As states struggle With the far-reaching consequences of the U.S. Supreme Court’s decision in June to overturn the constitutional right to abortion, WIRED examined the privacy risks posed by widespread automatic license plate readers as the risk of being prosecuted for seeking an abortion increases around the country. And researchers stressed the digital self-defense value of end-to-end encryption around the world as civil rights protection and law enforcement powers evolve.
Apple announced a new protection this week known as “Lockdown Mode” for iOS 16 that will let users choose to run their phone in a more restricted but more secure mode if they risk being targeted with invasive spyware. And researchers say new encryption algorithms announced by the National Institute of Standards and Technology, designed to be resistant to quantum computers, will be difficult to test in any practical sense in the coming years.
We explored how users can protect themselves from the worst Instagram scams, and looked back at the worst hacks and data breaches in 2022 so far, with many more that will inevitably come.
But that’s not all. Every week we pick up the news that we did not break or cover in depth. Click on the headlines to read the full stories. And be safe out there!
In one of the most extensive and effective breaches of personal data ever, the attackers seized data from nearly 1 billion Chinese citizens from a Shanghai police database and attempted to blackmail the department for about $ 200,000. The mass of data includes names, phone numbers, state ID numbers, and police reports. Researchers found that the database itself was secure, but that an administration dashboard was publicly available from the open Internet so that anyone with basic technical skills could access the information without having to use a password. The scale of the breach is enormous, and it is the first of its kind to hit the Chinese government, which is notorious for hoarding huge amounts of data, not just about its own citizens, but about people around the world. China was memorably responsible for breaches of the U.S. Office of Personnel Management and breaches of Equifax credit bureaus, among many others worldwide.
FBI Director Christopher Wray and the head of the British security agency MI5, Ken McCallum, issued a joint warning this week that China, as Wray put it, is the “biggest long-term threat to our economic and national security.” The couple noted that China has conducted extensive espionage around the world and interfered in elections and other political matters. Wray noted that if China moves to conquer Taiwan, it will “represent one of the most horrific business disruptions the world has ever seen.” McCallum said that since 2019, MI5 has more than doubled its focus on China and is now conducting seven times as many Chinese Community Party-related investigations as it did in 2018. Chinese Foreign Ministry spokesman Zhao Lijian described British officials as trying to “hype up” China threat theory. ” He added that MI5 should “throw away imaginary demons.”
The bug bounty program HackerOne, which manages vulnerability submission and reward programs for companies, this week fired an employee for stealing vulnerability information submitted via the platform and submitting it to affected companies to get the reward back for personal gain. HackerOne revealed the scheme when a customer company marked a revelation of vulnerability that was suspiciously similar to one it had received in June from another researcher. The junk employee, who was new to the company, had access to HackerOne’s platform from April 4 to June 23, revealing seven vulnerabilities using stolen research. “This is a clear violation of our values, our culture, our policies and our employment contracts,” HackerOne wrote in an incident report. “We have since fired the employee and further strengthened our defenses to avoid similar situations in the future.”
The U.S. Cyber Security and Infrastructure Security Agency, the Federal Bureau of Investigation and the Treasury Department said in a joint alarm this week that North Korean hackers have targeted the health and public health sectors with the little-known Maui ransomware strain. They warned that paying such a ransom could violate U.S. sanctions. “North Korean state-sponsored cyber-actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health record services, diagnostic services, imaging services and intranet services,” the warning warns. “In some cases, these incidents disrupted the services provided by the targeted HPH sector organizations for extended periods.”