It was a an unprecedented and historic week in the United States when a mob of supporters of President Donald Trump revolted on Capitol Hill in Washington, DC and stormed the Capitol, forcing Congress to evacuate and temporarily halting the symbolic certification of Joe Biden’s election as president. Digital archivists and others rushed to preserve photos and footage of the uprising, while social networks implemented ad hoc content moderation policies. Meanwhile, national security experts are wary of the risks the incident poses to information security – and national security – in the Capitol.
In other news, transparency activists DDoSecrets, a sort of successor to WikiLeaks, are publishing a wealth of company information – a move that was particularly controversial given that the data was originally stolen by ransomware attackers. And speaking of Wikileaks, the UK on Monday rejected the US Department of Justice’s request to extradite Julian Assange, citing Assange’s mental state and suicide risk rather than any evaluation of whether the WikiLeaks founder violated the espionage law.
WhatsApp users were notified this week that a change to the app’s privacy policy meant they could no longer opt out of sharing data with Facebook – which was confusing given that WhatsApp has been sharing that data since 2016 and only opted out- option offered for a volatile 30-day period that year. And Ticketmaster was caught hacking into the systems of a rival company and agreed to pay a $ 10 million fine to settle the case with federal prosecutors.
And there is more. Below we’ve collected the most important SolarWinds stories from the internet so far. Click on the headlines to read them and stay safe there.
Since it was revealed that SolarWinds’ Orion IT management tool was exploited in an attack on the software supply chain, the cybersecurity industry has feared news that the same Russian hackers are also piggybacking on other popular software. This week, FBI sources told Reuters that Czech Republic-based software company JetBrains has come under scrutiny as another potential victim – and potential vector for corrupt code. TeamCity, JetBrains ‘project management tool, is used by tens of thousands of customers, including SolarWinds, increasing the possibility that it may have served as the first point of infection within SolarWinds’ network. The fact that JetBrains was founded by three Russian engineers has given the company further suspicion. But the St. Petersburg-based CEO of JetBrains said this week that he has not been contacted by the FBI or any other agency. Nor, he says, has JetBrains seen any evidence that it was itself breached by hackers, not to mention using it to further breach SolarWinds’ systems.
Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, became a cause célèbre in November when President Trump fired him for arguing – rightly – that the allegations of widespread election hacking and fraud by the president and his supporters were false. Now, after a federal career credited by many with helping secure the 2020 presidential election from foreign interference, Krebs is venturing into the other massive cybersecurity story of the past year: the Russian hacker break-in into SolarWinds, a Texas-based company whose software had been hijacked and used to penetrate the networks of at least half a dozen federal agencies. SolarWinds has hired Krebs to help it recover and recover from the breach that put it at the epicenter of that far-reaching hacking scandal. He will be joined by former Facebook and Yahoo chief security officer Alex Stamos, who signed up with video conferencing company Zoom in the same way last spring to help it fix its security vulnerabilities. Krebs and Stamos will both partner with SolarWinds through a consultancy they founded, the Krebs Stamos Group. Given that SolarWinds’ stock has lost more than a third of its value, or about $ 2.5 billion, since news of the breach broke out, the fees the company pays to that consulting firm are – likely very large – undoubtedly a rounding error for the total cost of an infringement.
Desmond Tan, Singapore’s minister of state for the Interior Ministry, told parliament on Monday that Singaporean police may use data from the country’s Covid-19 contact tracking platform in investigations. Originally, the service was marketed as collecting as little information as possible and as a single tool for contact tracing. But on Monday, the platform was updated to reflect the potential for access for law enforcement officials. More than four million of Singapore’s 6 million residents are reported to use the app.