Ring Is in a Standoff With Hackers
What’s more controversial than a popular surveillance camera maker that has an uncomfortably cozy relationship with American police? When ransomware hackers claim to have breached that company—Amazon-owned camera maker Ring—stolen its data, and Ring responds by denying the breach.
But we’ll get to that.
Five years ago, police in the Netherlands caught members of Russia’s GRU military intelligence red-handed as they tried to hack the Organization for the Prohibition of Chemical Weapons in The Hague. The team had parked a rental car outside the organization’s building and hid a Wi-Fi snooping antenna in its trunk. Within the GRU group was Evgenii Serebriakov, who was caught with further Wi-Fi hacking tools in his backpack.
Since then, surprisingly, Serebriakov has only risen in status. This week, Western intelligence sources told WIRED that Serebriakov is now the new leader of one of the world’s most aggressive hacking units. Serebriakov took over Sandworm, which is responsible for some of the worst cyberattacks in history, in the spring of 2022. His elevation to the senior role, experts say, shows how small the pool of skilled nation-state hackers is likely to be and demonstrates Serebriakov’s value to Russia.
Nowhere on the internet is free from threats—and that includes LinkedIn. This week we looked at how spies, scammers, and hackers from Iran, North Korea, Russia, and China are using the professional network to scout and approach intelligence targets. In addition, LinkedIn is plagued with thousands of suspicious accounts; it removed hundreds from WIRED’s profile when we reported them.
The Western clampdown on TikTok is continuing—this week the UK joined the US, Belgium, Canada, and the European Union in banning the social media app from being used on government devices. But in the US, Senator Mark Warner is trying to pass legislation, in the guise of the bipartisan Restrict Act, that will allow officials to ban apps and services from six “hostile” nations: China, Russia, North Korea, Iran, Cuba, and Venezuela. We sat down with Warner and asked about the plans.
A WIRED analysis of “cybercrime” cases across the US shows how vague and wide-ranging the term can be. Without a clear and universal definition of cybercrime, human rights and civil liberties issues may expand globally. Speaking of criminals, scammers are getting better at using voice deepfakes to con people. And ransomware gangs are sinking to a new deplorable low. As more and more companies and organizations refuse to pay ransoms, criminal gangs are increasingly using extortion as leverage: they are now releasing photos stolen from cancer patients and sensitive student records.
But wait, there’s more. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.
ALPHV, a prolific group of hackers who extort companies with ransomware and leak their stolen data, said earlier this week that it had breached security camera maker Ring and threatened to dump the company’s data online if it doesn’t pay. “There’s always an option to let us leak your data …” the hackers wrote in a message to Ring on their leak site. Ring has so far responded with a denial, telling Vice’s Motherboard, “We currently have no indications of a ransomware event,” but it says it’s aware of a third-party vendor that has experienced one. That vendor, Ring says, doesn’t have access to any customer records.
Meanwhile, ALPHV, which has previously used its BlackCat ransomware to target companies like Bandai Namco, Swissport, and hospital firm Lehigh Valley Health Network, stands by its claim to have breached Ring itself, not a third-party vendor. A member of the malware research group VX-Underground shared with WIRED screenshots of a conversation with an ALPHV representative who says that it’s still in “negotiations” with Ring.
Amid the ongoing ransomware epidemic, it’s no surprise that Ring isn’t alone in facing extortion problems. So too is Maximum Industries, a supplier of rocket parts for Elon Musk’s SpaceX. The hackers, a well-known ransomware gang known as LockBit, taunted Musk on their website, threatening to sell the stolen information to the highest bidder if Maximum doesn’t pay by their March 20 deadline. “I would say we were lucky if Space-X contractors were more talkative. But I think this material will find its buyer as soon as possible,” the hackers wrote. “Elon Musk we will help you sell your drawings to other manufacturers.”
Google’s Project Zero, its security research team devoted to finding unknown vulnerabilities in widely used tech products, warned Thursday that it had discovered severe hackable flaws in Samsung chips used in dozens of Android devices. In total, the researchers found 18 distinct vulnerabilities in Samsung’s Exynos modems for smartphones, but they say that four of them are particularly critical and would allow a hacker to “remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number.” Project Zero only rarely publishes information on unpatched vulnerabilities. But it says that it gave Samsung 90 days to fix the flaws, and it hasn’t yet. A bit of public shaming, perhaps, might spur Samsung to move faster to protect Google’s users from an insidious form of attack.
Since 2017, the cryptocurrency “mixer” service ChipMixer quietly grew into a powerhouse of cryptocurrency money laundering, taking in users’ coins, mixing them with others and then sending them back to obscure the money’s trail across blockchains. In the process, the Department of Justice says it laundered $3 billion worth of criminal funds, including ransomware payments, North Korean hackers’ stolen loot, and even profits from the sale of child sexual exploitation materials. Now, in a bust carried out by multiple European law enforcement agencies and coordinated by Europol as well as the FBI and DHS, ChipMixer has been taken offline and its infrastructure seized. The site’s alleged creator, 49-year-old Vietnamese national Minh Quốc Nguyễn, remains out of reach: He’s been charged with money laundering only in absentia.
But the most intriguing result of the case may have more to do with the meltdown of the now notorious cryptocurrency exchange FTX: A portion of FTX’s funds that were stolen in the midst of its bankruptcy proceedings in November were funneled into ChipMixer. Seizing the servers of that mixing service may well foil the FTX thieves’ attempt to evade tracing and help solve one of the central mysteries of that high-profile heist.
Only in the cryptocurrency world, where thefts of more than half a billion dollars now occur multiple times a year, does the stealing of $200 million merit the lowest spot on a news roundup. Early this week, the distributed trading protocol Euler Finance lost nearly $200 million in cryptocurrency to hackers who found a vulnerability in its code. At first, Euler, the company behind that protocol, offered to let the hackers keep $20 million if they returned the rest of the funds. But after that offer was ignored—in fact, the hackers have sent the funds to the Tornado Cash mixing service in the hopes of covering their tracks—the firm has announced a $1 million bounty on the hackers’ heads.
Lukas Gage Jokes He “Needed to Be Tamed” Before Chris Appleton Romance
Daddy-Daughter Date! See Jason Bateman Take Daughter Maple to Lakers Game
European boxing champ Maksym Galinichev killed fighting in Ukraine
Experience the traditions of Holy Week in Quito
Forget the latest polls: A state marathon could boost DeSantis against Trump
Remittances’ Shift To Digital: Driving Change In An Industry Split Between Yesterday And Tomorrow
Used Car Prices Down 8.7 Percent From Last Year, According To Study
Volkswagen Assets Frozen In Russia Over Contract Dispute
What a Lifting Belt Can—and Can’t—Do for Your Workout
Mediterranean Tofu Scramble Recipe | SELF
Ryan Gosling Once Joked That Working With Emma Stone on More Than 1 Film Was Tough
Two anti-war voices in Republican Party speak up
To Fight Coastal Erosion, Design a Bespoke Artificial Reef
Why Andy Griffith Was in Brad Paisley’s ‘Waitin’ on a Woman’ Music Video
The coming crucial battle for Crimea
Finance20 hours ago
Venezuela’s Anti-Corruption Investigation Rocks Cryptocurrency Industry: Exchanges and Mining Farms Shut Down
Finance18 hours ago
Could TikTok Get Banned Before It Goes Public? Congress Hearing Throws Doubt On Company’s Future, Keeping Tech Investors On Their Toes
Investing20 hours ago
Morgan Stanley believes this mega-cap tech stock has 50% upside
News19 hours ago
Did Edward VIII Help the Nazis Bomb Buckingham Palace?
Auto24 hours ago
Kia Soul Goes Airborne After Smashing Into Runway Wheel In Wild Crash
News19 hours ago
The Sonos Era 100 Is a Compact, Smart—and Perfect—Speaker
News17 hours ago
Plastics Are Devastating the Guts of Seabirds
News20 hours ago
Police: Man slashed on forehead in Hell’s Kitchen