The hackers arrested by Google were a counterterrorism operation
With technology companies gobbling up more and more user location data all the time – and governments exploiting this wealth in every way possible – a group of technologists in the US and UK launched 10 Principles this week, the Locus Charter , for ethical retention and use of location data. Facebook announced Chinese hacking group Evil Eye research, who continued to launch espionage campaigns targeting Uyghurs. In the latter case, the group used shell companies to develop spyware and carefully distributed Android and iOS malware through fake app stores and contaminated websites.
Meanwhile, a strain of ransomware called DearCry used on the same Microsoft Exchange vulnerabilities originally exploited by Chinese hackers for espionage around the world. And the Dark Web markets are teeming with Covid vaccine scams, peddling of false doses and false evidence of vaccination.
In an effort to reduce the threat posed by browser-related attacks, companies like internet infrastructure company Cloudflare are develop a new generation of “browser isolation” tools that prevent malicious code from running directly on your computer, while being faster and more usable than previous iterations.
And there’s more. Each week, we collect all the news that WIRED hasn’t covered in depth. Click on the titles to read the full stories. And stay safe there.
Last week, Google’s threat analysis group and its Project Zero bug research team revealed that a single, unidentified hacking group had used a whopping 11 previously unknown security vulnerabilities in a series of digital attacks. over nine months in 2020. Google has not provided any details or clues, however, on who the hackers might be. Friday, MIT Technical Review reported that the pirates were agents of a Western government who were carrying out a counterterrorism operation. The situation only adds to an already ongoing discussion about the logistics and parameters of vulnerability disclosure when it relates to covert activity carried out by a “friendly” government. The vulnerabilities in this case were in ubiquitous software such as Google’s Chrome browser for Windows 10 and Apple’s mobile Safari browser.
Dominion Voting Systems filed a defamation suit in Delaware against Fox News for $ 1.6 billion on Friday, alleging the broadcaster was seeking to boost ratings by making false claims that Dominion, whose voting machines are used in 28 states, rigged the 2020 US election. The company writes in the lawsuit that Fox News “sold a bogus story of voter fraud in order to further its own business purposes, seriously injuring Dominion in the process.” Voting technology company Smartmatic has filed a similar pursuit vs. Fox News in February.
President Donald Trump and his supporters have spent months trying to discredit the election results and the victory of President Joe Biden, based on these claims and other conspiracy theories. The campaign partly fueled the deadly Riots on Capitol Hill on January 6, which in turn led to Trump’s second impeachment.
In its 2020 Internet Crime Report, the FBI’s Internet Crime Complaints Center (IC3) received 791,790 complaints, an increase of 69% from 2019. Total reported losses stood at 4. $ 1 billion. In particular, the so-called “compromise of professional e-mail” attacks, which were on the rise throughout the 2010s, took the biggest toll, with 19,369 complaints totaling a loss of about $ 1.8 billion. There were 241,342 complaints of phishing attacks totaling over $ 54 million. And while ransomware attacks were a high-profile source of risk in 2020, the number of individual incidents rose to 2,474, with losses of more than $ 29.1 million. IC3 data is imperfect because not all incidents are reported, especially in cases like ransomware attacks, where victims are reluctant to admit they paid attackers. But numbers still provide valuable context and a sense of scale.
Taiwanese electronics maker Acer was hit by a ransomware attack last weekend. The prolific ransomware group REvil has demanded a record payment of $ 50 million to decrypt Acer’s systems and prevent their exfiltrated data from leaking. The attack did not shut down Acer’s production networks, however, and the company reported its fourth quarter results on schedule days after the attack. Acer has so far downplayed the severity of the attack.
More WIRED stories