Ukraine Blocks a Russian Hack, a Silk Road Arrest, and More Security News This Week
Credit to Author: Brian Barrett| Date: Sat, 14 Jul 2018 13:00:00 +0000
After four months of relative quiet from the special counsel's office, Robert Mueller Friday indicted a dozen Russians for their role in hacking the DNC, DCCC, and the presidential campaign of Hillary Clinton. It's unlikely they'll ever actually get arrested, but it's safe to say we know a lot more about Russian intelligence than we did last week.
And speaking of Russian intelligence, this week it also became apparent that Facebook gave Russian internet giant Mail.ru a two-week extension on curtailing its invasive data practices back in 2015. Facebook says it hasn't found any misuse by Mail.ru, but, you know. Not ideal.
There was impactful news stateside as well; 3-D gun pioneer Cody Wilson won a long-gestating lawsuit against the US, meaning he's now allowed to distribute his designs freely. Human Rights Watch dug into how the US has distributed so-called spy phones to suspects that are either preloaded with surveillance malware, or that have encryption keys that law enforcement hangs onto.
Apple, meanwhile, messed up its China-friendly censorship of the Taiwanese flag emoji, crashing at least one iPhone owner's phone every time she tapped it or received it in a message. And while we're talking Apple, here are all the ways iOS 12 will make you and your iPhone safer. You're going to need them, if the second half of 2018 has cybersecurity failures half as bad as the year has seen so far. Let's hope none of them will be traced back to China likely having a heads up about Meltdown and Spectre before the US government did.
There's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Ukrainian security services this week said they stopped an attempted cyberattack against a chlorine distribution plant. Russia has repeatedly targeted Ukraine, including devastating attacks on its power grid. In this case, Russian hackers apparently used VPNFilter malware—the same that infected half a million routers in May—to try to disrupt the operations at the plant, which provides clean water throughout the country. Ukraine didn't offer many details about how exactly it thwarted the attack, but did say it headed off "possible catastrophic consequences."
To say that selling spyware is a controversial practice is a bit of an understatement, given that enables stalkers and abusers. Which is one reason why, as Motherboard notes, those companies have of late become popular hacker targets. This time, a company called SpyHuman was breached, including text messages and the details of 440,000,000 calls. The SpyHuman site also has an apparent security flaw that allowed hackers to read a stream of SMS messages from strangers.
The dark web! It's not just for drugs and body parts. A hacker reportedly tried to sell maintenance documents for the MQ-9 Reaper drone, that they'd apparently stolen from an Air Force officer. As fun and alarming as what he was selling is how he obtained it. According to cybersecurity firm Recorded Future, the hacker simply went hunting for Netgear routers that hadn't patched a known vulnerability. The attempted sale was for $150, a pretty good bargain closely kept military tech.
Nearly a month after alleged Silk Road consigliere Roger Clark was extradited from Thailand, the Justice Department on Friday announced that it has also extradited Gary Davis, whom it says was known as "Libertas" on the notorious dark web marketplace. "Gary Davis allegedly served as an administrator who helped run the Silk Road, a secret online marketplace for illegal drugs, hacking services, and an assortment of other criminal activities," the DOJ said in a press release announcing the extradition. Davis faces charges conspiracy to distribute narcotics, conspiracy to commit computer intrusion, conspiracy to commit money laundering, all of which come with hefty sentencing guidelines.