open source and cybersecurity news

June 13, 2023

Gmail Flaw Gives Phishing Emails the Blue Tick, Activity Based Intelligence - Cuba, Russian Hacker Drains Security Services Bitcoin Wallets, PyPi Subpoena for Data Of Users

In this Episode:

Episode Transcription:

Mark Miller: 

From Sourced Network Productions in New York City, It’s 5:05 on Tuesday, June 13th, 2023. This is your host Mark Miller sitting in for Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California, Marcel brown in St. Louis, Missouri, Olimpiu Pop in Transylvania, Romania, and new contributor. Hillary Coover from Washington DC. We’ll start off today’s episode with Edwin Kwan talking about a Google mishap with their blue check authentication program. Hey, let’s get to it. 

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Last month Google introduced a blue checkmark icon next to senders that they deem are legitimate. This is part of an email authentication program called BIMI, Brand Indicators for Message Identification. It aims to protect email users from brand spoofing and phishing attacks, claiming to be from a trusted organization.

Google, like most email providers that support BIMI, do this via email authentication standards like SPF, Sender Policy framework, DMARC, Domain-based Message Authentication Reporting, and Conformance. And DKIM, Domain Keys Identified Mail. BIMI can be implemented by adopting DMARC along with either SPF or DKIM.

Up until last week, Google supported both SPF and DKIM. However, a security architect found a bug in SPF a few weeks ago that upgraded non-authenticated emails and made them authentic. The bug was actually a long-standing and well-known issue with SPF. This was reported to Google who eventually updated its blue tick program to no longer support SPF.

Hillary Coover: 

Hi, I’m Hillary Coover. While we know China has been expanding its intelligence gathering operations worldwide in the global strategic competition landscape, Cuba still comes as a surprise to many and all of the news surrounding the activity going back to 2019.

I’m here to use this as an opportunity to highlight a couple of open source, traditionally marketing focused data sources to measure activity in the country and in specific regions. 

One is the measurement of device activity across temporal and spatial parameters using advertising IDs. While this data has increasing limitations due to privacy concerns, it can certainly provide insight to patterns of life, of devices with advertising IDs, traveling to and from, and living in the regions of interest.

Put plainly, if you drop a bubble around the region you are interested in and define the time period that you’re interested in capturing data from, in a lot of cases you can attribute the advertising ID activity to individuals with all of that data. 

Additionally, commercial satellite imagery, commercial radio frequency data, and other types of activity based data can be commissioned, procured, and correlated to that mobile device location data.

You also have databases of international business records that house information on individuals and business entities and all of the connections they may or may not have to each other. 

 In the context of Cuba, you can look at the investment activity and the activity of entities and individuals from China and see how many degrees they are removed from Cuban entities and individuals around the same time periods.

Katy Craig: 

According to Chainalysis, a crypto tracing firm, a mysterious Bitcoin user has weaponized the blockchain against the Russian state and is using it to help Ukraine. 

This is Katy Craig in San Diego, California. 

This individual has exposed a whopping 986 wallets, allegedly controlled by Russian security agencies, the Foreign Military Intelligence Agency (GRU), the Foreign Intelligence Service ( SVR), and the Federal Security Service (FSB).

Using the transparency of the Bitcoin blockchain, this vigilante uncovered these wallets and made some shocking accusations. They claim that these wallets were involved in hacking activities. 

Now let’s pause for a moment and acknowledge that we can’t confirm the truth of these allegations. The agencies in question have remained silent offering no comment.

But what we do know is that this mysterious Bitcoiner managed to gain control of some of these wallets, and here’s the twist, folks; the hijacked Bitcoin was reportedly given to Ukraine. 

How this Robinhood conducted the hack is still a mystery. Was it through hacking or perhaps an inside job? We can only speculate.

This daring act carries significant implications. It raises questions about the transparency and security of cryptocurrencies and how they can be manipulated for political purposes. It’s a bold move to use the Bitcoin blockchain against a powerful nation’s security apparatus. 

This is Katy Craig. Stay safe out there.

Olimpiu Pop: 

Spring 2023. The Python Software Foundation received correspondence from the EU Department of Justice. No, there weren’t Easter postcards, but three subpoenas for disclosing PyPi data about five of its users. Obviously, the DoJ didn’t provide additional context. In the end in Big Brother with trust. 

What did they want? Nine items. 

Number 1: Names including subscriber, user and screen names. 

Number 2: Addresses including mailing, residential addresses, business and email addresses. 

Number 3: Connection records. 

Number 4: Records of session times and durations and the temporarily assigned network address such as IP addresses associated with those sessions.

Number 5: Length of service including start, date and type of services utilized. 

Number 6: Telephone or instrument numbers including the registration, IP addresses.

Number 7: Means and source of payment of any such services, including credit card or bank account number, and obviously billing records 

Number 8: Records of all Python package index packages uploaded by given usernames. 

Number 9: IP download logs of any PyPi Packages uploaded by given usernames 

Initially the organization considered fighting back, but legal counsel convinced them otherwise or so they state. In the aftermath. PSF started developing new data retention and disclosure policies.

The policies are related to future government data requests, how and for what duration personally identifiable data is stored. The official blog post contains more detailed information and can be found in the resources sections of today’s episode on

This was Olimpiu Pop reporting from Transylvania, Romania.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, bringing you some technology history for June 13th. 

June 13th, 1925. Charles Jenkins demonstrates a precursor to television called Radio Vision, when he transmits a 10 minute film of synchronized pictures and sound over five miles from the Anacostia Air Station to Washington DC to representatives of the United States Navy and government. In effect, this was the first public demonstration of television in the United States. 

June 13th, 1983. The NASA space probe Pioneer 10 crosses the orbit of Neptune becoming the first manmade object to leave the solar system. It was launched on March 2nd, 1972, toward the Red Star Aldebaran, which forms the eye of the Constellation Taurus.

The last contact with Pioneer 10 was on January 23rd, 2003. 

That’s your technology history for today. For more, tune in tomorrow and visit my website

Mark Miller: 

That’s it for today’s open source and cyber security updates. Thanks to Edwin Katy, Marcel Olimpiu and Hillary for today’s contributions. Do you have a story you’d like to contribute? Leave me comment on today’s episode and I’ll reach out to you. 

For direct links to all stories and resources mentioned in today’s episode, go to 5:05 is a Sourced Network Production with updates available Monday through Friday on your favorite audio streaming platform. 

See you tomorrow… at 5:05.



Leave the first comment