Infosec Round-Up: July 19th 2020
Russian Hacker Charged, Google Scraps ‘Stalkerware’ & UK Huawei U-Turn
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
This week we are looking at the conviction of the LinkedIn hacker, Amazon’s TikTok email, Google’s banning of ‘stalkerware’ adverts and the UK government’s U-turn on Huawei’s 5G future.
Did Amazon Almost Ban TikTok?
Last week, a number of workers at Amazon received an note telling them that they were to remove TikTok from smartphones that are used to access Amazon email, only to then be told, hours later, the note was sent erroneously.
The initial communication, which was later walked back, instructed workers to delete the Chinese-made app because of “security risks”.
How Amazon accidently sent the message in the first place is yet to be addressed, though Kristin Brown, an Amazon spokesperson stated, “there is no change to our policies right now with regards to TikTok”.
Earlier this month, the move to ban TikTok was not only made by India, but also American multinational Wells Fargo. As well as this, Mike Pompeo, US secretary of state, suggested that America was considering blocking a selection of Chinese apps which pose a threat to ‘national security’.
Read More: India Bans Dozens of Chinese Apps
Responding to the ban, a TikTok spokesperson stated: “we're proud that tens of millions of Americans turn to TikTok for entertainment, inspiration, and connection, including many of the Amazon employees and contractors.”
As well as noting “as with any organisation that has concerns, we are open to engaging... and sharing the actions we take to protect data security for our users.”
Russian Cybercriminal Convicted of LinkedIn Hack
A Russian cybercriminal has finally been found guilty, in a U.S. court, of hacking LinkedIn and Dropbox, some eight years ago.
Found guilty of one of America’s largest data breaches, Yevgeniy Nukulin, 32, was charged with stealing the details of 113 million LinkedIn, 69 million Dropbox and 28 million Formspring accounts.
Originally arrested in the Czech Republic back in 2016, and extradited to the U.S. in 2018, the hacker’s trail has faced several delays, and was originally set to conclude in March of this year.
In the first trail held in the Northern California court since lockdown, Nikulin is something of a rarity to American judges, with Russian hackers rarely being successfully extradited to face charges in the US.
U.S. Attorney David Anderson said in a statement, “Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be.” Adding, “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans.”
Nikulin is expected to be sentenced in late September and faces a possible 10 years in prison for each count of selling stolen usernames and passwords, and five years for each count of conspiracy and computer hacking.
Google Stops Advertising Stalkerware – a Bit
In an update to its Enabling Dishonest Behaviour policy, Google has effectively stated that it will no longer advertise stalkerware on its pages.
In the update, the search and technology giant has said it will “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”
Stalkerware, which is largely defined as monitoring software or spyware, is a growing problem, with cyber security company Kaspersky identifying over 500,000 cases of stalkerware on users’ devices, or attempts to install it, over an eight-month period alone.
Learn More About How Stalkerware Works Here.
Not pertaining to private investigation services or products designed for parents to track their underage children, some have pointed out that this update may lead to stalkerware retailers simply rebranding their products. A tactic which some have used in the past.
Huawei Banned from UK 5G
UK Culture Secretary Oliver Dowden has this week announcing a major government U-turn in the role Chinese technology company Huawei will play in 5G networks.
Agreed by the National Security Council on Tuesday, the UK has decided to ban Huawei from 5G infrastructure and to remove all equipment in just 7 years.
Officially announced the same day as the resignation of Lord Browne, the now former Huawei UK chairman, the company has expressed its ‘disappointment’ at the decision.
Chief executive of BT, Philip Jansen, had this week warned that it would be impossible to strip Huawei technology out of telecommunication networks in the initially proposed ten years.
Also warning the action would likely cause “outages”, speaking on BBC Radio 4 program ‘Today’, Jansen stated “Huawei has been in the telecoms infrastructure for about 20 years and a big supplier to BT and many others in the UK telecoms industry.”
Read More: UK to Review Huawei’s 5G Future
“It is all about timing and balance. So, if you want to have no Huawei in the whole of the telecoms infrastructure across the whole of the UK, I think that’s impossible to do in under 10 years.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
How Does Ransomware get on your Computer?
How Does Ransomware get on your Computer? Chances are that in the last few years you've heard the term "ransomware". Blog by Hut Six Security.
Guest Blog: How to Audit Your Business for GDPR Compliance
How to Audit Your Business for GDPR Compliance with a GDPR Business audit. Hut Six Security guest blog by https://reciprocitylabs.com/.
What is a Breach of Data Protection?
What is a Breach of Data Protection? The Data Protection Act - Personal Data Breaches, Reporting and Consequences. Blog by Hut Six Security
University Hit With $1.14m Ransomware Attack
University of California Ransomware Attack: a $1.1.4m ransom has been paid following a ransomware attack on University of California's School of Medicine.
What is the Purpose of the Data Protection Act?
What is the Purpose of the Data Protection Act? Blog by information security awareness training solution provider Hut Six Security.
Top 3 Remote Work Security Lessons
Top 3 Remote Work Security Lessons: remote work security blog by information security awareness provider Hut Six Security.
Who Regulates the Data Protection Act?
Who Regulates the Data Protection Act? Data Protection Blog by Information Security Awareness Training provider Hut Six Security
NHS Email Accounts Compromised in Phishing Attack
NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.
Who Enforces the Data Protection Act?
Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.
How Secure is Your Password Process?
How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.