Sheds! Sheds! Sheds! This week in Infosec takes us back to when the first person in the world was banned from using the Internet for 70 months (by a real Judge, not their parents). Rant of the week is the will they / won’t they story of whether or not the victims will pay the ransom (hint: they did), only to discover it was not worth it! Billy Big Balls this week Hackers Are Having a Field Day With AirTags Industry News brings us the latest and greatest infosec news from around the globe Tweet of the week solicits suggested names for Host Unknown’s new business venture For national password day I was told to create a password which included at least eight characters, so I chose Snow White and the Seven Dwarves. And that is all we have to say on the topic of Little People this week.
This Week in InfoSec
Liberated from the “today in infosec” Twitter account
6th May 1995: Chris Lamprecht (aka "Minor Threat") became the first person banned from the Internet. He received a 70 month sentence for money laundering...and was banned from the Internet until 2003.
https://www.wired.com/1997/12/twice-removed-locked-up-and-barred-from-net/
https://twitter.com/todayininfosec/status/1257862817371156480
7th May 2004: 18-year-old German computer science student Sven Jaschan was arrested for writing the Sasser worm and the NetSky worm. One of Jaschan's friends had informed Microsoft that Jaschan had created the worm.
https://en.m.wikipedia.org/wiki/Sasser_(computer_worm)
https://twitter.com/todayininfosec/status/1390689536670420998
9th May 1990: Operation Sundevil was revealed in a press release. It was a US Secret Service crackdown on "illegal computer hacking activities." Raids occurred in ~15 cities, resulting in a measly 3 arrests.
https://twitter.com/todayininfosec/status/1259301463102074880
The Hacker Crackdown audiobook https://boingboing.net/2008/01/13/podcast-of-bruce-ste.html
Rant of the Week
Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway
Colonial Pipeline's operators reportedly paid $5m to regain control of their digital systems and get the pipeline pumping oil following last week's ransomware infection.
News of the payoff was broken by Bloomberg – which not only cited anonymous sources but also mocked other news outlets' anonymous sources for saying earlier this week that the American pipeline operator would never pay the ransom.
https://www.theregister.com/2021/05/13/colonial_pipeline_ransom/
https://twitter.com/KimZetter/status/1392923544753872896
Colonial Pipeline hackers apologize, promise to ransom less controversial targets in future
Colonial Pipeline was looking to hire a cybersecurity manager before the ransomware attack shut down operations
https://www.theregister.com/2021/05/13/colonial_pipeline_hiring_cybersecurity_manager/
Billy Big Balls of the Week
Hackers Are Having a Field Day With AirTags
Just two weeks after their release, several hackers and security researchers are tearing Apple’s AirTags apart and finding some issues with them.
https://www.vice.com/en/article/pkbpa7/hackers-are-having-a-field-day-with-airtags
Industry News
Misconfigured Database Exposes 200K Fake Amazon Reviewers
Ransomware Takes Down East Coast Fuel Pipeline
University Cancels Exams After Cyber-Attack
Staff Bonus was “Crass” Phishing Simulation
Germany Bans Facebook from Processing WhatsApp Data
AXA to Stop Reimbursing Ransom Payments
More Domestic Abuse Cases Involve Tech
Home Working Parents and Young Adults Are Most Risky IT Users
Biden Executive Order Mandates Zero Trust and Strong Encryption
Tweet of the Week
https://twitter.com/browninfosecguy/status/1392503491042611202
Olaf Hartong @olafhartong: FreemiumBackups
Iain Cyto @IainCyto: Surprise Pen Test Posse.
Biteater @illustrioushefe: WindowsOffender
David Shipley @davidshipley: Trailer Park Crypto Boys
Adrian @Nutritionist_AP: RanSomewhere
Old Navy Dude next @ DEFCON & HIMMS @0ldNavyDude: Ransom McRansomface