There is a lot of surprising news this week, as Ukrainian officials weigh the next steps in their digital campaigns against Russia, given that their efforts so far have been unexpectedly successful, if at times controversial. In general, Russia has been hit with all kinds of cyberattacks on a scale beyond anything the country has faced before.
Meanwhile, new research shows that a small group of North Koreans have learned to jailbreak smartphones in an attempt to bypass the regime’s extensive digital restrictions and gain access to banned media.
Elon Musk’s bid this week to buy Twitter has highlighted a host of potential privacy and security concerns for the platform’s users. The United States experienced a significant spike in child sexual abuse sites in 2021 as CSAM hosting continued to increase dramatically around the world. Hollywood’s fight against VPNs has heated up as the entertainment industry widens its accusations of illegal activity enabled by the services. And Cloudflare recorded a historic DDoS attack that bombarded a cryptocurrency platform with 15.3 million requests.
If you’re looking to do something about your own security or that of your business this weekend, we’ve got a roundup of all the most critical mass vulnerabilities from April that you can fix right now.
And there’s more. We’ve rounded up all the news we didn’t reveal or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
The Office of the Director of National Intelligence released its annual transparency report on Friday, which showed the FBI conducted up to 3.4 million warrantless searches of Americans’ data in 2021, including 1.9 million searches related to a Russian cyberattack . This is the first time ODNI has released a number for FBI searches using the Foreign Intelligence Surveillance Act of 1978. or FISA. The law is intended to allow investigative capabilities related to foreign threats, but allows for some random domestic searches in the process. FISA operations are often criticized for occurring without public transparency.
In an in-depth analysis, Reuters examines eight incidents across the country in which activists supporting former President Donald Trump attempted to disrupt or successfully compromise local voting systems as part of their quest to uncover evidence of manipulation in the 2020 US presidential election. Mr. . In most cases, activists convinced local election officials, all Republicans, to export and leak vote data. In the year and a half since Joe Biden became president, Trump loyalists continue to falsely claim that US voting machines were compromised to ensure Biden’s victory.
“These threats are fueled by extreme elected officials and politicians who spread the Big Lie” – that the 2020 vote was stolen — “to further suppress voting, destabilize American elections and undermine voter confidence,” Colorado Secretary of State Jenna Griswold told Reuters in a statement.
In a report on Wednesday, Microsoft said it had found evidence that Russia had begun preparing the ground for its invasion of Ukraine as early as March or April 2021. During that time, Russian state hackers began establishing access points into Ukrainian government and critical infrastructure systems, the researchers found. The attackers appear to have gathered intelligence on the Ukrainian military, NATO member states and diplomatic targets. In the report, Microsoft calls Russia’s aggression against Ukraine “hybrid warfare” and says Russian cyberattacks are “relentless and destructive.”
Microsoft reports that in early 2021, as Russian troops began massing on the Ukrainian border, a Russian hacking group known as APT 29, Cozy Bear, and Nobelium began staging phishing attacks to gain access. Microsoft says a Russian hacking group known as Ghostwriter was also active at the time, targeting Ukrainian military email accounts and networks with phishing attacks.
An internal Facebook document drawn up last year and obtained by Motherboard lays out the concerns of privacy engineers from the social network’s advertising and business products team about the company’s ability to account for the data it owns and track data as it moves through the service . The revelations aren’t necessarily surprising given Facebook’s sheer scale and recurring data control issues, but they are significant as the tech giant works to comply with a growing set of privacy laws around the world.
“We don’t have an adequate level of control and explainability of how our systems use data, and so we can’t confidently make controlled policy changes or external commitments like ‘we won’t use X data for Y purpose.'” Yet that’s exactly what regulators expect do, increasing the risk of error and misrepresentation,” the document said.
A company spokesperson told Motherboard that the document “does not describe our extensive privacy compliance processes and controls” and that “this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and to meet our obligations.”
Hackers compromised NFT collection Bored Ape Yacht Club’s Instagram account on Monday, posting a link to a copycat site that scams NFT visitors. The company said in a statement to WIRED that “The rough estimated losses due to the fraud were 4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as various other NFTs valued at a total of ~$3 million.” The NFT and other crypto-currency scams, at that attackers post a malicious or misleading link to steal coins is unfortunately not new. The BAYC situation is particularly ominous, however, because the company says it has enabled full two-factor authentication on the Instagram account and that “security practices around the IG account have been strict.” The group is investigating how the Instagram takeover happened.
More great stories on WIRED
