A Cut Cable Knocked Out Virginia’s Voter Registration Site

This week the New York Post published a story centered on information stolen from a laptop that purportedly belonged to Hunter Biden, and that has a high likelihood of being part a disinformation operation. Not great! But the way the rest of the media handled the situation was a marked improvement over 2016, when leaks of John Podesta’s hacked emails kicked off a frenzy that played right into Russia’s hands. Here’s to modest progress.

Take it where you can get it. The rest of the security outlook was a little more discouraging. United States Cyber Command mounted an offensive against Trickbot, one of the most dangerous botnets in the world. It didn’t accomplish much, but did set a new precedent of US hackers taking on criminals rather than their military counterparts. That’s all part of the long-term strategy of general Paul Nakasone, leader of both Cybercom and the National Security Agency, whom we profiled at length for the most recent issue of the magazine.

We also took a look at how internet freedom has suffered during Covid-19, as dozens of countries have used used the pandemic as an excuse to increase surveillance and tamp down on digital rights. Speaking of surveillance, Amazon’s latest high-profile product announcements have been pushing the boundaries of data collection in discomfiting ways. (Yes, that includes the drone that flies around your house.)

Researchers have figured out how to make a Tesla Model X hit the brakes by flashing just a few frames of a stop sign image for less than half a second. It’s maybe not the most practical attack, but on the other hand it could do a fair bit of damage on the highway it timed just right. And DDoS extortion is on the rise, including some criminals who have been posing as nation state hackers like Fancy Bear and Lazarus Group to increase the intimidation factor.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The registration deadline for the state of Virginia was Tuesday, which is why it’s especially unfortunate that an accidentally cut cable knocked Virginia’s voter portal offline for several hours Tuesday morning. Utility workers hit a Verizon fiber line, which was enough to take out the entire system until deep into the afternoon. A judge extended the registration deadline by 48 hours to make up for it, so everyone should still have been able to get their name in. But the incident is an important reminder that for all the concern over hackers disrupting the 2020 election, creaky infrastructure—whether it’s a cut cable or a confusing interface on a decades-old voting machine—poses a more realistic threat to Election Day.

Look, data breaches happen. After the Equifax hack, there’s a good chance that a big chunk of your personal information has already been compromised. The more important question to ask when a major company like Barnes and Noble gets hacked—which it did, according to an email sent to customers this week—is how much the hackers actually got away with. In this case, it seems at least for now like the damage isn’t terrible. The company said purchase histories, email addresses, and shipping information were potentially exposed, which isn’t ideal. But passwords and financial information appear not to have been impacted, according to Barnes and Noble. Sometimes breaches turn out to be worse than first reported—looking at you again, Equifax—but at least for now, it seems like the fallout is about as minimal as you could hope.

The months-long Zoom encryption saga is nearing a resolution. After misrepresenting the level of security its video chat services offered—and then waffling on whom it would make end-to-end encryption available for—Zoom next week will roll out the feature to both free and paid users next week for a 30-day technical preview. Zoom chats with end-to-end encryption can accommodate up to 200 users, an impressive feat especially given the time frame. You have to opt-in to use the feature, and will give up features like live transcription and cloud recording. But if your privacy needs are that pronounced, odds are you wouldn’t want those enabled in the first place.

Ransomware gangs have increasingly taken to posting companies’ data online if they don’t pay up. The latest apparent victims include gaming companies Ubisoft and Crytek, which a gang called Egregor says it has successfully compromised and published apparent files from on a dark web site. None of this is unique, but it’s worth keeping an eye on—especially since the group has threatened to leak the much higher-stakes source code for Ubisoft’s upcoming Watch Dogs: Legion and the company’s game engine.


More Great WIRED Stories

Read More

The Law Comes for John McAfee

In a week that Covid-19 continued its invasion of the White House, the biggest security questions continue to center on Donald Trump himself. With just a few weeks remaining until the election, the president continues to question the integrity of the process, which in turn threatens to undermine faith in the democratic process. But don’t worry, we also have stories about hacking and such!

Apple’s T2 chip exists to add an extra layer of security to the company’s Mac line. Which is why it’s especially unfortunate that it has an unfixable flaw that leaves it vulnerable to hackers. There are serious limitations on what attackers could actually do and how they could do it, but still, not ideal! Also not ideal: A Chinese-speaking hacker group has been caught repurposing an especially sneaky tool that was first disclosed years ago as part of a leak of the Italy-based Hacking Team spyware company. That’s a lot of information to process for one sentence, but suffice it to say you don’t want UEFI exploits landing in criminal hands, which appears to have happened here.

In better news, we took a look at how Google keeps its “Smart Replies” feature safe now that it’s been added to Android’s ubiquitous Gboard keyboard. And while Android ransomware has picked up some alarming new tricks, it’s still not a major threat—unless you’re downloading outside of the official Play Store for some reason. (Don’t do that.)

The central figure in an alleged poker cheating scandal that WIRED wrote about in the October issue has filed a defamation lawsuit against a dozen named defendants. Poker pro Mike Postle is seeking $330 million in damages.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

John McAfee is no stranger to exotic forms of trouble. This week, the authorities finally caught up with the antivirus pioneer, arresting him in Spain in connection with tax-evasion charges. His extradition remains pending. The Securities and Exchange Commission has also sued McAfee, alleging that he promoted initial coin offerings on Twitter without disclosing that he’d been paid $23 million to do so. And yes, the SEC complaint does reference McAfee’s infamous 2017 pledge that he would “eat [his] own dick on national television” if the price of bitcoin didn’t hit $500,000 in three years. (He later revised the target to a million dollars.)

Not everything needs to connect to the internet, particularly not chastity-promoting devices like the Qiui Cellmate. Researchers this week came public with a bug that could have allowed a hacker to permanently lock the devices from anywhere in the world. The company eventually released a new API that solved the problem for new users, but taking the old API offline would lock any current users in the device forever, barring some delicate bolt-cutter work. Which means longtime Cellmate owners are still in a bit of a pickle.

For all the focus that Russia’s hacking and disinformation efforts get in the US, it’s important to remember that other countries have stepped up their game as well. Iran stands out among them, particularly after a recent takedown of disinformation-spreading domains included four sites that officials say targeted the US. The sites posed as domestic news outlets and focused on sharing pro-Iran stories. The rest of the sites followed a similar rubric, focusing instead on Western Europe, the Middle East, and Southeast Asia.

Many, many security researchers warned that the so-called ZeroLogon vulnerability was very extremely not good, and that you should patch as soon as possible so that hackers don’t wreak havoc on your systems. If you didn’t heed that warning, well, good luck out there! Microsoft has already spotted an Iranian hacker group exploiting ZeroLogon in active campaigns.

Sam’s Club, the Walmart-owned spin on Costco, has begun requiring its customers to reset their passwords, after the company detected a credential-stuffing attack in September. This doesn’t mean that Sam’s Club itself was breached, but rather that attackers were looking for opportunities to take advantage of anyone reusing a password that had been exposed at some point from some other company’s breach. If you’re a Sam’s Club member, reset that password. If you’re a human on the internet, start using a password manager asap.


More Great WIRED Stories

Read More

Android Ransomware Has Picked Up Some Foreboding New Tricks

Though ransomware has been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can’t tolerate downtime. But along with the various types of PC malware that are typically used in these attacks, there’s another burgeoning platform for ransomware as well: Android phones. And new research from Microsoft shows that criminal hackers are investing time and resources in refining their mobile ransomware tools—a sign that their attacks are generating payouts.

Released on Thursday, the findings, which were detected using Microsoft Defender on mobile, look at a variant of a known Android ransomware family that has added some clever tricks. That includes a new ransom note delivery mechanism, improved techniques to avoid detection, and even a machine learning component that could be used to fine-tune the attack for different victims’ devices. While mobile ransomware has been around since at least 2014 and still isn’t a ubiquitous threat, it could be poised to take a bigger leap.

“It’s important for all users out there to be aware that ransomware is everywhere, and it’s not just for your laptops but for any device that you use and connect to the internet,” says Tanmay Ganacharya, who leads the Microsoft Defender research team. “The effort that attackers put in to compromise a user’s device—their intent is to profit from it. They go wherever they believe they can make the most money.”

Mobile ransomware can encrypt files on a device the way PC ransomware does, but it often uses a different method. Many attacks simply involve plastering your entire screen with a ransomware note that blocks you from doing anything else on your phone, even after you restart it. Attackers have typically abused an Android permission called “SYSTEM_ALERT_WINDOW” to create an overlay window that you couldn’t dismiss or circumvent. Security scanners started to detect and flag apps that could produce this behavior, though, and Google added protections against it last year in Android 10. As an alternative to the old approach, Android ransomware can still abuse accessibility features or use mapping techniques to draw and redraw overlay windows.

The ransomware Microsoft observed, which it calls AndroidOS/MalLocker.B, has a different strategy. It invokes and manipulates notifications intended for use when you’re receiving a phone call. But the scheme overrides the typical flow of a call eventually going to voicemail or simply ending—since there is no actual call—and instead distorts the notifications into a ransom note overlay that you can’t avoid and that the system prioritizes in perpetuity.

The researchers also discovered a machine learning module in the malware samples they analyzed that could be used to automatically size and zoom a ransom note based on the size of a victim’s device display. Given the diversity of Android handsets in use around the world, such a feature would be useful to attackers for ensuring that the ransom note displayed cleanly and legibly. Microsoft found, though, that this ML component wasn’t actually activated within the ransomware and may still be in testing for future use.

In an attempt to evade detection by Google’s own security systems or other mobile scanners, the Microsoft researchers found that the ransomware was designed to mask its functions and purpose. Every Android app must include a “manifest file,” that contains names and details of its software components, like a ship’s manifest that lists all passengers, crew, and cargo. But aberrations in a manifest file are often an indicator of malware, and the ransomware developers managed to leave out code for numerous parts of theirs. Instead, they encrypted that code to make it even harder to assess and hid it in a different folder, so the ransomware could still run but wouldn’t immediately reveal its malicious intent. The hackers also used other techniques, including what Microsoft calls “name mangling,” to mislabel and conceal the malware’s components.

Read More

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

Where to start! The biggest news of the week by far is that Donald Trump has tested positive for Covid-19, which is a security story in the sense that it’s an everything story. As of Friday evening, Trump had been transported to Walter Reed Medical Center for treatment. While the situation has countless ripple effects, the deployment of the US Navy’s so-called doomsday planes was not, contrary to at least one viral tweet, one of them. That happens all the time.

Believe it or not, the first presidential debate of the season was just a few days ago. Trump closed out the proceedings with an extended run of voting misinformation, managing an impressive 11 lies in a span of eight minutes. His performance also underscored the limits of focusing on how platforms moderate content, given that Trump will say pretty much whatever on a national stage. And speaking of, well, all of that, we also reviewed Where Law Ends, a new book by former Mueller probe prosecutor Andrew Weissmann about where the investigation went wrong.

In other government news, Russia’s Fancy Bear hackers appear to have been behind a hack of a US federal agency that the government recently announced. It’s not clear which agency, though, or what data they grabbed. And we took a look at a quirk in Georgia law that could push the Senate election results into 2021. And we took a closer look at the election threats that US intelligence officials are actually worried about.

Hackers managed to break into Facebook accounts and steal $4 million dollars that they spent on ads. Researchers figured out how to put ransomware on a coffee maker. And a ransomware attack hobbled a major US hospital chain.

Finally, we ticked through all of the new privacy and security settings in Android 11 that are worth checking out right now.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The US Treasury Department has sanctioned multiple alleged ransomware hackers in recent years, most notably the Russian sports car fanatics behind the aptly named Evil Corp. This week, it made clear to US companies that paying millions of dollars of ransoms to those groups, which also include various North Korean and Iranian actors, will invite hefty fines from the federal government. That puts companies like Garmin, an Evil Corp victim this summer, in a bit of a bind. If they don’t pay up, they may not be able to recover their systems, or the hackers might leak their sensitive customer data. If they do, even through a third-party mediator, they could find themselves in deep trouble stateside.

Account takeover bugs are never ideal, but they’re especially troubling when they’re found in a dating app like Grindr. Adding to the concern is that it was a relatively trivial bug to exploit; Grindr’s password reset page leaked password reset tokens, which would ultimately have made it pretty simple for an attacker to break into any account they knew the associated email address for. Grindr has since patched the bug.

Joker malware is a family of tainted apps that sign you up for pricey subscriptions and can snoop on your texts and contact lists. It’s not a new threat; it’s been around for at least four years. Which is why it’s maybe all the more surprising that it still haunts Android to this day, sneaking into apps that have have been downloaded from the Google Play Store hundreds of thousands of times in the last few months alone. One reason they’re able to get past Android’s defenses: The malicious code is only added hours or days after you download the app, so it can go through Google’s initial scans clean.

OK, well, it’s no Threat Level Midnight. But the FBI has made a short film of its very own, for some reason. The Nevernight Connection is a fictionalized account of former CIA officer Kevin Mallory, who in 2019 was sentenced to 20 years in prison for spying on behalf of the Chinese government. It offers a valuable lesson in the consequences of both espionage and modest production values.

[embedded content]


More Great WIRED Stories

Read More

Windows XP Source Code Got Leaked All Over the Internet

This week, we took an exclusive look at the chaos that unfolded inside Twitter in the hours after the accounts of Elon Musk, Bill Gates, and dozens more got hacked. Twitter has since tightened up its internal security—but with the election a little over a month away, has it done enough?

The Justice Department continued its busy month this week, announcing the global arrests of 179 alleged dark web vendors in a coordinated effort with Europol. Authorities credit the takedown of the dark web bazaar Wall Street Market in May of last year with leading them to the suspects. Facebook showed some muscle this week as well, dismantling disinformation networks that originated in China, the Philippines, and most troubling of all Russian military intelligence. And a tip from a kid about a suspicious TikTok profile led researchers to uncover adware in apps that had been collectively downloaded 2.4 million times.

We took a spin through the most important privacy and security features in iOS 14, including new ways to keep apps from snooping your camera or mic. We explained why using the single sign-on features offered by Google, Facebook and Apple may not be the safest choice. And we looked at a few Chrome extensions that will cut down on all those pesky trackers.

Finally, set aside a little time to get comfy and read this tale of a scandal that rocked the poker world. It’ll be worth it.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Windows XP’s refusal to die has caused a multitude of security problems; Microsoft stopped officially providing updates to the operating system in 2014, meaning any vulnerabilities largely don’t get fixed on the millions of computers that still run it. The situation managed to get even worse this week, as Windows XP source code leaked on the file-sharing site Mega, troll forum 4Chan, and beyond. By combing through source code, hackers can identify potential weak points, making it easier to craft malware that Microsoft likely won’t bother defending its zombie OS against. Some reports indicate that the source code has circulated privately for some time now, which may blunt the impact of this wider release. Still, it’s not an encouraging development for anyone who hasn’t updated their PC in half a decade.

The Tribune Publishing Company has weathered a rough few months and beyond, cutting budgets and jobs as the pandemic has ravaged an already at-risk newspaper industry. So employees were surprised to find an email in their inbox celebrating their new bonus of as much as $10,000. The problem? There was no bonus. It was a phishing test to see who would click. Tribune staff broadly decried the move; dangling a false promise of ready cash to people who have seen colleagues let go and may have been anxious about their own futures with the company is certainly one way to trial a phishing scam, but surely there were less cruel options. (Or maybe just give everyone a Yubikey next time?)

The name Luxottica might be foreign to you, but you’ve surely heard of at least one of the brands under the eyewear monolith’s umbrella: Oakley, Ray-Ban, LensCrafters, and dozens more. Last weekend, the company suffered a cyberattack that forced it to shut down its operations in Italy and China. As of Tuesday, according to a report from BleepingComputer, business was still very much not back to normal. It’s just the latest in a trend of ransomware gangs going after “big game” targets that can afford payoffs in the millions of dollars.

Speaking of which! Russian-speaking ransomware gangs typically don’t target Russian businesses, in part because the the lines between state-sponsored and for-profit hacking are so blurred. But a group that researchers call OldGremlin has been targeting big businesses there. In fact, it’s hitting banks, manufacturing, and other firms exclusively in Russia, according to security firm Group-IB. OldGremlin’s methods aren’t especially novel; they use spear-phishing attacks to plant a custom backdoor, which they in turn use to download malware to steal an administrator’s credentials, and then deploy tailored ransomware. Nothing too crazy! But going after Russia so aggressively is certainly one way to stand out.


More Great WIRED Stories

Read More

179 Arrested in Massive Global Dark Web Takedown

It’s one of the largest global dark web takedowns to date: 179 arrests spread across six countries; 500 kilograms of drugs seized; $6.5 million in cash and cryptocurrency confiscated. And while it was announced this morning, Operation Disruptor traces its roots back to May 3, 2019. That’s the day that German police seized Wall Street Market, the popular underground bazaar that gave international authorities everything they needed to upend the dark web drug trade.

It’s unclear how big a dent Operation Disruptor will make in the long run; the dark web drug market tends to bounce back, even after the high-profile collapses of marketplaces like the Silk Road and AlphaBay. But even if law enforcement is playing an eternal game of Whac-A-Mole, it’s at least gotten extremely proficient at whacking.

In the US, Operation Disruptor plays out across dozens of court documents and around 120 arrests. In Ohio, members of a group known as PillCosby were charged with mailing out over a million pills laced with fentanyl. Prosecutors in Washington, DC, allege that David Brian Pate concealed thousands of OxyContin, Xanax, and morphine pills inside souvenir maracas. A pharmacist in Nebraska allegedly planned to firebomb a local competitor after stealing their opiate supply, in service of what officials say was his booming narcotics trafficking business.

woman handling money
Photograph: Drug Enforcement Administration
Image may contain Diaper
Photograph: Drug Enforcement Administration

What these cases, along with the dozens of arrests across Europe, have in common is that the investigations largely stem from last year’s Wall Street Market takedown. At the time, German authorities arrested the site’s alleged operators and two of its most prolific vendors. Europol confirmed to WIRED today that it was also able to recover the Wall Street Market backend server, providing investigators with an invaluable trove of evidence.

“It provided us with all the information which led to the identification of those arrested today,” says Europol press officer Claire Georges. “We collated the information and then we sent out what we call intelligence packages to all the concerned countries. Basically it’s information or documents where we say, look, we know this person in your country has done this, you may want to open an investigation.” Georges says also that there are more arrests to come.

While announced as a package today, the arrests in the US have trickled through over the last several months. In a press conference Tuesday morning, DEA acting administrator Timothy Shea specifically called out Arden McCann, allegedly known as RCQueen, DRXanax, and other aliases across numerous dark web markets. Arrested earlier this year, McCann allegedly shipped over 10 2kilograms of fentanyl and over 300,000 counterfeit Xanax pills every month.

“In some ways this is just the perfect-storm combination of traditional criminal activity of all shapes and sizes merging with this more sophisticated technology,” FBI director Christopher Wray said at Tuesday’s press conference. “But the point of today’s announcement is it doesn’t matter where you go to try to do it or how you try to hide it, we’re coming for you.”

That has increasingly seemed to be the case. The Wall Street Market seizure is not the first or even most devastating law enforcement takeover of a dark web storefront. In 2017, Dutch police took control of Hansa, a booming darknet market, and the FBI shut down AlphaBay, an even larger competitor. While displaced AlphaBay users flocked to Hansa for their fix, Dutch authorities spent weeks logging their activity, including many of their home addresses.

The takedowns and seizures invariably have a cumulative effect. “These people don’t just operate on one market, they cover the full spectrum of the dark web,” says Europol’s Georges.

Read More

A Bluetooth Flaw Leaves Billions of Devices Vulnerable

The October issue of WIRED took a close, in-depth look at the state of election security. While lots of it isn’t pretty, we did find some pockets of hope. Data scientist Sara-Jayne Terp is on a mission to stamp out misinformation. The former Facebook employees at the nonprofit Acronym are hoping to use the Trump’s 2016 strategies against him. And we dug into the story of STAR-Vote, an audacious plan to secure voting machine tech for good.

There’s more! We talked to Stacey Abrams about how to overcome voter suppression. We looked at how some countries have successfully stymied Russian interference efforts. And we explained how you’ll know for sure that the presidential election results are valid, no matter how loudly Trump yells that they’re going to be rigged.

Plenty of non-election news happened this week as well. Customs and Border Protection seized 2,000 OnePlus Buds, claiming they were counterfeit Apple AirPods. Then they doubled down. The Department of Justice charged Chinese hackers with breaking into video game companies in connection with a digital loot fencing scheme. Cloudflare and the Wayback Machine have joined forces to make sure more sites don’t ever go down.

We took a look at how Gen Z is trying to recruit more poll workers, because the kids truly are all right. And we ran down the safest ways to log into your computer, from strong passwords to biometrics.

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

Researchers have disclosed what they call a Bluetooth Low Energy Spoofing Attack, which focuses on the protocol’s reconnection process rather than more common pairing vulnerabilities. With BLESA, the Purdue University team found that it could send spoofed data to a vulnerable device, causing various shenanigans. Windows devices aren’t affected, and Apple has patched the flaw, but the researches said that Android many IoT devices were still susceptible as of June. Given the prevalence of Bluetooth Low Energy devices, the researchers estimate that billions may be impacted. It’s yet another security concern for Bluetooth, whose complexity has made it increasingly harder to secure.

The Department of Justice this week released not one, not two, but three indictments against alleged Iranian hackers. The actual activity detailed in the charges doesn’t come as much of a surprise; it’s a lot of the usual spear-phishing and intelligence gathering, with some website defacement thrown in for good measure. The suspects haven’t been apprehended, and may not ever be given that they’re in Iran. But the DoJ has filed charges with increasing frequency in recent years, hoping to deter them by limiting their travel and exposing their techniques.

The Department of Veterans Affairs this week disclosed that hackers had breached its Office of Finance computer systems and accessed the personal information fo 46,000 veterans. The hackers also appear to have “diverted payments from VA,” though the agency declined to share any details in response to a WIRED inquiry earlier this week. The VA will offer credit monitoring services to veterans who may have had their Social Security numbers stolen as part of the hack.

A recently patched Windows vulnerability would have given attackers who already have a foothold in a network to gain control of the Active Directory, which would have let the hacker run rampant on the system, distributing malware and adding computers as they saw fit. Called “Zerologon,” the attack has a critical severity rating from Microsoft, so please patch. Like, yesterday.


More Great WIRED Stories

Read More

CBP Seized OnePlus Buds as ‘Counterfeit’ AirPods. Now It’s Doubling Down

If it quacks like a duck, in other words, CBP is within its rights to call it a counterfeit duck. And the agency has familiarity with Apple counterfeits; they’re so prevalent that Apple participates in the agency’s Donations Acceptance Program, in which private companies donate relevant resources to help CBP spot fakes. According to a 2019 Government Accountability Office report, Apple contributes digital microscopes, lighting cable detectors, and iPhone power cords to help the agency authenticate products. Procter and Gamble, Otter, Cisco, and other companies participate in the program, as well.

McKenna says the fact that OnePlus Buds are listed at a little over half the cost of AirPods may have registered as another strike on the CBP’s limited checklist. Selling something that looks so similar for so much less is likely to set off alarms.

What the CBP seizure does not mean, though, is that OnePlus Buds are suddenly verboten in the US. (You can still buy them right now at most online electronics retailers.) The final word on that belongs to the courts, not to CBP, and the legal system takes into account far more factors when considering trademark infringement. “The legal test for infringement of a trademark is likelihood of confusion,” says McKenna. Which is where the clear branding comes into play; someone would have to think they were buying an Apple product even though OnePlus is on the box.

So what happens next? CBP will detain the OnePlus Buds for up to 30 days. OnePlus, once notified, has the same amount of time to file a denial. And presumably the courts will eventually decide if Apple’s trademark has been infringed upon, which CBP itself made sure to note. “The importer will have many opportunities through the adjudication process to provide evidence that their product does not violate the relevant recorded trademarks,” the agency said in its statement.

Imitators crop up in every industry; this year’s runway is next year’s Target sales rack. For CBP to take dramatic action against an established company like OnePlus is an unusual step. The US government of late has been noticeably more hostile towards Chinese companies trying to do business in the US, as reflected in the still uncertain fate of TikTok among other recent actions. Still, given that China has been a major source of counterfeit and pirated goods for years, according to CBP, it’s unclear whether the OnePlus case is part of a broader political escalation.

“The vast majority of product seizures are pure counterfeits and everyone knows it,” says McKenna. “How this particular shipment got into that categorization, I don’t know. But this will be an interesting one to see what happens.”


More Great WIRED Stories

Read More

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

As the presidential election looms, Microsoft said on Thursday that Russia’s military intelligence hackers, often called Fancy Bear or APT28, have targeted more than 200 organizations since September 2019, many of them election-adjacent. The revelation is the latest indication that nation-state hacking groups like Fancy Bear, which also sowed chaos during the 2016 US presidential election, remain a very real threat.

Which makes the whistle-blower complaint of former senior Department of Homeland Security intelligence official Brian Murphy, made public this week, all the more troubling. Murphy alleges that DHS leadership minimized intelligence findings and manipulated reports about Russia’s threat to the 2020 election and other topics, allegedly to align with President Donald Trump’s political agenda. On the topic of inappropriate politicization in US law enforcement and intelligence agencies during the 2016 election, former FBI agent Peter Strzok told WIRED this week, “Everything the FBI did that fall hurt Hillary and helped Trump.”

On Monday, Wikileaks founder Julian Assange began his defense against extradition to the US, which hinges in part on psychiatric assessments that he is at risk for self-harm. And smartwatches for kids are still a total security mess, even after years of warnings from researchers.

If you’re looking this weekend for some easy ways to guard your digital privacy, shore up your WhatsApp settings and consider these privacy-conscious alternatives to Google Maps.

And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The hacking group dubbed Malsmoke is on a tear, infecting popular porn sites with malicious ads and then using them to infect victims with malware. Researchers from the security firm Malwarebytes say that the attackers have tainted “practically all adult ad networks.” In addition to midrange sites, the group also succeeded at displaying its malicious ads on the xHamster, one of the most popular adult sites in the world. Unfortunately, these types of attempted attacks are not unprecedented on adult content websites, but the campaign, which Malwarebytes has tracked for a few months, is particularly interesting because of the malware being used. Once a victim clicks a malicious ad, they are redirected to a page that attempts to start downloading malware if it can exploit vulnerabilities in Internet Explorer or Flash. Both are classic hacker targets that are being permanently retired in the coming months, in part because of their security issues. These Malsmoke attacks will only impact targets running vulnerable versions of Internet Explorer and Flash, which means they’ll soon be obsolete.

A July memorandum from the US Postal Service Office of Inspector General warned that there were “significant vulnerabilities” in six postal applications for three years, including “sensitive” digital services. The report said that the 12 types of vulnerabilities are well-known bugs that could have easily been exploited by hackers. The findings are not surprising given that US government agencies and affiliates have a truly dismal cybersecurity track record. The USPS told Motherboard this week that it has fixed the vulnerabilities.

The video-conferencing service Zoom announced on Thursday that it has added support for two-factor authentication in its desktop and mobile applications. Previously users could only utilize two-factor account protections on the web. Zoom launched a major initiative in April to overhaul its security offerings, but it has faced controversy even for some of these improvements. For example, Zoom initially said it would only offer end-to-end encryption to users with paid accounts, but after a backlash it reversed course to provide it universally. The expanded two-factor offerings will extend to both free and paid accounts.

Schools around the US have been preparing for delays and closures as a result of the Covid-19 pandemic, but this week schools in Hartford had their first day canceled for a very different reason: ransomware. In addition to impacting schools, the attack also disrupted emergency services like 911 and the police department. The attack began on September 5. Hartford officials were able to recover within a few days, though, and schools (which are running a hybrid model thanks to the pandemic) were open on Wednesday. Hartford invested roughly $500,000 last year to improve its cybersecurity defenses, and officials said that while this did not stop the attack, it did help the city recover quickly.


More Great WIRED Stories

Read More

Julian Assange Lays Out His Case Against US Extradition

Much of the defense’s case—including many of the arguments it revealed in the initial February hearings—focuses on the political nature of the charges. Assange’s lawyers point out that “political offenses” aren’t subject to extradition in the US-UK extradition treaty, and argue that his prosecution is “being pursued for ulterior political motives and not in good faith.” The Espionage Act charge against Assange, which alleges that he illegally released classified documents, is by its nature a political offense that falls outside the extradition conditions, the defense argues. To emphasize the politicized nature of the case, they reference President Trump’s years-long war with the press, referring to the media as “the opposition party,” and “the enemy of the people.” They raise then-CIA director Mike Pompeo’s statement in April of 2017 that he saw Assange and WikiLeaks as “a non-state hostile intelligence agency.”

That interpretation broke with that of the Obama administration, which considered prosecuting Assange under the Espionage Act in 2013 but chose not to, since doing so would violate a long precedent of not prosecuting news outlets for publishing classified information they obtain from sources.

“The indictment breaks all legal precedents. No publisher has ever been prosecuted for disclosing national secrets since the founding of the nation more than two centuries ago,” wrote journalism professor Mark Feldstein in his testimony on behalf of the defense. “The belated decision to disregard this 230-year-old precedent and charge Assange criminally for espionage was not an evidentiary decision but a political one.”

The defense’s arguments also seek to undermine the hacking case against Assange, which alleges that he conspired with former army private Chelsea Manning and others to steal classified information. That original hacking charge, the basis of the first indictment unsealed against Assange in April of last year, relied on the fact that Assange offered in chats with Manning to help her crack a hashed password—thereby involving himself in Manning’s theft of secret information from the military. But the defense points out that testimony in Manning’s own court martial was inconclusive as to whether Assange had ever actually cracked the password, or whether he would have been able to with the information Manning provided, or what purpose the password would be used for if it were successfully cracked.

In June, prosecutors hit Assange with a superseding indictment that added allegations of conspiring with hackers who provided stolen information to WikiLeaks, including Anonymous hackers Jeremy Hammond and Hector Monsegur, as well as Icelandic WikiLeaker Sigurdur Thordarsson. The defense argues that those new elements serve only as “background narrative” of a hacking conspiracy, and “absent proof of the Manning allegations the new additional conduct could not sustain, of itself, conviction.”

Moreover, the surprise introduction of a new indictment after the extradition case had already begun in February is highly unorthodox, says Tor Ekeland. It may even signal to the UK court that the US Department of Justice will pile on more charges after it already has Assange in hand, he says. Defense attorneys for Assange in a hearing Monday unsuccessfully sought to have the new elements of the indictment disregarded in the extradition case, given that they had little time to prepare counterarguments. “It’s an offense to the rule of law,” says Ekeland. “It shows that the US cannot be trusted not to supersede the indictment again if Assange is extradited.”

Ekeland argues that Assange’s defense still has powerful arguments in its favor, from the freedom of the press precedents that the Assange prosecution would violate to the potential threat to Assange’s mental health and well-being if he ends up in an American prison. That mental health argument in particular has worked in the past for British hackers the US has attempted to extradited: Ekeland’s own client Lauri Love avoided extradition after a psychiatrist testified that he suffered from psychosis and depression, and UK hacker Gary McKinnon escaped extradition in 2012 thanks in part to his diagnosis of autism.

Read More
Page 1 of 612345»...Last »