[Axis of Easy] Hackers Taunt Families Via Compromised Ring Cameras, Podcast It Live


Weekly Axis Of Easy #126

Last Week’s Quote was  “The only thing useful banks have invented in 20 years is the ATM.” by former Fed chairman, the last of his kind, Paul Volcker, who died last week. Nobody got it, closest guess was Milton Friedman. 

This Week’s Quote:    “Every plane crash makes the next one less likely, every bank crash makes the next one more likely.”  by….???

THE RULES:  No searching up the answer, must be posted to the blog

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.


Unless something completely unhinged happens, this will be the last edition of #AxisOfEasy for 2019.  We wish one and all a very merry Christmas, a Happy New Year and we look forward to seeing you again in 2020.

Here are our holiday season hours over the next few weeks.

24 December – we are closing at 3p Eastern
25 December – CLOSED
26 December – open from 10a-3p Eastern
31 December – we are closing at 3p Eastern
01 January – CLOSED

Listen to the podcast edition of #AxisOfEasy here:

#AxisOfEasy 126: Hackers taunt families via compromised Ring cameras, podcast it live from Mark Jeftovic on Vimeo.

 

In this issue:
  • Hackers taunt families via compromised Ring cameras, podcast it live
  • The Great African IP address heist 
  • Armed domain hijacker gets 14 years in prison
  • How the super-rich scrub their online reputations
  • China’s publicly traded search hijacking empire 
  • Bernie’s Broadband Breakup: Internet for all becomes US election issue
  • QuadrigaCX creditors request exhumation of dead-CEO

Hackers taunt families via compromised Ring cameras, podcast it live

The latest fad amongst the script kiddies is to hack into Amazon Ring cameras and use that remote access to taunt occupants of the homes in which they are installed. This is made possible by a new software tool that uses previously exposed credential dumps to brute force Ring cameras until they find one that is a match (one takeaway is: don’t reuse passwords).

Various instances of startling communications, including one where hackers taunt an 8-year old child, are making the rounds, largely because these shenanigans were livecasted via Discord using the name NulledCast. Original reports reported the podcast to the hacker board Nulled, however board admins have disavowed any connection to the broadcast and declared any board member participating in Ring hacks and/or unauthorized broadcasts thereof will incur a permanent ban.

Read: https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast

The Great African IP address heist 

KrebsOnSecurity is reporting on how an insider at AFRINIC, the regional authority that delegates IP address space for Africa, has misused his position and assigned dormant IP space to entities he controlled or had an interest in. The blocks where then sold or leased for private gain, in some cases, to spammers. The operation has been tracked for years by security researcher Ron Guilmette (whom I’ve known for nearly 20 years) who puts the estimated value of the malfeasance at $50,000,000.

The individual identified in the scam, former AFRINIC Policy Coordinator Ernest Byaruhanga, has since resigned his post. He did not cite a specific reason.

Read: https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/

And: https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html 

Armed domain hijacker gets 14 years in prison

Way back in [#AxisOfEasy 14] we reported on how a guy attempted to hijack a domain name at gunpoint. The perpetrator of that attempt has been sentenced to 14 years in federal prison (in our original report, two people were shot in the incident) to be followed by 3 years of supervised release. Apparently there is no parole in the federal system so he will go the distance.

The domain name in question was “doitforstate[dot]com”, which I would have never guessed, but apparently has enormously popular girls-gone-wild type connotations.

Read: https://www.billhartzer.com/domain-names/influencer-14-years-hijack-domain-name/

And: https://onezero.medium.com/the-influencer-and-the-hit-man-6c3905efd3c3

How the super-rich scrub their online reputations

An interesting piece on “reputation management” industry by the Wall Street Journal looked at how the super-wealthy can hire companies like Austin’s “Status Labs” to astroturf the web with positive stories on fake news sites to obscure negative stories that would otherwise predominate searches on their clients.

They looked at hedge fund manager Jacob Gottlieb who wanted to raise capital for a new fund. Only problem was his last fund collapsed in disgrace and his top portfolio manager committed suicide after being indicted for insider trading. Not good, Gottlieb paid Status Labs between $4,000 and $5,000 per month to have positive media posted about him, on sites like “The Medical Daily Times”, which looks like a health news site, but whose phone number rang through to a pizzeria in Toronto, and whose reporters’ headshot turned out to be that of a Canadian actor who had no knowledge of the site or the use of his likeness.

Now searches on Gottlieb bring up the WSJ story so I guess he has to do it all over again (somehow reminds of the scene at end of that Christopher Walken flick “Dogs of War”).

Read: https://www.wsj.com/articles/how-the-1-scrubs-its-image-online-11576233000 (paywall)

China’s publicly traded search hijacking empire 

Search engine arbitrage is when, in one way or another, you buy traffic from one search engine, send it to a page you control and can populate with ads from another search engine, and arbitrage the difference between the cost-per-click on the one side and the revenue-per-click on your side. There have been attempts to do this for as long as paid ads on search has existed. (There used to be a company in Guelph, Ontario called Geosign that was making millions of dollars per year at it and it vaporized literally overnight when Google shut them down).

One way to widen the spread on that arbitrage is to pay nothing for the source traffic, which you can do by installing malware and browser toolbars or extensions that intercept your searches. This is one step beyond search engine arbitrage and is into search engine hijacking. It turns out one of the biggest operators doing this makes an estimated $250 million per year at it, is based in China and is publicly traded there. Just another day at the office.

Read: https://medium.com/against-surveillance-capitalism/how-a-chinese-company-built-a-250-million-search-hijacking-empire-35f957566852

Bernie’s Broadband Breakup: Internet for all becomes US election issue

In the latest instalment of Metaview’s Future Fibre series, Jesse Hirsh looks at what he calls “broadband populism”. This is phenomenon of making universal broadband access a political issue in response to high prices and low quality. The Micro-ISP model ties into this and from where Jesse (and we) see more effective responses originating.

Read: https://easydns.com/blog/2019/12/13/future-fibre-bernies-broadband-break-up/

QuadrigaCX creditors request exhumation of dead-CEO

A law firm representing creditors of the now-defunct crypto-currency exchange QuadrigaCX has requested that the purportedly deceased CEO Gerald Cotten be exhumed. Given the circumstances surrounding the life and death of Cotten, his widow and his business partner, this is not at all surprising.

The request is seeking to have this done by the spring of 2020 citing concerns around decomposition of the body.

Read: https://www.coindesk.com/request-for-exhumation-quadrigacx-creditors-ask-for-proof-that-cotten-is-dead

One thought on “[Axis of Easy] Hackers Taunt Families Via Compromised Ring Cameras, Podcast It Live

Leave a Reply

Your email address will not be published. Required fields are marked *