Like Russia’s war continues in Ukraine, the Biden White House is scrambling to use every tool at its disposal to counter, or ideally prevent, Kremlin-backed cyberattacks. But as the physical carnage continues, WIRED took a look at the devastating casualties of explosives and how blast trauma really works.
Meanwhile, the European Union is working on a massive international facial recognition system that links databases of millions of photographs of faces. Meta commissioned an independent study on the human rights value of end-to-end encryption and the possibilities of ending the crypto wars once and for all. Law enforcement agencies in Germany and the United States have seized $25 million worth of bitcoins and taken down Russian-language dark web marketplace Hydra, shutting down its criminal money laundering and exchange services in the process.
Firewall maker WatchGuard kept the vulnerability a secret even after it was actively exploited by a Russian hacking group. And we looked at two blockchain-related problems: the complete inadequacy of NFT security and privacy protections, and the security flaws that make “blockchain bridges” vulnerable to currency theft.
And if you’re looking for a long weekend read, WIRED has an early excerpt from reporter Andy Greenberg’s upcoming book, Tracers in the Dark: The Global Hunt for Cryptocurrency Crime Lordswhich describes international law enforcement efforts to take down the notorious platform for child sexual abuse material Welcome to the video.
But wait, there’s more. We’ve rounded up all the news we didn’t reveal or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
The U.S. Transportation Security Administration confirmed Friday that it had checked the information of some Amtrak rail passengers against a terrorist watch list. Amtrak asked the TSA to start the program, and the Department of Homeland Security announced its launch in December as part of a threat assessment for Amtrak rail passengers. Wednesday’s report first highlighted a privacy impact assessment that describes the ongoing screening. “To conduct the assessment, Amtrak will provide TSA with rail passenger personal information (PII) collected over several months for TSA to match with the Threat Verification Center’s Terrorist Screening Database (TSDB) ( TSC), known as the “watch list,” DHS said in December. Those months have already arrived. If someone whistles at the screenings, the privacy impact assessment says that, at least for now, TSA will only provide Amtrak with anonymous rider information, not their names.
Microsoft said Thursday it had seized domains used to target Ukrainian institutions by Russian military intelligence’s APT 28 hacking group, known as Fancy Bear. The group used the infrastructure to attack Ukrainian media groups, geopolitical think tanks and government institutions. Using a legal tactic it has relied on before, Microsoft obtained a court order on April 6 to allow the domain takeover.
Earlier in the week, Ukraine’s Computer Emergency Response Team (CERT) warned that it had noticed new phishing attempts targeting Ukrainian institutions and European Union government agencies. CERT attributed the attacks to the Russian hacking group known as Armageddon, Gamaredon or Primitive Bear. The attacks included phishing emails about Russia’s war in Ukraine that lured victims into inadvertently downloading malware.
Cash App, which is owned by Block Inc, notified 8.2 million current and former US-based customers this week of a data breach in which a former employee accessed user account information. Data exposed in the breach included client names, brokerage account numbers and, in some cases, portfolio values, intraday trading activity and holdings. The company says the incident occurred on December 10, 2021, when the fraudulent ex-employee, who had already left the company at the time, downloaded internal reports from a Cash App system that they still had access to.
In an interview with the Atlantic Ocean editor Jeffrey Goldberg on Wednesday, former US President Barack Obama said that during his presidency he did not foresee the extent to which disinformation would affect the stability of democracies around the world. “This is something I have struggled with a lot during my presidency. I’ve seen that kind of unfold, and that’s the extent to which information — disinformation, disinformation — has been weaponized, and we’ve seen it,” Obama said. “But I think I underestimated the degree to which democracies were as vulnerable to it as they were, including ours.” He later added: “You have to fight to give people the information they need to to be free and self-governing. It doesn’t just happen inevitably.”
More great stories on WIRED
