Security news this week: Ring is in conflict with hackers
What’s more controversial than a popular surveillance camera manufacturer who has an uncomfortably cozy relationship with US law enforcement? When ransomware hackers claim to have breached that company—Amazon-owned camera maker Ring—stole their data, Ring responds by denying the breach.
But we’ll get to that.
Five years ago, police in the Netherlands caught members of Russia’s GRU military intelligence red-handed when they tried to hack the Organization for the Prohibition of Chemical Weapons in The Hague. The team had parked a rental car outside the organization’s building and hidden a Wi-Fi snooping antenna in the trunk. Within the GRU group was Evgenii Serebriakov, who was caught with additional Wi-Fi hacking tools in his backpack.
Since then, surprisingly, Serebriakov has only risen in status. This week, Western intelligence sources told WIRED that Serebriakov is now the new leader of one of the world’s most aggressive hacking units. Serebriakov took over Sandworm, responsible for some of the worst cyberattacks in history, in the spring of 2022. His elevation to the senior role, experts say, shows how small the pool of skilled nation-state hackers is likely to be and demonstrates Serebriakov’s value to Russia.
No place on the internet is free from threats – and that includes LinkedIn. This week we looked at how spies, fraudsters and hackers from Iran, North Korea, Russia and China use the professional network to scout and approach intelligence targets. In addition, LinkedIn is plagued with thousands of suspicious accounts; it removed hundreds from WIRED’s profile when we reported them.
The Western crackdown on TikTok continues – this week the UK joined the US, Belgium, Canada and the EU in banning the social media app from being used on public devices. But in the US, Senator Mark Warner is trying to pass legislation, under the guise of the bipartisan Restrict Act, that would allow officials to ban apps and services from six “hostile” nations: China, Russia, North Korea, Iran, Cuba, and Venezuela. We sat down with Warner and asked about the plans.
A WIRED analysis of “cybercrime” cases across the United States shows how vague and sweeping the term can be. Without a clear and universal definition of cybercrime, human rights and civil liberties can expand globally. Speaking of criminals, fraudsters are getting better at using voice deepfakes to trick people. And gangs for ransom are dropping to a new deplorable low. As more and more companies and organizations refuse to pay ransoms, criminal gangs are increasingly using blackmail as leverage: they are now releasing images stolen from cancer patients and sensitive student records.
But wait, there’s more. Each week we round up the security news we didn’t cover in depth ourselves. Click on the headlines to read the full stories, and be safe out there.
Ring is in conflict with a ransomware gang
ALPHV, a prolific group of hackers who extort companies with ransomware and leak their stolen data, said earlier this week that it had breached security camera maker Ring and threatened to dump the company’s data online if it didn’t pay off. “There is always an option to let us leak your data…” the hackers wrote in a message to Ring on their leak page. Ring has so far responded with a denial, telling Vice Mainboard, “We currently have no indication of a ransomware incident,” but it says it is aware of a third-party vendor that has experienced one. That supplier, says Ring, does not have access to any customer registers.
Meanwhile, ALPHV, which has previously used its BlackCat ransomware to target companies such as Bandai Namco, Swissport and hospital firm Lehigh Valley Health Network, stands by its claim to have breached Ring itself, not a third-party vendor. A member of the malware research group VX-Underground shared with WIRED screenshots of a conversation with an ALPHV representative who says it is still in “negotiations” with Ring.
Ransomware hackers claim to breach SpaceX supplier
In the midst of the ongoing ransomware epidemic, it’s no surprise that Ring is not alone in facing extortion issues. So is Maximum Industries, a supplier of rocket parts to Elon Musk’s SpaceX. The hackers, a well-known ransom gang known as LockBit, taunted Musk on their website and threatened to sell the stolen information to the highest bidder if Maximum did not pay by the March 20 deadline. “I would say we were lucky if Space-X entrepreneurs were more talkative. But I think this material will find its buyer as soon as possible,” the hackers wrote. “Elon Musk we will help you sell your drawings to others producers.”
Google warns of hackable flaws in Android phones’ Samsung chips
Google’s Project Zero, the security research team dedicated to finding unknown vulnerabilities in widely used technology products, warned Thursday that it had discovered serious hackable flaws in Samsung chips used in dozens of Android devices. In total, the researchers found 18 distinct vulnerabilities in Samsung’s Exynos modem for smartphones, but they say four of them are particularly critical and would allow a hacker to “remotely compromise a phone at the baseband level without user interaction, requiring only what the attacker knows about the victim’s phone number.” ” Project Zero only rarely publishes information about unpatched vulnerabilities. But it says it gave Samsung 90 days to fix the bugs, and it hasn’t yet. A bit of public shaming might spur Samsung to move faster to protect Google’s users from an insidious form of attack.
Law enforcement takes down crypto mix that laundered $3 billion
Since 2017, cryptocurrency “mixer” service ChipMixer has quietly grown into a cryptocurrency money laundering powerhouse, taking users’ coins, mixing them with others, and then sending them back to hide the money’s trail across blockchains. In the process, the Justice Department says it laundered $3 billion worth of criminal funds, including ransom payments, loot stolen by North Korean hackers and even profits from the sale of child sexual exploitation material. Now, in a bust carried out by several European law enforcement agencies and coordinated by Europol as well as the FBI and DHS, ChipMixer has been taken offline and its infrastructure seized. The site’s alleged creator, 49-year-old Vietnamese national Minh Quốc Nguyễn, remains at large: He is only charged with money laundering in absentia.
But the most intriguing outcome of the case may have more to do with the meltdown of now-infamous cryptocurrency exchange FTX: A portion of FTX’s funds that were stolen in the middle of bankruptcy proceedings in November were funneled into ChipMixer. Seizing the servers of that mixing service could well thwart the FTX thieves’ attempts to evade tracking and help solve one of the central mysteries of the high-profile heist.
Euler Finance offers million reward after losing $200 million to hackers
Only in the cryptocurrency world, where thefts of more than half a billion dollars now occur several times a year, does the theft of $200 million deserve the lowest spot on a news roundup. Earlier this week, distributed trading protocol Euler Finance lost nearly $200 million in cryptocurrency to hackers who found a vulnerability in its code. Initially, Euler, the company behind that protocol, offered to let the hackers keep $20 million if they returned the rest of the funds. But after the offer was ignored – in fact, the hackers sent the funds to the Tornado Cash mixing service in hopes of covering their tracks – the firm has announced a $1 million bounty on the hackers’ heads.