Ransomware attack hits French hospital; Apple exec sparks browser engine bun fight; and David Schwimmer to star in cybersecurity sitcom

Beyond the pale

The fallout from a ransomware attack that crippled 6,000 computers at a French hospital featured large in infosec news this week.

The attack centered on the University Hospital Centre (CHU) in the northern French city of Rouen, but nonetheless prompted comparison with WannaCry, which hit multiple NHS hospitals and clinics back in May 2017.

Staff at the Rouen hospital were forced to fall back on using pen and paper after the cyber-attack, which experts blamed on the CryptoMix Clop ransomware.

Welcome to the Hotel Cupertino

Apple senior legal execs' claim that all browsers on iPhone are obliged to use the WebKit engine for security reasons sparked off a debate on Twitter.

Forced reliance on the WebKit engine – which some devs call ‘Hotel Cupertino’, referencing The Eagles’ Hotel California – was among the topics addressed by Kyle Andeer, vice president of corporate law at Apple, during a recent congressional hearing.

Apple said in filing to the House Judiciary Committee before the hearing that the cost of providing repair services is more than it collects in repair revenue.

The argument is sure to raise eyebrows among third-party repair providers and others who are pushing for the “right to repair” – a topic covered in an analysis by The Daily Swig back in September.

During the hearing itself (transcript, PDF), Andeer also explained why it is not possible to repair some goods.

Fake new(s) media

Staying with politics: The UK is in the middle of a general election campaign, with elements of the drama unsurprisingly getting played out on social media.

Brexit backer Arron Banks’ Twitter account was hacked before miscreants leaked an archive of his private messages and contents.

Banks put out a statement deploring the malicious hack, criticizing the the social media giant for its sluggish response.

Others, more well versed in security incident response, noted improvements in Twitter’s handling of the episode, particularly compared to other incidents of account hijacking down the years.

In related news, Twitter was criticized again this week after it failed to action following the Conservative Party Press Office’s decision to rebrand its verified Twitter account as @factcheckUK during a head-to-head TV debate between prime minister Boris Johnson and Labour leader Jeremy Corbyn.

By contrast, when British actor Ralf Little took it upon himself to change his Twitter name to FactCheckUK, in order to troll the Tories, his account was quickly suspended.

Others that tried the same thing also found their accounts sent to the social media sin bin.

Despite criticism over its tactics, Conservative ministers were unrepentant, dismissing the whole FactCheckUK episode as inconsequential, rather than a dangerous foray into putting out misleading information.

CISO chat

Former Twitter and Honeywell CISOs – Michael Coates and Rich Mason, respectively – recently took part in ‘Ask Me Anything’ on Reddit.

Key topics covered included data breach handling, the current state of user privacy and security awareness, among other subjects.

Mickey Mouse security

Disney’s streaming video service, Disney+, hit problems just hours after its high-profile launch last week.

Thousands of accounts were hijacked with some subsequently offered for sale through cybercrime hangouts, The Washington Post reports (paywall story).

Users took to Twitter and Reddit to complain about being locked out of pre-paid accounts after receiving alerts that their password and contact details had been changed.

The one with the Five Eyes

Finally, staying with showbiz, Friends actor David Schwimmer is about to star in cybersecurity sitcom based in Cheltenham, and set within a fictional version of GCHQ, according to local reports.

Schwimmer (who played Ross Geller in the long-running US sitcom) is due to star as an NSA officer on secondment in Intelligence, a new six-part series due to screen on Sky One from early next year.

“When a power-hungry, maverick NSA agent (Schwimmer) comes over to join an inept and tactless computer analyst (British comedian Nick Mohammed) and a newly formed team tackling cybercrime, everything they know is shaken up,” according to Sky Media.

Sky describes GCHQ as a “weedier, geekier, more bureaucratic version of MI5 and MI6”.


What could we have in store… The IT Crowd meets Archer, perhaps?