Infosec Round-Up: July 19th 2020

Russian Hacker Charged, Google Scraps ‘Stalkerware’ & UK Huawei U-Turn

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at the conviction of the LinkedIn hacker, Amazon’s TikTok email, Google’s banning of ‘stalkerware’ adverts and the UK government’s U-turn on Huawei’s 5G future.

Did Amazon Almost Ban TikTok?

Last week, a number of workers at Amazon received an note telling them that they were to remove TikTok from smartphones that are used to access Amazon email, only to then be told, hours later, the note was sent erroneously.

The initial communication, which was later walked back, instructed workers to delete the Chinese-made app because of “security risks”.

How Amazon accidently sent the message in the first place is yet to be addressed, though Kristin Brown, an Amazon spokesperson stated, “there is no change to our policies right now with regards to TikTok”.

Earlier this month, the move to ban TikTok was not only made by India, but also American multinational Wells Fargo. As well as this, Mike Pompeo, US secretary of state, suggested that America was considering blocking a selection of Chinese apps which pose a threat to ‘national security’.

Read More: India Bans Dozens of Chinese Apps

Responding to the ban, a TikTok spokesperson stated: “we're proud that tens of millions of Americans turn to TikTok for entertainment, inspiration, and connection, including many of the Amazon employees and contractors.”

As well as noting “as with any organisation that has concerns, we are open to engaging... and sharing the actions we take to protect data security for our users.”

Russian Cybercriminal Convicted of LinkedIn Hack

A Russian cybercriminal has finally been found guilty, in a U.S. court, of hacking LinkedIn and Dropbox, some eight years ago.

Found guilty of one of America’s largest data breaches, Yevgeniy Nukulin, 32, was charged with stealing the details of 113 million LinkedIn, 69 million Dropbox and 28 million Formspring accounts.

Originally arrested in the Czech Republic back in 2016, and extradited to the U.S. in 2018, the hacker’s trail has faced several delays, and was originally set to conclude in March of this year.

In the first trail held in the Northern California court since lockdown, Nikulin is something of a rarity to American judges, with Russian hackers rarely being successfully extradited to face charges in the US.

U.S. Attorney David Anderson said in a statement, “Nikulin’s conviction is a direct threat to would-be hackers, wherever they may be.” Adding, “Computer hacking is not just a crime, it is a direct threat to the security and privacy of Americans.”

Nikulin is expected to be sentenced in late September and faces a possible 10 years in prison for each count of selling stolen usernames and passwords, and five years for each count of conspiracy and computer hacking.

Google Stops Advertising Stalkerware – a Bit

In an update to its Enabling Dishonest Behaviour policy, Google has effectively stated that it will no longer advertise stalkerware on its pages.

In the update, the search and technology giant has said it will “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”

Stalkerware, which is largely defined as monitoring software or spyware, is a growing problem, with cyber security company Kaspersky identifying over 500,000 cases of stalkerware on users’ devices, or attempts to install it, over an eight-month period alone.

Learn More About How Stalkerware Works Here.

Not pertaining to private investigation services or products designed for parents to track their underage children, some have pointed out that this update may lead to stalkerware retailers simply rebranding their products. A tactic which some have used in the past.

Huawei Banned from UK 5G

UK Culture Secretary Oliver Dowden has this week announcing a major government U-turn in the role Chinese technology company Huawei will play in 5G networks.

Agreed by the National Security Council on Tuesday, the UK has decided to ban Huawei from 5G infrastructure and to remove all equipment in just 7 years.

Officially announced the same day as the resignation of Lord Browne, the now former Huawei UK chairman, the company has expressed its ‘disappointment’ at the decision.

Chief executive of BT, Philip Jansen, had this week warned that it would be impossible to strip Huawei technology out of telecommunication networks in the initially proposed ten years.

Also warning the action would likely cause “outages”, speaking on BBC Radio 4 program ‘Today’, Jansen stated “Huawei has been in the telecoms infrastructure for about 20 years and a big supplier to BT and many others in the UK telecoms industry.”

Read More: UK to Review Huawei’s 5G Future

“It is all about timing and balance. So, if you want to have no Huawei in the whole of the telecoms infrastructure across the whole of the UK, I think that’s impossible to do in under 10 years.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.