Congratulations, the week that somehow lasted four months is finally over. At the time of writing this post, the Associated Press still hadn't called a winner in the US presidential election. (Donald Trump tried to declare victory early Wednesday morning, but it doesn't work like that. At all.) While you wait, let's catch up on some security news you may have missed while you were watching maps change color on cable news.
Earlier this week, the cryptocurrency world had a mystery on its hands when someone emptied a billion dollars from a bitcoin wallet that had sat untouched for years. (Yes, billion.) The sleuthing was short-lived; it turned out that the IRS had tracked down the wallet's owner after establishing that so-called Individual X had amassed the trove in the first place by hacking the Silk Road seven years ago. It's the biggest cryptocurrency seizure in US history, and it's not even close. Law enforcement also shut down a West Virginia man who was allegedly selling 3D-printed machine gun components—barely disguised as wall hangers—to so-called Boogaloo Boys extremists.
Some privacy strides were made this week in various corners. Zoom has finally added real end-to-end encryption, so we walked through how to turn it on and what you have to give up to do so. WhatsApp added disappearing messages, although with less flexibility than other encrypted platforms give you. And while the presidential race remains in doubt, privacy-friendly ballot initiatives comfortably passed in both Michigan and California.
To round out the election news, we took a look at how smoothly Election Day itself went, and how you can thank years of overdue investment and smart decisions for it. We also enjoyed this livestream of ballot-counting in Philadelphia—and explained how every step of the process works.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
Apple released its latest iOS update this week, and while the new emojis it comes with are exciting, you'll also want it to fix a raft of security issues for iPhone and iPad. iOS 14 patches 24 bugs in all, including three reported by Google's elite Project Zero team that have been actively exploited by hackers. That doesn't mean that you specifically are at risk; those sorts of previously undisclosed bugs are typically reserved for high-value targets. (Google did specify that the apparent victims weren't election-related.) And it's likely that your Apple device has updated on its own by now. But just in case, head to Settings, then General, then Software Update. If you're not on 14.2 yet, tap Download and Install. And that's it! All better.
Another day, another massive ransomware attack. This time the victim is video game developer Capcom, which appears to have been compromised by the Ragnar Locker ransomware family. The hackers say they have a terabyte of data, that they'll either publish on the internet or sell at auction if Capcom doesn't meet their demands. According to Bleeping Computer, the ransom has been set at $11 million, just the latest in a series of "big-game hunting" attacks as ransomware groups become increasingly emboldened. Capcom's not even the first major video game publisher to get hit; last month, hackers not only compromised Ubisoft, they posted the company's data online.
Russia has a famously lax enforcement policy when it comes to hackers; in fact, the government frequently farms out tasks to criminal groups. But a 20-year-old ransomware author apparently didn't get the memo that the copacetic arrangement only applies if you focus your efforts to other countries. The unnamed suspect's malware strains allegedly infected over 2,000 computers within Russia itself, drawing the rare attention of authorities there.
The US continues to combat Iran's propaganda efforts, this week taking down 27 domains that posed as news outlets but were in fact controlled by the the country's Islamic Revolutionary Guard Corps. Four of the sites targeted the US with pro-Iran stories, while the rest focused on other regions around the world. Last month, the US seized 92 sites with the same modus operandi.