by crissly | Mar 30, 2023 | Uncategorized
The literally unprecedented indictment against Donald Trump marks an outright dangerous—and politically fraught—moment for the United States and serves as a reminder of the unparalleled level of criminality and conspiracy that surrounded the 2016 election.
It’s easy to look back at the 2016 election as though its outcome was inevitable—that Hillary Clinton was too weak of a candidate, one whose years of high-priced speeches had made her lose touch with the working-class voters of Wisconsin and Pennsylvania; that “but her emails” and Jim Comey’s repeated, inappropriate, and misguided meddling in the election turned the tide. But the new indictment of Trump is an important historical corrective, a moment that makes clear how the US, as a country, must reckon with the fact that Trump’s surprise victory was aided by not one but two separate criminal conspiracies.
In the 2016 race’s final push, in an election that came down to incredibly narrow victories in just three states—10,704 voters in Michigan, 46,765 in Pennsylvania, and 22,177 in Wisconsin—and where Trump lost the overall popular vote by some 3 million votes, he was helped along by a massive and wide-ranging official Russian government operation. That effort was funded in part by oligarch Yevgeny Prigozhin, who is now behind the brutal combat of his Wagner Group mercenary army in Ukraine, which targeted US social media companies and activists on the ground. According to the US Department of Justice’s exhaustive report, in the second arm of the Russian operation, the military intelligence service GRU hacked top Democratic officials, leaked their emails, and shifted the national narrative around Clinton and other Democrats. (Not to mention that this gave rise to the Pizzagate conspiracy theory and, arguably, QAnon.)
Then there was the separate criminal conspiracy that was the subject of today’s new indictment in New York: the plot in the final weeks of the 2016 election by Trump’s campaign, Trump family fixer Michael Cohen, and the National Enquirer to pay hush money to bury stories of two of the candidate’s affairs, including infamously one with porn star Stormy Daniels.
While it may seem like news of such an affair would have ended up being a nothingburger amid the campaign’s final weeks, it’s worth remembering the specific context that Cohen and the Trump orbit faced in those finals hours of the campaign. They were performing a fraught and knife’s-edge balancing act to hold onto support from conservatives and evangelicals in the wake of the devastating Access Hollywood tape, a moment where vice presidential nominee Mike Pence seriously considered throwing in the towel himself. The follow-on of more non-family-values-friendly stories might well have begun an unrecoverable spiral. (It’s also worth remembering the still-suspicious interplay of these two threads: how, on a single Friday in October 2016, US intelligence leaders announced publicly for the first time that Russia was behind the election meddling, the Washington Post scooped the existence of the lewd Access Hollywood tape, and then, hours later, Wikileaks began dumping a fresh set of stolen emails from Clinton campaign chair John Podesta.)
The new criminal case related to that second Stormy Daniels conspiracy, brought by Manhattan district attorney Alvin Bragg, also is a reminder of the historic mistake by the US Justice Department to not pursue its own charges against Trump in the same matter. This was a mind-boggling abdication of responsibility given that the Justice Department—in the midst of Donald Trump’s own presidency, no less!—prosecuted Cohen for the same conspiracy, naming Trump in the charges against Cohen as “Individual 1” and, according to a new book by Elie Honig, outlined in a draft indictment Trump’s personal direction and involvement in the case.
by crissly | Jan 20, 2023 | Uncategorized
The Iranian government’s latest attempts in recent months to stifle protests through internet blackouts, digital curfews, and content blocking have presented a particularly extreme example of how far regimes can go in restricting digital access. But a new report from the internet infrastructure company Cloudflare, released today, highlights the stunning global prevalence of connectivity disruptions and their increasing relevance to people and organizations all around the world.
In 2022, Cloudflare began publishing reports that compile its internal observations about government internet blackouts and notable outages worldwide. As a content delivery network that also provides digital resiliency services, the company sees an array of signals when a chunk of the internet goes dark. For example, Cloudflare can assess internet protocol requests, like those for the routing system Border Gateway Protocol or the internet address book Domain Name System, to get insight into how a government executed a shutdown and where in the internet backbone it implemented the connectivity blocking.
The specific geopolitical context and technical nuances of different digital disruptions can make it difficult, or unhelpful, to make granular comparisons of disparate incidents. But Cloudflare, which operates in more than 100 countries and interconnects with more than 10,000 network providers, is using its vantage point and visibility into the global internet to track broader trends and offer a sense of scale about how pervasive internet shutdowns have become.
“There’s an increasing use of shutdowns as a means of controlling communication,” says David Belson, Cloudflare’s head of data insight and a longtime researcher of internet disruptions. “There are single points of failure for internet connectivity, and things that are outside of your control can impact your business, your organization, your individual collaborations. So if you are someone in a position of responsibility, you may have to start factoring that into your risk matrix and thinking about particular steps to ensure that your presence on the internet and the work you do on the internet remains uninterrupted.”
The new report, which looks at incidents from the fourth quarter of 2022, concluded that activity related to internet disruptions was actually lower, or “a little bit less active,” as Belson puts it, than previous quarters of last year. Still, the report listed intentional shutdowns and disruptions in Bangladesh, Cuba, Iran, Kenya, Pakistan, Sudan, and Ukraine, along with the United states, where Moore County, North Carolina, dealt with multiday internet outages thanks to assailants who shot at two electrical substations, causing power outages. In Ukraine and Iran particularly, Cloudflare’s reporting was a continuation of ongoing monitoring and incidents.
An internet shutdown imposed by the Cuban government on October 1 was a continuation of shutdowns that began at the end of September in an attempt to curtail protests. The uprisings came in response to a hurricane that caused power outages on the island nation and a widespread feeling among the public that the Cuban government botched the recovery.
The report also highlights an accidental October cable cut in the UK’s Shetland Islands as well as technical failures in Australian, Haiti, and Kyrgyzstan.
“The interesting thing about internet shutdowns is that we typically don’t see governments shutting down electricity or water or gas. They target the internet because they see shutting down the flow of information as a vital thing to do,” says John Graham Cumming, Cloudflare’s chief technical officer. “For a lot of us the internet is an essential utility that we can’t live without. These things really do have an impact, including an economic impact.”
Graham Cumming and Belson note that they see increasing government reliance in many places on digital curfews and intermittent, recurring shutdowns—a trend that seems very likely to continue. It has even become common in some countries to impose connectivity blackouts for a few hours a day during university exams, purportedly to reduce the possibility of students cheating. And in places like Ukraine, where connectivity outages are driven by persistent, wartime attacks on critical infrastructure, the impacts are unrelenting and serve as a particularly sobering illustration of this new digital normal.
by crissly | Dec 29, 2022 | Uncategorized
With the pandemic evolving into an amorphous new phase and political polarization on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defenses.
Here’s WIRED’s look back on the year’s worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.
For years, Russia has pummeled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country’s networks. Since invading Ukraine in February, though, times have changed for some of Russia’s most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access. The Russian playbook on the physical battlefield and in cyberspace seems to be the same: one of ferocious bombardment that projects might and causes as much pain as possible to the Ukrainian government and its citizens.
Ukraine has not been digitally passive during the war, though. The country formed a volunteer “IT Army” after the invasion, and it, along with other actors around the world, have mounted DDoS attacks, disruptive hacks, and data breaches against Russian organizations and services.
Over the summer, a group of researchers dubbed 0ktapus (also sometimes known as “Scatter Swine”) went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organizations. The majority of the victim institutions were US-based, but there were dozens in other countries as well, according to researchers. The attackers primarily texted targets with malicious links that led to fake authentication pages for the identity management platform Okta, which can be used as a single sign-on tool for numerous digital accounts. The hackers’ goal was to steal Okta credentials and two-factor authentication codes so they could get access to a number of accounts and services at once.
One company hit during the rampage was the communications firm Twilio. It suffered a breach at the beginning of August that affected 163 of its customer organizations. Twilio is a big company, so that only amounted to 0.06 percent of its clients, but sensitive services like the secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta were all in that slice and became secondary victims of the breach. Since one of the services Twilio offers is a platform for automatically sending out SMS text messages, one of the knock-on effects of the incident was that attackers were able to compromise two-factor authentication codes and breach the user accounts of some Twilio customers.
As if that wasn’t enough, Twilio added in an October report that it was also breached by 0ktapus in June and that the hackers stole customer contact information. The incident highlights the true power and menace of phishing when attackers choose their targets strategically to magnify the effects. Twilio wrote in August, “we are very disappointed and frustrated about this incident.”
In recent years, countries around the world and the cybersecurity industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialized in targeting both categories, and it focused its attacks on the education sector this year. The group had a particularly memorable showdown with the Los Angeles Unified School District at the beginning of September, in which the school ultimately took a stand and refused to pay the attackers, even as its digital networks went down. LAUSD was a high-profile target, and Vice Society may have bitten off more than it could chew, given that the system includes more than 1,000 schools serving roughly 600,000 students.
Meanwhile, in November, the US Cybersecurity and Infrastructure Security Agency, the FBI, and the Department of Health and Human Services released a joint warning about the Russia-linked ransomware group and malware maker known as HIVE. The agencies said the group’s ransomware has been used to target over 1,300 organizations around the world, resulting in roughly $100 million in ransom payments from victims. “From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors,” the agencies wrote, “including Government Facilities, Communications, Critical Manufacturing, Information Technology, and especially Healthcare and Public Health.”
The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta. The attackers appeared to be based primarily in the United Kingdom, and at the end of March, British police arrested seven people in association with the group and charged two at the beginning of April. In September, though, the group flared back to life, mercilessly breaching the ride-share platform Uber and seemingly the Grand Theft Auto developer Rockstar as well. On September 23, police in the UK said they had arrested an unnamed 17-year-old in Oxfordshire who seems to be one of the individuals previously arrested in March in connection with Lapsus$.
The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys. The attackers then used this access to steal some users’ encrypted password vaults—the files that contain customers’ passwords—and other sensitive data. Additionally, the company says that “some source code and technical information were stolen from our development environment” during the August incident.
LastPass CEO Karim Toubba said in a blog post that in the later attacks, hackers compromised a copy of a backup that contained customer password vaults. It is not clear when the backup was made. The data is stored in a “proprietary binary format” and contains both unencrypted data, like website URLs, and encrypted data, like usernames and passwords. The company did not provide technical details about the proprietary format. Even if LastPass’s vault encryption is strong, hackers will attempt to brute-force their way into the password troves by attempting to guess the “master passwords” that users set to protect their data. With a strong master password, this may not be possible, but weak master passwords could be at risk of being defeated. And since the vaults have already been stolen, LastPass users can’t stop these brute-force attacks by changing their master password. Users should instead confirm that they have deployed two-factor authentication on as many of their accounts as they can, so even if their passwords are compromised, attackers still can’t break in. And LastPass customers should consider changing the passwords on their most valuable and sensitive accounts.
by crissly | Dec 24, 2022 | Uncategorized
We at WIRED are winding down for the year and gearing up for what is sure to be an eventful 2023. But 2022 isn’t going down without a fight.
This week, following a new surge in mayhem at Twitter, we dove into exactly why the public needs real-time flight tracking, even if Elon Musk claims it’s the equivalent of doxing. The crucial transparency this publicly available data provides far outweighs the limited privacy value that censoring would give to the world’s rich and powerful. Unfortunately, Musk’s threats of legal action against the developer of the @ElonJet tracker are having broader chilling effects.
Meanwhile, Iran’s internet blackouts—a response to widespread civil rights protests—are sabotaging the country’s economy, according to a new assessment from the US Department of State. Due to heavy sanctions on Iranian entities, the exact economic impact of Tehran’s internet blackouts is difficult to calculate. But experts agree it’s not good.
You may have encountered the Flipper Zero in a recent viral TikTok video—but don’t believe everything you see. WIRED’s Dhruv Mehrotra got his hands on the palm-size device, which packs an array of antennas that allow you to copy and broadcast signals from all types of devices, like RFID chips, NFC cards, and more. We found that while the Flipper Zero can’t, say, make an ATM spill out money, it allows you to do plenty of other things that could get you into trouble. But mostly, it allows you to see the radio-wave-filled world around you like never before.
But that’s not all. Each week, we round up the security stories we didn’t cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
Between long hours, medallion costs, and the rise of Uber and Lyft, the life of a New York City cab driver is hard enough. Now it seems that Russian hackers—and a couple of their enterprising partners in Queens—were trying to get their own cut of those drivers’ fares.
According to prosecutors, two Queens men, Daniel Abayev and Peter Leyman, worked with Russian hackers to gain access to the taxi dispatch system for New York’s JFK airport. They then allegedly created a group chat where drivers could secretly pay $10 to skip the sometimes hours-long line to be assigned a pickup—about a fifth of the $52 flat fee passengers pay for rides from the airport to elsewhere in NYC. The indictment against the two men doesn’t name the Russians or detail exactly how they gained access to JFK’s dispatch system. But it notes that since 2019, Abayev and Leyman allegedly schemed to get access to the system by multiple methods, including bribing someone to insert a USB drive with malware into one of the dispatch operators’ computers, gaining unauthorized access to their systems via Wi-Fi, and stealing one of their tablet computers. “I know that the Pentagon is being hacked,” Abayev wrote to his Russian contacts in November 2019, according to the indictment. “So, can’t we hack the taxi industry[?]”
Before the scheme was shut down, prosecutors say it was enabling as many as a thousand fraudulent line-skips a day for drivers,
It’s hardly a secret that Cyber Command, the more cyberattack-focused sister organization to the NSA, is frequently engaged in “hunting forward,” as Cybercom director Paul Nakasone has described it. That means hacking foreign hackers preemptively to disrupt their operations, often in advance of an event like a US election. So perhaps it’s no surprise, as The Washington Post reports, that Cybercom targeted Russian and Iranian hackers throughout the 2022 midterm elections. It’s not clear exactly how those hackers were disrupted, but one official told the Post that the operations typically go after the basic tools the hackers use to operate, including their computers, internet connections, and malware. In some cases, that foreign malware is discovered by Cybercom abroad and shared with potential targets in the US to make it more easily detected.
While foreign hacking of US elections has waned since its peak in 2016—when Russia hacked the Democratic National Committee, Clinton campaign, and many other targets—it has by no means disappeared. Cybersecurity firm Mandiant reported this week that the Russian military intelligence agency the GRU appears to have targeted election websites with distributed denial-of-service attacks during the midterm elections, despite Cyber Command’s efforts.
On Monday, federal prosecutors charged two men—one from Wisconsin, the other from North Carolina—for allegedly participating in a swatting scheme that, over a one-week span, targeted the owners of more than a dozen compromised Ring home security door cameras. According to the indictment, Kya Christian Nelson, 21, and James Thomas Andrew McCarty, 20, used login credentials from leaked Yahoo accounts to access Ring accounts from individuals around the country. The defendants then allegedly phoned in false reports to law enforcement claiming to dispatchers that a violent incident was taking place at the victim’s house, and then they livestreamed the police response to the hoax. In several of the incidents, the two men taunted responding police officers and victims through the microphone of the Ring device, according to the indictment.
Nelson, who went by the alias “ChumLul,” is currently incarcerated in Kentucky in an unrelated case. McCarty, who went by the alias “Aspertaine,” was arrested last week on federal charges filed in the District of Arizona. Nelson and McCarty are both charged with conspiring to intentionally access computers without authorization. Nelson has also been charged with two counts of intentionally accessing a computer without authorization and two counts of aggravated identity theft. If convicted, they could each face up to five years in prison, with Nelson facing an additional seven years for the additional charges.
In March 2017, Netflix tweeted a simple message: “Love is sharing a password.” Now, five years later, that sentiment is coming to the end of its life. According to a Wall Street Journal report this week, the streaming service plans to clamp down on password sharing in early 2023. Netflix has been testing ways to stop households in Latin America from sharing passwords throughout 2022, and the report suggests it is ready to expand the measures. Netflix says more than 100 million viewers watch its TV shows and movies using other people’s passwords, and it wants to convert those views into cash. “Make no mistake, I don’t think consumers are going to love it right out of the gate,” the Journal reports Netflix co-CEO Ted Sarandos telling investors earlier this year. Elsewhere, the UK government’s Intellectual Property Office said it believes sharing passwords for online streaming services could breach copyright laws. It is unlikely anyone would ever be prosecuted, though.
The Roomba J7 home robot uses “PrecisionVision Navigation” to avoid objects in your home—such as piles of clothes on the floor or accidental piles of dog crap. The robot is partly able to do this using a built-in camera and computer vision. However, as MIT Technology Review reported this week, gig economy workers in Venezuela posted photos from the robots online—including one image of a woman on the toilet. The photos and videos were captured by a development version of the J7 robot in 2020 and shared with a startup that contracts workers to label the images, helping to train computer vision systems. Those using the development machines had agreed for their data to be shared. Roomba maker iRobot, which is being purchased by Amazon, said it is ending its contract with the startup that leaked the images and is investigating what happened. However, the incident highlights some of the potential privacy risks with the vast data sets that are used to train artificial intelligence applications.
All Kelly Conlon wanted to do was watch the Rockettes with her daughter’s Girl Scout troop. But thanks to a face recognition system run by Madison Square Garden Entertainment, Conlon was summarily kicked out of Radio City Music Hall because she was unknowingly banned from the venue. The issue, according to MSG Entertainment, is that Conlon is an attorney at a law firm that’s currently engaged in litigation against the company. (Conlon said she is not personally involved in that litigation.) “They knew my name before I told them. They knew the firm I was associated with before I told them. And they told me I was not allowed to be there,” Conlon told NBC New York. MSG Entertainment, meanwhile, defended the attorney’s expulsion as necessary to avoid an “inherently adverse environment.” The episode adds to concerns over the use of face-recognition tech, which remains so underregulated that a corporation can use it to punish its enemies. Happy holidays!
by crissly | Dec 14, 2022 | Uncategorized
On November 3, 2021, Meareg Amare, a professor of chemistry at Bahir Dar University in Ethiopia, was gunned down outside his home. Amare, who was ethnically Tigrayan, had been targeted in a series of Facebook posts the month before, alleging that he had stolen equipment from the university, sold it, and used the proceeds to buy property. In the comments, people called for his death. Amare’s son, researcher Abrham Amare, appealed to Facebook to have the posts removed but heard nothing back for weeks. Eight days after his father’s murder, Abrham received a response from Facebook: One of the posts targeting his father, shared by a page with more than 50,000 followers, had been removed.
“I hold Facebook personally responsible for my father’s murder,” he says.
Today, Abrham, as well as fellow researchers and Amnesty International legal adviser Fisseha Tekle, filed a lawsuit against Meta in Kenya, alleging that the company has allowed hate speech to run rampant on the platform, causing widespread violence. The suit calls for the company to deprioritize hateful content in the platform’s algorithm and to add to its content moderation staff.
“Facebook can no longer be allowed to prioritize profit at the expense of our communities. Like the radio in Rwanda, Facebook has fanned the flames of war in Ethiopia,” says Rosa Curling, director of Foxglove, a UK-based nonprofit that tackles human rights abuses by global technology giants. The organization is supporting the petition. “The company has clear tools available—adjust their algorithms to demote viral hate, hire more local staff and ensure they are well-paid, and that their work is safe and fair—to prevent that from continuing.”
Since 2020, Ethiopia has been embroiled in civil war. Prime Minister Abiy Ahmed responded to attacks on federal military bases by sending troops into Tigray, a region in the country’s north that borders neighboring Eritrea. An April report released by Amnesty International and Human Rights Watch found substantial evidence of crimes against humanity and a campaign of ethnic cleansing against ethnic Tigrayans by Ethiopian government forces.
Fisseha Tekle, Amnesty International’s lead Ethiopia researcher, has further implicated Facebook in propagating abusive content, which, according to the petition, endangered the lives of his family. Since 2021, Amnesty and Tekle have drawn widespread rebuke from supporters of Ethiopia’s Tigray campaign—seemingly for not placing the blame for wartime atrocities squarely at the feet of Tigrayan separatists. In fact, Tekle’s research into the countless crimes against humanity amid the conflict fingered belligerents on all sides, finding the separatists and federal Ethiopian government mutually culpable for systematic murders and rapes of civilians. Tekle told reporters during an October press conference: “There’s no innocent party which has not committed human rights violations in this conflict.”
In a statement Foxglove shared with WIRED, Tekle spoke of witnessing “firsthand” Facebook’s alleged role in tarnishing research aimed at shining a light on government-sponsored massacres, describing social media platforms perpetuating hate and disinformation as corrosive to the work of human rights defenders.
Facebook, which is used by more than 6 million people in Ethiopia, has been a key avenue through which narratives targeting and dehumanizing Tigrayans have spread. In a July 2021 Facebook post that remains on the platform, Prime Minister Ahmed referred to Tigrayan rebels as “weeds” that must be pulled. However, the Facebook Papers revealed that the company lacked the capacity to properly moderate content in most of the country’s more than 45 languages.