in

How China Hacked US Phone Networks

How do you to smuggle information into the USSR under the nose of the KGB? Create your own encryption system, of course. That’s exactly what saxophonist and music teacher Merryl Goldberg did in the 1980s. This week, Goldberg revealed that she used musical notation to hide activists’ names and addresses and meeting details during meetings. a rare trip to the Soviet Union. To do this, it concocted its own encryption system. Each musical note and marking represented letters of the alphabet and helped conceal sensitive information. When Soviet officers inspected the documents, no suspicions were raised.

Goldberg’s story was told at the RSA conference in San Francisco this week, where WIRED’s Lily Newman dug up stories. Also out of RSA: a warning that as ransomware becomes less profitable, attackers may turn to business email compromise (BEC) scams to make money; BEC attacks are already very profitable.

Also this week, dark web marketplace AlphaBay is about to complete its journey back to the top of the online underworld. The original AlphaBay site, which contains more than 350,000 product listings, ranging from drugs to cybercrime services, was purged from the dark web in July 2017 as part of a massive law enforcement operation. However, AlphaBay’s second-in-command, an actor named DeSnake, survived the law enforcement operation and relaunched the site last year. Now, AlphaBay is growing rapidly and is poised to regain its dominant position in the dark web market.

Elsewhere, Apple held its annual Worldwide Developers Conference this week and unveiled iOS 16, macOS Ventura and a few new MacBooks. The Gear team at WIRED has you covered on everything Apple announced at WWDC. However, there are two new security features worth mentioning: Apple is replacing passwords with new cryptographic passwords and introducing a Security Checks feature to help people in abusive relationships. Database company MongoDB also hosted its own event this week, and while it may not have been as high-profile as WWDC, MongoDB’s new queryable encryption tool may be a key defense against corruption. data leak prevention.

Also this week, we reported a Tesla flaw that allows anyone to create their own NFC car key. New research from the Mozilla Foundation has revealed that misinformation and hate speech are flooding TikTok ahead of Kenya’s elections, which take place in early August. Elon Musk reportedly had access to Twitter’s “fire hose”, which raises privacy concerns. And we dove into the shocking new evidence televised by the House committee on January 6.

But that’s not all, friends. Every week, we round up the big security and privacy news that we haven’t covered ourselves. Click on the links for the full stories and stay safe there.

Over the past two years, state-sponsored hackers working on behalf of the Chinese government have targeted dozens of communications technologies, ranging from home routers to large telecommunications networks. That’s according to the NSA, FBI and Cybersecurity and Infrastructure Security Agency (CISA), which this week issued a security advisory detailing the “widespread” hack.

Since 2020, Chinese-backed actors have been exploiting publicly known software flaws in hardware and integrating compromised devices into their own attack infrastructure. According to US agencies, the attacks usually had five stages. Chinese hackers are reportedly using publicly available tools to scan for network vulnerabilities. They would then gain initial access through online services, gain access to system login credentials, gain access to routers, and copy network traffic, before eventually “exfiltrating” victim data.

#China #Hacked #Phone #Networks