Hackers Dox ICE, DHS, DOJ, and FBI Officials
In a stunning new study, researchers at UC San Diego and the University of Maryland revealed this week that satellites are leaking a wealth of sensitive data completely unencrypted. This includes calls and text messages on T-Mobile, in-flight Wi-Fi browsing sessions, and even military and police communications. Remarkably, the researchers accomplished this with just $800 in off-the-shelf equipment.
—
### Facial Recognition Flaws Impact People with Facial Differences
Face recognition systems are seemingly everywhere. But what happens when this surveillance and identification technology doesn’t recognize your face as a face? WIRED spoke with six individuals with facial differences who report that flaws in these systems are preventing them from accessing essential services.
—
### US and UK Authorities Seize Nearly 130,000 Bitcoins from Alleged Cambodian Scam
Authorities in the United States and United Kingdom announced this week the seizure of nearly 130,000 bitcoins from an alleged Cambodian scam empire. At the time of the seizure, the cryptocurrency fortune was worth $15 billion—the largest amount of money of any type ever confiscated in the US.
—
### Control Over US Election Infrastructure Consolidates Under Former Republican Operative
Control over a significant portion of US election infrastructure is now in the hands of a single former Republican operative, Scott Leiendecker. He recently purchased Dominion Voting Systems, a voting machine company, and owns Knowink, an electronic poll book firm. Election security experts are currently more baffled about the implications than worried about any possibility of foul play.
—
### Cybersecurity Developments: F5 Breach and Android 2FA Attack
While a new type of attack could allow hackers to steal two-factor authentication codes from Android phones, the biggest cybersecurity development of the week was the breach of security firm F5. The attack, carried out by a “sophisticated” threat actor reportedly linked to China, poses an imminent threat of breaches against government agencies and Fortune 500 companies.
—
### The Only Three VPNs Worth Using on iPhones
Finally, we sifted through the mess that is VPNs for iPhones and found the only three worth using. But that’s not all! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories—and stay safe out there.
—
### “The Com” Hackers Leak Personal Info of Hundreds of DHS, ICE, DOJ, and FBI Officials
In recent years, perhaps no single group of hackers has caused more mayhem than “the Com,” a loose collective of mostly cybercriminal gangs whose subgroups like Lapus$ and Scattered Spider have targeted victims ranging from MGM Casinos to Marks & Spencer grocery stores.
Now, they’ve turned their sights to US federal law enforcement. On Thursday, one member of the Com’s loose collective began posting to Telegram an array of federal officials’ identifying documents. One spreadsheet reportedly contained personal information on 680 Department of Homeland Security officials. Others included data on 170 FBI officials and 190 Department of Justice officials.
The leaked data includes names, email addresses, phone numbers, and addresses—sometimes officials’ home addresses rather than work locations. The user who released the data mocked an unverified DHS claim that Mexican cartels had offered thousands of dollars for identifying information on agents, stating: “I want my MONEY MEXICO.”
—
### Secret FBI Task Force Allegedly Targeting Russian Ransomware Group Inside Russia
Over the past year, the FBI has operated a “secret” task force that may have worked to disrupt Russian ransomware gangs, according to reports published this week by France’s *Le Monde* and Germany’s *Die Zeit*.
The mysterious Group 78 presented its strategy late last year to European officials, including law enforcement and judicial authorities. Details about the group remain scarce, but its controversial tactics reportedly spurred officials to speak out.
Group 78 focused on the Russian-speaking Black Basta ransomware gang, outlining two approaches: conducting operations inside Russia to disrupt members and getting them to leave the country, and manipulating Russian authorities into prosecuting gang members.
While Western law enforcement has increasingly pushed back against Russian ransomware gangs through infiltration, sanctions, and warrants, covert actions inside Russia would be unprecedented publicly. Notably, the Black Basta group has recently gone dormant following leaks of its internal messages and identification of its alleged leader.
—
### ICE Division and Secret Service Had Access to AI License Plate Cameras
AI-powered license plate recognition cameras have gathered billions of images of vehicles and their specific locations across the US. These surveillance tools have been adopted by law enforcement, raising questions about potential abuses.
This week, a letter from Senator Ron Wyden revealed that a division of ICE, the Secret Service, and Navy criminal investigators had access to data from Flock Safety’s cameras.
Wyden stated, “I now believe that abuses of your product are not only likely but inevitable, and that Flock is unable and uninterested in preventing them.” He urged local elected officials to remove Flock cameras from their communities to protect constituents.
Further, Flock announced a partnership with Amazon’s Ring, enabling agencies using Flock to request footage from Ring customers.
—
### Mystery of the CIA’s Kryptos Sculpture Finally Solved—Thanks to the Smithsonian Archive
For 35 years, the Kryptos sculpture at CIA headquarters has baffled cryptographers with a partially unsolved encrypted message. Now, two men—Jarett Kobek and Richard Byrne—have cracked the puzzle with help from documents discovered in the Smithsonian Archive, *The New York Times* reports.
However, a dispute has arisen with the sculpture’s owner, Jim Sanborn, who confirmed their solution but requested that they not reveal it ahead of an upcoming auction. The auction aims to raise money for charity and Sanborn’s potential medical expenses.
Though Kobek and Byrne assured Sanborn they wouldn’t disclose the solution, they were later asked to sign a nondisclosure agreement. The auction house has threatened legal action if they reveal the answer publicly. Both men have retained lawyers in response.
WIRED suggests a potential solution: posting a cryptographic hash of the solution online to prove knowledge without revealing the answer, then signing the NDA—keeping all parties satisfied.
—
### North Korean Hackers Hiding Malware in Ethereum’s Blockchain
North Korean state-sponsored hackers, notorious for targeting cryptocurrency users and companies to funnel billions into the Kim regime, have adopted a new tactic.
Security researchers at Google revealed this week that these hackers are using a technique called “EtherHiding” to host malware code within an Ethereum smart contract.
Unlike Bitcoin’s blockchain, Ethereum can host and run code across its distributed network. When victims open files infected by these hackers, the malware pulls malicious code from the Ethereum blockchain, making it harder to remove or defend against compared to traditional servers.
Google notes this is the first time it has seen such a technique employed by state-sponsored cybercriminals.
https://www.wired.com/story/security-news-this-week-hackers-dox-ice-dhs-doj-and-fbi-officials/
You may also like
Leave a Reply