In our April overview, we highlight the funniest and the most ridiculous information security incidents from the last month: Brad Pitt ruins family happiness, a malicious insider escapes from the Irish police, and Disney tells the belated truth.

Mole bait 

What happened: HR startup Rippling “caught” a malicious insider taking the bait.

How it happened: The startup Rippling faced employee poaching by its competitor, Deel. Job offers were received in private messenger chats, so the management suspected that the company had an insider leaking information to competitors.

The company also suddenly started receiving inquiries from the media about Rippling circumventing government restrictions on working with certain customers. To confirm their suspicions, journalists cited messages from the corporate Slack, where Rippling employees discussed this topic.

The company conducted an internal investigation and identified a potential insider: he worked in the same department as those who were contacted by the competitor's recruiters. Monitoring logs also showed that the employee regularly viewed Slack channels unrelated to his job responsibilities and daily searched for messages and files with the word "Deel".

The Rippling decided to catch the "mole" with bait. They created a trap channel "#d- defectors" in the corporate Slack, in which they allegedly discussed how to annoy the competitor. Then, they wrote directly to Deel that such a channel existed. The result was not long in coming. The insider found and carefully studied the channel. This remained in the logs. Rippling called this "irrefutable evidence" that the insider was working for a competitor.

Immediately after this, the company asked the Irish authorities for a warrant to arrest the spy and check his phone. He did not agree with this, so he lied to the law enforcement officers who came to the office. He said that the phone was in his bag, but he himself ran to the restroom and tried to drown the smartphone in the toilet. He was told that such actions were illegal, but the insider boldly replied that he was "ready to take such a risk". After that, the employee ran out of the office and disappeared.

Rippling described all these details in its lawsuit against Deel. It also mentions that the company found other evidence of guilt. For example, the "mole" leaked information not only from the corporate messenger but also from the cloud, the CRM database and the internal employee directory.

SearchInform comment: Perhaps it's all about the practice of applying the law in Ireland. Or maybe the insider was initially caught only in a suspicious interest in data that did not concern him, and there was no real evidence of his communication with the competitor. I assume that the company did not have DLP, otherwise, it would have made things easier: it would have detected the activity in chats and storages and communication with the competitor, even if the employee deleted the letters. And there would be no need to manually sort through the logs.

Not a fairy incident

What Happened: A Disney employee's life was turned upside down by a free AI tool.

How it happened: We previously reported on the Disney data leak in the summer of 2024. Recall that more than a terabyte of confidential messages and files from the corporate Slack were leaked. Hacktivists from NullBulge claimed responsibility for the incident. They said that a company employee was involved in the attack. After the incident, Disney gave up Slack, but the story continued.

It turned out that the insider was Matthew van Andel. He downloaded free image generation software infected with the malware onto his personal computer. As a result, an unknown person gained access to Matthew’s password manager and then to his corporate Slack account.

The attacker decided to intimidate the victim and wrote to him on Discord: “I have gained access to confidential information related to your personal and professional life.” As proof, the stranger sent the Disney employee his personal data and information that he had discussed in a closed Slack channel with colleagues. The next day, Matthew contacted the police, and a post with classified Disney information appeared on the darknet.

The employee then reported the hack to Disney's security department and eventually realized that the hack had occurred through his home computer. A few weeks later, Matthew was fired for allegedly viewing 18+ content. The employee does not admit guilt and is going to sue Disney.

SearchInform comment: It is no wonder they say: there is no such thing as a free lunch. The incident highlights a trend whereby corporate infrastructure is hacked through personal devices. There was a wave of such incidents in 2020 when employees were massively moved to remote work. Slack was probably the only one left perplexed. The messenger simply lost a major client due to a coincidence.

Mr and Mrs Pitt

What happened: A fraudster pretended to be Brad Pitt using neural networks and deceived a woman out of €800.000.

How it happened: In 2023, when 53-year-old Anna first registered on social media, she received a message from a woman who introduced herself as Brad Pitt's mother. She said that her son "needs exactly this kind of life partner". Then, Pitt himself showed up, but the woman did not fully believe that she was communicating with the actor. Anna was convinced by the photos generated by neural networks, as well as the bag and jewelry that the "star" sent her. It is worth noting that the generated photos were of low quality, and she had to pay more than €5,000 for "customs clearance" of the gifts.

Afterwards, the fake Pitt proposed to Anna to marry him, to which the woman agreed and divorced her millionaire husband. After the divorce, Anna received €800.000, which she gave to the fraudster. The fake Pitt allegedly needed an operation, and all his accounts (what a pity) were blocked due to the divorce proceedings with Angelina Jolie.

Anna suspected something was wrong only when she saw photos of the real Brad Pitt with his new girlfriend. The scammer refuted this by sending the woman a fake video generated by a neural network. In it, a journalist says that the actor is actually dating Anna. Only when the media re-published photos of the no longer single Pitt, the Frenchwoman realized that she was being deceived and filed a police report.

SearchInform comment: Deepfakes continue to gain momentum. Last year they talked about DiCaprio and 80 thousand rubles, now there is a precedent for 800 thousand euros. Whoever is responsible for the matrix we are in clearly has a sense of humor.

But seriously, deepfakes have become a threat not only to personal but also to corporate security. For example, fakeboss attacks are actively underway, when attackers forge the identities of bosses and write to their subordinates on social networks and messengers. Deepfakes are often used to “confirm” identity.

You didn't see anything

What happened: An IT specialist accidentally gained access to classified documents.

How it happened: The Register told the story of IT specialist Tom. In the early 1980s, he worked in tech support for the Air Force of an unnamed country.

The infrastructure he was servicing included both Windows and CP/M PCs. Windows files would not open on CP/M and vice versa. The problem was solved using the program Formats, which converted files into a format understandable by both operating systems.

To control computers at that time, you had to enter all the commands on the keyboard. Including manually writing the name of the program you wanted to run. If you accidentally enter the command Format instead of the program name Formats, the data on the drive is deleted. This is what happened to one officer, who then ordered Tom to restore the data.

The IT specialist completed the task and decided to make sure that the files opened correctly. Everything worked, but inside, there was classified military information that Tom should not have access to. The employee kept silent about this because it could lead to a court martial.

SearchInform comment: The moral of the story is interesting. Firstly, the problems with UX/UI seem to have started even before these abbreviations appeared. Secondly, it is hard to even imagine how many secrets throughout history have been “accidentally seen”, “overheard in the smoking room”, and then kept silent. However, some mistakes are quickly revealed: like the recent “accidental” inviting a journalist to a secret US government chat room.

Phishing on Hunter

What Happened: Information Security Expert and Owner of HaveIBeenPwned, Troy Hunt, was a victim of phishing.

How it happened: Hunt reported this on his official website. The expert said that he received a very convincing phishing letter from the email distribution service MailChimp. It warned that due to spam complaints, Hunt could no longer send emails. To resume sending, Hunt had to go to his personal account via the link and check the email campaigns.

Tired after the flight (the information security expert was checking his email at 6:59 a.m.), Hunt did so, after which the page “froze”. He immediately realized what was going on and logged into his account through the official website, but it was too late. Unknown attackers had exported a mailing list with 16,000 email addresses. More than 7,500 of them belonged to users who had already unsubscribed from the mailing list.

Hunt apologized to the newsletter subscribers and said that all active subscribers would be notified of the incident. He also expressed concern that MailChimp retains user data even after they unsubscribe.

Hunt also called the situation ironic. At the time of the attack, he was in London, where he was discussing the promotion of passkeys technology, which is resistant to phishing, with representatives of the UK National Cyber Security Centre.

SearchInform comment: Even the best of hunters can slip up. It is important to understand that there is no such thing as absolute security. Perhaps we should accept it: the most vulnerable link in any system is a person, but we are all human, and we all make mistakes. Another thing is that this is not a reason to give up and not defend at all. The main thing is to continue working.