Security trouble pro-Trump social networking sites was the topic of 2021: First, an an absurdly fundamental mistake in Parler made it possible to delete all his posts in the hours before the hosting provider left it and disconnected it offline. Then Gab was hacked by hackers who stole and leaked 40 million of his public, private and public places. Now, a page called Gettr, launched by a former Trump employee, has become the third, strongest candidate in the competition for the worst security among pro-Trump social media sites, as hackers have succeeded hijack high-profile accounts and scrape off tens of thousands of users’ private data, including email addresses and birthdays – all within hours of launch.
Fortunately for Gettr, much worse news could have been covered in the security world this week, namely the latest debacle in the current global ransomware epidemic. Lily Hay Newman of WIRED looked up new details come to light about the hacking of Kasey’s remote information management tool, which resulted in thousands of companies being affected by the ransomware, and a vulnerability that was reported to Kasey almost three months before it was used to launch that attack. We also covered persistent snippets due to a critical Microsoft error in the print spooler that the company attempted—and failed!“Until it’s fixed this week.”
In the meantime, we took a look at Amazon’s Echo invisibly stores user data even after a reset, such as European regulators and privacy supervisors advocating a total ban on biometric surveillance, i how hard it is to leave the habit of password in favor of more secure authentication methods.
And there is more. Every week we round up all WIRED security news that is not covered in detail. Click on the headlines to read the full stories and be sure.
Given the security flaws in Parler and Gab, it should come as no surprise that the latest startup that wants to bring Trump’s refugees from Twitter has come into the hacker’s field: On its launch day, July 4, hackers immediately scraped the page and leaked -Public personal data at least 85,000 users, including email addresses, usernames, names, and birthdays, as first noticed by cybersecurity firm Hudson Rock. This scraping of private data may have been caused by a leaky API – a problem pointed out by security experts even before the website was launched. In fact, many well-known users of the website have also been hacked more directly, in an unknown way: Official accounts for far-right Congresswoman Marjorie Taylor-Greene, former Secretary of State Mike Pompeo, Steve Bannon, and even site founder, former Trump employee Jason Miller all was abducted by someone named “@JubaBaghdad”. For his part, Trump has so far refused to join the service – perhaps in part because of security concerns or because it was also overwhelmed by pornography Hedgehog Sonic.
MIT Tech Review Patrick Howell O’Neill has created a fascinatingly long reading from the archives of the cyber-crime game of cat and mouse: the story of how a joint operation between the FBI, Ukrainian intelligence agency SBU and Russian FSB came together to remove some of the biggest cyber criminals in Russia – and they failed. The three agencies worked together for months to monitor and monitor the targets of their investigation, which included notorious figures such as Evgeny Bogagov, king of the botnet operation known as Game Over Zeus, and Maxim Yakubets, head of a group known as Evil Corporation responsible for more than $ 100 million. digital theft and ransomware operations. Just at the moment when the agencies coordinated their removal, the Ukrainian SBU repeatedly postponed the operation – perhaps due to corruption in its ranks – and the Russian FSB stopped fully responding to the FBI, showing its former allies. As Howell O’Neill writes, one of the greatest hacker hunters in history – and a rare attempt by U.S. and Russian law enforcement agencies to cooperate – has been thwarted by “an insane mix of corruption, rivalry and masonry.”
Last month, the FBI and law enforcement agencies in Australia and Europe revealed that they had secretly taken over and run an encrypted phone company called Ana. The company was used to sell phones that allegedly protect the privacy of suspects for investigations around the world. The phones contained a secret hidden door that they later used to arrest more than 800 alleged criminals. Now the motherboard has procured and performed a practical analysis of one of the phones used in that stab operation. They describe in detail how it hid its encrypted messaging features in a rogue computing application, launched a custom operating system called ArcaneOS, and offered an emergency delete feature. It also makes a fun souvenir of one of the greatest laws ever enacted by world agencies – as long as you’re not one of the many owners who end up in jail for it.
Amid Kasey’s rains this week, Bloomberg reported another incident of Russian hacking of an apparently different kind: Hackers known as Cozy Bear, formerly linked to a Russian foreign intelligence agency known as the SVR, violated the Republican National Committee, two people familiar with Bloomberg said. with that question. RNC itself denied that it had been hacked or that any information had been stolen – but then admitted that a supplier of RNC technology, Synnex, had been hacked last weekend. It is unclear whether the incident has anything to do with Kaseya’s hacking of ransomware, which was linked to Russian cybercrime operators known as REvil. But given that the SVR has the task of covertly gathering intelligence on all political and government goals, it may come as no surprise that it targeted the RNC, just as it famously targeted the DNC in 2016.
More great WIRE stories