This week the US alleged that Iranian hackers sent emails to voters in key states posing as the Proud Boys white supremacist group, which is to say that election interference is already upon us. We took a look at the 12 cyberthreats that officials are most concerned about—including the type of targeted misinformation that's already playing out.
The Department of Justice also took the important step of indicting the Russian hackers allegedly behind Sandworm, the notorious group responsible for some of the most devastating attacks of the last several years, from blackouts in Ukraine to NotPetya, the most costly cyberassault in history. (You can read much, much more about Sandworm in WIRED senior writer Andy Greenberg's book about the group.) A few days later, the US Treasury Department imposed sanctions on the Russian research institution behind Triton, dangerous malware that targets industrial control systems.
For all the concern about how deepfakes might affect the election, it turns out the most sinister use of the technology as been a porn bot that has artificially removed the clothing from photos of over 100,000 targeted women. In other privacy news, Facebook will soon file its first report to the Federal Trade Commission on how it's holding up its end of that $5 billion settlement. WIRED spoke with the company's two chief privacy officers, who insist both that everything's different this time and that Facebook was built with privacy in mind in the first place.
A new report shows just how pervasive the technology is that lets police unlock smartphones. And make sure you set aside a few minutes this weekend to read the story of the Aurora Generator Test, a 2007 demonstration that showed just how dangerous hacking a grid can be.
And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
OK, well, honestly we've been struggling with this one. Earlier this week, Dutch security researcher Victor Gevers told De Volkskrant that he had recently accessed Donald Trump's Twitter account simply by guessing the password: maga2020! (With slightly different capitalization, this is also apparently the password for the Wi-Fi at Trump rallies.) Gevers says he tried to alert the Trump campaign, Twitter, and others but failed to get a response. A few days later, he says, he saw that Trump's Twitter account had added two-factor authentication, freezing him out. The White House flatly denied that any of this happened, and Twitter said it had "seen no evidence to corroborate this claim"—which is odd, given that it would presumably be able to see if the president's device had logged in from a new device … in Europe. Some other apparent inconsistencies soon came to light as well. But Gevers is highly respected, and it seems unlikely that he would make any of this up. So! It's all very strange. If you take anything away from it, though, it's to please put two-factor authentication on your own accounts.
The game of the moment is Among Us, especially after US representative Alexandria Ocasio-Cortez streamed it on a marathon three-hour Twitch session. Its high profile, though, appears to have attracted the attention of spammers as well, who this week flooded the game's chat feature with links to subscribe to a YouTube channel. Eurogamer spoke with the apparent perpetrators, who claim to have disrupted 1.5 million games as of Friday. Among Us developer Inner Sloth said it's working on containing the problem.
The NSA this week shared a list of the 25 patchable vulnerabilities that Chinese hackers use most, in hopes that potential targets will actually, you know, patch them. A lot of the bugs provide a foothold on internal networks, useful for general espionage purposes. The vulnerabilities also aren't exclusively used by China; they're an entry point for all kinds of criminal activity, especially since they're all publicly detailed. Patch your systems, friends!
Motherboard this week published a great investigative piece about Phantom Secure, a company that sold luxury encrypted phones to cartels and other criminal elements. No spoilers about what happens to the company and its founder, Vince Ramos, but trust us: It's a journey worth digging into.