Interest in North Korean hacking comes and goes, but this week experts cautioned that the US shouldn’t underestimate or ignore this persistent and growing threat. The FBI and DHS even officially attributed the destructive WannaCry ransomware to the reclusive nation.
Meanwhile, new analysis from the cybersecurity firms ESET and Dragos Inc. offered details on the advanced, grid-sabotaging malware hackers used to attack a Ukrainian electrical power station last December. Incarceration rates are rising in the rural US. And Georgia’s voting systems have no backup means of audit if the state’s digital systems malfunction (or are, say, hacked).
At least the Department of Defense is still on the cutting edge. Its Strategic Capabilities Office is working on developing ways to weaponize video games. And special prosecutor Robert Mueller has put together an all-star investigatory team.
Plus the CIA could be lurking on basically every router out there, according to documents released by WikiLeaks. So here’s a list of everyone President Donald Trump has blocked on Twitter to take your mind off things.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
In May, Microsoft released patches for the virulent WannaCry ransomware for Windows XP even though that operating system is no longer officially supported. This week, the company followed up with a dozen additional patches that cover no-longer-supported versions including Windows XP, Windows Vista, Windows 8, Windows Server 2003, and Windows Server 2003 R2. Microsoft said that though it is not reinstating support for these aging OSes, it does want to take “action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.” While working to anticipate and preempt the next WannaCry-type incident is important, some experts worry that making too much of a habit of patching old systems will give stragglers an excuse to hold out on these dangerously insecure platforms even longer instead of being forced to upgrade. On the other hand, security pressure hasn’t really created that urgency so far.
A US tech company attempted to refuse participation in National Security Agency bulk surveillance, according to a declassified, extensively redacted Foreign Intelligence Surveillance Court ruling document. The unnamed company tried to avoid contributing data to the PRISM aggregation program, which the NSA operates under Section 702 of the FISA Amendments Act. The company basically demanded that the NSA obtain a warrant, citing Fourth Amendment concerns that in the process of surveilling foreigners, the NSA would end up collecting the data of US citizens as well. But Judge Rosemary Collyer wrote in her decision, “The mere fact that there is some potential for error is not a sufficient reason to invalidate the surveillance.” Nice hustle, though.
Facebook Accidentally Exposed Data of More Than 1,000 Content Moderators to Suspected Terrorist Users
A software bug Facebook discovered in late 2016 put content moderators at risk by posting data from their personal profiles into the activity log of Facebook groups whose administrators had been banned for terms of service violations. As a result, remaining administrators who hadn’t been removed could see the information in the group log. The bug impacted more than 1,000 content moderators in 22 Facebook departments, including about 40 who specifically worked in a counterterrorism unit. Facebook concluded that six people exposed by the bug were “high priority” cases because their private information was at high risk of having been seen by potential terrorists. One moderator told the Guardian he has since gone into hiding.
Researchers from Aarhus University in Denmark has revealed that the secure cloud and messaging company SpiderOak had some problematic encryption bugs as recently as April. The independent security review found weaknesses in mechanisms like user password storage, file retrieval, and file directory sharing—important stuff for a secure cloud platform. The researchers note that SpiderOak was quick to accept and correct “most of the issues described” with an updated, patched version of the application.
After seven years in a military prison, Chelsea Manning was released on May 17. She had been convicted under the Espionage Act and initially sentenced to 35 years in prison for giving more than 480,000 Afghanistan and Iraq War Army reports and 250,000 U.S. diplomatic cables to WikiLeaks—the largest classified leak in US history. She spoke out to the New York Times this week about her journey, her gender identity, and her feelings of isolation while in prison.