In a stunning new study, researchers at UC San Diego and the University of Maryland revealed this week that satellites are leaking a wealth of sensitive data completely unencrypted, from calls and text messages on T-Mobile to in-flight Wi-Fi browsing sessions, to military and police communications. And they did this with just $800 in off-the-shelf equipment.
Face recognition systems are seemingly everywhere. But what happens when this surveillance and identification technology doesn’t recognize your face as a face? WIRED spoke with six people with facial differences who say flaws in these systems are preventing them from accessing essential services.
Authorities in the United States and United Kingdom announced this week the seizure of nearly 130,000 bitcoins from an alleged Cambodian scam empire. At the time of the seizure, the cryptocurrency fortune was worth $15 billion—the most money of any type ever confiscated in the US.
Control over a significant portion of US election infrastructure is now in the hands of a single former Republican operative, Scott Leiendecker, who just purchased voting machine company Dominion Voting Systems and owns Knowink, an electronic poll book firm. Election security experts are currently more baffled about the implications than worried about any possibility of foul play.
While a new type of attack could let hackers steal two-factor authentication codes from Android phones, the biggest cybersecurity development of the week was the breach of security firm F5. The attack, which was carried out by a “sophisticated” threat actor reportedly linked to China, poses an “imminent threat” of breaches against government agencies and Fortune 500 companies. Finally, we sifted through the mess that is VPNs for iPhones and found the only three worth using.
But that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
In recent years, perhaps no single group of hackers has caused more mayhem than “the Com,” a loose collective of mostly cybercriminal gangs whose subgroups like Lapus$ and Scattered Spider have carried out cyberattacks and ransomware extortion operations targeting victims from MGM Casinos to Marks & Spencer grocery stores. Now they’ve turned their sites to US federal law enforcement.
On Thursday, one member of the Com’s loose collective began posting to Telegram an array of federal officials’ identifying documents. One spreadsheet, according to 404 Media, contained what appeared to be personal information of 680 Department of Homeland Security officials, while another included personal info on 170 FBI officials, and yet another doxed 190 Department of Justice officials. The data in some cases included names, email addresses and phone numbers, and addresses—in some cases of officials’ homes rather than the location of their work. The user who released the data noted in their messages a statement from the DHS that Mexican cartels have offered thousands of dollars for identifying information on agents, apparently mocking this unverified claim.
“Mexican Cartels hmu we dropping all the doxes wheres my 1m,” the user who released the files wrote, using the abbreviation for “hit me up” and seemingly demanding a million dollars. “I want my MONEY MEXICO.”
Over the last year—at least—the FBI has operated a “secret” task force that may have worked to disrupt Russian ransomware gangs, according to reports published this week in France’s Le Monde and Germany’s Die Zeit. The publications allege that at the end of last year, the mysterious Group 78 presented its strategy to two different meetings of European officials, including law enforcement officials and those working in judicial services. Little is known about the group; however, its potentially controversial tactics appeared to spur typically tight-lipped European officials to speak out about Group 78’s existence and tactics.
At the end of last year, according to the reports, Group 78 was focusing on the Russian-speaking Black Basta ransomware gang and outlined two approaches: running operations inside Russia to disrupt the gang’s members and try to get them to leave the country; and also to “manipulate” Russian authorities into prosecuting Black Basta members. Over the last few years, Western law enforcement officials have taken increasingly disruptive measures against Russian ransomware gangs—including infiltrating their technical infrastructure, trying to ruin their reputations, and issuing a wave of sanctions and arrest warrants—but taking covert action inside Russia against ransomware gangs would be unprecedented (at least in public knowledge). The Black Basta group has in recent months gone dormant after 200,000 of its internal messages were leaked and its alleged leader identified.
Over the last few years, AI-powered license plate recognition cameras—which are placed at the side of the road or in cop cars—have gathered billions of images of people’s vehicles and their specific locations. The technology is a powerful surveillance tool that, unsurprisingly, has been adopted by law enforcement officials across the United States—raising questions about how access to the cameras and data can be abused by officials.
This week, a letter by Senator Ron Wyden revealed that one division of ICE, the Secret Service, and criminal investigators at the Navy all had access to data from the cameras of Flock Safety. “I now believe that abuses of your product are not only likely but inevitable, and that Flock is unable and uninterested in preventing them,” Wyden’s letter addressed to Flock says. Wyden’s letter follows increasing reports that government agencies, including the CBP, had access to Flock’s 80,000 cameras. “In my view,” Wyden wrote, “local elected officials can best protect their constituents from the inevitable abuses of Flock cameras by removing Flock from their communities.”
