News in general got weird in 2017, but some truly bizarre stories emerged in the cybersecurity space.
But isn’t everyone in DC a phony anyway? A British prankster using the Twitter handle @SINON_REBORN spoofed the email address of President Donald Trump’s son-in-law Jared Kushner last July, tricking colleagues and White House officials into responding to the faux White House advisor. Homeland Security Adviser Tom Bossert even disclosed his personal email address to the prankster after believing he was invited to a soiree. The prankster, later identified as James Linton, also impersonated Breitbart News’ executive chairman and former White House Chief Strategist Steve Bannon in emails to the news organization’s editor-in-chief, and also imitated former White House Chief of Staff Reince Priebus in emails to former White House Communications Director Anthony Scaramucci.
Sounds fishy to us: The explosion of Internet of Things devices have inevitably led to dire warnings of hacked baby monitors, thermostats, and even sex toys. But nobody saw a hacked fish tank coming. Yet that’s exactly what happened not long ago to an unnamed North American casino, where, according to Darktrace’s 2017 Global Threat Report, an adversary was able to exfiltrate data from a smart fish tank that was connected to an isolated VPN, and then send that data to a device in Finland.
At least it wasn’t PokemonGo: The MalwareHunter-Team last April discovered a wildly unusual ransomware program that requires its victims to achieve a high score in a “bullet hell shooter” video game in order to unlock their files. The malware, dubbed Rensenware, displays a ransom note featuring an anime sailor girl, blaming the infection on game character Minamitsu Murasa. To escape this predicament, victims have to score over 0.2 billion in the “Lunatic” level of “TH12 – Undefined Fantastic Object.” (We’re guessing this is not easy.) The malware turned out to be a tongue-in-cheek joke by developer Shinjo Park, who reportedly released the code on GitHub for fun, before learning that he and others had become infected. Park later released a Rensenware decryptor.
Fumbled opportunity: There were some terrible defensive practices on display during the 2017 Super Bowl – and we’re not talking about the Atlanta Falcons’ fourth-quarter collapse. Looking to engage its customers prior to the big game, telecom company Charter Communications encouraged its subscribers to change their Wi-Fi passwords to either “GO_NEWENGLAND” or “GO_ATLANTA” to support their Super Bowl team of choice. Of course, such a move would have instantly exposed users to hackers who could try these passwords out on various Wi-Fi networks, especially those located in metropolitan areas with a clear rooting interest.
Her luck ran out: IoT devices are not just a threat to data security, but also to privacy. Case in point… a racer was caught cheating in the Ft. Lauderdale A1A Half Marathon last February when an online investigator noticed some incriminating data corresponding to her Strava fitness app and her Garmin 235 fitness band. Suspicions arose that Seo may have cut the course after she initially failed to include any GPS data when posting her race stats, and then later reposted with GPS data that suggested she retraced the entire half-marathon route on her bike in the afternoon following the race. If that weren’t damning enough, it turns out Seo’s fitness tracker was visible in her post-race photos. A close-up view of the IoT device’s display proved that she didn’t run the full length of the course.