If you’re looking for a long read to get you through the weekend, we’ve got you covered. First, WIRED senior reporter Andy Greenberg reveals The crazy story behind the three teenage hackers who created the Mirai botnet code which ultimately wiped out much of the Internet in 2016. WIRED contributor Garrett Graff draws from his new book on UFOs to expose the proof that the “discovery” of extraterrestrials in Roswell, New Mexico, in 1947, It never really happened. And finally, we delve deeper into the communities that are solving cold cases using facial recognition and other AI.
Thats not all. Every week, we round up the security and privacy stories that we ourselves don’t report in depth. Click on the headlines to read the full stories and stay safe.
For years, mercenary hacking firms such as NSO Group and Hacking Team have repeatedly been the subject of scandals for selling their digital intrusion and cyberespionage services to clients around the world. Much less well known is an Indian startup called Appin that, from its offices in New Delhi, allowed clients around the world to hack whistleblowers, activists, corporate competitors, lawyers and celebrities on a giant scale.
In a sprawling investigation, Reuters reporters spoke to dozens of former Appin employees and hundreds of its hacking victims. She also obtained thousands of his internal documents, including 17 presentation documents announcing his “cyber espionage” and “cyber warfare” offerings, as well as case files from police investigations into Appin launched from the United States to Switzerland. The resulting story further reveals how a small Indian company “hacked the world,” as Reuters writes, shamelessly selling its hacking capabilities to the highest bidder through an online portal called My Commando. His victims, as well as those of copycat hacking companies founded by his former students, include Russian oligarch Boris Berezovsky, Malaysian politician Mohamed Azmin Ali, targets of a Dominican digital tabloid, and a member of a Native American tribe who attempted to claim profits from a casino development on Long Island, New York, in your reserve.
The ransomware group known as Scattered Spider has distinguished itself this year as one of the most ruthless in the digital extortion industry, recently inflicting approximately $100 million in damages on MGM casinos. A damning new report from Reuters (its cyber team has had a busy week) suggests that at least some members of that cybercriminal group are based in the West, within reach of American law enforcement. However, they have not been arrested. Executives at cybersecurity companies who have followed Scattered Spider’s trail say the FBI, where many cybersecurity-focused agents have been poached by the private sector, may lack the staff needed to investigate. They also point to a reluctance on the part of victims to immediately cooperate in investigations, sometimes depriving authorities of valuable evidence.
Denmark’s critical infrastructure Computer Emergency Response Team, known as SektorCERT, warned in a report on Sunday that hackers had breached the networks of 22 Danish energy companies by exploiting a bug in their firewall devices. The report, first. revealed by Danish journalist Henrik Moltke, described the campaign as the largest of its kind ever targeting the Danish power grid. Some clues in the hackers’ infrastructure suggest that the group behind the intrusions was the notorious Sandworm, also known as Unit 74455 of the Russian military intelligence agency GRU, which has been responsible for the only three confirmed blackouts caused by hackers in history, all in Ukraine. But in this case, the hackers were discovered and evicted from the targeted networks before they could cause any disruption to utility customers.
Last month, WIRED covered the efforts of a white hat hacking startup called Unciphered to unlock valuable cryptocurrency wallets whose owners have forgotten their passwords, including a stash of $250 million worth of bitcoins trapped in an encrypted USB drive. Now, the same company has revealed that it found a flaw in a widely used random number generator in cryptocurrency wallets created before 2016 that leaves many of those wallets prone to theft, which could add up to $1 billion in vulnerable money. . Unciphered encountered the flaw while attempting to unlock $600,000 in cryptocurrency locked in a customer’s wallet. They failed to crack it, but in the process discovered a flaw in an open source code called BitcoinJS that left a wide swath of other wallets potentially open to hacking. The coder who built that flaw into BitcoinJS? None other than Stefan Thomas, the owner of those same $250 million in bitcoins stored on a USB stick.