Pete Recommends – Weekly highlights on cyber security issues, January 8, 2023

Subject: 2 charged in nationwide Ring camera ‘swatting’ spree
Source: WHNT via FOX31 Denver

(WHNT) — Two men have been accused carrying out a “swatting spree” over the span of one week in November as they allegedly hacked into a dozen Ring doorbell cameras across the country and live-streamed police response. Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina were indicted by a federal grand jury last week.

The federal indictment said in November 2020, the pair allegedly “gained access” to several home security door cameras sold by Ring LLC. They allegedly obtained login information from Yahoo email accounts.

Nelson and McCarty are then accused of calling 911 to the victims’ addresses and making fake reports, intending to generate an emergency response to their homes. The act is called “swatting.”

The series of swatting incidents prompted the FBI to issue a public service announcement, urging anyone with smart home devices with cameras and voice capabilities to use more complex passwords to prevent similar attacks.

Subject: The Hidden Cost of Cheap TVs
Source: The Atlantic

The Atlantic: “…But the story of cheap TVs is not entirely just market forces doing their thing. Perhaps the biggest reason TVs have gotten so much cheaper than other products is that your TV is watching you and profiting off the data it collects. Modern TVs, with very few exceptions, are “smart,” which means they come with software for streaming online content from Netflix, YouTube, and other services. Perhaps the most common media platform, Roku, now comes built into TVs made by companies including TCL, HiSense, Philips, and RCA….

Smart TVs are just like search engines, social networks, and email providers that give us a free service in exchange for monitoring us and then selling that info to advertisers leveraging our data.

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: Did ChatGPT Write That? College Kid Creates AI Essay Detector
Source: Gizmodo

Did a human or an algorithm write that? For the answer, just ask this algorithm.vA college student has created an app to help us humans decipher whether text was written by a human or generated by OpenAI’s crazy new chatbot, ChatGPT.

Edward Tian, a computer science and journalism student at Princeton, says he created the program, which he dubs “GPTZero,” to help combat academic plagiarism generated by the new AI-powered chatbot.

In particular, critics fear that the chatbot will potentially doom the college essay, lead to a swell in disinformation, and prove otherwise disruptive to major media industries.
Thus, Tian’s program—which analyzes text for complexity and “randomness” to assess whether it was spawned by a human or machine—seems like a pretty good thing.

The college student shared links to his creation on Twitter this week, explaining how it was designed to “quickly and efficiently detect whether an essay is ChatGPT or human written.”


Subject: Coinbase Fined $100 Million for Lax Background Checks
Source: Gizmodo

The cryptocurrency exchange was not properly vetting users upon signup, leading to criminal activity running unmoderated on the platform. Cryptocurrency exchange Coinbase has reached a $100 million settlement with the New York State Department of Financial Services after the department’s investigation revealed that Coinbase failed to properly vet users before opening an account, leading to criminal activity on the exchange.

The $100 million settlement comes as two payments of $50 million each—one is a fine for failing to conduct appropriate background checks (referred to as a “compliance program”) on users opening accounts. The other $50 million is an investment in bolstering their compliance program over the next two years.


Subject: The FBI’s Perspective on Ransomware
Source: The Hacker News

How to Avoid Attacks – From the Horse’s Mouth But don’t take our word for it. Some ransomware attackers are “kind” enough to provide organizations with best practices for securing themselves from future ransomware attacks. Recommendations include:

Turning off local passwords

  • Using secure passwords
  • Forcing the end of admin sessions
  • Configuring group policies
  • Checking privileged users’ access
  • Ensuring only necessary applications are running
  • Limiting the reliance of Anti-Virus
  • Installing EDRs
  • 24 hour system admins
  • Securing vulnerable ports
  • Watching for misconfigured firewalls

Subject: Cloud email services bolster encryption against hackers
Source: TechRepublic

Google, Microsoft and Proton launched new end-to-end encryption products to confront the 50% increase in ransomware, phishing and other email-vector attacks from the first half of 2022.End-to-end encryption for email and other cloud services is growing in popularity. Given that email is one of the top two cyberattack vectors, this is no surprise.

According to Verizon’s annual 2022 Data Breach Investigations Report, mail servers accounted for 28% of all affected hardware, and 35% of ransomware activities involved email. The EU Agency for Cybersecurity’s 2022 report noted that ransomware accounts for 10 terabytes of data stolen per month with 60% of companies likely to have paid a ransom. A 2021 Gartner study, updated for 2022, reported that about 40% of ransomware attacks start with email. To address these challenges, Google, Microsoft and Proton, whose Proton Mail service was a first-mover in secure email, both moved to expand end-to-end encryption offerings.

Cybersecurity Insider Newsletter – Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays.


Posted in: AI, Cybersecurity, Education, Email Security, Encryption, KM, Legal Research, Privacy, Spyware, Technology Trends