On Wednesday, August 23, Yevgeny Prigozhin, the head of the Russian mercenary outfit Wagner Group, was killed after his plane exploded and fell from the sky. While the details of exactly what happened are still scarce, open source information has helped to fill in the gaps.
To investigate technology, you need to be able to inspect it. Researchers and journalists have found clever ways to scrutinize Big Tech in the past, but these kinds of digital investigations are becoming increasingly more difficult. Surya Mattu, a data journalist who leads Princeton University’s Digital Witness Lab, makes the case for an inspectability API.
A mysterious group of hackers has pulled off a new supply chain attack. The hackers hijacked software updates of a particular piece of security software and injected malware that targeted 100 computers across Asia. Because most of the attack’s victims were based in Hong Kong, researchers say China-linked hackers may be the culprits.
The ever-tumultuous world of US politics shuddered this week as former president Donald Trump was booked in Georgia over charges related to his attempts to overturn the 2020 presidential election results in the state. We took a deep dive into the reasons why this indictment is both dangerous and necessary for America's future. And we detailed why it matters that he got his mug shot taken.
In other news, we spoke to Alex Pall of The Chainsmokers about why he’s been partying with (and investing in) niche cybersecurity companies. Lastly, some news you can use: We ranked the most popular digital abortion clinics according to their data privacy practices, and here’s some advice for how to talk to your kids about social media and mental health.
That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
This Tool Lets Hackers Dox Almost Anyone in the US
A breakout investigation published by the worker-owned tech outlet 404 Media, which launched this week, uncovered a terrifying new tool that criminals are using to gain access to the personal data of nearly any adult in the United States. The “secret weapon,” which is not named in the piece, is a telegram bot that can, within minutes, provide a criminal with virtually any American’s address, birth date, phone number, email, and occasionally even their Social Security number.
According to the report, the tool retrieves sensitive data by taking advantage of unauthorized access to third-party data brokers who can access the sensitive information from credit bureaus such as Experian, Equifax, and TransUnion.
The majority of the adult population has their personal information collected and stored by credit bureaus, which accumulate massive amounts of data in order to monitor credit scores. The credit bureaus sell access to some of this data to third-party companies which, in turn, resell it to people like private investigators or real estate investors. A criminal who has gained access to one of these companies, in effect, can dox nearly any American with a credit card. This appears to be what has happened, according to the report.
Most PopularBusinessThe End of Airbnb in New York
Amanda Hoover
BusinessThis Is the True Scale of New York’s Airbnb Apocalypse
Amanda Hoover
CultureStarfield Will Be the Meme Game for Decades to Come
Will Bedingfield
GearThe 15 Best Electric Bikes for Every Kind of Ride
Adrienne So
“The government needs to stop these companies from packaging and selling our personal information,” US senator Ron Wyden of Oregon told 404 Media in a statement, “and the senior executives that put profit over national security and Americans' safety should be punished accordingly.”
The US Secret Service Agents Cozied Up With the Oath Keepers
A new report by the Citizens for Responsibility and Ethics in Washington (CREW), a nonprofit government watchdog, found that US Secret Service agents were in close contact with the leader of the far-right militant group the Oath Keepers during the final months of the Trump administration. Emails published in the report suggest a cordial relationship between agents and Stewart Rhodes, the leader of the group.
In one email, an agent wrote that they had just spoken to Rhodes about an upcoming visit by former president Donald Trump to Fayetteville, North Carolina. The agent described himself as “the unofficial liaison to the Oath Keepers (inching towards official).” The agent also said that Rhodes “had specific questions and wanted to liaison [sic] with our personnel,” and shared Rhodes’ cell phone number.
In May, Rhodes was found guilty of seditious conspiracy over his role in the insurrection at the Capitol on January 6. He was sentenced to 18 years in prison and 36 months of supervised release.
DOJ Charges Tornado Cash Cofounders Charged With Money Laundering
In an indictment unsealed on Wednesday, August 23, the US Department of Justice alleges that the developers behind Tornado Cash, a cryptocurrency mixer, laundered more than $1 billion dollars that included hundreds of millions for a North Korean hacking group. Roman Semenov and Roman Storm were charged with conspiracy to commit money laundering and sanctions violations, as well as conspiracy to run an unlicensed money-transmitting business. Storm, who lives in Washington state, was arrested on Wednesday, while Semenov, a Russian national, has not yet been taken into custody.
Tornado Cash is a privacy service that obfuscates the trail of ownership for cryptocurrency. According to the indictment, the service violated US sanctions, and its operators knowingly helped “hackers and fraudsters conceal the fruits of their crimes.”
In a statement, Storm’s lawyer, Brian Klein, characterized the charges as dangerous and unprecedented. “We are incredibly disappointed that the prosecutors chose to charge Mr. Storm because he helped develop software, and they did so based on a novel legal theory with dangerous implications for all software developers,” he said. Klein said Storm has been released on bail.
British Teen Behind Lapsus$ Hacking Spree
Also on Wednesday, a London court found a key member of the cybercrime group Lapsus$ responsible for several high-profile hacks targeting companies like Uber, Nvidia, and Rockstar Games. Arion Kurtaj, who is now 18, faced 12 charges, including three counts of blackmail, two counts of fraud, and six charges under the UK’s Computer Misuse Act.
From 2021 to 2022, Kurtaj, along with other members of Lapsus$, most of whom are believed to be teenagers, carried out a series of attacks focused on extorting major companies and government agencies around the world, the jury found. The Uber hack, for instance, reportedly cost the company $3 million in damages. At the time, Uber said that the hacker who took responsibility posted pornographic material to an internal information page, alongside the message, “Fuck you wankers.”
The hacking spree prompted a major review earlier this month by US authorities who warned of the rising threat of juvenile hackers.