Which is more controversial than a popular surveillance camera maker who has an unpleasantly cozy relationship with the US police? When ransomware hackers claim that the company – Amazon camera maker Ring – stole its data, Ring responds by denying the breach.
But we’ll come back to that.
Five years ago, police in the Netherlands caught members of Russia’s GRU military intelligence service red-handed trying to hack into the Organization for the Prohibition of Chemical Weapons in The Hague. The team parked a rental car outside the organization’s building and hid a WiFi sniffer antenna in the trunk. Within the GRU group was Evgenii Serebriakov, who was caught with even more Wi-Fi hacking tools in his backpack.
Since then, Serebriakov has surprisingly only risen in status. This week Western intelligence sources told WIRED that Serebriakov is now the new leader of one of the world’s most aggressive hacking units. Serebriakov took over Sandworm in the spring of 2022, which is responsible for some of the worst cyberattacks in history. His elevation to senior role, experts say, shows how small the pool of skilled national-state hackers is likely to be and demonstrates Serebriakov’s value to Russia.
Nowhere on the internet is it free from threats, and that includes LinkedIn. This week we looked at how spies, scammers and hackers from Iran, North Korea, Russia and China use the professional network to scout and target intelligence targets. In addition, LinkedIn is plagued by thousands of suspicious accounts; it removed hundreds from WIRED’s profile when we reported them.
The Western crackdown on TikTok continues – this week the UK joined the US, Belgium, Canada and the European Union in banning the social media app from use on government devices. But in the US, Senator Mark Warner is trying to pass legislation, under the guise of the bipartisan Restrict Act, that will allow officials to ban apps and services from six “hostile” countries: China, Russia, North Korea, Iran, Cuba and Venezuela. We sat down with Warner and asked about the plans.
A WIRED analysis of “cybercrime” cases in the US shows just how vague and wide-ranging the term can be. Without a clear and universal definition of cybercrime, human rights and civil liberties can expand globally. Speaking of criminals, scammers are getting better at using voice deepfakes to scam people. And ransomware gangs are sinking to a new deplorable low. With more and more companies and organizations refusing to pay ransoms, criminal gangs are increasingly using extortion as leverage, releasing photos stolen from cancer patients and sensitive student files.
But wait, there’s more. Each week we round up the security news that we haven’t covered in depth ourselves. Click the headlines to read the full stories and stay safe out there.
ALPHV, a prolific group of hackers who extort companies with ransomware and leak their stolen data, said earlier this week it had breached security camera maker Ring and threatened to dump the company’s data online if it didn’t pay. “There is always an option to let us leak your data…” the hackers wrote in a message to Ring on their leak site. Ring has so far responded with a denial, telling Vice’s Motherboard, “We currently have no evidence of a ransomware event,” but it says it is aware of a third-party vendor experiencing one. That seller, Ring says, has no access to customer data.
Meanwhile, ALPHV, which has previously used its BlackCat ransomware to target companies like Bandai Namco, Swissport, and hospital company Lehigh Valley Health Network, stands by its claim that it breached Ring itself, not a third-party vendor. A member of the malware research group VX-Underground shared with WIRED screenshots of a conversation with an ALPHV representative who says it is still in “negotiations” with Ring.
Amid the ongoing ransomware epidemic, it’s no surprise that Ring isn’t alone in dealing with extortion problems. So is Maximum Industries, a supplier of rocket parts for Elon Musk’s SpaceX. The hackers, a well-known ransomware gang known as LockBit, taunted Musk on their website and threatened to sell the stolen information to the highest bidder if Maximum does not pay by the March 20 deadline. “I would say we were lucky if Space-X contractors were more talkative. But I think this material will find its buyer as soon as possible,” the hackers wrote. “Elon Musk, we’ll help you get your drawings to other manufacturers. to sell.”
Google’s Project Zero, the security research team dedicated to finding unknown vulnerabilities in widely used tech products, warned Thursday that it had discovered serious hackable flaws in Samsung chips used in dozens of Android devices. In total, the researchers found 18 different vulnerabilities in Samsung’s Exynos smartphone modems, but they say four of them are particularly critical and would allow a hacker to “remotely compromise a phone at the baseband level without user interaction, and just need that.” the attacker knows the victim’s phone number.” Project Zero rarely publishes information about unpatched vulnerabilities. But it says it has given Samsung 90 days to fix the bugs, and it hasn’t yet. A little public shame might spur Samsung to act more quickly to protect Google’s users from an insidious form of attack.
Since 2017, the cryptocurrency “mixer” service ChipMixer has quietly grown into a powerhouse of cryptocurrency laundering, taking users’ coins, mixing them with others, and then sending them back to obscure the money’s trail through blockchains. In addition, the Justice Department says it laundered $3 billion in criminal money, including ransomware payments, stolen loot from North Korean hackers, and even profits from the sale of child sexual exploitation material. Now, in an arrest conducted by multiple European law enforcement agencies and coordinated by Europol, the FBI and DHS, ChipMixer has been taken offline and its infrastructure seized. The alleged creator of the site, 49-year-old Vietnamese national Minh Quốc Nguyễn, remains out of reach: he has only been charged with money laundering in absentia.
But the case’s most intriguing result may have more to do with the collapse of the now-infamous cryptocurrency exchange FTX: Some of FTX’s money stolen during bankruptcy proceedings in November was funneled to ChipMixer. Seizing that mixing service’s servers could foil the FTX thieves’ attempt to evade tracing and help solve one of the central mysteries of that high-profile heist.
Only in the cryptocurrency world, where thefts of over half a billion dollars now occur multiple times a year, does the $200 million theft earn the lowest spot in a news roundup. Earlier this week, distributed trading protocol Euler Finance lost nearly $200 million in cryptocurrency to hackers who found a vulnerability in its code. Initially, Euler, the company behind that protocol, offered to let the hackers keep $20 million if they returned the rest of the money. But after that offer was ignored — in fact, the hackers sent the money to the Tornado Cash mixing service in hopes of covering their tracks — the company announced a $1 million bounty on the hackers’ heads.