The Internet Archive is under attack. In addition to multiple lawsuits threatening demise against the organization that created and maintains the Wayback Machine, this week hackers breached the Internet Archive, stole 31 million user account details, and defaced its website, all while archive.org struggled to stay online thanks to an avalanche of distributed denial-of-service attacks. As of Friday, the site remained “temporarily offline.”
In a dark twist of fate, a judge this week cleared the way for the US Treasury Department to take possession of 69,000 bitcoins stolen from the Silk Road dark web market; Meanwhile, the former IRS investigator who personally seized the bitcoins, Tigran Gambaryan, remains in a Nigerian cell facing charges related to the actions of his current employer, the embattled crypto exchange Binance. Members of Congress and other officials have called on the US government to do more to secure Gambaryan’s release, given his direct role in a number of major criminal cases and pioneering crypto investigation techniques. As for the seized Silk Road bitcoins, they are now worth $4.4 billion and will likely be auctioned.
Security researchers this week detailed pernicious malware that infiltrates Linux machines and uses a variety of techniques to evade detection. Dubbed Perfctl, the malware hides itself by creating files that match those typically found on Linux instances, using tricks to prevent management tools from logging its activities, and more. All of this is done with the goal of remaining on an infected machine to continue performing a variety of malicious activities. Researchers estimate that millions of Linux devices could be vulnerable.
Finally, we analyze the ways in which Google’s decision to No Deleting third-party tracking cookies on your Chrome browser could still impact your privacy.
And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Police use of honeypots to catch cybercriminals red-handed is nothing new. But creating an entirely new cryptocurrency to catch the pump-and-dump schemers? That’s something special. The US Department of Justice revealed this week that the FBI created a new crypto token based on Ethereum. NexFundAIspecifically to trick people manipulating the crypto markets and take them down.
While the investigation ultimately resulted in charges against 18 individuals and other entities for alleged fraud and cryptocurrency market manipulation, the scheme’s blast radius also affected some regular retail investors who are not charged with any crime, although officials Americans did not provide details on those. investments. A US prosecutor involved in the case told reportersHowever, the investigation obtained a total of $25 million in funds, which will be returned to investors. Trading on NexFundAI has since been disabled.
National Public Data, a Florida-based data broker, is having a bad year. In August, hackers released 2.9 billion records stolen from the NPD last December that included names, mailing addresses, phone numbers, email addresses and social security numbers, a giant trove that hackers say affected “the entire population of the US, California and the UK.” ” Then came the inevitable lawsuits against NPD, which is now filing for bankruptcy. Those proceedings have revealed new details, including the fact that NPD is run by a single person, Salvatore Verini, Jr, who operated the business from his home with equipment worth about $2,500. document filed in bankruptcy court by one of NPD’s debtors claims the breach may have affected “hundreds of millions” of people.
Discord users in Russia and Türkiye discovered this week that they were suddenly unable to connect to the online chat app. Authorities in both countries later revealed that Discord had been blocked for allegedly facilitating illegal activities. Russian Internet regulator Roskomnadzor said in a statement that the blocking “is necessary to prevent the use of the messenger for terrorist and extremist purposes, the recruitment of citizens for its commission, the sale of drugs, in connection with the placement of information illegal”. Meanwhile, Turkish authorities banned the messaging app after a court ruling involving child abuse material that was allegedly hosted on Discord servers. According to BleepingComputer, some Discord users in those countries were able to access the app using a VPN that routed their connections through foreign IP addresses, which could be good news for Russian troops who were supposedly interrupted by lockdown.
The use of facial recognition technology by law enforcement to attribute crimes to Americans is much more widespread than previously thought, according to research recently published by The Washington Post. Records obtained by the Post found that police in 15 states used facial recognition tools in “more than 1,000 investigations over the past four years.” Despite its apparent widespread use, police departments frequently seek to conceal their use of the technology, which has been found to inaccurately identify people who are then charged with crimes they did not commit. As an assistant public defender in Minnesota told Post reporters, police likely hide their use of facial recognition because they “want to avoid litigation over the technology’s reliability.”