Security
Headlines
HeadlinesLatestCVEs

Headline

Security Roundup: Leak of Top-Secret US Intel Risks a New Wave of Mass Surveillance

Plus: Hackers claim to have stolen 10 TB from Western Digital, a new spyware has emerged, and WhatsApp gets a fresh security feature.

Wired
#ios#apple#microsoft#git#intel#asus#sap

If you had “leaking classified US military documents for the lulz” on your 2023 Bingo card, congratulations. The fast-paced drama surrounding the online disclosure of top-secret material ripped through this week’s news. We’ll dive into the details below, but there’s one key takeaway: This bizarre kind of leak may be only the beginning.

Anyone worried about chaos agents of a different variety now have a new way to protect their online identities. LinkedIn this week began to roll out new tools that allow you to verify your identity and your job. And for iOS users who want a built-in way to protect their security, we detailed how to use Apple’s all-in-one password manager.

While your personal security might be moving in the right direction, ChatGPT and other large language models (LLMs) aren’t so lucky. This week we explored the world of “jailbreaking” generative AI tools, which allows users to trick the powerful chatbots into doing things that their creators have tried to stop. It’s still early days in the world of LLM hacking, but it’s a safe bet that we’ll be hearing a lot more about this in the months to come.

Finally, yesterday afternoon, Montana lawmakers voted to ban downloads of TikTok in the state. Governor Greg Gianforte is expected to sign the unprecedented legislation into law, despite the likelihood of swift legal and technical challenges.

But that’s not all. Each week, we round up the stories we didn’t report in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

Yesterday, Jack Teixeira, an airman with the Massachusetts Air National Guard, was formally charged with retaining and transmitting national defense information and intentionally withholding classified documents. The New York Times was the first to identify Teixeira, and FBI agents arrested him at his family’s home soon after the publication named him as the alleged source of the leak.

The 21-year-old allegedly disclosed the top-secret intelligence in an attempt to show off to members of Thug Shaker Central, an invite-only chat room hosted on Discord. The chat consisted of two dozen adolescent boys and young men who, according to The Washington Post, largely did not understand the significance of the leak.

The bizarre circumstances of the leak have, according to NBC News, frustrated and embarrassed US intelligence officials who are now looking to potentially broaden the surveillance of online chat rooms after failing to spot the classified Pentagon documents that had been circulating online for weeks.

The documents consisted of sensitive information regarding Russian military tactics during the conflict in Ukraine as well as intelligence reports on friendly nations such as Israel and South Korea, among other topics.

Monitoring chatter in public chat rooms is commonplace for law enforcement. But if US intelligence agencies plan on surveilling private conversations without probable cause, they will run into serious legal and civil liberties hurdles, experts say. “We do not have nor do we want a system where the United States government monitors private internet chats,” Glenn Gerstell, a former general counsel of the National Security Agency, told NBC News.

US defense secretary Lloyd Austin on Thursday said he was considering “additional measures necessary to safeguard our nation’s secrets,” and he ordered a review of “our intelligence access, accountability, and control procedures within the department to inform our efforts to prevent this kind of incident from happening again.”

Hackers who claim to have breached data storage company Western Digital earlier this month say they are holding 10 terabytes of stolen data hostage and are ready to publish it unless the company pays a “minimum 8 figure” ransom, TechCrunch reports.

An individual who says they carried out the hack spoke to TechCrunch on Thursday, claiming to have reams of customer information. While the hacker showed TechCrunch screenshots of internal emails and contact information of Western Digital’s employees, it’s still unclear exactly what data has been stolen.

“Cut the crap, get the money, and let’s both go our separate ways,” the hackers wrote in an email to several company executives. “Simply put, let us put our egos aside and work to find a resolution to this chaotic scenario.”

A secretive Israeli spyware company’s hacking tools have been used to target politicians and journalists in at least 10 countries, according to research by Microsoft and the University of Toronto’s Citizen Lab made public Tuesday.

The company, QuaDream, is a small, low-profile Israeli firm that develops smartphone hacking tools intended for government clients. The firm was established in 2016 by former employees of NSO Group, the maker of the Pegasus spyware.

The QuaDream spyware targeted older versions of Apple’s iOS phone software, and it worked by sending malicious calendar invites that would not be seen by the targets, researchers say.

According to the report, Citizen Lab has located QuaDream servers in Bulgaria, the Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, the United Arab Emirates, and Uzbekistan.

WhatsApp has introduced a new security feature that makes it harder for scammers to steal users’ accounts. The feature will require individuals who download WhatsApp to a new device to use their old device to confirm their account. It’s an extra layer of security that aims to protect users from account takeovers through SIM jacking or other social engineering attacks.

A WhatsApp spokesperson told Engadget that the Account Protect feature will activate only when the company suspects a malicious account takeover. If a user lost their old device, they can also request a one-time passcode from WhatsApp.

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist