For many years, a mystery figure known as Stern led the Trickbot Ransomware gang. He evaded identification while other members were revealed in leaks. This week, German authorities revealed without much fanfare who they believe the mysterious hacker kingpin is: Vitaly Nikolaevich Kovalev. A 36-year old Russian man, Kovalev remains at large in Russia.
WIRED revealed, closer to home, that Customs and Border Protection had mouth-swabbed 133,00 migrant children and teens to collect their DNA and upload their genetic data to a national criminal databases used by local, State, and Federal law enforcement. WIRED has also uncovered evidence linking a Swedish mixed-martial arts tournament with a California-based neo Nazi “fight club”. The Trump administration’s migrant clampdown is often justified by invoking crime and terrorism.
For people who want to avoid the US government’s surveillance, we have provided tips on more private alternatives to US based web browsing, emails, and search tools. We also compiled a general guide on how to protect yourself from hacking and surveillance, based upon questions that our senior writer Matt Burgess was asked in a Reddit Ask Me Anything.
That’s not all. We round up every week the latest security and privacy stories that we haven’t covered in depth. Click on the headlines for the full stories. Stay safe.
Hacker may have deepfaked Trump’s Chief Staff in a Phishing Campaign.
The FBI investigates who impersonated Susie Wiles in a series fraudulent messages and phone calls to high-profile Republican politicians and business executives. The Wall Street Journal reported. The FBI and government officials involved in the investigation say that the spear-phishing calls and messages appear to have targeted people on Wiles’ contacts list. Wiles, meanwhile, has reportedly informed colleagues that her phone was hacked so attackers could access those contacts.
Although Wiles has reported that her device was hacked, there is no confirmation as to whether this is how attackers identified Wiles’ associates. This list could also be compiled from publicly available data and data sold by brokers on the gray market.
It’s an embarrassing lack of security awareness. Jake Williams, a former NSA Hacker and Vice President of Research and Development at Hunter Strategy, says that you cannot convince him they did their security training. “This is the kind of social engineering that anyone can end up having to deal with these days. Top government officials should expect it.”
Some targets received not only text messages, but also phone calls that impersonated Wiles’ voice. Some government officials believe that the calls may have been made using artificial intelligence tools. If this is the case, it would be one of the biggest cases of phishing attempts using so-called “deepfake” software. The FBI told White House officials that it has ruled out foreign involvement in the impersonation campaigns. While some of the impersonation efforts appeared to have a political goal–a member from Congress was asked to compile a list of potential pardonees for Trump–in one case, the impersonator attempted to trick the target into setting up an electronic cash transfer. This attempt to rob money suggests that the spoofing operation may be less an espionage campaign than a standard cybercriminal fraud scheme.
Hunter Strategy’s Williams: “There is an argument for using something like Signal – yes, the irony – or another messaging platform that provides an independent form of verification if users wish to validate who they are talking to.” “The key is that government officials use vetted tools, and follow all federally mandated protocol rather than just winging their own devices.” The Department of Justice has revealed that they arrested 37-year-old Sina Golinejad in North Carolina in January last year and that he pleaded guilty before a court. Gholinejad admitted to his involvement in the Robbinhood ransomware attack that also affected Greenville, North Carolina and Yonkers, New York. Gholinejad’s identity and why he traveled to the US is still unclear, as most ransomware criminals prefer to stay in countries without extradition agreements to the US government. This means they are out of reach for US law enforcement. In fact, the indictment names several unnamed conspirators who could still be at large in Iran.
Russia’s Nuclear Blueprints Exposed In Huge Document Leak.
According to reports this week from Danwatch, a Danish media outlet, and Der Spiegel in Germanymore than 2 million documents exposed in a database revealed Russia’s nuclear weapons facilities with unprecedented levels of detail. Reporters sifted through the massive trove of documents related to Russian military procurement, as Russian authorities gradually restricted access. They found blueprints for nuclear plants across the country. Experts described the leak as an unprecedented breach of Russia’s security in nuclear matters. The data could be extremely useful to foreign governments and intelligence agencies.
These documents show how Russia’s nuclear facilities were rebuilt in the last few years, including where new facilities were created. They also include detailed site plans, including the locations for barracks, watchtowers and underground tunnels that connect buildings. The documents include descriptions of IT and security systems. This includes information on surveillance cameras and electric fences, as well as alarm systems. Danwatch reports that”It is written exactly where the control rooms are, and which buildings are linked to each other by underground tunnels.”
Cops Used License Plate Recognition Cameras in Search for Woman Who Got an Abortion
License-plate-recognition cameras are creating huge databases of people’s movements across America–capturing where and when cars are traveling. Since years, there have been fears that the cameras can be weaponized by private investigators or law enforcement officials and used against those who seek abortions or provide abortion-related care. The Johnson County Sheriff’s Office, in Texas (where abortions are almost all illegal), searched 83,000 Flock license plate reader cameras to find a woman who they believe had a self administered abortion. 404 Media reported on this this week. Sheriff Adam King stated that the officials were not trying to “block the woman from leaving the state”but rather searching for her because her family was worried about her safety. Experts say that a search of the entire United States reveals the vast dragnet of license plate-reader cameras, and how those seeking abortions are tracked. Eva Galperin is the director of cybersecurity for the Electronic Frontier Foundation. She told 404 Media that this type of surveillance does not make her feel any better.
Investment Scam Company linked to $200 Million Losses Sanctioned By US Government
Philippines based company Funnull Technology, and its boss Liu Lizhi have been sanctioned by the US Treasury’s Office of Foreign Assets Control because of their links to investment scams and romance scams. These are often referred as “pig butchering” scams. “Funnull directly facilitated many of these schemes resulting in more than $200 million in US victims-reported losses,” OFAC stated in a statement announcing sanctions. The company purchases IP address from major cloud service provider and then sells it to cybercriminals, who can use them to host a scam website. According to OFAC, Funnull “is linked to the majority” investment scam websites reported by the FBI. In January, independent cybersecurity journalist Brian Krebs described how Funnull (19459079) was abusing Amazon and Microsoft cloud services.
