The Luxury Side Of the Hack, And Other Cybersecurity Stories That Made History In 2021

Online publication Motherboard selects nine of the year’s best stories on hacking, information security, privacy, and surveillance “that we wish we had reported and written ourselves.”

The first is about a former celebrity and ultra-rich entrepreneur from Nigeria, a man named Ramon Abbas, aka Hushpuppi, published in Bloomberg Businessweek. At the height of his success he had more than two million followers on Instagram, where he was often pictured with his Ferraris and Rolls-Royces, and he was welcomed at high-end fashion shows by the likes of Gucci and Louis Vuitton. Arrested in 2020, he is accused of stealing millions of dollars from companies worldwide with a scam known as “business email compromise,” or BEC. Typically it begins with a quiet phishing attack that gets into the organization’s email account. The operators then take their time, noting who is talking to whom and how things work, particularly in such areas as accounts payable. The strike can come weeks or even months later. The FBI says there were nearly 20,000 BEC attacks in 2020, costing victims almost two billion dollars. The losses dwarf those from ransomware attacks, according to a cybersecurity  company director and former FBI analyst quoted in the Bloomberg article, but these episodes don’t get much attention, in part because publicity would be humiliating and likely would be bad for business, particularly where the victim is a bank or law firm. In one hit, detailed in the indictment of Abbas and a co-conspirator, a bank account Abbas controlled contrived to receive a wire transfer of $922,857.76 from a New York law firm, money that was meant for a client who had refinanced a piece of real estate. The paralegal who did the transfer made a call to confirm the details and it looked okay, but it turned out the the phone call instructions and the person at the other end were also part of the scam.

The other stories on Motherboards’s list include a BBC reporter’s account of his attempt to make contact with ransomware practitioners in Russia; a story titled “The Opportunities—and Obstacles—for Women at NSA and Cyber Command,” from Wired; and the story of the Colonial Pipeline cyber attack, which ended with the payment of nearly $5 million.