WhatsApp Hack Targeted Officials in More Than 20 Countries
Credit to Author: Andy Greenberg, Lily Hay Newman| Date: Sat, 02 Nov 2019 13:00:00 +0000
NSO Group exploits, Counter-Strike money laundering, and a Pentagon scam are among the week’s top security news.
This week saw the cybersecurity world taking big strides against some of the world's most aggressive hackers. In a dramatic and potentially precedent-setting move, WhatsApp, the Facebook-owned messaging platform, sued the Israeli surveillance contractor NSO Group for allegedly targeting 1,400 of WhatsApp's users with malicious phone calls crafted to infect devices with data-grabbing malware. Meanwhile, over in United States Congress, lawmakers are still struggling to deal with increasingly ubiquitous ransomware attacks that often target vulnerable organizations like local governments and hospitals.
Microsoft reported findings that the Russian hacking group Fancy Bear (also called APT28 or Strontium) has targeted at least 16 antidoping agencies around the world in the lead-up to the 2020 Tokyo Olympics. Russian hackers have barraged the Olympics for three years now, including a particularly stealthy and insidious digital attack on the Pyeongchang Winter Games in 2018.
We detailed how to keep your smart-assistant devices locked down so human reviewers at big tech companies don't end up listening to audio snippets of your voice, or other accidental recordings taken in your home. And Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics, made the case that three technologies—open systems design, agile cloud-based software, and digital engineering—represent a sort of "digital holy trinity" that will underlie next-generation weapons for the US military.
Plus, there's more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.
Last May, WhatsApp revealed that hackers at NSO Group had been exploiting a vulnerability in its software that allowed them to compromise a phone simply by targeting it with a voice call that planted malware on the device capable of silently stealing a victim's messages. Now, in the same week when WhatsApp revealed that NSO Group had in fact targeted 1,400 of its users, Reuters reports that government officials in more than 20 countries have also been targeted via WhatsApp hacking. Reuters didn't name the countries, nor did it explicitly confirm that hacking was carried out by NSO or using the company's tools, but the newswire's story seems to suggest a link to the notorious hacker-for-hire firm. WhatsApp this week already confirmed that, based on an investigation carried out by the nonprofit cybersecurity research group Citizen Lab, NSO targeted more than 100 members of civil society, including journalists, human rights defenders, lawyers, and activists. If NSO has in fact aided in the compromise of government officials, that would represent yet more evidence that its tools and targeting haven't been limited to criminals and terrorists, as the company has long portrayed its work.
Two men, one based in California and the other in Florida, pleaded guilty on Wednesday to carrying out a pair of hacking operations that accessed the data of 57 million Uber users, along with another 55,000 users of Lynda.com, a site owned by LinkedIn. The men, who admitted to searching Github for Amazon Web Services credentials they then used for their break-ins, had asked for ransoms in each case. Controversially, Uber agreed to pay the men $100,000 in bitcoin, suggesting that the payment was part of the company's "bug bounty" program, which rewards hackers who warn the company about exploitable flaws in its software. When Uber revealed its breach in 2017, the scandal around that decision led to the resignation of Joe Sullivan, the company's chief security officer. Uber later paid a $148 million settlement resulting from an investigation carried out by a group of state attorneys general.
Bob Klein, a New Orleans supplier of components to the Department of Defense, was arrested last month and accused of carrying out a decades-long scheme to defraud the Pentagon. Klein is accused of selling faulty parts, including tubes and pipes that prosecutors say were crucial to the “the preservation of life or safety of operating personnel" to the Pentagon's Defense Logistics Agency, sourcing his defective components from China. Klein allegedly took advantage of a loophole in the DLA's contracting setup, in which a seller can receive payment before parts are tested. Once the components were deemed defective, Klein's company was banned from further contracts. But prosecutors say he repeatedly created new identities and companies to repeat the scam, eventually creating more than 50 companies.
The multiplayer game Counter-Strike: Global Offensive made a matter-of-fact announcement Monday: It would no longer allow its "container keys"—digital items that players can buy and sell to open containers that contain valuable digital items in the game—to be sold or traded on the marketplace of Steam, the online platform run by the game's owner, Valve. That's because, according to the company, the large majority of those trades and sales were being carried out by criminals seeking to launder money through those keys, using them as an unregulated currency. "Worldwide fraud networks have recently shifted to using CS:GO keys to liquidate their gains," the company wrote in a statement. "At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced."