It was the week that sent dark web markets scrambling. On Thursday, the feds confirmed earlier reports that they had taken down Alphabay, a dark web bazaar substantially larger than Silk Road ever was. They tacked on a surprising revelation though: Dutch police had a month earlier quietly seized control of the third-largest dark web market, Hansa, setting a trap for displaced Alphabay buyers and sellers. What a world!
While darknet drama dominated the headlines, plenty more transpired. IBM detailed a new mainframe system that can power 12 billion encrypted transactions per day. At the opposite end of the spectrum, it turns out Myspace allowed anyone to take over anyone else’s account just by knowing their birthday. And a pervasive IoT vulnerability called “Devil’s Ivy” could make millions of devices–mostly cameras–insecure. Also insecure, until a recent update? Segway MiniPro scooters, which researchers found could be taken over remotely with relative ease, inviting goofy danger. We also took a look at Android antivirus software, which gets a big fat “needs improvement” grade from researchers who tested nearly 60 apps against known malware.
In government security news, only one person at Trump’s big voter fraud summit bothered to talk about the genuine issue of outdated voting machine equipment. The State Department will fold its cybersecurity operation into a bureaucratic backwoods, which, guys, maybe now is not the best time? And if you were wondering how hard it is to get the Department of Defense to send you over a million dollars in weapons, the answer is apparently “not very.”
Finally, please watch this video and read this story about a robot that can crack a popular safe in 15 minutes. It’s a delight, and the world needs more of those.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Cryptocurrency thieves took off with nearly $40 million this week in ether. In the bigger of the two, hackers took 150,000 ether tokens (worth over $30 million) thanks to a since-patched bug in the digital wallets of a start-up called Parity. In the other, hackers redirected incoming investments in a crypto trading platform’s “initial coin offering” from CoinDash, the intended recipient, to another website altogether. They managed to grab $7 million before CoinDash halted the sale. Cryptocurrency! It’s cool, it’s sort of anonymous, it’s subject to fairly frequent, devastating thefts.
The Internet Bug Bounty plays an invaluable role in helping protect the internet, ensuring there are payouts for finding and helping fix bugs in free and open-source software. Remember Heartbleed? That was an IBB payout. This week, Facebook, the Ford Foundation, and GitHub each donated $100,000 to the IBB, keeping its mission going and allowing it to expand into data processing and privacy technologies.
It wouldn’t be a week in security without customer data leaking thanks to a poorly configured database or S3 bucket. This time the honor goes to Dow Jones, Wall Street Journal parent company, which exposed the names, addresses, account information, email addresses, and partial credit card information of at least 2.2 million customers and as many as four million. The lesson, as always, is to be a little more careful with how you store your digital stuff.
Remember that time hackers posted membership info of everyone with an account at Ashley Madison, the site for active and aspirational adulterers? Who could forget! Parent company Ruby Corp. will pay out over $11 million to impacted users in a settlement that also does not acknowledge any wrongdoing, presumably aside from the whole adultery thing.