As nations around the world continue to seek access to encrypted communications, the Facebook-owned messaging platform WhatsApp sued the Indian government this week to challenge new rules requiring that apps be able to trace the “first originator” of messages. Creating such a capability would undermine WhatsApp’s end-to-end encryption protections, potentially impacting the privacy and security of not just its more than 400 million users in India, but billions more worldwide.
In other geopolitical skirmish news, Microsoft said this week that the same Russian spy group that was behind the SolarWinds hacking spree has also been actively working on a phishing campaign that compromised a USAID mass email account. The activity is important, but it’s more likely a sign of a return to business as usual rather than a digital escalation.
Researchers at Google published findings on Tuesday about fresh risks to current memory chips from the mind-bending physical-digital hacking technique known as Rowhammer. A novel piece of wiper malware, likely made by Iranian hackers, has been hitting Israeli targets. And researchers are studying how blurry, outdated satellite images from platforms like Google Earth can make it harder and more costly for aid groups to do work in Israel and Palestine.
If you’re looking to do some digital spring cleaning over the long weekend, we’ve got advice on how to avoid app store scams. And researchers this week detailed a fake movie streaming site that hackers built from scratch to better ensnare victims, featuring such made-up instant cinema classics as The Dog Woof and Women’s Day.
And there’s more! Each week we round up all the news WIRED didn’t cover in depth. Click on the headlines to read the full stories, and stay safe out there.
United States soldiers who manage nuclear weapons need to memorize a ton of security procedures. But an investigation by Bellingcat shows that some personnel based in Europe have been using flash card apps to commit all the protocols to memory. Not only that, the details they’ve put on the digital cards inadvertently expose sensitive details about US nuclear weapons in Europe. The information includes information like where weapons are likely stored within bases, patrol schedules, security camera locations, attributes of ID badges, and even safe words that guards are supposed to use if they’re being threatened to warn others. The Bellingcat researchers were able to find the cards by searching for “terms publicly known to be associated with nuclear weapons.”
The crowdsourced crime-tracking app Citizen canceled plans this week to build and deploy a private police force after piloting the idea in Los Angeles last month. The test run involved deploying a Citizen-branded police car; only company employees could participate in the experiment and call the unit, staffed by the private firm Los Angeles Professional Security, through the app. More broadly, the app has been criticized for fueling anxiety and paranoia, and pushing users toward taking the law into their own hands. After speaking to former employees and other sources close to the company and reviewing internal documents, Motherboard recounts a number of furious manhunts spurred by the company’s own employees that targeted innocent individuals. “FIND THIS FUCK,” CEO Andrew Frame told employees in Citizen’s slack one night. “LETS GET THIS GUY BEFORE MIDNIGHT HES GOING DOWN.”
Chinese surveillance equipment that the US government has linked to human rights abuses against Uyghur Muslims in Xinjiang, China, has been purchased by at least 100 US counties, cities, and towns, according to contracts seen by TechCrunch. In some cases, localities have spent tens of thousands of dollars or more with vendors Hikvision and Dahua. Both companies have been on a US federal blacklist since 2019, and Congress banned federal agencies from making purchases with the companies, which sell products like security cameras and thermal image scanners. But those federal-level bans don’t preclude municipalities from doing business with the companies, so long as they don’t use federal funds in the transactions.
A breach of the Japanese tech company Fujitsu allowed attackers to compromise numerous Japanese businesses and government agencies through Fujitsu’s popular information sharing portal ProjectWEB. Japan’s Ministry of Land, Infrastructure, Transport, and Tourism, as well as the National Cyber Security Center of Japan, said on Wednesday that attackers had exfiltrated data, including proprietary information, by compromising ProjectWEB. It is not yet known whether the breach was the result of a vulnerability in the platform.
More Great WIRED Stories