The Olympic Destroyer Hackers May Have Returned For More

This past winter, malware ripped through the Pyeongchang Olympics, disrupting Wi-Fi, shutting down the Olympics website, and causing generalized digital havoc. The so-called Olympic Destroyer attack gained infamy, too, for using a number of false flags to muddy attribution. Now, researchers at Kaspersky Lab say the group behind those February attacks has returned, with a new target: organizations that respond to and protect against biological and chemical threats.

While the activity Kaspersky has seen has not turned destructive, researchers there say that hackers have taken steps that echo the early groundwork laid by the Olympic Destroyer group. Using a sophisticated spearphishing technique, the group has attempted to gain access to computers in France, Germany, Switzerland, Russia, and Ukraine. The concern: That these early intrusions will escalate in the same destructive way Olympic Destroyer did.

“We’re pretty confident this is the same group,” says Kaspersky read more

Millions of Google, Roku, and Sonos Devices Are Vulnerable to a Web Attack

In March, artist and programmer Brannon Dorsey became interested in a retro web attack called DNS rebinding, teaching himself how to illicitly access controls and data by exploiting known browser weaknesses. It’s a vulnerability that researchers have poked at on and off for years—which is one reason Dorsey couldn’t believe what he found.

Sitting in his Chicago apartment, two blocks from Lake Michigan, Dorsey did what anyone with a newfound hacking skill would: He tried to attack devices he owned. Instead of being blocked at every turn, though, Dorsey quickly discovered that the media streaming and smart home gadgets he used every day were vulnerable to varying degrees to DNS rebinding attacks. He could gather all sorts of data from them that he never would have expected.

“I’m technical, but I’m not an information security professional,” Dorsey says. “I didn’t reverse any binaries or do any intense digging. I just followed my read more

Iran’s Telegram Ban Has Impacted All Corners of the Country

Seven weeks after Iran’s conservative-led judiciary banned the secure communications app Telegram inside the country, Iranians are still reeling from the change. Though Telegram has critics in the security community, it has become wildly popular in Iran over the last few years as a way of communicating, sharing photos and documents, and even doing business. The service is streamlined for mobile devices, and its end-to-end encryption stymies the Iranian government’s digital surveillance and censorship regime. If the government can’t see what you’re talking about and doing, it can’t block or ban behavior it doesn’t like. Telegram’s defenses, combined with robust support for Farsi, have attracted 40 million active Iranian users—nearly half the country’s population.

On Tuesday, the Center for Human Rights in Iran published a detailed report on the profound impact of blocking Telegram, based on dozens of firsthand accounts from inside the country. read more

Fake Video Will Complicate Viral Justice

It used to be that cameras never lie. We tend to privilege visual content, trust what we see, and rely on police cams, mobile recording tools and similar devices to tell us about what is really happening on the streets, in local businesses, and more.

WIRED OPINION

ABOUT

Catherine Brooks (@catfbrooks) is an Associate Professor of Information at the University of Arizona, where she is the associate director of the School of Information and founding director of the Center for Digital Society and Data Studies. She is a Public Voices Fellow with the Op Ed Project.

Take, for example, a viral video that shows a white woman calling the police as black men in Oakland attempt to barbecue. Millions are laughing, and the woman’s image is being used as a meme across the Internet. read more

Apple’s Latest iOS 12 Feature Will Save Lives by Pushing Your Location to 911

Apple has spent much of its promotional push behind iOS 12 so far focused on features that range from silently useful, like Safari’s new privacy powers, to off-puttingly quirky, like animoji tongue-tracking. But on Monday the company detailed an upcoming iPhone upgrade with real-world consequences: It will communicate your exact location to 911 operators when you call, saving valuable time when every second matters.

To do so, Apple has partnered with RapidSOS, a startup that focuses on upgrading the byzantine backends of the nation’s roughly 6,500 emergency call centers. The move won’t improve every call to 911 overnight, but it’s as big a step as anyone has taken so far to fix a problem decades in the making.

Location, Location, Location

To understand the impact of the Apple and RapidSOS solution, it helps to know the roots of the problem. For that, you need to go back to the advent of the emergency call system, which dates back to the late 1960s.

It seems reasonable to spare you the full history read more

A Snooping Soccer App, a Decades-Old Bug, and More Security News This Week.

Did you hear? There was a summit this week! A good ol’ fashioned meeting of world powers, in which North Korea promised to denuclearize for at least the seventh time in the last 30 years. In the process, President Donald Trump says he gave North Korean dictator Kim Jong Un his direct phone number, which if true was a terrible idea. Oh, and even if North Korea does actually go through with ditching its nukes this time, it’s going to be almost impossible to hold them accountable.

The Inspector General report of the FBI’s actions during the 2016 presidential campaign came out this week as well. Despite what Trump’s tweets might have you believe, it did not exonerate the president’s campaign in terms of potential Russian collusion. It did, however, show that the FBI and its former director James Comey made some not-great decisions in its probe of the Clinton email server. In a read more

Senators Demand Answers From Amazon on Echo’s Snooping Habits

A Portland woman recently told a local news outlet that her Amazon Echo device had gone rogue, sending a recording of a private conversation to a random person in her contact list. On Thursday, two senators tasked with investigating consumer privacy sent a letter to Amazon CEO Jeff Bezos demanding answers.

In the letter, Republican senator Jeff Flake and Democratic senator Chris Coons, who serve respectively as chairman and ranking member of the Judiciary Subcommittee on Privacy, Technology and the Law, ask Bezos to explain how exactly the Amazon Echo device listens to and stores users’ voices. The senators also seek answers about what the company is doing to protect users from having that sensitive information misused. Amazon didn’t respond to WIRED’s request for comment.

The letter, which was reviewed by WIRED, comes in the midst of what Flake calls a “post-Facebook” world, referring to the data privacy scandal in which Facebook says the read more

Inspector General Criticizes FBI and James Comey, But Some Want More

In a highly anticipated report released Thursday, the Department of Justice’s Office of the Inspector General found that political bias within the Federal Bureau of Investigation didn’t influence the outcome of its 2016 probe into Hillary Clinton’s private email server.

As part of their investigation, inspector general Michael Horowitz and his team reviewed 1.2 million documents and interviewed more than 100 subjects, including former FBI director James Comey, former attorney general Loretta Lynch, and President Bill Clinton, among others. They concluded that while then-FBI director Comey may not have been driven by partisanship, his actions related to the Clinton case did deviate from department norms to the detriment of the FBI’s reputation.

“While we did not find that these decisions were the result of political bias on Comey’s part, we nevertheless concluded that by departing so clearly and dramatically from FBI and Department norms, read more

World Cup 2018: How to Secure Your Devices When Traveling in Russia

A Russian sports official earlier this year estimated that as many as 2 million people would flock to the country during the World Cup, the month-long celebration of soccer—or football, fine—that kicks off today in Moscow. If you’re one of them, have fun! But also maybe leave your laptop at home.

Yes, traveling to and between Russia’s 11 World Cup host cities should provide marvels aplenty. But it’s important to remember that Russia, by and large, is a nightmare land of digital debauchery. If you’re a journalist, activist, politician, celebrity, or other high-profile figure, you’re at decent risk of being targeted by surveillance. And even if you’re just a fervent Finland fan, indiscriminate cybercrooks run rampant.

That may sound like hyperbole, but it’s also official guidance from the top counterintelligence official in the United States. “Anyone traveling to Russia to attend the World Cup should be clear-eyed about the cyberrisks involved,” William read more

Encrypted Messaging Apps Have Limitations You Should Know

Encrypted communication used to be too complicated for mainstream use, but approachable apps like WhatsApp and Signal have become a no-brainer for digital privacy. With all of their security-minded features, like disappearing messages and identity-confirming safety numbers, secure chat apps can rightfully give you peace of mind. You should absolutely use them. As the adage goes, though, there’s no such thing as perfect security. And feeling invincible could get you in trouble.

End-to-end encryption transforms messages into unintelligible chunks of data as soon as a user presses send. From there, the message isn’t reconstituted into something understandable until it reaches the receiver’s device. Along the way, the message is unreadable, protected from prying eyes. It essentially amounts to a bodyguard who picks you up at your house, rides around with you in your car, and walks you to the door of wherever you’re going. You’re safe during the transport, but read more