by What more controversial rather than a popular surveillance camera manufacturer that has an uncomfortably cozy relationship with the US police? When ransomware hackers claim they breached that company—Amazon-owned camera maker Ring—stolen its data, Ring responds by denying the breach.
But we’ll get to that.
Five years ago, police in the Netherlands caught members of the Russian military intelligence agency GRU trying to hack into the Organization for the Prohibition of Chemical Weapons in The Hague. The group had parked a rental car outside the agency’s building and hid a Wi-Fi spy antenna in its trunk. Within the GRU team was Evgenii Serebriakov, who was caught with other Wi-Fi hacking tools in his backpack.
Since then, surprisingly, Serebriakov has only risen in status. This week, Western intelligence sources told WIRED that Serebriakov is now the new leader of one of the world’s most aggressive hacker units. Serebriakov took over Sandworm, which is responsible for some of the worst cyberattacks in history, in the spring of 2022. His rise to the senior role, experts say, shows how small the pool of skilled nation-state hackers is likely to be. proves Serebriakov’s value to Russia.
Nowhere on the Internet is threat-free—and that includes LinkedIn. This week we looked at how spies, fraudsters and hackers from Iran, North Korea, Russia and China are using the business network to seek out and approach intelligence targets. Additionally, LinkedIn is plagued with thousands of suspicious accounts. removed hundreds from WIRED’s profile when we reported them.
The Western crackdown on TikTok continues—this week the UK joined the US, Belgium, Canada and the European Union in banning the social media app from being used on government devices. But in the U.S., Senator Mark Warner is trying to pass legislation, under the guise of a bipartisan restriction bill, that would allow officials to ban apps and services from six “hostile” nations: China, Russia, North Korea, Iran, Cuba, and Venezuela. We sat down with Warner and asked about the plans.
A Wired analysis of “cybercrime” cases in the US shows how vague and wide-ranging the term can be. Without a clear and universal definition of cybercrime, human rights and civil liberties issues may become global. Speaking of criminals, scammers are getting better at using fake voices to trick people. And ransomware gangs are sinking to a new deplorable low. As more and more companies and organizations refuse to pay ransoms, criminal gangs are increasingly using extortion as leverage: they are now publishing stolen photos of cancer patients and sensitive student records.
But wait, there’s more. Each week, we round up the security news we didn’t cover in depth ourselves. Click on the headlines to read the full stories and stay safe out there.
ALPHV, a prolific group of hackers who extort companies with ransomware and leak their stolen data, said earlier this week that it had breached security camera maker Ring and threatened to dump the company’s data online if it didn’t pay up. “There is always an option to allow us to leak your data…” the hackers wrote in a message to Ring on their leak site. Ring has so far responded with a denial, saying on Vice’s motherboard, “We currently have no indication of a ransomware event,” but says it knows of a third-party vendor that has experienced it. That vendor, Ring says, has no access to any customer records.
Meanwhile, ALPHV, which has previously used BlackCat ransomware to target companies such as Bandai Namco, Swissport and hospital company Lehigh Valley Health Network, stands by its claim that it breached Ring itself and not a third party supplier. A member of the VX-Underground malware research team shared with WIRED screenshots of a conversation with an ALPHV representative who says they are still in “negotiations” with Ring.
Amidst the ongoing ransomware epidemic, it’s no surprise that Ring isn’t the only one facing extortion issues. So is Maximum Industries, supplier of rocket components for Elon Musk’s SpaceX. The hackers, a well-known ransomware gang known as LockBit, taunted Musk on their website, threatening to sell the stolen information to the highest bidder if Maximum didn’t pay up by a March 20 deadline. “I’d say we were lucky if the Space-X contractors were more talkative. But I think this stuff will find its buyer as soon as possible,” the hackers wrote. “Elon Musk we will help you sell your designs to other manufacturers.”
Google’s Project Zero, its security research group dedicated to finding unknown vulnerabilities in widely used tech products, warned Thursday that it had discovered serious, hackable flaws in Samsung chips used in dozens of Android devices. In total, the researchers found 18 distinct vulnerabilities in Samsung’s Exynos modems for smartphones, but say four of them are particularly critical and would allow a hacker to “remotely demote a phone to the baseband level without user interaction and demand only that the attacker knows the victim’s phone number.” Project Zero rarely releases information about unpatched vulnerabilities. But it says it gave Samsung 90 days to fix the flaws, and it still hasn’t. A bit of public shaming, perhaps , may prompt Samsung to move faster to protect Google users from an insidious form of attack.
Since 2017, the cryptocurrency “mixer” service ChipMixer has quietly evolved into a powerful cryptocurrency money-laundering unit, taking users’ coins, mixing them with others, and then sending them back to hide the money trail on blockchains. In the process, the Justice Department says it laundered $3 billion worth of criminal funds, including ransomware payments, stolen North Korean hacks, and even profits from the sale of child sexual exploitation material. Now, in a bust conducted by several European law enforcement agencies and coordinated by Europol as well as the FBI and DHS, ChipMixer has been shut down and its infrastructure seized. The site’s alleged creator, 49-year-old Vietnamese national Minh Quốc Nguyễn, remains unreachable: He was only charged in absentia with money laundering.
But the most interesting outcome of the case may have more to do with the collapse of the now-infamous cryptocurrency exchange FTX: A portion of FTX’s funds stolen amid bankruptcy proceedings in November were funneled into ChipMixer. Seizing the servers of this mixing service may well prevent the FTX thieves from trying to evade detection and help solve one of the central mysteries of this high-profile heist.
Only in the cryptocurrency world, where thefts of more than half a billion dollars now happen several times a year, does the theft of $200 million deserve the lowest place in a news roundup. Earlier this week, distributed trading protocol Euler Finance lost nearly $200 million in cryptocurrency to hackers who found a vulnerability in its code. Initially, Euler, the company behind this protocol, offered to let the hackers keep $20 million if they returned the rest of the funds. But after that offer was ignored—in fact, the hackers sent the funds to mixing service Tornado Cash in hopes of covering their tracks—the company announced a $1 million reward on the hackers’ heads.
