Like the Biden As the government moves on an ever-growing list of policy initiatives, the White House this week issued sanctions for a series of Russian outrages, including interference in the 2020 elections, the poisoning of dissident Aleksey Navalny and the SolarWinds hacking attack that attacked the U.S. government inundated agencies and many private sector companies. However, the retaliation is complicated when it comes to SolarWinds, as it involved the kind of espionage operation that would normally fall within geopolitical standards.
Elsewhere in the U.S. government, the Justice Department took a drastic step this week to end a Chinese attack on hackers by authorizing the FBI to obtain a warrant and then directly remove the hacking infrastructure of attackers from the internal systems of the United States. hundreds of victims. Many in the security community praised the effort, but the move also sparked some controversy given the precedent it could set for future US government actions that may be more invasive.
In the fraught world of Internet-of-Things security, researchers released findings on Tuesday that more than 100 million embedded devices and IT management servers are potentially vulnerable to attack due to flaws in basic network protocols. The devices are made by a variety of vendors and are used in environments from mainstream offices to healthcare and critical infrastructure, potentially exposing these networks to attack.
If you’re trying to lock down your accounts and reduce your reliance on passwords, we’ve got an alternative guide that will help you on a number of platforms. And if you feel a general sense of existential dread of all kinds of threats, you’re not alone – the American intelligence community seems to feel the same way.
And there is more. Every week we collect all the news that WIRED has not covered in depth. Click on the headlines to read the full stories. And stay safe out there.
In 2016, the US government tried to force Apple to unlock the iPhone of one of the San Bernardino shooters. The case could have set a precedent that the government could require technology companies to undermine security measures in their products or insert “back doors”. (Several law enforcement agencies and legislators around the world are still advocating for that kind of access). But privacy advocates and security experts alike have said unequivocally and consistently that back doors are dangerous and expose people to unacceptable security and privacy risks. In the San Bernardino case, the FBI eventually found its way into the device without Apple’s help. Reports at the time showed that the FBI paid about $ 1 million to use an iPhone hacking tool developed by a private company. This week, The Washington Post revealed that the company that sold the tool is not one of the more famous players, but is instead a small Australian company known as Azimuth, now owned by US defense contractor L3Harris. The news provides a useful detail as companies oppose other such orders that may come from the US Department of Justice or other governments in the future.
As part of the White House sanctions against Russia this week, the Biden administration has drawn up a list of cybersecurity vendors who have reportedly provided hacking tools and other services to the Russian government’s offending hackers. One such company, Positive Technologies, is a member of Microsoft’s Active Protections Program, a group of nearly 100 software vendors that receive advance warning from Microsoft about vulnerabilities in Windows or other Microsoft products before a patch is released. Microsoft sometimes shares proofs-of-concept that a vulnerability can be maliciously exploited in an attempt to coordinate the disclosure of the flaw. The idea is that Microsoft’s trusted security partners jump into the inevitable stream of malicious activity that occurs once patches are released and allow attackers to reverse engineer all over the place to build their own hacking tools. If Positive Technologies had worked closely with the Russian government, it could have leaked the information and allowed attackers to modify their techniques or weaponize flaws they were not aware of. The company firmly denied the allegations.
The European Commissioner for Budget and Administration said this week that the SolarWinds hacking may have compromised six European Union offices. A total of 14 EU agencies were using a version of the affected SolarWinds Orion software at the time of the hack. The EU’s Computer Emergency Response Team did not say which six agencies downloaded the contaminated update and did not work out how many of the six had actually been deeply compromised by Russian hackers. However, CERT-EU said that at least some of the six had a “significant impact” and “some personal data breaches have occurred.”
More great WIRED stories
- 📩 The latest news on technology, science and more: receive our newsletters!
- A boy, his brain and decades of medical controversy
- How to combine clothes for your next outdoor adventure
- Falcons, Lokis, Nerd Guns and why you don’t care
- Larry Brilliant has a plan to hasten the end of the pandemic
- Facebook’s “Red Team X” is hunting for bugs outside its walls
- 👁️ Explore AI like never before with our new database
- 🎮 WIRED Games: Get the latest tips, reviews and more
- 🎧 Things don’t sound right? Check out our favorite wireless headphones, sound bars and Bluetooth speakers