Hackers Hosed by Google Were a Counterterrorism Operation
With tech companies gobbling up more and more user location data all the time—and governments tapping into those troves any way they can—a group of technologists in the United States and United Kingdom debuted 10 principles this week, the Locus Charter, for ethical retention and uses of location data. Facebook announced research into the Chinese hacking group Evil Eye, which has continued to launch espionage campaigns targeting Uyghurs. In this latest case, the group used front companies to develop spyware and carefully distributed both Android and iOS malware through fake app stores and tainted websites.
Meanwhile, a strain of ransomware called DearCry has been piggybacking off the same Microsoft Exchange vulnerabilities originally exploited by Chinese hackers for espionage worldwide. And dark web marketplaces are overflowing with Covid-vaccine-related scams, hawking fake doses and forged proofs of vaccination.
In an attempt to cut down on the threat posed by browser-related attacks, companies like the internet infrastructure firm Cloudflare are developing a new generation of “browser isolation” tools that keep malicious code from running directly on your computer, while being faster and more usable than past iterations.
And there’s more. Each week we round up all the news WIRED didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Last week, Google’s Threat Analysis Group and its Project Zero bug-hunting team revealed that a single, unidentified hacking group had been using a whopping 11 previously unknown security vulnerabilities in a spree of digital attacks over nine months in 2020. Google provided no details or hints, though, about who the hackers might be. On Friday, MIT Tech Review reported that the hackers are agents from a Western government who were conducting a counterterrorism operation. The situation only adds to an already ongoing discussion about the logistics and parameters of vulnerability disclosure when it pertains to covert activity being conducted by a “friendly” government. The vulnerabilities in this case were in ubiquitous software like Google’s own Chrome browser for Windows 10 and Apple’s mobile Safari browser.
On Friday, Dominion Voting Systems filed a defamation suit in Delaware against Fox News for $1.6 billion, alleging that the broadcaster sought to boost its ratings by making false assertions that Dominion, whose voting machines are used in 28 states, rigged the 2020 United States elections. The company writes in the suit that Fox News “sold a false story of election fraud in order to serve its own commercial purposes, severely injuring Dominion in the process.” The voting technology company Smartmatic filed a similar lawsuit against Fox News in February.
President Donald Trump and his supporters spent months attempting to discredit the results of the election and President Joe Biden’s victory, based on these claims and other conspiracy theories. The campaign in part fueled the deadly Capitol riots on January 6, which in turn led to Trump’s second impeachment.
In its 2020 Internet Crime Report, the FBI’s Internet Crime Complaint Center (IC3) received 791,790 complaints, a 69 percent increase from 2019. Reported total losses were a stunning $4.1 billion. Notably, so-called “business email compromise” attacks, which were on the rise throughout the 2010s, took the largest toll, with 19,369 complaints totaling a loss of approximately $1.8 billion. There were 241,342 complaints of phishing attacks totaling more than $54 million. And while ransomware attacks were a high-profile source of risk in 2020, the number of individual incidents totaled 2,474, with losses of over $29.1 million. IC3 data is imperfect, because not all incidents are reported—especially in cases like ransomware attacks, where victims are hesitant to admit that they paid attackers. But the numbers still provide valuable context and a sense of scale.
Taiwanese electronics maker Acer was hit with a ransomware attack last weekend. The prolific REvil ransomware group asked a record-breaking $50 million in payment to decrypt Acer’s systems and avoid having their exfiltrated data leaked. The attack did not halt Acer’s production networks, though, and the company announced its fourth-quarter earnings on schedule a few days after the attack. Acer has thus far downplayed the severity of the attack.
More Great WIRED Stories