Neutrality is a basic principle of cryptocurrency. But in the course of the war in Ukraine, exchanges have blocked accounts of sanctioned Russian persons and those close to them. Activists have also used apps like Tinder and Google Maps to bypass Russia’s information blockades, offering a counterweight to the country’s propaganda machine. And facial recognition algorithms have made it frighteningly easy to identify Russian soldiers – which can have a catastrophic effect when the technology inevitably goes wrong.
All over the world, security researchers have caught Chinese APT41 hackers spying on US government systems. That in itself isn’t much of a surprise, but the way they got in – via a livestock tracking app and the Log4j vulnerability – was an unexpected combination. Critical flaws in an IoT remote access tool put hundreds of thousands of medical devices, ATMs and more at risk. And we looked at how law enforcement in some parts of the world is using phone data to target LGBTQ communities.
We also explored how NFT indeed work and looked at YouTube’s anti-election disinformation policy — and why it’s not sustainable in the long run. And while it’s not strictly a security story, this in-depth profile by Facebook’s Joel Kaplan goes a long way toward explaining how these kinds of policies are formed in the first place.
And there’s more! Here, we’ve rounded up all the news we haven’t broken or covered in depth this week. Click on the headlines to read the full stories. And stay safe out there.
A week after blocking Facebook in the country, Russia also restricted access to Instagram. He also launched a criminal investigation into parent company Meta, intending to designate it as an extremist organization. The moves came after Meta announced it would allow calls for violence against Russian soldiers — and for the death of Vladimir Putin — from users in the region, which in peacetime would be a violation of the platforms’ policies. Facebook’s president of global affairs clarified Friday that the loosened policy will only apply to users in Ukraine.
At the time of Russia’s invasion of Ukraine, satellite company Viasat suffered service disruptions in parts of Europe. He initially called the incident a “cyber incident” but did not provide many details. Now, Reuters reports, Western intelligence agencies have taken an interest in the apparent hack. It is not yet clear whether Russia is responsible, but Viasat has defense contracts with the US and some European countries, raising the risk of a potential invasion by Moscow.
As part of a $1.5 trillion general spending bill headed to Joe Biden’s desk soon, operators of critical infrastructure will be required to report cyberattacks and ransomware directly to the US Cybersecurity and Infrastructure Security Agency within 72 hours. The hope is that this kind of visibility will not only help formulate responses to these incidents, but give the US a more complete picture of how adversaries are attacking it. There is no financial penalty for non-compliance, but CISA will be able to summon any organization that is late.
One problem with ransomware is that even when you find the people doing it, it can be very difficult to catch them. This is largely thanks to the blind eye Russia has historically turned to the operations of domestic groups. This week, however, the US was able to extradite not one, but two alleged ransomware operators, including one of the people behind last summer’s unprecedented Kaseya hack. The other was a Canadian accused of acting as a Netwalker ransomware partner.
More great stories on WIRED