News in brief: Muni hacker is hacked; Facebook warned over data sharing; spy agency releases data tool

Your daily round-up of some of the other security stories in the news

San Francisco Muni hacker is hacked

It’s usually considered unkind to enjoy someone else’s discomfort, but San Francisco’s commuters and the people who manage its Muni public transport network could be forgiven a little Schadenfreude at the news that the hacker who unleashed a ransomware attack on the network was himself hacked.

As Brian Krebs reports, he was contacted by a “security researcher” who had, apparently, compromised the hacker’s email by guessing his secret question and resetting his password.

There is a certain irony in the person who apparently caused the network to be forced to let passengers travel for free as a result of his actions falling victim to having his own account compromised so easily.

Facebook warned again over WhatsApp data

Facebook could face further restrictions on its plans to collect user data from WhatsApp, the messaging platform it bought for $22bn in October 2014.

WhatsApp said in September that it would, after all and despite reassurances, share user data with its parent company, only to have both German and UK data regulators tell it to stop collecting data from its citizens.

Isabelle Falque-Pierrotin, who chairs the European Article 29 working party and who heads CNIL, France’s data protection authority, said in Paris that Facebook would probably face “additional action” after the working party’s meeting next month.

She added: ““Looking at the evidence we have, the companies have stopped merging data but possibly not for all WhatsApp services. It’s probably a bit more complicated than that.”

Spy agency releases data analysis tool

GCHQ, the UK’s spy agency, has, in a splendid mash-up of mixed metaphors, posted what it calls a “Swiss Army knife” suite of tools called CyberChef. The tool, a web app for analysing and decoding data without having to get to grips with complex software, is available on Github, the code-sharing site.

The aim, says GCHQ, is to encourage “both technical and non-technical people to explore data formats, encryption and compression”.

You can get a sense of its capabilities via the online demo, and GCHQ hopes that it will spur people on to use its “simple functions [which] can be combined to build up a ‘recipe’, potentially resulting in complex analysis, which can be shared with other users and used with their input”.

Catch up with all today’s stories on Naked Security