Before things took a turn for the geopolitical, we walked you through a dead simple way to stop data breaches with…database encryption. We explained why Google is getting retro when it comes to ways toencrypt data sets. Wereportedthat a Minnesota cop who spied on his colleague’s private DMV data was fined $585,000. And we implored you to switch to aprivate browser, finally.
But back to war. Tensions with Iran’s ally Russia are also worryingly high, and we explained why it appears the US is doing theexact wrong thingif the goal is to avoid a cyberwar. We went in-depth on the message the US is sending Russia about its nuclear experiments:Do as we say, not as we do.And then, just as the week was ending, Iran went and shot a$220 million US surveillance droneout of the sky, which didn’t really helpalleviate tensions.
Of course, that’s not all that happened in the privacy and security world this week. Every Saturday we round up the stories we didn’t break or report on in-depth, but which you should know about nonetheless. Click on the headlines to read the full articles, and be safe out there.
Cryptocurrency exchanges are ajuicy target for hackers, for at least one obvious reason: They’re full of money that can be drained remotely. This week, it came out that currency exchange Coinbase successfully fought off an attack that targeted its employees in an apparent attempt to do just that. The attack, according to ZDNet, exploited two zero-day bugs in Firefox. The first zero-day made headlines midweek when Mozilla confirmed that it had patched a bug which would allowed hackers to gain remote access to a Firefox browser and execute code. In order for that first bug to work, though, hackers needed a second bug to let it execute the code. Turns out, before Mozilla’s patch, the hackers had both, and had attempted to compromise Coinbase employees so they could breach their network and steal money. Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.
WhenCustoms and Border Protection confirmed last weekthat one of its biometric surveillance contractors had been breached, it apparently underplayed how bad the situation was. And to be honest, it already sounded bad. At the time, the agency said that 100,000 images of faces and license plates of immigrants, citizens, and asylum seekers had been stolen and leaked online, but that none had shown up on the dark web. NowThe Washington Postsays there is actually far more sensitive information from the breach spreading across the internet. “So much material, totaling hundreds of gigabytes, thatThe Washington Postrequired several days of computer time to capture it all,” the Post writes. Rather than showing the product of a single government surveillance contractor, the Post reports that the documents reveal a vast surveillance network the government is hoping to keep under wraps. The data includes details of ongoing surveillance—including nondisclosure agreements with Microsoft and Northrop Grumman, Homeland Security handbooks, surveillance budgets, hardware blueprints, and schematics—as well as future plans for expanding facial recognition programs. All told, the data reveals the inner workings of a vast surveillance network at the border, and how it relies on a small group of private companies and contractors.
Baltimore is fighting the good fight. Since ransomware attackers took over its networks on May 8, the Maryland metropolis has vowed not to pay them, struggling to provide city services as its networks remain frozen. Not so in Florida, where the city of Riviera Beach opted instead to pay the hackers who have held their computers hostage for the past three weeks the $600,000 they’d demanded. The Palm Beach suburb’s leaders said they felt they had no choice but to pay.
More Great WIRED Stories
- Inside Backpage.com’svicious battle with the Feds
- US to Russia on nuke tests: Do as we say,not as we do
- Google Photos hacksto tame your picture overload
- The most delicious foods willfall victim to climate change
- It’s time toswitch to a privacy browser
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for thebest fitness trackers,running gear(includingshoesandsocks), andbest headphones.
- 📩 Get even more of our inside scoops with our weeklyBackchannel newsletter