Category: Privacy & Security

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
– Edward Snowden, 2015

No, I still won’t accept your LinkedIn invitation.

No, I still won’t accept your LinkedIn invitation.

I made the above statement on LinkedIn once my invitation queue hit 40, and you could say it went a bit viral. That wasn’t surprising, but what was surprising was the reaction from some people who (based on their job titles) were either in tech or even in cybersecurity.

43 and counting…

LinkedIn IS used for recon. It is used for phishing. It is used for creating sockpuppets and spreading fake networks. Accounts are taken over, ransomed, or otherwise used to further malicious intent. All of this is well-known and easily verifiable with a quick search.

Yet these professionals essentially all get stuck on “if your profile is public (even partly), then not accepting invites doesn’t increase your OPSEC.”

My brother in Christ, OPSEC is not a constant state, is it the end-all-be-all. If nothing else, I don’t want to be the guy who accepted the shady invitation from an account that was later used to contact and phish our CEO.

On top of everything, since I published that original post, we’ve learned that Topline has basically scraped all LinkedIn user data (or repackaged a lot of older scraped data) and is using it to sell their service. In October, LinkedIn also sued ProAPI for scraping legitimate data through more than a million fake accounts.

So once again, I’ll remind everyone: everything you do on LinkedIn publicly will get scraped. Everything you do on LinkedIn privately will get used to train their AI LLM.

LinkedIn is brainrot, and joke’s on me for having a profile. The only winning move is not to play.

GROKINT – Using Grok AI for X OSINT

GROKINT – Using Grok AI for X OSINT

xAI’s Grok LLM has access to real-time X data, which makes it stand out from rest of the popular AI assistants, by providing up-to-date answers on any topic. As news break on X first, this capability can be extremely useful in the modern day information landscape. Beyond model training, however, xAI hasn’t shared details on the depth of X integration Grok has.

Through the open source intelligence, OSINT, lens, this kind of capability to automate social media account analysis is extremely interesting. So, armed with Grok 4 Expert model, I began investigating how far you can push the digital sleuthing capabilities of Grok. Turns out it can do quite a lot of digging!

Continue reading “GROKINT – Using Grok AI for X OSINT”

Digital natives are not cybersecurity natives

Digital natives are not cybersecurity natives

At TurkuSec meetup in April, I had the opportunity to share my insights on a pressing issue we’ve been researching lately at F-Secure: the cybersecurity challenges faced by digital natives. These are individuals who have grown up with fast internet and personal screens, making them uniquely vulnerable to online threats. Our research highlights some concerning trends among young adults aged 18-24:

  • 45% of 18-24-year-olds have fallen victim of cybercrime in the past 12 months
  • 45% of 18-24-year-olds have encountered scams at least weekly in the past 12 months

Understanding the risks

The online world presents numerous risks for digital natives, including:

  • Social media scams: phishing attacks and fraudulent profiles that trick users into divulging personal information or sending money.
  • Gaming platform vulnerabilities: in-game scams, account hacks, and data breaches that expose personal and financial information.
  • Educational system vulnerabilities: compromised online learning platforms that can lead to data theft and privacy violations.

In my talk, I emphasized the necessity of cybersecurity education tailored specifically for digital natives. This education should focus not only on the dangers but also on empowering young people to navigate the digital world securely and confidently.

For those who missed the talk or want to explore the topic further, I’ve uploaded the full presentation, including slides, on X (adblockers might hide the embedded video, but you can see it by opening the X post in a new tab). Timestamps below 👇

Master Your Passwords

Master Your Passwords

Originally written for F-Secured – Your complete guide to online security in 2023.
Republished here with permission.

On a weekly basis you’re likely using around 10 different accounts, but did you know that on average each of us already has close to 100 online accounts? Most of us can’t even name all the sites we’ve been creating accounts for – think about all the webstores you’ve made a single purchase from, or perhaps those mobile apps that force an account creation in order to function. Now, if we don’t even remember all the services we’ve signed up for, how could we remember all the required passwords?

Continue reading “Master Your Passwords”

Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)

Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)

In December 2022 I stumbled upon an interesting YouTube comment-based campaign, which promoted a shady camgirl / porn website through a clever use of YouTube features. I screengrabbed some video evidence and took a quick look at the campaign, but didn’t have time to dig any deeper.

I had forgotten the whole thing until in late April 2023 I saw the same campaign still going strong, still using exactly the same vectors in YouTube, still promoting the same site.

And this time I took a closer look, going through the rabbit hole of sus af adult website promotion. For science!

Continue reading “Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)”

What are social media countermeasures?

What are social media countermeasures?

As the guy who pretty much owns the #socialmediacountermeasures on Twitter, I figured it makes sense to give the term some proper definition beyond just 280 characters.

In short, social media countermeasures are those techniques – both automated and manual – of which social media services use when trying to detect, flag, and remove malicious content. And by malicious, I mean the actually harmful content created by scammers and other cyber criminals. Therefore, these countermeasures do not involve enforcing narratives, shadowbanning, or other forms of suppressing freedom of speech in the name of “fighting disinformation (1, 2)”.

The countermeasures these social media platforms use are, of course, a trade secret, and very little amount of information about them is publicly available. Keeping them that way is a competitive advantage and makes criminals’ lives harder. We can however deduce that all major platforms have long since evolved beyond using simple blacklist of words or URLs as means of detecting malicious content. Behavior analysis seems to be the area of focus these days, as the social media companies can hoover up massive amounts of usage data from real users and then build a model around that. This behavior model alone isn’t enough though, as it only gives us some sort of average, or an acceptable variance, of typical behavior, but it lacks context. Without context a model like that can still detect for example bot-driven copypaste spamming campaigns easily, but when a person writes (at least seemingly) manually messages aiming to scam or phish a specific individual, detecting becomes a lot harder.

That’s way I’ve seen criminals deploy automated tactics that simulate normal behavior, such as introducing a false delay before auto-answering a message or a tweet, or sometimes even creating fake conversations between bots, and in those “conversations” they happen to promote a scam service and so forth.

These could be called counter-countermeasures. It’s a forever cat-and-mouse game between defenders’ tools and attackers’ criminal-cunningness. This is the reason why while most of the spam messages, e.g. YouTube comments, will end up automatically in the “Held for review” folder (so countermeasures caught them), a few will evade detection and end up among the legitimate comments.

Recently I saw a very interesting malicious campaign in YouTube comments, utilizing stolen accounts and impressively contextual and real looking comments. I did however immediately recognize it for what it is, and this once again begs the question: how on earth it didn’t get detected by YouTube’s countermeasures, while it was so blatantly obvious to me? Unless you get a job working in YouTube’s countermeasures unit, you’ll never know.

I will make another blog post about that campaign though. It’s a very interesting example of using multiple layers of the site’s features in order to lure victims into a specific website. It’s a bit NSFW so I need to figure out first if I need to sanitize my screengrabs or not.

EDIT Here it is: Uncovering a long-lasting porn spam campaign on YouTube (NSFW, maybe)

Finally, I’d like to remind everyone to report all scam messages. Reports do improve the detection rate in the future! I shared this tip also in November 2022 issue of F-Alert, the monthly threat report by F-Secure. Feel free to download the report and read my article about a curious Facebook scam targeting Page Admins.

Everyman’s Cyber Defence

Everyman’s Cyber Defence

The following is my translation of “Jokamiehen kyberpuolustus”, Everyman’s Cyber Defence, a short snippet from publicly available document #kyberpuolustus : kyberkäsikirja Puolustusvoimien henkilöstölle (2019) by Laari, Flyktman, Härmä, Timonen and Tuovinen. Source material is encrypted in Finnish and free to download from National Defence University of Finland’s website. I intend no copyright infringement and share this as cyber security awareness material for public interest.

Continue reading “Everyman’s Cyber Defence”

Social Media Countermeasures – Battling Long-Running Scams on YouTube, Facebook, Twitter and Instagram

Social Media Countermeasures – Battling Long-Running Scams on YouTube, Facebook, Twitter and Instagram

For the past few years, I’ve been documenting, screenshotting, and sharing examples of criminal campaigns on the three big social media platforms: Facebook, YouTube and Twitter. I’m not that interested in speculating whether or not something is fake content, falsely amplified by nation-state sponsored threat actors (i.e. coordinated inauthentic behavior), but instead I’ve been focusing on two (a lot less media-sexy) themes:

  1. low-tier criminals using these platforms to promote their services
  2. so called “support scams” targeting mainly Facebook page owners

What is common across these two is the fact that they keep getting through social media platforms’ automatic filtering. I call this filtering – the good-willed type, not the censorship type – social media countermeasures. A term I think I picked up from Destin who runs Smarter Every Day YouTube channel, but I haven’t really seen it used. In a nutshell, social media platforms are trying to create countermeasures to prevent malicious behavior on their platform, and at the same time cyber criminals are developing counter-countermeasures to bob and weave their way around detection and filtering. Sometimes these criminals simply operate in a grey area not covered explicitly by a platform’s Terms of Service, making developing effective countermeasures even harder. Let’s take a look at few examples.

Continue reading “Social Media Countermeasures – Battling Long-Running Scams on YouTube, Facebook, Twitter and Instagram”

What is Ransomware 3.0?

What is Ransomware 3.0?

I believe there’s a pretty clear consensus within the industry that ransomware should not be mistaken anymore to limit itself to just encrypting files and demanding payment for a decryption key. Dubbed by F-Secure “Ransomware 2.0”, now the standard practice for ransomware groups includes also stealing files from the target company in order to increase the leverage for ransom. Proper backups are an antidote to encrypted files but won’t help against the threat of stolen data being leaked.

Although this double extortion scheme has been the new modus operandi only since late 2019, cyber criminals are already looking for additional ways to apply pressure to their victims. This is where Ransomware 3.0 comes in.

Continue reading “What is Ransomware 3.0?”

Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure

Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure

Recently I was invited to KOVA Esports podcast to talk about cyber security, online privacy and identity management from the perspective of gamers and gaming industry in general. Hosted by KOVA’s General Manager Timo Tarvainen and joined by their streamer Teemu “Spamned” Rissanen, we had a great one-hour long discussion. This post covers my own notes about the things we mentioned, source links included, and further expands on some of the topics. Links to the podcast episode can be found on the bottom of the page. Enjoy!

Continue reading “Cyber Security in Gaming – Extensive Show Notes for KOVA Podcast X F-Secure”