Tech News
Indicted NYC mayor to FBI: I, uh, forgot my phone’s passcode
Security - Posted On:2024-09-27 13:15:01 Source: arstechnica
New York City mayor Eric Adams was stopped on the street by the FBI after an event in November 2023. Agents had a warrant for his electronic devices, which they seized. At the time, Adams made clear that he had nothing to hide, saying in a statement, "As a former member of law enforcement, I expect all members of my staff to follow the law and fully cooperate with any sort of investigation—and I will continue to do exactly that."
Thanks to this week's federal indictment (PDF) of Adams—the first for a sitting NYC mayor, and one that alleges bribery from Turkish sources—we now have the same story from the government's perspective. It sounds quite a bit different.
According to the feds, agents seized not one but two cell phones from Adams on November 6, 2023—but neither of these was Adams' "personal" phone, which he was not carrying. It was the personal phone that Adams allegedly used "to communicate about the conduct described in this indictment."
14 dead as Hezbollah walkie-talkies explode in second, deadlier attack
Security - Posted On:2024-09-18 15:45:00 Source: arstechnica
Wireless communication devices have exploded again today across Lebanon in a second attack even deadlier than yesterday's explosion of thousands of Hezbollah pagers. According to Lebanon's Ministry of Health, the new attack has killed at least 14 more people and injured more than 450.
Today's attack targeted two-way radios ("walkie-talkies") issued to Hezbollah members. The radios exploded in the middle of the day, with at least one going off during a funeral for people killed in yesterday's pager attacks. A New York Times report on that funeral described the moment:
When the blast went off, a brief, eerie stillness descended on the crowd. Mourners looked at one another in disbelief. The religious chants being broadcast over a loudspeaker abruptly stopped.
Then panic set in. People started scrambling in the streets, hiding in the lobbies of nearby buildings, and shouting at one another, “Turn off your phone! Take out the battery!” Soon a voice on the loudspeaker at the funeral urged everyone to do the same...
One woman, Um Ibrahim, stopped a reporter in the middle of the confusion and begged to use the reporter’s cellphone to call her children. The woman dialed a number with her hands shaking, then screamed into the phone, “Turn off your phones now!”
The story appears to capture the current mood in Lebanon, where no one seems quite sure what will explode next. While today's attack against walkie-talkies is well-attested, various unconfirmed reports suggest that people fear an explosion from just about anything with a battery.
Elon Musk threatens to sue FAA after feds propose fining SpaceX $633,000
Security - Posted On:2024-09-18 12:30:01 Source: arstechnica
The Federal Aviation Administration alleged Tuesday that SpaceX violated its launch license requirements on two occasions last year by using an unauthorized launch control center and fuel farm at NASA's Kennedy Space Center in Florida.
The regulator seeks to fine SpaceX $633,009 for the alleged violations, which occurred during a Falcon 9 launch and a Falcon Heavy launch last year. Combined, the proposed fines make up the largest civil penalty ever imposed by the FAA's commercial spaceflight division.
“Safety drives everything we do at the FAA, including a legal responsibility for the safety oversight of companies with commercial space transportation licenses,” said Marc Nichols, the FAA's chief counsel, in a statement. “Failure of a company to comply with the safety requirements will result in consequences.”
11 dead, thousands injured in explosive supply chain attack on Hezbollah pagers
Security - Posted On:2024-09-18 01:30:00 Source: arstechnica
A massive wave of pager explosions across Lebanon and Syria beginning at 3:30 pm local time today killed at least 11 people and injured more than 2,700, according to local officials. Many of the injured appear to be Hezbollah members, although a young girl is said to be among the dead.
Anonymous officials briefed on the matter are now describing it as a supply chain attack in which Israel was able to hide small amounts of explosives inside Taiwanese pagers shipped to Lebanon. The explosive was allegedly triggered by a small switch inside the pagers that would be activated upon receiving a specific code. Once that code was received, the pagers beeped for several seconds—and then detonated.
New York Times reporters captured the chaos of the striking scene in two anecdotes:
8 dead, 2,700 injured after simultaneous pager explosions in Lebanon
Security - Posted On:2024-09-17 13:30:00 Source: arstechnica
A massive wave of pager explosions across Lebanon and Syria around 3:30 pm local time today has killed at least eight people and injured more than 2,700, according to local officials. Many of the injured appear to be Hezbollah members, although a young girl is said to be among the dead.
New York Times reporters captured the chaos of the striking scene in two anecdotes:
Ahmad Ayoud, a butcher from the Basta neighborhood in Beirut, said he was in his shop when he heard explosions. Then he saw a man in his 20s fall off a motorbike. He appeared to be bleeding. “We all thought he got wounded from random shooting,” Ayoud said. “Then a few minutes later we started hearing of other cases. All were carrying pagers.”
...
Residents of Beirut’s southern suburbs, where many of the explosions took place, reported seeing smoke coming from people’s pockets followed by a blast like a firework. Mohammed Awada, 52, was driving alongside one of the victims. “My son went crazy and started to scream when he saw the man’s hand flying away from him,” he said.
Video from the region already shows a device exploding in a supermarket checkout line, and pictures show numerous young men lying on the ground with large, bloody wounds on their upper legs and thighs.
Metal bats have pluses for young players, but in the end it comes down to skill
Security - Posted On:2024-09-03 17:45:00 Source: arstechnica
There's long been a debate in baseball circles about the respective benefits and drawbacks of using wood bats versus metal bats. However, there are relatively few scientific studies on the topic that focus specifically on young athletes, who are most likely to use metal bats. Scientists at Washington State University (WSU) conducted their own tests of wood and metal bats with young players. They found that while there are indeed performance differences between wooden and metal bats, a batter's skill is still the biggest factor affecting how fast the ball comes off the bat, according to a new paper published in the Journal of Sports Engineering and Technology.
According to physicist and acoustician Daniel Russell of Penn State University—who was not involved in the study but has a long-standing interest in the physics of baseball ever since his faculty days at Kettering University in Michigan—metal bats were first introduced in 1974 and soon dominated NCAA college baseball, youth baseball, and adult amateur softball. Those programs liked the metal bats because they were less likely to break than traditional wooden bats, reducing costs.
Players liked them because it can be easier to control metal bats and swing faster, as the center of mass is closer to the balance point in the bat's handle, resulting in a lower moment of inertia (or "swing weight"). A faster swing doesn't mean that a hit ball will travel faster, however, since the lower moment of inertia is countered by a decreased collision efficiency. Metal bats are also more forgiving if players happen to hit the ball away from the proverbial "sweet spot" of the bat. (The definition of the sweet spot is a bit fuzzy because it is sometimes defined in different ways, but it's commonly understood to be the area on the bat's barrel that results in the highest batted ball speeds.)
Shocker: French make surprise arrest of Telegram founder at Paris airport
Security - Posted On:2024-08-24 22:15:00 Source: arstechnica
Late this afternoon at a Parisian airport, French authorities detained Pavel Durov, the founder of the Telegram messaging/publication service. They are allegedly planning to hit him tomorrow with serious charges related to abetting terrorism, fraud, money laundering, and crimes against children, all of it apparently stemming from a near-total lack of moderation on Telegram. According to French authorities, thanks to its encryption and support for crypto, Telegram has become the new top tool for organized crime.
The French outlet TF1 had the news first from sources within the investigation. (Reuters and CNN have since run stories as well.) Their source said, "Pavel Durov will definitely end up in pretrial detention. On his platform, he allowed an incalculable number of offenses and crimes to be committed, which he does nothing to moderate nor does he cooperate."
Durov is a 39-year-old who gained a fortune by building VKontakte, a Russian version of Facebook, before being forced out of his company by the Kremlin. He left Russia and went on to start Telegram, which became widely popular, especially in Europe. He was arrested today when his private plane flew from Azerbaijan to Paris's Bourget Airport.
After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud
Security - Posted On:2024-08-23 18:15:00 Source: arstechnica
Dr. Emmanouil "Manos" Antonakakis runs a Georgia Tech cybersecurity lab and has attracted millions of dollars in the last few years from the US government for Department of Defense research projects like "Rhamnousia: Attributing Cyber Actors Through Tensor Decomposition and Novel Data Acquisition."
The government yesterday sued Georgia Tech in federal court, singling out Antonakakis and claiming that neither he nor Georgia Tech followed basic (and required) security protocols for years, knew they were not in compliance with such protocols, and then submitted invoices for their DoD projects anyway. (Read the complaint.) The government claims this is fraud:
At bottom, DoD paid for military technology that Defendants stored in an environment that was not secure from unauthorized disclosure, and Defendants failed to even monitor for breaches so that they and DoD could be alerted if information was compromised. What DoD received for its funds was of diminished or no value, not the benefit of its bargain.
Given the nature of his work for DoD, Antonakakis and his lab are required to abide by many sets of security rules, including those outlined in NIST Special Publication 800–171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."
Microsoft to host security summit after CrowdStrike disaster
Security - Posted On:2024-08-23 18:15:00 Source: arstechnica
Microsoft is stepping up its plans to make Windows more resilient to buggy software after a botched CrowdStrike update took down millions of PCs and servers in a global IT outage.
The tech giant has in the past month intensified talks with partners about adapting the security procedures around its operating system to better withstand the kind of software error that crashed 8.5 million Windows devices on July 19.
Critics say that any changes by Microsoft would amount to a concession of shortcomings in Windows’ handling of third-party security software that could have been addressed sooner.
Researchers hack electronic shifters with a few hundred dollars of hardware
Security - Posted On:2024-08-15 07:45:00 Source: arstechnica
Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks. Performance-enhancing drugs. Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs.
Now, for those who fail to download a software patch for their gear shifters—yes, bike components now get software updates—there may be hacker saboteurs to contend with, too.
Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips
Security - Posted On:2024-08-10 10:30:00 Source: arstechnica
Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer's memory that, in many cases, it may be easier to discard a machine than to disinfect it.
At the Defcon hacker conference, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they're calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware. IOActive's researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.
It’s not worth paying to be removed from people-finder sites, study says
Security - Posted On:2024-08-08 14:45:00 Source: arstechnica
If you've searched your name online in the last few years, you know what's out there, and it's bad. Alternately, you've seen the lowest-common-denominator ads begging you to search out people from your past to see what crimes are on their record. People-search sites are a gross loophole in the public records system, and it doesn't feel like there's much you can do about it.
Not that some firms haven't promised to try. Do they work? Not really, Consumer Reports (CR) suggests in a recent study.
"[O]ur study shows that many of these services fall short of providing the kind of help and performance you'd expect, especially at the price levels some of them are charging," said Yael Grauer, program manager for CR, in a statement.
Who are the two major hackers Russia just received in a prisoner swap?
Security - Posted On:2024-08-01 20:30:00 Source: arstechnica
As part of today’s blockbuster prisoner swap between the US and Russia, which freed the journalist Evan Gershkovich and several Russian opposition figures, Russia received in return a motley collection of serious criminals, including an assassin who had executed an enemy of the Russian state in the middle of Berlin.
But the Russians also got two hackers, Vladislav Klyushin and Roman Seleznev, each of whom had been convicted of major financial crimes in the US. The US government said that Klyushin “stands convicted of the most significant hacking and trading scheme in American history, and one of the largest insider trading schemes ever prosecuted.” As for Seleznev, federal prosecutors said that he has “harmed more victims and caused more financial loss than perhaps any other defendant that has appeared before the court.”
What sort of hacker do you have to be to attract the interest of the Russian state in prisoner swaps like these? Clearly, it helps to have hacked widely and caused major damage to Russia’s enemies. By bringing these two men home, Russian leadership is sending a clear message to domestic hackers: We’ve got your back.
To guard against cyberattacks in space, researchers ask “what if?”
Security - Posted On:2024-07-05 15:00:00 Source: arstechnica
If space systems such as GPS were hacked and knocked offline, much of the world would instantly be returned to the communications and navigation technologies of the 1950s. Yet space cybersecurity is largely invisible to the public at a time of heightened geopolitical tensions.
Cyberattacks on satellites have occurred since the 1980s, but the global wake-up alarm went off only a couple of years ago. An hour before Russia’s invasion of Ukraine on February 24, 2022, its government operatives hacked Viasat’s satellite-Internet services to cut off communications and create confusion in Ukraine.
I study ethics and emerging technologies and serve as an adviser to the US National Space Council. My colleagues and I at California Polytechnic State University’s Ethics + Emerging Sciences Group released a US National Science Foundation-funded report on June 17, 2024, to explain the problem of cyberattacks in space and help anticipate novel and surprising scenarios.
How ShinyHunters hackers allegedly pilfered Ticketmaster data from Snowflake
Security - Posted On:2024-06-18 12:45:00 Source: arstechnica
Hackers who stole terabytes of data from Ticketmaster and other customers of the cloud storage firm Snowflake claim they obtained access to some of the Snowflake accounts by first breaching a Belarusian-founded contractor that works with those customers.
About 165 customer accounts were potentially affected in the recent hacking campaign targeting Snowflake’s customers, but only a few of these have been identified so far. In addition to Ticketmaster, the banking firm Santander has also acknowledged that their data was stolen but declined to identify the account from which it was stolen. Wired, however, has independently confirmed that it was a Snowflake account; the stolen data included bank account details for 30 million customers, including 6 million account numbers and balances, 28 million credit card numbers, and human resources information about staff, according to a post published by the hackers. Lending Tree and Advance Auto Parts have also said they might be victims as well.
Snowflake has not revealed details about how the hackers accessed the accounts, saying only that the intruders did not directly breach Snowflake’s network. This week, Google-owned security firm Mandiant, one of the companies engaged by Snowflake to investigate the breaches, revealed in a blog post that in some cases the hackers first obtained access through third-party contractors, without identifying the contractors or stating how this access aided the hackers in breaching the Snowflake accounts.
Ransomware gangs are adopting “more brutal” tactics amid crackdowns
Security - Posted On:2024-06-11 13:00:00 Source: arstechnica
Today, people around the world will head to school, doctor’s appointments, and pharmacies, only to be told, “Sorry, our computer systems are down.” The frequent culprit is a cybercrime gang operating on the other side of the world, demanding payment for system access or the safe return of stolen data.
The ransomware epidemic shows no signs of slowing down in 2024—despite increasing police crackdowns—and experts worry that it could soon enter a more violent phase.
“We’re definitely not winning the fight against ransomware right now,” Allan Liska, a threat intelligence analyst at Recorded Future, tells WIRED.
Ransomware gangs are adopting “more brutal” tactics amidst crackdowns
Security - Posted On:2024-06-11 10:15:00 Source: arstechnica
Today, people around the world will head to school, doctor’s appointments, and pharmacies, only to be told, “Sorry, our computer systems are down.” The frequent culprit is a cybercrime gang operating on the other side of the world, demanding payment for system access or the safe return of stolen data.
The ransomware epidemic shows no signs of slowing down in 2024—despite increasing police crackdowns—and experts worry that it could soon enter a more violent phase.
“We’re definitely not winning the fight against ransomware right now,” Allan Liska, a threat intelligence analyst at Recorded Future, tells WIRED.
Faulty valve scuttles Starliner’s first crew launch
Security - Posted On:2024-05-07 10:00:00 Source: arstechnica
Astronauts Butch Wilmore and Suni Williams climbed into their seats inside Boeing's Starliner spacecraft Monday night in Florida, but trouble with the capsule's Atlas V rocket kept the commercial ship's long-delayed crew test flight on the ground.
Around two hours before launch time, shortly after 8:30 pm EDT (00:30 UTC), United Launch Alliance's launch team stopped the countdown. "The engineering team has evaluated, the vehicle is not in a configuration where we can proceed with flight today," said Doug Lebo, ULA's launch conductor.
The culprit was a misbehaving valve on the rocket's Centaur upper stage, which has two RL10 engines fed by super-cold liquid hydrogen and liquid oxygen propellants.
Hackers are using developing countries for ransomware practice
Security - Posted On:2024-04-24 11:00:00 Source: arstechnica
Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia, and South America before targeting richer countries that have more sophisticated security methods.
Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.
“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.
Hackers are carrying out ransomware experiments in developing countries
Security - Posted On:2024-04-24 10:15:00 Source: arstechnica
Cyber attackers are experimenting with their latest ransomware on businesses in Africa, Asia and South America before targeting richer countries that have more sophisticated security methods.
Hackers have adopted a “strategy” of infiltrating systems in the developing world before moving to higher-value targets such as in North America and Europe, according to a report published on Wednesday by cyber security firm Performanta.
“Adversaries are using developing countries as a platform where they can test their malicious programs before the more resourceful countries are targeted,” the company told Banking Risk and Regulation, a service from FT Specialist.