Google Won’t Kill the URL After All
This week marked the arrival of Amazon Sidewalk, a mesh network that enlists your Echo and Ring devices to share bandwidth with others in the vicinity. Since the company opted everyone in without asking, here’s a quick guide to how you can turn off Amazon Sidewalk, and why you might want to do so.
One thing you can’t turn off is ransomware, which continues to batter vulnerable companies around the globe. That includes another firm in the pipeline industry, LineStar Integrity Services, which got hacked around the same time as Colonial Pipeline. In LineStar’s case, the ransomware group leaked the company’s data on the dark web; the radical transparency group DDoSecrets then published it as well, redacting certain sensitive information. We also took a look at the role insurance companies have played in ransom payments, and why they’re unlikely to be the ones to break a vicious cycle.
In other “intractable arguments” news, the FBI added an unexpected wrinkle to the encryption debate when court documents revealed that the agency had spent the last few years running an encrypted phone network for criminals. So much for “going dark.” Speaking of which, several major sites across the globe refused to load Tuesday morning, an outage that turned out to stem from Fastly, a content delivery network provider that most people haven’t even heard of. (And in fact, it came from one Fastly customer’s configuration, which triggered a bug that the CDN had introduced a few weeks ago.)
Hackers stole a whole bunch of data from EA, including source code; we explored why that’s so valuable to video game cheat makers. A mysterious malware stole 26 million passwords. And believe it or not, there are steps you can take to protect your files from ransomware, which we’ve taken the liberty of detailing for you.
And that’s not all! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.
Since 2018, Google has been on a quest to phase out the URL in the Chrome browser. It comes down to security; criminals can too easily craft URLs that impersonate legitimate sites, push malicious downloads on users, and so on. In 2019, the Chrome team detailed ways it wanted to automatically flag sketchy URLs. And in June of last year, the browser took the significant user-facing step of hiding parts of a URL in the address bar. A year later, the company has decided to move on. “This experiment didn’t move relevant security metrics, so we’re not going to launch it,” wrote Chrome security engineer Emily Stark on Monday, appending a frowny-face emoticon. And so URLs live another day, on Chrome and everywhere else.
The New York Times reported this week that former President Donald Trump’s Justice Department sought and obtained data from Apple that belonged to “at least two Democrats on the House Intelligence Committee, aides, and family members.” Apple said in a statement Friday that it didn’t know the nature of the investigation at the time, and that it had been placed under a nondisclosure agreement. Apple says it also did not provide the contents of emails or pictures, instead limiting the information it handed over to “account subscriber information.”
The DOJ announced this week that it had successfully seized $2.3 million of the $4.4 million dollars the DarkSide ransomware group had wrung out of Colonial Pipeline. It’s a rare victory in the broader fight against ransomware, but also comes with important unanswered questions. Namely, how’d they get the private key to the wallet the bitcoin was kept in? Tracing the bitcoin isn’t the hard part, after all, since the blockchain records all transactions and has a long memory.
A busy week for the feds! This week the DOJ announced that it had seized Slilpp, the awkwardly named online market for stolen login credentials. Slilpp has been around nearly a decade, and allegedly caused over $200 million of losses in the US alone. At the time it was taken down, its inventory included 80 million stolen logins from more than 1,400 companies. It’s a significant takedown, but unlikely to slow the sale of stolen credentials, given how many are floating out there and how quickly criminals find new forums in which to do business.
More Great WIRED Stories