The Good, the Bad and the Ugly in Cybersecurity – Week 36

The Good

A Colorado man named Bryan Connor Herrell, who worked as a moderator on the now defunct Darknet site “AlphaBay Market”, was sentenced to 11 years in prison by the U.S. District Court.

The site, which was taken down in a joint operation by the FBI along with Thai and Canadian police, served as a marketplace for buyers and sellers of guns, stolen identity information, credit card numbers and other illicit materials. At one time, AlphaBay was the world’s largest online drug marketplace. As a moderator, Herrell helped settle disputes between buyers and sellers. He was clearly dedicated to his work, helping to resolve over 20,000 such disputes.

Herrell’s capture came as a result of the site’s founder and admin Alexandre Cazes being arrested in Thailand in 2017. Cazes, who was subsequently found dead in his prison cell only a few days later, kept a laptop full of incriminating evidence. The FBI had seized the device and were able to retrieve troves of information related to the site’s infrastructure and staff, including the involvement of Herrell. While Herrell’s trial took several years to conclude, the sentence is severe and should serve as warning to others interested in exploring the murky paths of the criminal underground.

Other good news this week comes from Facebook and Twitter, both of which suspended several accounts affiliated with Russian State actors. The accounts belonged to “PeaceData”, a fake news website publishing misleading articles about world politics.

The two social networks said they started an investigation into accounts associated with the site after they received a tip from the FBI earlier this summer. The information was passed also to an independent research body Graphika, which confirmed that the site and associated social media assets were linked to the infamous Russian troll farm “Internet Research Agency” (IRA).

Hopefully, this action is a sign of social media platforms starting to take a more determined stand against fake news and online manipulation.

The Bad

The Parliament of Norway, also known as “The Storting”, was the target of a cyber attack this week that breached the email accounts of several MPs and members of staff. Emails belonging to the Conservative party (Høyre) were among those hacked, but it is unknown at this point if the account of PM Erna Solberg or any government ministers were affected. The opposition Labour party (Arbeiderpartiet) email account was also hacked, suggesting the attack was conducted by an external perpetrator.

“This has been a significant attack,” said Marianne Andreassen, the parliament’s non-elected chief administrator. “Today’s threat situation is challenging, and IT security is something that we are always reviewing. New measures to reinforce security in the Storting are continually being assessed,” she added.

The Parliament has reported the incident to Norwegian police security service (PST), which then tweeted that they were investigating the case. The next Norwegian parliamentary election is scheduled to be held a year from now, in September 2021, and the fears are that this attack might be a prelude to foreign interference in next year’s election.

The Ugly

Still with politics and cybercrime, the Twitter account of the personal website of Indian Prime Minister Narendra Modi has also been hacked this week. The perpertators posted a series of tweets appealing to his 2.5 million followers to donate to the PM National Relief Fund with Bitcoin.

The tweets read, “I appeal to you all to donate generously to PM National Relief Fund for Covid-19, Now India begin with cryptocurrency.”

Subsequent tweets revealed the identity of the hackers to be a group called “John Wick” (referencing the movie franchise starring Keanu Reeves), which was accused earlier this week of hacking a famous Indian E-commerce website “Paytm Mall” and demanding a ransom. It appears that the hacking group wanted to clear its name and so hacked a high-profile Twitter account and used it to shout to the world that they were not to blame for the Paytm Mall hack.

Twitter is investigating the breach of the Indian PM’s account (the account has been reset since, and the hackers’ tweets deleted), which follows in the steps of the much publicized incident in July when hackers gained access to around 130 celebrity accounts, using them to tweet in concert in an attempt to get people to “donate” to a special Bitcoin wallet. This is another reminder that social media accounts of national and political leaders are high-value assets and need to be protected as such to reduce the risk of manipulation and misconduct on a national or even international level.