Police are notifying people who may have been featured on a massive revenge porn site. Image: Ursula Ferrara/Shutterstock
Law enforcement in the Netherlands shut down a nefarious revenge porn site.
The man thought to be the Golden State Killer, Joseph James DeAngelo, was caught using DNA from genealogy websites, raising questions around reading terms of service and data privacy.
Meanwhile, Google gave Gmail a major makeover for both enterprises and consumer users. Security fans will be especially happy with the introduction of a confidential mode and disappearing emails.
WhatsApp and Instagram have also been busy making changes, as they prepare for the looming GDPR deadline. These include minimum age changes and downloadable data files. Snapchat is taking a different tack, changing its data retention policies.
Major revenge porn site seized by police
The seizure of Anon-IB – one of the biggest revenge porn sites in the world – is a significant and welcome blow against those who share explicit content featuring non-consenting subjects.
Last week, visitors to the Anon-IB domain were redirected to an image hosted on the official website of the Dutch police force (Politie). Since then, the site has been taken down entirely, according to Motherboard. A spokesperson for Politie said the entire site was able to be shut down as its servers were located in the Netherlands.
CNet reported that three men were arrested and charged with computer intrusion and spreading nude photos. Users were not only posting photos they had obtained as revenge porn, but were also actively hacking into victims’ emails, cloud services and social media to steal explicit content. The women targeted are being informed by law enforcement.
Facebook has a major dark ads challenge ahead
Facebook has had a turbulent few weeks in the wake of the Cambridge Analytica scandal and it is now being sued by consumer advice personality Martin Lewis for allowing fake ads bearing his face and name to run on the platform. The ads were running as click-drivers for online fraud. Facebook CTO Mike Schroepfer said the company had removed numerous dark ads.
Lewis noted that the problem will not be solved by single clean-ups. He said: “A one-off cleansing only of ads with my name in isn’t good enough. It needs to change its whole system.” Natasha Lomas of TechCrunch called for a radical expansion of the touted ad transparency tools.
Europol dismantles largest global DDoS marketplace
Webstresser.org, the world’s largest market for distributed denial of service (DDoS) attacks, was shut down by Europol on 25 April, as part of Operation Power Off.
At least four of the website admins were arrested as part of the operation, and the top users of the service were in the Netherlands, the UK, Spain and Hong Kong, among other locations.
The site’s infrastructure in the Netherlands, the US and Germany was seized. As of April 2018, the site had more than 136,000 registered users, who purchased attacks against online services for banks, police forces and government departments.
SamSam ransomware moves from individuals to entire companies
The SamSam extortion code has been around for a while now, but its latest iteration sees operators launching copies of the ransomware simultaneously to attack whole companies. As opposed to phishing, it is using various vulnerability exploits, including brute force attacks against weak passwords.
A Sophos analysis explained that SamSam has been around since 2016 and its developers are adept at covering their tracks.
NHS to use cash injection to keep cybersecurity system in good health
WannaCry was a disaster for numerous organisations, and the National Health Service (NHS) in the UK was hit particularly badly by the malware attack in May 2017.
According to Infosecurity magazine, 19,000 operations and appointments were cancelled, and 595 GP practices experienced disruption, as well as numerous primary care centres.
Authorities are obviously keen not to see history repeated, so the government is launching a £150m plan to upgrade systems to Windows 10, reinforce firewalls and infrastructure at major trauma centres, and establish an NHS Digital Security Operations Centre, among other strategies.
