Welcome to Codebook, the cybersecurity newsletter that really likes your shoes.
Don't forget to send me story ideas by replying to this email.
Photo: Spencer Platt/Getty Images
The Dark Overlord, a cybercriminal collective known for targeting a few flashy, high-profile victims, is hiring. They've even posted a help wanted ad, archived by the threat intelligence firm Digital Shadows — and their job listing is more like "The Office" than "Mr. Robot."
Why it matters: If you imagine hacking and cybercrime as an alternative subculture of punk kids with keyboards, think again: Hacking groups are businesses of a sort, and some of them are borrowing the language and recruiting techniques of the mainstream.
The Dark Overlord's job listing, posted in November, is a window into IT hacking as a daily-grind office job.
Background: The Dark Overlord is the group that famously threatened to leak "Orange is the New Black" and "Game of Thrones" content if networks didn't pay up. More recently, the group has begun leaking documents from insurance providers related to 9/11.
"Must have a winning attitude." According to the job listing found on the KickAss hacker forum, "If you're goal oriented and used to objectives and achieving them, you're perfect for us."
The bottom line: View The Dark Overlord as a late-stage tech startup trying to grow its workforce after early buzz wore off and some of the original talent has begun to depart.
FireEye reports that a multiyear, global campaign of hacking government, telecommunications and internet infrastructure systems has ties to Iran.
Why it matters: The previously untracked hacker group uses a technique known as DNS hijacking, which is uncommon for campaigns of this scale.
DNS, or the Domain Name System, is like the internet's equivalent of a telephone operator switchboard. It changes web addresses like "axios.com" to numeric internet addresses.
Details: These attacks targeted dozens of victims in the Middle East and North Africa, Europe and North America, and they were clustered between 2017 and the present.
McAfee assesses that the ransomware attacks that hobbled the distribution of the Los Angeles Times and other Tribune papers in late December were carried out by a criminal group, not a nation, as the Times itself had reported.
The intrigue: Attackers used Ryuk ransomware, a variant of Hermes ransomware that has been used by the North Korean Kim Jong-un regime to funnel cash to the nation. But McAfee notes that Ryuk and Hermes have each been offered commercially on a Russian hacker forum, which appears to be the source of recent infections.
That doesn't mean it's impossible for North Korea to be behind the Tribune attacks. But Ryuk's use alone doesn't strongly suggest the attack was from North Korea.
Google will likely win its plea to limit European privacy rules known as the "right to be forgotten" to web searches in the European Union, according to a determination by Advocate General Maciej Szpunar summarized here by Reuters.
Why it matters: The "right to be forgotten" gives people in the EU the ability to demand Google remove some links about them from search results. In 2016, France declared that those links had to be removed from search results globally and not just within the EU, which Google is currently challenging.
The big picture: Szpunar took Google's side in the case, and the EU courts generally follow the advocate general's lead.
Photo: stockcam/Getty Images
On Wednesday, internet megaforum Reddit locked "a large group of accounts" due to a "security concern," according to an administrator's post.
What they're saying: "By 'security concern,' we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access," wrote colorfully nicknamed admin Sporkicide.
Codebook will return next week, when we'll be even more honest than ever before.