ZuckBook

 In ITC's Threat of the Week

Firstly, we would like to thank all of you who took time out of your busy days to attend our Cyber Summit yesterday in London. We heard from the venerable Paddy McGuinness CMG OBE (some say that it stands for Call Me God), who recommended that this is a year for self-reliance and being in charge of our own destinies, before our luck runs out.

The impact of geo-political activities on regular businesses was also discussed prompting some interesting questions and discussion from the audience both in and out of session. Our very own Malcolm Taylor ran an alternative breakout about understanding your areas of risk, something he knows a lot about.

Third-party risk was thoroughly covered, and we ran a breach masterclass facilitated by an expert panel (including real life lawyers) using funky mobile device voting technology.

We really hope those who attended enjoyed it and found it valuable. We look forward to seeing you all next year. If you would like us to go over any of the material covered, we will be very happy to pop in.

Yesterday, we heard the news that Facebook has once again been a very naughty boy/girl/other. “Oh No! Shock! Horror!”, we hear you cry.

It turns out that since 2016 the mighty ZuckBook has been paying users aged 13-35 (NB this includes kids, minors, maybe even some miners), to install a very, very nosey, data slurping (more shock, more horror) application on their phones.

What’s wrong with that (other than the kids bit obvs)? These poor, deluded, helpless people must volunteer and install the aforementioned app? Well yes, they do. The problem is that many of these users are acolytes of The Sacred Orchard and the people at Apple have a somewhat different approach to personal data than the fast, loose and possibly criminal data miners of the blue book.

Turns out that Facebook has breached its enterprise licencing terms with Apple. As well as distributing this app via the App Store, Facebook also uses the store to distribute numerous internal apps. Well they used to.

In its rage Apple has suspended Facebook’s Enterprise Licence saying “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.

Couldn’t happen to a nicer bunch of charlatans.

After the Cambridge Analytica scandal and numerous other shameless abuses of its dominant position, it is about time somebody did something about it, don’t you think? We know that Facebook is due some hefty fines this year ($1.6 beelion in Ireland alone), but since they posted record quarterly results ($16.91 beeeelion revenue -in 1 quarter!) and seem to have brushed off the whole Analytica affair, we doubt that Facebook will lose much sleep over this.

One of the predictions for 2019 that we made at yesterday’s Cyber Summit was:

It’s all about the data

There can be no doubt that we are now in a data driven world. Breaches and loss of data will increase in 2019, in fact we have just seen the world’s largest ever credential dump (at least 770 Million sets).

The Internet data behemoths will come under increasing scrutiny and control on several fronts – regulatory and government investigation and more subtly perhaps, the power of the employees who are beginning to push back on their dark overlords and infighting between the big boys. (We added the big boy bit after the Apple thing was announced to be fair, but it is going to get worse).

Please be careful with your data in the cloud, it isn’t terribly safe. It will be breached or abused and in the words of Mr McGuinness, now is the time for self-reliance.

If you haven’t had quite enough of us already and want to discuss your cyber security or have a whinge about Facebook, contact us at: [email protected] or 020 7517 3900.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return