Cyber Week in Review: New York Post, The Daily Show, & No One Hacker

Media Division | April 14, 2017

Each week we scour through the interweb to bring you three of the top (or at least most fascinating) cyber news stories for your amusement.  Each week, somehow or another, a theme emerges from these seemingly unrelated events—unintentional similarities connecting the web of the cyber verse.

This week that theme could be said to be bullying, but not cyber bullying as you know that term from trolls and sexual predators, a rather governmental bullying, hacker bullying, and even mocking of governmental bullying.

Here’s your cyber week in review for the week of the big bullies.

The New York Post Gets Pushy

If you subscribe to push alerts from the New York Post you know they got hacked last weekend.  Reuters reported their apology after push alerts related to President Donald Trump showed up on user phones with messages such as, “Hail President Donald Trump!”

The daily newspaper primarily covers and is distributed in New York City and the surrounding area, but also covers national news such as when Donald Trump was elected to national office.   The tabloid-format paper, with roots going back to 1801, is one of the oldest rags in the country.  They took some flack when they endorsed Donald Trump for president, and it appears that some of the April 1st pro-Trump push notifications were sarcastic and related to the Post’s political leanings.

Then again, some of the other push notifications that day were indecipherably cryptic or seemingly religious, such as, “Hear me now, for I speak as an angel in the words of God.”  So who knows what the hackers had in mind.

The big disappointment is that with thousands of instant listeners, they didn’t come up with something better.

The Daily Show Plays Hack

Like the brutish NY Post hack, this one does a little bullying of its own, in the name of humor.

This one came in just before April 1st but was still the product of pranksters. Over at “The Daily Show” host Trevor Noah appeared to be interrupted by a hack.  A blip of footage of a sculptural spinning ballerina, stock war footage of a tank, and a web address with a Russian domain name quickly flashed.  (The domain name, lead to a Twitter account which has since embraced its parody status).

Instantly the Twitterverse cried foul play, Russian attack!  Instead, it was more like a shark jump: a publicity stunt with a recipe of scoops of political discussion regarding Russian attack, with a dash of fan favorite show Mr. Robot.

In case anyone fell for the trick, time to let them in on the secret: don’t take anything too seriously when seen on a humor news channel, particularly one still finding its footing after a host change.

No One Hacker

On a more serious note, there’s been some federal bullying down in Arkansas of a man whose name you don’t likely know, but his product may be familiar.

The man’s name is Taylor Huddleston, and since last December he’s been embroiled with the FBI.  He’s the creator of the remote administration tool (RAT) called NanoCore.

RAT’s like GoToMyPC and the Remote Server Administration Tools released by Windows, allow an administrator to access and control another computer. Such applications serve a legitimate purpose, such as when the IT Department logs on to your computer remotely to fix a problem, without having to come to your office and kick you out of your chair.  They are especially handy in large businesses, where an IT administrator might not be in the same building or even same state as your business operations.

Unfortunately for Mr. Huddleston, his NanoCore tool was also a favorite of hackers.  He built NanoCore to be flexible, with plug-in capability, but it also could turn on a web cam, access files, and remotely log keystrokes: all features that hackers could also use with malicious intent.

That’s the current battle of Mr. Huddleston.  Did he create this code for ill-intent?  He did, after all, make it available in HackForums (sort of a “light gray” hacker page). Is it, as Mr. Huddleston says, a legitimate attempt at making a retail product at a reasonable price for legitimate purposes?  He did, after all, unauthorize users when he would find out about malicious use.

Is it a case of the FBI bullying the middle man they caught because they cannot catch the big fishes they seek?  Perhaps.  Perhaps the FBI hopes to strike a plea bargain that will lead to more malicious folks because as it stands it seems the FBI caught the “hacker” who hacked no one.

Intelligence on Adversaries, Reputation, and Security

When it comes to retail and consumer goods threat intelligence and reputation control help identify and protect against adversaries for proactive security.  A complete assessment of security, including mitigation and prevention, can protect your business operations from the bullies of the cyber type, from whatever angle that attack comes.

Contact us for a free threat report.

And in the meantime, enjoy the headlines, but stay out of them.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.