‘Check behind you – hackers are always watching’

Top infosec trends in the social media spotlight this week

Cybersecurity month kicked off this week, and what a week it was for the infosec community worldwide…

An explosive Bloomberg report accused Chinese spies of inserting microchips into servers used by Apple, Amazon, and other tech giants.

According to the report, China infiltrated supply chains at Supermicro, which supplies motherboards to 30 US companies, including Elemental, a startup whose customers included the CIA.

Bloomberg claims that Amazon, which was evaluating Elemental as a potential acquisition, found a tiny chip back in 2015 during a routine check, and reported the finding to the US government.

But within hours of the report being published, Amazon, Apple, Supermicro, and the Chinese government flatly denied the accusations.

The report led to cries of ‘fake news’ across social media, with many users accusing Bloomberg of peddling gossip as fact.

Bloomberg is still sticking by the story, despite the furious denials by all parties – Apple even revealed how it had denied the story for a whole year before Bloomberg published.

So who’s lying? Right now, it isn’t so clear. 

But the general consensus in the infosec sphere is that if the tech giants are fibbing, there will be serious consequences.

Facebook was in hot water this week after 50 million accounts were compromised by hackers exploiting vulnerable code in its ‘View As’ feature.

The hackers were able to steal access tokens, which in turn allowed them to take over people’s accounts.

Facebook released a statement, adding that it is “taking this very seriously”, and reset the accounts, plus a further 40 million as a precaution.

It came after the social media giant was found to be selling phone numbers which had been registered for two-factor authentication (2FA) to advertisers.

Aside from the shadiness of Facebook selling on data without permission, this issue has also sparked concern that people will stop employing 2FA – a clear backward step.

But then, as The Swig has pointed out on numerous occasions, SMS-based 2FA has its own pitfalls.

Speaking of opsec, a general rule for your own personal security is don’t show strangers your passwords. Especially if those strangers are a plane full of hackers.

Jake Williams, aka @MalwareJake, reminded Twitter this week and warned: “Hackers are everywhere.”

So how can one protect themselves against hackers?

As Williams suggests, don’t show your login details and passwords to strangers. Store your passwords in a password manager. Even turn the brightness down on your laptop.

Failing that, it might be time to crack out the #SnowdenBlanket.

Finally, back in August this year, more than 100 ethical hackers gathered at Black Hat in Las Vegas to #HackTheMarineCorps.

This week, hack-a-thon organizers HackerOne revealed that almost 150 unique vulnerabilities were reported, with the US government paying out more than $150,000.

It’s not clear exactly what the vulnerabilities were, however the organizers revealed that in the first 24 hours alone, 75 bugs were reported.