December 24, 2018
i-news: best of the best in 2018.
Boys and Girls! I hereby give you the last edition of i-news for 2018. Every year around this time I get the urge to do a bit of light-hearted summarizing and recapping, so we can see in the New Year in a good mood :). So, today we will talk about the loudest, silliest, funniest and weirdest news from the world of IT and cybersecurity that appeared on our screens in 2018.
First, let’s talk about professionalism in the media – you know, stuff like objectivity, investigative journalism and fact-checking. Or, to be more precise, the absence of all those things.
In October, Bloomberg Businessweek published an “investigation” with a pretty sensational headline and authored by a well-known ‘sauna journalist’. The first part of the headline says it all – The Big Hack. The story is based on information from anonymous sources (surprise, surprise!) and claims hardware manufactured by Super Micro has bugs implanted in them. And it’s supposedly been going on for several years. The chips were supposedly found by staff at Apple and Amazon, and the US authorities have been carrying out an investigation since 2015. And then, the interesting part starts…
US plans to retaliate by implanting tiny “chips” in all hardware sent to China according to 17 unnamed sources. pic.twitter.com/ovqChUm6EI
— Brian Bartholomew (@Mao_Ware) October 6, 2018
Amazon denied any knowledge of the bugs, while Tim Cook of Apple said it’s all lies and called for the article to be retracted. Super Micro declared it had never received any customer complaints or questions from the authorities. (All this sounds pretty familiar!) Within 24 hours of the publication, Super Micro shares plummeted 60%. The company called in an outside firm to conduct an investigation that found no evidence to back up the journalists’ claims. Bloomberg appears to be in no hurry to apologize, although it did assign another journalist to do some further research.
Bloomberg Businessweek® — DOES IT EVEN MATTER IF IT HAPPENED?™ https://t.co/0fMmZZCmmu
— Tavis Ormandy (@taviso) December 11, 2018
Data leaks. We’ve become so accustomed to them that we no longer react to them in the news. But we probably should, because one could affect any of us sooner or later. This year, the personal details of billions of private users were divulged, some of them repeatedly. Here are some of the high-profile cases: data on 380,000 British Airways client cards was leaked; a Cathay Pacific hack affected 9.4 million passengers; data on 500,000,000 Marriot hotel clients was compromised; earlier this year, there was an attack on Singapore’s health ministry, affecting 1.5 million people including the country’s PM; T-Mobile lost the data of 2 million clients, but perhaps the biggest data leak scandal of all involved Facebook. 50 million users were affected and interesting data like people’s geolocations, search requests, contact details, etc. was leaked. Another major, Google, announced the closure of the social network Google+ after information about lost data was made public – something they were not originally going to publish. Soon after this, the company suffered again from a second leak. This raises another important issue. There’s no secret that will not come to light, and at the very least it’s short-sighted to sweep such leaks/hacks under the carpet. In today’s reality, large businesses must always be prepared for such attacks and losses, and must also be ready to inform clients, investors and any other relevant parties about them.
‘Smart’ cities and ‘smart’ homes are not some sci-fi invention from a futuristic movie; they are already here. However, the smart lifestyle comes complete with Big Brother. Some of you may say: “So what? I don’t have anything to hide”. But others, I hope, will stop to think about all the information you share with the different apps on your smartphones and with other IoT gadgets.
Here are just a couple of examples of patents recently filed by technology giants that gave me shivers (based on a review in the Observer newspaper). First up, an app that tracks how much noise a child is making and that notifies parents about ‘inferred mischief’ if children suddenly lower their voices to a whisper. Then there’s technology that tracks the humidity, temperature and light level in a room that will tell Google what the user is up to: sleeping, cooking, watching TV or about to take a bath… the ideal time to display a targeted ad for a new shampoo say.
Keeping an eye on tech patents is a very useful way of spotting important trends. This in today’s Observer – about digital assistants – is useful. pic.twitter.com/6yrYQU8KEM
— Jamie Bartlett (@JamieJBartlett) November 11, 2018
This year, I made another creepy-ish discovery about a popular online scam from Nigeria that is based on ritual sacrifices, spells and other forms of obscurantism. The criminals carrying out this type of cyber witchcraft are called ‘yahoo plus boys’. I couldn’t find the etymology of the term – some of you may know where it comes from. As a rule, they are young guys looking for easy money. They use an unsophisticated set of social engineering tricks based on local voodoo practices which supposedly helps them extort money from their victims. This is not a new phenomenon – there’s even a research paper on it. The term “cyber spiritualism” in particular made me smile :) This whole story grew out of the now notorious Nigerian scam.
And finally, we come to the ‘Face palm’ category. Yes, cybercriminals are people too – they mess up sometimes and do dumb things just like the rest of us.
Here’s a story about an apologetic miner who left apologies for his victims in his malware code. Life’s hard. No other choice.
Apologetic Miner returns with updated apology note. Yes, he’s actually deploying this via ADB (port 5555) to vulnerable Android devices. pic.twitter.com/YQYKV08vQj
— Stefan Tanase (@stefant) October 20, 2018
To all those involved in cybersecurity, remain on the Light Side in 2019! That way, we’ll win!