North Korea, Kaspersky, and France to Facebook – Hack Naked News #154

Michael reports on a suspected North Korea Ransomware attack, Kaspersky federal software ban, compelled passwords, and 1 in 3 IT professionals looking for new jobs! Jason Wood of Paladin Security joins us for the expert commentary on Bitcoin, and more on this episode of Hack Naked News!

News

U.S. Says North Korea ‘Directly Responsible’ For ‘WannaCry’ Ransomware Attack

https://www.npr.org/sections/thetwo-way/2017/12/19/571854614/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack

  • The US publicly declared North Korea responsible for WannaCry locking up over 300,000 computers in 150 countries
  • “North Korea has acted especially badly, largely unchecked, for more than a decade,” Homeland security adviser Tom Bossert said at a White House briefing Tuesday morning.
  • Of note is the discussion of the asymmetric nature of cyber warfare – and why it’s attractive to the North Koreans

Kaspersky sues US government over federal software ban

https://www.engadget.com/2017/12/18/kaspersky-sues-us-government-over-federal-ban/

  • Not a surprising move, but plenty to learn from the process
  • Kaspersky claims good faith efforts on their part, and cites concerns are general to AV products
  • Possible signal in how countries view companies based on their origin

France to Facebook: You Have 30 Days to Stop Harvesting WhatsApp User Data

https://gizmodo.com/france-to-facebook-you-have-30-days-to-stop-harvesting-1821412963

  • France’s CNIL – the data privacy agency – ordered WhatsApp to stop sharing data with Facebook (Facebook owns WhatsApp) claiming users never consented to the sharing for business intelligence or targeted advertising
  • They did agree collecting the data was reasonable for security reasons
  • Germany and the UK appear to be on similar courses and the EU issued a $122M USD fine in May
  • Consider the value of data and the challenge of protecting it alongside the demands for multiple uses… in a global organization

Another Court Says Compelled Password Production Doesn’t Violate The Fifth Amendment

https://www.techdirt.com/articles/20171214/09340938810/another-court-says-compelled-password-production-doesnt-violate-fifth-amendment.shtml

  • Of interest because of the commonly-understood distinction between passwords and biometrics in Fifth Amendment cases
  • Follows a ruling in the last year — also in a criminal matter — compelling the defendant to supply the password
  • Causing the legal community to review the implications of the Fifth Amendment and exploring the totality of the reasoning

Are you slaving away to make someone else a cryptocurrency fortune?

http://www.ibtimes.co.uk/are-you-slaving-away-make-someone-else-cryptocurrency-fortune-1652023

  • Your browser does the processor-intensive coin mining while visiting the site
  • No known long-term damage, and the process ends when the site visit is over; system performance likely takes a dive while on the site
  • The concept is not malicious; doing it without permission is
  • You can block URLs

1 in 3 IT Professionals Is Looking for a New Job: Spiceworks

https://www.pcmag.com/article/357875/1-in-3-it-professionals-is-looking-for-a-new-job-spiceworks

  • 70% report job satisfaction and 63% are… wait for it… underpaid
  • Most have spent about 40% of their careers at the current company
  • Cloud is hot… followed by security and project management (did you see that one coming?)
  • Most think the market will improve, and are open to exploring new opportunities
  • It’s not all money. Other reasons to leave: IT more of a priority, better work-life balance, and working with a more talented IT team

Expert Commentary:

Bitcoin Thefts Go Wild

Bitcoin is all over the news these days and not just the technology centric news sources. You see it on major and local news outlets as well. People are asking questions about bitcoin and whether they should not try to get in on the action. One of the challenges of bitcoin is that it is very new in terms of currencies and so are the methods in how to protect it. A number of bitcoin owners and exchanges are finding out the hard way that protecting their bitcoin can be difficult.

Currency has historically been something physical that you exchange for something else. Now with electronic payments via credit and debit cards, that’s not the case as much. Cryptocurrency is purely virtual, but it turns out that it can still be vulnerable to physical attacks. Such as when someone pulls a gun on you to demand your coin. One person was recently robbed at gun point of $1.8 million of Ether. The accused apparently knew that the victim had this much coin and decided he wanted it. He and an accomplice are up for charges of grand larceny, kidnapping, robbery, criminal use of a firearm, computer trespass and more.

Then you have articles about bitcoin exchanges and mining firms being hacked and looted of their cryptocurrency. NiceHash and Youbit are two that made the news recently. Youbit suffered two breaches in 2017, with the most recent being today. In today’s breach, Youbit suffered a loss of 17% of their total assets. No details on what that means in dollars, but they have shut down and begun the bankruptcy process. The customers of Youbit will have to wait to see what is returned to them as this goes through the courts.

Similarly, Nicehash was hacked and 4,465 bitcoin ($82.3 million today) were stolen in this breach. Nicehash offers mining services in which customers pay other computer owners to mine bitcoin for them using spare computing power. Nicehash is in the process of re-launching their service, but some customers are expressing their doubt that they will use it again unless they receive their bitcoin back.

Moral of the story? Be prepared to protect your bitcoin carefully. Bitcoin.org has some recommendations on how to protect yourself that you should probably check out if you are using cryptocurrency. One of the primary recommendations is to not leave all your coin online in an exchange or other service. Get a hardware wallet and only leave online what you need to spend soon. Also, bragging vocally about the millions you have made in bitcoin may be a bad idea as well. Take some personal security steps and use some discretion.

Full Show Notes

Visit http://hacknaked.tv to get all the latest episodes!