Security News This Week: Even CIA and NSA Use Ad Blockers to Stay Safe Online
All that was old was new this week as ransomware returned to the headlines, hitting a crucial Iowa grain co-op, among other targets. And WIRED caught up with DeSnake, former number two in the dark web market AlphaBay, to hear about its re-emergence and relaunch of AlphaBay four years after its removal by law enforcement. “The AlphaBay name was frowned upon after the raids. I’m here to make amends,” DeSnake said.
The Groundhog Day vibe continued with the annual release of Apple’s latest mobile operating system, iOS 15. The new operating system comes with plenty of privacy features, including more details. detailed information on what your apps are doing, a mechanism to block email trackers, and some sort of VPN-Tor Frankenstein monster called iCloud Private Relay that protects your browsing activity. Use WIRED’s How To Guide to get up to speed and start changing some settings.
And if you want a DIY project that’s unrelated to a tech firm’s walled garden, we’ve got some tips on how to set up your own network attached storage (NAS) that plugs right into your router and you gives a place to share files between your devices or easily store backups.
And there’s more ! Each week, we put together all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.
A letter to Congress shared with Motherboard shows that the United States National Security Agency, the Central Intelligence Agency and other members of the intelligence community are using ad blockers on their networks as security protection. “IC has implemented network-based ad blocking technologies and uses information from multiple layers, including domain name system information, to block unwanted and malicious ad content,” wrote IC’s chief information officer in the letter.
You can use an ad blocker to make your browsing experience more enjoyable, but the tools have potential defense benefits as well. Attackers who attempt to serve malicious ads on unscrupulous ad networks or tamper with seemingly legitimate ads can steal data or introduce malware to your device if you click, or sometimes by exploiting web vulnerabilities. The fact that IC sees ads as an unnecessary risk and even a threat speaks to long-standing issues with the industry. The NSA and the Cybersecurity and Infrastructure Security Agency have issued public guidelines in recent years advising the use of ad blockers as security protection, but the CI itself was not required to adopt the measure. Its members have voluntarily deployed ad blockers.
The security division of Russian telecommunications giant Rostelecom removed part of a notorious botnet this week, thanks to a flaw introduced by the developers of the malicious platform. The error allowed Rostelecom to “sink” part of the system. A botnet is a zombie army of malware infected devices to centrally control coordinated operations. The platforms are often used for DDoS attacks, in which actors direct a fire of unwanted traffic to a target’s web systems in an attempt to overload them.
The Meris botnet is currently the largest botnet available to cybercriminals and is believed to be made up of around 250,000 systems operating collectively. It has been used against targets in Russia, the United States, and the United Kingdom, among others. Rostelecom’s partial withdrawal is important, as Meris attacks are powerful and difficult for targets to fight. Earlier this month, a Meris attack on Russian tech giant Yandex broke the record for the largest volumetric DDoS attack on record. Yandex managed to defend against the assault.
European law enforcement agencies in Italy and Spain have arrested 106 people on suspicion of carrying out a massive fraud campaign over many years, with profits totaling more than $ 11.7 million in the last year alone . And police said this week that the individuals involved had links to an Italian mafia group. The suspects are said to have carried out phishing schemes, carried out business email scams, launched SIM swap attacks and generally carried out credit card fraud against hundreds of victims. The activity was also reportedly linked to drug trafficking and other property crimes. To actually extract funds from these digital scams, the suspects allegedly laundered stolen money through a system of cash mules and shell companies. In addition to the arrests, law enforcement froze 118 bank accounts and seized computers, SIM cards, 224 credit cards and an entire cannabis plantation in connection with the bust.
More great WIRED stories