Cyber Security News Update 1/4/2019

Welcome to the first News Update of 2019, and Happy New Year! With the pleasantries out of the way, let’s move on to the first cases of cyber-misfortune happening.

Prominent hacktivist TheHackerGiraffe (THG) has removed himself from the public eye by deleting his social media accounts, portfolio, and even a server used in his hacks. THG is known for exposing security flaws in Internet of Things (IoT) devices such as printers and Google Chromecasts, where he used the hacked devices to advertise for a favorite YouTuber of his: PewDiePie. In a recording from Periscope, THG has stated that his repeated vandalism of people’s personal devices has drawn their ire, threats of physical violence or death, and potentially an investigation by the FBI. It seems that the consequences of THG’s actions finally hit home and he’s decided it’s time to withdraw for now. It’s important to remember that this sort of hacking may be considered illegal under US law, even if no vulnerable data has been taken or altered. Apparently, the stress has been so bad that THG has stated that he may never touch a computer again. Let this be a lesson then, be prepared for the consequences of your actions.
Source: Fearing backlash, IoT hacker ‘TheHackerGiraffe’ no longer sticking neck out for PewDiePie

A massive German data breach springing from an advent calendar has now involved prominent politicians and celebrities. While the specific scope of the breach remain unknown, the broad strokes of it have been revealed: every single political party in Germany, except for the far-right Alternative for Germany (AfD) party have had their financial data, private chats, and contact lists revealed. While the vector is currently unknown, it is believed that a phishing or spearphishing attack may have been used to gain access to passwords that were reused on other platforms such as social media accounts. An exploit of weakened email security protocols may have also lead to the breach, with the same result of passwords being used in multiple places. There is no confirmation on the attacker, though there is a significant amount of speculation, and the two top suspects are Russian groups such as Fancy Bear or an internal far-right group. Leaving the AfD untouched may be an attempt to draw attention to them, as they may fit the profile of an attacker. In 2015 Russia was accused of hacking servers used by the German Parliment, and in late 2018 the United States warned Germany that China was in the process of a wave of “cloud hopper” attacks. This attack has damaged the public’s confidence in data security, which may have been the goal all in of itself, as last year the German BSI had to report that APT28 (Fancy Bear) had managed to make their way into a highly secure data storage network. Cyber warfare has increasingly come to the front of every political conflict as it remains a way for state actors to strike without directly implicating their country. Intelligent cyber tactics allow countries to wage war without a physical shot being fired, and level the playing field for smaller or less militarized nations to strike.
Source: German politicians and other high profile citizens targeted in massive data breach