FFT news digest  Nov 25 2022

Twitter

Less than two weeks after new EU rules on social media responsibilities came into force, Twitter's entire Brussels office has closed after its staff resigned or were fired. The Financial Times says what happened in Brussels is "symptomatic of a global trend from India to France where local Twitter executives who had key positions to deal with government officials abruptly left the organisation." Officials in the EU and the US have expressed concern over whether Twitter has the capability to ensure compliance with local legislation. Such concerns won't be allayed by Musk's decision to allow controversial figures back on the platform and to abandon a promised moderation panel. He blamed his move on activists who he said had urged advertisers to boycott the platform.

As Twitter users continue to migrate to Mastodon, researchers have been picking apart the alternative platform's security and, unsurprisingly, they've found some issues. Unsurprising because, unlike Twitter, Mastodon is open source software used to run thousands of individual servers, known as 'instances.' Concern has been expressed about the ability of individual administrators to read direct messages sent on the platform. As others have pointed out, Mastodon isn't designed to be a secure messaging platform so you shouldn't send anything on it that you wouldn't be happy to post publicly. If you're curious about Mastodon, journalism guru, Jeff Jarvis, has produced the best guide we've seen so far.

Mastodon isn't the only Twitter alternative. 'Post' is billed as a “civil place to debate ideas; learn from experts, journalists, individual creators, and each other; converse freely; and have some fun.” Post was created by the former CEO of Waze, and its approach to moderation appears to draw on the navigation app's crowd-sourcing roots. It says it aims to rekindle memories of when social media was fun and "didn't make you angry or sad." There are currently some 143,500 people on the waitlist.

Threats

Black Friday: Do be on guard for shopping scams. Among those spotted already; 'free' British Airways tickets, fake Amazon confirmation emails, and instant messaging scams.

Incredible: If a deal looks too good to be true, then it almost certainly is. Step forward the Sajiulas “16TB portable SSD external hard drive,” a barely believable product available on Amazon for the incredible price of $109.99. It was spotted by TechRadar who told Amazon about it, was thanked for the informatio...and found it still on sale 16 hours later.

Banking: A Russian-speaking crime group is using slightly altered web addresses together with powerful malicious software to steal banking credentials. Password Managers can help defeat this technique. KrebsOnSecurity

Extensions: A new report reinforces longstanding concerns about the risks of browser extensions (the add-ons that make web browsers more functional). Incogni's survey focussed on Chrome though the issue affects all browsers. Avast has a current example. Our advice is to be careful before installing extensions and to minimise their use.

TOAD: 'Telephone-oriented attack delivery' or callback-phishing combines emails, social engineering and call centres to fool victims into installing remote access software that enables the theft of sensitive information. Criminals then demand a ransom in return for not publishing the data. This particular attack begins with a fake invoice with a phone number that the victim is encouraged to call. Unit 42

iSpoof

At long last, a successful international police operation has taken down a service used to defraud victims by impersonating trusted organisations. iSpoof enabled users to "anonymously make spoofed calls, send recorded messages, and intercept one-time passwords,” Europol said. The UK's Metropolitan Police, which led the operation, marked the success by promptly uploading a spoof video to iSpoof's Telegram channel. The Met says it's sending text messages to 70,000 UK mobile numbers who it believes may have been victims of iSpoof. It's vitally important to take care before responding to these messages because, if we were criminals, we would certainly send fake texts of our own. Police say no messages will arrive after today, so any that do should be ignored.

Passwords

Awareness of password security is going so well that 'password' is still the most popular password, according to NordPass. And it's closely followed by '123456.' We have no words, other than to pass on Group-IB's report that Russian-speaking crime groups stole 50.35 million passwords in the first seven months of this year. The stolen credentials were for cryptocurrency wallets, Steam, Roblox, Amazon, and PayPal accounts, as well as payment cards. Group-IB says the criminals behind the growth are low-level scammers who don't need any advanced technical knowledge because the process is fully automated.

In brief

Meta: People linked to the US military were behind a social media influencing operation that involved dozens of fake Facebook and Instagram accounts, according to a report from Meta. Not only was this widely assumed but the operation itself was outstandingly unsuccessful.

Apple: More details on the mismatch between reality and Apple's privacy promises. Earlier this month, researchers demonstrated that many of Apple’s apps collect personal data even when they're told not to. Now, the same researchers have shown that - despite assurances to the contrary - the data can be linked to individual users. 9to5Mac

Wickr: Amid swingeing cuts, Amazon says it will close its consumer messaging app, Wickr Me, and focus on enterprise customers. Amazon is making the biggest cutbacks in its history amid reports that Alexa alone is on course to lose $10 billion this year. Business Insider ($)

Jargon: We loathe jargon and do our very best to avoid it (people who attend our awareness sessions can fine us if they catch us using terms they don't understand). According to Kaspersky, jargon is a real problem - particularly for senior management who are befuddled by terms including malware, phishing, ransomware and supply chain attacks. (Definitions in the links!)

Chinese games: Beijing reckons it has defeated the teenage addiction to video games. A report says around 70% of Chinese kids are observing the three hour a week limit on gaming for minors. The Register

Terminator: And finally...next week a San Francisco council committee is due to vote on a proposal to allow police in the city to deploy robots that are authorised to kill people. Mission Local

This is a condensed version of the email our clients receive. You can subscribe to receive the full digest.

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2022 Full Frame Technology - All Rights Reserved