On Monday, a small configuration mistake at an internet service provider and infrastructure company caused internet outages around the United States for a few hours, reverberating across other ISPs' networks as well. Cool way to start the week. From there, research indicated this week that the Kremlin-linked hacking group APT28 (also known as Fancy Bear) has been exploiting a newly exposed vulnerability in Microsoft Office to do topical phishing attacks referencing the recent ISIS bike path attack in New York City.
WIRED did deep dives into the ubiquitous and extremely clever Mimikatz password hacking tool, the crippling deluge of spam attacks journalists can receive in retaliation for controversial reporting, and the never ending question of whether Facebook is always listening to users' lives through their smartphone microphones.
The Pentagon has spent more than a year working with civilian hackers to find vulnerabilities in their systems—and the collaboration is actually making the Department of Defense more secure. Chrome is taking steps to block annoying, unwanted (and sometimes dangerous) webpage redirects. And that effective Netflix phishing scheme is making the rounds once again. It could be coming soon to an inbox near you! Take WIRED's advice and lock down your iOS 11 privacy and security settings right now. And while you're at it, make sure your cryptocurrency is safe, too.
And there's more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.
Almost $300 million-worth of the cryptocurrency ether is locked in digital wallets and unreachable because of an alleged mistake that triggered a bug in a popular wallet from Parity. The company released a security alert on Wednesday.
The flaw created a situation where Parity's multi-signature wallets (that require multiple sign offs on transactions) could be converted to individual wallets and taken over by a new single owner. A user, known on some sites as "devops199," triggered the bug this week (apparently by accident), gaining sole access to a number of formerly multi-signature wallets. From there the user eliminated their own access to the wallets—perhaps in a misguided attempt to undo what had happened. This is called killing or "suiciding" your wallet connection, because it means that no one will ever be able to access the wallet and whatever is in it will be stuck. Crucially, the software flaw that enabled this situation was in code meant to fix a different Parity bug that hackers used in July to steal $32 million-worth of ether. A possible solution would be a "hard fork" of Ethereum that would undo the situation and restore the trapped currency—kind of like a parallel universe in which the incident never occurred. The Ethereum community had chosen to make a hard fork once before after an attacker stole about $50 million-worth of currency last year.
WikiLeaks posted alleged CIA source code on Thursday, publishing details of a hacking tool called Hive that generates phony authentication certificates to communicate with malware installed on victim devices. As part of its Vault 7 release, Wikileaks already published documentation about Hive earlier this year. The organization has now selected the tool as the first in its “Vault 8” source code release series.
Wikileaks notes that one example of a forged Hive certificate pretended to come from the antivirus vendor Kaspersky Labs. CEO Eugene Kaspersky said in a statement, “We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected.”
The Wikileaks release comes as Kaspersky Labs, a Russian company whose antivirus products are used around the world, is embroiled in extensive controversy over its potential participation in Kremlin espionage. Security experts also noted the potential dangers of the Vault 8 source code releases. While they said the Hive publication is unlikely to particularly aid malicious hackers, future releases might. For example, the alleged NSA Windows exploit known as Eternal Blue was leaked by hackers known as the Shadow Brokers in April and was subsequently used in damaging cyber attacks like the WannaCry ransomware outbreak.
Hackers compromised at least 195 websites owned by Donald Trump, his businesses, or his family in 2013 as part of a campaign that may have originated in Russia. Researchers say that users who visited the hijacked sites—which included domains like donaldtrump.org, donaldtrumprealty.com, and barrontrump.com—would have been redirected to malware distribution sites hosted on servers in St. Petersburg. Many of the URLs were not in active use. The attackers' redirect pages contained common malware like ransomware and password theft tools. The hacked sites were slowly reclaimed from the hackers and purged over the years, but the AP reports that the last of the still-compromised sites weren't fixed until last week when AP reporters asked the Trump Organization about the situation. It is unclear whether any of the sites succeeded in victimizing unsuspecting internet users, and the identity of the hackers is still unknown. They may or may not have been working for the Russian government or at all related to the attackers who infiltrated the DNC. Trump representatives deny that the websites were hacked.
The credit reporting bureau Equifax said on Thursday that it has racked up $87.5 million in expenses because of its giant data breach, disclosed in September. The company is also embroiled in dozens of state and federal investigations plus inquiries from Canada and the United Kingdom as a result of the massive blunder. And 240 lawsuits against the company are working toward class action status. On Thursday the company reported third-quarter profits of $96.3 million, a drop of 27 percent since the same quarter last year. The company says it still cannot estimate the final total of what the breach will cost.
