A popular military tool during the Cold War, spy balloons have since fallen out of favor—for good reason.

On Friday, United States secretary of state Antony Blinken said he was canceling a high-profile diplomatic visit to Beijing following the discovery of a large, high-altitude Chinese balloon that has been drifting over the US this week. The Chinese Ministry of Foreign Affairs said in a statement on Friday that the airship is an off-course weather balloon and has denied that it is an espionage tool. A senior US Department of Defense official told reporters on Thursday, though, that “clearly the intent of this balloon is for surveillance.”

Spy balloons are a historic technology and were widely utilized before the development of low-Earth and geosynchronous satellites, including extensive use in the 1950s by the US during the Cold War. But these days, their use has largely fallen out of favor. Spy balloons have some advantages over satellites. They are cheap to deploy, fly relatively close to their targets, and can continuously monitor a location for longer stints. But balloons have weight restrictions, which also limit how powerful and diverse their onboard sensors can be. And unlike satellites, which are out of sight and out of mind for people on Earth, the situation currently playing out with the Chinese balloon illustrates the biggest limitation of surveillance balloons. 

“You may have noticed that this balloon has caused a massive international incident, and it’s got everyone looking at China and demanding that the US government do something. In terms of surveillance, this is the kind of attention you don't want,” says Brynn Tannehill, a RAND Corporation senior technical analyst and a former naval aviator. “My assessment is that the advantages a balloon offers versus the amount of unwanted attention it creates—I can't answer why the Chinese did this. It attracts ill will.”

Sensor-equipped balloons have onboard steering capabilities but are transported by wind currents. US officials said on Thursday that the spy balloon was floating above commercial air traffic at roughly 60,000 feet and that it does not pose a threat to people or activity on the ground. The senior DOD official noted that the balloon is big enough to cause a potentially dangerous debris field if the US shot down the balloon over an inhabited area. The official added that the military considered taking kinetic action on Wednesday while the balloon was moving over “sparsely populated areas in Montana,” but concluded that the risks weren't low enough. RAND's Tannehill points out that an additional risk of such an operation is that the missile aimed at the balloon will miss “and now you’ve created an even bigger problem,” she says.

Brigadier General Pat Ryder, the Pentagon press secretary, said on Thursday that, "instances of this kind of balloon activity have been observed previously over the past several years. Once the balloon was detected, the US government acted immediately to protect against the collection of sensitive information."

Reports increasingly indicate that the vehicle is part of a broader Chinese spy balloon initiative, and the senior DoD official said of spy balloon US flyovers on Thursday that “it has happened a handful of other times over the past few years, to include before this administration.” The current incident has apparently been the most visible to the US public, though.

Consistently deploying spy balloons is a strategy that the US and other countries may not be fully prepared to counter given that balloons have been less popular as espionage tools in recent decades. The senior Defense Department official said on Thursday, though, “We assess that this balloon has limited additive value from an intelligence-collection perspective” versus what China could get from satellite imagery. Still, the balloon has flown near a few US military bases and other sensitive sites. 

Tannehill says that countersurveillance measures for spy balloons would typically include physically moving equipment or personnel out of sight, rearranging equipment, and if possible, jamming the balloon's sensors.

The Defense Department declined WIRED's request to elaborate on the steps it took to prevent espionage activities.

“The fact is we know that it's a surveillance balloon, and I'm not going to be able to be more specific than that,” Brigadier General Pat Ryder said in additional remarks to reporters on Friday. “And we do know that the balloon has violated US airspace and international law, which is unacceptable. And so we've conveyed this directly to the PRC at multiple levels.” 

The Chinese Ministry of Foreign affairs said of the balloon: “The Chinese side regrets the unintended entry of the airship into US airspace due to force majeure. The Chinese side will continue communicating with the US side and properly handle this unexpected situation.”

But even with this concession, the extremely public nature of the incident can only exacerbate tensions between the US and China. As RAND's Tannehill puts it, “It’s tough to pretend the spying isn’t happening when it’s floating over Kansas City and regular people are like, ‘Oh look, it’s the Chinese spy balloon.’”

The Chinese Spy Balloon Shows the Downsides of Spy Balloons

As unsecured docs pile up, a bipartisan group of lawmakers is itching to overhaul the nation’s secret secret-sharing operation.

The fear and trepidation over accidentally letting a secret slip is also hammered into lawmakers’ intelligence staffers, who handle the classified material as further protection against absent-minded members of Congress. To get a security clearance, these staffers undergo purposefully intimidating, invasive, and multi-stepped background checks conducted by either the Pentagon or FBI, and sometimes both. Even after being cleared, new hires are forbidden to start until they sign a nondisclosure agreement—effectively sealing their lips for life. 

“Only certain staffers are allowed to possess classified information in the Capitol. Usually, they keep it in our Intelligence Committee, and they walk around with a locked bag that has them in them,” says Rubio, the vice chair of the Senate Intelligence Committee. “So you can’t make a photocopy and send it to you as an attachment in email.”

When it comes to viewing America’s secrets, even leaders at the Capitol don’t get special access. “They would bring them in. I would read them. They take them out. So they couldn’t even stay on my desk,” says Durbin. “I can’t understand why the executive branch has such a lax approach to this that we have three major elected officials with these documents in their possession and not explaining why.”

Other committees can request to see classified materials in the Intelligence Committee’s possession. If the request is approved by the select panel, the materials are ferried—under lock and key—to other lawmakers with a stern warning: “Such material shall be accompanied by a verbal or written notice to the recipients advising of their responsibility to protect such materials.” Each night, sensitive materials must be returned to a secure SCIF. A written record of the secret’s travels is required.

That’s why the confusion at the Capitol is so bipartisan these days: How does one misplace such a sensitive document? Let alone batches of them?  

“I don’t know how you actually do that. That’s the question, but we're talking about the president and vice president, and that’s a little different,” says Republican senator Lyndsey Graham of South Carolina, the top Republican on the Judiciary Committee. “I don’t know. I don’t know.”

Restrictions are so tight that Rubio doesn’t even believe news stories claiming classified documents were found dating back to Biden’s Senate days. He calls those reports “puzzling.”

“I’ve heard that in the media. It has never been confirmed to me … that one would be bizarre,” Rubio says. “So, frankly, I don’t know, on the Senate piece, how that could be possible.”

The other perplexing thing is, the technology employed at the Capitol is widespread in Washington, especially the secure rooms used to protect the materials. “The Situation Room is a SCIF. There’s SCIFs in the military. There’s SCIFs in the FBI,” says Representative Mike Quigley of Illinois. “I can’t explain—there’s no excuse for it. There’s no excuse for mishandling documents ever.”

A Democrat who teaches a course at the University of Chicago called “Contemporary US Intelligence,” Quigley says the scandal reveals a cavalier attitude in the executive branch that’s unacceptable. As Quigley points out, classified materials are securely handled by agencies all around the US, far beyond the Beltway. The FBI shares sensitive intel with local police departments from coast to coast. Classified documents are also housed in some academic institutions. And Quigley says some documents are shared with the private sector, like military contractors. In short, this appears to be an executive branch problem, and he wants Congress to be bullish as it moves to rein in the White House’s willy-nilly handling of classified materials.

“Of course we have to because we’re the ones who do laws and allow people to have classified information,” Quigley says.

The numerous security procedures at the Capitol are in place to keep lawmakers from doing exactly what Biden, Trump, and Pence did. It seems to be working. “There’s a reason we have classification,” Warner told reporters at the Capitol. “Maybe we overclassify, but unless the rules change, you’ve got to.”

Warner says his committee’s job is now to make sure what’s working at the Capitol is replicated in the executive branch. “We got a broken system,” Warner said, “and we got to fix this.”

Congress Has a Lo-Fi Plan to Fix the Classified Documents Mess

Accidental revisions to a US Help Center page sparked confusion about the streamer's next moves. But restrictions on account sharing are still coming soon.

After Netflix Spent years piloting different ways to crack down on password sharing, changes to its United States Help Center page this week seemed to indicate that the streaming giant had finally settled on a plan. But those tweaks quickly disappeared, leaving confusion and concern about potential changes to Netflix's account-sharing policies. Now the company is clarifying that nothing has changed this week, and no new restrictions are rolling out right now.

“For a brief time Tuesday, a Help Center article containing information that is only applicable to Chile, Costa Rica, and Peru went live in other countries. We have since updated it,” a Netflix spokesperson said in a statement.

The death knell for password sharing is still tolling, though, after the company said in its recent earnings call that it will announce and begin to roll out account-sharing changes around the world in the first quarters of 2023.

“We’ve got folks that are watching Netflix who aren’t paying us as part of basically borrowing somebody else’s credentials. And our goal is over this year to basically work through that situation and convert many of those folks to be paid accounts or to have the account owner pay for them,” Netflix chief operating officer and chief product officer Gregory Peters said in the company’s most recent earnings call on January 19. “So we’ve been working hard at this and trying to do some sort of thoughtful experimentation to let our members speak to us in terms of what set of solutions work for them. … We’re ready to roll those out later this quarter. We’ll stagger that a bit as we sort of work sets of countries, but we’ll really see that happen over the next couple of quarters.” 

The confusion about possible changes this week stemmed from content meant for one country’s help center page that was mistakenly published for other countries. The situation was also complicated by the fact that Netflix Help Center pages allow you to quickly toggle between information for different countries using a “Currently viewing information for” tool that lets you choose from a dropdown menu of country names.

For almost a year, Netflix has been piloting an approach in Chile, Costa Rica, and Peru in which the company is more serious about tying each account to a physical location or “household” and only allowing devices to regularly access the account from that place. To do this, the company says it uses “IP addresses, device IDs, and account activity” to establish where devices are streaming content from. An important component of the initiative in those three countries is the addition of a paid sharing or an “add an extra member” mechanism, similar to family plans offered by streaming services like Spotify, through which Netflix subscribers can pay a reduced rate to grant family members or friends shared-account access with their own login.

Based on the comments from Netflix executives in the recent earnings call, it seems that similar changes are likely coming to the US and other markets. But the specifics of what Netflix will be rolling out in each country aren’t yet clear. 

“Netflix is a company that’s built itself out of super fans and been very consumer-focused, so creating flexibility in whatever they do for edge cases is important for them, and adding restrictions could create friction,” says Jason Kint, CEO of the digital media trade organization Digital Content Next. (WIRED parent company Condé Nast is a member.) “They don’t want to build detractors that are critical of their service. But ultimately, those are still business decisions. … Their move will have downstream effects on other companies’ decisions.”

In the January earnings call, Netflix executives emphasized that they are bracing for blowback as they ready the password-sharing crackdown. “I think it’s worth noting that this will not be a universally popular move,” Peters said. “There will be current members that are unhappy with this move. We’ll see a bit of a cancel reaction to that. We think of this as similar to what we see when we raise prices.”

Netflix’s US Password-Sharing Crackdown Isn’t Happening—Yet

True Anomaly, a startup backed by US senator JD Vance's VC firm, plans to launch prototype pursuit satellites on a SpaceX flight later this year.

Former US Air Force major Even “Jolly” Rogers is worried about a space war. “Conflict exists on a continuum that begins with competition and ultimately leads into full-scale conflict like what you’re seeing in Ukraine,” he says. The US, he adds, is already “in active competition with Russia and China for freedom of action and dominance of the space domain. And it’s evolving very quickly.”

So on January 26 last year, the former US Air Force major incorporated True Anomaly, Inc to “solve the most challenging orbital warfare problems for the US Space Force,” he later tweeted.

According to a recent filing with the US Federal Communication Commission (FCC), True Anomaly is now gearing up for its first orbital mission. In October, True Anomaly hopes to launch two Jackal “orbital pursuit” spacecraft aboard a SpaceX rocket to low earth orbit. The Jackals will not house guns, warheads, or laser blasters, but they will be capable of rendezvous proximity operations (RPO)—the ability to maneuver close to other satellites and train a battery of sensors upon them. This could reveal their rivals’ surveillance and weapons systems, or help intercept communications. 

In their first mission, dubbed Demo-1, the Jackals will merely spy on each other, using thrusters, radar, and multi-spectral cameras to approach within a few hundred meters. If that goes well, Rogers envisages deploying thousands of autonomous spacecraft in service of the US military, controlled by a team of human operators and AI “to pursue adversaries wherever they fly, and to provide the tools of accountability.”

Those tools start with understanding what technologies America’s adversaries are deploying in space. “But an active defense is going to be required,” says Rogers, now True Anomaly’s CEO. “If you take the job of defense and protection of the domain seriously, you have to have the ability to do the joint functions of maneuver and fires.” In military speak, “fires” means kinetic weapons like guns and shells, as well as jamming, electronic warfare, and cyberattacks.  

Nothing on True Anomaly’s website suggests that it is developing its own offensive weapons. However, in a series of posts last summer, Rogers tweeted: “Tactically disabling enemy spacecraft can be the difference between the loss of an entire Carrier Strike Group or its survival … And there are many ways to destroy spacecraft that don’t ruin the environment. After all, they are just floating computers.”

RPO itself is nothing new. In a report last September, the Secure World Foundation, a private foundation promoting cooperative solutions in space, detailed dozens of military RPO operations in geostationary and low earth orbits since the Cold War. Most of these involve American, Russian, or Chinese spacecraft sidling up to each other’s satellites, presumably to see what they look like or to eavesdrop on their communications.

There are also emerging peaceful uses of RPO, such as space tugs that can repair or relocate failed satellites, or remove dangerous space junk. The Secure World Foundation helps run an organization called Confers that is setting voluntary technical standards for commercial RPO. True Anomaly is one of around 60 Confers members. “If we ever want to do things like cleaning up space debris, we have to develop these technologies,” says Brian Weeden, the foundation’s director of planning. However, True Anomaly is the first RPO startup explicitly focusing on the military market, he says.  

Rogers’s last job for the government was leading teams within US Space Command that planned how and when to deploy defensive and offensive military space systems. He and his cofounders, Dan Brunski, Tom Nichols, and Kyle Zakrzewski, also former Air Force and Space Force officers, “knew the problem better than anybody else, dealt with the limitations of technology on a day-to-day basis, and were frustrated with those limitations,” Rogers says. Rather than wait for a large industrial defense contractor to get around to it, they decided to solve the problem themselves. The deployment of space weapons, he says, “is much closer than most people would think.”

According to US Security Exchange Commission filings, True Anomaly has already raised over $23 million from investors. This includes a December investment from Narya, a venture capital firm cofounded by US senator JD Vance, a MAGA-leaning Ohio Republican. (Rogers says that True Anomaly itself has no political affiliation.) 

The company recently signed a lease on a 35,000-square-foot factory in the suburbs of Denver, Colorado. As well as manufacturing the Jackal satellites, True Anomaly engineers are designing a cloud-based control system to integrate autonomous agents and human operators, using commercial game engines like Unity to build interactive real-time applications and developing high-fidelity physics software to help the Jackals maneuver in space. True Anomaly has already applied for a trademark covering, among other things, hardware and software for “orbital space-to-space imagery, rendezvous proximity, and target acquisition systems.” 

“What is different about True Anomaly is the way it seems to be presenting its satellite as more of a pursuit system, than an imaging or an intelligence gathering system,” says Kaitlyn Johnson, deputy director of the Aerospace Security Project at the Center for Strategic & International Studies. “This does concern me because it could cause unintentional escalation. Especially with the founder’s Air Force background, it might be read by our adversaries as a military-directed company that was starting to pursue this capability.”

The company’s first challenge could be keeping its own floating computers intact. “Cooperative RPO is already hard,” says Johnson. “You can see that from the demonstrations by Astroscale and Northrop with their servicing satellites, which were years in the planning.” A cooperative RPO mission by NASA in 2005 called DART failed when the spacecraft malfunctioned, crashed into its target satellite, and was destroyed. 

Pursuit missions of adversarial satellites are likely to be much riskier still, says Johnson: “You don’t have the same data coming from the other satellite. You maybe don’t have the diagrams and diagnostics of what the satellite looks like so that you know what you’re about to encounter.”

Any collision in orbit can generate many thousands of pieces of space junk, each of which could damage other satellites, creating yet more debris. Researchers worry about increasing orbital debris ultimately triggering a catastrophic cascade known as the Kessler Syndrome. Rogers says that collision avoidance is a possibility “that we track very closely and aggressively. We’re committed to acting responsibly and sustainably in the space domain.”

Rogers himself is no stranger to risk. Before starting True Anomaly, he founded and led a crypto hedge fund called Phobos Capital. And prior to that, he incorporated a company called 3720 to 1, Inc—a reference to the odds of Han Solo successfully navigating an asteroid field in _The Empire Strikes Back_, according to C-3PO. 

Whether Rogers’ pursuit of a satellite venture is more likely to succeed, or just another piece of gung-ho science fiction, should be a lot clearer after SpaceX’s rocket launches in October.

Enter the Hunter Satellites Preparing for Space War

January saw a slew of security patches for iOS, Chrome, Windows, and more.

The Android security patch is available to Google’s Pixel devices, which have their own specific updates, and Samsung’s Galaxy range, including Samsung Galaxy Note 10, Galaxy S21, and Galaxy A73. You can check for the update in your settings.

Microsoft Patch Tuesday

Microsoft fixed a rather hefty 98 security issues in its first Patch Tuesday of the year, including an already exploited vulnerability: CVE-2023-21674 is an elevation of privilege flaw impacting the Windows Advanced Local Procedure Call that could lead to browser sandbox escape. 

By exploiting the bug, an adversary could gain System privileges, Microsoft wrote, confirming that the flaw has been detected in real-life attacks.

Another elevation of privilege vulnerability in the Windows Credential Manager User Interface, CVE-2023-21726, is relatively easy to exploit and doesn’t require any interaction from the user.

January’s Patch Tuesday also saw Microsoft fix nine Windows Kernel vulnerabilities, eight of which are elevation of privilege issues and one information disclosure vulnerability.

Mozilla Firefox

Software firm Mozilla has released important updates for its Firefox browser, the most serious of which have been the subject of a warning by the US Cybersecurity and Infrastructure Security Agency (CISA). 

Among the 11 flaws fixed in Firefox 109 are four rated as having a high impact, including CVE-2023-23597, a logic bug in process allocation that could allow adversaries to read arbitrary files. Meanwhile, Mozilla said its security team found memory safety bugs in Firefox 108. “Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some could have been exploited to run arbitrary code,” it wrote.

An attacker could exploit some of these vulnerabilities to take control of an affected system, CISA said in its advisory. “CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.7 and Firefox 109 for more information and apply the necessary updates.”

VMWare

Enterprise software maker VMWare has published a security advisory detailing four flaws affecting its VMware vRealize Log Insight product. Tracked as CVE-2022-31706, the first is a directory traversal vulnerability with a CVSSv3 base score of 9.8. By exploiting the flaw, an unauthenticated, malicious actor could inject files into the operating system of an impacted appliance, resulting in RCE, VMWare says.

Meanwhile, a broken access control RCE vulnerability tracked as CVE-2022-31704 also has a CVCCv3 base score of 9.8. It goes without saying that those impacted by these vulnerabilities should patch as soon as possible.

Oracle

Software giant Oracle has released patches for a whopping 327 security vulnerabilities, 70 of which are rated as having a critical impact. Worryingly, 200 of the issues patched in January can be exploited by a remote unauthenticated attacker.

Oracle is recommending that people update their systems as soon as possible, warning that it has received reports of “attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches.”

In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches, it says.

SAP

SAP’s January Patch Day has seen the release of 12 new and updated security notes. With a CVSS score of 9.0, CVE-2023-0014 is rated as the most severe bug by security firm Onapsis. The flaw affects the majority of all SAP customers and its mitigation is a challenge, Onapsis says. 

The capture-replay vulnerability is a risk because it could allow malicious users to obtain access to an SAP system. “Complete patching of the vulnerability includes applying a kernel patch, an ABAP patch, and a manual migration of all trusted RFC and HTTP destinations,” Onapsis explains.

You Really Need to Update Firefox and Android Right Now

More than two years ago, criminals crippled the systems of London’s Hackney Council. It's still fighting to recover.

It was a Sunday morning in mid-October 2020 when Rob Miller first heard there was a problem. The databases and IT systems at Hackney Council, in East London, were suffering from outages. At the time, the UK was heading into its second deadly wave of the coronavirus pandemic, with millions living under lockdown restrictions and normal life severely disrupted. But for Miller, a strategic director at the public authority, things were about to get much worse. “By lunchtime, it was apparent that it was more than technical stuff,” Miller says. 

Two days later, the leaders of Hackney Council—which is one of London’s 32 local authorities and responsible for the lives of more than 250,000 people—revealed it had been hit by a cyberattack. Criminal hackers had deployed ransomware that severely crippled its systems, limiting the council’s ability to look after the people who depend on it. The Pysa ransomware gang later claimed responsibility for the attack and, weeks later, claimed to be publishing data it stole from the council.

Today, more than two years later, Hackney Council is still dealing with the colossal aftermath of the ransomware attack. For around a year, many council services weren’t available. Crucial council systems—including housing benefit payments and social care services—weren’t functioning properly. While its services are now back up and running, parts of the council are still not operating as they were prior to the attack.

A WIRED analysis of dozens of council meetings, minutes, and documents reveals the scale of disruption the ransomware caused to the council and, crucially, the thousands of people it serves. People’s health, housing situations, and finances suffered as a result of the insidious criminal group’s attack. The attack against Hackney stands out not just because of its severity, but also the amount of time it has taken for the organization to recover and help people in need.

Ransom Demands

You can think of local governments as complex machines. They’re made up of thousands of people running hundreds of services that touch almost every part of a person’s life. Most of this work goes unnoticed until something goes wrong. For Hackney, the ransomware attack ground the machine to a halt. 

Among the hundreds of services Hackney Council provides are social and children’s care, waste collection, benefits payments to people in need of financial support, and public housing. Many of these services are run using in-house technical systems and services. In many ways, these can be considered critical infrastructure, making the Hackney Council not dissimilar to hospitals or energy providers.

“The attacks against public sector organizations, like local councils, schools, or universities, are quite powerful,” says Jamie MacColl, a cybersecurity and threat researcher at the RUSI think tank who is researching the societal impact of ransomware. “It’s not like the energy grids going down or like a water supply being disrupted … but it’s things that are crucial to the day-to-day existence.”

All the systems hosted on Hackney’s servers were impacted, Miller told councilors at one public meeting assessing the ransomware attack in 2022. Social care, housing benefits, council tax, business rates, and housing services were some of the most impacted. Databases and records weren’t accessible—the council has not paid any ransom demand. “Most of our data and our IT systems that were creating that data were not available, which really had a devastating impact on the services we were able to provide, but the work that we do as well,” Lisa Stidle, the data and insight manager at Hackney Council, said in a talk about the council’s recovery last year.

The Untold Story of a Crippling Ransomware Attack

Plus: Hive ransomware gang gets knocked offline, FBI confirms North Korea stole $100 million, and more.

When you run a major app, all it takes is one mistake to put countless people at risk. Such is the case with Diksha, a public education app run by India’s Ministry of Education that exposed the personal information of around 1 million teachers and millions of students across the country. The data, which included things like full names, email addresses, and phone numbers, was publicly accessible for at least a year and likely longer, potentially exposing those impacted to phishing attacks and other scams. 

Speaking of cybercrime, the LockBit ransomware gang has long operated under the radar, thanks to its professional operation and choice of targets. But over the past year, a series of missteps and drama have thrust it into the spotlight, potentially threatening its ability to continue operating with impunity.  

Encrypting everything on your machine isn’t just the domain of criminals, however. This week, we explained how to protect your files under digital lock and key on both macOS and Windows. Know what is just the domain of criminals? Money laundering, which a Chainalysis report published this week says is primarily facilitated by only five crypto exchanges, four of which helped scofflaws cash out $1.1 billion in 2022. 

Billionaires like Elon Musk may have reason to celebrate. The flight-tracking platform ADS-B Exchange, which provided data for the @ElonJet account that tracked the Tesla and Twitter CEO’s private plane, has sold out. The company is now owned by aviation intelligence firm Jetnet, which is owned by private equity. Fans of ADS-B, including the creator of @ElonJet, are now jumping ship on the assumption that the new owner will be more likely to bow to censorship requests from the likes of Musk and the Saudi royal family.

But that’s not all. Each week we round up the stories we didn’t cover in-depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

As Russia’s catastrophic invasion of Ukraine has unfolded over the past year, the Kremlin has also tightened its repression of domestic and Russian-language media to quash anti-war dissent. The latest victim of that crackdown is, by some measures, the top independent Russian news website: Meduza. On Thursday, the Russian government added Meduza to its list of “undesirable organizations,” effectively outlawing any collaboration or promotion of the news outlet. The country’s general prosecutor went so far as to write in a statement that Meduza “poses a threat to the foundations of the constitutional system and the security of the Russian Federation.”

While Meduza has long been based in Latvia to shield it from Russia’s media restrictions and retaliation, the new measure makes it a crime for anyone in Russia to work for the news outlet, speak to its journalists, post a link to its website, or even so much as “like” one of its social media posts. A first violation of those restrictions is a misdemeanor defense under Russian law, punishable by a fine, but repeated violations are a felony, with years in prison as a possible sentence.

While a prison term is perhaps unlikely for anyone not actively involved in the news organization’s work—most violations of the law have so far resulted in a fine–Meduza has warned Russians and anyone traveling to Russia to be careful to delete social media posts in which they link to or promote its content. Regardless of how the law is enforced, its chilling effects will no doubt be significant, and the draconian ban on Meduza represents another small step in Russia’s long, slow slide into totalitarianism.

The FBI announced this week that it had foiled the operations of one of the world’s most prolific and disruptive ransomware groups, known as Hive, taking down its dark-web site and recovering decryption keys to unlock the systems of victims who were facing $130 million in total ransom demands. “We hacked the hackers,” deputy US attorney general Lisa Monaco told reporters in a press conference. In previous years of its extortion-fueled cybercrime spree, Hive victimized more than 80 networks and collected over $100 million in ransom payments, according to the FBI. But working with numerous law enforcement agencies, including German and Dutch federal police, the FBI surreptitiously gained access to the group’s systems, surveilling and ultimately disrupting them. Despite that win, no arrests were mentioned in the splashy announcement, signaling that—as is usual in ransomware cases—Hive’s hackers are likely located in non-extradition countries beyond the reach of Western law enforcement.

The FBI officially pointed the finger at a usual suspect in the cryptocurrency world’s ongoing plague of massive breaches and thefts: North Korea. In its investigation of a heist that stole $100 million in cryptocurrency last year, the Bureau accused two hacker groups long believed to be associated with the regime of Kim Jong Un, known as APT38 or Lazarus—the latter of which is sometimes used as a broader umbrella term for multiple North Korean hacker units. Those hackers targeted the Horizon “bridge” owned by US crypto firm Harmony, a system used to allow transfers from one cryptocurrency to another. Bridges have increasingly become lucrative targets for thieves, who have stolen hundreds of millions worth of digital currency from them in recent years. Aside from its name-and-shame announcement, the FBI also says some portion of the stolen currency was seized when the hackers attempted to launder it, and the agency pointed to crypto addresses where about $40 million of the stolen loot is still stored.

If Madison Square Garden didn’t want a legal scandal from its experiment in using face recognition technology to spot people it sought to ban from its venue, perhaps it shouldn’t have started by banning lawyers. Following revelations that MSG had used facial recognition to prevent attorneys from multiple firms involved in lawsuits against the venue from attending its events—and then enforced that ban with controversial facial recognition technology—New York attorney general Letitia James sent a letter to MSG’s owners demanding more information about its surveillance practices. The letter, which suggests the ban on lawyers is meant to dissuade people from filing lawsuits against MSG, asked about the reliability of the facial recognition technology MSG is using and whether it had safeguards against bias. “Anyone with a ticket to an event should not be concerned that they may be wrongfully denied entry based on their appearance,” James wrote in a statement, “and we’re urging MSG Entertainment to reverse this policy.”

A Link to News Site Meduza Can (Technically) Land You in Russian Prison

ADS-B Exchange, beloved for resisting censorship, was sold to a company owned by private equity—and now even its biggest fans are bailing.

In recent years, the Saudi government has tried to push international aviation regulators to forbid or prevent the public dissemination of ADS-B data, though that proposal hasn’t gone far. Musk, on the other hand, has threatened legal action against those sharing the location of his private jet.

Stanford says their position has always been to oppose any censorship, regardless of the reason. “How do you make that decision, that one person is good and one person is bad?” he says.

Being independent and decentralized has come with significant advantages. Stanford says they have been contacted by law enforcement and the US military to provide surveillance where there have been gaps in the government-owned systems. “In Arizona, there’s been accidents where we’ve had better data than the FAA,” he says.

As hosting and server costs mounted into the tens of thousands of dollars, ADS-B Exchange moved to commercialize to cover its costs. While it is free to use, the website sells ads and offers paid access to its full suite of data for flight enthusiasts and commercial clients. 

“It was getting so big and expensive we had to commercialize it somehow,” Stanford says. Even then, he adds, ADS-B Exchange is a fraction of the price of its competitors.

Revenue has increased significantly in recent years, Stanford says. “Our plan was to run it until we can quit our full-time jobs, and run it into retirement.” But as revenue has shot up, ADS-B Exchange has had a core organizational problem. “It’s owned by one person,” he says.

Last month, as the site was getting headlines for being banned from Twitter, rumors swirled that Dan Streufert, the site’s founder and sole owner, was planning to sell the website to Jetnet. It led to anxiety among the administrators who were being left out of the discussions.

“My fear has always been that someone comes in and destroys everything we’ve built,” Stanford says.

Stanford told WIRED in December that, if a deal went through, ADS-B Exchange’s users would revolt. When the press release went out Wednesday morning, he led the mutiny.

Shortly after the deal became public, Streufert was removed from the Discord as the site’s users contemplated their next move. “ADSBexchange.com is done,” Stanford wrote to his fellow users, before posting instructions on how to unplug from the website’s network. Many followed those instructions, with some flipping over to some smaller alternatives, like Airframes. “We were 11,000 \[feeders\], we’re now at 9,500 in the span of a few hours,” Stanford says.

“Today is a sad day,” Jack Sweeney, who ran the @ElonJet Twitter account that earned him legal threats from Musk himself, wrote on Mastodon following the acquisition announcement. His efforts to track an array of private jets, including that of the Tesla and Twitter CEO, relied on ADS-B Exchange. “If you feed ADSBexchange we encourage you to stop feeding. ADSBExchange was founded on the principles of hobbyists community not for-profit PE firms.”

In a statement to WIRED, Derek Swaim, Jetnet’s CEO, said ADS-B Exchange’s users shouldn’t expect much of a change. “At present, we have no intentions of changing the core way ADS-B Exchange does business,” Swaim says. “Jetnet is excited to offer its resources to Dan Streufert and ADS-B Exchange to grow the receiver community, extend coverage, provide customers with the same data and solutions it does today, and accelerate ADS-B Exchange’s growth.”

Asked specifically whether Jetnet would make the website exclusive to subscribers, or whether it would begin blocking the tracking numbers of private aircraft on request, Swaim says no. But users are far from convinced. “PE’s don’t just hand out $20 million checks out of charity. They usually want a return,” one user wrote.

ADS-B Exchange may have seen its revenue shoot up, but Stanford says recouping a significant investment—he says Jetnet’s opening offers was seven figures, but that he estimates the final deal went down for around $20 million—could take a decade. A quicker route to profit would be to raise prices, make some data available only to paying subscribers, and to charge plane owners to hide information about their aircraft. These are all tactics that have made FlightAware and FlightRadar24 successful.

“FlightRadar, FlightAware win. Elon wins,” Stanford says. “All these guys who were out to get us win.”

ADS-B Exchange, the Flight Tracker That Powered @ElonJet, Sold to Jetnet

The crypto money-laundering market is tighter than at any time in the past decade, and the few big players are moving a “shocking” amount of currency.

For years, the cryptocurrency economy has been rife with black market sales, theft, ransomware, and money laundering—despite the strange fact that in that economy, practically every transaction is written into a blockchain’s permanent, unchangeable ledger. But new evidence suggests that years of advancements in blockchain tracing and crackdowns on that illicit underworld may be having an effect—if not reducing the overall volume of crime, then at least cutting down on the number of laundering outlets, leaving the crypto black market with fewer options to cash out its proceeds than it’s had in a decade.

In a portion of its annual crime report focused on money laundering that was published today, cryptocurrency-tracing firm Chainalysis points to a new consolidation in crypto criminal cash-out services over the past year. It counted just 915 of those services used in 2022, the fewest it’s seen since 2012 and the latest sign of a steady drop-off in the number of those services since 2018. Chainalysis says an even smaller number of exchanges now enable the money-laundering trade of cryptocurrency for actual dollars, euros, and yen: It found that just five cryptocurrency exchanges now handle nearly 68 percent of all black market cash-outs. 

In fact, Chainalysis saw just 542 cryptocurrency deposit addresses receive more than half of the $6.3 billion in total illicit funds it tracked to those cash-out services in 2022, and just _four_ addresses received $1.1 billion of those funds.

That intense narrowing of so-called “off-ramps” for crypto crime is a result of an ongoing government crackdown on crypto money laundering and a sign of additional enforcement on the way, says Kim Grauer, Chainalysis’ director of research. “It’s shocking to see some of these deposit addresses moving more than a hundred million dollars in illicit funds and still operating when it’s something that’s extremely transparent and easy to see with blockchain analytics,” Grauer says. “So it does seem like a good chokepoint, where we can shut down and profile and—to some degree—eradicate this activity.”

Whether the overall amount of crypto crime rose or fell in 2022, meanwhile, is far from clear: By some measures, Chainalysis’ data has shown that criminal use of cryptocurrency increased last year despite the steep decline in cryptocurrency exchange rates. But those numbers include a huge spike in illegal transactions at sanctioned cryptocurrency exchanges—which may have less to do with a rise in crime than with the US Treasury’s Office of Foreign Asset Control (OFAC) increasingly imposing those sanctions on major players in the crypto underground. In April of last year, for instance, OFAC sanctioned Garantex, an exchange based in Russia that it says laundered over $100 million in criminal proceeds, including ransomware payments. The year before, it sanctioned two other Russian exchanges, Chatex and Suex, which have since gone out of business. And just last week, OFAC sanctioned another exchange, Bitzlato, and the Justice Department indicted its Russian founder, Anatoly Legkodymov, and tore his operation offline.

“You don’t carry out a ransomware attack if there’s no way of converting that ransom into something usable,” says Grauer. “What we’re really seeing OFAC doing, and what we’ve really highlighted, is that the money-laundering off-ramps are what’s facilitating crime. And I think the ongoing crackdown has shown that people understand they’re at a point where there can be meaningful intervention.”

Chainalysis declined to name the five exchanges it says enabled the majority of cryptocurrency money laundering. That’s because, the company says, those exchanges may be the targets of ongoing investigations. (Chainalysis often works with law enforcement agencies in those investigations.) Further, the exchanges may not actually be aware that they’re enabling that money laundering, since money launderers often take pains to hide the source of their funds before it hits an exchange.

In fact, Chainalysis found that a large chunk of the illicit cash-outs went through two types of intermediaries that might obfuscate criminal funds: Many were traded through “nested services,” essentially exchanges that appear to be independent but actually use a larger exchange to carry out their trades. In those cases, the nested service, rather than the underlying exchange, is often responsible for complying with “know-your-customer” requirements, even as the larger exchange provides the cash reserves for transactions. 

In another growing subset of cases, Chainalysis says, criminals are turning to individual dark-web-based money-laundering services, many of which offer to hide the origin of funds by combining them with other users’ transactions in a “mixer.” As law enforcement has cracked down on major mixing services in recent years—seizing and tearing offline the mixers Bitcoin Fog and Helix and sanctioning the mixing service Tornado Cash, for instance—more criminals have turned to smaller dark-web services that Chainalysis’ Grauer refers to as “mom-and-pop” mixers, whose distributed nature makes them harder to seize or disrupt.

Despite its reluctance to name the top five money-laundering exchanges in its most recent report, in another report in February of last year Chainalysis did point to a collection of Russia-based exchanges it says have cashed out large sums of criminal proceeds. While some of the exchanges named in that report have since been sanctioned or gone offline, others—including Cashbank and TETChange—appear to still be active.

When WIRED reached out to the US Treasury, an official there declined to comment on any specific exchanges or ongoing investigations. The official, who asked to remain unnamed due to the sensitive nature of sanctions policies that are coordinated between multiple government agencies, also suggested that Chainalysis’ data offered only one incomplete perspective on the crypto money-laundering landscape and that much of the consolidation it describes might simply be due to 2022’s crypto crash and the resulting bankruptcy of several exchanges—particularly more “fly-by-night” ones with looser compliance rules.

But the official also pointed to the Treasury’s own enforcement efforts—along with those of international partners—as an ongoing crackdown that has intentionally reduced options for criminals. “The way you get at money laundering on a broad scale is you slowly whittle down the number of open vulnerabilities. Little by little you make the gaps fewer and fewer, smaller and smaller,” the official says. “If you close up more gaps in the dam, more water flows through those open holes.”

As gradual as that process may be, Chainalysis’ Grauer says it’s a sign that efforts to trace and disrupt the crypto criminal world’s ATMs are slowly but surely having their intended effect. “We’ve worked to show where the money-laundering gaps are. There are gaps that remain,” says Grauer. “The crackdown is in progress.”

Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges

Your smartphone or wearable could help you out in a truly dangerous situation. Here are some options to consider.

Source

Wired