Infosec Round-Up: July 19th 2020

Play Video

Russian Hacker Charged, Google Scraps ‘Stalkerware’ & UK Huawei U-Turn

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at the conviction of the LinkedIn hacker, Amazon’s TikTok email, Google’s banning of ‘stalkerware’ adverts and the UK government’s U-turn on Huawei’s 5G future.

Did Amazon Almost Ban TikTok?

Last week, a number of workers at Amazon received an note telling them that they were to remove TikTok from smartphones that are used to access Amazon email, only to then be told, hours later, the note was sent erroneously.

The initial communication, which was later walked back, instructed workers to delete the Chinese-made app because of “security risks”.

How Amazon accidently sent the message in the first place is yet to be addressed, though Kristin Brown, an Amazon spokesperson stated, “there is no change to our policies right now with regards to TikTok”.

Earlier this month, the move to ban TikTok was not only made by India, but also American multinational Wells Fargo. As well as this, Mike Pompeo, US secretary of state, suggested that America was considering blocking a selection of Chinese apps which pose a threat to ‘national security’.

Read More: India Bans Dozens of Chinese Apps

Responding to the ban, a TikTok spokesperson stated: “we're proud that tens of millions of Americans turn to TikTok for entertainment, inspiration, and connection, including many of the Amazon employees and contractors.”

As well as noting “as with any organisation that has concerns, we are open to engaging... and sharing the actions we take to protect data security for our users.”

Russian Cybercriminal Convicted of LinkedIn Hack

A Russian cybercriminal has finally been found guilty, in a U.S. court, of hacking LinkedIn and Dropbox, some eight years ago.

Found guilty of one of America’s largest data breaches, Yevgeniy Nukulin, 32, was charged with stealing the details of 113 million LinkedIn, 69 million Dropbox and 28 million Formspring accounts.

Originally arrested in the Czech Republic back in 2016, and extradited to the U.S. in 2018, the hacker’s trail has faced several delays, and was originally set to conclude in March of this year.

In the first trail held in the Northern California court since lockdown, Nikulin is something of a rarity to American judges, with Russian hackers rarely being successfully extradited to face charges in the US.

U.S. Attorney David Anderson said in a statement, “Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be.” Adding, “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans.”

Nikulin is expected to be sentenced in late September and faces a possible 10 years in prison for each count of selling stolen usernames and passwords, and five years for each count of conspiracy and computer hacking.

Google Stops Advertising Stalkerware – a Bit

In an update to its Enabling Dishonest Behaviour policy, Google has effectively stated that it will no longer advertise stalkerware on its pages.

In the update, the search and technology giant has said it will “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”

Stalkerware, which is largely defined as monitoring software or spyware, is a growing problem, with cyber security company Kaspersky identifying over 500,000 cases of stalkerware on users’ devices, or attempts to install it, over an eight-month period alone.

Learn More About How Stalkerware Works Here.

Not pertaining to private investigation services or products designed for parents to track their underage children, some have pointed out that this update may lead to stalkerware retailers simply rebranding their products. A tactic which some have used in the past.

Huawei Banned from UK 5G

UK Culture Secretary Oliver Dowden has this week announcing a major government U-turn in the role Chinese technology company Huawei will play in 5G networks.

Agreed by the National Security Council on Tuesday, the UK has decided to ban Huawei from 5G infrastructure and to remove all equipment in just 7 years.

Officially announced the same day as the resignation of Lord Browne, the now former Huawei UK chairman, the company has expressed its ‘disappointment’ at the decision.

Chief executive of BT, Philip Jansen, had this week warned that it would be impossible to strip Huawei technology out of telecommunication networks in the initially proposed ten years.

Also warning the action would likely cause “outages”, speaking on BBC Radio 4 program ‘Today’, Jansen stated “Huawei has been in the telecoms infrastructure for about 20 years and a big supplier to BT and many others in the UK telecoms industry.”

Read More: UK to Review Huawei’s 5G Future

“It is all about timing and balance. So, if you want to have no Huawei in the whole of the telecoms infrastructure across the whole of the UK, I think that’s impossible to do in under 10 years.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


Ransomware Propagation

How Does Ransomware get on your Computer?

How Does Ransomware get on your Computer? Chances are that in the last few years you've heard the term "ransomware". Blog by Hut Six Security.

Auditing for GDPR Compliance - Guest Blog

Guest Blog: How to Audit Your Business for GDPR Compliance

How to Audit Your Business for GDPR Compliance with a GDPR Business audit. Hut Six Security guest blog by

The Data Protection Act - Personal Data Breaches

What is a Breach of Data Protection?

What is a Breach of Data Protection? The Data Protection Act - Personal Data Breaches, Reporting and Consequences. Blog by Hut Six Security

Ransomware in the Education Sector

University Hit With $1.14m Ransomware Attack

University of California Ransomware Attack: a $1.1.4m ransom has been paid following a ransomware attack on University of California's School of Medicine.

Purpose of the Data Protection Act

What is the Purpose of the Data Protection Act?

What is the Purpose of the Data Protection Act? Blog by information security awareness training solution provider Hut Six Security.

Remote Working Security

Top 3 Remote Work Security Lessons

Top 3 Remote Work Security Lessons: remote work security blog by information security awareness provider Hut Six Security.

Data Protection Act Regulators

Who Regulates the Data Protection Act?

Who Regulates the Data Protection Act? Data Protection Blog by Information Security Awareness Training provider Hut Six Security

NHS Phishing Attacks

NHS Email Accounts Compromised in Phishing Attack

NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.

Data Protection Act Enforcers

Who Enforces the Data Protection Act?

Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.

How to improve your password security

How Secure is Your Password Process?

How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.

Speak to us about your Cyber Awareness