhone 6s. However, the specific version of software that the device was running can also be found in the software field and in this case the iPhone 6s was running version 12.4. The software field is also helpful in determining what software was used in the creation of the image. In another example, an image was reviewed that was created using Photoshop. The Software field reveals that Adobe Photoshop 21.0 was used and that it was the Windows version of Photoshop.

The information that is contained within a single digital image can be quite helpful in various scenarios and cases. Often, the Exif data is used to determine if photos have been altered in some way, or to see where or when the photo was taken. All this information can be found in the Exif data if that data still exists, making this artifact of great importance when performing digital forensic investigations.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A nurse with Carolina Gardens Senior Living came under fire after racist messages were shared online under her name, but an investigation into the messages revealed that she was not the person who shared them, Bristow Marchant of The State reports.  After the racist messages were shared online, the parent company of Carolina Gardens, Priority Life Care, launched an investigation into the messages that were circulating on social media.

The nurse in question filed a police report that claimed the messages that were shared online were fake and that they were shared online while she and her family were vacationing. Priority Life hired an outside digital forensic firm to conduct an investigation into the origins of the posts. The nurse in question was suspended without pay and was not permitted to care for or contact any of the residents that she cared for during the investigation. The investigation examined the email account of the nurse to look for messages. The chief operating officer, Bobby Petras stated “We looked at as many emails as we could, as far as a few years ago up until recently. We could not find anything that was consistent with the post that was made.”

An outside investigator from MSI Detective Services, Perry Myers, stated “I have scientifically concluded (the nurse) was not the author of the racist statements, and those statements were not generated from (the nurse’s) Facebook account.” Myers and his agency are working with law enforcement to track down the source of the messages that were shared online. The CEO of Priority Life, Sevy Petras has said that the staff at Priority Life will receive training on how to prevent their social media accounts from being hacked. Petras also stated that those investigating the messages were dedicated to finding “the true culprits who set out to damage the reputation of a trusted nurse, and also take away focus on safety and well-being for our residents during this continued pandemic.”

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

A Texas woman’s text messages have put her in a difficult situation according to a report from KRVG.com. In a hearing, Ariana Sepulveda was questioned about her knowledge of activity that lead to her husband Daniel Sepulveda’s recent drug trafficking charges. The incident in question was a failed smuggling attempt of approximately 320 kilograms of cocaine at the Mexican border into Starr County, Texas.

During questioning, the Assistant US Attorney asked first asked if Ms. Sepulveda had been aware of the drug trafficking, to which she answered no. The US attorney then asked about the cell phone that was seized from Ms. Sepulveda and whether that might contain text messages between the couple that would prove she had known and was lying in court, to which she also answered no. However, several months later Sepulveda was arrested based on this testimony. The criminal complaint includes quotes from text messages, forensically recovered from her phone, which detailed the incident, what happened after, and even discussions about how to erase data from cell phones.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Infosecurity Magazine recently reported on a ransomware attack suffered by Westech International, a US Department of Defense contractor that supports a number of different projects including US Minuteman III intercontinental ballistic missile systems.

Westech has reportedly hired an independent computer forensic firm to analyze their “systems for any compromise and to determine if any personal information is at risk.” The information initially released about the hack indicates that the particular ransomware variant used was MAZE. This ransomware variant is unusual in that it both encrypts the data on the affected systems and steals copies of unencrypted data. In most cases, the stolen data is then used to blackmail the owner into paying the ransom before sensitive data is released online. The online data leak has already begun for Westech, with personal info like payroll and company email starting to show up on the web. MAZE has been in the news regularly lately as it has also been used in several other high-profile attacks including Pensacola Florida’s breach late last year.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

When an online blogger was critical of certain items sold by eBay, certain senior level employees at eBay began harassing the blogger which led to the employees being fired. The ultimate termination occurred after they were found guilty of sending anonymous messages and boxes of live cockroaches, a funeral wreath, and a bloody pig mask.

Prosecutors said the eBay employees began harassing the blogger by using fake social media accounts in an attempt to stop the blogger from posting negative reviews of the website. After performing a digital forensic investigation of the defendants’ cell phones, it was revealed that one of the eBay executives allegedly wrote “We are going to crush this lady.” In addition, another executive replied saying they should explore their options for retaliation, including “Whatever. It. Takes.”

eBay responded to the ongoing matter by releasing the following statement: “The actions of the former employees are completely unacceptable and simply do not align with who we are at eBay. We do not tolerate this kind of behavior, and the company has apologized to the affected individuals.”

Often, trails of electronic evidence result in an undisputable conclusion. In this case, the large amounts of digital evidence directly contributed to the early termination of the employees at fault.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

As the protests surrounding the death of George Floyd continue, FBI Director Christopher Wray requested members of the public to send any available digital media showing violence at protests, as reported by Fox Business.

The announcement was made earlier this month alongside a plea for the violence and destruction to end. In a press conference, Wray stated the following: “In recent days, the violence, threat to life, and destruction of property that we’ve seen in some parts of the country jeopardizes the rights and safety of all citizens, including peaceful demonstrators. It has to stop.”

Around the time of the conference, the FBI published an announcement that they are seeking information on any individuals inciting violence at the otherwise peaceful demonstrations. Included in the request is any digital media depicting “violent encounters surrounding the civil unrest that is happening throughout the country.”

Any images or videos submitted will likely undergo a forensic analysis to determine if there is any internal metadata present that can assist in determining a time or location of the violent acts. From there, it may be necessary for the photos and videos to be enhanced to determine facial features or small details in the media that can help with identifying individuals.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

KrebsOnSecurity reports that in late May, they alerted multiple officials in Florence, AL that their information systems had been compromised by hackers. Just shy of two weeks later, on June 5, the hackers seized upon their target deploying a ransomware attack, with a demand made of $300,000 worth of bitcoin. City officials are planning on paying the ransom.

The KrebsOnSecurity team received a tip from cybersecurity firm Hold Security that a computer system had been compromised by a ransomware gang. The team was able to determine that the compromised computer belonged to the city’s manager of information systems. A call was placed to the offices to alert the city officials of the compromised system, where the call was transferred multiple times, and where it eventually ended up on a non-emergency line for the Florence Police department, in a voicemail. The responder from KrebsOnSecurity then placed a call to the city’s emergency response team.

A technician with the response team returned the call stating “I can’t tell you how grateful we are that you helped us to dodge this bullet.” The team thought that the issue had been resolved; however the attack on June 5^th still happened and managed to shut down the city’s email system. Florence Mayor Steven Holt acknowledged that the city was being extorted by the ransomware group known as DoppellPaymer. The group demanded that a ransom be paid by the city or that the stolen data would be published or sold.

The original point of compromise came from a phishing attack aimed at the IT manager, which allowed their credentials to be stolen, allowing the attackers to further compromise that city’s network. Following the notification on May 26, the city took preventative measures to stop a possible attack, and when the attack hit, they were attempting to get funding approved for a more thorough investigation and remediation.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

The National Institute of Standards and Technology (NIST) recently issued a challenge to all digital forensic experts, with a study to assess how well digital forensic experts as a community do their job. The leader of NIST’s digital forensic research program, Barbara Guttman said this about the study “We want to understand the state of the practice. Can experts produce accurate and reliable information when examining data from a digital device?”

The study itself contains two parts, the first part is a survey that asks questions about the participating examiner’s experience, place of work, etc. The second part is conducting examinations on a mobile device collection and collection of a computer hard drive. Each has a set of questions and its own scenario that participants aim to answer while conducting their investigations. To learn more about the study or to participate, click here. It is open to examiners in private and public sectors.

As a black box study, the focus is not specifically on how the participants reached their answer but instead on if they have given the correct answer. By comparing the answers given by participants, NIST plans to gain insight into the reliability of the method. NIST plans to publish the anonymized results to show the overall performance of the digital forensic community. Sensei’s examiners plan on participating in the challenge NIST has issued. Stay tuned for updates on the study and consider participating if you are a fellow digital forensic expert.

Email: sensei@senseient.com   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics