Critical Infrastructure Security, Critical Infrastructure Security, Vulnerability Management

2019’s weird and wonderful news

Dead Cows, HackerGiraffes, fast food-craving lemmings, foul-mouthed scooters and golf pranksters made SC Media’s rather eclectic list of the most bizarre cyber news from the last 12 months. 

In 2016, hackers tried to influence who became president. This time, hackers are running for president!  

Well, make that a former teenage hacker – and a fairly harmless one at that. Democratic candidate and former Texas Congressman Beto O’Rourke was once a member of famed hacktivist group Cult of the Dead Cow (cDC), operating under the alias “Psychedelic Warlord,” Reuters first reported last March. 

There’s no evidence O’Rourke ever illegally accessed computer systems or wrote malicious code, but he did admit to stealing long-distance service to engage in conversations online, the report said. 

Over the course of cDc’s three-plus decades, its various members have been credited with ushering in the age of the modern hacker convention, introducing a slew of hacker tools including the Microsoft remote administration tool Back Orifice, and publicizing their efforts with the intent of making software developers acknowledge and fix their vulnerabilities. 

PewDiePie fans are served a helping of humble pie.

A hacker going by the handle TheHackerGiraffe caused all sorts of mischief in late 2018 and early 2019 while supposedly trying to raise awareness for two causes close to his heart: one, raising cybersecurity awareness, and two, ensuring that Swedish video game commentator and YouTube star PewDiePie remains number-one in total subscribers. 

Working at least some of the time in tandem with a second hacker known as j3ws3r, TheHackerGiraffe forced thousands of internet-connected printers to spit out messages in support of the online star, affecting 150,000 machines over two incidents. He (or she) later hacked thousands of improperly secured Chromecasts, SmartTVs and Google home assistants to play PewDiePie’s YouTube channel. By January he went dark, apparently due to fears of prosecution as well as death threats – but not before giving one last shout-out to PewDiePie. 

Before laying low, TheHackerGiraffe reportedly disavowed a late 2018 cyberattack in which a Wall Street Journal web page was altered to display an apology to PewDiePie for past negative coverage. This suggests another PieDiePie fan may have been responsible for this particular incident.

And then there was PewCrypt: a ransomware program designed to increase PewDiePie’s subscriber count. Its ransom note asks victims to subscribe to PewDiePie and warns that the malware creator will not issue a decrypter tool unless and until PewDiePie reaches 100 million subscribers. 

Giving new meaning to “Hack Golfer…” 

A possible hacker may have tinkered with the USGA-administered GHIN (Golf Handicap and Information Network) handicap system last spring, adding four embarrassingly high scores to President Donald Trump’s official golfing results. Last May, Golfweek reported that someone added the fake scores of 101, 100, 108 and 102 to Trump’s records, making it appear as if the president’s game fell apart at such venues as Trump National New York, Trump International in West Palm Beach and the Cochise Course at Desert Mountain in Scottsdale, Arizona. 

Of course, it has been speculated that some of the scores that Trump himself has posted are “fake news,” including some suspiciously low-scoring rounds in the 70s and 80s that suggest that he is either is a 2.8-handicap golfer with surprisingly above-average skills or someone who plays fast and loose with the rules. 

“As we dug into the data it appears someone has erroneously posted a number of scores on behalf of the GHIN user,” Craig Annis, the managing director of communications for the USGA, reportedly told Golfweek, promising corrective action “to remove the scores.” 

Lime leaves a sour taste in riders’ mouths. 

It was not a “G’day, mate” for Lime electric scooters in Brisbane, Australia last April, after a troublemaker hacked eight of the personal transportation vehicles to blurt out rude, profane and sexually suggestive audio messages to people approaching them on the street. 

“Don’t take me around, because I don’t like to be ridden,” was among the tamest wisecracks spoken aloud, according to reports from Vice and the Washington Post at the time. Other messages were just plain offensive due to their racist content. 

Reportedly, the hacker accessed the scooters’ audio file port in an act that is essentially the same as changing a phone’s ringtone. Normally, Lime scooters make beeping sounds. Still, the attack was relatively harmless, considering that researchers at Zimperium found that attackers could hack a Xiaomi e-scooter via a Bluetooth-enabled app to make the vehicle suddenly brake or accelerate while in use. 

Cryptozoologists, beware of Thrangrycats and Whopper lemmings! 

In May, researchers at Red Balloon warned that millions of Cisco devices used by corporate, government and military networks contain a vulnerability in their Secure Boot process that could allow local, authenticated actors to bypass and disable critical functionality in the Trust Anchor hardware module (TAm). 

Of course, there’s only one appropriate way to express the serious nature of this hardware tampering threat: with cat emojis.

That’s why Red Balloon named the vulnerability: .

Of course, this is unpronounceable, so the researchers gave it the alternative, yet equally ridiculous name "Thrangrycat." 

Here is Red Balloon’s rationalization (or overrelationalization) for the nomenclature: “First, emoji sequences are universally understood across nearly all natural languages. Choosing   instead of a name rooted in any one language ensures that the technical contents of our research can be discussed democratically and without latent cultural or linguistic bias. Second, emojis are indexical to the digital age. Third, clear communication is the foundation of friendship, and such a foundation must begin with proper ontological agreement. Just as the universal language of mathematics is largely expressed through interlinguistic symbology, so too is   . Fourth, cats are seen as almost paradoxical beings. While they exist in our lives as the ultimate creatures of leisure, cats are also fierce predators…” 

The next imaginary creature, the Whopper lemming, sprung from the imagination of messaging service provider Telegram while blaming Chinese state-sanctioned actors for a June 2019 distributed denial of service attack that overwhelmed its servers. Telegram colorfully tweeted about the attack: “Imagine that an army of lemmings just jumped the queue at McDonald’s in front of you – and each is ordering a whopper… The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can’t even see you to try and take your order.” 

We love this metaphor so much that we’ll forgive Telegram for putting the image of rodent-infested fast food restaurants in our heads. 

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.