For months, hackers have targeted Iran’s public infrastructure, hitting everything from trains to gas stations to airlines. It appears to be an escalation in long-running tensions with Israel—one that shows how cyberattacks can have impact in the real world. In this case those repercussions are particularly concerning because they’re felt primarily by civilians.
In other regional news, spyware from the Israel-based NSO Group was reportedly found on the phones of nearly a dozen US State Department officials. The victims were either living in Uganda or working on issues related to the country. The incident lays bare how thin NSO Group’s rationalizations of its flagship surveillance product have always been, although it remains unclear if anything will curb the near-constant abuses carried out by authoritarian governments.
Security researchers think they’ve found a better way to spot state-sponsored trolls on Reddit. Malicious apps designed to steal banking information snuck into the Google Play Store and were downloaded more than 300,00 times before getting booted. And a bug in cryptocurrency service MonoX Finance let hackers get away with a $31 million heist.
Facebook will require its most at-risk users to put two-factor authentication on their accounts. As Android 12 rolls out to more devices, we took a look at the privacy settings you should check right now. And so-called watering hole attacks have become increasingly common; we talked through what they are, and why they’re so insidious.
Lastly, all apologies to Sneakers, Hackers, and WarGames, but The Matrix is the best hacker movie of all time.
And there’s more! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.
Between October 7 and October 19, a hacker gained access to the network of Planned Parenthood’s Los Angeles outpost and stole data related to 400,000 patients. The organization disclosed to victims that the information included not only their name, address, and other identifying information, but also details about their procedures and prescriptions. While the news comes the same week that the US Supreme Court heard oral arguments in an case related to a controversial Mississippi abortion law, the hack itself appears to have been ransomware-related rather than politically motivated.
We’ve written before about the shortfalls of so-called predictive policing, in which law enforcement uses data to guess where crimes will happen and who will commit them and allocates resources accordingly. This week, new reporting from the Markup and Gizmodo showed that these systems disproportionally affect Black and Latino neighborhoods. It’s a damning deep dive that’s well worth your time.
Tor is an invaluable anonymity tool that relies on thousands of proxy servers to route encrypted traffic through. It turns out, though, that a sophisticated actor has been running hundreds of those servers in bad faith. On closer observation, one researcher suspects that they’re attempting to gather information about people using the Tor network. The Tor Project has been taking removing the malicious servers from the network as they’ve been reported, but at one point the threat actor ran as many as 900 at one time.
Earlier this year, router manufacturer Ubiquiti suffered a hack that an apparent whistleblower attributed to outside hackers. Now, a Justice Department indictment alleges that the incident was actually an insider job, and that the whistleblower was in fact the assailant all along. If the allegations hold up, it’s an incredibly brazen series of actions, and well worth taking a few minutes to sift through.
More Great WIRED Stories