HO HO HO
This is the hardest week of the year to write a blog, worse even than the lazy summer months when Boris, Jack, Itay, Yarden, Marcus, Beom Seok and their evil associates (mwahahaha) are spending time in their secret island volcano lairs.
Fortunately this week has seen a flurry of fairly interesting news for your pre-Christmas enjoyment.
Eagle eyed readers may recall that we covered the exposure of a Denial Of Service ‘as a service’, by none other than the fearless Brian Krebs.
Amongst the ‘go to market’ strategies of these 20 something (20 years old, there were 2 of them) Israelis was to use foot soldiers to sell and market the wares for a relatively small cut of the action. Who would be mad enough to do that?
Step forward one Jack Chappell (no relation to any of the Chappells we know and love, I am assured), a teenager from Stockport. Mr Chappell pleaded guilty to no fewer than 2000 cyberattacks between May 2016 and April 2017 and received a 16-month youth custody sentence, suspended for 2 years.
Victims included Amazon, BBC, BT, Netflix etc. etc. Furthermore, Mr Chappell taunted his victims using his ‘Fractal Warrior’ twitter account.
As with all similar cases the usual defences were rolled out and appeared to have been swallowed hook line and sinker – Autism, “in some ways a victim, he has been exploited and used”, “he is not malicious, he is mischievous”, etc. etc. Poor ickle James.
We share the opinion of most security analysts that until crimes like this stop being seen as victimless and the perpetrators are sent to prison, we will continue to see ‘young, impressionable people’, falling into a life of profit and downright nastiness, safe in the knowledge that any sanction will probably be minor.
In other interesting news this week, it seems that the Twitter account of CNN news reader Anderson Cooper was used to tweet an offensive message to The Donald himself. In the following furore, it transpires that the message was posted from Mr Cooper’s assistant’s mobile device, which he claimed he left unlocked when visiting the gym. And if you believe that, you will believe anything.
Good news then that the Tweetmasters have announced improved two-factor authentication for Twitter enabling you to use 3rd party apps like Google Authenticator, Authy or 1Password at login. If you are worried about the SS7 network being hacked to intercept SMS messages containing auth codes (we remain slightly cynical about this, but hey ho), read all about it here.
That is it for this week, if you would like to discuss information security with us, please contact us at: firstname.lastname@example.org or call 0207 517 3900. We will try and answer through mouthfuls of Mince Pies, pints of Sherry and all of the other Christmas indulgences.
Seasons greetings to one and all from all of us at ITC. See you next week for a review of the year and a look ahead to 2018.