In a stunning new study, researchers at UC San Diego and the University of Maryland revealed this week that satellites are leaking a wealth of sensitive data completely unencrypted, from calls and text messages on T-Mobile to in-flight Wi-Fi browsing sessions, to military and police communications. And they did this with just $800 in off-the-shelf equipment.
Face recognition systems are seemingly everywhere. But what happens when this surveillance and identification technology doesn’t recognize your face as a face? WIRED spoke with six people with facial differences who say flaws in these systems are preventing them from accessing essential services.
Authorities in the United States and United Kingdom announced this week the seizure of nearly 130,000 bitcoins from an alleged Cambodian scam empire. At the time of the seizure, the cryptocurrency fortune was worth $15 billion—the most money of any type ever confiscated in the US.
Control over a significant portion of US election infrastructure is now in the hands of a single former Republican operative, Scott Leiendecker, who just purchased voting machine company Dominion Voting Systems and owns Knowink, an electronic poll book firm. Election security experts are currently more baffled about the implications than worried about any possibility of foul play.
While a new type of attack could let hackers steal two-factor authentication codes from Android phones, the biggest cybersecurity development of the week was the breach of security firm F5. The attack, which was carried out by a “sophisticated” threat actor reportedly linked to China, poses an “imminent threat” of breaches against government agencies and Fortune 500 companies. Finally, we sifted through the mess that is VPNs for iPhones and found the only three worth using.
But that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
“The Com” Hackers Leak Personal Info of Hundreds of DHS, ICE, DOJ, and FBI Officials
In recent years, perhaps no single group of hackers has caused more mayhem than “the Com,” a loose collective of mostly cybercriminal gangs whose subgroups like Lapus$ and Scattered Spider have carried out cyberattacks and ransomware extortion operations targeting victims from MGM Casinos to Marks & Spencer grocery stores. Now they’ve turned their sites to US federal law enforcement.
On Thursday, one member of the Com’s loose collective began posting to Telegram an array of federal officials’ identifying documents. One spreadsheet, according to 404 Media, contained what appeared to be personal information of 680 Department of Homeland Security officials, while another included personal info on 170 FBI officials, and yet another doxed 190 Department of Justice officials. The data in some cases included names, email addresses and phone numbers, and addresses—in some cases of officials’ homes rather than the location of their work. The user who released the data noted in their messages a statement from the DHS that Mexican cartels have offered thousands of dollars for identifying information on agents, apparently mocking this unverified claim.
“Mexican Cartels hmu we dropping all the doxes wheres my 1m,” the user who released the files wrote, using the abbreviation for “hit me up” and seemingly demanding a million dollars. “I want my MONEY MEXICO.”
Secret FBI Task Force Planned to Disrupt Ransomware Group Inside Russia, Reports Claim
Over the last year—at least—the FBI has operated a “secret” task force that may have worked to disrupt Russian ransomware gangs, according to reports published this week in France’s Le Monde and Germany’s Die Zeit. The publications allege that at the end of last year, the mysterious Group 78 presented its strategy to two different meetings of European officials, including law enforcement officials and those working in judicial services. Little is known about the group; however, its potentially controversial tactics appeared to spur typically tight-lipped European officials to speak out about Group 78’s existence and tactics.
At the end of last year, according to the reports, Group 78 was focusing on the Russian-speaking Black Basta ransomware gang and outlined two approaches: running operations inside Russia to disrupt the gang’s members and try to get them to leave the country; and also to “manipulate” Russian authorities into prosecuting Black Basta members. Over the last few years, Western law enforcement officials have taken increasingly disruptive measures against Russian ransomware gangs—including infiltrating their technical infrastructure, trying to ruin their reputations, and issuing a wave of sanctions and arrest warrants—but taking covert action inside Russia against ransomware gangs would be unprecedented (at least in public knowledge). The Black Basta group has in recent months gone dormant after 200,000 of its internal messages were leaked and its alleged leader identified.
ICE Division and Secret Service Had Access to AI License Plate Cameras
Over the last few years, AI-powered license plate recognition cameras—which are placed at the side of the road or in cop cars—have gathered billions of images of people’s vehicles and their specific locations. The technology is a powerful surveillance tool that, unsurprisingly, has been adopted by law enforcement officials across the United States—raising questions about how access to the cameras and data can be abused by officials.
This week, a letter by Senator Ron Wyden revealed that one division of ICE, the Secret Service, and criminal investigators at the Navy all had access to data from the cameras of Flock Safety. “I now believe that abuses of your product are not only likely but inevitable, and that Flock is unable and uninterested in preventing them,” Wyden’s letter addressed to Flock says. Wyden’s letter follows increasing reports that government agencies, including the CBP, had access to Flock’s 80,000 cameras. “In my view,” Wyden wrote, “local elected officials can best protect their constituents from the inevitable abuses of Flock cameras by removing Flock from their communities.”
Elsewhere this week, Flock announced it was partnering with Amazon’s Ring, which makes video doorbells, to allow agencies that use Flock to request Ring customers share footage with them.
Mystery of the CIA’s Kryptos Sculpture Finally Solved—Thanks to the Smithsonian’s Archive
For 35 years, the Kryptos sculpture that sits in a courtyard of the CIA’s headquarters has beguiled cryptographers with a message enciphered in its rows of lettering that no one has been able to fully solve for decades—until now. Two men, Jarett Kobek and Richard Byrne, finally cracked the puzzle with the help of documents they found in the Smithsonian Archive that revealed the solution, The New York Times reports. Now they’re in a strange dispute with the sculpture’s owner, Jim Sanborn, who confirmed their answer but also asked them not to reveal it ahead of an upcoming auction that will sell the solution to the highest bidder in an effort to raise money for charity and his own potential medical expenses. The two solvers assured Sanborn they wouldn’t publicly reveal the solution, but Sanborn nonetheless asked them to sign a nondisclosure agreement, and the auction house holding the auction sent them an email threatening legal action if they disclose the answer. Both men say they’ve had to lawyer up in response. We at WIRED offer a humble solution: Kobek and Byrne post a cryptographic hash of the answer online—an irreversible but replicable mathematical conversion of the text that they can later use to prove they knew the answer without revealing it to anyone now—then sign the NDA, and everyone goes home happy.
North Korean Hackers Are Hiding Malware in Ethereum’s Blockchain
For years, North Korean state-sponsored hackers have targeted cryptocurrency users and companies, stealing billions that have been funneled into the Kim regime. Now they’re using one of crypto’s own blockchains as part of their hacking toolkit. Security researchers at Google this week revealed that North Korean hackers have been using a technique known as “EtherHiding” to host their malware, storing their malicious code in a smart contract on Ethereum’s blockchain—which, unlike Bitcoin’s, can host and run code in the blockchain’s distributed network of computers. When a victim is tricked into opening a file sent by the hackers, the file pulls down crypto-stealing malware hosted on Ethereum’s blockchain, where it’s harder to remove or defend against than on a traditional server. Google says it’s the first time the company has seen the technique used by state-sponsored cybercriminals.
