Teenage Twitter hijacker gets three years in the clink over celeb Bitcoin scamming

Plus: Exchange and SolarWinds autopatch tools and shocking news!


In Brief Graham Ivan Clark, part of the crew that hijacked around 130 high-profile Twitter accounts and used them to collect cryptocurrency, has been sentenced to three years in prison for his part in the scam.

On July 15 last year around 130 Twitter accounts from celebs like Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, and former president Barack Obama began displaying messages asking for Bitcoin to be sent to a wallet, whereupon the amount would be doubled and returned. Amazingly, enough people fell for this and around $118,000 was transferred.

Of course, there was no free money, and after he was caught just days later, and following some time in detention, Clark gave up all the funds and pleaded guilty to Judge Christine Marlewski in a Florida court. In addition to his sentence he's required to hand over passwords to any account he may have online and will have three years' probation after serving his time.

Fellow Florida local Nima Fazeli has also been charged with the Twitter incident, as has Brit Mason Sheppard, and the authorities are working with British police on that one, not entirely successfully.

AAD had a really, really bad case of the Mondays

Microsoft's Azure outage last Monday is still continuing to cause ripple effects, with users reporting large numbers of files missing from OneDrive.

One user reported folders on OneDrive staying intact while all the files were missing, and thought a new employee had made a mistake. But Microsoft has confirmed this is a problem.

"Users can still access impacted files online as they are unaffected by this issue," it said.

"Users may have received notifications that their files have been deleted, seen a message from OneDrive stating 'Remove files from all locations,' or may have seen that their files were being removed from their synced folders. Subsequent file syncs restore the files to the appropriate local folders. Impacted users can manually initiate a resync to resolve the problem by restarting their machine or an automatic resync will occur within 24 hours."

No more excuses – Microsoft's one-click Exchange patches

If you haven't patched the four critical Exchange flaws, why not? And if you still can't handle it Microsoft has released a simple piece of code to do the job you should have done long ago.

"The Exchange On-premises Mitigation Tool automatically downloads any dependencies and runs the Microsoft Safety Scanner," Redmond said this week.

"This a better approach for Exchange deployments with internet access and for those who want an attempt at automated remediation. We have not observed any impact to Exchange Server functionality via these mitigation methods."

Windows Defender will also automatically detect and fix the Exchange holes in on-prem systems, Microsoft said on Thursday.

Seriously, get this done. We're now seeing nearly a dozen cyber-criminal groups going after tardy patchers and the numbers aren't going to fall until the flaws stop working.

While we're on fixing cracks, want to check again for SolarWinds compromises?

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a free tool to allow network administrators to see if they got hit in the SolarWinds attack.

Dubbed CISA Hunt and Incident Response Program (CHIRP), the tool checks Windows event logs and Registry alterations for tell-tale signs of a SolarWinds attack. It also looks for Windows network artifacts and runs a YARA rules scan to spot potential malware.

"Similar to the CISA-developed Sparrow tool – which scans for signs of APT compromise within an M365 or Azure environment – CHIRP scans for signs of APT compromise within an on-premises environment," CISA said in its advisory.

This might seem like a case of shutting the stable door after the horse has not only bolted but is grazing on pasture with a few foals on the way, however it's important to check – not just from an information security perspective but also to cover liability.

Clubhouse wannabes pwned after being seduced by Android app

Android users desperate to get into the iOS invite-only talking shop Clubhouse have been caught out by malware not-so-cunningly disguised as a way into the site.

Security shop ESET noted a new strain of attack code, called BlackRock, that purports to be an Android version of Clubhouse, but despite several red flags it seems those keen to join the cool crowd are getting hit. Once activated, the malware scoops credentials for 458 online services, including Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA and Lloyds Bank, and can subvert SMS to get around basic two-factor authentication.

"The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website," said ESET malware boffin Lukas Stefanko.

"However, once the user clicks on 'Get it on Google Play', the app will be automatically downloaded onto the user's device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short."

Clubhouse has said it's debating an Android app but, for the moment, you'll have to pay the Cupertino Idiot Tax to be a member.

Shock news: Paying ransomware scum doesn't work

Amazingly enough, ransomware operators haven't slacked off their attacks after netting big gains, according to the Palo Alto Networks security team's latest research.

In 2020 the average demand after an infection rose from $115,123 in 2019 to $312,493, and the largest recorded price from releasing borked data rose from $15m to $30m. The popularity of double-dipping is also increasing – whereby a firm's data is not only encrypted but exfiltrated and held for ransom. The NetWalker and RagnarLocker crews are increasingly adopting this, although the former is under attack from US authorities.

"Cybercriminals know they can make money with ransomware and are continuing to get bolder with their demands," warned the report from the Silicon Valley stalwart's Unit 42 security team.

Both governments and insurance companies are now suggesting that paying off these extortionists is cheaper than dealing with fixing the issue. The report, and a host of others, suggests that paying off criminals is a long-term losing strategy. ®


Biting the hand that feeds IT © 1998–2021