Robin’s Newsletter #257

21 May 2023. Volume 6, Issue 21
Montana bans TikTok. Ransomware as activitsm. Fallout from Capita breaches escalate.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

Montana bans TikTok

  • Tiktok has been banned by the US state of Montana over ‘national security’ concerns. I think this is pretty dumb: both technically and legally, with restrictions being easy to circumvent and any ban difficult to enforce given the lack of control or monitoring that the state has over Internet access. Moreover, this type of ban is performative rather than a scalable or sustainable solution to the problem (perceived or otherwise).

Ransomware as activism?

  • Activism is how one ransomware group is casting its activities. After encrypting victims’ files, they “simply ask” that victims “make a donation to a non-profit that we approve of” before suggesting “you can probably get a tax deduction and good PR” from what it calls a ‘donation’. The group, called MalasLocker, targets users of the Zimbra collaboration tool. The group has claimed almost 200 victims since April.

Capita breaches continue to escalate

  • Capita’s data breach woes are getting worse as five more local councils say their data was put at risk by the outsourcer’s mismanagement of cloud infrastructure. Coventry, Adur and Worthing in West Sussex, Rochford District and South Staffordshire have variously described the incidents as a “serious data breach,” “belatedly informed,” and that the “full extent of the issue is not yet fully known.” Meanwhile, Marks and Spencer, Diageo, Unilever and Rothesay have all confirmed that their pension schemes, operated by Capita, may have been compromised. A statement from M&S said a “large proportion” of scheme members may be affected. The growing scale of those affected stands in stark contrast to Capita’s claims that “less than 0.1%” of its server estate was impacted (vol. 6, iss. 17).

Interesting stats

1.7 million app submissions were blocked for privacy, security or content policy violations in 2022, and  $2 billion of fraudulent transactions were prevented by Apple’s App Store team.

10x less likely for abandoned Google accounts to have multi-factor authentication enabled, opening the door to account takeovers, so the company will begin deleting these accounts after two years of inactivity.

400 Naira (87¢) an hour paid to a worker in Lagos, Nigeria, to operate ‘hundreds’ of virtual profiles on dating apps in catfishing scams.

Other newsy bits / in brief

And finally


  Robin's Newsletter - Volume 6

  TikTok Montana Ransomware Hacktivism Capita App Store Cybercrime Data Protection and Digital Information (DPDI) General Data Protection Regulation (GDPR)