Google security researchers are warning people to be on the lookout for a squad of sly hackers believed to be North Korean agents.
Like last year’s Twitter VIP account takeovers, the newly discovered hacking campaign, unveiled Monday, shows the effectiveness of so-called social engineering—or good old-fashioned trickery. In this case, the hackers lured victims by presenting themselves, through fake online personas, as friendly computer security pros.
The attackers sought first to establish their reputations. They did this, in part, by uploading doctored YouTube videos of supposed hacks to show off their skills. (“A careful review of the video shows the exploit is fake,” Google researchers noted.) They also blogged about the inner workings of software vulnerabilities, sometimes impersonating legitimate cybersecurity experts in “guest” author posts.
After building credibility, the hackers moved to ensnare their marks. They sent messages to cybersecurity pros using a variety of channels: Twitter, LinkedIn, Telegram, Discord, Keybase, and email, among them. Members of so-called “infosec” Twitter, the online community of security pros, are sharing screenshots and anecdotes of their encounters with the predators—a point of pride for some.
The wool-clad wolves used two methods to compromise people’s machines. Sometimes they would send a target an infected file under the pretense of collaborating on vulnerability research. Once downloaded, the file would install a “backdoor” on the target’s machine.
Other times, the hackers used what’s called a “drive by” attack. They would ask the mark to visit their website, which ran poisoned code. Even seemingly innocuous browsing could lead to malware installation. (I won’t link to the site here, for obvious reasons.)
Alarmingly, Google isn’t quite sure how the hackers infected people’s computers using the drive-by method. The victims were running “fully patched and up-to-date Windows 10 and Chrome browser versions,” meaning their defenses were up, Google researcher Adam Weidemann wrote. “At this time we’re unable to confirm the mechanism of compromise, but we welcome any information others might have,” he said, urging people to report any findings through Google’s bug bounty program.
“We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with,” Weidemann said.
I would add that it’s not just security researchers who ought be on the lookout. If you’ve got something other people might want—whether that’s the “keys” for account ownership resets at Twitter, coveted hacking exploits, a relationship with other contacts who could be targeted, or whatever else—then, sooner or later, you’re going to be a target too.
Never drop your guard.
Robert Hackett
Twitter: @rhhackett
THREATS
How do you like them Apples? Analysts expect Apple to post a record-setting quarter tomorrow, as Aaron writes. Wall Street forecasts more than $100 billion in revenue for the company thanks to 5G-equipped iPhone 12 sales. (COVID-19 lockdowns helped as people had fewer places to spend discretionary income.) Meanwhile, Apple added a celebrity-hosted "time to walk" podcast series to its Fitness+ app and hardware chief Dan Riccio got promoted to take on a mysterious "new project." (Electric cars? Virtual reality headsets? Something else??)
Xbox expo. Microsoft is putting on its "game face" for its own earnings report, as the Wall Street Journal writes. Wall Street is expecting a big quarter with gaming revenue rising 26% year-over-year to $4.2 billion for the fiscal second quarter ended December. That's attributable to the company's release of new Xbox consoles—the Series S and Series X—in the fall. Unfortunately, gaming consoles are a low-margin business compared to software, so that could impact profits. (Don't tell GameStop that.)
Too busy earnin'. Apple and Microsoft aren't the only tech companies posting quarterly results this week. More than a fifth of the companies in the S&P 500 are prepping their 10-Qs. Analysts expect new S&P-inductee Tesla to post its sixth consecutive quarter of profits on revenues of $10 billion on Wednesday. Like Apple, Facebook may very well post record earnings, too, thanks to holiday ad sales. (Headline song reference.)
Bird is the word. Twitter is experimenting with a feature that will let people flag and annotate misleading posts. The product, called "birdwatch," is starting with 1,000 testers in the U.S. In related news, Mike Lindell, chief executive of MyPillow and avid Trump supporter, got booted from Twitter for spreading lies about the 2020 presidential election. Twitter also just released a text-editing tool that software developers can easily port into iOS apps and it bought a newsletter subscription company called Revue.
More like Apple MagUnsafe.
ACCESS GRANTED
Millions of people are flocking to Signal, an encrypted messaging app built by a nonprofit group, as they seek alternatives to chat channels like Facebook's WhatsApp. Casey Newton, former Silicon Valley editor for The Verge, writes in his newsletter, Platformer, that the private communications tool is experiencing hypergrowth pains. As Signal's popularity rises, Newton raises questions about content moderation, privacy settings, and other niggling subjects.
It’s often said that social networks’ more disturbing consequences are a result of their business model. First, they take venture capital, pushing them to quickly grow as big as possible. Then, they adopt ad-based business models that reward users who spread misinformation, harass others, and otherwise sow chaos.
Signal’s story illustrates how simply changing an organization’s business model does not eliminate the potential for platform abuse. Wherever there are incentives to grow, and grow quickly, dangers will accumulate, no matter who is paying the engineers’ salaries.
FORTUNE RECON
Grindr fined millions for sharing users’ sexual orientation and location with advertisers by David Meyer
Which mobile carrier has the best 5G network? It depends by Aaron Pressman
How Etsy’s Reverb.com is playing music retail’s big online shift by Phil Wahba
GameStop ‘yolo’ rally blasts on, leaving short sellers squeezed by Jeff John Roberts
Clubhouse reaches a $1 billion after taking off some nine months ago by Lucinda Shen
Reimagining the C-suite for a digital-first world by Brian Elliott
(Some of these stories require a subscription to access.Thank you for supporting our journalism.)
ONE MORE THING
Signal isn't the only app benefiting from WhatsApp's privacy messaging missteps. ICQ, a chat service whose heyday arrived on PCs in the mid-'90s, is back in app form. AOL sold ICQ to Russia's Mail.Ru Group, known for its Facebook-like VKontakte social network, in 2010, apparently. Now people, many based in Hong Kong, are downloading ICQ for a hit of nostalgia, reports the Wall Street Journal.
Next, bring back AOL Instant Messenger.
