The festive period was accompanied by the usual security shenanigans including breaches, cybercrime busts and serious security bugs.
Those security pros returning to work this week after a well-earned break may or (may not) be relieved to know it’s largely been business as usual.
Over in the United States, half a dozen of the country's senators have teamed up (PDF) on a bipartisan effort to prevent hackers from tampering with election results. Senators James Lankford (Republican-Oklahoma), Amy Klobuchar (Democrat-Minnesota), Kamala Harris (Democrat-California), Susan Collins (Republican-Maine), Martin Heinrich (Democrat-New Mexico), and Lindsey Graham (Republican-South Carolina) teamed up to craft a potential Secure Elections Act.
The bill includes requirements that the government provide states with any intel it has on possible election-hacking threats as well as sets up a procedure for state officials to get security clearance to view these intelligence reports. It also provides grant money to help states cover the cost of switching from electronic-only voting machines to more secure models that leave a paper trail of activity.
In true US government fashion, the two parties combined to give a wonderfully wishy-washy summary of the election hacking landscape:
During the 2016 election, intelligence reports have factually established that Russia hacked presidential campaign accounts, launched cyberattacks against at least 21 state election systems, and attacked a US voting systems software company. While there is no evidence that a single vote outcome was tampered with, this dangerous precedent should be a wake-up call as we head into the 2018 election cycle.
Meanwhile, Guy Fawkes mask-wearing hacker collective Anonymous reportedly hacked an Italian speed camera database. Hacktivists hijacked a police email and database system in Corregio, Italy and deleted speed camera tickets.
In an unrelated case, two Romanian nationals were charged with hacking CCTV cameras ahead of US pres Donald Trump's inauguration, CNN reports. A link to the criminal complaint can be found here (pdf).
Elsewhere in the world of cybercrime investigation, a suspect purported to be part of an email scam ring styling itself as a Nigerian prince was arrested. A police charge sheet shows that a 67-year-old pensioner from Louisiana – rather than a resident of Lagos and surrounds – was charged with 269 counts of Wire Fraud and Money Laundering, as USA Today reports. The police report does maintain that law enforcement officers are also looking into suspected "co-conspirators in the Country of Nigeria", so there's that...
Just before the new year, John McAfee claimed his Twitter account had been hacked to encourage his followers to purchase, er, lesser-known cryptocurrencies. McAfee said the incident was Twitter’s fault, and not his, because of its failure to get to grips with fake accounts.
The incident raised more than a few raised eyebrows among security watchers, such as Graham Cluley. "The real John McAfee is no stranger to tweeting about which cryptocurrency his followers should invest in, so the 'hacker' certainly wasn't entirely clueless about how to blend in with the security veteran's regular postings," Cluley opined.
Back in the world of the more tangible, the new year brought with it the disclosure of a macOS kernel flaw along with an accompanying proof-of-exploit on Github by bug-sniffer "Siguza", who suggests it has been around for quite a while.
With nasty flaws, social media hacks and cybercrime arrests, it’s reasonable to say that the festive period was largely a continuation of the 12 months that proceeded it.
Keep being weird, infosec. ®