a union of Global law enforcement agencies led by Britain's National Crime Agency announced a takedown operation this week Two major Russian money-laundering networks that process billions of dollars every year In over 30 locations worldwide. WIRED had exclusive access to the investigation, which uncovered new and disturbing laundering techniques, particularly schemes to directly exchange cryptocurrencies for cash. As the United States government struggles to address China's “Salt Typhoon” digital espionage campaign into American telecommunications, two senators this week demanded that Defense Department investigates its failure to secure its own communications and address known vulnerabilities In the US telecommunications infrastructure. Meanwhile, Signal Foundation President Meredith Whitaker spoke on WIRED's The Big Interview program in San Francisco this week Signal's enduring commitment to bringing private, end-to-end encrypted communications services To people around the world, regardless of the geopolitical environment.
A Mobile device security firm iVerify's new smartphone scanner can detect spyware faster and easier and has already identified seven devices infected with the offending Pegasus surveillance tool. Programmer Micah Lee Created a tool to help you save and delete your ex posts He was banned from the platform after angering Elon Musk. and advocate privacy Nighat dad is fighting to save women from digital harassment in Pakistan After fleeing an abusive marriage.
America The Federal Trade Commission is targeting data brokers it says unlawfully monitored protesters and US military personnelBut enforcement efforts are likely to slow under the Trump administration. Similarly, U.S. Consumer Financial Protection Bureau lays out new surveillance strategy on predatory data brokersBut the new administration cannot continue this initiative. There are finally going to be some new laws around the world in 2025 that will try Control the dysfunction of the digital advertising industryBut Malicious advertising is still booming around the world and playing a big role in global scams,
There is so much more. Each week, we round up security and privacy news that we haven't covered in depth ourselves. Click on titles to read full stories. And stay safe there.
Recall that over the past three decades the US federal government has periodically denounced the dangers of strong, freely available encryption tools, arguing that because they enable criminals and terrorists, they should be outlawed. Should or will there be a need to implement a government-approved backdoor? Until this week, the government would never have been able to make that argument without privacy advocates pointing to that particular phone call, where two officials told Americans about the ongoing massive breach of US telecommunications by Chinese hackers. It is recommended to use those encryption tools to protect yourself between.
In a briefing with reporters about the breach of at least eight phone companies by Chinese state-sponsored espionage hackers known as Salt Typhoon, officials from both the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said Amid this still-unregulated situation of calls and texts being exposed by intrusions into US telecoms, Americans should use encryption apps to protect their privacy. “Encryption is your friend, whether it's on text messaging or if you have the ability to use encrypted voice communications,” said Jeff Green, CISA's executive assistant director for cybersecurity. (For example, Signal and WhatsApp, End-to-end encrypted calls and textsAlthough the officials did not name any specific app.)
recommendation between whom A senator has called The “worst telecom hack in our country's history” represents a stunning reversal from previous U.S. officials' rhetoric on encryption, and particularly the FBI's repeated calls for backdoor access into encryption. Actually, it was Exactly the same type of government approved wiretap capability. A requirement for American telecommunications that in some cases was exploited by the Salt Typhoon hackers to access Americans' communications.
The hacker group known as Secret Blizzard, Snake or Turla is widely known to work for Russia's FSB intelligence agency. Some of the simplest hacking techniques Sometimes seen spying on its victims. One of those tactics is what has now become its signature move: secretly attacking other hackers' access by hacking into their infrastructure. This week, threat intelligence researchers at Microsoft and security firm Lumen Technologies revealed that Turla gained access to the servers of a Pakistan-based hacker group and used its visibility into victim networks to spy on government, military and intelligence targets in India and Afghanistan. Used. Kremlin. In some cases, Turla hijacked the access of Pakistani hackers to install their own malware, while in other cases they appear to use another group's tools to achieve even greater privacy and denial of service. According to Lumen, the incident is the fourth known incident since 2017, when it penetrated the command-and-control servers of an Iranian hacker group, which Turla has since freeloaded onto another hacker group's infrastructure and tooling.
The Russian government is known for turning a blind eye to cybercrime – until it doesn't have to. This week 15 convicted members of the notorious dark web market Hydra found out the limits of that tolerance when they reportedly received prison sentences ranging from 8 years to 23 years, plus an unprecedented life sentence for the site's creator Stanislav Moiseyev Got punishment. Before it was taken down two years ago in a law enforcement operation led by IRS criminal investigators in the US and Germany's BKA police agency, Hydra was a uniquely widespread dark web marketplace.Which not only served as the post-Soviet world's largest online marketplace for narcotics, but also a giant money laundering machine for crimes including ransomware, scams, and sanctions evasion. In total, Hydra has enabled more than $5 billion dollars in dirty cryptocurrency transactions since 2015, according to crypto tracing firm Elliptic.
Russian law enforcement Was accused And last week arrested a software developer who is suspected of prolific contributions to multiple ransomware groups, including creating malware to extort money from businesses and other targets. is suspicious Allegedly Mikhail Matveev, or “Vazhavka,” who has worked as an associate with ransomware gangs such as Konti, Lockbit, Babuk, DarkSide, and Hive. social media The report indicates Matveev confirmed his indictment and said he had been released from law enforcement custody on bail.
The Prosecutor General of Russia did not name Matveev, but stated allegations Last week a case was filed against a 32-year-old hacker under Article 273 of Russia's Criminal Code, which bans the creation or use of malware. The move came as it seemed Russia was sending some sort of message about its tolerance for cybercrime with the sentencing of employees of dark web marketplace Hydra, which also included life in prison for its administrator. In 2023, the US government indictment And Matveev approved.
In a disturbing scoop (which we didn't cover last week due to the Thanksgiving holiday), Reuters reporters have revealed that the FBI is now investigating a lobbying consultancy hired by Exxon over the firm's role in the hack-and-leak operation. , which had targeted climate change activists. DCI Group, a lobbying firm employed by Exxon at the time, reportedly gave a list of targeted activists to a private investigator, who then outsourced the hacking operation against those targets to hired hackers. The private investigator – an Israeli man named Amit Forlit, who was later arrested in London and faces hacking charges in the US – allegedly gave the hacked material to DCI, making it part of the climate change lawsuit against Exxon. Internal communications of activists regarding the incident were leaked to the media, Reuters. searched for. According to Reuters, the FBI determined that DCI had even previewed the material at Exxon before leaking it. “Those documents were directly orchestrated by Exxon to come to me,” a lawyer working with the Center for Climate Integrity, an activist group, told Reuters. “It turned my life upside down.”
Exxon has denied knowledge of any hacking activities and the DCI told Reuters in a statement that “we instruct all of our employees and consultants to comply with the law.”