Security, Spoken

Cambridge Analytica, a data analysis firm that worked on President Trump's 2016 campaign, and its related company, Strategic Communications Laboratories, pilfered data on 50 million Facebook users and secretly kept it, according to two reports in The New York Times and The Guardian. The apparent misuse of Facebook data—and the social media giant's failure to police it—leave both companies with plenty still to answer for. Learn about your ad choices: dovetail.prx.org/ad-choices

For the average internet user, Wikipedia operates in the background, its 44 million entries serving as a priceless resource, rarely thought of until you need to know the capital of Azerbaijan. This week, however Wikipedia's volunteer editors and the nonprofit that makes its work possible, the Wikimedia Foundation, suddenly found themselves in the news, tasked once again with providing a ground-level truth for a platform unwilling to provide one of its own. Learn about your ad choices: dovetail.prx.org/ad-choices

When the blockbuster twin security exploits known as Meltdown and Spectre appeared in early 2018, Mozilla was among the first to respond, retroactively changing several behaviors of Firefox to help prevent them. Both attacks rely on using high-speed timing measurements to detect sensitive information, so somewhat counterintuitively, the patches had to decrease the speed of seemingly mundane computations. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook has never been particularly good at prioritizing your privacy. Your powers its business, after all. But recent revelations that a firm called Cambridge Analytica harvested the personal information of 50 million unwitting Facebook users in 2015 has created new sense of urgency for those hoping for some modicum of control over their online life. If you ever needed a wake-up call, this is it. Facebook offers a fairly robust set of tools to control who knows what about you. Learn about your ad choices: dovetail.prx.org/ad-choices

A virtual private network, that core privacy tool that encrypts your internet traffic and bounces it through a faraway server, has always presented a paradox: Sure, it helps you hide from some forms of surveillance, like your internet service provider's snooping and eavesdroppers on your local network. But it leaves you vulnerable to a different, equally powerful spy: Whoever controls the VPN server you're routing all your traffic through. Learn about your ad choices: dovetail.prx.org/ad-choices

Signing up for a Facebook account, or any free online service, comes with an implicit bargain: Use it as much as you want—check your News Feed, like a status, poke a friend—and in return, the company will collect your data, and use it to serve you ads both on Facebook and around the web. But what appears to be a simple exchange has become anything but. This is not a screed about deleting your Facebook account—although if you want to, here's how. Learn about your ad choices: dovetail.prx.org/ad-choices

Arguably the biggest news in security this week was also the strangest; a company barely a year old announced a series of AMD vulnerabilities, giving the chip company only a day or so advance notice before making the results public. And despite the hype, the bugs themselves were of questionable severity. It was almost as hard to make sense of as YouTube's decision to add Wikipedia links to controversial videos. Almost. Learn about your ad choices: dovetail.prx.org/ad-choices

Hacker Adrian Lamo died at the age of 37, according a Facebook post from his father. “With great sadness and a broken heart I have to let know all of Adrian’s friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son,” Mario Lamo wrote in a post to the 2600: The Hacker Quarterly Facebook Group. The cause of death is not yet known, but a coroner in Sedgwick County, Kansas confirmed the news to ZDNet. Learn about your ad choices: dovetail.prx.org/ad-choices

In the early morning of September 9, 2016, Bill Moore, CEO of the Austin-based walkie-talkie app company Zello, contacted the Middle East Media Research Institute. He was seeking a copy of a report MEMRI had recently published describing how ISIS members and supporters were using Zello, which allows people to send voice messages to each other in private and also public channels. Moore had learned about the findings through a Google Alert. Learn about your ad choices: dovetail.prx.org/ad-choices

In its first 14 months, the Trump administration has earned a reputation for being soft on the Kremlin, even as the extent of the chaos Russia's hackers and trolls have inflicted online becomes increasingly clear. But more recently, the White House's rhetoric towards Russia has begun to shift. And now the executive branch has not only called out the Kremlin for a broad collection of rogue actions online, but finally meted out a concrete financial punishment. Learn about your ad choices: dovetail.prx.org/ad-choices

In 1995, a bipartisan pair of senators wrote a bill to address growing concerns over minors accessing pornography on the internet. President Bill Clinton would eventually sign the Communications Decency Act in 1996, criminalizing the online transmission of “obscene or indecent” materials to anyone known to be under the age of 18. Learn about your ad choices: dovetail.prx.org/ad-choices

After the mass shooting in Parkland, Florida, in February, the top trending video on YouTube wasn’t a news clip about the tragedy but a conspiracy theory video suggesting survivor David Hogg was an actor. The video garnered 200,000 views before YouTube removed it from its platform. Until now, the company hasn’t said much about how it plans to handle the spread of that sort of misinformation moving forward. On Tuesday, however, YouTube CEO Susan Wojcicki detailed a potential solution. Learn about your ad choices: dovetail.prx.org/ad-choices

There’s no such thing as the US criminal justice system. There are, instead, thousands of counties across the country, each with their own systems, made up of a diffuse network of sheriffs, court clerks, prosecutors, public defenders, and jail officials who all enforce the rules around who does and doesn’t end up behind bars. Learn about your ad choices: dovetail.prx.org/ad-choices

When the Spectre and Meltdown vulnerabilities were revealed in millions of processors earlier this year, those deep-seated vulnerabilities rattled practically the entire computer industry. Now a group of Israeli researchers is outlining a new set of chip-focused vulnerabilities that, if confirmed, would represent another collection of flaws at the core of computer hardware, this time in a processor architecture designed by AMD. Learn about your ad choices: dovetail.prx.org/ad-choices

Distributed denial of service attacks, in which hackers use a targeted hose of junk traffic to overwhelm a service or take a server offline, have been a digital menace for decades. But in just the last 18 months, the public picture of DDoS defense has evolved rapidly. In fall 2016, a rash of then-unprecedented attacks caused internet outages and other service disruptions at a series of internet infrastructure and telecom companies around the world. Learn about your ad choices: dovetail.prx.org/ad-choices

Routers, both the big corporate kind and the small one gathering dust in the corner of your home, have long made an attractive target for hackers. They're always on and connected, often full of unpatched security vulnerabilities, and offer a convenient chokepoint for eavesdropping on all the data you pipe out to the internet. Learn about your ad choices: dovetail.prx.org/ad-choices

Of all of the tech platforms that Russian trolls infiltrated during the run-up to the 2016 election in the United States, Reddit has been among the least forthcoming. Learn about your ad choices: dovetail.prx.org/ad-choices

In privacy-focused, anti-establishment corners of the internet, going open source can earn you a certain amount of street cred. It signals that you not only have nothing to hide, but also welcome the rest of the world to help make your project better. For Ghostery though, the company that makes Edward Snowden’s recommended ad blocker, publishing all its code on GitHub Thursday also means clearing up some confusion about its past. Learn about your ad choices: dovetail.prx.org/ad-choices

For anyone who has watched the last few years of cat-and-mouse games on the dark web's black markets, the pattern is familiar: A contraband bazaar like the Silk Road attracts thousands of drug dealers and their customers, along with intense scrutiny from police and three-letter agencies. Authorities hunt down its administrators, and tear the site offline in a dramatic takedown—only to find that its buyers and sellers have simply migrated to the next dark-web market on their list. Learn about your ad choices: dovetail.prx.org/ad-choices

An elite Russian hacking team, a historic ransomware attack, an espionage group in the Middle East, and countless small time cryptojackers all have one thing in common. Though their methods and objectives vary, they all lean on leaked NSA hacking tool EternalBlue to infiltrate target computers and spread malware across networks. Leaked to the public not quite a year ago, EternalBlue has joined a long line of reliable hacker favorites. Learn about your ad choices: dovetail.prx.org/ad-choices

When the still-unidentified group calling itself the Shadow Brokers spilled a collection of NSA tools onto the internet in a series of leaks starting in 2016, they offered a rare glimpse into the internal operations of the the world's most advanced and stealthy hackers. But those leaks haven't just let the outside world see into the NSA's secret capabilities. They might also let us see the rest of the world's hackers through the NSA's eyes. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, the Supreme Court heard oral argument in United States v. Microsoft, a case that many observers believe could have significant ramifications for how cloud computing and other technology companies interact with the US government. If it were up to the justices themselves, however, those implications would end up being short-lived. Learn about your ad choices: dovetail.prx.org/ad-choices

Uber faces more potential legal consequences for waiting to make public a major hack until a over a year after it happened. The Pennsylvania Attorney General filed a lawsuit against Uber Monday for violating the state's data breach notification law, which says hacks should be disclosed within a "reasonable" time frame. Uber didn't merely keep quiet about the massive breach; it reportedly paid a $100,000 ransom to the perpetrators in exchange for their silence. Learn about your ad choices: dovetail.prx.org/ad-choices

It was a wild west week in security, as GitHub succeeded in surviving the biggest DDoS attack ever (1.35 terabits per second!) and analysts scrutinized the "false flag" techniques Russian hackers have used in their attacks to shift blame and throw off investigators. Researchers found an unexpected method for executing phishing attacks against some "unphishable" Yubikey two-factor authentication tokens. (Not the one included in WIRED's subscription package. Learn about your ad choices: dovetail.prx.org/ad-choices

For more than a year, Jonathan Albright has served as something of a one-man General Accounting Office for the tech industry. The researcher at Columbia University's Tow Center for Digital Journalism has dug into the details on how political Twitter trolls manipulate the media, and unearthed an intricate web of conspiracy theory videos on YouTube. Last weekend, while digging through Facebook’s testimony to the Senate Judiciary Committee from last fall, something else caught his eye. Learn about your ad choices: dovetail.prx.org/ad-choices

Yes, websites track your behavior online. But some go much further than what you'd reasonably expect, using so-called session replays to create a detailed log of everything you do and type on a site. And new research shows that in some cases these movie-like recordings are even storing your passwords. Bulk data collection is always a privacy red flag. Learn about your ad choices: dovetail.prx.org/ad-choices

There's no better way to protect yourself from the universal scourge of phishing attacks than with a hardware token like a Yubikey, which stymies attackers even if you accidentally hand them your username and password. But while Yubikey manufacturer Yubico describes its product as "unphishable," a pair of researchers has proven the company wrong, with a technique that allows clever phishers to sidestep even Yubico's last bastion of login protection. Learn about your ad choices: dovetail.prx.org/ad-choices

On Wednesday, at about 12:15pm ET, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required. GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Learn about your ad choices: dovetail.prx.org/ad-choices

Learn about your ad choices: dovetail.prx.org/ad-choices

Five years ago, US law enforcement served Microsoft a search warrant for emails as part of a US drug trafficking investigation. In response, Microsoft handed over data stored on American servers, like the person’s address book. But it didn’t give the government the actual content of the individual’s emails, because they were stored at a Microsoft data center in Dublin, Ireland, where the subject said he lived when he signed up for his Outlook account. Learn about your ad choices: dovetail.prx.org/ad-choices

Three weeks ago, House Republicans publicly released a much-hyped memo written by representative Devin Nunes of California. It alleged, through a series of allusions, tangential facts, and seeming misdirections, that law enforcement officials had abused their power in obtaining a surveillance warrant against former Trump campaign advisor Carter Page. Now, in a 10-page memo of their own, House Democrats are attempting to set the record straight. Learn about your ad choices: dovetail.prx.org/ad-choices

When an Oregon science fiction writer named Charity tried to log onto Facebook on February 11, she found herself completely locked out of her account. A message appeared saying she needed to download Facebook’s malware scanner if she wanted to get back in. Charity couldn’t use Facebook until she completed the scan, but the file the company provided was for a Windows device—Charity uses a Mac. Learn about your ad choices: dovetail.prx.org/ad-choices

Today’s guilty plea by Rick Gates might be one of the least surprising developments in the Mueller investigation: It had been clear that the former Trump campaign aide would likely seek a deal almost since the day Gates and his business partner and former Trump campaign chairman Paul Manafort were indicted in October, and we’ve seen reports for weeks that negotiations between Mueller and Gates have been underway. Learn about your ad choices: dovetail.prx.org/ad-choices

Robert Mueller's indictment of Russia's Internet Research Agency—also known as the "troll factory"—feels like years ago at this point. It's only been a week! And we took a deep dive into what it really says about Russia's propaganda efforts during the 2016 presidential campaign and beyond. Trump campaign advisor Rick Gates has also copped a plea deal with Mueller's team—which could have big implications for the investigation going forward. Learn about your ad choices: dovetail.prx.org/ad-choices

v. Swiping computer processing power through a web browser to illicitly mint cryptocurrency. People who streamed the TV drama Billions last fall may have been hit by some real-life financial chica­nery. While they watched, a rogue script on the Showtime website directed their PCs to engage in “mining” operations for a bitcoin-like digital currency. Doing currency mining on your own machine is perfectly legit. Learn about your ad choices: dovetail.prx.org/ad-choices

It's almost Tax Day, which also means it's peak tax fraud season. The Internal Revenue Service has played some epic games of cat-and-mouse with phone and online scammers over the past 10 years, but the latest scamming trend for 2018 has a particularly devious twist. Here's how it works: Attackers use a taxpayer's stolen identity information to fraudulently file their returns for a refund. They allow that refund to direct deposit into the victim's actual bank account. Then the real fun starts. Learn about your ad choices: dovetail.prx.org/ad-choices

Passports, like any physical ID, can be altered and forged. That's partly why for the last 11 years the United States has put RFID chips in the back panel of its passports, creating so-called e-Passports. The chip stores your passport information—like name, date of birth, passport number, your photo, and even a biometric identifier—for quick, machine-readable border checks. Learn about your ad choices: dovetail.prx.org/ad-choices

It was the day of the biker rally, the Sunday of Memorial Day weekend 2016, when thousands of motorcyclists descend in a cacophonous blitz on Washington, DC, for the annual Rolling Thunder rally. Soon-to-be Republican presidential nominee Donald Trump, wearing a blazer sans tie but with a red MAGA hat firmly ensconced on his head, worked the crowd around the Lincoln Memorial. “Look at all these bikers,” he said. “Do we love the bikers? Yes. We love the bikers. Learn about your ad choices: dovetail.prx.org/ad-choices

In the four or so years since it launched, end-to-end encrypted messaging app Signal has become the security community's gold standard for surveillance-resistant communications. Its creators have built an encryption protocol that companies from WhatsApp to Facebook Messenger to Skype have all added to their own products to offer truly private conversations to billions of people. Learn about your ad choices: dovetail.prx.org/ad-choices

It's been nearly eight months since the malware known as NotPetya tore through the internet, rippling out from Ukraine to paralyze companies and government agencies around the world. On Thursday, the White House finally acknowledged that attack. And in a reversal of its often seemingly willful blindness to the threat of Russian hacking, it has called out the Kremlin as NotPetya's creator. Learn about your ad choices: dovetail.prx.org/ad-choices

Special counsel Robert Mueller’s indictment against Russia’s Internet Research Agency contains a number of striking moments, from the inflammatory ads bought by the so-called “troll factory” to the rampant identity theft against US citizens. But what stands out most may be the reminder that for Russia, subverting the foundations of US democracy was just another 9 to 5. Learn about your ad choices: dovetail.prx.org/ad-choices

North Korea's most prolific hacking group, broadly known within the security community under the name Lazarus, has over the last half-decade proven itself one of the world's most internationally aggressive teams of intruders. It has pulled off audacious attacks around the globe, from leaking and destroying Sony Pictures' data to siphoning of tens of millions of dollars from banks in Poland and Bangladesh. Learn about your ad choices: dovetail.prx.org/ad-choices

Each new breaking news situation is an opportunity for trolls to grab attention, provoke emotions, and spread propaganda. The Russian government knows this. Fake-news manufacturing teenagers in Macedonia know this. Twitter bot creators know this. And thanks to data-gathering operations from groups like the Alliance for Securing Democracy and RoBhat Labs, the world knows this. Learn about your ad choices: dovetail.prx.org/ad-choices

For some time, there has been a conflation of issues—the hacking and leaking of illegally obtained information versus propaganda and disinformation; cyber-security issues and the hacking of elections systems versus information operations and information warfare; paid advertising versus coercive messaging or psychological operations—when discussing “Russian meddling” in the 2016 US elections. Learn about your ad choices: dovetail.prx.org/ad-choices

Facebook has always nudged truant users back to its platform though emails and notifications. But recently, those prods have evolved beyond comments related to activity on your own profile. Now Facebook will nag you when an acquaintance comments on someone else’s photo, or when a distant family member updates their status. The spamming has even extended to those who sign up for two-factor authentication—which is a great way to turn people off to that extra layer of security. Learn about your ad choices: dovetail.prx.org/ad-choices

For anyone getting their geopolitical news from the Olympics alone, North Korea might seem practically charismatic. Its combined hockey team with South Korea has become a global symbol of dictator Kim Jong Un's call for improved relations with the South. Kim's sister has led a Pyeongchang charm offensive. And its Stepford cheerleaders—well, some people seem to not be entirely creeped out by them. Learn about your ad choices: dovetail.prx.org/ad-choices

This week, reports have percolated that Facebook is testing a new menu item, called "Protect," in its iOS app. The feature sports a blue shield icon, and tapping it redirects you to the App Store listing for Facebook-owned VPN app Onavo Protect. But while Onavo does claim to offer some tools that make the web safer, in practice it falls far short of the privacy protections that VPN users reasonably expect. Learn about your ad choices: dovetail.prx.org/ad-choices

Facial recognition and machine learning programs have officially been democratized, and of course the internet is using the tech to make porn. As first reported by Motherboard, people are now creating AI-assisted face-swap porn, often featuring a celebrity's face mapped onto a porn star's body, like Gal Gadot's likeness in a clip where she's supposedly sleeping with her stepbrother. Learn about your ad choices: dovetail.prx.org/ad-choices

The rise of cryptojacking—which co-opts your PC or mobile device to illicitly mine cryptocurrency when you visit an infected site—has fueled mining's increasing appeal. But as attackers have expanded their tools to slyly outsource the number of devices, processing power, and electricity powering their mining operations, they've moved beyond the browser in potentially dangerous ways. Learn about your ad choices: dovetail.prx.org/ad-choices

On Tuesday, the heads of the NSA, CIA, FBI, and ODNI—America's intelligence community brain trust—gathered before members of the Senate Select Committee on Intelligence to discuss various worldwide threats. And while most of the topics were familiar, the hearing also included a few revelatory moments, insights into fears that were either detailed or confirmed. Learn about your ad choices: dovetail.prx.org/ad-choices