Hacking and infosec news: May 2, 2017
In our weekly headdesk, Trump pulled a FireEye and blamed DNC hacking on China, Intel had a bad Monday, UK authorities maybe popped WhatsApp, and Wired celebrated dudes again. There's more, of course.

The 400-lb hacker had a mysterious accident

In an interview Sunday Trump suggested that the election hacking culprit was China. "Knowing something about hacking, if you don't catch a hacker, okay, in the act, it's very hard to say who did the hacking," said Trump. "With that being said, I'll go along with Russia. Could've been China, could've been a lot of different groups."

He also slammed CrowdStrike, who was hired by the DNC to investigate the hacking. "They hired some company who somebody said some pretty bad things about, to go and check their server and give the information," Trump said. Politico notes that Trump once claimed that CrowdStrike (a California company) was based in Ukraine and "owned by a very rich Ukrainian" (also not true).

Pearls, clutched

Monday Intel got publicly called on, then admitted, and then patched a remote execution attack that's been in its firmware for nearly a decade. If there was one, the Cyber Hand Wringing Threat Level would've been severe.

Soap, dropped

"The Dark Overlord"  dropped stolen episodes of Orange Is the New Black onto Pirate Bay after Netflix refused to concede to a ransom demand. Overlord threatened to release more shows from FOX, IFC, National Geographic and ABC, apparently having popped their primary production  company, Larson. 

On Twitter, Orange Is the New Black had some fun, saying "We have an open bunk for you, Dark Overlord" accompanied by a gif beckoning the viewer to be a prisoner's "little spoon."

Someone needs a hug

Cyberscoop got really bummed out by the new Verizon Data Breach Investigations Report (DBIR). "Of the 1,935 breaches analyzed, 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber-hygiene measures." 

The takeaway, they wrote, is "depressingly familiar." 

Maybe it's a side door

Did UK police and security services pop WhatsApp? Press reported that the authorities' sudden accessing of London attacker Khalid Masood’s messages was a "huge breakthrough" -- and with the information they got, it's certainly valuable. 

Independent writes, "Details on how the security services got into the phone are still sparse. But it is clear that they did so using some sort of technical exploit that allowed access to the phone, and in a way that could be used again in the same way in the future, according to sources." And the report claims the attack, whatever it allegedly was, is reproducible.

It recalls the he-said, she-said WhatsApp backdoor arguments of January, where Guardian said there was one, and then some researchers (and a lot of activists) disagreed.

Maybe Wired's on an  all-sausage diet

In a total fail, Wired decided to do a huge feature on the hottest young hackers ... and did what Wired does so well, which is to spotlight a bunch of white dudes, despite the fact that hacking is a vast and exciting world of emergent geniuses of all genders and colors. It was a weak imitation of Christian Science Monitor's 15 Under 15: Rising Stars of Cybersecurity from last October -- which included lots of girls and people of color.

The editor of Wired posted an apology ... on Facebook. Not on Wired. He also had someone change the article's online headline from "Meet The Brilliant Young Hackers Who’ll Soon Shape The World" to "The Genial, Brilliant, Candy-Loving Hackers of Stetson West."

When pawns become kings

Trend Micro published a 41-page report, "Two Years of Pawn Storm," and it's pretty fascinating. They don't seem to care about money, and instead focus on politics. They're a (very) long-game set of attackers. 

“Pawn Storm threat actors are independent, Russian based and motivated, but we can't say whether they're state-sponsored,” Jon Clay, Trend Micro's senior global marketing manager told SC Media, “As a cyber espionage group, Pawn Storm is motivated by influencing public opinion, not financial gain. They are interested in stealing information to use in ways that promote their endeavors versus profit.”

Someone mentioned scalps

Le Trump Administration sent Sebastian Gorka to speak at Georgetown University last week on a panel "News, Alternative Facts, and Propaganda: The Role of Cyber in Influence Operations." Beforehand, annoyed people tweeted that he'd be representing the White House on cyber. 

But no worries: After a few questions from the attendees, he literally got up and ran out with 20 minutes left in the session. He apparently didn't like the students asking him about his credentials and Nazi ties.

Don't end up a DEF CON topic

Not news, but this week Dual Core released a new song and it's fun: check out 0x0A Hack Commandments.

Thank you!

Thank you so much for reading and supporting my work. Especially if you're a patron -- you make this, and so much more, possible. 


By becoming a patron, you'll instantly unlock access to 135 exclusive posts
77
Audio releases
48
Images
1
Poll
8
Writings
10
Videos
By becoming a patron, you'll instantly unlock access to 135 exclusive posts
77
Audio releases
48
Images
1
Poll
8
Writings
10
Videos
Tier Benefits
Recent Posts