Like the Biden The administration is moving on an ever-growing list of political initiatives, the White House issued sanctions this week for a series of Russian misdeeds including interference in the 2020 election, the poisoning of dissident Aleksey Navalny and the SolarWinds Hacking Spree which swept through US government agencies and many private sector companies. The retaliatory movement is complicated when it comes to SolarWinds, however, because it was the type of espionage operation that would generally fall under geopolitical norms.
Elsewhere in the US government, the Department of Justice took a radical step this week to end a Chinese hacking frenzy by allowing the FBI to obtain a warrant and then directly remove the attacker’s hacking infrastructure from the internal systems of hundreds of victims. Many in the security community praised the effort, but the move has also fueled some controversy given the precedent it could set for future actions by the U.S. government that may be more invasive.
In the tense world of Internet of Things security, researchers on Tuesday released results that found more than 100 million on-board devices and IT management servers are potentially vulnerable to attacks, due to flaws in fundamental network protocols. The devices are manufactured by many vendors and used in environments ranging from mainstream offices to healthcare and critical infrastructure, potentially exposing these networks to attack.
If you’re trying to lock down your accounts and reduce your dependence on passwords, we’ve got a alternatives guide which will guide you on a number of platforms. And if you feel a general sense of existential dread in the face of all manner of threats, you’re not alone – the U.S. intelligence community seems to be. feel the same.
And there’s more. Each week, we collect all the news that WIRED hasn’t covered in depth. Click on the titles to read the full stories. And stay safe there.
In 2016, the US government tried to force Apple to unlock iPhone one of the San Bernardino shooters. The case could have set a precedent that the government could require tech companies to undermine security protections on their products or insert “backdoors.” (Several law enforcement agencies and legislators around the world continue to advocate for this type of access). But privacy advocates and security experts have unequivocally and consistently stated that backdoors are dangerous and expose people to unacceptable security and privacy risks. In the San Bernardino case, the FBI finally found a way to access the device without Apple’s help. Reports at the time indicated that the FBI paid around $ 1 million to use an iPhone hacking tool developed by a private company. This week, The Washington Post revealed that the company that sold the tool is not one of the best-known players, but rather a small Australian company known as Azimuth, which is now owned by US defense contractor L3Harris. The news provides a useful detail as businesses consider resisting more such orders that may come from the US Department of Justice or other governments in the future.
As part of the White House’s sanctions against Russia this week, the Biden administration released a list of cybersecurity vendors who allegedly provided hacking tools and other services to offensive Russian government hackers. One of these companies, Positive Technologies, is a member of Microsoft’s Active Protection Program, a group of nearly 100 software vendors who receive an advanced warning from Microsoft about vulnerabilities in Windows or other Microsoft products prior to release. release of a fix. Microsoft sometimes shares proof of concept that a vulnerability can be maliciously exploited in order to coordinate public disclosure of the vulnerability. The idea is for Microsoft’s trusted security partners to embark on the inevitable flood of malicious activity that occurs once patches are released and attackers around the world can reverse engineer them to create their own. own hacking tools. While Positive Technologies worked closely with the Russian government, it could have disclosed the information and allowed attackers to modify their techniques or militarize flaws they did not know about. The company has strongly denied the allegations.
The European Commissioner for Budget and Administration said this week that SolarWinds’ hacking frenzy has potentially compromised six offices in the European Union. A total of 14 EU agencies were using a version of the affected SolarWinds Orion software at the time of the hack. The EU Computer Emergency Response Team did not specify the six agencies that downloaded the corrupted update and did not specify how many of those six agencies were deeply compromised by hackers Russian computing. However, CERT-EU said that for at least some of the six countries there was “significant impact” and “some personal data breaches have occurred”.
More WIRED stories
- 📩 The latest news in technology, science and more: Receive our newsletters!
- A boy, his brain and a decades-long medical controversy
- How to layer clothes for your next outdoor adventure
- Hawks, Lokis, Nerd Cannons and Why You do not have to worry
- Larry Brilliant has a plan for accelerate the end of the pandemic
- Facebook’s “Red Team X” chasing bugs beyond its walls
- 👁️ Explore AI like never before with our new database
- 🎮 WIRED Games: get the latest tips, advice and more
- 🎧 Things not sounding good? Check out our favorite wireless earphones, sound bars, and Bluetooth speakers