Tech Friday with Dave Hatter -September 25th 2020 - SPONSORED BY INTRUST IT


  • Were 500,000 Call Of Duty accounts hacked at Activision?
    • Reports surfaced this week that a half-million Call of Duty (CoD) accounts were hacked
    • Online gaming has been a target of attackers for several years. Many accounts have virtual goods which can be sold for real money and compromised accounts can be used in a variety of fraud
    • These accounts may also contain payment information that can be stolen
    • "There is obvious value in obtaining personal identifiable information (PII) and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise" Dean Ferrando, Tripwire
    • Activision accounts are linked to CoD titles like Warzone and Modern Warfare and may be connected to other platforms such as Xbox, PlayStation, Steam etc.
    • The alleged breach was first flagged by the Twitter account oRemyy. That account has now been deleted
    • The news was quickly shared by others
    • Gaming news outlet Dexterto.com picked up the story and said that the login for Activision accounts was leaked and hackers were changing account details to block the owners from recovering their accounts
    • Dexterto wrote "All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo"
    • Activision has disputed the claim
    • So far, this looks like a hoax, but it would be a good idea to change your password and ensure it's strong and unique
    • In general, game players should:
      • Use strong, unique passwords on each site/app/platform
      • Enable Multi-factor authentication (MFA), aka Two-factor authentication or Two-Step verification everywhere possible
      • Lock down your credit record
  • Your "smart" speaker may be a star witness some day:
    • Internet of Things (IoT) aka "smart devices" have a rapidly growing role in criminal investigations
    • IoT devices generally keep detailed time-stamped logs of user activity and collect other data based on their function
    • Police and prosecutors regularly request data from Internet of Things (IoT) aka "smart devices" as evidence against suspects
    • Douglas Orr from the criminal justice department at the University of North Georgia says police now request IoT data routinely
    • Police in Bentonville Arkansas requested Amazon Echo data in connection with a man’s death in 2016. This is the first known such request
    • Amazon initially tried to block the request. When the data was later released, a murder charge against the defendant was dropped
    • IoT data has been used in many cases since then
    • In one case, police found drugs in a house with several residents. A suspect was identified after police received data from a smart speaker whose log listed recent drug related queries and identified who asked the questions
    • In another case, Silvia Galva was found dead, impaled through the chest on a bedpost
    • Police believe boyfriend Adam Crespo tried to drag Galva from bed. She held onto the bedpost which snapped and impaled her. Hallendale beach police charged Crespo with second-degree murder
    • Crespo’s attorney presented recordings from a pair of Amazon Echo speakers in his Cresp's defense
    • The Hallandale Beach Police Department filed a subpoena for Crespo’s speakers for evidence as well
    • Crespo’s attorney, Christopher O’Toole, said "I had a lot of interviews where people said, ‘Oh, are you aware that this could be the first time Alexa recordings are going to be used to convict somebody of murder?’"
    • "And I actually thought of it the opposite way, that this could be the first time an Amazon Alexa recording is used to exonerate somebody and show that they're innocent." - O’Toole
    • Amazon recently said that they have received 3,000 requests from police for user data in the first half of 2020. Amazon complied to these requests nearly 2,000 times
    • That represents a 72% increase in requests for the same period in 2016 and a 24% rise since 2019
    • Google’s Nest unit reported increasing police demands for data through 2018. Google stopped reporting Nest data separately, it's now reported in their transparency report
    • The Terms of Service (ToS) of most major apps and websites include a clause warning users that companies may supply their data if requested by the government.
    • Forensic experts have said that information from these devices is valuable because investigators can be used to verify statements made by suspects
    • Data from these devices can confirm or deny the old alibi "I was home alone"
    • O’Toole intends to introduce the smart speaker recordings in Crespo's favor
    • O’Toole says smart speaker recordings are involved in several of his cases, including a divorce in which a smart speaker may have picked up the sounds of a man cheating on his wife
    • Lee Whitfield, forensic analyst said "I think this is going to be more and more prolific as time goes on"
  • Ransomware attacks are rising a leading to larger payouts to criminals:
    • Ransomware attacks have been on the rise with more people working remotely during 2020
    • Bitdefender's Mid-Year Threat Landscape Report 2020 claimed a 715% year-on-year increase in attacks
    • Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020 according to Coalition, one of North America's the largest cyber insurance providers
    • Claims have ranged in size from $1,000 to over $2,000,000 per incident
    • Coalition said "Ransomware doesn't discriminate by industry. We've seen an increase in ransom attacks across almost every industry we serve"
    • "In the first half of 2020 alone, we observed a 260% increase in the frequency of ransomware attacks amongst our policyholders, with the average ransom demand increasing 47%" - Coalition .
    • These attacks are getting more dangerous as well. Criminals seek to encrypt and exfiltrate as much data as possible to increase the likelihood a ransom will be paid
    • The criminals will also threaten to release the data on the internet if the ransom is not paid as an added incentive to pay the ransom
    • In many cases, criminals have released stolen data when the victim won't pay the ransom
    • Bitdefender's Liviu Arsene said "If they do that just once, they set an example for everyone else who becomes infected, because those who don't pay end up with data leaked and a GDPR fine. Everybody else who gets infected afterwards is going to see the attackers are serious" 
    • The ransomware continues to evolve. GandCrab was one of the most prolific of 2019, but its operators shut it down after claiming to have made a fortune
    • New families of ransomware such as Sodinokibi, aka REvil, have emerged
    • Sadly, ransomware-as-a-service (RaaS) is now a thing too. Criminals can rent the software to launch these attacks
    • The FBI continues to advise against paying the ransom
    • What you can do:
      • Apply software updates and patches to ALL devices as soon as possible
      • Use endpoint protection, aka, anti-virus software and keep it updated
      • Warn users about clicking links and opening attachments
      • Backup data regularly and test the backups regularly