a consortium of Global law enforcement agencies led by Britain’s National Crime Agency this week announced a takedown operation against two major Russian money laundering networks that process billions of dollars each year in more than 30 locations around of the world. WIRED had exclusive access to the investigation, which uncovered worrying new laundering techniques, particularly schemes to directly exchange cryptocurrencies for cash. As the U.S. government struggles to address China’s “Salt Typhoon” digital spying campaign on American telecommunications, two senators this week demanded that the Department of Defense investigate its failure to protect its own communications and address vulnerabilities. known in the telecommunications infrastructure of the United States. Meanwhile, Signal Foundation President Meredith Whittaker spoke at WIRED’s The Big Interview event in San Francisco this week about Signal’s long-standing commitment to providing end-to-end encrypted private communication services to people around the world. , regardless of the geopolitical climate.
A new smartphone scanner from mobile device security company iVerify can detect spyware quickly and easily and has already detected seven devices infected with the invasive Pegasus surveillance tool. Programmer Micah Lee created a tool to help you save and delete your X posts after offending Elon Musk and being banned from the platform. And privacy advocate Nighat Dad is fighting to protect women from digital harassment in Pakistan after escaping an abusive marriage.
The US Federal Trade Commission is targeting data brokers it claims illegally tracked protesters and US military personnel, but law enforcement efforts appear likely to halt under the Trump administration. Similarly, the U.S. Consumer Financial Protection Bureau has devised a strategy to impose new oversight on predatory data brokers, but the new administration may not continue the initiative. Finally, some new laws will arrive around the world in 2025 that will attempt to regulate the dysfunction of the digital advertising industry, but malvertising is still on the rise around the world and continues to play a major role in global scams.
And there is more. Each week, we round up the security and privacy news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Remember how the US federal government spent much of the last three decades regularly denouncing the dangers of powerful, freely available encryption tools, arguing that because they enable criminals and terrorists, they should be banned or required to implement approved backdoors? by the government? Starting this week, the government will never again be able to make that argument without privacy advocates pointing to one particular phone call in which two officials recommended Americans use exactly those encryption tools to protect themselves in the midst of a massive breach. ongoing breach of American telecommunications by Chinese hackers.
Briefing journalists about the breach of no fewer than eight phone companies by Chinese state-sponsored espionage hackers known as Salt Typhoon, officials from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI They said that amid the still uncontrolled situation due to the infiltration of American telecommunications that has exposed calls and text messages, Americans should use encryption applications to safeguard their privacy. “Encryption is your friend, whether it’s in text messages or if you have the ability to use encrypted voice communications,” said Jeff Greene, deputy executive director of cybersecurity at CISA. (Signal and WhatsApp, for example, encrypt calls and texts end-to-end, although officials did not name any particular app.)
The recommendation in the middle of what a senator has called “The worst telecommunications hack in our nation’s history” represents a striking shift from past U.S. officials’ rhetoric about encryption and, in particular, the FBI’s repeated calls for access to encryption backdoors. In fact, it was exactly this type of government approved wiretapping capability requirement for American telecommunications that the Salt Typhoon hackers in some cases exploited to access Americans’ communications.
The hacking group known as Secret Blizzard, Snake or Turla, believed to work for the Russian intelligence agency FSB, is known for using some of the most ingenious hacking techniques ever seen to spy on their victims. One of the tricks that has now become his signature move: hacking into other hackers’ infrastructure to stealthily take advantage of their access. This week, threat intelligence researchers at Microsoft and security firm Lumen Technologies revealed that Turla gained access to the servers of a Pakistan-based hacking group and used its visibility into victims’ networks to spy on government, military and other targets. and intelligence in India and Afghanistan of interest to the government. Kremlin. In some cases, Turla hijacked Pakistani hackers’ access to install their own malware, while in other cases they appear to have used the other group’s tools for greater stealth and deniability. The incident marks the fourth known time since 2017, when it breached the command and control servers of an Iranian hacker group, that Turla has leveraged another hacker group’s infrastructure and tools, according to Lumen.
The Russian government is known for turning a blind eye to cybercrime… until it doesn’t. This week, 15 convicted members of the notorious dark web marketplace Hydra learned the limits of that tolerance when they reportedly received prison sentences ranging from 8 to 23 years, as well as an unprecedented life sentence for the site’s creator, Stanislav Moiseyev. Before being taken down two years ago in a law enforcement operation led by criminal investigators from the IRS in the US and Germany’s BKA law enforcement agency, Hydra was an exceptionally extensive dark web marketplace, which not only served as the online bazaar largest in the post-Soviet world. for narcotics, but also a huge money laundering machine for crimes such as ransomware, scams and sanctions evasion. In total, Hydra enabled more than $5 billion in dirty cryptocurrency transactions since 2015, according to cryptocurrency tracking firm Elliptic.
Russian law enforcement loaded and arrested a software developer last week suspected of making prolific contributions to multiple ransomware groups, including creating malware to extort businesses and other targets. the suspect is reportedly Mikhail Matveev, or “Wazawaka”, who has worked as an affiliate of ransomware gangs such as Conti, LockBit, Babuk, DarkSide and Hive. social networks reports indicate that Matveev confirmed his accusation and said that he had been released on bail.
Russia’s prosecutor general did not name Matveev, but charges described last week against a 32-year-old hacker under Article 273 of Russia’s Criminal Code, which prohibits the creation or use of malware. The move came as Russia appeared to be sending some kind of message about its tolerance for cybercrime with the sentencing of staff at dark web marketplace Hydra, including a life sentence for its administrator. In 2023, the US government accused and sanctioned Matveev.
In a disturbing scoop (which we didn’t cover last week due to the Thanksgiving holiday), Reuters reporters have revealed that the FBI is now investigating a lobbying consultancy hired by Exxon over the company’s role in a hacking operation. and leak that targeted climate change activists. DCI Group, a lobbying firm hired at the time by Exxon, allegedly provided a list of targeted activists to a private investigator, who then outsourced a hacking operation against those targets to mercenary hackers. After the private investigator, an Israeli named Amit Forlit, who was later arrested in London and faces hacking charges in the United States, allegedly handed over the hacked material to DCI, he leaked the activists’ internal communications about the litigation to the media. on climate change against Exxon, Reuters discovered. The FBI, according to Reuters, has determined that DCI also first presented that material to Exxon before leaking it. “Those documents were used directly by Exxon to go after me with all guns blazing,” a lawyer who works with the advocacy group Center for Climate Integrity told Reuters. “It turned my life upside down.”
Exxon has denied knowledge of any hacking activity and DCI told Reuters in a statement that “we order all of our employees and consultants to comply with the law.”