I've had this in my head for a while but it feels like the only yogurca criticism I've seen has mainly just been about centipede and peppercorn

#3) [Otome Games/BTS] Indie devs enrage fans of their crowdfunded games with a censorship controversy, years of broken promises and delays, & legal troubles on a BTS fan game

View the discussion on reddit: https://www.reddit.com/r/HobbyDrama/comments/abjkzf/otome_gamesbts_indie_devs_enrage_fans_of_their/

Post (words belong to original poster linked):

Tl;dr at the bottom since this spans several years and numerous layers of drama and is therefore very long.

Some useful info:

Otome games: a niche genre aimed at a female audience, typically visual novels with a female player character and romanceable male characters. Originated in Japan.

Visual novel (VN): a game where the story and dialogue is (mostly) conveyed in text, accompanied by relatively simple visuals and audio, and with choices that change the direction of the story. Also originated in Japan. VNs made in English are sometimes distinguished with the moniker OELVN (Original English Language Visual Novel).

Route: a specific path or branch of a visual novel, often one involving a romance with a particular character.

Pay-per-route: a payment model mainly found in mobile otome games where a game's prologue/common route is free and each character's route is bought separately as DLC. There may also be separate epilogues, sequels and other DLC.

BTS: a massively popular 7-member Kpop boy idol group.

ARMY/ARMYs: the official name of BTS's fanbase/fans.

BigHit Entertainment: BTS's agency.

This drama concerns one small indie dev company, Aeon Dream Studios (ADS), formerly known as Star Maiden Games, and three of their games:

Mystic Destinies: Serendipity of Aeons (MDSOA): their first game for PC & mobile, an urban fantasy OELVN otome game;

Mystic Destinies: Echoes (Echoes): a promised sequel where the romanceable characters are the male antagonists of the first game;

To the Edge of the Sky (TTEOTS): originally a nonromantic BTS fan game for PC & mobile where the members of BTS are reimagined as operatives in a cyberpunk future. There was no in-game mention of the members' names or of BTS itself, but characters were visibly recognisable as BTS members and the group's name was frequently used in descriptions & promotions by the devs. Though originally free, the game was later monetised.

I'll break things down by year for easier reading. I only became aware of the drama this summer and most of this post is the product of my amateur internet sleuthing in the last month, so I apologise if I have made any mistakes.

2015

Star Maiden Games formed and began developing MDSOA in 2015. Like many indie otome game developers, in September 2015 they turned to Kickstarter for funding with a $2,000 goal. Five days later they'd met the target, and when the campaign closed they had $3,555 pledged in total and several stretch goals met. Looking back now, they were a little overoptimistic in promises for sequels and episodic content which were never added. The $3,500 stretch goal of customisable MC skin colour was also never implemented, though this was supposedly because one backer cancelled their pledge.

2016

MDSOA was soon Greenlit and released on Steam in February 2016 with a free prologue and a single route as paid DLC; four more routes and five corresponding epilogues were to be added as DLC as they were completed. Though the majority of initial reviews were positive (see chart), several Steam users left negative reviews, many criticising the pay-per-route model that had given multiple players the false impression that the entire game was free. One reviewer made a deeply critical playthrough of the prologue on Youtube, branding the game 'Serendipishit', and was soon notified it had been taken down by a copyright strike from the developers. His video about the strike gained significant attention on Reddit and a backlash began to form against the developers' perceived attempt to censor criticism.

A day later, the reviewer posted a follow-up video asking viewers to stop harassing the devs. Having personally spoken with them, he now stated the developers were revoking the strike and everything was good. The exact same thing also happened to another Youtuber at roughly the same time (initial video, video about the strike, update. Judging by a comment on the latter video, the Youtuber believed after speaking to the devs that the copyright strikes were deliberate manual strikes aimed at negative reviews.)

In both cases the follow-ups attracted a fraction of the attention that the videos about the strikes got and the controversy took a while to die down. Outside of Steam the developers made only the vaguest allusions to these events. The devs' most detailed comment on the issue, along with a defence of their payment model, was in response to a Steam review, where they claimed they had not specifically targeted negative reviews, only videos that did not have their direct permission to be posted.

Despite the censorship furore, otome game fans who tried MDSOA were largely pleased with the game and a small but passionate fanbase formed. The developers had a small number of Patreon supporters; bonuses included a short story set before MDSOA, which was also sold for $1+ on Gumroad. The second route came out in May 2016, and that month Star Maiden Games changed their name to Aeon Dream Studios, only citing "varied" reasons for the change.

At some point during the year, the two creative heads of the studio became fans of Korean idol group BTS due to relating to the lyrics of Dope, a motivational anthem about the group's tireless work and commitment to attaining success while refusing to bow to criticism. According to later statements by the CEO/Creative Director of ADS, the devs were enduring significant poverty and exhaustion while working on MDSOA during this time.

That September the third route released and ADS launched another Kickstarter campaign to help fund the final 2 routes and a deluxe edition DLC, all of which were slated to be out by December. Fans spread the word and within 4 days they reached the funding goal of $7,500. The devs then rebranded much of the page to reflect their stretch goal, a sequel called Mystic Destinies: Echoes, initially promised for March 2017. Though the stretch goal was not reached, the funding surplus (roughly $5,500) was put towards Echoes with another Kickstarter planned later to finish funding. The fourth MDSOA route was briefly delayed but came out at the end of November. The fifth route and the DLC did not end up arriving in December as promised, but as some delays are par for the course with Kickstarter, nobody was too perturbed. However, whispers of unrest began as ADS started making references to a BTS fan project.

2017

The developers finished funding Echoes through their third Kickstarter in January 2017. This slightly surpassed its $7,200 goal with a closing total in February of $8,033, and they also opened preorders for the game on itch.io (since closed). They now aimed to first finish MDSOA and its Kickstarter reward fulfilment and then release Echoes in "late Spring 2017", or at least no later than Summer 2017. The studio at the time consisted of only 3 employees, with some work contracted out to others.

Obviously, things didn't quite pan out.

Despite the amount of work still to be done on the Mystic Destinies games, in March 2017 they also released a demo for their BTS fan game, TTEOTS, and in May were soliciting funds through Gofundme for further development. (This closed in September 2017 at $1000 raised.) They dreamed of receiving an official endorsement from BigHit and not only emailed and tweeted at BigHit (with no response) but encouraged fans to do so as well, mobilising under the Twitter hashtag #ARMYWantsBTSGames. Though they never received any response, they decided to go ahead with the game anyway. Meanwhile, due to the pushbacks, lack of updates, and emergence of the BTS project, Mystic Destinies fans began to criticise the studio more openly (sample comments: one, two, three).

One focus of criticism was the devs' poor communication. Statements and news were scattered across multiple platforms or buried in Kickstarter comments, leading to confusion and rumours flying among the discontented community. When pressed for answers about whether the delays were TTEOTS-related, the developers insisted they were only working on one game at a time. Meanwhile, the final route of MDSOA hit further delays and due to the devs' communication issues many fans only found out it had been split into two parts when the first book finally released in June. The second followed in July, while the deluxe edition DLC was now slated for "Summer 2017". Continuous delays followed, but the developers posted semi-regular updates, blaming delays on problems like Hurricane Irma and their main artist leaving. In October the DLC was still not out and the devs stated Echoes would be out in November - but at the same time they were running more crowdfunding campaigns for TTEOTS.

As a BTS fan game, the developers tapped into a large and dedicated worldwide fanbase, so it wasn't a surprise that the two TTEOTS funding campaigns launched in October across Kickstarter and Fundrazr netted over $36,000 in total. From here on Fundrazr was the devs' crowdfunding platform of choice, using its "Keep it all" option where backers' money is sent immediately and campaigns can run forever. By November 2017 TTEOTS's first part had been launched to the public and they created a petition for BigHit to officially recognise the game (9000 signatures and 2k+ comments as of this post), but there were no updates on Echoes or MDSOA's deluxe edition DLC until the end of the month, when both were again delayed until December. Still, as the releases had only been delayed by a month or two each time, it seemed like both games must be near to completion.

Just two weeks later, ADS pushed back Echoes' release date indefinitely, offering a vague promise of 2018, and stated Echoes would now have less content than originally promised - 10 hours' gameplay instead of 15-25. They claimed they would offer refunds to anyone who wanted one but backers were understandably confused and upset, leaving comments expressing their frustration. As 2017 ended, fans were growing deeply concerned.

January - July 2018

After announcing another delay for the MDSOA DLC and receiving a few exasperated responses, the devs posted a backer-exclusive update threatening to forcibly issue refunds to backers whose behaviour they found dissatisfactory and blaming negative comments as the reason for their silences. I was not a backer so don't have a screenshot, but here's part of the text:

We would like to issue a reminder to everyone interacting with us in the community that comments should remain respectful and polite. [...] we ask that the community please keep a positive, welcoming environment instead of the toxic one it's veering into for us - which also makes us reluctant to speak openly about our progress and engage with the community more often. If you feel you cannot do this, or are engaging in abusive language, we do reserve the right to refuse service - this can result processing a refund for your backer number. [...] Part of supporting a project is more than just the financial aspect, but being an encouraging, welcoming presence for the team to come back to and feel comfortable with discussing the development with you in our regular updates. (emphasis added)

Many read this as a threat to stop airing any criticism whatsoever. In the Steam forums, backers dissected the devs' statements and wondered about the legality of TTEOTS, with one user predicting legal trouble was inevitable. (sample comments: one, two, three)

In February, ADS launched another Twitter campaign to promote TTEOTS using the hashtag #BTSxTTEOTS and the account @Trend_TTEOTS. They also hired a new writer, a BTS and TTEOTS fan who had helped promote the game by handing out promo cards at BTS concerts before she was hired. She was set to work on Echoes along with another employee while the most experienced employees, including the CEO, continued work on TTEOTS.

February also brought the release of the deluxe edition DLC for MDSOA, which meant the game was at last considered complete over a year later than promised. Some backers were incredibly frustrated by this point as those who had paid for the full deluxe edition of the game on Kickstarter did not receive any part of the game until the deluxe edition DLC was finished. As the promised release date had been December 2016 at the time of the Kickstarter, backers had certainly not expected such a long and uncertain wait to receive the full game. Some backers had been so dedicated to the game that they had bought the DLC as it came out on Steam on top of backing one or more of the Kickstarters.

As for Echoes, there was little mention of it throughout the first half of 2018, but the devs continued to post regularly about TTEOTS, released the first volume of a TTEOTS graphic novel on ComiXology, and launched additional crowdfunding campaigns on Fundrazr, including:

a project to send gifts to BTS in hopes of receiving official recognition for TTEOTS ($645);

a full length TTEOTS novel (which is still open and currently stands at over $3.5k);

a second campaign to fund TTEOTS development ($4,123);

a campaign to revamp TTEOTS's art ($4,516).

As 2018 rolled on, Echoes backers became angrier at the continued lack of updates and perceived favouritism towards TTEOTS. Those following the devs' social media in hopes of receiving Echoes news were infuriated by the constant stream of TTEOTS-related posts; even the Echoes Kickstarter received an update which featured several lines about TTEOTS and only a cursory mention of Echoes at the end. Despite their claims that half the studio was working on Echoes, their silence about the progress of the game continued and was not well received.

Comments in the Steam forums and elsewhere had by now become much more accusatory. Some backers speculated that the money they'd paid for Echoes had been funneled into TTEOTS instead; some suggested the devs were just opportunists cashing in on BTS's popularity by milking eager fans for money. Since January, numerous Echoes backers had reported difficulty getting the promised refunds (example), often due to unanswered emails and messages, or failed to get any response when asking about backer rewards they were still owed (example).

TTEOTS Premium also launched in late May, swiftly climbing to the #10 Paid Casual app on the Google Play store. Premium included extra content, including exclusive art and the beginnings of romantic content with the characters. For $9.99 Premium players were promised an all-access season pass to all future content up to the game's completion date in December 2018.

With a large fanbase and multiple revenue streams, TTEOTS seemed to be thriving despite the escalating discontent from Mystic Destinies fans.

August - December 2018

Then, in early August, the devs dropped a bombshell: they had been served a cease & desist by BTS's agency, BigHit Entertainment, along with a demand for financial records regarding TTEOTS.

Though TTEOTS was originally a free fan game, BTS's agency may have finally felt a legal line was crossed with the addition of its premium version - presumably they had been aware of the game for some time due to the volume of ADS and ARMY's attempts at contact. Irate Echoes backers experienced a certain schadenfreude at this announcement, with some perceiving it to be the studio's comeuppance. Many had given up on ever getting Echoes and some actively hoped ADS would be sued into bankruptcy.

After the C&D the devs hired legal advice and launched Operation Phoenix, an effort to edit the game's art so characters could not be recognised as BTS, as well as redact all mention of BTS elsewhere to avoid legal repercussions. Some art was updated, but other characters' faces were hidden with masks while new art was being worked on. As many TTEOTS players were ARMYs, some complained about the change or stopped playing entirely, but if anything much of the game's fanbase was bolstered by the crisis. ARMYs sometimes have a contentious relationship with BTS's agency and some felt that BigHit's approach to TTEOTS was not only unfair but set a worrying precedent for other BTS fan works. (At least one fan took to calling the agency 'BigShit'.)

The developers posted two passive aggressive tweets bidding goodbye to those who had abandoned the game due to the C&D and Operation Phoenix and thanking those who stayed.

Not long after, they suddenly began posting developer interviews to promote Echoes' "imminent release" in September 2018, and appeared in the MDSOA Steam forums to lock a discussion thread with over 200 posts which backers had been using for more than a year to discuss and speculate on the Kickstarter problems and, later, the legal situation with TTEOTS. The devs posted a warning against libel and slander and instructed anyone with concerns to email them directly and wait 72 hours for a response instead of posting on the forums. Some commenters felt this was simply an attempt to threaten them into shutting up and hide criticism from the public eye, prompting dozens of outraged comments in response. Several people pointed out they had tried emailing questions or refund requests in the past and never received a reply.

After that, things eventually quieted down for a time. A number of official statements followed on ADS's website between August and October. Echoes was again delayed past September, but many backers had given up caring anyway. The CEO/Creative Director lamented the negativity of Echoes backers, admitted they had made mistakes and stated they would have been homeless if they hadn't started working on TTEOTS. These statements again riled up the posters in the Steam forums for both MDSOA and Echoes, and there were several critical responses to these statements on Kickstarter, but also several supportive responses too. In October they stated Echoes is 80% finished and offered a vague release date of "before the end of the year [2018]".

Come December this began to look increasingly unlikely, and on top of that TTEOTS fans began to grow concerned about the schedule slip and silence regarding Chapter 4 of TTEOTS which was originally scheduled for September, then November, and is still unreleased as of this post (tweet compilations: one, two). While December 2018 had originally been slated as the completion date for TTEOTS, the devs had since announced they planned to continue the game indefinitely in seasons. Echoes backers clearly felt that history was repeating itself for a different group of fans. However, TTEOTS fans appear to mostly still believe in the developers, and some have tweeted defending the devs and urging people not to pressure them for updates.

After a long silence, the CEO of ADS posted a personal blog in mid-December stating that she had struggled to focus on her work ever since a BTS member sustained a minor injury in October that affected his mental state (for reference, "MAMA 2018" refers to Mnet Asian Music Awards, which mainly features Kpop artists, and where BTS won several major awards this year). The post expounded on her many worries about the mental and physical health of BTS members and the effect they had had on her life.

Finally, there was a year-end update on the 24th, pushing back Echoes once again to 2019 and placing blame for the delays on the staff she selected to work on it. Echoes backers were incredulous. Most expressed sympathy for these employees, their consensus being that the CEO had essentially dumped her mess on people with less experience, not given them sufficient help and supervision, and thrown them under the bus to avoid taking responsibility herself. No date was given for future TTEOTS content and she described wanting to "focus less on ADS and more on other solo projects" in 2019.

It is currently unknown if any further legal action will be taken by BigHit, but the development of the amended version of TTEOTS will supposedly continue and the devs' website still contains a link in the navbar to their petition for BTS to officially recognise the game.

Further reading:

Threads on /r/otomegames from backers: one, two

ADS's CEO's thoughts on the creator-fan relationship

Tl;dr (even the tl;dr is long, sorry)

Mystic Destinies

Indie dev studio releases niche game in installments using 3 Kickstarters to fund the 5 routes, a DLC and a sequel. Total funding for all: $24k+, plus preorders, Patreon, & Paypal donations

Developers use copyright strikes to take down two negative Youtube videos about the game, generating a censorship backlash, but revoke the strikes soon after

Continual delays & increasingly long silences about progress. The final DLC was over a year late, the sequel is not out yet (approaching 2 years late) & will be shorter than promised

Backers report extreme difficulty getting refunds, ignored emails & not receiving certain Kickstarter rewards. Irate backers feel valid criticism is being stifled by devs and devs are playing victim

To The Edge of the Sky

During the Mystic Destinies delays, devs began pouring efforts into a free BTS fan game and running numerous social media and crowdfunding campaigns. Funding: $40k+ for the game, $3.5k+ for a novel, $600+ for a gift project, plus Patreon & Paypal donations, revenues from a graphic novel and...

...a premium version of the game is launched in May 2018 with a $9.99 season pass or smaller microtransactions

In August 2018 devs announce they received a cease and desist from BTS's agency and have to hire lawyers, remove all reference to BTS and send financial records to the agency. Angry ex-fans are delighted, some BTS fans abandon the game, others staunchly support the devs.

As of December 2018, development on the formerly BTS-based game has hit delays and long silences but TTEOTS fans remain mostly supportive, the long-delayed MD sequel is delayed again to 2019 with delays blamed on inexperienced employees, Mystic Destinies backers look on with exhaustion and hopelessness.

A Special Declaration: Towards a Culture of Accountability in The Gambia?

Tetevi Davi joins JiC for this post on The Gambia’s recent decision to permit individuals and NGOs direct access to the African Court on Human and Peoples’ Rights – and its implications. Tetevi is a visiting Lincoln’s Inn scholar at the European Court of Human Rights. He regularly writes on the work of the African Court and other regional courts in Africa and is a consultant for the African Foundation of International Law.

Gambia President Adama Barrow following his return to the country and his electoral victory (Photo: EPA)

On 23 October 2018, the Republic of The Gambia deposited its special declaration with the African Court on Human and Peoples’ Rights (‘the Court’). For those who may be unfamiliar with this process, in addition to ratifying the African Charter on Human and Peoples’ Rights (‘ACHPR’) and theProtocol to the Charter, states must also deposit an additional or “special” declaration with the Court in order to allow it to receive applications directly from individuals and NGOs. The African Court on Human and Peoples’ Rights is a continental court that was established by the African Union in 1998 to ensure the protection of human rights in Africa. With the deposition of its declaration, The Gambia becomes the 9th country to permit individuals and NGOs direct access to the Court, following Tunisia, which deposited its declaration in April 2017. A host of interesting implications arise from The Gambia’s deposition of its special declaration.

Growing State Engagement with the Court?

To begin with, it can be argued that The Gambia’s decision to deposit its declaration reflects an increasing willingness of African states to engage with the Court. Although the number of declarations that have been deposited is still low overall, it has recently grown at an increased pace, with 3 out of the 9 states who have deposited their declarations (Benin, Tunisia, The Gambia) having done so since 2016. Prior to this, only 6 declarations had been deposited over the span of almost 20 years. Whilst there was concern that Rwanda’s withdrawal of its 2013 declaration in the wake of the Ingabire affair  would lead to more states following suit, it appears that the reverse has been true, with three more nations depositing their declarations since then. In addition to this, the Court has been coordinating awareness-raising missions with a growing number of African states, which again is indicative of their increasing willingness to engage.

Whilst states’ improved engagement with the Court can be said to be a positive development, any optimism must be tempered by the persistent problem of the weak implementation of the Court’s judgments at the domestic level. The Court’s judgments are binding on states and its Protocol places an obligation on them to execute these judgments. Despite this, the Court’s most recent report on the status of implementation of its judgments shows that, in the majority of cases, states have either outright refused to comply with its rulings or have offered no update on the status of implementation. It is not sufficient for states to provide access to the Court for individuals and NGOs without redressing violations once they have been identified. Much more needs to be done, both by states and also by the African Union at an institutional level, to ensure that Court judgments are complied with.

Shift Towards a Culture of Accountability in The Gambia?

The Gambia’s deposition of its special declaration can also be seen as a manifestation of its desire to bring an end to the culture of impunity which existed during the 22 year rule of former President, Yahya Jammeh. Large-scale human rights abuses are reported to have been committed under the Jammeh regime including extra-judicial killings, torture, rape, and enforced disappearances. The nation’s media were also silenced through a campaign of violence and repressive laws. This repression led to a landmark judgment of the ECOWAS Court in 2015, in which it held that The Gambia’s sedition and libel laws, which had been principally used to stifle the media, were a violation of the right to freedom of expression enshrined in the African Charter, the International Covenant on Civil and Political Rights and in the Revised ECOWAS Treaty. In addition to these egregious human rights violations, it must be recalled that in 2016 The Gambia was on the verge of leaving the International Criminal Court, having notified its decision to withdraw from the Rome Statute to the Secretary-General of the United Nations. This move was interpreted by many as a flagrant attempt to shield the presidentfrom international prosecution for gross human rights abuses, as opposed to being based on any legitimate gripes with the ICC’s functioning. Since the election of Adama Barrow on 1 December 2016, it has been reported that the human rights climate in The Gambia has improved immensely. Dozens of individuals imprisoned by the former regime, including several politicians and journalists, have been released, and the judiciary has been significantly reformed with a view to promoting independence. In October 2018, the country launched its Truth, Reconciliation and Reparations Commission, which is charged with documenting human rights violations committed from 1994 to 2017 and overseeing the award of reparations to victims, in addition to making recommendations for prosecutions. It is yet to be seen whether this Truth Commission will be effective, but this appeal to restorative justice could have a substantial impact and arguably demonstrates the government’s willingness to address the nation’s fraught past. Two additional initiatives of the Barrow government are of note: the creation of a national Human Rights Commission and Constitutional Review Commission.

Whilst many reports on the work of the Barrow government are positive, the new government also faces criticism. Of particular cause for concern has been its treatment of soldiers from the former regime, a number of whom have remained imprisoned without trial since 2017.  The Barrow government has also been criticised for having not yet amended a law which impinges on the freedom of assembly by requiring people to have a permit to attend public rallies.

Sharia Law v International Law: Another Showdown on the Horizon?

Whilst the new Barrow government officially reversed the decision taken by Jammeh in 2015 to declare The Gambia an Islamic Republic, Islam is still the dominant religion within the country and The Gambia’s Constitutionprovides that Shariah law governs matters of marriage, divorce and inheritance amongst members of the communities to which it applies. It must be recalled that in the recent case of APDH v Mali (which I discussed here) the Court held that domestic religious law regarding the rights of women must be disapplied to the extent that it conflicts with the rights provided for in international human rights treaties ratified by states. Like Mali, The Gambia has signed and ratified the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Women in Africa (‘Maputo Protocol’), the Convention on the Elimination of all forms of Discrimination Against Women (‘CEDAW’) and, in 2010, the Women’s Act 2010 came into force, which incorporates these treaties directly into Gambian Law. Whilst the Act seems to provide a comprehensive set of rights to women in line with those set out in these treaties, it is of note that several of its provisions, for example Article 45 dealing with the right of inheritance for sons and daughters, make such rights expressly subject to personal law, which for the vast majority of Gambians is Shariah law.  It will be interesting to see whether, now that individuals and NGOs can access the Court directly, a similar action to that in the APDH v Mali case will be brought before the Court challenging the application of this law in family matters in The Gambia.

For those who desire to see a greater level of human rights protection on the African Continent, the deposition of The Gambia’s special declaration is a welcome development. Now, not only individuals but also NGOs, with greater resources and expertise, will be able to bring claims before the Court alleging a violation of any human rights treaty that The Gambia has ratified. This is a large step towards accountability for the nation and, should The Gambia faithfully implement any potential rulings against it, it will be yet another sign that the country is ready to turn the page from an oppressive and tumultuous chapter in its history. This news is also encouraging from a broader perspective, in that it demonstrates that more nations are engaging with the Court. As always, however, greater efforts need to be made towards ensuring implementation so that any perceived progress is not merely illusory.

Cyber Security Roundup for January 2018

2018 started with a big security alert bang after Google Security Researchers disclosed serious security vulnerabilities in just about every computer processor in use on the planet. Named 'Meltdown' and 'Spectre’, when exploited by a hacker or malware, these vulnerabilities disclose confidential data. As a result, a whole raft of critical security updates was hastily released for computer and smartphone operating systems, web browsers, and processor drivers. While processor manufacturers have been rather lethargic in reacting and producing patches for the problem, software vendors such as Microsoft, Google and Apple have reacted quickly, releasing security updates to protect their customers from the vulnerable processors, kudos to them.

The UK Information Commission's Office (ICO) heavily criticised the Carphone Warehouse for security inadequacies and fined the company £400K following their 2015 data breach, when the personal data, including bank details, of millions of Carphone Warehouse customers, was stolen by hackers, in what the company at the time described as a "sophisticated cyber attack", where have we heard that excuse before? Certainly the ICO wasn't buying that after it investigated, reporting a large number Carphone Warehouse's security failures, which included the use of software that was six years out of day,  lack of “rigorous controls” over who had login details to systems; no antivirus protection running on the servers holding data, the same root password being used on every individual server, which was known to “some 30-40 members of staff”; and the needless storage of full credit card details. The Carphone Warephone should thank their lucky stars the breach didn't occur after the General Data Protection Regulation comes into force, as with such a damning list of security failures, the company may well have been fined considerably more by ICO, when it is granted vastly greater financial sanctions and powers when the GDPR kicks in May.

The National Cyber Security Centre warned the UK national infrastructure faces serious nation-state attacks, stating it is a matter of a "when" not an "if". There also claims that the cyberattacks against the Ukraine in recent years was down to Russia testing and tuning it's nation-state cyberattacking capabilities. 

At the Davos summit, the Maersk chairman revealed his company spent a massive £200m to £240m on recovering from the recent NotPeyta ransomware outbreak, after the malware 'totally destroyed' the Maersk network. That's a huge price to pay for not regularly patching your systems.

It's no surprise that cybercriminals continue to target cryptocurrencies given the high financial rewards on offer. The most notable attack was a £290k cyber-heist from BlackWallet, where the hackers redirected 700k BlackWallet users to a fake replica BlackWallet website after compromising BlackWallet's DNS server. The replica website ran a script that transferred user cryptocurrency into the hacker's wallet, the hacker then moved currency into a different wallet platform.

In the United States, the Federal Trade Commission (FTC) fined toy firm VTech US$ 650,000 (£482,000) for violating a US children's privacy laws. The FTC alleged the toy company violated (COPPA) Children's Online Privacy Protection Rule by collecting personal information from hundreds of thousands of children without providing direct notice.

It was reported that a POS malware infection at Forever21 and lapses in encryption was responsible for the theft of debit and credit card details from Forever21 stores late last year. Payment card data continues to be a high valued target for cyber crooks with sophisticated attack capabilities, who are willing to invest considerable resources to achieve their aims.

Several interesting cybersecurity reports were released in January,  the Online Trust Alliance Cyber Incident & Breach Trends Report: 2017 concluded that cyber incidents have doubled in 2017 and 93% were preventable. Carbon Black's 2017 Threat Report stated non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite the proliferation of malware available to both the professional and amateur hackers. Carbon Black also reported that ransomware attacks are inflicting significantly higher costs and the number of attacks skyrocketed during the course of the year, no surprise there.  

Malwarebytes 2017 State of Malware Report said ransomware attacks on consumers and businesses slowed down towards the end of 2017 and were being replaced by spyware campaigns, which rose by over 800% year-on-year. Spyware campaigns not only allow hackers to steal precious enterprise and user data but also allows them to identify ideal attack points to launch powerful malware attacks. The Cisco 2018 Privacy Maturity Benchmark Study claimed 74% of privacy-immature organisations were hit by losses of more than £350,000, and companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks.

NEWS

Meltdown & Spectre: Critical Intel, AMD and ARM Processor Vulnerabilities

ICO fines £400,000 fine on Carphone Warehouse following 2015 Data Breach

Forever 21 Blames Malware & Lapses in Encryption, for Payment Card Compromise

Major UK Infrastructure Cyberattack is 'When, not If' the National Cyber Security Centre

Hackers steal $400,000 (£290,000) BlackWallet Crypto-Currency after DNS Hack

NotPetya Attack Totally Destroyed Maersk's Computer Network

US FTC fines VTech Toy Firm over Data Breach

Sensitive Medical Records on AWS (Cloud) Bucket found to be Publicly Accessible

Meltdown & Spectre Vulnerability & Patching Details

Microsoft releases 16 Security Updates for IE/Edge, .NET, SQL, Office, & Windows

Apple releases updates for Safari, iOS, watchOS and macOS

Adobe releases fix for Flash Player

Cisco warns of a Critical Vulnerability in its SSL VPN solution

Cisco Security Updates nix high-impact DoS and Privilege Escalation Bugs

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

CrossRAT: Advanced APT Undetectable Malware Globally Targeting all OS Platforms

Necurs Botnet launches Massive 47 million emails per day Campaign

CryptoMix Ransomware variant carries new ‘.tastylock’ Extension

Satori Creator linked with new Mirai variant Masuta

REPORTS

Cyber Breach Trends Report: 2017 Cyber-incidents Doubled, 93% preventable

Carbon Black Report 2017 Threat Report

Netscout Annual Worldwide Infrastructure Security Report: DDoS Complexity Rising

Malwarebytes 2017 State of Malware Report: Spyware increasing

Cisco 2018 Privacy Maturity Benchmark Study

The post Cyber Security Roundup for January 2018 appeared first on Security Boulevard.

from Cyber Security Roundup for January 2018