CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

Coronavirus scammers are getting taken down by grassroots ‘hackers without borders’

April 1, 2020, 4:48 PM UTC

This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.

Ne’er-do-wells are using coronavirus chaos as a launchpad for cyberattacks, propaganda, and general bedlam.

Yesterday, I tuned into a virtual seminar on the subject hosted by Kathleen Carley, a computer science professor at Carnegie Mellon University. She has been tracking the flow of COVID-19-related misinformation (falsities) and disinformation (intentional falsities) online. Shortly after she began presenting her research into bot-boosted social media fakery on Reddit, Facebook, and Twitter, a “Zoombomber” interrupted the broadcast, scribbling all over her slides to make them unreadable.

Screenshot of a “Zoombombed” slide defaced during a presentation on coronavirus-related disinformation by a Carnegie Mellon professor

I have no idea whether the defacements were pure, sophomoric hijinx by a bored interloper, or whether they were something more insidious by a disinformation-peddling subject of Carley’s research. Either way, the moment drove home for me the lengths to which rogues will go to promote mayhem, even—and perhaps especially—during times of crisis.

Screenshot of another scribbled-over slide

Paladins are striking back at the scoundrels. I spoke to Marc Rogers, executive director of cybersecurity at Okta, a digital identity company, about a grassroots effort he’s helping to lead with peers at Microsoft, called the COVID-19 Cyber Threat Intelligence League. The group, which I like to think of as “hackers without borders,” is tracking hackers’ malicious activity and taking down at least two—though sometimes as many as 20—domains abused by phishing campaigns per day, he estimates.

“A group of us got together and realized that we probably have the largest infosec (information security) workforce sitting around not doing very much at the moment, and we could probably help,” says Rogers, who is also an organizer of Defcon, a major hacker conference. The league has grown to more than 800 members across 40 countries since its inception just a couple weeks ago, he says.

“I would love to see this type of thing, a groundswell of effort, be able to jump onto things when there are lot of scams going on, like with the U.S. census or the upcoming election, or any emerging crisis in the world,” says Beau Woods, a cyber safety innovation fellow at the Atlantic Council, a Washington, D.C.-based think tank. The initiative could potentially establish “confidence-building measures,” diplomatic tools for trust-building between nations that’s sorely needed in cyberspace, he says.

“I have a secret hope at the end of this that it will continue,” Rogers adds. “If we can keep going after the pandemic, it’s going to make the Internet a much safer place.”

We could use the help.

Robert Hackett

Twitter: @rhhackett



Contact high. Researchers in Europe are exploring how to perform "contact tracing," identifying people might have been exposed to coronavirus infections, while complying with the region's strong data privacy laws, the General Data Protection Regulation, or GDPR. Silicon Valley tech firm Palantir may be involved, Bloomberg reports. Authorities in Moscow unveiled an app to track people who have been ordered to stay at home because of the pandemic

Zoom goes kaboom. Researchers are warning that Zoom video-conferencing calls are not as private as one might expect. The New York Attorney General is investigating claims that hackers may be able to take over people's Zoom webcams, among other issues. Another researcher found a zero-day vulnerability in Zoom software that allows hackers to steal people's Windows passwords. Meanwhile, Houseparty, a video chat app owned by Fortnite-maker Epic Games, is offering $1 million to anyone who comes forward with information about a "commercial smear campaign" designed to discredit the service by erroneously alleging that using it could lead to other services, like Netflix and Spotify, being hacked.

Please return your key card. Marriott can't seem to catch a break. While the hotel chain reels from the COVID-19 economic shutdown, it is also investigating a data breach it says exposed up to 5.2 million customers' personal information. The incident is said to have compromised people's names, addresses, birthday, email addresses, phone numbers, and loyalty reward program numbers. Apparently, an unauthorized person used the login credentials of two employees of a franchised hotel in Russia, the Wall Street Journal reports. This is the third data breach the company has disclosed in the past 18 months. 

Good time to buy. Cybersecurity giant Palo Alto Networks has agreed to acquire CloudGenix, a software-based networking firm, for $420 million. This is the sixth company Palo Alto Networks has acquired since February 2019, a buyout streak that has cost the company more than $1.6 billion. CEO Nikesh Arora, an alum of Softbank and Google, says he will forgo a salary for the year amid coronavirus disruptions. He has also committed not to lay off any employees as a result of the COVID-19 pandemic, he told CNBC.

Once quarantine is over, I'm splurging on a rocket tank.


Bug bounty programs reward security researchers for finding flaws in tech companies' products. That may sound like a win-win situation for everyone involved, but, lately, some bounty hunters are finding themselves mummified by reams of red tape and non-disclosure agreements. One former executive of HackerOne, a popular bug bounty host, even coined a term for the superficiality of such programs: "security Botox." Fortune's David Z. Morris vents both sides' frustrations

While bug bounties have become an increasingly popular part of companies’ cybersecurity toolkit in recent years, researchers have run into an array of problems with the way they are structured and managed. Critics say the programs, particularly those run with intermediaries like HackerOne and Bugcrowd, often limit the scope of researchers’ work and their ability to share findings. These shortcomings, they say, could ultimately leave important software more vulnerable to “black hats,” or malicious hackers.

...The leaders of bug bounty services counter that putting guardrails around bounty programs, at least temporarily, serves the larger goal of balancing white-hat ideals of total transparency with the needs of companies whose resources and reputations are on the line.


Xerox ends hostile HP Inc. bid, citing the coronavirus and market turmoil by Jonathan Vanian

Fitbit users are walking less as shelter-at-home orders take hold by David Z. Morris

LinkedIn tries to improve equality across its site by Jeremy Kahn

‘It’ll never be fast enough’: 5 questions for a ventilator manufacturer by Maria Aspan

Coronavirus fight could prove fatal for another global challenge: Addressing climate change by Katherine Dunn


Pandemics and misinformation go hand in hand. During the Spanish Flu of 1918, American newspapers downplayed the outbreak—not unlike Bloomberg is now alleging of China. The New Republic digs up media coverage from the past to show this mishandling damaged the country's response. The story quotes John M. Barry in his history book, The Great Influenza, where he writes that "what officials and the press said bore no relationship to what people saw and touched and smelled and endured. People could not trust what they read."