In this week’s Cyber Blurbs Roundup, we recap Joe Biden’s meeting with big tech, the guy who claims to have been behind the cyber attack against T-Mobile, and another man’s expensive journey to recover an even more lucrative amount of bitcoin.
Big Tech Promises Billions to Help US Cyber Efforts
Following a meeting with US President Joe Biden last week, several of the world’s largest tech companies have agreed to spend tens of billions of dollars in the country’s effort to bolster its cybersecurity. Apple, Google, and Microsoft execs met with Biden at the White House, agreeing to assist with the country’s cyber infrastructure and supply-chain assistance, among other promises.
Alphabet (Google) CEO Sundar Pichai, Amazon CEO Andy Jassy, Apple CEO Tim Cook, IBM Chair and CEO Arvind Krishna, and Microsoft CEO Satya Nadella were all in attendance at Wednesday’s meeting with the president.
“The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said during the meeting.
Apple plans to provide new security trainings, including promoting the use of multi-factor authentication to its suppliers.
Amazon will offer free multi-factor authentication devices to all AWS account holders. The retail giant also plans to offer its internal security awareness training to the public for free.
Google, meanwhile, said it would commit to $10 billion over the next half-decade to improve the country’s cybersecurity. The company also announced plans to train more than 100,000 Americans in modern cybersecurity practices through its Career Certificate program.
Microsoft, not one to be one-upped, pledged $20 billion across the next five years for similar efforts.
News of the pledged funds comes just amid a tough year for US cybersecurity efforts, including attacks against SolarWinds and Colonial Pipeline.
Hacker Claims Responsibility for T-Mobile Attack
Earlier this month, reports surfaced of a massive cyber attack against T-Mobile that exposed the sensitive information belonging to more than 50 million people. Now, just a few weeks later, somebody is claiming responsibility for the attack, and also explaining how he did it.
John Binns, a 21-year-old American residing in Turkey, claims that he is the one responsible for the T-Mobile data leak, communicating with The Wall Street Journal over Telegram. The WSJ says Binns contacted its newsroom before the attack made big headlines.
Binns says he accessed the T-Mobile customer data through unprotected routers, which ultimately allowed him to access the login credentials for more than 100 of the carrier’s servers. The WSJ reports that Binns may have been working with other hackers for parts of the attack.
The list of accessed information includes names, birthdates, driver’s license/ID information, and Social Security numbers. The list of those affected includes former and prospective T-Mobile customers, though not all groups experienced the same level of data exposure.
T-Mobile claimed in a statement that it was “confident that [it has] closed off the access and egress points the bad actor used in the attack.” The carrier has since offered affected people two years of free ID protection from McAfee. T-Mobile also recommends all customers to sign up for free scam-blacking protection.
“As we support our customers, we have worked diligently to enhance security across our platforms and are collaborating with industry-leading experts to understand additional immediate and longer-term next steps,” the company stated.
Man Sues Thieves’ Parents After Bitcoin Scam
We’ll admit that this story is a bit more niche than we’re used to publishing, but the details were a bit too interesting to ignore (h/t Krebs on Security).
Let us turn back the clocks to 2018, when Andrew Schober says he was scammed out of 16.45 bitcoin — otherwise described as 95% of his net wealth, according to ArsTechnica. Schober says he downloaded an app he thought was a bitcoin wallet, only it turned out to be anything but. Attempting to transfer some of his tokens across different accounts, Schober says the app, Electrum Atom, ignored the account address copied onto his clipboard and automatically pasted a different account address that transferred the money out of his account.
For those not overly familiar with the world of crypto, 16.45 bitcoin was worth approximately $200,000 in 2018. Today? More than $750,000.
Devastated and hellbent on getting his money back, Schober spent more than $10,000 in private investigations to determine where his money ended up, and who was responsible. Schober now believes he’s found the culprits… and he’s suing their parents.
Schober’s lawsuit alleges that two men in the United Kingdom used the malware to transfer the funds away from his account. The two culprits, unrelated, were minors at the time of the scam, prompting legal action against both sets of parents. Schober says he contacted the parents in 2018 and 2019 with notes describing the situation but never received a response.
One of the defendants has since motioned to dismiss the lawsuit, alleging that Schober’s claims have surpassed a statute of limitations. It’s worth noting that neither of the two sets of defendants have denied the allegations made against their sons.
Schober’s attorneys claim that the statute of limitations does not begin until the plaintiff knows the existence and the cause of his injury — meaning the clock shouldn’t have started until Schober identified the second of the two accused men.
