Security News This Week: Julian Assange Has Lost His Internet Privileges
Credit to Author: Wired Staff| Date: Sat, 31 Mar 2018 13:00:00 +0000
After weeks of unrelenting chaos, the cybersecurity world took a little bit of a breather. Well, relatively, anyway. There was still one of the bigger data breaches in recent memory, compliments of UnderArmour.
The sportswear company's MyFitnessPal apps suffered a breach of 150 million users' data, including names and passwords. And while Under Armour says "the majority" of the latter were protected by powerful hashing, some were barely protected at all, making the potential impact of the hack that much worse.
But hey, everyone makes mistakes, including the world’s most elite hackers—just ask the Russian intelligence agent behind the Guccifer 2.0 persona, whose failure to use a VPN just once outed him as GRU. Or ask people who used Monero in the early days and put too much faith in its privacy protections, which a new study says aren’t as robust as they seemed, especially before a recent update. Or even ask Facebook, which left a privacy setting active for years that didn’t actually do anything. Or the City of Atlanta, which is still dealing with the fallout of a ransomware attack from over a week ago. What a world!
At least some people are getting it right, or trying to. Facebook detailed a few efforts to safeguard the election, although the social network still has a long way to go. And the trainees at Fort Gordon are learning how to fight the next generation of cyberwars. One thing they’ll need to be aware of? How jihadists are increasingly using steganography to send covert messages, through an unfortunately named app called MuslimCrypt.
But, wait, there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Ecuador may have granted Julian Assange asylum in its London embassy for the last six years. But it seems to be growing tired of granting him access to the Wifi. Earlier this week the embassy officially cut off his internet connection, saying that he had violated a written agreement with the Ecuadorean government that he would cease meddling in world affairs. That move followed Assange's repeated comments in his twitter feed in support of Spain's Catalan independence movement, including one tweet comparing the current Spanish government to Franco's 1940s fascist regime and the German government—which may extradite the leader of the Catalan separatist movement—to the Nazis. That may have seriously ruffled political feathers, given Ecuador's close relations with Spain. And another tweet from Assange casting doubt on Russia's involvement in the nerve gas attack on Russian defector Sergei Skripal may not have helped the matter. Of course, censoring Assange hasn't proven to be so easy. Ecuador previously cut his internet access ahead of the 2016 election, too, in response to WikiLeaks' publication of leaked emails from the Hillary Clinton campaign, and yet WikiLeaks' document dumps and tweets continued. Based solely on some telltale typos in WikiLeaks' recent tweets—Assange is a notorious misspeller—he may have at one point found a connection to the outside world in the days after his ban. Subsequent reports of radio jamming equipment in the embassy, however, may have complicated his censorship circumvention.
Nearly a year has passed since the WannaCry ransomware worm ripped through the internet, encrypting hundreds of thousands of victim computers using a stolen NSA hacking technique. So when reports surfaced this week that Boeing was hit with that now-outdated malware, security researchers were left scratching their heads. Certainly Boeing was in fact struck with a serious ransomware attack based on a leaked memo that described its response as an "all hands on deck" situation. But WannaCry's spread was almost entirely ended in May of last year when British security researcher Marcus Hutchins registered a web domain that activated a "kill switch" in the worm's code. Just how—or whether—Boeing could still be infected by that largely neutered malware remains unknown. Some researchers have pointed out that if part of Boeing's network was cut off from the public internet, it could have prevented a WannaCry infection from reaching the kill switch domain and prevented the malware's shutdown. Or it's just as possible that reports have confused a more run-of-the-mill ransomware infection with a name-brand one that made headlines nearly a year ago.
The Carbanak gang has terrorized ATMs for years, bleeding over a billion dollars out of the money machines over the last five years. But EU law enforcement officials say they've finally caught the group's leader in Spain. The spree spanned 100 financial institutions across 40 countries, with tailored malware enabling the Carbanak to walk away with up to $12 million per heist. As with so many major upsetments these days, the modus operandi started with a spear-phishing email that gave them remote access to bank employee computers. From there, they instructed the ATMs to spit out the cash.
Malware managed to sneak into the Play Store (again), this time landing on at least 500,000 devices before getting caught. The family of malicious apps were disguised as QR code readers and at least one compass, but had a hidden payload that pushed bad ads to the victim's smartphone. It's yet another reminder to be careful with what you put on your phone, even if it is from the official app store—and of why it's so hard for Google to keep this sort of thing from happening.