This week saw a wave of hacker-related activity in Iran. On Wednesday, a joint US, UK and Australia advisory said Iranian hackers were targeting critical infrastructure targets. The next day, the US Department of Justice indicted two Iranians for meddling in the 2020 election. Russia and China can usually lead the conversation about foreign hacking threats, but Iran does. is more and more asserted in recent years.
Another country surprisingly active in recent times with its cyber attacks? Belarus! As of 2019, it has been widely accepted that the Ghostwriter hacking and disinformation group was Russia, given both its tactics and its targets. But security firm Mandiant revealed this week that Ghostwriter is in fact an operation with ties to the Belarusian military, focused on interfering with the interests of NATO as well as those of the country’s neighbors.
We also took a look at the best password managers – and yes, you do. Android users may also want to check out a new feature in DuckDuckGo that blocks trackers in apps on your phone. And speaking of blocking things, NordicTrack has made it harder for its customers to access a “God Mode” that allows them to watch whatever they want on the giant screen of their treadmill. They therefore defend themselves by sharing workarounds online.
Finally, take a few minutes out of your day to read this in-depth investigation into how Amazon’s lax data security has let its customers down. It’s full of details you won’t soon forget.
And there’s more ! Each week, we collect all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.
In a “kids these days” for the record books, a Canadian teenager was arrested this week for allegedly stealing $ 36.5 million in cryptocurrency from a single American victim. It is the biggest theft of its kind. As with so many youth-related cryptocurrency thefts lately, the apparent method was a so-called SIM swap attack, in which the culprit transfers a target’s phone number to their own device, allowing them to ” intercept SMS-based two-factor authentication codes. . There are ways to protect yourself from a SIM swap, but no guaranteed way to stop them; even Jack Dorsey’s own Twitter account has succumbed to the method. In this case, investigators allege that the teenager used his loot in part to purchase a high-value player tag, which are popular items in the SIM trading community.
Among the many criminal hacking gangs operating in Russia, few have done as much damage over the years as Evil Corp. According to the FBI, the group had raised at least $ 100 million by 2019 by robbing hundreds of banks around the world. Like so many online gangs, they recently adopted malware, apparently targeting the National Rifle Association in a recent attack. This week, a BBC journalist traveled to Moscow and a nearby town in search of Evil Corp members Igor Turashev and Maksim Yakubets.
Over the past weekend, thousands of emails were sent by the FBI warning the recipients had been the victims of a cyber attack. In fact, it was the FBI itself that had been compromised. A hacker compromised the agency’s email system, which means they were able to send fake messages with legitimate FBI headers. Fortunately, their interest, as cybersecurity reporter Brian Krebs put it, was farce rather than outright chaos.
In an incident reminiscent of last year’s Cam4 leak, adult streaming site Stripchat exposed data from 65 million users, 421,000 models and 719,000 chat messages over a three-day period earlier this month. -this. The fault was discovered by a security researcher and appears to have been corrected fairly quickly; It is not clear whether malicious actors accessed the data before Stripchat secured it. However, the stakes for these types of sites are particularly high, for both performers and clients, making any exposure of private information a source of particular concern.
More great WIRED stories