Security News This Week: Unmasking the Master of That Web-Crippling Botnet
Remember that nasty Mirai botnet, the one that broke the internet for millions of people last fall? Brian Krebs does. The security journalist was also the massive botnet’s first known victim, and he’s spent hundreds of hours tracking down Mirai’s author.
The biggest security news this week was also the most surprising; in one of his last acts in office, (now former) President Obama commuted the sentence of WikiLeaks whistleblower Chelsea Manning. Instead of serving out the rest of her 35-year sentence, she’ll be free in May. In other presidential news, it turns out the wall Trump wants to build won’t do very much to actually secure the border. It’s possible to secure our cyber-defenses against Russia, though—with our without Trump’s help.
We also took a look into the future of warfare this week, specifically how the Marines use sci-fi to prepare for it. And into the past, thanks to a newly accessible stash of 12 million pages’ worth of declassified CIA documents. Elsewhere, a popular selfie app raised some privacy concerns, and Tor has a plan to become more secret than ever. Also? Squirrels.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
The Hunt for Mirai’s Author
Last fall, the Mirai botnet successfully made large portions https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/ of the internet unavailable to most of the Eastern seaboard. Since then, it’s continued to pop up in various forms, though not as destructively. Now, Mirai’s first known victim, security journalist Brian Krebs, believes he’s sussed out the botnet’s author, an individual using the name Anna-Senpai. It’s a lengthy tale https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/, but also a fascinating insight both into the botnet underworld, and one reporter’s dogged determination to concover the truth.
Supercell, Maker of Clash of Clans, Has 1.1 Million Forum Accounts Hacked
The hacks keep on hacking. This week’s most high-profile victim is Supercell, app developer and creator of popular games including Clash of Clans, whose forum accounts were raided in September of last year. There’s no financial information in the 1.1 million-profile trove, but it does include user names, email addresses, IP addresses, and hashed passwords that may not be robustly protected.
How Google Secures All of the Things
Google this week detailed how it protects its cloud infrastructure, in a fascinating but pretty dense paper that covers everything from custom hardware to operational security. It’s not exactly light reading, but if you ever wondered why you don’t read more stories about Google and its products getting hacked to pieces, here’s your answer.
Another Week, Another IoT Security Mess
The Internet of Things continues to be a bog of vulnerabilities. This week’s horrors came from a Samsung SmartCam device, which researchers demonstrated was relatively easy to gain full control of remotely. The specific model affected is the SmartCam SNH-1011, and Samsung says it’ll fix the vulnerability in an upcoming firmware update. Just think of it as the latest chapter in our ongoing saga of IoT Is More Trouble Than It’s Worth.