A Six Flags Fingerprints Ruling, Supply Chain Hacks, and More Security News This Week

Credit to Author: Emily Dreyfuss| Date: Sat, 26 Jan 2019 14:00:00 +0000

Close observers of Robert Mueller’s investigation of possible collusion between Donald Trump’s 2016 presidential campaign and Russia have long wondered when, exactly, Roger Stone would be indicted. The answer came Friday, when FBI agents arrested Trump’s longtime friend and advisor on seven counts, including obstruction, making false statements, and witness tampering. Garrett Graff breaks down the four key takeaways from the 24-page indictment.

Also this week was a reminder that Nest Cams are a tempting (and easy) target for hackers. First, pranksters scared the bejeezus out of a family by announcing through the Nest Cams that North Korean missiles were headed straight for the US. Then a PewDiePie fan took dozens of cameras hostage.

We took you along on one professor’s obsessive journey to get his Cambridge Analytica data back. Atomic scientists didn’t tick the Doomsday Clock any closer to apocalypse this year, but before you celebrate, read this op-ed arguing that they should have. We also explained what stoachastic terrorism is and why it poses a rising danger. And we helped you find the freeloaders using your Netflix account and kick them out.

And there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Customers in Illinois have the right to sue companies for taking their biometric data—like fingerprints or iris scans—without their consent. That was the verdict Friday of the Supreme Court of Illinois, which reversed an earlier decision in the case of a 14-year-old boy who bought a season pass to a Six Flags amusement park and unwittingly had his fingerprints taken by Six Flags in the process. The case hinges on Illinois’ strict biometric security law, which passed in 2008, giving the state the strictest rules in the country for how companies can collect permanent personal data like fingerprints. Though that specific law might restrict implications from this ruling to the state of Illinois, the Chicago Tribune explains why Silicon Valley companies are worried anyway. Companies like Facebook and Google have already had to change or pull offerings in the state of Illinois in order to comply with the law, and Facebook has been sued over it in the past. The current ruling makes it clear that a privacy violation is in itself grounds for consumers to sue companies directly.

Former WIRED reporter Robert McMillan, now at the Wall Street Journal, brings you an in-depth look at the security folks at Google tasked with keeping all your data safe from hackers. The team is composed of 27 people, tracking 200 specific hacking groups everyday. They deal with everything from disinformation campaigns spreading on Google, to hackers trying to access your email. With so much data to keep track of, but also to rely on, Google’s team might be the most powerful group in the world capable of tracking nation-state hackers.

Law enforcement has been famously suspicious of encryption. You might remember when the FBI attempted to get Apple to the break the iPhone encryption in order to access a terrorism suspect’s phone back in 2016. But now police and law enforcement agencies in the state of Colorado have themselves embraced the use of encryption, according to a report from the Columbia Journalism Review, which notes that the practice is problematic for government accountability. More than two dozen government agencies are reportedly using encrypted radio frequencies to communicate, making it impossible for journalists or citizens to listen in on scanners or apps. The police in Colorado say that’s exactly why they are doing it, but CJR notes this poses huge barriers to public information.

Last year, Bloomberg reported a bombshell scoop that Chinese hackers had infiltrated the manufacturing supply chain of American tech products to implant spyware on microchips inside the most popular gadgets in the country. It implicated companies like Apple and Amazon. But no one else could verify the reporting, and all the companies involved forcefully denied it. The Intercept is out with a piece this week showing that even if that specific story was wrong, the risk of supply chain attacks is very real. And it’s something US tech companies, and the government, better prepare for.

https://www.wired.com/category/security/feed/