The week began with a tricky Google Calendar phishing scam, and ended with Iran ramping up its cyberattacks against the US, as talk of war with that nation mounts. That, as they say, escalated quickly.
Before things took a turn for the geopolitical, we walked you through a dead simple way to stop data breaches with… database encryption. We explained why Google is getting retro when it comes to ways to encrypt data sets. We reported that a Minnesota cop who spied on his colleague’s private DMV data was fined $585,000. And we implored you to switch to a private browser, finally.
But back to war. Tensions with Iran’s ally Russia are also worryingly high, and we explained why it appears the US is doing the exact wrong thing if the goal is to avoid a cyberwar. We went in-depth on the message the US is sending Russia about its nuclear experiments: Do as we say, not as we do. And then, just as the week was ending, Iran went and shot a $220 million US surveillance drone out of the sky, which didn’t really help alleviate tensions.
Of course, that’s not all that happened in the privacy and security world this week. Every Saturday we round up the stories we didn’t break or report on in-depth, but which you should know about nonetheless. Click on the headlines to read the full articles, and be safe out there.
Cryptocurrency exchanges are a juicy target for hackers, for at least one obvious reason: They’re full of money that can be drained remotely. This week, it came out that currency exchange Coinbase successfully fought off an attack that targeted its employees in an apparent attempt to do just that. The attack, according to ZDNet, exploited two zero-day bugs in Firefox. The first zero-day made headlines midweek when Mozilla confirmed that it had patched a bug which would allowed hackers to gain remote access to a Firefox browser and execute code. In order for that first bug to work, though, hackers needed a second bug to let it execute the code. Turns out, before Mozilla’s patch, the hackers had both, and had attempted to compromise Coinbase employees so they could breach their network and steal money. Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.
When Customs and Border Protection confirmed last week that one of its biometric surveillance contractors had been breached, it apparently underplayed how bad the situation was. And to be honest, it already sounded bad. At the time, the agency said that 100,000 images of faces and license plates of immigrants, citizens, and asylum seekers had been stolen and leaked online, but that none had shown up on the dark web. Now The Washington Post says there is actually far more sensitive information from the breach spreading across the internet. “So much material, totaling hundreds of gigabytes, that The Washington Post required several days of computer time to capture it all,” the Post writes. Rather than showing the product of a single government surveillance contractor, the Post reports that the documents reveal a vast surveillance network the government is hoping to keep under wraps. The data includes details of ongoing surveillance—including nondisclosure agreements with Microsoft and Northrop Grumman, Homeland Security handbooks, surveillance budgets, hardware blueprints, and schematics—as well as future plans for expanding facial recognition programs. All told, the data reveals the inner workings of a vast surveillance network at the border, and how it relies on a small group of private companies and contractors.
Baltimore is fighting the good fight. Since ransomware attackers took over its networks on May 8, the Maryland metropolis has vowed not to pay them, struggling to provide city services as its networks remain frozen. Not so in Florida, where the city of Riviera Beach opted instead to pay the hackers who have held their computers hostage for the past three weeks the $600,000 they’d demanded. The Palm Beach suburb’s leaders said they felt they had no choice but to pay.