Dutch Spies Snooped on Russia’s Elite Hackers, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 27 Jan 2018 13:00:00 +0000
This week’s security news featured a healthy blend of politics, hacks, and the looming threat of apocalypse. What more could one hope for!
The Doomsday Clock, which the Bulletin of Atomic Scientists uses to measure how close humanity sits to its own destruction, ticked 30 seconds closer to midnight this week. We’re now at two minutes to doom, the closest we’ve been in decades. And speaking of doom, if you bought drugs on the Silk Road with bitcoin way back when, you may not have been as sneaky as you thought.
But you know who is sneaky? Congressman Devin Nunes, who has continued his absurd misdirection on FISA in service of the Trump White House, this time with a thoroughly disingenuous #ReleaseTheMemo campaign. Intel and others also missed the mark with their initial confidence in Meltdown and Spectre patches, which have by and large turned out to be a train wreck.
Tinder got in trouble this week for not encrypting images in its apps, a surprising omission of HTTPS that exposes users to relatively straightforward snooping. In a fun coincidence, we also highlighted a new app called Pixek, which wants to encrypt stored photos so thoroughly that not even the server they’re hosted on can see them.
In the first of a pair of scoops, WIRED’s Issie Lapowsky revealed that the DNC has hired former Yahoo security head—don’t worry, he got there after the hacks—Bob Lord as its first chief security officer. And in the other, we reported that at least one Facebook staffer has been interviewed by special counsel Robert Mueller’s team.
And there's more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Cozy Bear is one of Russia's elite hacking groups, in part responsible for the hack of the DNC in 2016 in an effort to influence the presidential campaign. They also, according to Dutch media reports, had been spied on by Dutch intelligence agents for at least a year. The observed the Russian hackers attempting to infiltrate both the State Department and the White House, and informed the NSA about the intrusions.
That free copy of Michael Wolff's Fire and Fury, an insider account of the first year of the Trump White House, might not be worth it. Some malware researchers have observed malware implanted in some PDFs of the book that have circulated, apparently targeting the type of Washington insiders that could potentially provide high-value information, and be titillated by the prospect of free stuff. Better to wait for the inevitable movie like everyone—just don't torrent it.
A fundamental appeal of cryptocurrency markets seems like it should be privacy and security. And yet! The Initial Coin Offering process, in which money is raised to support new currencies, has proven an extremely fruitful target for hackers, according to an Ernst & Young study released this week. An estimated $400 million has been plundered from ICOs, a little more than 10 percent of the $3.7 billion raised during the course of the study. The most popular means of attack, as always, was phishing. So remember, kids: Don't click on suspicious links, and don't mess with ICOs.
Security researchers at Duo Labs discovered that Bluetooth vulnerabilities personal safety devices from Wearsafe and Revolar left their users exposed to tracking from a distance. That Bluetooth can be used to track someone shouldn't be all that surprising, but the concern here centers more around the types of devices in question, as they're used to signal to friends that you're in some sort of distress. Presumably that means owners are already more sensitive to being followed, tracked, or surveilled.