Elon Musk’s claim that a DDoS attack delayed livecast met with skepticism. Cyber Security Today for August 14, 2024

Share post:

Elon Musk’s claim that a DDoS attack delayed his livecast with Donald Trump is met with skepticism, the National Public Data hack may have revealed most of the Social Security Numbers in the US, and Crowdstrike’s President steps up to accept the “Most Epic Fail” award at DEF CON.

Welcome to Cyber Security Today. I’m your host Jim Love.


Elon Musk claims a DDoS attack is responsible for the failure of X Space during the live interview with Donald Trump.

Technical issues that plagued a live-streamed interview between Elon Musk and Donald Trump on the social media platform X (formerly Twitter). The interview, which was hosted in an X Space, was delayed by 40 minutes. Elon Musk attributed the delay to a “massive DDoS attack” but provided no concrete evidence to support this claim. Observers noted that there were no signals of such an attack on major alert platforms such as Checkpoints’ online threat mapping and Cisco ThousandEyes did not observe the typical signs of such an attack. As well, the rest of the platform seemed unaffected, casting doubt on the DDoS explanation.

Some experts suggest that the platform’s capacity issues, potentially exacerbated by workforce reductions at X, might be the more likely cause of the delay. As you may recall, Musk slashed his technical workforce in an attempt to reduce costs as X’s revenues plummeted when advertisers abandoned the platform in droves.

Although Trump claimed the number to 60 million during the stream the best estimates are that the  interview eventually started with an audience of around 1.1 to 1.3 million listeners, which is a big drop from what Trump could get on traditional friendly media, like Fox news.

This is not the first time X’s technical capabilities have been challenged, there have been issues with other high-profile events on the platform, including Ron DeSantis’s campaign launch in 2023, which also faced significant technical challenges.

All evidence points to the issues being technical in nature and not the result of hacking, but Trump’s campaign has been hit by hacking this week, which some are attributing to an Iranian group. The group published key documents from the campaign, picking items that might be embarrassing like background research, campaign strategy and other highly private campaign data.

An FBI report named the source of the breach as Roger Stone, a key Trump advisor, but it did not identify how the attackers breached Stone’s computer. It could be noted that Trump himself has been hacked twice in the past by the same attacker who guessed his passwords used on the past two campaigns as being Trump2016 and Maga2020. While one hopes that these hacks may have made Trump more cautious about passwords, it is possible that if Stone was hacked from a similar and avoidable mistake.

Sources include: The Register

The article from the Los Angeles Times reported on a significant data breach where hackers allegedly stole the Social Security numbers and other sensitive personal information of nearly every American and apparently Canadians as well.

This breach, which we reported on earlier, was part of the hack of National Public Data, a major data broker. The hacking group responsible, USDoD, claimed in April to have obtained the records of 2.9 billion people from the U.S., Canada, and the U.K.

The data reportedly includes names, addresses, dates of birth and it turns our, Social Security numbers, and phone numbers. Reportedly, they did not obtain drivers’ license information, but the amount of data, especially the Social Security numbers, will leave many vulnerable to identity theft and provides the type of information needed to setup access to bank accounts.

It’s been noted, that those who do not yet have electronic access setup will be the most vulnerable as new online access may go unnoticed until its too late.

To protect against potential identity theft, the article advises individuals to place a freeze on their credit files with the major credit bureaus—Experian, Equifax, and TransUnion to prevents criminals from opening new accounts in your name. This is apparently free to do, but it will require that the freeze be lifted any time the person applies for credit.

Despite the severity, reportedly, National Public Data has not formally notified those affected. Earlier reports noted that some of this data may have been obtained without the victim’s knowledge or consent.

The company has stated that it purged its database of any “non-public personal information” about people, although it added, “We may be required to retain certain records to comply with legal obligations.”

While the story broke due to a potential lawsuit, one hopes that regulators and legislators will take this as a wake-up call given that they National Public Data is only one of a growing number of data brokers that have amassed a great deal of information, again without user consent or even awareness.

Sources include: Los Angeles Times

CrowdStrike’s President Michael Setonas accepted the “Most Epic Fail” award at the Pwnie Awards, an event held during the Def Con hacking conference in Las Vegas in 2024.

This award is of course, in honour of CrowdStrike’s software update that caused a global IT outage.

Despite the severity of the incident, Sentonas, attended the awards and accepted the trophy in person, displaying a sense of accountability and transparency.

During his acceptance speech, Sentonas acknowledged the gravity of the mistake, stating that it was crucial for the company to own up to its errors just as much as it celebrates its successes.

This straightforward approach and willingness to take full responsibility is a a keen example of how to tackle a corporate disaster. In some communications, Crowdstrike has been criticized and even ridiculed but this example of corporate humility and taking responsibility was well received.

That, and other outreach at Def Con – Crowdstrike certainly didn’t hide at event –  may also help explain the crowd’s positive reaction may and highlighted the cybersecurity community’s willingness to forgive and respect the company for its honesty and commitment to improvement.

Sources include: TechCrunch

That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick.

I’m your host, Jim Love. Thanks for listening.

 

SUBSCRIBE NOW

Related articles

Larry Ellison’s “bizarre announcement.” Hashtag Trending for Thursday, September 12, 2024

Samsung Electronics plans global job cuts of up to 30% in some divisions, Wireless data usage soars as...

Apple’s delayed rollout disappoints: Hashtag Trending for Wednesday, Sept 11, 2024

Apple's Gradual AI Rollout Disappoints, Japan to Build World's First Zeta-Class Supercomputer, 1,000 Times Faster Than Current Leaders,...

Will Crowdstrike “dodge the bullet?” Cyber Security Today, Wednesday, September 11, 2024

Microsoft Office 2024 to Disable ActiveX Controls by Default, Major Data Breach Affects 1.7 Million Credit Card Owners,...

Salesforce shakes up AI pricing: Hashtag Trending for Tuesday, September 10, 2024

TSMC's Arizona Plant Matches Taiwan's Chip Yields, Moving from Open Source to Proprietary License Is Not Always a...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways