At a glance.
- An update on the Pandora Papers.
- Report: a billion-and-a-half Facebook users' PII is for sale in a dark web souk.
- Two US municipalities deal with ransomware.
Crooks, popstars, and trusts: more on the Pandora Papers.
As we noted yesterday, the world is reeling from the Pandora Papers, a cache of files exposing the shady financial dealings of over three hundred world leaders and public officials. Newsweek notes that several celebrities are among the alleged perpetrators named in the Papers. Supermodel Claudia Schiffer and pop singer Shakira have been accused of tax evasion, though representatives of both stars deny any wrongdoing. The Washington Post also examines the numerous criminals connected to the Papers, like US entertainment executive Marc Collins-Rector, who set up a trust in Belize through a financial services firm that has helped at least a dozen Americans hide their assets while being investigated for crimes.
While the US has long denounced the lax rules of offshore tax havens, the Papers reveal that America has played its own part in sheltering the assets of the global rich. The documents indicate that two hundred six US-based trusts connected to forty-one countries are linked to opaque financial behavior, and, perhaps surprisingly, a lot of them are operating out of South Dakota, which is roughly speaking the second-most surprising place we'd have thought to look for them. (North Dakota would have been the first.) The Washington Post takes a closer look at the US trust industry and how, by evading regulation, it has supplied the wealthy with a refuge for their riches.
Report: hacker markets massive cache of Facebook data.
Newsweek reports that a hacker is hawking the data of about 1.5 billion Facebook users on an underground forum. The trove allegedly includes names, email addresses, locations, genders, phone numbers, and user IDs, and according to one forum user, it’s being offered for sale either in its entirety or in chunks for the bargain price of $5,000 for 1 million users. The data appear to be the product of a new leak, and not the stale leftovers of a previous dump. Some buyers on the forum say they never received their data after paying, implying the whole affair could be a scam. But according to Privacy Affairs, a statement from the seller today maintains that the data is indeed very real. Needless to say, that's what the seller would say: "I've got the goods, honest." The story is still developing, and it remains to be seen how it will eventually fall out.
Coincidentally, yesterday Facebook and subsidiary platforms Instagram and WhatsApp experienced a massive outage that left users unable to access the platforms for several hours, but both insiders and outsiders say the two incidents are unrelated.
A tale of two US cities’ ransomware negotiations.
Pottawatomie County, located in the state of Kansas, suffered a ransomware attack in September, and Security Week reports they are now restoring their systems after paying under 10% of the ransom demanded. “With the extraordinary demands that the COVID-19 pandemic has placed on local governments like ours, we wanted to make sure that the hackers understood that there was no way we could even come close to meeting their demand,” explained County Administrator Chad Kinsley. The JC Post confirms the original ransom request was one million dollars and the actual payment was about $71,000, with a portion covered by insurance. Meanwhile, the Minnesota city of Lewiston experienced a July attack that locked down all of the files on the city’s server, the Fillmore County Journal reports. Though the city agreed to pay the $60,000 ransom, all of which was covered by insurance, the attackers demanded another $120,000 to release the data. Unwilling to meet the new request, officials restored a small fraction of the files from backups. “It was a relief, but it was ultimately three files out of thousands,” city administrator Bobby Falcon said. That extortionist and other crooks are faithless is a dog-bites-man story, but it's worth bearing in mind when reading the criminals' pronouncements and communiques.