Facebook fined record-breaking $1.3 BILLION.

May 24 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the alt-cyber to Twitter’s ‘alt-tech’ 😂 Elon FTW

Today’s hottest cyber security stories:

  • Facebook fined record-breaking $1.3 BILLION by EU for ‘data transfer violations’

  • GoldenJackal hack-attack! New threat targets M. Eastern and S. Asian govts.

  • Bad Magic cyber-espionage been around since Moses wore short pants

     

giphy.com

ZUCK IT! DOESN’T META TO ME 🤷🏻

Forget Facebook, grab your cheque book! Doesn’t Meta (hehe) how rich you are, nobody loves a fine that has the word billion in it. Nobody.

Still, maybe the company will think twice before playing fast and loose with customer data in future. Here’s hoping!

So yeah, E.U. regulators slapped Meta (Facebook’s parent company) with a massive fine of $1.3 billion.

But wait, there's more! The European Data Protection Board (EDPB) didn't stop at the fine. They dropped a binding decision on Facebook, ordering them to shape up and get their data transfers in line with the GDPR. Oh, and they have six months to scrub any unlawfully stored and processed data. Clean-up time!

To add a little extra spice, Meta has been given a five-month timeout on sending any more Facebook user data across the pond. But hey, Instagram and WhatsApp, which are also Meta's babies, got lucky this time. They're off the hook and not included in the order.

"The EDPB found that Meta IE's infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous," Andrea Jelinek, EDPB Chair, said in a statement.

"Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organisations that serious infringements have far-reaching consequences."

This has been in the post for a while, so to speak. Indeed, the basis of the ruling can be traced back to a legal complaint initiated by Maximilian Schrems, an Austrian privacy activist and the founder of NOYB, nearly ten years ago in June 2013.

The complaint was lodged due to worries over the lack of adequate protection for European Union user data against U.S. mass surveillance initiatives during its transfer across the Atlantic. Makes sense.

Here’s what Schrems had to say a decade ago:

"The simplest fix would be reasonable limitations in U.S. surveillance law," Schrems said. “There is an understanding on both sides of the Atlantic that we need probable cause and judicial approval of surveillance.

"It would be time to grant these basic protections to E.U. customers of U.S. cloud providers. Any other big U.S. cloud provider, such as Amazon, Google or Microsoft could be hit with a similar decision under E.U. law."

"Meta plans to rely on the new deal for transfers going forward, but this is likely not a permanent fix.

It seems likely that Facebook will have to resort to keeping all data stored on U.S. soil. Blood E.U., eh? Where my Brexiteers at? Lol, just kidding.

SEE GOLDENJACKAL AND HIDE.

There's a new player (threat actor lol) in town, and they go by the name of GoldenJackal. This sneaky advanced persistent threat actor has set its sights on government and diplomatic entities in the Middle East and South Asia.

Kaspersky, the cyber watchdogs from Russia, have been keeping a close eye on these mischief-makers since mid-2020. They've labelled GoldenJackal as a force to be reckoned with—smart and stealthy, like a secret agent in the cyber realm.

The campaign's bullseye includes countries like Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey. Once GoldenJackal sinks its teeth into a victim, it unleashes tailor-made malware that steals data, hops around different systems using removable drives, and even does some sneaky surveillance.

This mysterious group has been causing trouble for at least four years, but who are they?

Nobody knows for sure. Kaspersky is scratching their heads trying to figure out where GoldenJackal came from and which notorious hackers they might be affiliated with. However, their style screams "espionage."

They're like the James Bond of the cyber underworld, blending in and disappearing like a true pro. Could they be backed by a state? It's a distinct possibility! Watch this space, y’all.

THE GOOD, THE BAD, AND THE magic

Bad, Bad Magic. You work your voodoo on me 🎶 Sorry, so those of you who, like us, keep your thumbs firmly pressed against the pulse of the cybersphere may have heard of Bad Magic. They’ve been running riot for a while now. But the news today is they’ve actually been around a lot longer than we previously thought… Ten years longer! Well, near enough.

It’s got a sting in its tail!

The threat actor, tracked as Bad Magic (aka Red Stinger), has not only been linked to a fresh sophisticated campaign, but also to an activity cluster that first came to light in May 2016. Well, we knew they didn’t just magically appear out of thin-air but still didn’t realise they were OG.

"While the previous targets were primarily located in the Donetsk, Luhansk, and Crimea regions, the scope has now widened to include individuals, diplomatic entities, and research organisations in Western and Central Ukraine," Russian cybersecurity firm Kaspersky said in a technical report published last week.

Hallmarks of the campaign are its use of a novel modular framework codenamed CloudWizard, which features capabilities to take screenshots, record microphone, log keystrokes, grab passwords, and harvest Gmail inboxes.

These are the freakiest hacks, in our opinion. Screenshots? Record Microphone? No thanks.

So long and thanks for reading all the phish!

Recent articles