The NSA and FBI Expose Fancy Bear’s Sneaky Hacking Tool

Last weekend, during and in the aftermath of a contentious presidential election, the country of Belarus effectively shut off access to most of the internet for its 9.5 million citizens. It’s a tactic that has become increasingly popular among authoritarian regimes, whether it’s a total blackout like Belarus’ or more targeted censorship of specific apps like Telegram and WhatsApp. The outage lasted around three days, although some sites remain blocked.

Elsewhere, we took a look at an Alexa bug that could have let a hacker access your entire voice history. It’s patched now, but it’s a good reminder to be careful what you say around your voice assistant. Covid-19 scams are so abundant that even ISIS allegedly got in on the grift with a site called FaceMaskCenter.com. And flaws in Qualcomm’s ubiquitous Snapdragon chips put over a billion Android devices at risk. A fix has been issued, but those can take some time to trickle down to individual users.

Speaking of flaws, mistakes in open-source libraries could have exposed cryptocurrency exchanges to denial-of-service attacks or worse. A British AI tool intended to predict violent crime turned out not to work as advertised. And we looked at the increasingly sophisticated methods ATM hackers have used for “jackpotting,” which is when they make the money machine go brrrrr.

We continued our Dark Patterns series with a dive into how Facebook and other social media sites capture your attention—and erode your privacy. And in the magazine we detailed the FBI’s heart-pounding hunt for Cesar Sayoc, known as the “MAGA bomber.”

And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.

The National Security Agency is not known for being especially chatty. But it has made some useful public overtures of late; last week it offered tips to limit location tracking on your smartphone, and this week it followed up by going public with sneaky new Russian malware it discovered alongside the FBI. The announcement links the so-called Drovorub malware to Fancy Bear, the elite hacking group behind the hack of the Democratic National Committee in 2016 and more. Russia allegedly used Drovorub to plant backdoors; the versatile malware consisted of an implant, kernel module rootkit, file transfer and port forwarding tool, and command and control server. By shining a light on the malware, the US agencies hope to better enable potential targets to defend themselves.

The Wall Street Journal this week reported that TikTok used a banned method to track users for advertising purposes until last November. TikTok collected so-called MAC addresses using a security loophole that let it circumvent measures Android has in place to prevent that behavior. A MAC address is significant because it can be used to track a user even if they uninstall an app and reinstall it later. Perhaps more significant, though, is a line is the Journal report that TikTok sent those MAC addresses and other data back to ByteDance, the app’s Chinese parent company. TikTok has repeatedly insisted that it does not, has not, and will not share user data with ByteDance. President Donald Trump has ordered ByteDance to sell TikTok by September 15, or the administration will take steps to shut down the app in the US.

In the era of 4G, many mobile phone conversations happen over Voice over LTE. Not only does VoLTE offer more bandwidth than the 3G calls of yesteryear, it also has a built-in layer of encryption that protects your calls from snoops. A team of researchers, though, has figured out how to undermine that security, using radio equipment that costs about $7,000 to grab that encrypted data as it heads to a cell tower and unscramble it. The attack has some important limitations, but it’s a good reminder that modern telephony still has more than its share of security holes—and 5G isn’t looking that much better.

Motherboard this week took a deep dive down the rabbit hole of Russian SIMs, also known as white SIMs, that let criminals spoof phone numbers at will, or in some cases allow for real-time voice manipulation. While not illegal in and of themselves, the SIMs are a boon to phishing scams and other social engineering attacks.


More Great WIRED Stories

social experiment by Livio Acerbo #greengroundit #wired https://www.wired.com/story/nsa-russian-hacking-revolte-tiktok-security-news