Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Credit to Author: Brian Barrett| Date: Sat, 09 Nov 2019 19:03:20 +0000

Another Facebook data gaffe, Ring doorbell Wi-Fi, and more of the week's top security news.

A week ago today, hackers unleashed the first known attack using the vulnerability known as BlueKeep, a long-feared development that in practice turned out to be relatively benign. For now, anyway! But don't worry, plenty of other things still went wrong. Like, say, the revelation that you can hack Alexa, Google Assistant, and Siri with lasers.

Take the two former Twitter employees who allegedly used their insider access to spy on behalf of Saudi Arabia—a stark reminder of how ill prepared even the biggest companies are to protect consumer data from the people who work there. Or the spate of zombie text messages from February that hit people's phones Thursday with no explanation, the result of a third-party server that had failed on February 14 and was reactivated November 7. All the messages stranded in that queue finally got sent.

There was some good news, though, or at least hints of it. Google has signed on with a consortium of companies that want to provide open source firmware for more secure processors. And the search giant has also enlisted the help of three outside cybersecurity firms to vet Android apps for malware before they hit the Play Store.

We looked at the new tools that campaigns have to protect themselves against hackers—and why they still might fall short. To celebrate the release of WIRED senior writer Andy Greenberg's new book Sandworm we collected the three gripping excerpts that have run in the magazine in one place. And we showed you how to opt out of online data broker sites, although fair warning that it's a huge pain in the neck.

Lastly, we closed out the week with WIRED25, a conference in San Francisco that hosted tech luminaries for insightful conversations. That included NSA cybersecurity head Anne Neuberger, Cloudflare CEO Matthew Prince, and WhatsApp cofounder Brian Acton.

And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

The IronMarch forum was one of the internet's worst places until it shut down in November 2017, a breeding ground and online meeting place for neo-nazi groups. This week, someone dropped a 1GB SQL database filled with information like user names, IP addresses, private messages, public posts, and the emails people used to register accounts. In sum, it amounts to a major doxing of extremist hate group members from just a few years ago. The independent journalists at Bellingcat have put together a guide to searching through and interpreting the data—and have raised the possibility that several IronMarch members were active US military personnel.

Stop us if you've heard this one: Facebook said this week that it had granted around 100 developers access to more data than they should have, specifically related to Groups. At least 11 of those developers actually accessed that data, and Facebook has asked them to delete it. It's not as comprehensive or devastating as the Cambridge Analytica fiasco, but making your name and profile picture available to unauthorized developers clearly isn't ideal. At a certain point, it's easy to become numb to these missteps. Try not to; you and your data are worth more than that.

Amazon's Ring doorbells have courted plenty of controversy for the ways they normalize surveillance. But it turns out that they had potentially exposed the Wi-Fi passwords of their owners by sending them in cleartext when they join a network. The vulnerability was patched in September, but would have allowed hackers relatively access to your Wi-Fi password, which in turn could lead to a whole host of problems.

According to a report this week from Motherboard, Chronicle—a touted cybersecurity company within Google parent-company Alphabet—has been beset by staff departures and a "lack of clarity about Chronicle’s future." It's still a functioning operation, but seemingly diminished from the grand visions with which it launched almost two years ago.

https://www.wired.com/category/security/feed/

Leave a Reply