US Puts $ 10M Bounty on DarkSide Ransomware Hackers
On Friday, the radical transparency group DDoSecrets released hundreds of hours of police helicopter surveillance footage. It’s unclear who originally obtained the data, or what the man’s motives were, but the trove shows how broad eye-in-the-sky law enforcement is, and how high the fidelity is. of its cameras. Privacy advocates also say the incident underscores that authorities have not done enough to protect sensitive data, and have policies to keep it more lax.
In other aerial news: For the first time, intelligence officials say, a The consumer drone is likely trying to disrupt the U.S. power grid. The July 2020 incident occurred at a power substation in Pennsylvania; a DJI Mavic 2 quadcopter equipped with nylon ropes and copper wire seemed to be determined to cause a short circuit, but crashed into a nearby roof before it reached the obvious target. Security experts have warned about this possibility for years, and say regulatory bodies have not acted immediately to reduce the threat.
This week saw China’s new data privacy law has already taken effect, and the branches are already starting to play. Yahoo! came out of the country, citing a “increasingly challenging business and legal environment.” And while the regulations are some of the most stringent in the world, the fact that the Chinese bind them to national security interests — and continue to give itself unique access to the data of its citizens— may inspire other countries to adopt a similar aggressive posture.
Cryptocurrency scammers are taking advantage of Netflix’s hit popularity Squid game to raise interest, then pulled the carpet with investors in tune with more than $ 3 million. the White House Market dark web bazaar closed earlier this month, but raised the bar for security measures in its short reign. And if you are iCloud+, here’s how to take advantage of all the new security measures you can now access.
Finally, make sure you take a few minutes this weekend to check this story out how a group of tired parents are building their own open source version of the app on their school system—Just so the city can call the police for them.
And many more! Every week we gather all the security news that WIRED doesn’t cover in depth. Click on the titles to read the full stories, and stay safe there.
the DarkSide ransomware gang spent a year or more as one of the largest groups in a crowded field of criminal hackers, culminating in a attack on the Colonial Pipeline causing a temporary gas shortage on the East Coast. They got dark soon after that, probably because of all the attention, but probably reappeared as a group of that. calling themselves BlackMatter did not last long. Today, the U.S. State Department is offering up to $ 10 million in rewards for anyone with information that can help them identify or locate DarkSide’s leadership, as well as up to $ 5 million for tips that lead to arrest or conviction of DarkSide colleagues. there there is no easy answer for ransomware, but putting pressure on its highest profile culprits is at least a start.
Another way to deal with hackers? Dox them! That’s the approach Ukraine took this week, outing some members of Russia’s Gamaredon hacking group and linking them to the country’s FSB intelligence service. In addition to sharing the names of the hackers, Ukrainian authorities released audio of phone calls in which they discussed their attacks and complained about their salaries. The Ukrainian Security Service says Gamaredon has carried out more than 5,000 cyberattacks against 1,500 government targets since 2013.
A busy week for government enforcement! The U.S. this week added four cybersecurity-related companies to its Entity List, indicating that they were involved in “activities contrary to the national security or foreign policy interests of the United States.” NSO Group is the best known name; in the spyware company Pegasus malware is allegedly used to target journalists, rebels, and human rights activists around the world. Israeli company Candiru is accused of the same. Russian cybersecurity company Positive Technologies found itself on the list as well; it has previously sanctioned for supporting intelligence services in its homeland, a lawsuit has also been filed against Singapore -based Computer Security Initiative Consultancy PTE.
Cambridge researchers this week revealed a flaw in one part of Unicode that has affected most code followers, which in practice means it has implications for, well, almost all code. The immediate concern is that the bug could be used in a supply chain attack, which runs on class vulnerabilities in the core code that drives many programs. Other organizations are already pushing for patches, but we all know how that works.
Lots of Great WIRED Stories