Pig slaughter, the scourge of cryptocurrency-based scammers that has netted an estimated $75 billion from victims worldwide, is spreading beyond its roots in Southeast Asia, with operations proliferating in Middle East, Eastern Europe, Latin America and West Africa.
The United Kingdom’s National Crime Agency revealed new details about the identities of the Russian ransomware group known as Evil Corp, as well as the group’s links to Russian intelligence agencies and even its direct involvement in espionage operations targeting allies of NATO.
A WIRED investigation revealed how car-mounted automatic license plate reading cameras capture much more than just license plates, including campaign signs, bumper stickers and other politically sensitive text, all examples of how a vehicle tracking system threatens to become a broader system. surveillance tool.
In other news, ICE signed a $2 million contract with Paragon Solutions, a well-known provider of spyware, including the Graphite hacking tool. And the Pentagon is increasingly adopting handheld controllers for weapons systems in an effort to provide more intuitive interfaces to soldiers who have grown up playing Xbox and PlayStation consoles.
And there is more. Each week, we round up the privacy and security news that we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
While the politics of America’s largest city have been upended by criminal charges against New York Mayor Eric Adams, there is still a “major wild card” in the corruption case against him, prosecutors said in the court this week: the FBI can’t get access to his phone.
Prosecutors in the case against Adams, which centers on alleged illegal payments the mayor received from the Turkish government, revealed that the FBI has not yet cracked the encryption on Adams’ personal phone, nearly a year after it was seized. That phone is one of three the office took from Adams, but agents confiscated Adams’ personal phone a day after the other two devices he used in an official capacity. At that point, Adams had not only changed the phone’s password from a four-digit PIN to a six-digit PIN, a measure he says he took to prevent staff from deleting information from the device, intentionally or unintentionally. He also claims that he immediately “forgot” that code to unlock it.
Such convenient amnesia may leave the FBI and prosecutors in a situation similar to their investigation into the San Bernardino mass shooting carried out by Syed Rizwan Farook in 2016, when the US government demanded Apple help unlock the shooter’s encrypted iPhone, leading to a high-profile showdown between Apple and the FBI. In that case, cybersecurity company Azimuth ultimately used a highly guarded and expensive hacking technique to unlock the device. In Adams’ case, prosecutors hinted that the FBI may have to resort to similar measures. “Decryption always catches up to encryption,” the prosecutor in the case, Hagan Scotten, told the judge.
Facial recognition is one of the few technologies that even Facebook and Google have hesitated to integrate into products like Google Glass and the Ray-Ban Meta smart glasses, and rightly so, given the privacy implications of a device that would allow anyone to look at a stranger on the street and immediately determine his phone number and home address. Now, however, a group of Harvard students has demonstrated how easy it is to incorporate facial recognition into Meta’s augmented reality glasses. The project, known as I-XRAY, integrates with facial recognition service Pimeyes to allow Ray-Ban Meta wearers to learn the name of virtually anyone they see and then immediately search databases of personal information to determine another information about them, including family names, phone numbers, and addresses. The students say they will not publish the code of their experiment, but rather intend it to be a demonstration of the privacy-invasive potential of augmented reality devices. Point made.
If that warning about the privacy risks of AR glasses needed further reinforcement, Meta this week also admitted to TechCrunch that it will use data from users’ smart glasses to train its AI products. Meta initially declined to answer TechCrunch’s questions about whether and how it would collect data from Ray-Ban Meta smart glasses to use as AI training data, unlike companies like OpenAI and Anthropic that explicitly say they don’t exploit the user input for training. its AI services. However, a couple of days later, Meta confirmed to TechCrunch that it does, in fact, use images or videos collected through its smart glasses to train its AI, but only if the user sends them to Meta’s AI tools. That means that anything a user views and asks the Meta AI chatbot to comment on or analyze will become part of Meta’s massive trove of AI training data.
If you can’t arrest Russian hackers, you can at least seize their web domains. That, at least, is the approach this week of the United States Department of Justice, which together with Microsoft and the NGO Information Analysis and Exchange Center used a lawsuit to take control of more than one hundred web domains that had been used by Russian hackers working for the Kremlin’s intelligence and law enforcement agency known as the FSB. Those domains had been exploited in phishing campaigns by the Russian hacking group known as Star Blizzard, which has a history of targeting typical victims of geopolitical espionage, such as journalists, think tanks and NGOs. The domain seizures appear designed in part to head off threats of foreign interference in next month’s U.S. elections. “Rebuilding infrastructure takes time, absorbs resources, and costs money,” Steven Masada, deputy general counsel for Microsoft’s Digital Crimes Unit, said in a statement. “Today’s action impacts (the hackers’) operations at a critical time when foreign interference in American democratic processes is of utmost concern.”