How you smuggling information into the USSR right under the nose of the KGB? Create your own encryption system, of course. That’s exactly what saxophonist and music professor Meryl Goldberg did in the 1980s. Goldberg revealed this week that she used sheet music to hide the names and addresses of activists and meeting details on a rare trip to the Soviet Union. To do this, it created its own encryption system. Each musical note and mark represents a letter of the alphabet and helps mask sensitive information. When the Soviet officers checked the documents, suspicions did not arise.
Goldberg’s story was retold at the RSA conference in San Francisco this week, where WIRED’s Lily Newman dug up stories. Also coming from RSA: a warning that as ransomware becomes less profitable, attackers may turn to Business Email Compromised (BEC) scams to make money – BEC attacks are already very profitable.
Also this week, dark web marketplace AlphaBay is about to complete its journey back to the top of the online underworld. The original AlphaBay site – home to more than 350,000 product listings ranging from drugs to cybercrime services – was purged from the dark web in July 2017. as part of a massive law enforcement operation. However, AlphaBay’s second-in-command, an actor under the name DeSnake, survived the law enforcement operation and relaunched the site last year. AlphaBay is now growing rapidly and is on the verge of resuming its dominant position in the dark web market.
Elsewhere, Apple held its annual Worldwide Developers Conference this week and unveiled iOS 16, macOS Ventura, and some new MacBooks—WIRED’s Gear team has you covered for everything Apple announced at WWDC. However, there are two notable new security features worth mentioning: Apple is replacing passcodes with new cryptographic passwords and introducing a safety check feature to help people out of abuse. Database firm MongoDB also held its own event this week, and while it wasn’t as high-profile as WWDC, MongoDB’s new Queryable encryption tool could be a key defense against data leaks.
Also this week, we reported on a Tesla flaw that allows anyone to create their own NFC car key. New research by the Mozilla Foundation has found that misinformation and hate speech are flooding TikTok ahead of Kenya’s elections in early August. Elon Musk has reportedly gained access to Twitter’s “firehose”, raising privacy concerns. And we dove into the shocking new evidence televised by the House committee on Jan. 6.
But that’s not all, folks. Each week, we round up the big security and privacy news we haven’t covered. Click the links for the full stories and be safe out there.
Over the past two years, state-sponsored hackers working on behalf of the Chinese government have targeted a host of communications technologies, ranging from home routers to large telecommunications networks. That’s according to the NSA, FBI and the Cybersecurity and Infrastructure Security Agency (CISA), which released security advisories this week detailing the “widespread” hack.
From 2020 since then, China-backed actors have been exploiting publicly known software flaws in hardware and incorporating compromised devices into their own attack infrastructure. According to US agencies, the attacks typically involved five steps. Chinese hackers would use publicly available tools to scan for network vulnerabilities. They will then gain initial access through online services, gain access to login credentials from systems, gain access to routers and copy network traffic before finally exfiltrating the victim’s data.
