Plus: A bad Zoom bug, a billion-dollar cocaine bust, and more of the week’s top security news.
A week into the revelation that Facebook leaked the data of 500 million users—including phone numbers and other potentially sensitive info—and the company still hasn’t given a full account of what happened. But we’ve managed to figure out both that the root of the problem was Facebook’s “contact import” feature, and that Facebook had plenty of opportunities to fix that issue before it resulted in attackers scraping half a billion people’s data.
On Thursday, federal agents arrested a 28-year-old Texas man for allegedly plotting to blow up an Amazon data center in Virginia. According to court documents, he had made alarming posts on the forums at MyMilitia.com, which someone then reported to the FBI. While it’s a concerning incident, domestic terror experts say there are no signs that Big Tech is a more pronounced target than in years past despite the heightened rhetoric from the far-right around supposed censorship.
Encrypted messaging app Signal announced this week that it would begin integrating the relatively new cryptocurrency MobileCoin. While a payments feature helps Signal keep up with its more full-featured competitors, the move raised questions as to whether Signal was inviting regulator interest and overly complicating a product lauded for its simplicity and ease of use.
As Slack and Discord have gained in popularity during the pandemic, so to have they become more popular among hackers as a way to distribute malware. And as Twitch’s home-grown microcelebrities become increasingly high-profile, the service has instituted an official policy to enforce serious bad behavior that happens off-platform.
The UK is looking to stop Facebook’s attempts to expand its end-to-end encryption. Russia may have found a new way to censor the internet, and Twitter is bearing the brunt. And Call of Duty cheats are increasingly packed with malware onboard.
Finally, it’s rare to get a look inside the National Security Agency, but three women involved in cybersecurity in the intelligence community gave WIRED an inside look at the opportunities and obstacles that have defined their careers.
And there’s more! Each week we round up all the news WIRED didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.Hackers Are Selling Scraped LinkedIn Data of 500 Million Users
Remember that Facebook leak? Of course! We just spent a lot of time on it. Not to be outdone, LinkedIn this week confirmed that a trove for sale on hacker forums includes “publicly viewable member profile data that appears to have been scraped from LinkedIn,” in addition to other sources around the web. LinkedIn wasn’t hacked (this time!), but instead was victimized by attackers who figured out how to collect publicly available user info on a massive scale. Even thought it was already online, personal data being aggregated in that way still benefits hackers and phishers, especially, who can use it to build profiles of you for better targeting.Belgian Authorities Intercept $1.7 Billion of Cocaine After Decrypting Messages
Over 27 tons of cocaine have ben confiscated in Antwerp over the last two months, Belgian police say. More intriguingly, authorities assert that they were initially tipped off to the shipments after decrypting hundreds of millions of messages sent on defunct encrypted phone company and network Sky ECC. Dutch and Belgian authorities had previously apprehended dozens of peopleallegedly connected to the drug trade in the aftermath of cracking Sky.A Zoom Attack Would Let Hackers Take Over Your Computer
Two Dutch researchers this week demonstrated that they could remotely get control of a PC running Zoom with no interaction from the user. Specific details haven’t been disclosed, as Zoom has yet to patch the underlying bugs. The team’s finding won them $200,000 at Pwn2Own, a twice-yearly competition for white-hat hackers. “We are working to mitigate this issue with respect to Zoom Chat, our group messaging product,” Zoom said in a statement. “In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue. The attack must also originate from an accepted external contact or be a part of the target’s same organizational account.”Phishing Scams Are Coming for Wine Fans
In these quarantined times, it’s natural to experience an uptick in personal wine consumption. That hasn’t gone unnoticed by scammers, who according to new research from Recorded Future and Area 1 Security have increasingly registered malicious domains targeting oenophiles. At its June peak, malicious domains comprised 7 percent of all wine-themed domains registered. Talk about … sour … grapes.
All Rights Reserved for Brian Barrett