Including a thumb drive you put in your leg, cybercriminals stealing school lunch info, and using AI to impersonate a CEO

The world is filled with oddball cybersecurity news, with fresh headlines every day of ransomware and data breaches, Internet of Things incidents and scam apps. The bar for sheer weirdness is high. Here are a dozen stories that managed to clear it.

Forget thumb drives, meet the leg drive

A new device about the size of a pack of gum, called PegLeg is meant to be surgically inserted into your leg. Any Wi-Fi enabled device can access it, and the device can store hundreds of gigabytes of data. This would allow the embedded user to bootleg data into another country.

Ransomware victim hacks back

After paying his ransomware attacker 670 euros (about $747), Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key.

Crimes of the heart online

The FBI’s cybercrime report found that the second-costliest category of crime, behind only compromised business email, was confidence and romance fraud, with a 2018 cost of $363 million. The scams happened 18,493 times last year, the FBI reports – an average of more than 50 times a day.

lilbotOur music isn’t worth stealing

The band Radiohead has released 18 hours of previously unheard music after thieves threatened to release tracks unless the band paid them $150,000. The majority of the material, according to the band, is “only tangentially interesting. And very, very long.”

New cybercrime: Stealing school lunches

Keith Wesley Cosbey, CFO of California school lunch provider Choicelunch, was arrested in April on two felony counts — identity theft and unlawful computer access. The San Francisco Chronicle reported that law enforcement accused Cosbey of hacking into the network of longtime Choicelunch rival The LunchMaster, accessing sensitive student data including names, grades, meal preferences, and allergy info.

Happy birthday Facebook, your money’s no good

Facebook turned 15, celebrating the milestone with total monthly users of around 2.32 billion. The birthday and user base provided little protection from controversy. The social media giant announced its own digital currency, Libra, and experienced major pushback within hours as policymakers around the world voiced concerns it could heavily disrupt the global financial system.

Sleazy cop shut down and busted on the world stage

Germany fined a police officer $1,500 for looking up a driver’s mobile number using their license plate information and calling them for personal reasons.

Homeland security, eh?

For the last four fiscal years, the Department of Homeland Security continued to use unsupported systems, such as Windows XP and Windows Server 2003. Then-DHS Chief Information Officer Richard Staropoli summed up issues related to his cybersecurity management job by saying, “You can write this down and quote me: The problem is piss-poor management.”

The election couldn’t be hacked – and that was a fail

The U.S. government’s $10 million voting machine was supposed to be available for hackers to find security flaws at DefCon. An unexpected bug stopped the experiment from starting until the conference’s last day. More from CNET here.

Criminals use AI to impersonate CEO’s voice

A UK-based energy firm was scammed out of $243,000 when criminals targeted the company with an effective “vishing” campaign. Vishing is short for “voice phishing,” the tactic of tricking targets over the phone. This incident marked the first time AI-based voice fraud netted such a high payload, according to The Next Web.

FaceApp, the new fad and security threat that wasn’t

Remember FaceApp – the hot new app that turned out to be a big security risk? If that’s how you remember it, that’s understandable. It just isn’t true. Pop stars used it to look like senior citizens. Professional athletes made themselves unrecognizable. The “FaceApp challenge” became a thing in 2019 – until U.S. Sen. Chuck Schumer of New York, posted an alarming warning about the app message. Turns out, FaceApp had been around for two years – and had no new security issues.

Hacking Alexa and Siri with lasers

University of Michigan researchers demonstrated how to hack smart speakers via laser. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away.