Best Infosec Long-Reads of the Week, 8/27/22
Thieves bilked woman in elaborate romance scam, Peruvian "socialite" who infiltrated NATO society was a GRU operative, Teens rickrolled six schools, "OSINT" Twitter accounts in India target foes
Metacurity is pleased to offer our free and paid subscribers this weekly digest of long-form infosec pieces and related articles that we couldn’t properly fit into our daily crush of news. Let us know what you think, and feel free to let us know of your favorite long-reads via Twitter @Metacurity. We’ll gladly credit you with a hat tip. Happy reading!
- Kate Briquelet and Emily Shugerman tell this tale of 69-year-old Laura Francis, who met a young man, “David Hodge,” on Facebook, supposedly a surgeon helping soldiers recover from injuries caused by explosives, and began a whirlwind virtual love affair that turned into a complex online romance scam that cost her life savings of $248,000. To make matters worse, “David” had two accomplices egging Francis on to send him more and more money via a cryptocurrency ATM.
- Bellingcat journalist Christo Grozev exposes Maria Adela Kuhfeldt Rivera, a woman who traveled the world as a Peru-born socialite with her own jewelry line, as an operative of Russia’s military intelligence agency GRU. Uncovered as a result of a 10-month investigation among Bellingcat, Der Spiegel, The Insider, and La Repubblica, Rivera managed to access the highest echelons of NATO’s Allied Joint Force Command in Naples, Italy by opening a jewelry and luxury items boutique, that became a trendy club frequented by the local highlife. She eventually became the secretary of a charitable organization that was also attended by members of the NATO command center in Naples.
- The New York Times’ Kashmir Hill investigates a case involving a stay-at-home father, Mark, who got caught in a nightmare caused by Google’s automated tool for detecting child sexual abuse material (CSAM). It all began when Mark’s son’s pediatrician recommended that Mark send photos of his toddler son’s inflamed groin area, which Google’s system flagged as possible CSAM. Highlighting the pitfalls of automated image scanning, Mark ultimately and permanently lost his Google account and was flagged to authorities as a potential abuser. (However, they took no action against him.)
- Wired’s Matt Burgess tells the delightful story of Minh Duong, a senior on the verge of graduating high school in Cook County, IL, who, with his friends, hijacked 500 screens across six school buildings to rickroll their classmates and teachers. The stunt was so impressively clever and performed with such goodwill that school authorities punished none of the tricksters.
- Nilesh Christopher in Rest of World delves into the rise of Indian Twitter accounts that pose as “open-source intelligence (OSINT) activists,” exposing critics of the Hindu nationalist ruling Bharatiya Janata Party (BJP) as “anti-Indian” forces. In reality, these OSINT accounts are right-wing operatives spreading disinformation supporting India’s Prime Minister Narendra Modi. One of the most influential of these accounts, @thehawkeyex, obscures highly charged words, using special characters: terr0r!st, Roh!ngya, gen0c!de, k!ll!ing to dodge Twitter’s platform moderators.
