Security News

The front man for the notorious Dark Overlord hacker gang, which threatened to leak stolen confidential information unless paid off, has been sentenced to five years behind bars in America. Wyatt was among a crew of miscreants who since 2016 operated under the Dark Overlord brand: they would hack people and organizations, and threaten to dump their victims' private documents onto the web unless payment - typically between $75,000 and $350,000 in Bitcoin - was coughed up.

GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year gets under way. NCSC sent advice to places of learning "Containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks," it said in an advisory note published this morning.

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals. It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive. Back in February, the bank trialled tracking software to detail the amount of time employees spent at their desk, as revealed by City AM. Last week an employee received a "Work yoga" assessment on their daily performance informing them they had spent "Not enough time in the Zone yesterday," the City paper reports.

The British teenager accused of being part of the gang that hacked Twitter and posted a cryptocurrency scam from various US celebrities' accounts has not yet been arrested. Mason Sheppard, a 19-year-old of Bognor Regis in the English county of West Sussex, has been visited by the National Crime Agency but no arrests have been made on this side of the Atlantic.

The trade union's servers were breached at the end of July, knocking out its website on the 30th as BDA personnel scratched their heads. Trade news site Dentistry Online reported BDA chief exec Martin Woodrow as saying: "As we attempted to restore services, it became clear hackers had accessed our systems."

Nearly half of British university staff say they have received no cybersecurity training, according to a recent survey. 46 per cent of staff received no training at all, while one Russell Group uni said that just 12 per cent of its staff had received "Any" training in infosec matters.

Uncommonly well-informed people knew all about it by reading The Register's report of the Blackbaud ransom payment last week, but mere Muggles only heard of it when universities began informing students, staff and alumni that their personal data had been nicked. The University of York told its students and alumni on Wednesday that names, dates of birth, student numbers, addresses, phone and email addresses, fundraising details, details of occupation and employer details were among the data stolen, according to student news site York Mix.

British infosec businesses are celebrating the 30th birthday of the Computer Misuse Act 1990 by writing to Prime Minister Boris Johnson urging reform of the elderly cybercrime law. The Computer Misuse Act received Royal Assent on 29 June 1990, before "The concept of cyber security and threat intelligence research," the CyberUp campaign group said in its letter [PDF].

South Wales Police and the UK Home Office "Fundamentally disagree" that automated facial recognition software is as intrusive as collecting fingerprints or DNA, a barrister for the force told the Court of Appeal yesterday. Jason Beer QC, representing the South Wales Police also blamed the Information Commissioner's Office for "Dragging" the court into the topic of whether the police force's use of the creepy cameras complied with the Data Protection Act.