This week the New York Post published a story centered on information stolen from a laptop that purportedly belonged to Hunter Biden, and that has a high likelihood of being part a disinformation operation. Not great! But the way the rest of the media handled the situation was a marked improvement over 2016, when leaks of John Podesta’s hacked emails kicked off a frenzy that played right into Russia’s hands. Here’s to modest progress.
Take it where you can get it. The rest of the security outlook was a little more discouraging. United States Cyber Command mounted an offensive against Trickbot, one of the most dangerous botnets in the world. It didn’t accomplish much, but did set a new precedent of US hackers taking on criminals rather than their military counterparts. That’s all part of the long-term strategy of general Paul Nakasone, leader of both Cybercom and the National Security Agency, whom we profiled at length for the most recent issue of the magazine.
We also took a look at how internet freedom has suffered during Covid-19, as dozens of countries have used used the pandemic as an excuse to increase surveillance and tamp down on digital rights. Speaking of surveillance, Amazon’s latest high-profile product announcements have been pushing the boundaries of data collection in discomfiting ways. (Yes, that includes the drone that flies around your house.)
Researchers have figured out how to make a Tesla Model X hit the brakes by flashing just a few frames of a stop sign image for less than half a second. It’s maybe not the most practical attack, but on the other hand it could do a fair bit of damage on the highway it timed just right. And DDoS extortion is on the rise, including some criminals who have been posing as nation state hackers like Fancy Bear and Lazarus Group to increase the intimidation factor.
And there’s more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
The registration deadline for the state of Virginia was Tuesday, which is why it’s especially unfortunate that an accidentally cut cable knocked Virginia’s voter portal offline for several hours Tuesday morning. Utility workers hit a Verizon fiber line, which was enough to take out the entire system until deep into the afternoon. A judge extended the registration deadline by 48 hours to make up for it, so everyone should still have been able to get their name in. But the incident is an important reminder that for all the concern over hackers disrupting the 2020 election, creaky infrastructure—whether it’s a cut cable or a confusing interface on a decades-old voting machine—poses a more realistic threat to Election Day.
Look, data breaches happen. After the Equifax hack, there’s a good chance that a big chunk of your personal information has already been compromised. The more important question to ask when a major company like Barnes and Noble gets hacked—which it did, according to an email sent to customers this week—is how much the hackers actually got away with. In this case, it seems at least for now like the damage isn’t terrible. The company said purchase histories, email addresses, and shipping information were potentially exposed, which isn’t ideal. But passwords and financial information appear not to have been impacted, according to Barnes and Noble. Sometimes breaches turn out to be worse than first reported—looking at you again, Equifax—but at least for now, it seems like the fallout is about as minimal as you could hope.
The months-long Zoom encryption saga is nearing a resolution. After misrepresenting the level of security its video chat services offered—and then waffling on whom it would make end-to-end encryption available for—Zoom next week will roll out the feature to both free and paid users next week for a 30-day technical preview. Zoom chats with end-to-end encryption can accommodate up to 200 users, an impressive feat especially given the time frame. You have to opt-in to use the feature, and will give up features like live transcription and cloud recording. But if your privacy needs are that pronounced, odds are you wouldn’t want those enabled in the first place.
Ransomware gangs have increasingly taken to posting companies’ data online if they don’t pay up. The latest apparent victims include gaming companies Ubisoft and Crytek, which a gang called Egregor says it has successfully compromised and published apparent files from on a dark web site. None of this is unique, but it’s worth keeping an eye on—especially since the group has threatened to leak the much higher-stakes source code for Ubisoft’s upcoming Watch Dogs: Legion and the company’s game engine.
More Great WIRED Stories