This week in InfoSec is X rated (no. it’s not about Twitter this time) Rant of the Week is just an illusion Billy Big Balls airs it’s dirty laundry Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is as little bit sensible, actually
This week in InfoSec (11:51)
With content liberated from the “today in infosec” twitter account and further afield
6th September 1987: Thomas Haynie was accused of intentionally jamming Playboy's satellite network with a text-only message. Haynie was an uplink engineer at the Christian Broadcasting Network and was on duty at the time of the jamming. He received 3 years of probation.
CBN engineer denies pre-empting soft-porn movies
https://twitter.com/todayininfosec/status/1302620593322438656
Rant of the Week (20:12)
If you like to play along with the illusion of privacy, smart devices are a dumb idea
Depressingly predictable research from Which? serves as another reminder, if one was needed, that furnishing your home with internet-connected "smart" devices could be a dumb idea if you'd rather try to preserve your privacy.
The consumer rights organization's analysis of a number of IoT products – from speakers and security cameras to TVs and washing machines – found that they all demand customer data above and beyond what is needed for the product to perform its function, and then distribute that information to a horde of faceless corporations.
Consumer campaign group Which? pointed out that this means consumers are not only in many cases paying thousands for the product itself, with all its "smart" connected bells and whistles, but continue to pay in the form of their personal data.
The outfit broke down what information is required to set up an account with the product manufacturers, what permissions the associated apps request, and what customer activity companies are tapping into.
Spoiler alert: it's all for ads and marketing.
Disturbingly, every single brand examined required both exact and approximate location data – as though your fancy washing machine needed to "know" where it is to clean your clothes.
Billy Big Balls of the Week (28:52)
Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections
A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.
Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.
Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.
To stay on the right side of American law, Randol should have verified and recorded their identities.
In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee.
Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.
[Good comment]: Working for an American financial institution, we must go through mandatory AML (anti money laundering) training each year, and the consequences for the firm if an audit finds a violation tend to be in the high 6-digit payouts.
With that in mind, a kid operating a blatantly open money laundering gig takes a proportionally much smaller punishment (assuming white-glove inmates usually manage to leave the can way before their time is served)]
Industry News (36:14)
UK Electoral Commission Fails Cybersecurity Test Amid Data Breach
Crypto Casino Stake.com Back Online After $40m Heist
UK Government Backs Down on Anti-Encryption Stance
Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign
Think Tank Urges Labour to Promote “Securonomics” Agenda
Chinese Hacker Steals Microsoft Signing Key, Spies on US Government
IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary
UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware
Zero-Day Flaw Exposes Atlas VPN User IPs
Tweet of the Week (44:39)