Cyber Week in Review: Dark Web Criminals, Radioactivity, & Wells Fargo

wells fargo breach

Another seven full rotations of this planet and another week goes by. Each week we bring you some of the top stories in the digital cyberverse as this little blue and green planet goes spinning around in the great blackness of outer space.

Some weeks the headlines involve direct cyber attack, but this week they could be better described as cyber blunders. So pour a cup of joe and prepare for a chuckle or two as we take some lessons from the cyber attack news.

Here is your cyber week in review.

Even Professionals Blunder

Why do people read the police blotter? For amusement, certainly, but that amusement also likely stems from an enjoyment of comeuppance—who doesn’t want to see the criminal get caught? It is the basis of Liam Neeson’s entire film career, after all! Well, Dutch police seem to have stumbled upon a case of professional cybercrime blunder.

How many times have you been told that the keys to password protection are quite simple: unique passwords and two-factor authentication (2FA)? 2FA requires a sign-in from a new device to also have an authorization code, which can be texted to your phone, a list of unique one-time-use codes you carry, or other similar solutions. If you have not enabled 2FA from your email and social media accounts (where allowed), you absolutely should. Go ahead and do that right now. We’ll wait.

Over in the Netherlands police gained access to two dark web markets, Hansa and AlphaBay. Dark web markets peddle illegal goods, anything from child pornography to hackers-for-hire. Meanwhile, over on another dark web market, Dream Market, police may have gained unexpected access: stolen credentials from Hansa and AlphaBay seem to have matched those used by the same criminals on Dream Market, allowing Dutch police to also access it. That is right: even criminals may use the same credentials twice and not require 2FA.

Our Glowing Planet

This next headline is global in scale and radioactive in nature. Radioactivity is natural—nuclear fusion powers the sun and radioactive decay may account for half of the heating of our planet. What is not natural is the man-made nuclear fission and nuclear power used around the globe. Mankind has already created enough radioactive material to eradicate the species. That’s right, the one creature on the earth capable of completely destroying itself already has that power. That is part of why nuclear regulation and monitoring are so vital to global safety.

But at a recent BlackHat hacking convention, a team of researchers showed how they discovered vulnerabilities in radiation-monitoring devices. Such devices are utilized at nuclear power plants, seaports, borders, and hospitals. It is the kind of data one would not want cyber criminals to get their hands on, but the report is on the internet.

Banking Goof

On a lighter note, one that only involves billions of dollars and not global destruction, Wells Fargo is the last stop on our tour of cyber security insecurity this week.

The New York Times reported a major security breach: the accidental release of personal names, social security numbers, assets, and other data of some of Wells Fargo’s top investors. The way in which the data was released, as part of a court subpoena not directly related to the content, could also theoretically cause the data to become part of a public record. Sounds like a good way to upset top investors, not to mention a violation of banking security regulation.

Stay Tuned

We will see you next week, same bat channel, same bat time. Until then, enjoy the headlines, but stay out of them.

Leave a Reply