Sex, drugs and… Eventbrite? A WIRED investigation published this week uncovered a network of spammers and scammers driving the illegal sale of controlled substances such as Xanax and Oxycodone, escort services, social media accounts and personal information on the event management platform. To make matters worse, Eventbrite’s recommendation algorithm promoted opioid posts alongside addiction recovery events. The good news is that the company appears to have removed most of the more than 7,400 illicit posts that WIRED discovered.
If you drive a Tesla Model 3, make sure you enable your PIN feature for driving or your car could easily be stolen in seconds. While the company has added new ultra-wideband radio technology to its keyless system, which can prevent “relay attacks,” researchers at Beijing-based security firm GoGoByte found that Model 3s (as well as like other unnamed vehicle makes and models) are still vulnerable. Relay attacks use inexpensive radios to transmit the signal from someone’s key fob or phone app that can then be used to unlock and start a struck vehicle. Tesla says its adoption of ultra-wideband radio wasn’t intended to stop relay attacks (although it technically could), but the automaker may add that protection in the future.
Police arresting people for running illicit online marketplaces is a story almost as old as the dark web itself. But this week’s takedown offered a new twist. The FBI recently arrested Lin Rui-siang, a 23-year-old accused of operating the Incognito Marketplace, which authorities say facilitated $100 million in narcotics sales on the dark web. US prosecutors claim Lin then extorted Incognito users by threatening to expose them unless they paid. Interestingly, Lin’s professional experience includes teaching police how to catch cybercriminals by tracking cryptocurrencies on blockchains. If the US Department of Justice is right about his alleged involvement in Incognito Market, that would make him one of the most unusual cybercriminals we have ever encountered.
Of course, leaks don’t just affect people who find themselves on the wrong side of the law. An unsecured database recently exposed biometric data of police officers in India, including facial scans, fingerprints, and more. The incident reveals, first of all, the dangers of collecting sensitive biometric data.
Finally, the saga of WikiLeaks founder Julian Assange inched forward again this week, with a British court ruling allowing him to appeal his extradition to the United States, where he faces 18 charges under the Espionage Act for the publication. of classified US military information by WikiLeaks. The judges said Assange can appeal US prosecutors’ assurances about how his trial would be conducted and based on the First Amendment. The appeal process will inevitably delay any final decision on his possible extradition for months.
But that is not all. Each week, we round up the security and privacy news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Following the trend of tech companies in the AI race to throw privacy and caution to the wind, Microsoft revealed plans this week to launch a tool on its upcoming Copilot+ PCs called Recall that takes screenshots of its computers. customers every few seconds. microsoft says The tool is intended to give people the ability to “find the content you’ve viewed on your device.” The company also claims to have a variety of protections and says images are only stored locally on an encrypted drive, but the response has been resoundingly negative, with some watchdogs reportedly calling it a potential “privacy nightmare.” The company notes that an intruder would need a password and physical access to the device to view any of the screenshots, which should rule out the possibility of anyone with legal concerns adopting the system. Ironically, Recall’s description is eerily reminiscent of computer monitoring software the FBI has used in the past. Microsoft even acknowledges that the system takes no steps to redact passwords or financial information.
Federal authorities are reportedly quietly working to establish links between anti-war protesters on American campuses and any foreign groups or individuals abroad, according to journalist Ken Klippenstein, a former Intercept staffer, who says the National Center Counterterrorism is at the center of the effort. Evidence of foreign ties would give more ammunition to politicians, university officials and police, who have widely claimed that the culprits behind the demonstrations are “outside agitators,” an accusation routinely leveled at protesters in the United States, often intended to imply that the protesters themselves are stupid. By the way, authorities can also overcome constitutional obstacles to surveillance by setting up a foreign target to spy on; someone unprotected by the country’s Fourth Amendment. Meanwhile, Republicans in Congress (Representatives Mark Green and August Pfluger) have called on the FBI and Department of Homeland Security to provide congressional committees with records on government surveillance of protesters, including any attempts to infiltrate them. using “undercover online employees or confidential information.” human sources.
The FBI arrested a 42-year-old Wisconsin man for using Stable Diffusion, text-to-image generative artificial intelligence software, to fabricate child sexual abuse material. The man was reportedly captured with “thousands of realistic images” of children, some of them naked or partially clothed with men. Court records indicate that the evidence includes more than 13,000 genetic AI images, as well as the prompts he used to create the images. “The use of AI to produce sexually explicit depictions of children is illegal, and the Department of Justice will not hesitate to hold accountable those who possess, produce or distribute AI-generated child sexual abuse material,” Nicole Argentieri, Chief of the Criminal Division of the Justice Department. , she says in a statement. The arrest is part of Project Safe Childhood, a collaboration between the government and corporations that reportedly targets online criminals.
Security researchers revealed to TechCrunch this week that they had discovered consumer spyware, often known as “stalkerware,” on the computers of “at least three” Wyndham hotels in the United States, potentially exposing guests’ personal data. Travellers. The stalkerware, called pcTattletale, can be installed on Android and Windows devices, giving whoever in control of the sneaky app the ability to access the target machine’s data and monitor user activity. According to researchers, the presence of pcTattletale was discovered thanks to a security flaw in spyware that exposed screenshots of infected machines to the open Internet. Although researchers found pcTattletale on Wyndham computers, the hotel company says each of its locations are franchises, suggesting the spyware infection could be limited to a few locations.
