Security, Spoken

Bloviating conspiracy theorist Alex Jones whispered loudly in the front row with far-right media personality Jack Posobiec. Banned Twitter troll Chuck Johnson sat a few seats down giggling intermittently at who knows what. A man in a black shirt with the words “FBI used toddler for SEX" printed in red block print meandered in and out of the room. Learn about your ad choices: dovetail.prx.org/ad-choices

“Twitter could get us into a war.” That sentence, which appears in Bob Woodward’s new book, Fear, about the Trump Administration, has shocked a lot of people. Not me. Because I just wrote a novel in which precisely that same thing happens. And let me tell you: It’s not far-fetched. Of course, we knew that Trump’s chief of staff, John Kelly, and his predecessor, Reince Priebus, both have tried to get the President’s tweeting under control. Learn about your ad choices: dovetail.prx.org/ad-choices

A lot of people may find it hard to remember a time before Chrome. But as Google's browser hits its 10th birthday Tuesday, it's worth noting one under-appreciated source of its popularity: how it made the web more secure. Google developers didn't invent every improvement that made Chrome a more secure alternative to established competitors like Internet Explorer and Safari when it debuted. Learn about your ad choices: dovetail.prx.org/ad-choices

Google's Chrome browser turns 10 today, and in its short life it has introduced a lot of radical changes to the web. From popularizing auto-updates to aggressively promoting HTTPS web encryption, the Chrome security team likes to grapple with big, conceptual problems. That reach and influence can be divisive, though, and as Chrome looks ahead to its next 10 years, the team is mulling its most controversial initiative yet: fundamentally rethinking URLs across the web. Learn about your ad choices: dovetail.prx.org/ad-choices

There are plenty of lawmakers who know next to nothing about technology. Senator Mark Warner isn't one of them. Long before the Virginia Democrat was sworn into the Senate in 2009, Warner built a career in the venture capital and telecom industries. That background has served the senator well since news broke that Facebook, Google, and Twitter all enabled foreign influence campaigns during the 2016 election. Learn about your ad choices: dovetail.prx.org/ad-choices

It may be the end of August, that time when a sticky malaise settles in, but hackers can wreak havoc even during summer vacation. Which is why WIRED’s security writers keep covering the news. Like this story of how Iran set up a global propaganda campaign targeting social media. Issie Lapowski lays out everything we know about the country's 2018 propaganda machine, like how they used fake profile photos to catfish targets, and they had a real thing for Bernie Sanders. Learn about your ad choices: dovetail.prx.org/ad-choices

In June, privacy advocates celebrated the passage of a historic bill in California that gave residents of that state unprecedented control over how companies use their data. Two months later, the party's over. Lobbying groups and trade associations, including several representing the tech industry, immediately started pushing for a litany of deep changes that they say would make the law easier to implement before it goes into effect in January 2020. Learn about your ad choices: dovetail.prx.org/ad-choices

Attorneys general from 20 states celebrated on Monday when a district court judge in Seattle extended an injunction against the sharing of 3-D printed gun blueprints online. But their victory lap was short-lived. On Tuesday afternoon, Cody Wilson, founder of the open-source gun-printing advocacy group Defense Distributed, announced he would begin selling the blueprints directly to people who want them. Learn about your ad choices: dovetail.prx.org/ad-choices

It might feel like there's always a new smartphone on the market with next-generation features that make yours obsolete. But no matter how many iterations mobile devices go through, they're in many ways still based on decades-old electronics. In fact, antiquated 20th century telephone tech can be used to carry out decidedly 21st century attacks on many mainstream smartphones. Learn about your ad choices: dovetail.prx.org/ad-choices

The hour of 4 pm Tuesday, potentially one of the most consequential hours in the history of the American presidency, made clear that history books will almost certainly note Donald Trump’s surprise 2016 election win with an asterisk. Learn about your ad choices: dovetail.prx.org/ad-choices

They set up phony news sites with stories ripped from other sources, backing up their state-sponsored agenda. They stole photos for their social media profiles and made up names to catfish unsuspecting victims. They formed an incestuous web of promotion across Facebook, Twitter, YouTube, Google+, Reddit, and other platforms. They seemed to have a thing for Bernie Sanders. And then they got caught. Learn about your ad choices: dovetail.prx.org/ad-choices

The biggest news in America this week struck like two timed missiles minutes apart on Tuesday afternoon. Though they appear at first blush unrelated to Russia’s hacking of the 2016 US election, they are likely to explode right in the heart of Robert Mueller’s investigation. First. Learn about your ad choices: dovetail.prx.org/ad-choices

On Thursday, T-Mobile confirmed that some of its customer data was breached in an attack the company discovered on Monday. It's a snappy disclosure timeframe, and the carrier said that no financial data, passwords, or Social Security numbers were compromised in the breach. A relief, right? The problem is the customer data that was potentially exposed: name, billing zip code, email address, account number, account type, and phone number. That last one's a particular concern. Learn about your ad choices: dovetail.prx.org/ad-choices

My legs were sticking to the vinyl back seat of a NYC cab when I received the email on a Thursday this July. I was running late to an afternoon dentist appointment, and sending messages on Facebook Messenger. Most of the conversations were for a story I was reporting about a Facebook group for sexual assault survivors, which had been overtaken by abusers. Learn about your ad choices: dovetail.prx.org/ad-choices

You probably assume that someone can only see what's on your computer screen by looking at it. But a team of researchers has found that they can glean a surprising amount of information about what a monitor displays by listening to and analyzing the unintended, ultrasonic sounds it emits. Learn about your ad choices: dovetail.prx.org/ad-choices

On Wednesday, the Democratic National Committee was alerted by Lookout, a mobile security firm, about an apparent phishing campaign. Someone had created fake site that looked just like VoteBuilder, a DNC-managed database that contains years' worth of voter information. Were an unsuspecting DNC employee to give the fake site their username and password, a malicious actor could potentially steal sensitive data. Alarmed, the DNC notified the Federal Bureau of Investigation. Learn about your ad choices: dovetail.prx.org/ad-choices

Following more than a year of unrelenting focus on Russian cyber attacks on Silicon Valley giants, Facebook and Twitter announced Tuesday night that they've now also thwarted a network of suspicious accounts that appear to originate in Iran. First, Facebook announced it had taken down 652 pages, groups, and accounts for "coordinated inauthentic behavior. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, a trifecta of tech companies announced that they had thwarted what appear to be significant cyberattacks from Russia and Iran. First, Microsoft CEO Brad Smith announced that the company had caught another round of phishing attacks on political groups in the United States, which it attributed to the Russian hacking group Fancy Bear. Then it was Facebook's turn. Learn about your ad choices: dovetail.prx.org/ad-choices

It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind. The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor. A ship’s mast carrying the Danish flag is planted by the building’s northeastern corner, and six stories of blue-tinted windows look out over the water, facing a dock where the Danish royal family parks its yacht. Learn about your ad choices: dovetail.prx.org/ad-choices

Early Tuesday, Microsoft announced that last week it seized control of six domains owned by the Russian hacking group Fancy Bear, also known as APT28. The hackers had used the sites to mount midterm election-related phishing campaigns, similar to those Fancy Bear launched during the 2016 United States election season. It's the most prominent, publicly known effort to proactively identify and thwart Russian election hacking efforts—and Microsoft's in a unique position to pull it off. Learn about your ad choices: dovetail.prx.org/ad-choices

In late July, a group of high-ranking Facebook executives organized an emergency conference call with reporters across the country. That morning, Facebook’s chief operating officer, Sheryl Sandberg, explained, they had shut down 32 fake pages and accounts that appeared to be coordinating disinformation campaigns on Facebook and Instagram. Learn about your ad choices: dovetail.prx.org/ad-choices

In a move that has shocked career national security officials, President Trump stripped former CIA Director John Brennan of his security clearance this week, and announced he was considering doing so for a host of others. The move so enraged retired Navy Admiral William McRaven—the man who oversaw the killing of Osama Bin Laden—that he wrote an op-ed telling Trump to revoke his clearance too, in solidarity with Brennan. Learn about your ad choices: dovetail.prx.org/ad-choices

A spate of hacked Instagram accounts. A $220 million lawsuit against AT&T. A bustling underground crime ring. They all have roots in an old problem that has lately found new urgency: SIM card swaps, a scam in which hackers steal your mobile identity—and use it to upend your life. At its most basic level, a SIM swap is when someone convinces your carrier to switch your phone number over to a SIM card they own. They’re not doing it for prank call cover, or to rack up long-distance charges. Learn about your ad choices: dovetail.prx.org/ad-choices

For the past week, psychologists all over America have been freaking out. The cause of their agita was an observation by a psychology graduate student from the University of Minnesota named Max Hui Bai. Like many researchers, Bai uses Amazon’s Mechanical Turk platform, where individuals sign up to complete simple tasks, such as taking surveys for academics or marketers, and earn a low fee. Learn about your ad choices: dovetail.prx.org/ad-choices

Imagine someone robs your house. The savvy culprit didn't leave behind fingerprints, shoe prints, or any other discrete, identifying details. Still, police manage to link the crime to a series of burglaries that happened the next town over, because of the criminal's behavior. Each robbery occurred in the same way, and in each case, the perpetrator stole many of the same items. Learn about your ad choices: dovetail.prx.org/ad-choices

Now in its second year, the Voting Machine Hacking Village at the DefCon security conference in Las Vegas features a new set of voting machines—all of which will actually be used in the 2018 midterm elections—for attendees to analyze and attack. But as eager attendees get to work familiarizing themselves with the devices and revealing their weaknesses, another call has emerged from the Village as well: Finding bugs is great. But you also need the money to fix them. Learn about your ad choices: dovetail.prx.org/ad-choices

Two weeks ago, Epic Games CEO Tim Sweeney confirmed that the Android version of Fortnite, largely seen as the most popular game in the world, would not be available through the Google Play Store. Instead, fans would have to install it from the web. The announcement drew heaps of attention—not least of which came from peddlers of malware. Fortnite only became broadly available on Android this week. Learn about your ad choices: dovetail.prx.org/ad-choices

If, like most people, you thought Google stopped tracking your location once you turned off Location History in your account settings, you were wrong. According to an AP investigation published Monday, even if you disable Location History, the search giant still tracks you every time you open Google Maps, get certain automatic weather updates, or search for things in your browser. There's a way to stop it—but it takes some digging. Learn about your ad choices: dovetail.prx.org/ad-choices

One way operating system developers try to protect a computers's secrets from probing hackers is with an appeal to the human at the keyboard. By giving the user a choice to “allow” or “deny” a program’s access to sensitive data or features, the operating system can create a checkpoint that halts malware while letting innocent applications through. Learn about your ad choices: dovetail.prx.org/ad-choices

It's tempting to think of fax machines as a relic, every bit as relevant as an eight-track tape. But fields like health care and government still rely on faxes every day. Even your all-in-one printer probably has a fax component. And new research shows that vulnerabilities in that very old tech could expose entire corporate networks to attack. Learn about your ad choices: dovetail.prx.org/ad-choices

An Android app has two choices for where to put its data on a device: internal storage, where it’s safe and snug, isolated by the operating system’s sandbox, and external storage, where data can move between apps but isn't as protected. Most of the time, that setup works just fine. But when developers use the latter incorrectly, they could give hackers a crucial foothold. Learn about your ad choices: dovetail.prx.org/ad-choices

It’s Black Hat and DefCon conference time again, when the world’s top security researchers descend on the den of iniquity that is Las Vegas in August and try to scare the bejeezus out of people with new research into ominous hacks. Hooray! WIRED’s been there for a few days already. Lily Hay Newman discovered that several mobile credit card readers are rife with bugs, potentially leaving you exposed. Learn about your ad choices: dovetail.prx.org/ad-choices

Security meltdowns on your smartphone are often self-inflicted: You clicked the wrong link, or installed the wrong app. But for millions of Android devices, the vulnerabilities have been baked in ahead of time, deep in the firmware, just waiting to be exploited. Who put them there? Some combination of the manufacturer that made it, and the carrier that sold it to you. Learn about your ad choices: dovetail.prx.org/ad-choices

The tiny, portable credit card readers you use to pay at farmer's markets, bake sales, and smoothie shops are convenient for consumers and merchants alike. But while more and more transactions are passing through them, devices from four of the leading companies in the space—Square, SumUp, iZettle, and PayPal—turn out to have a variety of concerning security flaws. Learn about your ad choices: dovetail.prx.org/ad-choices

Apple's supply chain is one of the most closely monitored and analyzed in the world, both because of the control the company exerts and keen interest from third parties. But there's still never a guarantee that a mass-produced product will come out of the box totally pristine. In fact, it's possible to remotely compromise a brand new Mac the first time it connects to Wi-Fi. Learn about your ad choices: dovetail.prx.org/ad-choices

At this point, it seems like every so-called consumer smart device—from routers and baby monitors to connected thermostats and garage door openers—has been shown to have vulnerabilities. But that same security crisis has also played out on a macro scale, exposing municipal works and public safety sensors to manipulation that could destabilize traffic lights, undermine radiation sensors, or even create a calamity like causing a dam to overflow because of tainted water level data. Learn about your ad choices: dovetail.prx.org/ad-choices

It’s never been easier to trade stocks; just a few taps or clicks will do the trick. But most of the platforms that millions of market participants rely on to move their money suffer from cybersecurity shortcomings, new research warns. As if stocks weren’t risky enough already. A new report from Alejandro Hernández, a security consultant at IOActive, found that nearly all of the 40 major online trading platforms he investigated had at least some form of vulnerability. Learn about your ad choices: dovetail.prx.org/ad-choices

On Saturday, as Venezuelan President Nicolas Maduro gave a speech in Caracas before a large military assemblage, drones carrying explosives approached, detonating near the stage. While Maduro was unharmed, Venezuelan information minister Jorge Rodriguez said that the attack injured seven soldiers. It's a method of assault that only a few years ago felt unthinkable, but has quickly become inevitable. Learn about your ad choices: dovetail.prx.org/ad-choices

Ankle monitors are trending these days: Movie mogul Harvey Weinstein and former Donald Trump campaign chair Paul Manafort are under the electronic tether, and last month, in the wake of outrage over immigration officials separating families at the border, US Immigration and Customs Enforcement began monitoring migrant parents electronically rather than keeping them incarcerated in detention centers. More than 35,000 immigrants have been assigned an ankle monitor GPS unit. Learn about your ad choices: dovetail.prx.org/ad-choices

You might not be shocked that this week began with big news about a coordinated misinformation campaign on Facebook. But in a twist on the usual narrative, Facebook welcomed the media reports, calling a press conference to reveal that it had removed 35 fake accounts. The rare proactive step was a clear attempt to show the media and Congress that Facebook is tackling misinformation head in the runup to the midterm elections. Learn about your ad choices: dovetail.prx.org/ad-choices

Accessing the internet isn't normally a problem when you're inside the confines of your own home—it's secure, it's easy to connect to, and it's relatively uncongested—unless the whole family is streaming Netflix on five separate devices. When you venture out though, it's a different story. Learn about your ad choices: dovetail.prx.org/ad-choices

As the threat of cyberattacks on the United States launched by foreign adversaries grows, the federal government has been slow to respond. But changes announced Tuesday at the Department of Homeland Security, along with a new bipartisan bill aimed at shoring up DHS cybersecurity initiatives, could give newfound purpose to defenses against critical infrastructure hacking. Learn about your ad choices: dovetail.prx.org/ad-choices

Reddit said in a blog post Wednesday that a hacker broke into the company's systems in June and gained access to a variety of data, including user emails, source code and internal files, and “all Reddit data from 2007 and before.” And it likely could have been avoided if some Reddit employees were using two-factor authentication apps or physical keys instead of their phone numbers. Learn about your ad choices: dovetail.prx.org/ad-choices

Voting systems in the United States are so woefully hackable, an eight-year-old could do it. At least, that’s the conceit of a competition co-sponsored by the Democratic National Committee at next week’s Def Con hacker conference in Las Vegas. The contest will include children, ages eight to 16, who will be tasked with penetrating replicas of the websites that secretaries of state across the country use to publish election results. Learn about your ad choices: dovetail.prx.org/ad-choices

The Fin7 hacking group has leeched, by at least one estimate, well over a billion dollars from companies around the world. In the United States alone, Fin7 has stolen more than 15 million credit card numbers from over 3,600 business locations. On Wednesday, the Justice Department revealed that it had arrested three alleged members of the group—and even more important, detailed how it operates. Learn about your ad choices: dovetail.prx.org/ad-choices

A belated legal scramble to stop public access to 3-D printed gun blueprints has succeeded, at least for now. Late Tuesday, a federal judge granted a temporary nationwide injunction against Defense Distributed from making its designs available online. Several hours after the ruling, Defense Distributed founder Cody Wilson has finally complied. Learn about your ad choices: dovetail.prx.org/ad-choices

For the last half decade, 3-D printed pistols and metal-milled "ghost guns" have only rarely caught the attention of lawmakers, and have barely registered in the mainstream of America's gun control debate. But now, a controversial legal settlement may have unlocked a new era of digitally fabricated, DIY guns. It's also unleashed a political backlash unlike anything seen in the five years since the first 3-D printable firearm appeared online. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook has taken down 32 fake pages and accounts that it says were involved in coordinated campaigns on both Facebook and Instagram. Though the company has not yet attributed the accounts to any group, it says the campaign does bear some resemblance to the propaganda campaign run by Russia's Internet Research Agency in the run-up to the 2016 presidential election. Facebook is now working with law enforcement to determine where the campaign originated. Learn about your ad choices: dovetail.prx.org/ad-choices

Imagine you're a human rights activist, pulling up to a border crossing. The on-duty customs agent requests that you hand over your phone and unlock it, without a warrant—an increasingly common practice for US Customs and Border Protection. Your phone holds sensitive photographs documenting abuses abroad, but the agent can't find them. At most, he might notice that you've deleted some files recently. Learn about your ad choices: dovetail.prx.org/ad-choices

Until yesterday, unless you had a family member or friend inside prison, you most likely had never heard of JPay. That’s because all of its services are directed towards people inside the nation’s prisons—and their family members. Learn about your ad choices: dovetail.prx.org/ad-choices