Top infosec trends in the social media spotlight this week

The most viewed YouTube video in history, Luis Fonsi and Daddy Yankee’s Despacito, was taken down this week after it was hacked.

It was temporarily removed after the attackers – who call themselves Prosox and Kuroi’sh – hacked into video distributor Vevo’s systems and replaced the image on the video with clips of their own.

The picture showed a gang wearing masks and pointing guns, and was taken from Netflix show Casa de Papel.

Despacito, which had more than five billion views, was not the only video affected – other targeted artists included popular entertainers Shakira, Iggy Azalea, and Drake.

One of the alleged hackers, Prosox, stuck the knife in further when they tweeted Vevo to claim the hack was just a bit of “fun”.

The video is now back online and Vevo says it is investigating the incident.

In other social media news, Facebook continues to dominate headlines as Mark Zuckerberg was grilled in Congress over the Cambridge Analytica hack this week.

Facebook also announced the launch of a bug bounty program related to the “misuse of data” – a little late in the game, some might say.

The program will offer a $500 minimum reward (with no maximum) in exchange for proof an app has accessed users’ data without permission, or for malicious means.

It should be noted that the bounty relates to privacy, not security, but it has been welcomed by users.

Some might question, though, why this bounty wasn’t in place before millions of users’ data was harvested.

At a time when tensions between the West and Russia couldn’t be higher, GCHQ decided to call out the Kremlin for its “unacceptable” cyber campaigns used to spread propaganda and target other nation states.

Director Jeremy Fleming spoke at the NCSC Cyber UK conference this week and pointed at Putin’s regime, claiming it has “blurred the lines between criminal and state activity”.He was referring to Russia’s use of bots, malware and other tools within the cyber world.

Fleming said: “Whether that’s NotPetya against the Ukraine’s financial, energy and government sectors, which eventually spread across the world, or the use of industrial scale disinformation to sway public opinion – they’re not playing to the same rules.”

The Daily Swig was at the Cyber UK conference reporting on Amber Rudd’s mission to derail dark web crooks, GCHQ’s assault on ISIS and the ongoing issue of diversity within the infosec community.

And finally, passwords could be at risk of being made redundant by biometrics if a new web standard is introduced.

The WebAuthn standard will replace classic written passwords with the option to login to websites using a smartphone, fingerprint scanner, or webcam.

Introduced by the World Wide Web Consortium, which controls web standards, it hopes to stop login details from being stolen, since there will be no credentials to take.

Chief executive Jeff Jaffe said: “While there are many web security problems and we can’t fix them all, relying on passwords is one of the weakest links. With WebAuthn’s multi-factor solutions we are eliminating this weak link.”