Cyber Security News Update 10/12/2018

Gal Vallerius, AKA “OxyMonster”, was sentenced to 20 years in prison for his online drug deals as an online drug kingpin. Mr. Vallerius was arrested when he arrived in the United States from France for the World Beard and Mustache Championship, and he was sentenced in June on drug and money laundering charges. His arrest comes as part of the Dream Market being shut down, which was a major marketplace for illegal substances of all kinds. Mr. Vallerius worked his way up from drug peddler to moderator and admin of the website; when he landed in Austin, Texas for the competition he was arrested and his personal belongings were searched. He was carrying a laptop with the key to a BitCoin wallet with $500,000 in BitCoin and had his login credentials saved for the Tor browser he used to access the Dream Market. This evidence confirmed Mr. Vallerius’s identity as OxyMonster and facilitated his incarceration. The 20-year sentence given to Mr. Vallerius is only half of the maximum he could have been given, and his promised cooperation may reduce his sentence even more. Another Dream Market admin was sentenced in the US earlier in the year as well, and it appears that law enforcement agencies are closing in on the various dark markets.
Source: French Dark-Web Drug Dealer Sentenced to 20 Years in US Prison

A report has shown that consumers are aware of the security vulnerabilities that IoT devices represent, and are willing to pay for increased security. Internet of Things (IoT) devices are very convenient, and their interconnected nature makes tasks easier and faster but brings out a large security risk: the entire chain of networked devices is only as secure as the least secure device. IoT chains establish security infrequently, so an attack that overwhelms one link will pass unhindered through the rest of the devices if timed correctly. Phones and computers can connect to Bluetooth devices such as Alexa or Google Home speakers, which may have less security than the computer. Smart fridges represent a new avenue of attack as do smart thermometers. These devices connect with phones, which already have known hardware vulnerabilities; smart attackers would be able to daisy chain an attack off of a fridge into a phone and then into secure email or financial accounts.
Source: Report Finds Low Confidence in IoT Device Security by Consumers Living in Connected Homes

In a recently published study it was reported that the majority of US weapon systems have cyber vulnerabilities, which were found (and hopefully patched) by friendly hackers as part of a readiness effort. Many of these weaknesses came from the negligence of the system’s operators, which are more repairable than hardware and software issues. Cybersecurity is a cultural issue, and creating that culture of security requires effort and change. Basic cybersecurity practices are simple to implement such as Two-Factor Authentication (2FA), and regular password changes. In a pair of troubling instances attackers were able to remotely control a weapon system, and in the other they were able to mirror the users screens and alter what they displayed.
Source: Nearly all new U.S. weapons systems have ‘critical’ cybersecurity problems, auditors say