Nothing much of interest happened in the world of cybersecurity this week.
Kidding! But wouldn’t that be nice? If we were living in a simpler time when innocent victims weren’t hit by a new, weird hack every day, and international cyberespionage wasn’t undermining everything from governments to businesses to Twitter accounts? You could just argue about who won The Bachelor and move on with your life. Unfortunately, this is 2017, so naturally this week’s hacks were actually completely ridiculous.
First of all, the United States indicted two official Russian spies for hacking Yahoo back in 2014. Presidential advisor Kellyanne Conway confused a lot of people when she said their microwaves are spying on them (don’t worry: they aren’t…yet). A new scam bilks people out of millions of dollars over the phone. The Pentagon’s Director of Capabilities thinks war will soon look like Pokemon Go. (For real.) Facebook is finally trying to get serious about protecting your information from government surveillance—a decade late, but better than nothing! WhatsApp got hacked. President Trump won’t let go of his baseless accusation that President Obama wiretapped Trump Tower, even though it is clearly in his best interest to hope everyone forgets he ever tweeted anything about that.
Oh, and speaking of Twitter! Of course this week couldn’t be over without some kind of Twitter hack, or two. First, the most American of businesses—ye venerable McDonald’s—claimed its Twitter account was hacked when it tweeted at the president of the United States that he was a “disgusting excuse” for a leader and added that he had “tiny hands.” And on Tuesday night, hacked Twitter accounts from the likes of the BBC and Amnesty International tweeted out swastikas and pro-Nazi hashtags, because, again, 2017.
And there’s more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story. And stay safe out there.
After Fox News ran a report earlier in the week alleging that British spy agency GCHQ had hacked into Trump Tower at the behest of then-President Barack Obama, Press Secretary Sean Spicer repeated the claim verbatim from behind his lectern in the White House. At Thursday’s press briefing, Spicer said, “[Obama] didn’t use the NSA, he didn’t use the CIA, he didn’t use the FBI, and he didn’t use the Department of Justice. He used GCHQ, what is that? It’s the initials for the British Intelligence Spying Agency.”
The Trump administration has made many outrageous allegations in recent week, so it may be easy to dismiss this comment as just another unexpected utterance, but in fact it’s a fairly huge deal. This is the US government accusing its closest ally of spying on the president. We rely so much on GCHQ, that former NSA Director Michael Hayden has written that in the event of a catastrophe, the US would literally hand the keys to the entire intelligence apparatus to it. Remember when it came to light that the US had been spying on German president Angela Merkel? It threw relations between the US and the European Union into chaos. This is not the kind of accusation you make without iron-clad proof and a willingness to jeopardize your diplomatic ties. Spicer had neither: the report he was quoting came from controversial media commentator Andrew Napolitano, citing unnamed sources.
GCHQ—in a very unusual public move—issued a statement Thursday denying Spicer’s claims. Hours later, the BBC reports that Spicer was forced to apologize and promise he would never repeat the claim again. In other words, “oops.”
Ugh. Just when you think what you do in your own bed is private between you and your smartphone-connected vibrator, the company that makes the device reveals it’s secretly been keeping dibs on your toy-play. Canadian sex-toy maker We-Vibe tracked the settings of people using its vibrators with the accompanying app. It collected information like how intense people preferred to set the vibration, and how warm their vibrators got. Since the company didn’t tell customers that it was gathering and analyzing this data, a court in Canada ruled this week that it will have to pay affected customers up to $10,000 each for the privacy violation.
Michael Flynn’s ties to Russia already got him booted from government after only 24 days as National Security Advisor to the president. But those ties are even stronger than anyone knew when he resigned last month. This week, it’s come to light that he was a paid operative of the Turkish government while he was also an official advisor to then-candidate Trump. Now, reports have surfaced that he earned more than $60,000 dollars from various Russian companies in 2015, including state-owned television station Russia Today, and the Russian cybersecurity firm Kaspersky Labs. This all became public after Maryland Democratic Representative Elijah E. Cummings sent the president a letter about it. It’s too late to fire Flynn again, but these payments could be grounds for legal action.
Security researcher Troy Hunt discovered that the email addresses of 33.7 million people working at US companies were for sale on the web this week. They came from a corporate database owned by data services company Dun & Bradstreet. The company denies that its servers were breached, and told ZDNET reporter Zack Whittaker—whose information was part of the leak—that it was looking into how the information got out. Thousands of employees of government agencies were among those affected. And though much of the information was already public either from earlier breaches or because it was listed on public websites, Hunt points out that by collecting it all in one easily searchable place, the information becomes much more useful to bad actors. If you want to see if you’re on the list, you can check on HaveIBeenPwned.com.
Melania Trump and Hillary Clinton now have another thing in common. Apparently a laptop that contained secret information pertaining to each of them was purloined on Friday from the car of a Secret Service agent in Brooklyn. The Secret Service confirmed the robbery, but said the laptop in question was encrypted. Unnamed law enforcement officials reported to numerous media outlets that the computer contained national security information, such as the layout of Trump Tower, where First Lady Melania Trump resides, as well as information about the closed investigation into Hillary Clinton’s email server. You know this already, but just in case you forgot: Don’t be like this Secret Service Agent. Don’t leave important or top secret stuff out where people can find. K?
It’s hard to keep the world’s youth safe in a world of chaos and screens, and this week brought home that fact when popular smartphone quiz game Wishbone got hacked. The hackers hit 287,000 cellphones that had the game downloaded. From that, they were able to access 2.2 million email addresses. They way they got in was by targeting a MongoDB database storing Wishbone data. If “MongoDB” sounds familiar, that’s because its free open-source databases have been getting hacked a lot lately. But then again, what hasn’t.