When you run a big app, it only takes one mistake to endanger countless people. Such is the case of Diksha, a public education app run by India’s Ministry of Education that exposed the personal information of about 1 million teachers and millions of students across the country. The data, which includes things like full names, email addresses and phone numbers, was publicly accessible for at least a year and probably longer, potentially exposing those affected to phishing attacks and other scams.
Speaking of cybercrime, the LockBit ransomware gang has long operated under the radar, thanks to its professional operation and choice of targets. But over the past year, a series of missteps and dramas have thrust the company into the spotlight, potentially threatening its ability to continue operating with impunity.
However, encrypting everything on your computer isn’t just the domain of criminals. This week we explained how to protect your files under digital lock and key on both macOS and Windows. Do you know what exactly is the domain of criminals? Money laundering, which according to a Chainalysis report released this week, is primarily facilitated by just five crypto exchanges, four of which helped spotters cash in $1.1 billion by 2022.
Billionaires like Elon Musk may have cause for celebration. The flight tracking platform ADS-B Exchange, which provided data for the @ElonJet account that tracked the Tesla CEO’s private jet and Twitter, has sold out. The company is now owned by private equity owned aviation intelligence company Jetnet. Fans of ADS-B, including the maker of @ElonJet, are now jumping ship on the assumption that the new owner is more likely to bow to censorship requests from the likes of Musk and the Saudi royal family.
But that is not everything. Each week we round up the stories we haven’t explored ourselves. Click on the headlines to read the full stories. And stay safe out there.
As the catastrophic Russian invasion of Ukraine unfolded over the past year, the Kremlin has also stepped up its repression of domestic and Russian-language media to quell anti-war dissidents. The latest victim of that crackdown is, by some standards, Russia’s leading independent news website: Meduza. On Thursday, the Russian government added Meduza to its list of “undesirable organizations,” effectively banning any collaboration or promotion of the news outlet. The country’s general prosecutor even went so far as to write in a statement that Meduza “poses a threat to the foundations of the constitutional system and security of the Russian Federation”.
Although Meduza has long been based in Latvia to protect it from Russia’s media restrictions and retaliation, the new measure makes it a crime for anyone in Russia to work for the news outlet, talk to its journalists, post a link to its website or even as much as “like” one of his social media posts. A first violation of those restrictions is a felony defense under Russian law, punishable by a fine, but repeated violations are a misdemeanor, punishable by years of imprisonment.
While imprisonment may be unlikely for someone who is not actively involved in the work of the news organization—most violations of the law so far have resulted in a fine-Meduza has warned Russians and anyone traveling to Russia to be careful about removing social media posts linking to or promoting its content. Regardless of how the law is enforced, the chilling effects will undoubtedly be significant, and the draconian ban on Meduza represents another small step in Russia’s long, slow slide into totalitarianism.
The FBI announced this week that it had thwarted the operations of one of the world’s most prolific and disruptive ransomware groups, known as Hive, by taking down its dark website and restoring decryption keys to unlock the systems of victims who were too faced $130 million in total ransom demands. “We hacked the hackers,” Deputy Attorney General Lisa Monaco told reporters at a news conference. In previous years of its extortion-fuelled cybercrime, Hive victimized more than 80 networks and collected more than $100 million in ransom money, according to the FBI. But by cooperating with numerous law enforcement agencies, including the German and Dutch federal police, the FBI secretly gained access to the group’s systems, monitoring and ultimately disrupting them. Despite that victory, no arrests were mentioned in the splashy announcement, indicating that – as usual in ransomware cases – Hive’s hackers are likely to be in non-extradition countries, beyond the reach of Western law enforcement.
The FBI officially pointed the finger at a usual suspect in the ongoing plague of massive breaches and thefts in the cryptocurrency world: North Korea. In its investigation into a robbery that stole $100 million in cryptocurrency last year, the Bureau accused two hacker groups long believed to have ties to Kim Jong Un’s regime, known as APT38 or Lazarus — the latter of which is sometimes used as a broader umbrella term for multiple North Korean hacker units. Those hackers targeted US crypto firm Harmony’s Horizon “bridge”, a system used to facilitate transfers from one cryptocurrency to another. Bridges have become increasingly lucrative targets for thieves, who have stolen hundreds of millions worth of digital currencies from them in recent years. Aside from the name-and-shame announcement, the FBI also says some of the stolen currency was seized as the hackers attempted to launder it, and the agency pointed to crypto addresses where about $40 million of the stolen loot is still stored.
If Madison Square Garden didn’t want a legal scandal from its experiment to use facial recognition technology to spot people it wanted to ban from its location, it might not have started banning lawyers. Following revelations that MSG had used facial recognition to prevent attorneys from multiple firms involved in lawsuits against the venue from attending the events — and then enforced that ban with controversial facial recognition technology — New York Attorney General Letitia James sent a letter to the owners from MSG and demanded more information about its oversight practices. The letter, which suggests that the ban on lawyers is designed to deter people from filing lawsuits against MSG, asks about the reliability of the facial recognition technology MSG uses and whether it protects against bias. “Anyone with a ticket to an event should not be concerned about being unfairly denied entry based on their appearance,” James wrote in a statement, “and we urge MSG Entertainment to reverse this policy. to twist.”