A Billion-Dollar Dark Web Crime Lord Calls It Quits

Just over a week ago, an employee at a water treatment plant in Oldsmar, Florida, noticed that the cursor on his screen started moving on its own. Soon it was clicking through controls, raising the supply of lye in the water supply from 100 parts per million to 1,100 ppm, enough to cause serious damage to human tissue. Fortunately, the employee moved quickly to revert things to normal levels. It is still unclear who was behind this dramatic hack, and it’s a sober reminder of how exposed so many industrial systems remain despite years of warnings.

Facebook also seems to have ignored warnings about the proliferation of Covid-19 scams on its platform; researchers this week exposed multiple scams they found on both the social media network and the messaging service Telegram.

Cyberpunk 2077 developer CD Projekt Red had already been battered by players frustrated with the game’s rampant bugs and poor gameplay on legacy consoles. This week it disclosed that ransomware was recently added to its list of woes, as a hacker group claimed to have stolen internal documents as well as source code for its most popular games. CD Projekt Red said it would not pay the ransom.

Microsoft finally patched a vulnerability that was first introduced into its Windows Defender antivirus product—recently renamed Microsoft Defender—at least 12 years ago. A barcode scanner app started serving up adware to its millions of users after an update in December. And be sure to read the third installment of 2034, the fictional tale of an all-too-real-sounding future war with China.

And there’s more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

Since 2014, if you were in the market for a stolen credit card or identity on the dark web—or until recently out in the open—the Joker’s Stash has been your one-stop shop. According to analysis by blockchain analysis firm Elliptic, the operator of Joker’s Stash announced that they would close up shop this month after taking in what Elliptic pegs at over a billion dollars of cryptocurrency during their run. (It’s unclear whether JokerStash, the account that runs the marketplace, is an individual or a group.)

In October 2018, Bloomberg published “The Big Hack,” an incendiary account of how China implanted tiny microchips on motherboards from US-based Supermicro to infiltrate dozens of companies, including Apple and Amazon. Everyone implicated in that story offered vociferous denials, and outside security experts were highly dubious. This week, Bloomberg came back with a fresh round of reporting, including several law enforcement types speaking on the record about the claims. It was still not enough, though, to appease most skeptics.

Facebook—and chief operating officer Sheryl Sandberg in particular—have insisted that the bulk of the planning for the Capitol riots happened on platforms other than its own. Court documents refute that claim, Forbes found, with Facebook garnering far more references than any other social media site. The actual uses varied, with many alleged rioters using Facebook to livestream the chaos, but clearly it had more of a role in events than it has come to terms with.

Apple continues its privacy push, this time adding a feature to its Safari browser that sends all of your traffic through its own proxy servers, effectively hiding your IP address from Google when you’re in Safe Browsing mode. It shouldn’t affect your experience in practice, or limit the effectiveness of Google’s protective feature. It just gives Mountain View a little smaller slice of data about your journey across the internet.


More Great WIRED Stories