The Rick Gates Plea, an Apple Watch Mess, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 24 Feb 2018 14:00:00 +0000
Robert Mueller's indictment of Russia's Internet Research Agency—also known as the "troll factory"—feels like years ago at this point. It's only been a week! And we took a deep dive into what it really says about Russia's propaganda efforts during the 2016 presidential campaign and beyond. Trump campaign advisor Rick Gates has also copped a plea deal with Mueller's team—which could have big implications for the investigation going forward.
We also got a rare look inside the toolkit of an up and coming North Korean hacking group, called APT37, which has recently started to branch out beyond targeting just its neighbors to the south. Meanwhile, cryptojacking struck once more, this time glomming onto Tesla's public cloud to mine cryptocurrency. The silver lining? While sensitive data was apparently exposed, the hackers don't appear to have pilfered any of it.
For whatever the inverse of a silver lining is, we look to US Customs and Border Protection, which has required RFID chips in passports for over a decade but never got around to installing the software that verifies the cryptographic signature, making forgeries and tampering potentially easier. And did you know that Facebook makes some users download antivirus software? It's true! And weird! And not ideal!
And while it's a rarity, there also was some good news this week. WhatsApp co-founder Brian Acton has infused $50 million into Signal, the gold standard for encrypted messaging, which should secure its viability for years to come.
And there's more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Since October of last year, devices at an Apple repair center in Elk Grove, California have called 911 an average of 20 times a day, for a total of about 1600 dials, according to a local CBS affiliate. Apple acknowledged the issue in a statement, saying, "We take this seriously and we are working closely with local law enforcement to investigate the cause and ensure this doesn’t continue." That investigation likely won't take long; the Apple Watch automatically calls 911 if you hold the side button down for several seconds. Tapping the side button of your iPhone five times in succession does the same, if you're on iOS 11. Those features are obviously helpful to people in legitimate danger. But unless Apple can wrangle its Elk Grove process to stop the influx of false alarms, it may end up blocking actual calls from getting through.
Here's a novel way to launder money, as reported by Krebs on Security: Use a computer to generate about 60 pages' worth of text. Slap a title and cover on it and toss it in the Kindle Store under someone else's identity. Charge several hundred dollars for it. Buy it dozens of times with stolen credit cards, pocketing the 60 percent cut that Amazon shares with authors, and sticking the person whose name you stole with the tax bill. It sounds a little convoluted, but no more than your average John Barth short story. And in the case reported by Krebs, the scammers were able to successfully launder $24,000.
Consumer spyware is a bit of a scourge, as Motherboard has covered extensively. It becomes potentially even more alarming, though, when those consumers also happen to work for the FBI, DHS, or ICE. According to hacked data from spyware provider Mobistealth, people with email addresses from those and other law enforcement organizations have purchased the so-called stalkerware, as well as at least 40 members of the US Army.
Cryptographic certificates are an important part of internet security; they let your computer know that any given piece of software comes from the company it claims to. This week, researchers at Recorded Future released research that shows the market for counterfeit certificates jumped starting last year. The concern here is more over niche or targeted operations, given the expense of a fake, but the results can be vicious, tricking antivirus protections into thinking an intruder is legitimate.