This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

6th September 2011: Luis Mijangos received a 6 year prison sentence. His crimes included sextortion, stealing financial info, and webcam monitoring. 

California's "Sextortion" Hacker Sentenced to Prison

https://twitter.com/todayininfosec/status/1302770088471298049

3rd September 1995: The online auction site, eBay, is launched as “AuctionWeb” by Pierre Omidyar. The first item sold, a broken laser pointer, wasn’t actually intended to sell, but rather to test the new site, itself started as a hobby. Surprised that the item sold for $14.83, Omidyar contacted the buyer to make sure he knew the laser pointer was broken, to which was replied, “I’m a collector of broken laser pointers.” 

From that first $14.83, Omidyar is now worth billions of dollars.

Rant of the Week

Halfords slapped on wrist for breaching email marketing laws

Bike and car accessory retailer Halfords has found itself in the wrong lane with Britain’s data watchdog for sending hundreds of thousands of unsolicited marketing emails to members of the public.

According to the Information Commissioner’s Office, it fined the business £30,000 for dispatching 498,179 messages to folk that hadn’t provided consent - equating to a £0.06 penalty per each email.

The decision relates to a direct marketing mailer that Halfords sent electronically on July 28, 2020 concerning a ‘Fix Your Bike’ government voucher scheme. This gave recipients up to £50 toward the cost of repairing a cycle in any approved retailer in the UK.

Unsurprisingly, Halfords' marketing email urged the individuals to book a free bike assessment and redeem their voucher in store, meaning this was marketing designed to generate income for the company. As such, the advertising of the service meant Halfords couldn’t rely on ‘legitimate interest’ to send the mail, which the ICO said it had done.

Billy Big Balls of the Week

How the ‘man in black’ was exposed by the Russian women he terrorised

A Russian police officer's takeaway food order was the breakthrough clue which helped a group of women, who had been terrorised by him, reveal his true identity. 

The women, mostly aged between 19 and 25, had attended a rally in Moscow in March against Russia's invasion of Ukraine. They were quickly rounded up by officers and put in the back of a police van.

Most of them didn't know each other, but despite the circumstances the atmosphere was upbeat. They even set up a Telegram group chat as they travelled across the city to Brateyevo police station.

What happened next was far worse than they anticipated.

Over the next six hours they suffered verbal and physical abuse that, in some cases, amounted to torture - one woman says she was repeatedly starved of oxygen when a plastic bag was put over her head.

The abuse was carried out by the same unnamed plain-clothes officer - tall, athletic, dressed in a black polo neck. In their group chat, they gave him the nickname the "man in black".

Two of the women, Marina and Alexandra, secretly recorded audio on their phones. In one, the officer can be heard shouting about his "total impunity".

But if his aim was to intimidate them into silence, he would fail.

Industry News

KeyBank's Customer Information Stolen By Hackers Via Third-party Provider

London's Biggest Bus Operator Hit by Cyber "Incident"

Meta Fined $400m in Ireland For Children's Privacy Breach

Interpol Busts Asian Sextortion Syndicate

UK Privacy Regulator Fines Halfords for Spam Deluge

InterContinental Hotels Confirms Cyber-Attack After Two-Day Outage

NATO-Member Albania Cut Ties With Iran Over Cyber-Attack

The North Face Warns of Major Credential Stuffing Campaign

Researchers Reveal New Iranian Threat Group APT42

Tweet of the Week

https://twitter.com/SwiftOnSecurity/status/1567378788991868928

https://twitter.com/ememess/status/1567544425869606913

Come on! Like and bloody well subscribe!