Facebook Fails, Russian Hacks, and More Security News This Week

Credit to Author: WIRED Staff| Date: Sat, 20 Apr 2019 13:00:00 +0000

After months of anticipation and fevered speculation by supporters and critics alike, the public finally laid eyes on the most important release of the past 25 years, its secrets guarded by a famously tight-lipped team up until the very end. That's right, Beyoncé dropped a new album this week. Scholars will analyze its influence for years to come.

Robert Mueller's report also came out, at least in redacted form. Over 448 pages, the Special Counsel's Office details its investigation into Russia's efforts to influence the 2016 presidential election, and then, in volume II, President Trump's efforts to block or stop that very investigation. The special counsel did not establish that the Trump campaign conspired with Russia, but Garrett M. Graff writes that the report diverges sharply from attorney general William Barr's rosy portrayal of its findings. As Washington, DC digests the report, political pressure is mounting for Congress to act.

"The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news," writes Andy Greenberg. But that's what happened this week! On Wednesday, researchers revealed that a hacking group called Sea Turtle hit 40 organizations in a serious DNS hijacking spree, and compromised the internet domains of entire countries in the process.

Andy also wrote about an ongoing cybersecurity mystery: Someone, or some group, has been systematically dumping the secret data, tools, and identities of an Iranian hacking team to a public Telegram channel. It's unclear who is behind the campaign, which began in March, but one security researcher analyzing the leak said, "They do seem to have something out for these guys. They’re naming and shaming, not just dropping tools."

Closer to home, the Manhattan district attorney's office offered an intriguing glimpse into the rise and fall of sinmed, one of the dark web's biggest drug vendors. And it all started two years ago, with a good, old-fashioned tip about suspicious ATM withdrawals. That's what makes this dark web case intriguing and, as Brian Barrett explains, evidence that law enforcement at all levels—and not just the federal—are becoming more capable of cracking down on these crimes.

And if you're a user of a Microsoft email service, this one might hit closest of all: Hackers had full access to an unknown number of Outlook, MSN, and Hotmail email accounts for months—and Microsoft's customer service platform was the key. All it took was a single set of stolen credentials. While Microsoft has not revealed the exact number of accounts affected, the incident shows how such support systems are, as one expert noted, "a big security hole waiting to happen."

There's more! Each week we round up all the news WIRED didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

It's hard to remember the last time Facebook deserved the benefit of the doubt, if ever. So when the company admitted that it "unintentionally uploaded" the email contacts of 1.5 million users this week, eyebrows understandably arched. That's especially because the issue stemmed from Facebook's controversial nudge to some users to provide their passwords for third-party services. Facebook says it will delete the contacts, which, you'll be excused for believing it when you see it.

Oh, hello again! On Mueller Report Day, Facebook conveniently remembered to update everyone on that plaintext password snafu last month. You might recall that the company said at the time that tens of thousands of Instagram users had their passwords exposed? Turns out it was millions of Instagram users. The company appended a note to its original blog post about the incident on Thursday morning, slipping it right in between attorney general William Barr's press conference and the actual release of the redacted report. Reporters at Tech Crunch and other outlets still managed to spot the news, though.

Security firm Kaspersky has long been plagued by rumors that it has inappropriate ties to the Russian government. One news item that might not help? A report from the Associated Press this week that someone who appears to be a spy appears to have targeted Kaspersky critics, including cybersecurity experts, over the last several months. Kaspersky declined to comment—which means it also didn't refute the reporting—because the one thing that will make people less suspicious of you is being associated with what appears to be an operative working on your behalf under false pretenses.

Alongside its much-anticipated topics, the Mueller Report, released on Thursday, contains an unexpected detail about Russia’s 2016 election meddling. The report claims that the GRU infiltrated an election-related network in an unspecified Florida county. “The FBI believes that this operation enabled the GRU to gain access to the network of at least one Florida county government,” the report says. Until now, no government official or release has mentioned an actual election network compromise during the 2016 season. DHS officials and others said that they had detected “probing” and disinformation efforts, but no successful network intrusion. Election and national security officials in Florida and around the country told CNN that they do not know what the report is referring to and have not heard of such an incident—even in classified discussions.

https://www.wired.com/category/security/feed/