Tag Archives: revenge porn

Security News for the Week Ending February 12, 2021

Law Firm Goodwin Procter Hacked

Goodwin Procter managing parnter Mark Bettencourt confirmed that some of their clients’ data was compromised. But not to worry; it only affected a small percentage of their clients. One more time, we have a “supply chain attack”. While the vendor was unnamed, I suspect it was Accellion. They suffered a breach that is all over the news due to the high profile targets that suffered a loss. So now a very high profile law firm has to explain to its clients why its security was not good enough to protect their most sensitive data. If you are a client of a law firm, how confident are you that they can protect your data? Credit: ABA Journal

What Does This Mean for Cities?

Salesforce is joining other big tech companies in changing the work-life equation. This week they announced that most staff, after Covid, will only be in the office 1-3 days a week, many workers will never return to the office and a few workers will be in the office 4-5 days a week. This means that work from home security is now permanent, but it also questions the implications for downtown big cities. Salesforce has 9,000 workers in San Francisco. If half of them never come to the office and another 30% come to the office 1-2 days a week, what does this mean for downtown retail and office space? Credit: MSN

State Department Declassifies Report on Cuba’s Sonic Weapon

You may remember reports of Cuba having a secret sonic weapon back in 2017-2018. A newly declassified report by the State Department’s own Accountability Review Board lambasted the department’s response to the attack as lacking leadership, having ineffective communication and being systemically disorganized. There are 104 pages of detail, but none of them paint the previous administration favorably. As a result of the botched investigation we will probably never understand what the weapon was that Cuba attacked us with. Credit: Vice

Ex-Students Plead Guilty to Stealing and Trading Nude Pics and Vids

Two former SUNY Plattsburgh (NY) students pleaded guilty to hacking coeds’ MyPlattsurgh portal accounts and stealing nude pictures and videos. The portal contains full access to the students’ email, cloud storage, college billing, financial aid, coursework, grades and other personal information. They either guessed passwords or guessed security question answers. When the found nude photos and videos, they traded them with others, in some cases identifying the students by name. They even posted some photos online. Credit: The Register

IRS Warns Tax Pros of Identity Thieves Targeting Them

The IRS is warning tax professionals hackers are trying to steal their electronic tax filing credentials so that they can file fake returns and those returns will be tied to those same tax pros. If you are a tax pro and need help, please contact us. Credit: Bleeping Computer

Revenge Porn and Social Media

In spite of the salacious sounding title, even though The post discusses social media, it IS suitable for work.  What is not suitable for work is what people are doing online.

Grindr, a social media platform catering to gay and bi-sexual men is being sued by Matthew Herrick who says that 1,100 men have showed up at his apartment over the last few months and it is Grindr’s fault.

While this particular lawsuit is over Grindr and gay men, the problem is way bigger than that. It affects all social media.

What this particular lawsuit says is that an ex-relationship of Herrick’s created fake profiles on Grindr with pictures and details of Herrick taken from other social media platforms (which could also be taken from the physical world if the person launching the attack knows the victim, hence the revenge component) saying that Herrick was HIV positive, that he was into rape fantasy, that if he pretended that he didn’t want sex with strangers it was all part of role play.

He said that as many as 16 strangers a day show up at his apartment looking for him.

His attorney is Carrie Goldberg of C.A. Goldberg, a New York boutique law firm that specializes in helping victims of revenge porn like Herrick.  She has had some success in getting content taken down, but in part, once the worms are out of the can, it is hard to get them back inside that same can.

In this case, apparently, his ex continues to create new Grindr profiles pretending to be him and when he complains to Grindr, they just send him an automated response saying thank you for your report.

Some social media sites, apparently including Grindr, take shield behind a law called the Communications Decency Act (CDA), specifically, section 230.  What CDA 230 says is that social media companies like Facebook or Grindr are not responsible for content posted by their users with very limited exception, as long as they don’t edit and control the content.  While there have been some attempts to reign in 230, it has held up pretty well.  In fact, without Section 230, companies like Facebook and Twitter would be out of business.  They would be sued by anyone who didn’t like something that a Facebook user said.  Even if they eventually won the lawsuit, they could not afford the legal costs of being sued multiple times a day, so I think the CDA is a good thing.

What we are seeing with some social media companies like Facebook are making a more serious effort to stamp out the obvious revenge porn attacks.  Grindr, apparently,  is not taking the problem very seriously.

To be fair to the social media companies, the problem is hard, but in Herrick’s case, it is not hard at all.  With 100 bogus accounts set up with his profile and pictures, a three year old could see that he is being targeted.  In those cases, Grindr should be much more aggressive in taking down the fake profiles.  And, he is providing them the data.

What attorney Goldberg is doing is trying a different tactic.  She is using product liability, fraud and deceptive business practices laws to go after Grindr.  We shall see if she is successful.

According to Grindr they don’t have the ability to search for photos (although in this case, Herrick is telling them about it, so that doesn’t even seem relevant), even though their bigger competitors like Facebook do this all the time.

But this could happen on any social media platform.

There is nothing to stop a vengeful person from creating a fake profile of you on any social media platform, whether you use that platform or not.  Seed the profile with (fake) suggestive photos and messages and wait for the followers to show up.  Then it is a simple matter to drop the victim’s phone number or address in a post and the damage is done.

If the social media industry cannot figure out a solution to this issue, it could get messy.  If Congress, with it’s vast understanding of technology (NOT!) tries to regulate this, it will probably do a really bad job.  And laws are really bad at deftly morphing when the attackers understand the law and quickly change their approach to get around the law.

I am afraid this is going to get much worse before it gets better.

Information for this post came from CNN.