A Canadian Teen Arrested in $ 36.5M SIM-Swap Heist
This week saw a disruption of activity related to hackers in Iran. On Wednesday, a joint advisory from the US, UK, and Australia said so Iranian state hackers are targeting critical infrastructure targets. The next day, the U.S. Justice Department accused the two Iranian men regarding 2020 election interference. Russia and China may often be the topic of conversation about threats of hacking foreigners, but Iran has been more self-expressing in recent years.
Another country that has been surprisingly active recently in its cyberattacks recently? Belarus! Since 2019, it is widely believed that the so -called Ghostwriter hacking and misinformation group is Russia, given its tactics and targets. But security firm Mandiant this week revealed that Ghostwriter is actually an operation with military ties to Belarus, focuses on interfering in the interests of NATO as well as the country’s neighbors.
We watched too the best password manager around — and yes, you need one. Android users may also want to check out a new feature from DuckDuckGo blocks trackers in apps on your phone. And speaking of blocking things, NordicTrack makes it difficult for its customers to access a “God mode” that allows them to see whatever they want on the giant display on their treadmill — so they fought back by sharing workarounds online.
Finally, take a few minutes in your day to read this in -depth investigation of how Amazon’s lax data security discourages its customers. It’s full of details you won’t forget right away.
And many more! Every week we gather all the security news that is not covered by WIRED. Click on the titles to read the full stories, and stay safe there.
In a “kids these days” for the record books, a Canadian teenager was arrested this week for allegedly stealing $ 36.5 million worth of cryptocurrency from a U.S. victim. That was the biggest theft of its kind. Like many youth-related cryptocurrency thefts more recently, the obvious method was a so-called SIM-swap attack, in which the perpetrator transfers a target’s phone number to their own device, enabling them to intercept SMS- based two-factor authentication code. There are ways to protect yourself against a SIM-swap, but there is no guaranteed way to stop them; or Jack Dorsey’s own Twitter account fell in the way. In this case, investigators say the teen used their haul in part to buy a tall gamer tag, which popular items in the SIM-swap community.
Of the many criminal hacking gangs operating in Russia, only a few have done as much damage over the years as Evil Corp. According to the FBI, the group has raised at least $ 100 million in 2019 by stealing from hundreds of banks around the world. Like many online gangs, they have also recently adopted malware, obviously targeted the National Rifle Association in a recent attack. This week, a reporter from the BBC traveled to Moscow and a nearby town in search of Evil Corp members Igor Turashev and Maksim Yakubets.
Last week, thousands of emails came out from the FBI warning that the recipients were victims of a cyberattack. In fact, the FBI itself has been compromised. A hacker compromised the agency’s email system, meaning they sent fake messages with legitimate FBI headers. Fortunately their interest, as cybersecurity reporter Brian Krebs put it, is a prankery rather than direct chaos.
In an incident reminiscent of the Cam4 leak last year, adult streaming site Stripchat revealed data on 65 million users, 421,000 models, and 719,000 chat messages in three days earlier this month. The lapse was discovered by a security researcher and seems to have been resolved immediately; it’s unclear if any bad actors had access to the data before it was available on Stripchat. The stakes for these types of sites are much higher, however, for the performer and customer, making any disclosure of private information a cause of particular concern.
Lots of Great WIRED Stories