Security
Headlines
HeadlinesLatestCVEs

Headline

The Biggest US Surveillance Program You Didn’t Know About

Plus: A leaked US “no fly” list, the SCOTUS leaker slips investigators, and PayPal gets stuffed.

Wired
#auth#ssl

“Ordinary people’s private financial records are being siphoned indiscriminately into a massive database, with access given to virtually any cop who wants it,” Nathan Freed Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project, told the WSJ. “This program should never have been launched, and it must be shut down now.”

A security researcher discovered a version of the United States’ controversial “no fly list” on an unsecured server run by CommuteAir, a regional airline based out of Ohio. The list, which contains more than 1.5 million entries, is far larger than previously reported and includes the names of individuals who are barred from flying to the United States.

CommuteAir confirmed the authenticity of the document to the Daily Dot, which was first to report about the leaked list.

According to the Daily Dot, the list contains the names of several notable figures, including the convicted Russian arms dealer Viktor Bout. The Biden administration sent Bout back to Russia in a prisoner exchange for WNBA star Brittney Griner, who returned to the US in December. In the data, which was shared with WIRED on Thursday evening, there were nearly 30 entries for individuals who were born after 2010.

According to CNN, the US Transportation Security Administration is investigating the incident.

After an eight-month investigation, the US Supreme Court has failed to discover who leaked the draft decision overturning Roe v. Wade, according to a report released by the court on Thursday. The unprecedented leak to Politico last spring came more than a month before the final opinion was released and sparked nationwide protests.

Over the course of the leak investigation, the court interviewed 97 court employees and brought in forensic experts to examine call logs, printer logs, and fingerprints. According to the report, 80 people besides the nine justices had access to the draft opinion.

“No one confessed to publicly disclosing the document, and none of the available forensic and other evidence provided a basis for identifying any individual as the source of the document,” the report states. “It is not possible to determine the identity of any individual who may have disclosed the document or how the draft opinion ended up with Politico.”

The report did not say whether the justices were interviewed.

According to a PayPal notice of security incident, attackers gained unauthorized access to the accounts of thousands of users between December 6 and December 8, 2022, using a credential-stuffing attack. Credential stuffing is when hackers, typically using a bot, attempt to access accounts using lists of leaked password and username pairs.

Over two days, hackers had access to account holders’ full names, dates of birth, postal addresses, Social Security numbers, and individual tax identification numbers. According to PayPal, 34,942 of its users have been impacted by the incident.

The affected users will get a free two-year identity monitoring service from Equifax.

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist