Like the Biden The administration moves on an ever-growing list of political initiatives, the White House issued sanctions this week for a series of Russian misdeeds including interference in the 2020 election, the poisoning of dissident Aleksey Navalny and the SolarWinds hacking frenzy that swept through US government agencies and many private sector companies. The retaliation movement is complicated when it comes to SolarWinds, however, as it was the type of spy operation that would typically fall within geopolitical norms.
Elsewhere in the U.S. government, the Justice Department took a drastic step this week to end a Chinese hacking frenzy by allowing the FBI to obtain a warrant, then directly remove attackers’ hacking infrastructure from internal systems. hundreds of victims. Many in the security community praised the effort, but the move has also stirred up some controversy given the precedent it could set for future actions by the U.S. government that may be more invasive.
In the tense world of Internet of Things security, researchers on Tuesday released findings that more than 100 million on-board devices and IT management servers are potentially vulnerable to attack, due to flaws in protocols networking fundamentals. The devices are manufactured by many vendors and used in environments ranging from mainstream offices to healthcare and critical infrastructure, potentially exposing these networks to attack.
If you’re trying to lock down your accounts and reduce your dependence on passwords, we have an alternatives guide that will walk you through a number of platforms. And if you feel a general sense of existential dread about all manner of threats, you’re not alone – the U.S. intelligence community seems to feel the same.
And there’s more. Each week, we collect all the news that WIRED hasn’t covered in depth. Click on the titles to read the full stories. And stay safe there.
In 2016, the US government attempted to coerce Apple into unlocking the iPhone of one of the San Bernardino shooters. The case could have set a precedent that the government could require tech companies to undermine security protections on their products or insert “backdoors.” (Several law enforcement agencies and legislators around the world still advocate for this type of access.) But privacy advocates and security experts have unequivocally and consistently stated that backdoors are dangerous and will expose people to unacceptable security and privacy risks. In the San Bernardino case, the FBI finally found a way to access the device without Apple’s help. Reports at the time indicated that the FBI paid around $ 1 million to use an iPhone hacking tool developed by a private company. This week, The Washington Post revealed that the company that sold the tool is not one of the best-known players, but rather a small Australian company known as Azimuth, now owned by US defense contractor L3Harris. The news provides a useful detail as businesses consider resisting further such orders that may come from the US Department of Justice or other governments in the future.
As part of the White House’s sanctions against Russia this week, the Biden administration released a list of cybersecurity vendors who allegedly provided hacking tools and other services to offensive Russian government hackers. One of these companies, Positive Technologies, is a member of Microsoft’s Active Protection Program, a group of nearly 100 software vendors who receive an advanced warning from Microsoft about vulnerabilities in Windows or other Microsoft products prior to release. release of a fix. Microsoft sometimes shares proof of concept that a vulnerability can be maliciously exploited in order to coordinate public disclosure of the vulnerability. The idea is for Microsoft’s trusted security partners to embark on the inevitable flood of malicious activity that occurs once patches are released and attackers around the world can reverse engineer them to create their own. own hacking tools. If Positive Technologies worked closely with the Russian government, it could have leaked the information and allowed attackers to modify their techniques or arm loopholes they did not know. The company has strongly denied the allegations.
The European Commissioner for Budget and Administration said this week that SolarWinds’ hacking frenzy has potentially compromised six offices in the European Union. A total of 14 EU agencies were using a version of the affected SolarWinds Orion software at the time of the hack. The EU Computer Emergency Response Team did not specify the six agencies that downloaded the corrupted update and did not specify how many of those six agencies were deeply compromised by hackers Russian computing. However, CERT-EU said that for at least some of the six countries there was “significant impact” and “some personal data breaches have occurred”.
More WIRED stories
- 📩 The latest news in technology, science and more: receive our newsletters!
- A boy, his brain and a decades-long medical controversy
- How to layer clothes for your next outdoor adventure
- Hawks, Lokis, Nerd Cannons, and why you don’t have to worry about them
- Larry Brilliant has a plan to accelerate the end of the pandemic
- Facebook’s “Red Team X” hunts bugs beyond its walls
- 👁️ Explore AI like never before with our new database
- 🎮 Wired games: get the latest tips, reviews and more
- 🎧 Things not sounding good? Check out our favorite wireless bluetooth headphones, soundbars and speakers