DDoSecrets, a radical transparency group, released hundreds of hours worth of surveillance footage from police helicopters on Friday. Although it is not clear who or what the motivations of the original owner of the data are, the trove shows just how wide-ranging law enforcement's surveillance has become and how high-quality its cameras are. Privacy advocates claim that the incident shows that authorities are not doing enough to protect sensitive data and that they have too loose retention policies.
Aside from aerial news, intelligence officials have confirmed that a consumer drone attempted to disrupt the US's power grid. The incident occurred at a Pennsylvania power substation on July 2020. A DJI Mavic 2 quadcopter equipped with nylon ropes, copper wire and a propeller seemed to be determined to cause a short-circuit but crashed onto a nearby roof just before reaching its target. Security experts have been warning about this possibility for many years and claim that regulators have not taken swift enough steps to address it.
China's new data privacy law was implemented this week. The ramifications of that have already begun to manifest themselves. Yahoo! Yahoo!
To generate interest in cryptocurrency, scammers used Squid Game's popularity to draw investors. They then took over $3 million from them. Although the White House Market dark internet bazaar was closed earlier this month, it raised security standards during its short tenure. If you have iCloud+, you can take advantage of all the new security features you now have.
Last but not least, take a few moments this weekend to read this story about how some parents created their own open-source version of their school's apponly to have the police call them.
There's more! Every week, we bring you all the security news WIRED hasn't covered in depth. To read the complete stories, click on the headlines. Stay safe out there.
DarkSide ransomware gang was one of the most prolific in a very crowded field criminal hackers for a long time. It culminated in an attack against Colonial Pipeline, which caused a temporary gas shortage on the East Coast. The attention they received led to them going dark shortly after. However, they resurfaced as BlackMatter soon after. The US State Department is offering a $10 million reward to anyone with information that can help them locate or identify DarkSide leaders. They also offer up to $5,000,000 for tips that lead or result in the conviction or arrest of DarkSide associates. Although there is no simple solution to ransomware, it is possible to put pressure on the most prominent perpetrators.
A different way to deal hackers? You can also exterminate hackers! This is the Ukrainian approach this week. They outed several members of Russia’s Gamaredon hacking group, and linked them to the country’s FSB intelligence agency. Ukrainian authorities shared the names of hackers and also released audio recordings of phone calls where hackers discussed their attacks and complained about their salaries. According to the Ukrainian Security Service, Gamaredon has been responsible for more than 5,000 cyberattacks on 1,500 government targets over the past three years.
It was a busy week for government enforcement The US this week added four cybersecurity-related firms to its Entity List, which indicates that they were involved in activities contrary to the national security or foreign policy interests of the United States. The NSO Group is the most recognizable name; the spyware company's Pegasus malware has been allegedly used to target journalists, dissidents, and human rights activists around the world. Candiru, an Israeli cybersecurity firm was also accused. Positive Technologies, a Russian cybersecurity company, was also included in the list. It had been previously sanctioned for its support of its homeland's intelligence service. This charge was also made against Singapore-based Computer Security Initiative Consultancy PTE.
This week, Cambridge researchers discovered a flaw within a Unicode component. It affects most code compilers. In practice, it can have implications for all code. It is possible that the bug could be used to attack supply chains, making it easy for hackers to exploit vulnerabilities in the foundational code that powers many programs. We all know the process.
Here are more great WIRED stories
