Cops Take Over a Botnet to Clear Malware Off Nearly a Million PCs

Credit to Author: Brian Barrett| Date: Sat, 31 Aug 2019 12:00:00 +0000

Attacking Iran, a web host data breach, and more of the week's top security news.

The week may have started relatively quiet, but it ended with a shock: Google security researchers revealed Thursday night that it had observed a hacking campaign that hit thousands of iPhones, completely upending conventional wisdom about iOS security. Apple patched the problem in February, but it had persisted for at least two years prior. So, yikes!

In another concerning development, security researchers at Belgian university KU Leuven discovered that they could crack the encryption of a Tesla Model S key fob, letting them clone it within seconds. That's bad enough as it is, but made a little worse by this being the second year in a row the KU Leuven team pulled off this particular trick. The key fobs Tesla made available last year to help fix the problem held up only slightly better to a similar attack. This time, though, Tesla's pushing out an over-the-air fix that should shore up both the car's locking mechanism and the fob itself. Until next year, at least.

Meanwhile, Donald Trump has at this point repeatedly denied a report in Axios that he earnestly proposed dropping a nuclear bomb into the eye of a hurricane. But if he did happen to float the idea, he wouldn't have been anywhere near the first. WIRED contributor Garrett Graff traced the long-standing tradition, dating back to the Atomic Age, of scientists suggesting nuclear strikes against everything from polar ice caps to the Sahara desert.

In less oddball news, the Justice Department this week announced the indictment of eight men in connection with running popular piracy streaming sites Jetflicks and iStreamItAll. The services charged a monthly subscription fee to users, in exchange letting them stream and sometimes download popular televisions shows from every network and popular streaming service. The DoJ also served up another indictment against alleged Capital One hacker Paige Thompson, which added fresh details about the case—including a claim that Thompson used her access to mine cryptocurrency.

And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

Here's a heartwarming tale of teamwork making the dream work. Several months ago, antivirus company Avast began looking under the hood of malware called Retadup, which had infected around 850,000 Windows computers. When it found a flaw in Retadup's command and control server communications protocol, it alerted the French National Gendarmerie, who in turn seized the servers. But they didn't stop there! They used those C2 servers to send instructions to infected machines to delete the malware, ultimately relieving nearly a million devices of the cryptomining intruder.

The New York Times reported this week that a US cyberattack on June 20 was even more effective than planned, knocking key Iranian systems offline and disrupting the country's ability to "choose which tankers to target and where." The strike also appears to have created controversy within the administration and intelligence community, with some officials concerned that it gave up strategic capabilities, potentially cutting off a reliable source of information once Iran patches the underlying vulnerability. At least, though, Iran appears not to have stepped up its retaliatory cyberattacks in response.

Facebook, Google, and a Chinese telecom have invested heavily in the Pacific Light Cable Network, an 8,000-mile stretch of cable that, when completed, will connect China to Los Angeles. But with tensions between the US and China continuing to escalate, The Wall Street Journal reported this week that the effort might not survive a national security review. The FCC will ultimately make the call, but strong opposition from a group known as Team Telecom has apparently cast the project in some doubt. However it plays out, it's a reminder that Huawei's not the only one feeling the squeeze.

Web hosting platform Hostinger disclosed a data breach this week that affected up to 14 million of the company's 29 million customers. A hacker apparently used an access token, found on Hostinger's servers, to access an API database that included usernames, email addresses, and weakly hashed passwords. In response, Hostinger automatically reset customer passwords and upgraded its safeguards.

https://www.wired.com/category/security/feed/