Infosecjen

@[email protected]
303 Followers
285 Following
45 Posts
Cyber policy nerd and security research fangirl. I think about 80s cartoons far too much, and I wish Chewbacca was my bestie even though I'm not convinced I'd actually enjoy space travel. My horse is amazing, how about yours?
Podcasthttps://www.buzzsprout.com/2216164
LinkedInhttps://www.linkedin.com/in/infosecjen/
InfosecjenDec 1
If you applied for the UK #HackersInTheHouse, please check your email for something from “haxpoluk”. We’re still missing quite a few confirmations and they need to be in today please or places will be offered to the waitlist. Thanks!
InfosecjenNov 2
Dear UK Security Pros - If you fancy helping shape UK #cyberpolicy, Hackers in the House may be for you. The deadline for registration has been extended to Thurs, Nov 6. I hope to see you there... https://forms.gle/Gi7Qes4LU5qFyNo66
InfosecjenJun 17, 2025
Martin SeegerJun 17, 2025

Update 3: You can find my PostMortem here: https://infosec.exchange/@masek/114721620930871030

Update 2: As far as I can tell, the servers that caused the leak belonged to the DOJ in Montana. We reached them in two ways:

  • Through this post we got contact to the vendor of the software. With the Serial# (in the extraction reports) they could identify whom to call.
  • A friend had a contact in one of the affected police department and they reached out to the DOJ.

Thanks to this community I was also able to get a contact within the FBI. Furthermore some media contacted me and a lot of Mastodon users provided me with additional contacts.

Event though I contacted the AG in Monatana and one PD, no one has reached out to me from the DOJ side.

Update 1: Leak is closed. Will write more tomorrow. Thank you to everyone who helped.

Phone forensics

Usually law enforcement is very secretive about them analyzing the phones of suspects.

But a forensic lab in #montana is extremely transparent about it. They put the dump of every phone on a public share. Everyone with Internet access can access those dumps.

While I am usually a proponent of government transparency, this takes it a bit too far even for my taste.

Every phone dump is one directory and some case names can be easily connected to crime & death headline news in the U.S.

So for one case I am pretty sure, that I can even say which Sheriff is responsible for that one of the investigations.

I sent that Sheriff an email, i sent him a text message and I even spoke on his voicebox. I even sent him the extraction report from Graykey.

It is really frustrating that I get no response at all. The leak is still open.

The security researcher that found the leak also tried some contacts but had as little success as I do.

I personally believe that this leaks even constitutes a federal crime. Some cases have names ending on CSAM. The security researcher stayed away from any of those and I did not access the files on that server at all.

So does anybody know someone within the #fbi that would give a shit about that. I am getting very tired.

#graykey #cellebrite #forensics

Martin Seeger (@[email protected])

## PostMortem: Assumed DOJ Montana Leak of Phone Dumps ### Type of leak Highly confidential information on a public SMB share without authentication ### Threats from the leak I see the following threats: - Integrity and Confidentiality of investigations into serious crimes compromised - Privacy of U.S. citizens compromised (very likely to contain most intimate data) - Providing 3rd parties hostile to the U.S. with blackmail material 1/4

Infosec Exchange
InfosecjenJun 17, 2025
For those with an interest in the cybersecurity of enterprise IoT, the UK gov wants to hear from you (even if you aren't UK-based): https://www.gov.uk/government/calls-for-evidence/call-for-views-on-enterprise-connected-device-security. You don't need to be a policy pro or lawyer, or representing your employer; if you have relevant info to share, they want to hear from you. Consultation closes on 7/7.
Call for views on enterprise connected device security

The government is asking for views on the security of enterprise connected devices, also known as

GOV.UK
Show threadInfosecjenJun 2, 2025
(3/3) https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.245641.secure_by_design-in-the-uk-dsit-open-forum.html Infosecurity Europe - Session Details - Secure-by-Design in the UK: DSIT Open Forum - 5th Jun
Session Details

Show threadInfosecjenJun 2, 2025
(2/3) https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.245151.cyber-security-and-resilience-bill-%E2%80%93-cyber-community-forum.html Infosecurity Europe - Session Details - Cyber Security and Resilience Bill – Cyber Community Forum - 3rd Jun
Session Details

InfosecjenJun 2, 2025
Headed to #InfosecurityEurope this week? Check out these gov roundtables and come have your say on how UK policymakers address cybersecurity (1/3) https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.4355.245150.cyber-policy-101-_-ask-me-anything-with-dsit.html Infosecurity Europe - Session Details - Cyber Policy 101 - Ask Me Anything with DSIT - 3rd Jun
Session Details

InfosecjenMay 17, 2025
We got 12 points from a talking mouse? Did I hit my head? #eurovision
InfosecjenMay 17, 2025
I feel like the UK being awarded points in the State scoring for #Eurovision is a startling reflection of how the political landscape has shifted recently.
InfosecjenMay 17, 2025
Is that… the man from Del Monte???